1 // SPDX-License-Identifier: (GPL-2.0 OR MPL-1.1)
4 * Functions that talk to the USB variant of the Intersil hfa384x MAC
6 * Copyright (C) 1999 AbsoluteValue Systems, Inc. All Rights Reserved.
7 * --------------------------------------------------------------------
11 * --------------------------------------------------------------------
13 * Inquiries regarding the linux-wlan Open Source project can be
16 * AbsoluteValue Systems Inc.
18 * http://www.linux-wlan.com
20 * --------------------------------------------------------------------
22 * Portions of the development of this software were funded by
23 * Intersil Corporation as part of PRISM(R) chipset product development.
25 * --------------------------------------------------------------------
27 * This file implements functions that correspond to the prism2/hfa384x
28 * 802.11 MAC hardware and firmware host interface.
30 * The functions can be considered to represent several levels of
31 * abstraction. The lowest level functions are simply C-callable wrappers
32 * around the register accesses. The next higher level represents C-callable
33 * prism2 API functions that match the Intersil documentation as closely
34 * as is reasonable. The next higher layer implements common sequences
35 * of invocations of the API layer (e.g. write to bap, followed by cmd).
38 * hfa384x_drvr_xxx Highest level abstractions provided by the
39 * hfa384x code. They are driver defined wrappers
40 * for common sequences. These functions generally
41 * use the services of the lower levels.
43 * hfa384x_drvr_xxxconfig An example of the drvr level abstraction. These
44 * functions are wrappers for the RID get/set
45 * sequence. They call copy_[to|from]_bap() and
46 * cmd_access(). These functions operate on the
47 * RIDs and buffers without validation. The caller
48 * is responsible for that.
50 * API wrapper functions:
51 * hfa384x_cmd_xxx functions that provide access to the f/w commands.
52 * The function arguments correspond to each command
53 * argument, even command arguments that get packed
54 * into single registers. These functions _just_
55 * issue the command by setting the cmd/parm regs
56 * & reading the status/resp regs. Additional
57 * activities required to fully use a command
58 * (read/write from/to bap, get/set int status etc.)
59 * are implemented separately. Think of these as
60 * C-callable prism2 commands.
62 * Lowest Layer Functions:
63 * hfa384x_docmd_xxx These functions implement the sequence required
64 * to issue any prism2 command. Primarily used by the
65 * hfa384x_cmd_xxx functions.
67 * hfa384x_bap_xxx BAP read/write access functions.
68 * Note: we usually use BAP0 for non-interrupt context
69 * and BAP1 for interrupt context.
71 * hfa384x_dl_xxx download related functions.
73 * Driver State Issues:
74 * Note that there are two pairs of functions that manage the
75 * 'initialized' and 'running' states of the hw/MAC combo. The four
76 * functions are create(), destroy(), start(), and stop(). create()
77 * sets up the data structures required to support the hfa384x_*
78 * functions and destroy() cleans them up. The start() function gets
79 * the actual hardware running and enables the interrupts. The stop()
80 * function shuts the hardware down. The sequence should be:
84 * . Do interesting things w/ the hardware
89 * Note that destroy() can be called without calling stop() first.
90 * --------------------------------------------------------------------
93 #include <linux/module.h>
94 #include <linux/kernel.h>
95 #include <linux/sched.h>
96 #include <linux/types.h>
97 #include <linux/slab.h>
98 #include <linux/wireless.h>
99 #include <linux/netdevice.h>
100 #include <linux/timer.h>
101 #include <linux/io.h>
102 #include <linux/delay.h>
103 #include <asm/byteorder.h>
104 #include <linux/bitops.h>
105 #include <linux/list.h>
106 #include <linux/usb.h>
107 #include <linux/byteorder/generic.h>
109 #include "p80211types.h"
110 #include "p80211hdr.h"
111 #include "p80211mgmt.h"
112 #include "p80211conv.h"
113 #include "p80211msg.h"
114 #include "p80211netdev.h"
115 #include "p80211req.h"
116 #include "p80211metadef.h"
117 #include "p80211metastruct.h"
119 #include "prism2mgmt.h"
126 #define THROTTLE_JIFFIES (HZ / 8)
127 #define URB_ASYNC_UNLINK 0
128 #define USB_QUEUE_BULK 0
130 #define ROUNDUP64(a) (((a) + 63) & ~63)
133 static void dbprint_urb(struct urb *urb);
136 static void hfa384x_int_rxmonitor(struct wlandevice *wlandev,
137 struct hfa384x_usb_rxfrm *rxfrm);
139 static void hfa384x_usb_defer(struct work_struct *data);
141 static int submit_rx_urb(struct hfa384x *hw, gfp_t flags);
143 static int submit_tx_urb(struct hfa384x *hw, struct urb *tx_urb, gfp_t flags);
145 /*---------------------------------------------------*/
147 static void hfa384x_usbout_callback(struct urb *urb);
148 static void hfa384x_ctlxout_callback(struct urb *urb);
149 static void hfa384x_usbin_callback(struct urb *urb);
152 hfa384x_usbin_txcompl(struct wlandevice *wlandev, union hfa384x_usbin *usbin);
154 static void hfa384x_usbin_rx(struct wlandevice *wlandev, struct sk_buff *skb);
156 static void hfa384x_usbin_info(struct wlandevice *wlandev,
157 union hfa384x_usbin *usbin);
159 static void hfa384x_usbin_ctlx(struct hfa384x *hw, union hfa384x_usbin *usbin,
162 /*---------------------------------------------------*/
163 /* Functions to support the prism2 usb command queue */
165 static void hfa384x_usbctlxq_run(struct hfa384x *hw);
167 static void hfa384x_usbctlx_reqtimerfn(struct timer_list *t);
169 static void hfa384x_usbctlx_resptimerfn(struct timer_list *t);
171 static void hfa384x_usb_throttlefn(struct timer_list *t);
173 static void hfa384x_usbctlx_completion_task(struct work_struct *work);
175 static void hfa384x_usbctlx_reaper_task(struct work_struct *work);
177 static int hfa384x_usbctlx_submit(struct hfa384x *hw,
178 struct hfa384x_usbctlx *ctlx);
180 static void unlocked_usbctlx_complete(struct hfa384x *hw,
181 struct hfa384x_usbctlx *ctlx);
183 struct usbctlx_completor {
184 int (*complete)(struct usbctlx_completor *completor);
188 hfa384x_usbctlx_complete_sync(struct hfa384x *hw,
189 struct hfa384x_usbctlx *ctlx,
190 struct usbctlx_completor *completor);
193 unlocked_usbctlx_cancel_async(struct hfa384x *hw, struct hfa384x_usbctlx *ctlx);
195 static void hfa384x_cb_status(struct hfa384x *hw,
196 const struct hfa384x_usbctlx *ctlx);
199 usbctlx_get_status(const struct hfa384x_usb_statusresp *cmdresp,
200 struct hfa384x_cmdresult *result);
203 usbctlx_get_rridresult(const struct hfa384x_usb_rridresp *rridresp,
204 struct hfa384x_rridresult *result);
206 /*---------------------------------------------------*/
207 /* Low level req/resp CTLX formatters and submitters */
209 hfa384x_docmd(struct hfa384x *hw,
210 struct hfa384x_metacmd *cmd);
213 hfa384x_dorrid(struct hfa384x *hw,
217 unsigned int riddatalen,
218 ctlx_cmdcb_t cmdcb, ctlx_usercb_t usercb, void *usercb_data);
221 hfa384x_dowrid(struct hfa384x *hw,
225 unsigned int riddatalen,
226 ctlx_cmdcb_t cmdcb, ctlx_usercb_t usercb, void *usercb_data);
229 hfa384x_dormem(struct hfa384x *hw,
236 hfa384x_dowmem(struct hfa384x *hw,
242 static int hfa384x_isgood_pdrcode(u16 pdrcode);
244 static inline const char *ctlxstr(enum ctlx_state s)
246 static const char * const ctlx_str[] = {
251 "Request packet submitted",
252 "Request packet completed",
253 "Response packet completed"
259 static inline struct hfa384x_usbctlx *get_active_ctlx(struct hfa384x *hw)
261 return list_entry(hw->ctlxq.active.next, struct hfa384x_usbctlx, list);
265 void dbprint_urb(struct urb *urb)
267 pr_debug("urb->pipe=0x%08x\n", urb->pipe);
268 pr_debug("urb->status=0x%08x\n", urb->status);
269 pr_debug("urb->transfer_flags=0x%08x\n", urb->transfer_flags);
270 pr_debug("urb->transfer_buffer=0x%08x\n",
271 (unsigned int)urb->transfer_buffer);
272 pr_debug("urb->transfer_buffer_length=0x%08x\n",
273 urb->transfer_buffer_length);
274 pr_debug("urb->actual_length=0x%08x\n", urb->actual_length);
275 pr_debug("urb->setup_packet(ctl)=0x%08x\n",
276 (unsigned int)urb->setup_packet);
277 pr_debug("urb->start_frame(iso/irq)=0x%08x\n", urb->start_frame);
278 pr_debug("urb->interval(irq)=0x%08x\n", urb->interval);
279 pr_debug("urb->error_count(iso)=0x%08x\n", urb->error_count);
280 pr_debug("urb->context=0x%08x\n", (unsigned int)urb->context);
281 pr_debug("urb->complete=0x%08x\n", (unsigned int)urb->complete);
285 /*----------------------------------------------------------------
288 * Listen for input data on the BULK-IN pipe. If the pipe has
289 * stalled then schedule it to be reset.
293 * memflags memory allocation flags
296 * error code from submission
300 *----------------------------------------------------------------
302 static int submit_rx_urb(struct hfa384x *hw, gfp_t memflags)
307 skb = dev_alloc_skb(sizeof(union hfa384x_usbin));
313 /* Post the IN urb */
314 usb_fill_bulk_urb(&hw->rx_urb, hw->usb,
316 skb->data, sizeof(union hfa384x_usbin),
317 hfa384x_usbin_callback, hw->wlandev);
319 hw->rx_urb_skb = skb;
322 if (!hw->wlandev->hwremoved &&
323 !test_bit(WORK_RX_HALT, &hw->usb_flags)) {
324 result = usb_submit_urb(&hw->rx_urb, memflags);
326 /* Check whether we need to reset the RX pipe */
327 if (result == -EPIPE) {
328 netdev_warn(hw->wlandev->netdev,
329 "%s rx pipe stalled: requesting reset\n",
330 hw->wlandev->netdev->name);
331 if (!test_and_set_bit(WORK_RX_HALT, &hw->usb_flags))
332 schedule_work(&hw->usb_work);
336 /* Don't leak memory if anything should go wrong */
339 hw->rx_urb_skb = NULL;
346 /*----------------------------------------------------------------
349 * Prepares and submits the URB of transmitted data. If the
350 * submission fails then it will schedule the output pipe to
355 * tx_urb URB of data for transmission
356 * memflags memory allocation flags
359 * error code from submission
363 *----------------------------------------------------------------
365 static int submit_tx_urb(struct hfa384x *hw, struct urb *tx_urb, gfp_t memflags)
367 struct net_device *netdev = hw->wlandev->netdev;
371 if (netif_running(netdev)) {
372 if (!hw->wlandev->hwremoved &&
373 !test_bit(WORK_TX_HALT, &hw->usb_flags)) {
374 result = usb_submit_urb(tx_urb, memflags);
376 /* Test whether we need to reset the TX pipe */
377 if (result == -EPIPE) {
378 netdev_warn(hw->wlandev->netdev,
379 "%s tx pipe stalled: requesting reset\n",
381 set_bit(WORK_TX_HALT, &hw->usb_flags);
382 schedule_work(&hw->usb_work);
383 } else if (result == 0) {
384 netif_stop_queue(netdev);
392 /*----------------------------------------------------------------
395 * There are some things that the USB stack cannot do while
396 * in interrupt context, so we arrange this function to run
397 * in process context.
400 * hw device structure
406 * process (by design)
407 *----------------------------------------------------------------
409 static void hfa384x_usb_defer(struct work_struct *data)
411 struct hfa384x *hw = container_of(data, struct hfa384x, usb_work);
412 struct net_device *netdev = hw->wlandev->netdev;
414 /* Don't bother trying to reset anything if the plug
415 * has been pulled ...
417 if (hw->wlandev->hwremoved)
420 /* Reception has stopped: try to reset the input pipe */
421 if (test_bit(WORK_RX_HALT, &hw->usb_flags)) {
424 usb_kill_urb(&hw->rx_urb); /* Cannot be holding spinlock! */
426 ret = usb_clear_halt(hw->usb, hw->endp_in);
428 netdev_err(hw->wlandev->netdev,
429 "Failed to clear rx pipe for %s: err=%d\n",
432 netdev_info(hw->wlandev->netdev, "%s rx pipe reset complete.\n",
434 clear_bit(WORK_RX_HALT, &hw->usb_flags);
435 set_bit(WORK_RX_RESUME, &hw->usb_flags);
439 /* Resume receiving data back from the device. */
440 if (test_bit(WORK_RX_RESUME, &hw->usb_flags)) {
443 ret = submit_rx_urb(hw, GFP_KERNEL);
445 netdev_err(hw->wlandev->netdev,
446 "Failed to resume %s rx pipe.\n",
449 clear_bit(WORK_RX_RESUME, &hw->usb_flags);
453 /* Transmission has stopped: try to reset the output pipe */
454 if (test_bit(WORK_TX_HALT, &hw->usb_flags)) {
457 usb_kill_urb(&hw->tx_urb);
458 ret = usb_clear_halt(hw->usb, hw->endp_out);
460 netdev_err(hw->wlandev->netdev,
461 "Failed to clear tx pipe for %s: err=%d\n",
464 netdev_info(hw->wlandev->netdev, "%s tx pipe reset complete.\n",
466 clear_bit(WORK_TX_HALT, &hw->usb_flags);
467 set_bit(WORK_TX_RESUME, &hw->usb_flags);
469 /* Stopping the BULK-OUT pipe also blocked
470 * us from sending any more CTLX URBs, so
471 * we need to re-run our queue ...
