1 /* src/prism2/driver/hfa384x_usb.c
3 * Functions that talk to the USB variantof the Intersil hfa384x MAC
5 * Copyright (C) 1999 AbsoluteValue Systems, Inc. All Rights Reserved.
6 * --------------------------------------------------------------------
10 * The contents of this file are subject to the Mozilla Public
11 * License Version 1.1 (the "License"); you may not use this file
12 * except in compliance with the License. You may obtain a copy of
13 * the License at http://www.mozilla.org/MPL/
15 * Software distributed under the License is distributed on an "AS
16 * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
17 * implied. See the License for the specific language governing
18 * rights and limitations under the License.
20 * Alternatively, the contents of this file may be used under the
21 * terms of the GNU Public License version 2 (the "GPL"), in which
22 * case the provisions of the GPL are applicable instead of the
23 * above. If you wish to allow the use of your version of this file
24 * only under the terms of the GPL and not to allow others to use
25 * your version of this file under the MPL, indicate your decision
26 * by deleting the provisions above and replace them with the notice
27 * and other provisions required by the GPL. If you do not delete
28 * the provisions above, a recipient may use your version of this
29 * file under either the MPL or the GPL.
31 * --------------------------------------------------------------------
33 * Inquiries regarding the linux-wlan Open Source project can be
36 * AbsoluteValue Systems Inc.
38 * http://www.linux-wlan.com
40 * --------------------------------------------------------------------
42 * Portions of the development of this software were funded by
43 * Intersil Corporation as part of PRISM(R) chipset product development.
45 * --------------------------------------------------------------------
47 * This file implements functions that correspond to the prism2/hfa384x
48 * 802.11 MAC hardware and firmware host interface.
50 * The functions can be considered to represent several levels of
51 * abstraction. The lowest level functions are simply C-callable wrappers
52 * around the register accesses. The next higher level represents C-callable
53 * prism2 API functions that match the Intersil documentation as closely
54 * as is reasonable. The next higher layer implements common sequences
55 * of invokations of the API layer (e.g. write to bap, followed by cmd).
58 * hfa384x_drvr_xxx Highest level abstractions provided by the
59 * hfa384x code. They are driver defined wrappers
60 * for common sequences. These functions generally
61 * use the services of the lower levels.
63 * hfa384x_drvr_xxxconfig An example of the drvr level abstraction. These
64 * functions are wrappers for the RID get/set
65 * sequence. They call copy_[to|from]_bap() and
66 * cmd_access(). These functions operate on the
67 * RIDs and buffers without validation. The caller
68 * is responsible for that.
70 * API wrapper functions:
71 * hfa384x_cmd_xxx functions that provide access to the f/w commands.
72 * The function arguments correspond to each command
73 * argument, even command arguments that get packed
74 * into single registers. These functions _just_
75 * issue the command by setting the cmd/parm regs
76 * & reading the status/resp regs. Additional
77 * activities required to fully use a command
78 * (read/write from/to bap, get/set int status etc.)
79 * are implemented separately. Think of these as
80 * C-callable prism2 commands.
82 * Lowest Layer Functions:
83 * hfa384x_docmd_xxx These functions implement the sequence required
84 * to issue any prism2 command. Primarily used by the
85 * hfa384x_cmd_xxx functions.
87 * hfa384x_bap_xxx BAP read/write access functions.
88 * Note: we usually use BAP0 for non-interrupt context
89 * and BAP1 for interrupt context.
91 * hfa384x_dl_xxx download related functions.
93 * Driver State Issues:
94 * Note that there are two pairs of functions that manage the
95 * 'initialized' and 'running' states of the hw/MAC combo. The four
96 * functions are create(), destroy(), start(), and stop(). create()
97 * sets up the data structures required to support the hfa384x_*
98 * functions and destroy() cleans them up. The start() function gets
99 * the actual hardware running and enables the interrupts. The stop()
100 * function shuts the hardware down. The sequence should be:
104 * . Do interesting things w/ the hardware
109 * Note that destroy() can be called without calling stop() first.
110 * --------------------------------------------------------------------
113 /*================================================================*/
114 /* System Includes */
115 #define WLAN_DBVAR prism2_debug
117 #include <linux/version.h>
119 #include <linux/module.h>
120 #include <linux/kernel.h>
121 #include <linux/sched.h>
122 #include <linux/types.h>
123 #include <linux/slab.h>
124 #include <linux/wireless.h>
125 #include <linux/netdevice.h>
126 #include <linux/timer.h>
128 #include <linux/delay.h>
129 #include <asm/byteorder.h>
130 #include <asm/bitops.h>
131 #include <linux/list.h>
132 #include <linux/usb.h>
133 #include <linux/byteorder/generic.h>
135 #include "wlan_compat.h"
137 #define SUBMIT_URB(u,f) usb_submit_urb(u,f)
139 /*================================================================*/
140 /* Project Includes */
142 #include "p80211types.h"
143 #include "p80211hdr.h"
144 #include "p80211mgmt.h"
145 #include "p80211conv.h"
146 #include "p80211msg.h"
147 #include "p80211netdev.h"
148 #include "p80211req.h"
149 #include