473 hfa384x_usbctlxq_run(hw);
477 /* Resume transmitting. */
478 if (test_and_clear_bit(WORK_TX_RESUME, &hw->usb_flags))
479 netif_wake_queue(hw->wlandev->netdev);
482 /*----------------------------------------------------------------
485 * Sets up the struct hfa384x data structure for use. Note this
486 * does _not_ initialize the actual hardware, just the data structures
487 * we use to keep track of its state.
490 * hw device structure
491 * irq device irq number
492 * iobase i/o base address for register access
493 * membase memory base address for register access
502 *----------------------------------------------------------------
504 void hfa384x_create(struct hfa384x *hw, struct usb_device *usb)
508 /* Set up the waitq */
509 init_waitqueue_head(&hw->cmdq);
511 /* Initialize the command queue */
512 spin_lock_init(&hw->ctlxq.lock);
513 INIT_LIST_HEAD(&hw->ctlxq.pending);
514 INIT_LIST_HEAD(&hw->ctlxq.active);
515 INIT_LIST_HEAD(&hw->ctlxq.completing);
516 INIT_LIST_HEAD(&hw->ctlxq.reapable);
518 /* Initialize the authentication queue */
519 skb_queue_head_init(&hw->authq);
521 INIT_WORK(&hw->reaper_bh, hfa384x_usbctlx_reaper_task);
522 INIT_WORK(&hw->completion_bh, hfa384x_usbctlx_completion_task);
523 INIT_WORK(&hw->link_bh, prism2sta_processing_defer);
524 INIT_WORK(&hw->usb_work, hfa384x_usb_defer);
526 timer_setup(&hw->throttle, hfa384x_usb_throttlefn, 0);
528 timer_setup(&hw->resptimer, hfa384x_usbctlx_resptimerfn, 0);
530 timer_setup(&hw->reqtimer, hfa384x_usbctlx_reqtimerfn, 0);
532 usb_init_urb(&hw->rx_urb);
533 usb_init_urb(&hw->tx_urb);
534 usb_init_urb(&hw->ctlx_urb);
536 hw->link_status = HFA384x_LINK_NOTCONNECTED;
537 hw->state = HFA384x_STATE_INIT;
539 INIT_WORK(&hw->commsqual_bh, prism2sta_commsqual_defer);
540 timer_setup(&hw->commsqual_timer, prism2sta_commsqual_timer, 0);
543 /*----------------------------------------------------------------
546 * Partner to hfa384x_create(). This function cleans up the hw
547 * structure so that it can be freed by the caller using a simple
548 * kfree. Currently, this function is just a placeholder. If, at some
549 * point in the future, an hw in the 'shutdown' state requires a 'deep'
550 * kfree, this is where it should be done. Note that if this function
551 * is called on a _running_ hw structure, the drvr_stop() function is
555 * hw device structure
558 * nothing, this function is not allowed to fail.
564 *----------------------------------------------------------------
566 void hfa384x_destroy(struct hfa384x *hw)
570 if (hw->state == HFA384x_STATE_RUNNING)
571 hfa384x_drvr_stop(hw);
572 hw->state = HFA384x_STATE_PREINIT;
574 kfree(hw->scanresults);
575 hw->scanresults = NULL;
577 /* Now to clean out the auth queue */
578 while ((skb = skb_dequeue(&hw->authq)))
582 static struct hfa384x_usbctlx *usbctlx_alloc(void)
584 struct hfa384x_usbctlx *ctlx;
586 ctlx = kzalloc(sizeof(*ctlx),
587 in_interrupt() ? GFP_ATOMIC : GFP_KERNEL);
589 init_completion(&ctlx->done);
595 usbctlx_get_status(const struct hfa384x_usb_statusresp *cmdresp,
596 struct hfa384x_cmdresult *result)
598 result->status = le16_to_cpu(cmdresp->status);
599 result->resp0 = le16_to_cpu(cmdresp->resp0);
600 result->resp1 = le16_to_cpu(cmdresp->resp1);
601 result->resp2 = le16_to_cpu(cmdresp->resp2);
603 pr_debug("cmdresult:status=0x%04x resp0=0x%04x resp1=0x%04x resp2=0x%04x\n",
604 result->status, result->resp0, result->resp1, result->resp2);
606 return result->status & HFA384x_STATUS_RESULT;
610 usbctlx_get_rridresult(const struct hfa384x_usb_rridresp *rridresp,
611 struct hfa384x_rridresult *result)
613 result->rid = le16_to_cpu(rridresp->rid);
614 result->riddata = rridresp->data;
615 result->riddata_len = ((le16_to_cpu(rridresp->frmlen) - 1) * 2);
618 /*----------------------------------------------------------------
620 * This completor must be passed to hfa384x_usbctlx_complete_sync()
621 * when processing a CTLX that returns a struct hfa384x_cmdresult structure.
622 *----------------------------------------------------------------
624 struct usbctlx_cmd_completor {
625 struct usbctlx_completor head;
627 const struct hfa384x_usb_statusresp *cmdresp;
628 struct hfa384x_cmdresult *result;
631 static inline int usbctlx_cmd_completor_fn(struct usbctlx_completor *head)
633 struct usbctlx_cmd_completor *complete;
635 complete = (struct usbctlx_cmd_completor *)head;
636 return usbctlx_get_status(complete->cmdresp, complete->result);
639 static inline struct usbctlx_completor *
640 init_cmd_completor(struct usbctlx_cmd_completor *completor,
641 const struct hfa384x_usb_statusresp *cmdresp,
642 struct hfa384x_cmdresult *result)
644 completor->head.complete = usbctlx_cmd_completor_fn;
645 completor->cmdresp = cmdresp;
646 completor->result = result;
647 return &completor->head;
650 /*----------------------------------------------------------------
652 * This completor must be passed to hfa384x_usbctlx_complete_sync()
653 * when processing a CTLX that reads a RID.
654 *----------------------------------------------------------------
656 struct usbctlx_rrid_completor {
657 struct usbctlx_completor head;
659 const struct hfa384x_usb_rridresp *rridresp;
661 unsigned int riddatalen;
664 static int usbctlx_rrid_completor_fn(struct usbctlx_completor *head)
666 struct usbctlx_rrid_completor *complete;
667 struct hfa384x_rridresult rridresult;
669 complete = (struct usbctlx_rrid_completor *)head;
670 usbctlx_get_rridresult(complete->rridresp, &rridresult);
672 /* Validate the length, note body len calculation in bytes */
673 if (rridresult.riddata_len != complete->riddatalen) {
674 pr_warn("RID len mismatch, rid=0x%04x hlen=%d fwlen=%d\n",
676 complete->riddatalen, rridresult.riddata_len);
680 memcpy(complete->riddata, rridresult.riddata, complete->riddatalen);
684 static inline struct usbctlx_completor *
685 init_rrid_completor(struct usbctlx_rrid_completor *completor,
686 const struct hfa384x_usb_rridresp *rridresp,
688 unsigned int riddatalen)
690 completor->head.complete = usbctlx_rrid_completor_fn;
691 completor->rridresp = rridresp;
692 completor->riddata = riddata;
693 completor->riddatalen = riddatalen;
694 return &completor->head;
697 /*----------------------------------------------------------------
699 * Interprets the results of a synchronous RID-write
700 *----------------------------------------------------------------
702 #define init_wrid_completor init_cmd_completor
704 /*----------------------------------------------------------------
706 * Interprets the results of a synchronous memory-write
707 *----------------------------------------------------------------
709 #define init_wmem_completor init_cmd_completor
711 /*----------------------------------------------------------------
713 * Interprets the results of a synchronous memory-read
714 *----------------------------------------------------------------
716 struct usbctlx_rmem_completor {
717 struct usbctlx_completor head;
719 const struct hfa384x_usb_rmemresp *rmemresp;
724 static int usbctlx_rmem_completor_fn(struct usbctlx_completor *head)
726 struct usbctlx_rmem_completor *complete =
727 (struct usbctlx_rmem_completor *)head;
729 pr_debug("rmemresp:len=%d\n", complete->rmemresp->frmlen);
730 memcpy(complete->data, complete->rmemresp->data, complete->len);
734 static inline struct usbctlx_completor *
735 init_rmem_completor(struct usbctlx_rmem_completor *completor,
736 struct hfa384x_usb_rmemresp *rmemresp,
740 completor->head.complete = usbctlx_rmem_completor_fn;
741 completor->rmemresp = rmemresp;
742 completor->data = data;
743 completor->len = len;
744 return &completor->head;
747 /*----------------------------------------------------------------
750 * Ctlx_complete handler for async CMD type control exchanges.
751 * mark the hw struct as such.
753 * Note: If the handling is changed here, it should probably be
754 * changed in docmd as well.
758 * ctlx completed CTLX
767 *----------------------------------------------------------------
769 static void hfa384x_cb_status(struct hfa384x *hw,
770 const struct hfa384x_usbctlx *ctlx)
773 struct hfa384x_cmdresult cmdresult;
775 if (ctlx->state != CTLX_COMPLETE) {
776 memset(&cmdresult, 0, sizeof(cmdresult));
778 HFA384x_STATUS_RESULT_SET(HFA384x_CMD_ERR);
780 usbctlx_get_status(&ctlx->inbuf.cmdresp, &cmdresult);
783 ctlx->usercb(hw, &cmdresult, ctlx->usercb_data);
787 /*----------------------------------------------------------------
788 * hfa384x_cmd_initialize
790 * Issues the initialize command and sets the hw->state based
794 * hw device structure
798 * >0 f/w reported error - f/w status code
799 * <0 driver reported error
805 *----------------------------------------------------------------
807 int hfa384x_cmd_initialize(struct hfa384x *hw)
811 struct hfa384x_metacmd cmd;
813 cmd.cmd = HFA384x_CMDCODE_INIT;
818 result = hfa384x_docmd(hw, &cmd);
820 pr_debug("cmdresp.init: status=0x%04x, resp0=0x%04x, resp1=0x%04x, resp2=0x%04x\n",
822 cmd.result.resp0, cmd.result.resp1, cmd.result.resp2);
824 for (i = 0; i < HFA384x_NUMPORTS_MAX; i++)
825 hw->port_enabled[i] = 0;
828 hw->link_status = HFA384x_LINK_NOTCONNECTED;
833 /*----------------------------------------------------------------
834 * hfa384x_cmd_disable
836 * Issues the disable command to stop communications on one of
840 * hw device structure
841 * macport MAC port number (host order)
845 * >0 f/w reported failure - f/w status code
846 * <0 driver reported error (timeout|bad arg)
852 *----------------------------------------------------------------
854 int hfa384x_cmd_disable(struct hfa384x *hw, u16 macport)
856 struct hfa384x_metacmd cmd;
858 cmd.cmd = HFA384x_CMD_CMDCODE_SET(HFA384x_CMDCODE_DISABLE) |
859 HFA384x_CMD_MACPORT_SET(macport);
864 return hfa384x_docmd(hw, &cmd);
867 /*----------------------------------------------------------------
870 * Issues the enable command to enable communications on one of
874 * hw device structure
875 * macport MAC port number
879 * >0 f/w reported failure - f/w status code
880 * <0 driver reported error (timeout|bad arg)
886 *----------------------------------------------------------------
888 int hfa384x_cmd_enable(struct hfa384x *hw, u16 macport)
890 struct hfa384x_metacmd cmd;
892 cmd.cmd = HFA384x_CMD_CMDCODE_SET(HFA384x_CMDCODE_ENABLE) |
893 HFA384x_CMD_MACPORT_SET(macport);
898 return hfa384x_docmd(hw, &cmd);
901 /*----------------------------------------------------------------
902 * hfa384x_cmd_monitor
904 * Enables the 'monitor mode' of the MAC. Here's the description of
905 * monitor mode that I've received thus far:
907 * "The "monitor mode" of operation is that the MAC passes all
908 * frames for which the PLCP checks are correct. All received
909 * MPDUs are passed to the host with MAC Port = 7, with a
910 * receive status of good, FCS error, or undecryptable. Passing
911 * certain MPDUs is a violation of the 802.11 standard, but useful
912 * for a debugging tool." Normal communication is not possible
913 * while monitor mode is enabled.
916 * hw device structure
917 * enable a code (0x0b|0x0f) that enables/disables
918 * monitor mode. (host order)
922 * >0 f/w reported failure - f/w status code
923 * <0 driver reported error (timeout|bad arg)
929 *----------------------------------------------------------------
931 int hfa384x_cmd_monitor(struct hfa384x *hw, u16 enable)
933 struct hfa384x_metacmd cmd;
935 cmd.cmd = HFA384x_CMD_CMDCODE_SET(HFA384x_CMDCODE_MONITOR) |
936 HFA384x_CMD_AINFO_SET(enable);
941 return hfa384x_docmd(hw, &cmd);
944 /*----------------------------------------------------------------
945 * hfa384x_cmd_download
947 * Sets the controls for the MAC controller code/data download
948 * process. The arguments set the mode and address associated
949 * with a download. Note that the aux registers should be enabled
950 * prior to setting one of the download enable modes.
953 * hw device structure
954 * mode 0 - Disable programming and begin code exec
955 * 1 - Enable volatile mem programming
956 * 2 - Enable non-volatile mem programming
957 * 3 - Program non-volatile section from NV download
961 * highaddr For mode 1, sets the high & low order bits of
962 * the "destination address". This address will be
963 * the execution start address when download is
964 * subsequently disabled.
965 * For mode 2, sets the high & low order bits of
966 * the destination in NV ram.
967 * For modes 0 & 3, should be zero. (host order)
968 * NOTE: these are CMD format.
969 * codelen Length of the data to write in mode 2,
970 * zero otherwise. (host order)
974 * >0 f/w reported failure - f/w status code
975 * <0 driver reported error (timeout|bad arg)
981 *----------------------------------------------------------------
983 int hfa384x_cmd_download(struct hfa384x *hw, u16 mode, u16 lowaddr,
984 u16 highaddr, u16 codelen)
986 struct hfa384x_metacmd cmd;
988 pr_debug("mode=%d, lowaddr=0x%04x, highaddr=0x%04x, codelen=%d\n",
989 mode, lowaddr, highaddr, codelen);
991 cmd.cmd = (HFA384x_CMD_CMDCODE_SET(HFA384x_CMDCODE_DOWNLD) |
992 HFA384x_CMD_PROGMODE_SET(mode));
995 cmd.parm1 = highaddr;
998 return hfa384x_docmd(hw, &cmd);
1001 /*----------------------------------------------------------------
1004 * Perform a reset of the hfa38xx MAC core. We assume that the hw
1005 * structure is in its "created" state. That is, it is initialized
1006 * with proper values. Note that if a reset is done after the
1007 * device has been active for awhile, the caller might have to clean
1008 * up some leftover cruft in the hw structure.
1011 * hw device structure
1012 * holdtime how long (in ms) to hold the reset
1013 * settletime how long (in ms) to wait after releasing
1023 *----------------------------------------------------------------
1025 int hfa384x_corereset(struct hfa384x *hw, int holdtime,
1026 int settletime, int genesis)
1030 result = usb_reset_device(hw->usb);
1032 netdev_err(hw->wlandev->netdev, "usb_reset_device() failed, result=%d.\n",
1039 /*----------------------------------------------------------------
1040 * hfa384x_usbctlx_complete_sync
1042 * Waits for a synchronous CTLX object to complete,
1043 * and then handles the response.
1046 * hw device structure
1048 * completor functor object to decide what to
1049 * do with the CTLX's result.
1053 * -ERESTARTSYS Interrupted by a signal
1055 * -ENODEV Adapter was unplugged
1056 * ??? Result from completor
1062 *----------------------------------------------------------------
1064 static int hfa384x_usbctlx_complete_sync(struct hfa384x *hw,
1065 struct hfa384x_usbctlx *ctlx,
1066 struct usbctlx_completor *completor)
1068 unsigned long flags;
1071 result = wait_for_completion_interruptible(&ctlx->done);
1073 spin_lock_irqsave(&hw->ctlxq.lock, flags);
1076 * We can only handle the CTLX if the USB disconnect
1077 * function has not run yet ...
1080 if (hw->wlandev->hwremoved) {
1081 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
1083 } else if (result != 0) {
1087 * We were probably interrupted, so delete
1088 * this CTLX asynchronously, kill the timers
1089 * and the URB, and then start the next
1092 * NOTE: We can only delete the timers and
1093 * the URB if this CTLX is active.
1095 if (ctlx == get_active_ctlx(hw)) {
1096 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
1098 del_timer_sync(&hw->reqtimer);
1099 del_timer_sync(&hw->resptimer);
1100 hw->req_timer_done = 1;
1101 hw->resp_timer_done = 1;
1102 usb_kill_urb(&hw->ctlx_urb);
1104 spin_lock_irqsave(&hw->ctlxq.lock, flags);
1109 * This scenario is so unlikely that I'm
1110 * happy with a grubby "goto" solution ...
1112 if (hw->wlandev->hwremoved)
1117 * The completion task will send this CTLX
1118 * to the reaper the next time it runs. We
1119 * are no longer in a hurry.
1122 ctlx->state = CTLX_REQ_FAILED;
1123 list_move_tail(&ctlx->list, &hw->ctlxq.completing);
1125 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
1128 hfa384x_usbctlxq_run(hw);
1130 if (ctlx->state == CTLX_COMPLETE) {
1131 result = completor->complete(completor);
1133 netdev_warn(hw->wlandev->netdev, "CTLX[%d] error: state(%s)\n",
1134 le16_to_cpu(ctlx->outbuf.type),
1135 ctlxstr(ctlx->state));
1139 list_del(&ctlx->list);
1140 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
1147 /*----------------------------------------------------------------
1150 * Constructs a command CTLX and submits it.
1152 * NOTE: Any changes to the 'post-submit' code in this function
1153 * need to be carried over to hfa384x_cbcmd() since the handling
1154 * is virtually identical.
1157 * hw device structure
1158 * cmd cmd structure. Includes all arguments and result
1159 * data points. All in host order. in host order
1164 * -ERESTARTSYS Awakened on signal
1165 * >0 command indicated error, Status and Resp0-2 are
1173 *----------------------------------------------------------------
1176 hfa384x_docmd(struct hfa384x *hw,
1177 struct hfa384x_metacmd *cmd)
1180 struct hfa384x_usbctlx *ctlx;
1182 ctlx = usbctlx_alloc();
1188 /* Initialize the command */
1189 ctlx->outbuf.cmdreq.type = cpu_to_le16(HFA384x_USB_CMDREQ);
1190 ctlx->outbuf.cmdreq.cmd = cpu_to_le16(cmd->cmd);
1191 ctlx->outbuf.cmdreq.parm0 = cpu_to_le16(cmd->parm0);
1192 ctlx->outbuf.cmdreq.parm1 = cpu_to_le16(cmd->parm1);
1193 ctlx->outbuf.cmdreq.parm2 = cpu_to_le16(cmd->parm2);
1195 ctlx->outbufsize = sizeof(ctlx->outbuf.cmdreq);
1197 pr_debug("cmdreq: cmd=0x%04x parm0=0x%04x parm1=0x%04x parm2=0x%04x\n",
1198 cmd->cmd, cmd->parm0, cmd->parm1, cmd->parm2);
1200 ctlx->reapable = DOWAIT;
1202 ctlx->usercb = NULL;
1203 ctlx->usercb_data = NULL;
1205 result = hfa384x_usbctlx_submit(hw, ctlx);
1209 struct usbctlx_cmd_completor cmd_completor;
1210 struct usbctlx_completor *completor;
1212 completor = init_cmd_completor(&cmd_completor,
1213 &ctlx->inbuf.cmdresp,
1216 result = hfa384x_usbctlx_complete_sync(hw, ctlx, completor);
1223 /*----------------------------------------------------------------
1226 * Constructs a read rid CTLX and issues it.
1228 * NOTE: Any changes to the 'post-submit' code in this function
1229 * need to be carried over to hfa384x_cbrrid() since the handling
1230 * is virtually identical.
1233 * hw device structure
1234 * mode DOWAIT or DOASYNC
1235 * rid Read RID number (host order)
1236 * riddata Caller supplied buffer that MAC formatted RID.data
1237 * record will be written to for DOWAIT calls. Should
1238 * be NULL for DOASYNC calls.
1239 * riddatalen Buffer length for DOWAIT calls. Zero for DOASYNC calls.
1240 * cmdcb command callback for async calls, NULL for DOWAIT calls
1241 * usercb user callback for async calls, NULL for DOWAIT calls
1242 * usercb_data user supplied data pointer for async calls, NULL
1248 * -ERESTARTSYS Awakened on signal
1249 * -ENODATA riddatalen != macdatalen
1250 * >0 command indicated error, Status and Resp0-2 are
1256 * interrupt (DOASYNC)
1257 * process (DOWAIT or DOASYNC)
1258 *----------------------------------------------------------------
1261 hfa384x_dorrid(struct hfa384x *hw,
1265 unsigned int riddatalen,
1266 ctlx_cmdcb_t cmdcb, ctlx_usercb_t usercb, void *usercb_data)
1269 struct hfa384x_usbctlx *ctlx;
1271 ctlx = usbctlx_alloc();
1277 /* Initialize the command */
1278 ctlx->outbuf.rridreq.type = cpu_to_le16(HFA384x_USB_RRIDREQ);
1279 ctlx->outbuf.rridreq.frmlen =
1280 cpu_to_le16(sizeof(ctlx->outbuf.rridreq.rid));
1281 ctlx->outbuf.rridreq.rid = cpu_to_le16(rid);
1283 ctlx->outbufsize = sizeof(ctlx->outbuf.rridreq);
1285 ctlx->reapable = mode;
1286 ctlx->cmdcb = cmdcb;
1287 ctlx->usercb = usercb;
1288 ctlx->usercb_data = usercb_data;
1290 /* Submit the CTLX */
1291 result = hfa384x_usbctlx_submit(hw, ctlx);
1294 } else if (mode == DOWAIT) {
1295 struct usbctlx_rrid_completor completor;
1298 hfa384x_usbctlx_complete_sync(hw, ctlx,
1301 &ctlx->inbuf.rridresp,
1302 riddata, riddatalen));
1309 /*----------------------------------------------------------------
1312 * Constructs a write rid CTLX and issues it.
1314 * NOTE: Any changes to the 'post-submit' code in this function
1315 * need to be carried over to hfa384x_cbwrid() since the handling
1316 * is virtually identical.
1319 * hw device structure
1320 * enum cmd_mode DOWAIT or DOASYNC
1322 * riddata Data portion of RID formatted for MAC
1323 * riddatalen Length of the data portion in bytes
1324 * cmdcb command callback for async calls, NULL for DOWAIT calls
1325 * usercb user callback for async calls, NULL for DOWAIT calls
1326 * usercb_data user supplied data pointer for async calls
1330 * -ETIMEDOUT timed out waiting for register ready or
1331 * command completion
1332 * >0 command indicated error, Status and Resp0-2 are
1338 * interrupt (DOASYNC)
1339 * process (DOWAIT or DOASYNC)
1340 *----------------------------------------------------------------
1343 hfa384x_dowrid(struct hfa384x *hw,
1347 unsigned int riddatalen,
1348 ctlx_cmdcb_t cmdcb, ctlx_usercb_t usercb, void *usercb_data)
1351 struct hfa384x_usbctlx *ctlx;
1353 ctlx = usbctlx_alloc();
1359 /* Initialize the command */
1360 ctlx->outbuf.wridreq.type = cpu_to_le16(HFA384x_USB_WRIDREQ);
1361 ctlx->outbuf.wridreq.frmlen = cpu_to_le16((sizeof
1362 (ctlx->outbuf.wridreq.rid) +
1363 riddatalen + 1) / 2);
1364 ctlx->outbuf.wridreq.rid = cpu_to_le16(rid);
1365 memcpy(ctlx->outbuf.wridreq.data, riddata, riddatalen);
1367 ctlx->outbufsize = sizeof(ctlx->outbuf.wridreq.type) +
1368 sizeof(ctlx->outbuf.wridreq.frmlen) +
1369 sizeof(ctlx->outbuf.wridreq.rid) + riddatalen;
1371 ctlx->reapable = mode;
1372 ctlx->cmdcb = cmdcb;
1373 ctlx->usercb = usercb;
1374 ctlx->usercb_data = usercb_data;
1376 /* Submit the CTLX */
1377 result = hfa384x_usbctlx_submit(hw, ctlx);
1380 } else if (mode == DOWAIT) {
1381 struct usbctlx_cmd_completor completor;
1382 struct hfa384x_cmdresult wridresult;
1384 result = hfa384x_usbctlx_complete_sync(hw,
1388 &ctlx->inbuf.wridresp,
1396 /*----------------------------------------------------------------
1399 * Constructs a readmem CTLX and issues it.
1401 * NOTE: Any changes to the 'post-submit' code in this function
1402 * need to be carried over to hfa384x_cbrmem() since the handling
1403 * is virtually identical.
1406 * hw device structure
1407 * page MAC address space page (CMD format)
1408 * offset MAC address space offset
1409 * data Ptr to data buffer to receive read
1410 * len Length of the data to read (max == 2048)
1414 * -ETIMEDOUT timed out waiting for register ready or
1415 * command completion
1416 * >0 command indicated error, Status and Resp0-2 are
1423 *----------------------------------------------------------------
1426 hfa384x_dormem(struct hfa384x *hw,
1433 struct hfa384x_usbctlx *ctlx;
1435 ctlx = usbctlx_alloc();
1441 /* Initialize the command */
1442 ctlx->outbuf.rmemreq.type = cpu_to_le16(HFA384x_USB_RMEMREQ);
1443 ctlx->outbuf.rmemreq.frmlen =
1444 cpu_to_le16(sizeof(ctlx->outbuf.rmemreq.offset) +
1445 sizeof(ctlx->outbuf.rmemreq.page) + len);
1446 ctlx->outbuf.rmemreq.offset = cpu_to_le16(offset);
1447 ctlx->outbuf.rmemreq.page = cpu_to_le16(page);
1449 ctlx->outbufsize = sizeof(ctlx->outbuf.rmemreq);
1451 pr_debug("type=0x%04x frmlen=%d offset=0x%04x page=0x%04x\n",
1452 ctlx->outbuf.rmemreq.type,
1453 ctlx->outbuf.rmemreq.frmlen,
1454 ctlx->outbuf.rmemreq.offset, ctlx->outbuf.rmemreq.page);
1456 pr_debug("pktsize=%zd\n", ROUNDUP64(sizeof(ctlx->outbuf.rmemreq)));
1458 ctlx->reapable = DOWAIT;
1460 ctlx->usercb = NULL;
1461 ctlx->usercb_data = NULL;
1463 result = hfa384x_usbctlx_submit(hw, ctlx);
1467 struct usbctlx_rmem_completor completor;
1470 hfa384x_usbctlx_complete_sync(hw, ctlx,
1473 &ctlx->inbuf.rmemresp, data,
1481 /*----------------------------------------------------------------
1484 * Constructs a writemem CTLX and issues it.
1486 * NOTE: Any changes to the 'post-submit' code in this function
1487 * need to be carried over to hfa384x_cbwmem() since the handling
1488 * is virtually identical.
1491 * hw device structure
1492 * page MAC address space page (CMD format)
1493 * offset MAC address space offset
1494 * data Ptr to data buffer containing write data
1495 * len Length of the data to read (max == 2048)
1499 * -ETIMEDOUT timed out waiting for register ready or
1500 * command completion
1501 * >0 command indicated error, Status and Resp0-2 are
1507 * interrupt (DOWAIT)
1509 *----------------------------------------------------------------
1512 hfa384x_dowmem(struct hfa384x *hw,
1519 struct hfa384x_usbctlx *ctlx;
1521 pr_debug("page=0x%04x offset=0x%04x len=%d\n", page, offset, len);
1523 ctlx = usbctlx_alloc();
1529 /* Initialize the command */
1530 ctlx->outbuf.wmemreq.type = cpu_to_le16(HFA384x_USB_WMEMREQ);
1531 ctlx->outbuf.wmemreq.frmlen =
1532 cpu_to_le16(sizeof(ctlx->outbuf.wmemreq.offset) +
1533 sizeof(ctlx->outbuf.wmemreq.page) + len);
1534 ctlx->outbuf.wmemreq.offset = cpu_to_le16(offset);
1535 ctlx->outbuf.wmemreq.page = cpu_to_le16(page);
1536 memcpy(ctlx->outbuf.wmemreq.data, data, len);
1538 ctlx->outbufsize = sizeof(ctlx->outbuf.wmemreq.type) +
1539 sizeof(ctlx->outbuf.wmemreq.frmlen) +
1540 sizeof(ctlx->outbuf.wmemreq.offset) +
1541 sizeof(ctlx->outbuf.wmemreq.page) + len;
1543 ctlx->reapable = DOWAIT;
1545 ctlx->usercb = NULL;
1546 ctlx->usercb_data = NULL;
1548 result = hfa384x_usbctlx_submit(hw, ctlx);
1552 struct usbctlx_cmd_completor completor;
1553 struct hfa384x_cmdresult wmemresult;
1555 result = hfa384x_usbctlx_complete_sync(hw,
1559 &ctlx->inbuf.wmemresp,
1567 /*----------------------------------------------------------------
1568 * hfa384x_drvr_disable
1570 * Issues the disable command to stop communications on one of
1571 * the MACs 'ports'. Only macport 0 is valid for stations.
1572 * APs may also disable macports 1-6. Only ports that have been
1573 * previously enabled may be disabled.
1576 * hw device structure
1577 * macport MAC port number (host order)
1581 * >0 f/w reported failure - f/w status code
1582 * <0 driver reported error (timeout|bad arg)
1588 *----------------------------------------------------------------
1590 int hfa384x_drvr_disable(struct hfa384x *hw, u16 macport)
1594 if ((!hw->isap && macport != 0) ||
1595 (hw->isap && !(macport <= HFA384x_PORTID_MAX)) ||
1596 !(hw->port_enabled[macport])) {
1599 result = hfa384x_cmd_disable(hw, macport);
1601 hw->port_enabled[macport] = 0;
1606 /*----------------------------------------------------------------
1607 * hfa384x_drvr_enable
1609 * Issues the enable command to enable communications on one of
1610 * the MACs 'ports'. Only macport 0 is valid for stations.
1611 * APs may also enable macports 1-6. Only ports that are currently
1612 * disabled may be enabled.
1615 * hw device structure
1616 * macport MAC port number
1620 * >0 f/w reported failure - f/w status code
1621 * <0 driver reported error (timeout|bad arg)
1627 *----------------------------------------------------------------
1629 int hfa384x_drvr_enable(struct hfa384x *hw, u16 macport)
1633 if ((!hw->isap && macport != 0) ||
1634 (hw->isap && !(macport <= HFA384x_PORTID_MAX)) ||
1635 (hw->port_enabled[macport])) {
1638 result = hfa384x_cmd_enable(hw, macport);
1640 hw->port_enabled[macport] = 1;
1645 /*----------------------------------------------------------------
1646 * hfa384x_drvr_flashdl_enable
1648 * Begins the flash download state. Checks to see that we're not
1649 * already in a download state and that a port isn't enabled.
1650 * Sets the download state and retrieves the flash download
1651 * buffer location, buffer size, and timeout length.
1654 * hw device structure
1658 * >0 f/w reported error - f/w status code
1659 * <0 driver reported error
1665 *----------------------------------------------------------------
1667 int hfa384x_drvr_flashdl_enable(struct hfa384x *hw)
1672 /* Check that a port isn't active */
1673 for (i = 0; i < HFA384x_PORTID_MAX; i++) {
1674 if (hw->port_enabled[i]) {
1675 pr_debug("called when port enabled.\n");
1680 /* Check that we're not already in a download state */
1681 if (hw->dlstate != HFA384x_DLSTATE_DISABLED)
1684 /* Retrieve the buffer loc&size and timeout */
1685 result = hfa384x_drvr_getconfig(hw, HFA384x_RID_DOWNLOADBUFFER,
1686 &hw->bufinfo, sizeof(hw->bufinfo));
1690 le16_to_cpus(&hw->bufinfo.page);
1691 le16_to_cpus(&hw->bufinfo.offset);
1692 le16_to_cpus(&hw->bufinfo.len);
1693 result = hfa384x_drvr_getconfig16(hw, HFA384x_RID_MAXLOADTIME,
1698 le16_to_cpus(&hw->dltimeout);
1700 pr_debug("flashdl_enable\n");
1702 hw->dlstate = HFA384x_DLSTATE_FLASHENABLED;
1707 /*----------------------------------------------------------------
1708 * hfa384x_drvr_flashdl_disable
1710 * Ends the flash download state. Note that this will cause the MAC
1711 * firmware to restart.
1714 * hw device structure
1718 * >0 f/w reported error - f/w status code
1719 * <0 driver reported error
1725 *----------------------------------------------------------------
1727 int hfa384x_drvr_flashdl_disable(struct hfa384x *hw)
1729 /* Check that we're already in the download state */
1730 if (hw->dlstate != HFA384x_DLSTATE_FLASHENABLED)
1733 pr_debug("flashdl_enable\n");
1735 /* There isn't much we can do at this point, so I don't */
1736 /* bother w/ the return value */
1737 hfa384x_cmd_download(hw, HFA384x_PROGMODE_DISABLE, 0, 0, 0);
1738 hw->dlstate = HFA384x_DLSTATE_DISABLED;
1743 /*----------------------------------------------------------------
1744 * hfa384x_drvr_flashdl_write
1746 * Performs a FLASH download of a chunk of data. First checks to see
1747 * that we're in the FLASH download state, then sets the download
1748 * mode, uses the aux functions to 1) copy the data to the flash
1749 * buffer, 2) sets the download 'write flash' mode, 3) readback and
1750 * compare. Lather rinse, repeat as many times an necessary to get
1751 * all the given data into flash.
1752 * When all data has been written using this function (possibly
1753 * repeatedly), call drvr_flashdl_disable() to end the download state
1754 * and restart the MAC.
1757 * hw device structure
1758 * daddr Card address to write to. (host order)
1759 * buf Ptr to data to write.
1760 * len Length of data (host order).
1764 * >0 f/w reported error - f/w status code
1765 * <0 driver reported error
1771 *----------------------------------------------------------------
1773 int hfa384x_drvr_flashdl_write(struct hfa384x *hw, u32 daddr,
1791 pr_debug("daddr=0x%08x len=%d\n", daddr, len);
1793 /* Check that we're in the flash download state */
1794 if (hw->dlstate != HFA384x_DLSTATE_FLASHENABLED)
1797 netdev_info(hw->wlandev->netdev,
1798 "Download %d bytes to flash @0x%06x\n", len, daddr);
1800 /* Convert to flat address for arithmetic */
1801 /* NOTE: dlbuffer RID stores the address in AUX format */
1803 HFA384x_ADDR_AUX_MKFLAT(hw->bufinfo.page, hw->bufinfo.offset);
1804 pr_debug("dlbuf.page=0x%04x dlbuf.offset=0x%04x dlbufaddr=0x%08x\n",
1805 hw->bufinfo.page, hw->bufinfo.offset, dlbufaddr);
1806 /* Calculations to determine how many fills of the dlbuffer to do
1807 * and how many USB wmemreq's to do for each fill. At this point
1808 * in time, the dlbuffer size and the wmemreq size are the same.
1809 * Therefore, nwrites should always be 1. The extra complexity
1810 * here is a hedge against future changes.
1813 /* Figure out how many times to do the flash programming */
1814 nburns = len / hw->bufinfo.len;
1815 nburns += (len % hw->bufinfo.len) ? 1 : 0;
1817 /* For each flash program cycle, how many USB wmemreq's are needed? */
1818 nwrites = hw->bufinfo.len / HFA384x_USB_RWMEM_MAXLEN;
1819 nwrites += (hw->bufinfo.len % HFA384x_USB_RWMEM_MAXLEN) ? 1 : 0;
1822 for (i = 0; i < nburns; i++) {
1823 /* Get the dest address and len */
1824 burnlen = (len - (hw->bufinfo.len * i)) > hw->bufinfo.len ?
1825 hw->bufinfo.len : (len - (hw->bufinfo.len * i));
1826 burndaddr = daddr + (hw->bufinfo.len * i);
1827 burnlo = HFA384x_ADDR_CMD_MKOFF(burndaddr);
1828 burnhi = HFA384x_ADDR_CMD_MKPAGE(burndaddr);
1830 netdev_info(hw->wlandev->netdev, "Writing %d bytes to flash @0x%06x\n",
1831 burnlen, burndaddr);
1833 /* Set the download mode */
1834 result = hfa384x_cmd_download(hw, HFA384x_PROGMODE_NV,
1835 burnlo, burnhi, burnlen);
1837 netdev_err(hw->wlandev->netdev,
1838 "download(NV,lo=%x,hi=%x,len=%x) cmd failed, result=%d. Aborting d/l\n",
1839 burnlo, burnhi, burnlen, result);
1843 /* copy the data to the flash download buffer */
1844 for (j = 0; j < nwrites; j++) {
1846 (i * hw->bufinfo.len) +
1847 (j * HFA384x_USB_RWMEM_MAXLEN);
1849 writepage = HFA384x_ADDR_CMD_MKPAGE(dlbufaddr +
1850 (j * HFA384x_USB_RWMEM_MAXLEN));
1851 writeoffset = HFA384x_ADDR_CMD_MKOFF(dlbufaddr +
1852 (j * HFA384x_USB_RWMEM_MAXLEN));
1854 writelen = burnlen - (j * HFA384x_USB_RWMEM_MAXLEN);
1855 writelen = writelen > HFA384x_USB_RWMEM_MAXLEN ?
1856 HFA384x_USB_RWMEM_MAXLEN : writelen;
1858 result = hfa384x_dowmem(hw,
1861 writebuf, writelen);
1864 /* set the download 'write flash' mode */
1865 result = hfa384x_cmd_download(hw,
1866 HFA384x_PROGMODE_NVWRITE,
1869 netdev_err(hw->wlandev->netdev,
1870 "download(NVWRITE,lo=%x,hi=%x,len=%x) cmd failed, result=%d. Aborting d/l\n",
1871 burnlo, burnhi, burnlen, result);
1875 /* TODO: We really should do a readback and compare. */
1880 /* Leave the firmware in the 'post-prog' mode. flashdl_disable will */
1881 /* actually disable programming mode. Remember, that will cause the */
1882 /* the firmware to effectively reset itself. */
1887 /*----------------------------------------------------------------
1888 * hfa384x_drvr_getconfig
1890 * Performs the sequence necessary to read a config/info item.
1893 * hw device structure
1894 * rid config/info record id (host order)
1895 * buf host side record buffer. Upon return it will
1896 * contain the body portion of the record (minus the
1898 * len buffer length (in bytes, should match record length)
1902 * >0 f/w reported error - f/w status code
1903 * <0 driver reported error
1904 * -ENODATA length mismatch between argument and retrieved
1911 *----------------------------------------------------------------
1913 int hfa384x_drvr_getconfig(struct hfa384x *hw, u16 rid, void *buf, u16 len)
1915 return hfa384x_dorrid(hw, DOWAIT, rid, buf, len, NULL, NULL, NULL);
1918 /*----------------------------------------------------------------
1919 * hfa384x_drvr_setconfig_async
1921 * Performs the sequence necessary to write a config/info item.
1924 * hw device structure
1925 * rid config/info record id (in host order)
1926 * buf host side record buffer
1927 * len buffer length (in bytes)
1928 * usercb completion callback
1929 * usercb_data completion callback argument
1933 * >0 f/w reported error - f/w status code
1934 * <0 driver reported error
1940 *----------------------------------------------------------------
1943 hfa384x_drvr_setconfig_async(struct hfa384x *hw,
1946 u16 len, ctlx_usercb_t usercb, void *usercb_data)
1948 return hfa384x_dowrid(hw, DOASYNC, rid, buf, len, hfa384x_cb_status,
1949 usercb, usercb_data);
1952 /*----------------------------------------------------------------
1953 * hfa384x_drvr_ramdl_disable
1955 * Ends the ram download state.
1958 * hw device structure
1962 * >0 f/w reported error - f/w status code
1963 * <0 driver reported error
1969 *----------------------------------------------------------------
1971 int hfa384x_drvr_ramdl_disable(struct hfa384x *hw)
1973 /* Check that we're already in the download state */
1974 if (hw->dlstate != HFA384x_DLSTATE_RAMENABLED)
1977 pr_debug("ramdl_disable()\n");
1979 /* There isn't much we can do at this point, so I don't */
1980 /* bother w/ the return value */
1981 hfa384x_cmd_download(hw, HFA384x_PROGMODE_DISABLE, 0, 0, 0);
1982 hw->dlstate = HFA384x_DLSTATE_DISABLED;
1987 /*----------------------------------------------------------------
1988 * hfa384x_drvr_ramdl_enable
1990 * Begins the ram download state. Checks to see that we're not
1991 * already in a download state and that a port isn't enabled.
1992 * Sets the download state and calls cmd_download with the
1993 * ENABLE_VOLATILE subcommand and the exeaddr argument.
1996 * hw device structure
1997 * exeaddr the card execution address that will be
1998 * jumped to when ramdl_disable() is called
2003 * >0 f/w reported error - f/w status code
2004 * <0 driver reported error
2010 *----------------------------------------------------------------
2012 int hfa384x_drvr_ramdl_enable(struct hfa384x *hw, u32 exeaddr)
2019 /* Check that a port isn't active */
2020 for (i = 0; i < HFA384x_PORTID_MAX; i++) {
2021 if (hw->port_enabled[i]) {
2022 netdev_err(hw->wlandev->netdev,
2023 "Can't download with a macport enabled.\n");
2028 /* Check that we're not already in a download state */
2029 if (hw->dlstate != HFA384x_DLSTATE_DISABLED) {
2030 netdev_err(hw->wlandev->netdev,
2031 "Download state not disabled.\n");
2035 pr_debug("ramdl_enable, exeaddr=0x%08x\n", exeaddr);
2037 /* Call the download(1,addr) function */
2038 lowaddr = HFA384x_ADDR_CMD_MKOFF(exeaddr);
2039 hiaddr = HFA384x_ADDR_CMD_MKPAGE(exeaddr);
2041 result = hfa384x_cmd_download(hw, HFA384x_PROGMODE_RAM,
2042 lowaddr, hiaddr, 0);
2045 /* Set the download state */
2046 hw->dlstate = HFA384x_DLSTATE_RAMENABLED;
2048 pr_debug("cmd_download(0x%04x, 0x%04x) failed, result=%d.\n",
2049 lowaddr, hiaddr, result);
2055 /*----------------------------------------------------------------
2056 * hfa384x_drvr_ramdl_write
2058 * Performs a RAM download of a chunk of data. First checks to see
2059 * that we're in the RAM download state, then uses the [read|write]mem USB
2060 * commands to 1) copy the data, 2) readback and compare. The download
2061 * state is unaffected. When all data has been written using
2062 * this function, call drvr_ramdl_disable() to end the download state
2063 * and restart the MAC.
2066 * hw device structure
2067 * daddr Card address to write to. (host order)
2068 * buf Ptr to data to write.
2069 * len Length of data (host order).
2073 * >0 f/w reported error - f/w status code
2074 * <0 driver reported error
2080 *----------------------------------------------------------------
2082 int hfa384x_drvr_ramdl_write(struct hfa384x *hw, u32 daddr, void *buf, u32 len)
2093 /* Check that we're in the ram download state */
2094 if (hw->dlstate != HFA384x_DLSTATE_RAMENABLED)
2097 netdev_info(hw->wlandev->netdev, "Writing %d bytes to ram @0x%06x\n",
2100 /* How many dowmem calls? */
2101 nwrites = len / HFA384x_USB_RWMEM_MAXLEN;
2102 nwrites += len % HFA384x_USB_RWMEM_MAXLEN ? 1 : 0;
2104 /* Do blocking wmem's */
2105 for (i = 0; i < nwrites; i++) {
2106 /* make address args */
2107 curraddr = daddr + (i * HFA384x_USB_RWMEM_MAXLEN);
2108 currpage = HFA384x_ADDR_CMD_MKPAGE(curraddr);
2109 curroffset = HFA384x_ADDR_CMD_MKOFF(curraddr);
2110 currlen = len - (i * HFA384x_USB_RWMEM_MAXLEN);
2111 if (currlen > HFA384x_USB_RWMEM_MAXLEN)
2112 currlen = HFA384x_USB_RWMEM_MAXLEN;
2114 /* Do blocking ctlx */
2115 result = hfa384x_dowmem(hw,
2118 data + (i * HFA384x_USB_RWMEM_MAXLEN),
2124 /* TODO: We really should have a readback. */
2130 /*----------------------------------------------------------------
2131 * hfa384x_drvr_readpda
2133 * Performs the sequence to read the PDA space. Note there is no
2134 * drvr_writepda() function. Writing a PDA is
2135 * generally implemented by a calling component via calls to
2136 * cmd_download and writing to the flash download buffer via the
2140 * hw device structure
2141 * buf buffer to store PDA in
2146 * >0 f/w reported error - f/w status code
2147 * <0 driver reported error
2148 * -ETIMEDOUT timeout waiting for the cmd regs to become
2149 * available, or waiting for the control reg
2150 * to indicate the Aux port is enabled.
2151 * -ENODATA the buffer does NOT contain a valid PDA.
2152 * Either the card PDA is bad, or the auxdata
2153 * reads are giving us garbage.
2159 * process or non-card interrupt.
2160 *----------------------------------------------------------------
2162 int hfa384x_drvr_readpda(struct hfa384x *hw, void *buf, unsigned int len)
2168 int currpdr = 0; /* word offset of the current pdr */
2170 u16 pdrlen; /* pdr length in bytes, host order */
2171 u16 pdrcode; /* pdr code, host order */
2179 HFA3842_PDA_BASE, 0}, {
2180 HFA3841_PDA_BASE, 0}, {
2181 HFA3841_PDA_BOGUS_BASE, 0}
2184 /* Read the pda from each known address. */
2185 for (i = 0; i < ARRAY_SIZE(pdaloc); i++) {
2187 currpage = HFA384x_ADDR_CMD_MKPAGE(pdaloc[i].cardaddr);
2188 curroffset = HFA384x_ADDR_CMD_MKOFF(pdaloc[i].cardaddr);
2190 /* units of bytes */
2191 result = hfa384x_dormem(hw, currpage, curroffset, buf,
2195 netdev_warn(hw->wlandev->netdev,
2196 "Read from index %zd failed, continuing\n",
2201 /* Test for garbage */
2202 pdaok = 1; /* initially assume good */
2204 while (pdaok && morepdrs) {
2205 pdrlen = le16_to_cpu(pda[currpdr]) * 2;
2206 pdrcode = le16_to_cpu(pda[currpdr + 1]);
2207 /* Test the record length */
2208 if (pdrlen > HFA384x_PDR_LEN_MAX || pdrlen == 0) {
2209 netdev_err(hw->wlandev->netdev,
2210 "pdrlen invalid=%d\n", pdrlen);
2215 if (!hfa384x_isgood_pdrcode(pdrcode)) {
2216 netdev_err(hw->wlandev->netdev, "pdrcode invalid=%d\n",
2221 /* Test for completion */
2222 if (pdrcode == HFA384x_PDR_END_OF_PDA)
2225 /* Move to the next pdr (if necessary) */
2227 /* note the access to pda[], need words here */
2228 currpdr += le16_to_cpu(pda[currpdr]) + 1;
2232 netdev_info(hw->wlandev->netdev,
2233 "PDA Read from 0x%08x in %s space.\n",
2235 pdaloc[i].auxctl == 0 ? "EXTDS" :
2236 pdaloc[i].auxctl == 1 ? "NV" :
2237 pdaloc[i].auxctl == 2 ? "PHY" :
2238 pdaloc[i].auxctl == 3 ? "ICSRAM" :
2243 result = pdaok ? 0 : -ENODATA;
2246 pr_debug("Failure: pda is not okay\n");
2251 /*----------------------------------------------------------------
2252 * hfa384x_drvr_setconfig
2254 * Performs the sequence necessary to write a config/info item.
2257 * hw device structure
2258 * rid config/info record id (in host order)
2259 * buf host side record buffer
2260 * len buffer length (in bytes)
2264 * >0 f/w reported error - f/w status code
2265 * <0 driver reported error
2271 *----------------------------------------------------------------
2273 int hfa384x_drvr_setconfig(struct hfa384x *hw, u16 rid, void *buf, u16 len)
2275 return hfa384x_dowrid(hw, DOWAIT, rid, buf, len, NULL, NULL, NULL);
2278 /*----------------------------------------------------------------
2279 * hfa384x_drvr_start
2281 * Issues the MAC initialize command, sets up some data structures,
2282 * and enables the interrupts. After this function completes, the
2283 * low-level stuff should be ready for any/all commands.
2286 * hw device structure
2289 * >0 f/w reported error - f/w status code
2290 * <0 driver reported error
2296 *----------------------------------------------------------------
2298 int hfa384x_drvr_start(struct hfa384x *hw)
2300 int result, result1, result2;
2305 /* Clear endpoint stalls - but only do this if the endpoint
2306 * is showing a stall status. Some prism2 cards seem to behave
2307 * badly if a clear_halt is called when the endpoint is already
2311 usb_get_std_status(hw->usb, USB_RECIP_ENDPOINT, hw->endp_in,
2314 netdev_err(hw->wlandev->netdev, "Cannot get bulk in endpoint status.\n");
2317 if ((status == 1) && usb_clear_halt(hw->usb, hw->endp_in))
2318 netdev_err(hw->wlandev->netdev, "Failed to reset bulk in endpoint.\n");
2321 usb_get_std_status(hw->usb, USB_RECIP_ENDPOINT, hw->endp_out,
2324 netdev_err(hw->wlandev->netdev, "Cannot get bulk out endpoint status.\n");
2327 if ((status == 1) && usb_clear_halt(hw->usb, hw->endp_out))
2328 netdev_err(hw->wlandev->netdev, "Failed to reset bulk out endpoint.\n");
2330 /* Synchronous unlink, in case we're trying to restart the driver */
2331 usb_kill_urb(&hw->rx_urb);
2333 /* Post the IN urb */
2334 result = submit_rx_urb(hw, GFP_KERNEL);
2336 netdev_err(hw->wlandev->netdev,
2337 "Fatal, failed to submit RX URB, result=%d\n",
2342 /* Call initialize twice, with a 1 second sleep in between.
2343 * This is a nasty work-around since many prism2 cards seem to
2344 * need time to settle after an init from cold. The second
2345 * call to initialize in theory is not necessary - but we call
2346 * it anyway as a double insurance policy:
2347 * 1) If the first init should fail, the second may well succeed
2348 * and the card can still be used
2349 * 2) It helps ensures all is well with the card after the first
2350 * init and settle time.
2352 result1 = hfa384x_cmd_initialize(hw);
2354 result = hfa384x_cmd_initialize(hw);
2358 netdev_err(hw->wlandev->netdev,
2359 "cmd_initialize() failed on two attempts, results %d and %d\n",
2361 usb_kill_urb(&hw->rx_urb);
2364 pr_debug("First cmd_initialize() failed (result %d),\n",
2366 pr_debug("but second attempt succeeded. All should be ok\n");
2368 } else if (result2 != 0) {
2369 netdev_warn(hw->wlandev->netdev, "First cmd_initialize() succeeded, but second attempt failed (result=%d)\n",
2371 netdev_warn(hw->wlandev->netdev,
2372 "Most likely the card will be functional\n");
2376 hw->state = HFA384x_STATE_RUNNING;
2382 /*----------------------------------------------------------------
2385 * Shuts down the MAC to the point where it is safe to unload the
2386 * driver. Any subsystem that may be holding a data or function
2387 * ptr into the driver must be cleared/deinitialized.
2390 * hw device structure
2393 * >0 f/w reported error - f/w status code
2394 * <0 driver reported error
2400 *----------------------------------------------------------------
2402 int hfa384x_drvr_stop(struct hfa384x *hw)
2408 /* There's no need for spinlocks here. The USB "disconnect"
2409 * function sets this "removed" flag and then calls us.
2411 if (!hw->wlandev->hwremoved) {
2412 /* Call initialize to leave the MAC in its 'reset' state */
2413 hfa384x_cmd_initialize(hw);
2415 /* Cancel the rxurb */
2416 usb_kill_urb(&hw->rx_urb);
2419 hw->link_status = HFA384x_LINK_NOTCONNECTED;
2420 hw->state = HFA384x_STATE_INIT;
2422 del_timer_sync(&hw->commsqual_timer);
2424 /* Clear all the port status */
2425 for (i = 0; i < HFA384x_NUMPORTS_MAX; i++)
2426 hw->port_enabled[i] = 0;
2431 /*----------------------------------------------------------------
2432 * hfa384x_drvr_txframe
2434 * Takes a frame from prism2sta and queues it for transmission.
2437 * hw device structure
2438 * skb packet buffer struct. Contains an 802.11
2440 * p80211_hdr points to the 802.11 header for the packet.
2442 * 0 Success and more buffs available
2443 * 1 Success but no more buffs
2444 * 2 Allocation failure
2445 * 4 Buffer full or queue busy
2451 *----------------------------------------------------------------
2453 int hfa384x_drvr_txframe(struct hfa384x *hw, struct sk_buff *skb,
2454 struct p80211_hdr *p80211_hdr,
2455 struct p80211_metawep *p80211_wep)
2457 int usbpktlen = sizeof(struct hfa384x_tx_frame);
2462 if (hw->tx_urb.status == -EINPROGRESS) {
2463 netdev_warn(hw->wlandev->netdev, "TX URB already in use\n");
2468 /* Build Tx frame structure */
2469 /* Set up the control field */
2470 memset(&hw->txbuff.txfrm.desc, 0, sizeof(hw->txbuff.txfrm.desc));
2472 /* Setup the usb type field */
2473 hw->txbuff.type = cpu_to_le16(HFA384x_USB_TXFRM);
2475 /* Set up the sw_support field to identify this frame */
2476 hw->txbuff.txfrm.desc.sw_support = 0x0123;
2478 /* Tx complete and Tx exception disable per dleach. Might be causing
2481 /* #define DOEXC SLP -- doboth breaks horribly under load, doexc less so. */
2483 hw->txbuff.txfrm.desc.tx_control =
2484 HFA384x_TX_MACPORT_SET(0) | HFA384x_TX_STRUCTYPE_SET(1) |
2485 HFA384x_TX_TXEX_SET(1) | HFA384x_TX_TXOK_SET(1);
2486 #elif defined(DOEXC)
2487 hw->txbuff.txfrm.desc.tx_control =
2488 HFA384x_TX_MACPORT_SET(0) | HFA384x_TX_STRUCTYPE_SET(1) |
2489 HFA384x_TX_TXEX_SET(1) | HFA384x_TX_TXOK_SET(0);
2491 hw->txbuff.txfrm.desc.tx_control =
2492 HFA384x_TX_MACPORT_SET(0) | HFA384x_TX_STRUCTYPE_SET(1) |
2493 HFA384x_TX_TXEX_SET(0) | HFA384x_TX_TXOK_SET(0);
2495 cpu_to_le16s(&hw->txbuff.txfrm.desc.tx_control);
2497 /* copy the header over to the txdesc */
2498 hw->txbuff.txfrm.desc.hdr = *p80211_hdr;
2500 /* if we're using host WEP, increase size by IV+ICV */
2501 if (p80211_wep->data) {
2502 hw->txbuff.txfrm.desc.data_len = cpu_to_le16(skb->len + 8);
2505 hw->txbuff.txfrm.desc.data_len = cpu_to_le16(skb->len);
2508 usbpktlen += skb->len;
2510 /* copy over the WEP IV if we are using host WEP */
2511 ptr = hw->txbuff.txfrm.data;
2512 if (p80211_wep->data) {
2513 memcpy(ptr, p80211_wep->iv, sizeof(p80211_wep->iv));
2514 ptr += sizeof(p80211_wep->iv);
2515 memcpy(ptr, p80211_wep->data, skb->len);
2517 memcpy(ptr, skb->data, skb->len);
2519 /* copy over the packet data */
2522 /* copy over the WEP ICV if we are using host WEP */
2523 if (p80211_wep->data)
2524 memcpy(ptr, p80211_wep->icv, sizeof(p80211_wep->icv));
2526 /* Send the USB packet */
2527 usb_fill_bulk_urb(&hw->tx_urb, hw->usb,
2529 &hw->txbuff, ROUNDUP64(usbpktlen),
2530 hfa384x_usbout_callback, hw->wlandev);
2531 hw->tx_urb.transfer_flags |= USB_QUEUE_BULK;
2534 ret = submit_tx_urb(hw, &hw->tx_urb, GFP_ATOMIC);
2536 netdev_err(hw->wlandev->netdev,
2537 "submit_tx_urb() failed, error=%d\n", ret);
2545 void hfa384x_tx_timeout(struct wlandevice *wlandev)
2547 struct hfa384x *hw = wlandev->priv;
2548 unsigned long flags;
2550 spin_lock_irqsave(&hw->ctlxq.lock, flags);
2552 if (!hw->wlandev->hwremoved) {
2555 sched = !test_and_set_bit(WORK_TX_HALT, &hw->usb_flags);
2556 sched |= !test_and_set_bit(WORK_RX_HALT, &hw->usb_flags);
2558 schedule_work(&hw->usb_work);
2561 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
2564 /*----------------------------------------------------------------
2565 * hfa384x_usbctlx_reaper_task
2567 * Deferred work callback to delete dead CTLX objects
2570 * work contains ptr to a struct hfa384x
2576 *----------------------------------------------------------------
2578 static void hfa384x_usbctlx_reaper_task(struct work_struct *work)
2580 struct hfa384x *hw = container_of(work, struct hfa384x, reaper_bh);
2581 struct hfa384x_usbctlx *ctlx, *temp;
2582 unsigned long flags;
2584 spin_lock_irqsave(&hw->ctlxq.lock, flags);
2586 /* This list is guaranteed to be empty if someone
2587 * has unplugged the adapter.
2589 list_for_each_entry_safe(ctlx, temp, &hw->ctlxq.reapable, list) {
2590 list_del(&ctlx->list);
2594 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
2597 /*----------------------------------------------------------------
2598 * hfa384x_usbctlx_completion_task
2600 * Deferred work callback to call completion handlers for returned CTLXs
2603 * work contains ptr to a struct hfa384x
2610 *----------------------------------------------------------------
2612 static void hfa384x_usbctlx_completion_task(struct work_struct *work)
2614 struct hfa384x *hw = container_of(work, struct hfa384x, completion_bh);
2615 struct hfa384x_usbctlx *ctlx, *temp;
2616 unsigned long flags;
2620 spin_lock_irqsave(&hw->ctlxq.lock, flags);
2622 /* This list is guaranteed to be empty if someone
2623 * has unplugged the adapter ...
2625 list_for_each_entry_safe(ctlx, temp, &hw->ctlxq.completing, list) {
2626 /* Call the completion function that this
2627 * command was assigned, assuming it has one.
2630 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
2631 ctlx->cmdcb(hw, ctlx);
2632 spin_lock_irqsave(&hw->ctlxq.lock, flags);
2634 /* Make sure we don't try and complete
2635 * this CTLX more than once!
2639 /* Did someone yank the adapter out
2640 * while our list was (briefly) unlocked?
2642 if (hw->wlandev->hwremoved) {
2649 * "Reapable" CTLXs are ones which don't have any
2650 * threads waiting for them to die. Hence they must
2651 * be delivered to The Reaper!
2653 if (ctlx->reapable) {
2654 /* Move the CTLX off the "completing" list (hopefully)
2655 * on to the "reapable" list where the reaper task
2656 * can find it. And "reapable" means that this CTLX
2657 * isn't sitting on a wait-queue somewhere.
2659 list_move_tail(&ctlx->list, &hw->ctlxq.reapable);
2663 complete(&ctlx->done);
2665 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
2668 schedule_work(&hw->reaper_bh);
2671 /*----------------------------------------------------------------
2672 * unlocked_usbctlx_cancel_async
2674 * Mark the CTLX dead asynchronously, and ensure that the
2675 * next command on the queue is run afterwards.
2678 * hw ptr to the struct hfa384x structure
2679 * ctlx ptr to a CTLX structure
2682 * 0 the CTLX's URB is inactive
2683 * -EINPROGRESS the URB is currently being unlinked
2686 * Either process or interrupt, but presumably interrupt
2687 *----------------------------------------------------------------
2689 static int unlocked_usbctlx_cancel_async(struct hfa384x *hw,
2690 struct hfa384x_usbctlx *ctlx)
2695 * Try to delete the URB containing our request packet.
2696 * If we succeed, then its completion handler will be
2697 * called with a status of -ECONNRESET.
2699 hw->ctlx_urb.transfer_flags |= URB_ASYNC_UNLINK;
2700 ret = usb_unlink_urb(&hw->ctlx_urb);
2702 if (ret != -EINPROGRESS) {
2704 * The OUT URB had either already completed
2705 * or was still in the pending queue, so the
2706 * URB's completion function will not be called.
2707 * We will have to complete the CTLX ourselves.
2709 ctlx->state = CTLX_REQ_FAILED;
2710 unlocked_usbctlx_complete(hw, ctlx);
2717 /*----------------------------------------------------------------
2718 * unlocked_usbctlx_complete
2720 * A CTLX has completed. It may have been successful, it may not
2721 * have been. At this point, the CTLX should be quiescent. The URBs
2722 * aren't active and the timers should have been stopped.
2724 * The CTLX is migrated to the "completing" queue, and the completing
2725 * work is scheduled.
2728 * hw ptr to a struct hfa384x structure
2729 * ctlx ptr to a ctlx structure
2737 * Either, assume interrupt
2738 *----------------------------------------------------------------
2740 static void unlocked_usbctlx_complete(struct hfa384x *hw,
2741 struct hfa384x_usbctlx *ctlx)
2743 /* Timers have been stopped, and ctlx should be in
2744 * a terminal state. Retire it from the "active"
2747 list_move_tail(&ctlx->list, &hw->ctlxq.completing);
2748 schedule_work(&hw->completion_bh);
2750 switch (ctlx->state) {
2752 case CTLX_REQ_FAILED:
2753 /* This are the correct terminating states. */
2757 netdev_err(hw->wlandev->netdev, "CTLX[%d] not in a terminating state(%s)\n",
2758 le16_to_cpu(ctlx->outbuf.type),
2759 ctlxstr(ctlx->state));
2764 /*----------------------------------------------------------------
2765 * hfa384x_usbctlxq_run
2767 * Checks to see if the head item is running. If not, starts it.
2770 * hw ptr to struct hfa384x
2779 *----------------------------------------------------------------
2781 static void hfa384x_usbctlxq_run(struct hfa384x *hw)
2783 unsigned long flags;
2786 spin_lock_irqsave(&hw->ctlxq.lock, flags);
2788 /* Only one active CTLX at any one time, because there's no
2789 * other (reliable) way to match the response URB to the
2792 * Don't touch any of these CTLXs if the hardware
2793 * has been removed or the USB subsystem is stalled.
2795 if (!list_empty(&hw->ctlxq.active) ||
2796 test_bit(WORK_TX_HALT, &hw->usb_flags) || hw->wlandev->hwremoved)
2799 while (!list_empty(&hw->ctlxq.pending)) {
2800 struct hfa384x_usbctlx *head;
2803 /* This is the first pending command */
2804 head = list_entry(hw->ctlxq.pending.next,
2805 struct hfa384x_usbctlx, list);
2807 /* We need to split this off to avoid a race condition */
2808 list_move_tail(&head->list, &hw->ctlxq.active);
2810 /* Fill the out packet */
2811 usb_fill_bulk_urb(&hw->ctlx_urb, hw->usb,
2813 &head->outbuf, ROUNDUP64(head->outbufsize),
2814 hfa384x_ctlxout_callback, hw);
2815 hw->ctlx_urb.transfer_flags |= USB_QUEUE_BULK;
2817 /* Now submit the URB and update the CTLX's state */
2818 result = usb_submit_urb(&hw->ctlx_urb, GFP_ATOMIC);
2820 /* This CTLX is now running on the active queue */
2821 head->state = CTLX_REQ_SUBMITTED;
2823 /* Start the OUT wait timer */
2824 hw->req_timer_done = 0;
2825 hw->reqtimer.expires = jiffies + HZ;
2826 add_timer(&hw->reqtimer);
2828 /* Start the IN wait timer */
2829 hw->resp_timer_done = 0;
2830 hw->resptimer.expires = jiffies + 2 * HZ;
2831 add_timer(&hw->resptimer);
2836 if (result == -EPIPE) {
2837 /* The OUT pipe needs resetting, so put
2838 * this CTLX back in the "pending" queue
2839 * and schedule a reset ...
2841 netdev_warn(hw->wlandev->netdev,
2842 "%s tx pipe stalled: requesting reset\n",
2843 hw->wlandev->netdev->name);
2844 list_move(&head->list, &hw->ctlxq.pending);
2845 set_bit(WORK_TX_HALT, &hw->usb_flags);
2846 schedule_work(&hw->usb_work);
2850 if (result == -ESHUTDOWN) {
2851 netdev_warn(hw->wlandev->netdev, "%s urb shutdown!\n",
2852 hw->wlandev->netdev->name);
2856 netdev_err(hw->wlandev->netdev, "Failed to submit CTLX[%d]: error=%d\n",
2857 le16_to_cpu(head->outbuf.type), result);
2858 unlocked_usbctlx_complete(hw, head);
2862 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
2865 /*----------------------------------------------------------------
2866 * hfa384x_usbin_callback
2868 * Callback for URBs on the BULKIN endpoint.
2871 * urb ptr to the completed urb
2880 *----------------------------------------------------------------
2882 static void hfa384x_usbin_callback(struct urb *urb)
2884 struct wlandevice *wlandev = urb->context;
2886 union hfa384x_usbin *usbin;
2887 struct sk_buff *skb = NULL;
2898 if (!wlandev || !wlandev->netdev || wlandev->hwremoved)
2905 skb = hw->rx_urb_skb;
2906 if (!skb || (skb->data != urb->transfer_buffer)) {
2911 hw->rx_urb_skb = NULL;
2913 /* Check for error conditions within the URB */
2914 switch (urb->status) {
2918 /* Check for short packet */
2919 if (urb->actual_length == 0) {
2920 wlandev->netdev->stats.rx_errors++;
2921 wlandev->netdev->stats.rx_length_errors++;
2927 netdev_warn(hw->wlandev->netdev, "%s rx pipe stalled: requesting reset\n",
2928 wlandev->netdev->name);
2929 if (!test_and_set_bit(WORK_RX_HALT, &hw->usb_flags))
2930 schedule_work(&hw->usb_work);
2931 wlandev->netdev->stats.rx_errors++;
2938 if (!test_and_set_bit(THROTTLE_RX, &hw->usb_flags) &&
2939 !timer_pending(&hw->throttle)) {
2940 mod_timer(&hw->throttle, jiffies + THROTTLE_JIFFIES);
2942 wlandev->netdev->stats.rx_errors++;
2947 wlandev->netdev->stats.rx_over_errors++;
2953 pr_debug("status=%d, device removed.\n", urb->status);
2959 pr_debug("status=%d, urb explicitly unlinked.\n", urb->status);
2964 pr_debug("urb status=%d, transfer flags=0x%x\n",
2965 urb->status, urb->transfer_flags);
2966 wlandev->netdev->stats.rx_errors++;
2971 /* Save values from the RX URB before reposting overwrites it. */
2972 urb_status = urb->status;
2973 usbin = (union hfa384x_usbin *)urb->transfer_buffer;
2975 if (action != ABORT) {
2976 /* Repost the RX URB */
2977 result = submit_rx_urb(hw, GFP_ATOMIC);
2980 netdev_err(hw->wlandev->netdev,
2981 "Fatal, failed to resubmit rx_urb. error=%d\n",
2986 /* Handle any USB-IN packet */
2987 /* Note: the check of the sw_support field, the type field doesn't
2988 * have bit 12 set like the docs suggest.
2990 type = le16_to_cpu(usbin->type);
2991 if (HFA384x_USB_ISRXFRM(type)) {
2992 if (action == HANDLE) {
2993 if (usbin->txfrm.desc.sw_support == 0x0123) {
2994 hfa384x_usbin_txcompl(wlandev, usbin);
2996 skb_put(skb, sizeof(*usbin));
2997 hfa384x_usbin_rx(wlandev, skb);
3003 if (HFA384x_USB_ISTXFRM(type)) {
3004 if (action == HANDLE)
3005 hfa384x_usbin_txcompl(wlandev, usbin);
3009 case HFA384x_USB_INFOFRM:
3010 if (action == ABORT)
3012 if (action == HANDLE)
3013 hfa384x_usbin_info(wlandev, usbin);
3016 case HFA384x_USB_CMDRESP:
3017 case HFA384x_USB_WRIDRESP:
3018 case HFA384x_USB_RRIDRESP:
3019 case HFA384x_USB_WMEMRESP:
3020 case HFA384x_USB_RMEMRESP:
3021 /* ALWAYS, ALWAYS, ALWAYS handle this CTLX!!!! */
3022 hfa384x_usbin_ctlx(hw, usbin, urb_status);
3025 case HFA384x_USB_BUFAVAIL:
3026 pr_debug("Received BUFAVAIL packet, frmlen=%d\n",
3027 usbin->bufavail.frmlen);
3030 case HFA384x_USB_ERROR:
3031 pr_debug("Received USB_ERROR packet, errortype=%d\n",
3032 usbin->usberror.errortype);
3036 pr_debug("Unrecognized USBIN packet, type=%x, status=%d\n",
3037 usbin->type, urb_status);
3047 /*----------------------------------------------------------------
3048 * hfa384x_usbin_ctlx
3050 * We've received a URB containing a Prism2 "response" message.
3051 * This message needs to be matched up with a CTLX on the active
3052 * queue and our state updated accordingly.
3055 * hw ptr to struct hfa384x
3056 * usbin ptr to USB IN packet
3057 * urb_status status of this Bulk-In URB
3066 *----------------------------------------------------------------
3068 static void hfa384x_usbin_ctlx(struct hfa384x *hw, union hfa384x_usbin *usbin,
3071 struct hfa384x_usbctlx *ctlx;
3073 unsigned long flags;
3076 spin_lock_irqsave(&hw->ctlxq.lock, flags);
3078 /* There can be only one CTLX on the active queue
3079 * at any one time, and this is the CTLX that the
3080 * timers are waiting for.
3082 if (list_empty(&hw->ctlxq.active))
3085 /* Remove the "response timeout". It's possible that
3086 * we are already too late, and that the timeout is
3087 * already running. And that's just too bad for us,
3088 * because we could lose our CTLX from the active
3091 if (del_timer(&hw->resptimer) == 0) {
3092 if (hw->resp_timer_done == 0) {
3093 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
3097 hw->resp_timer_done = 1;
3100 ctlx = get_active_ctlx(hw);
3102 if (urb_status != 0) {
3104 * Bad CTLX, so get rid of it. But we only
3105 * remove it from the active queue if we're no
3106 * longer expecting the OUT URB to complete.
3108 if (unlocked_usbctlx_cancel_async(hw, ctlx) == 0)
3111 const __le16 intype = (usbin->type & ~cpu_to_le16(0x8000));
3114 * Check that our message is what we're expecting ...
3116 if (ctlx->outbuf.type != intype) {
3117 netdev_warn(hw->wlandev->netdev,
3118 "Expected IN[%d], received IN[%d] - ignored.\n",
3119 le16_to_cpu(ctlx->outbuf.type),
3120 le16_to_cpu(intype));
3124 /* This URB has succeeded, so grab the data ... */
3125 memcpy(&ctlx->inbuf, usbin, sizeof(ctlx->inbuf));
3127 switch (ctlx->state) {
3128 case CTLX_REQ_SUBMITTED:
3130 * We have received our response URB before
3131 * our request has been acknowledged. Odd,
3132 * but our OUT URB is still alive...
3134 pr_debug("Causality violation: please reboot Universe\n");
3135 ctlx->state = CTLX_RESP_COMPLETE;
3138 case CTLX_REQ_COMPLETE:
3140 * This is the usual path: our request
3141 * has already been acknowledged, and
3142 * now we have received the reply too.
3144 ctlx->state = CTLX_COMPLETE;
3145 unlocked_usbctlx_complete(hw, ctlx);
3151 * Throw this CTLX away ...
3153 netdev_err(hw->wlandev->netdev,
3154 "Matched IN URB, CTLX[%d] in invalid state(%s). Discarded.\n",
3155 le16_to_cpu(ctlx->outbuf.type),
3156 ctlxstr(ctlx->state));
3157 if (unlocked_usbctlx_cancel_async(hw, ctlx) == 0)
3164 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
3167 hfa384x_usbctlxq_run(hw);
3170 /*----------------------------------------------------------------
3171 * hfa384x_usbin_txcompl
3173 * At this point we have the results of a previous transmit.
3176 * wlandev wlan device
3177 * usbin ptr to the usb transfer buffer
3186 *----------------------------------------------------------------
3188 static void hfa384x_usbin_txcompl(struct wlandevice *wlandev,
3189 union hfa384x_usbin *usbin)
3193 status = le16_to_cpu(usbin->type); /* yeah I know it says type... */
3195 /* Was there an error? */
3196 if (HFA384x_TXSTATUS_ISERROR(status))
3197 netdev_dbg(wlandev->netdev, "TxExc status=0x%x.\n", status);
3199 prism2sta_ev_tx(wlandev, status);
3202 /*----------------------------------------------------------------
3205 * At this point we have a successful received a rx frame packet.
3208 * wlandev wlan device
3209 * usbin ptr to the usb transfer buffer
3218 *----------------------------------------------------------------
3220 static void hfa384x_usbin_rx(struct wlandevice *wlandev, struct sk_buff *skb)
3222 union hfa384x_usbin *usbin = (union hfa384x_usbin *)skb->data;
3223 struct hfa384x *hw = wlandev->priv;
3225 struct p80211_rxmeta *rxmeta;
3230 /* Byte order convert once up front. */
3231 le16_to_cpus(&usbin->rxfrm.desc.status);
3232 le32_to_cpus(&usbin->rxfrm.desc.time);
3234 /* Now handle frame based on port# */
3235 status = HFA384x_RXSTATUS_MACPORT_GET(usbin->rxfrm.desc.status);
3239 fc = le16_to_cpu(usbin->rxfrm.desc.hdr.frame_control);
3241 /* If exclude and we receive an unencrypted, drop it */
3242 if ((wlandev->hostwep & HOSTWEP_EXCLUDEUNENCRYPTED) &&
3243 !WLAN_GET_FC_ISWEP(fc)) {
3247 data_len = le16_to_cpu(usbin->rxfrm.desc.data_len);
3249 /* How much header data do we have? */
3250 hdrlen = p80211_headerlen(fc);
3252 /* Pull off the descriptor */
3253 skb_pull(skb, sizeof(struct hfa384x_rx_frame));
3255 /* Now shunt the header block up against the data block
3256 * with an "overlapping" copy
3258 memmove(skb_push(skb, hdrlen),
3259 &usbin->rxfrm.desc.hdr, hdrlen);
3261 skb->dev = wlandev->netdev;
3263 /* And set the frame length properly */
3264 skb_trim(skb, data_len + hdrlen);
3266 /* The prism2 series does not return the CRC */
3267 memset(skb_put(skb, WLAN_CRC_LEN), 0xff, WLAN_CRC_LEN);
3269 skb_reset_mac_header(skb);
3271 /* Attach the rxmeta, set some stuff */
3272 p80211skb_rxmeta_attach(wlandev, skb);
3273 rxmeta = p80211skb_rxmeta(skb);
3274 rxmeta->mactime = usbin->rxfrm.desc.time;
3275 rxmeta->rxrate = usbin->rxfrm.desc.rate;
3276 rxmeta->signal = usbin->rxfrm.desc.signal - hw->dbmadjust;
3277 rxmeta->noise = usbin->rxfrm.desc.silence - hw->dbmadjust;
3279 p80211netdev_rx(wlandev, skb);
3284 if (!HFA384x_RXSTATUS_ISFCSERR(usbin->rxfrm.desc.status)) {
3285 /* Copy to wlansnif skb */
3286 hfa384x_int_rxmonitor(wlandev, &usbin->rxfrm);
3289 pr_debug("Received monitor frame: FCSerr set\n");
3294 netdev_warn(hw->wlandev->netdev,
3295 "Received frame on unsupported port=%d\n",
3301 /*----------------------------------------------------------------
3302 * hfa384x_int_rxmonitor
3304 * Helper function for int_rx. Handles monitor frames.
3305 * Note that this function allocates space for the FCS and sets it
3306 * to 0xffffffff. The hfa384x doesn't give us the FCS value but the
3307 * higher layers expect it. 0xffffffff is used as a flag to indicate
3311 * wlandev wlan device structure
3312 * rxfrm rx descriptor read from card in int_rx
3318 * Allocates an skb and passes it up via the PF_PACKET interface.
3321 *----------------------------------------------------------------
3323 static void hfa384x_int_rxmonitor(struct wlandevice *wlandev,
3324 struct hfa384x_usb_rxfrm *rxfrm)
3326 struct hfa384x_rx_frame *rxdesc = &rxfrm->desc;
3327 unsigned int hdrlen = 0;
3328 unsigned int datalen = 0;
3329 unsigned int skblen = 0;
3332 struct sk_buff *skb;
3333 struct hfa384x *hw = wlandev->priv;
3335 /* Remember the status, time, and data_len fields are in host order */
3336 /* Figure out how big the frame is */
3337 fc = le16_to_cpu(rxdesc->hdr.frame_control);
3338 hdrlen = p80211_headerlen(fc);
3339 datalen = le16_to_cpu(rxdesc->data_len);
3341 /* Allocate an ind message+framesize skb */
3342 skblen = sizeof(struct p80211_caphdr) + hdrlen + datalen + WLAN_CRC_LEN;
3344 /* sanity check the length */
3346 (sizeof(struct p80211_caphdr) +
3347 WLAN_HDR_A4_LEN + WLAN_DATA_MAXLEN + WLAN_CRC_LEN)) {
3348 pr_debug("overlen frm: len=%zd\n",
3349 skblen - sizeof(struct p80211_caphdr));
3354 skb = dev_alloc_skb(skblen);
3358 /* only prepend the prism header if in the right mode */
3359 if ((wlandev->netdev->type == ARPHRD_IEEE80211_PRISM) &&
3360 (hw->sniffhdr != 0)) {
3361 struct p80211_caphdr *caphdr;
3362 /* The NEW header format! */
3363 datap = skb_put(skb, sizeof(struct p80211_caphdr));
3364 caphdr = (struct p80211_caphdr *)datap;
3366 caphdr->version = htonl(P80211CAPTURE_VERSION);
3367 caphdr->length = htonl(sizeof(struct p80211_caphdr));
3368 caphdr->mactime = __cpu_to_be64(rxdesc->time * 1000);
3369 caphdr->hosttime = __cpu_to_be64(jiffies);
3370 caphdr->phytype = htonl(4); /* dss_dot11_b */
3371 caphdr->channel = htonl(hw->sniff_channel);
3372 caphdr->datarate = htonl(rxdesc->rate);
3373 caphdr->antenna = htonl(0); /* unknown */
3374 caphdr->priority = htonl(0); /* unknown */
3375 caphdr->ssi_type = htonl(3); /* rssi_raw */
3376 caphdr->ssi_signal = htonl(rxdesc->signal);
3377 caphdr->ssi_noise = htonl(rxdesc->silence);
3378 caphdr->preamble = htonl(0); /* unknown */
3379 caphdr->encoding = htonl(1); /* cck */
3382 /* Copy the 802.11 header to the skb
3383 * (ctl frames may be less than a full header)
3385 skb_put_data(skb, &rxdesc->hdr.frame_control, hdrlen);
3387 /* If any, copy the data from the card to the skb */
3389 datap = skb_put_data(skb, rxfrm->data, datalen);
3391 /* check for unencrypted stuff if WEP bit set. */
3392 if (*(datap - hdrlen + 1) & 0x40) /* wep set */
3393 if ((*(datap) == 0xaa) && (*(datap + 1) == 0xaa))
3394 /* clear wep; it's the 802.2 header! */
3395 *(datap - hdrlen + 1) &= 0xbf;
3398 if (hw->sniff_fcs) {
3400 datap = skb_put(skb, WLAN_CRC_LEN);
3401 memset(datap, 0xff, WLAN_CRC_LEN);
3404 /* pass it back up */
3405 p80211netdev_rx(wlandev, skb);
3408 /*----------------------------------------------------------------
3409 * hfa384x_usbin_info
3411 * At this point we have a successful received a Prism2 info frame.
3414 * wlandev wlan device
3415 * usbin ptr to the usb transfer buffer
3424 *----------------------------------------------------------------
3426 static void hfa384x_usbin_info(struct wlandevice *wlandev,
3427 union hfa384x_usbin *usbin)
3429 le16_to_cpus(&usbin->infofrm.info.framelen);
3430 prism2sta_ev_info(wlandev, &usbin->infofrm.info);
3433 /*----------------------------------------------------------------
3434 * hfa384x_usbout_callback
3436 * Callback for URBs on the BULKOUT endpoint.
3439 * urb ptr to the completed urb
3448 *----------------------------------------------------------------
3450 static void hfa384x_usbout_callback(struct urb *urb)
3452 struct wlandevice *wlandev = urb->context;
3458 if (wlandev && wlandev->netdev) {
3459 switch (urb->status) {
3461 prism2sta_ev_alloc(wlandev);
3465 struct hfa384x *hw = wlandev->priv;
3467 netdev_warn(hw->wlandev->netdev,
3468 "%s tx pipe stalled: requesting reset\n",
3469 wlandev->netdev->name);
3470 if (!test_and_set_bit(WORK_TX_HALT, &hw->usb_flags))
3471 schedule_work(&hw->usb_work);
3472 wlandev->netdev->stats.tx_errors++;
3479 struct hfa384x *hw = wlandev->priv;
3481 if (!test_and_set_bit(THROTTLE_TX, &hw->usb_flags) &&
3482 !timer_pending(&hw->throttle)) {
3483 mod_timer(&hw->throttle,
3484 jiffies + THROTTLE_JIFFIES);
3486 wlandev->netdev->stats.tx_errors++;
3487 netif_stop_queue(wlandev->netdev);
3493 /* Ignorable errors */
3497 netdev_info(wlandev->netdev, "unknown urb->status=%d\n",
3499 wlandev->netdev->stats.tx_errors++;
3505 /*----------------------------------------------------------------
3506 * hfa384x_ctlxout_callback
3508 * Callback for control data on the BULKOUT endpoint.
3511 * urb ptr to the completed urb
3520 *----------------------------------------------------------------
3522 static void hfa384x_ctlxout_callback(struct urb *urb)
3524 struct hfa384x *hw = urb->context;
3525 int delete_resptimer = 0;
3528 struct hfa384x_usbctlx *ctlx;
3529 unsigned long flags;
3531 pr_debug("urb->status=%d\n", urb->status);
3535 if ((urb->status == -ESHUTDOWN) ||
3536 (urb->status == -ENODEV) || !hw)
3540 spin_lock_irqsave(&hw->ctlxq.lock, flags);
3543 * Only one CTLX at a time on the "active" list, and
3544 * none at all if we are unplugged. However, we can
3545 * rely on the disconnect function to clean everything
3546 * up if someone unplugged the adapter.
3548 if (list_empty(&hw->ctlxq.active)) {
3549 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
3554 * Having something on the "active" queue means
3555 * that we have timers to worry about ...
3557 if (del_timer(&hw->reqtimer) == 0) {
3558 if (hw->req_timer_done == 0) {
3560 * This timer was actually running while we
3561 * were trying to delete it. Let it terminate
3562 * gracefully instead.
3564 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
3568 hw->req_timer_done = 1;
3571 ctlx = get_active_ctlx(hw);
3573 if (urb->status == 0) {
3574 /* Request portion of a CTLX is successful */
3575 switch (ctlx->state) {
3576 case CTLX_REQ_SUBMITTED:
3577 /* This OUT-ACK received before IN */
3578 ctlx->state = CTLX_REQ_COMPLETE;
3581 case CTLX_RESP_COMPLETE:
3582 /* IN already received before this OUT-ACK,
3583 * so this command must now be complete.
3585 ctlx->state = CTLX_COMPLETE;
3586 unlocked_usbctlx_complete(hw, ctlx);
3591 /* This is NOT a valid CTLX "success" state! */
3592 netdev_err(hw->wlandev->netdev,
3593 "Illegal CTLX[%d] success state(%s, %d) in OUT URB\n",
3594 le16_to_cpu(ctlx->outbuf.type),
3595 ctlxstr(ctlx->state), urb->status);
3599 /* If the pipe has stalled then we need to reset it */
3600 if ((urb->status == -EPIPE) &&
3601 !test_and_set_bit(WORK_TX_HALT, &hw->usb_flags)) {
3602 netdev_warn(hw->wlandev->netdev,
3603 "%s tx pipe stalled: requesting reset\n",
3604 hw->wlandev->netdev->name);
3605 schedule_work(&hw->usb_work);
3608 /* If someone cancels the OUT URB then its status
3609 * should be either -ECONNRESET or -ENOENT.
3611 ctlx->state = CTLX_REQ_FAILED;
3612 unlocked_usbctlx_complete(hw, ctlx);
3613 delete_resptimer = 1;
3618 if (delete_resptimer) {
3619 timer_ok = del_timer(&hw->resptimer);
3621 hw->resp_timer_done = 1;
3624 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
3626 if (!timer_ok && (hw->resp_timer_done == 0)) {
3627 spin_lock_irqsave(&hw->ctlxq.lock, flags);
3632 hfa384x_usbctlxq_run(hw);
3635 /*----------------------------------------------------------------
3636 * hfa384x_usbctlx_reqtimerfn
3638 * Timer response function for CTLX request timeouts. If this
3639 * function is called, it means that the callback for the OUT
3640 * URB containing a Prism2.x XXX_Request was never called.
3643 * data a ptr to the struct hfa384x
3652 *----------------------------------------------------------------
3654 static void hfa384x_usbctlx_reqtimerfn(struct timer_list *t)
3656 struct hfa384x *hw = from_timer(hw, t, reqtimer);
3657 unsigned long flags;
3659 spin_lock_irqsave(&hw->ctlxq.lock, flags);
3661 hw->req_timer_done = 1;
3663 /* Removing the hardware automatically empties
3664 * the active list ...
3666 if (!list_empty(&hw->ctlxq.active)) {
3668 * We must ensure that our URB is removed from
3669 * the system, if it hasn't already expired.
3671 hw->ctlx_urb.transfer_flags |= URB_ASYNC_UNLINK;
3672 if (usb_unlink_urb(&hw->ctlx_urb) == -EINPROGRESS) {
3673 struct hfa384x_usbctlx *ctlx = get_active_ctlx(hw);
3675 ctlx->state = CTLX_REQ_FAILED;
3677 /* This URB was active, but has now been
3678 * cancelled. It will now have a status of
3679 * -ECONNRESET in the callback function.
3681 * We are cancelling this CTLX, so we're
3682 * not going to need to wait for a response.
3683 * The URB's callback function will check
3684 * that this timer is truly dead.
3686 if (del_timer(&hw->resptimer) != 0)
3687 hw->resp_timer_done = 1;
3691 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
3694 /*----------------------------------------------------------------
3695 * hfa384x_usbctlx_resptimerfn
3697 * Timer response function for CTLX response timeouts. If this
3698 * function is called, it means that the callback for the IN
3699 * URB containing a Prism2.x XXX_Response was never called.
3702 * data a ptr to the struct hfa384x
3711 *----------------------------------------------------------------
3713 static void hfa384x_usbctlx_resptimerfn(struct timer_list *t)
3715 struct hfa384x *hw = from_timer(hw, t, resptimer);
3716 unsigned long flags;
3718 spin_lock_irqsave(&hw->ctlxq.lock, flags);
3720 hw->resp_timer_done = 1;
3722 /* The active list will be empty if the
3723 * adapter has been unplugged ...
3725 if (!list_empty(&hw->ctlxq.active)) {
3726 struct hfa384x_usbctlx *ctlx = get_active_ctlx(hw);
3728 if (unlocked_usbctlx_cancel_async(hw, ctlx) == 0) {
3729 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
3730 hfa384x_usbctlxq_run(hw);
3734 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
3737 /*----------------------------------------------------------------
3738 * hfa384x_usb_throttlefn
3751 *----------------------------------------------------------------
3753 static void hfa384x_usb_throttlefn(struct timer_list *t)
3755 struct hfa384x *hw = from_timer(hw, t, throttle);
3756 unsigned long flags;
3758 spin_lock_irqsave(&hw->ctlxq.lock, flags);
3760 pr_debug("flags=0x%lx\n", hw->usb_flags);
3761 if (!hw->wlandev->hwremoved) {
3762 bool rx_throttle = test_and_clear_bit(THROTTLE_RX, &hw->usb_flags) &&
3763 !test_and_set_bit(WORK_RX_RESUME, &hw->usb_flags);
3764 bool tx_throttle = test_and_clear_bit(THROTTLE_TX, &hw->usb_flags) &&
3765 !test_and_set_bit(WORK_TX_RESUME, &hw->usb_flags);
3767 * We need to check BOTH the RX and the TX throttle controls,
3768 * so we use the bitwise OR instead of the logical OR.
3770 if (rx_throttle | tx_throttle)
3771 schedule_work(&hw->usb_work);
3774 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
3777 /*----------------------------------------------------------------
3778 * hfa384x_usbctlx_submit
3780 * Called from the doxxx functions to submit a CTLX to the queue
3783 * hw ptr to the hw struct
3784 * ctlx ctlx structure to enqueue
3787 * -ENODEV if the adapter is unplugged
3793 * process or interrupt
3794 *----------------------------------------------------------------
3796 static int hfa384x_usbctlx_submit(struct hfa384x *hw,
3797 struct hfa384x_usbctlx *ctlx)
3799 unsigned long flags;
3801 spin_lock_irqsave(&hw->ctlxq.lock, flags);
3803 if (hw->wlandev->hwremoved) {
3804 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
3808 ctlx->state = CTLX_PENDING;
3809 list_add_tail(&ctlx->list, &hw->ctlxq.pending);
3810 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
3811 hfa384x_usbctlxq_run(hw);
3816 /*----------------------------------------------------------------
3817 * hfa384x_isgood_pdrcore
3819 * Quick check of PDR codes.
3822 * pdrcode PDR code number (host order)
3831 *----------------------------------------------------------------
3833 static int hfa384x_isgood_pdrcode(u16 pdrcode)
3836 case HFA384x_PDR_END_OF_PDA:
3837 case HFA384x_PDR_PCB_PARTNUM:
3838 case HFA384x_PDR_PDAVER:
3839 case HFA384x_PDR_NIC_SERIAL:
3840 case HFA384x_PDR_MKK_MEASUREMENTS:
3841 case HFA384x_PDR_NIC_RAMSIZE:
3842 case HFA384x_PDR_MFISUPRANGE:
3843 case HFA384x_PDR_CFISUPRANGE:
3844 case HFA384x_PDR_NICID:
3845 case HFA384x_PDR_MAC_ADDRESS:
3846 case HFA384x_PDR_REGDOMAIN:
3847 case HFA384x_PDR_ALLOWED_CHANNEL:
3848 case HFA384x_PDR_DEFAULT_CHANNEL:
3849 case HFA384x_PDR_TEMPTYPE:
3850 case HFA384x_PDR_IFR_SETTING:
3851 case HFA384x_PDR_RFR_SETTING:
3852 case HFA384x_PDR_HFA3861_BASELINE:
3853 case HFA384x_PDR_HFA3861_SHADOW:
3854 case HFA384x_PDR_HFA3861_IFRF:
3855 case HFA384x_PDR_HFA3861_CHCALSP:
3856 case HFA384x_PDR_HFA3861_CHCALI:
3857 case HFA384x_PDR_3842_NIC_CONFIG:
3858 case HFA384x_PDR_USB_ID:
3859 case HFA384x_PDR_PCI_ID:
3860 case HFA384x_PDR_PCI_IFCONF:
3861 case HFA384x_PDR_PCI_PMCONF:
3862 case HFA384x_PDR_RFENRGY:
3863 case HFA384x_PDR_HFA3861_MANF_TESTSP:
3864 case HFA384x_PDR_HFA3861_MANF_TESTI:
3868 if (pdrcode < 0x1000) {
3869 /* code is OK, but we don't know exactly what it is */
3870 pr_debug("Encountered unknown PDR#=0x%04x, assuming it's ok.\n",
3877 pr_debug("Encountered unknown PDR#=0x%04x, (>=0x1000), assuming it's bad.\n",
projects / releases.git / blob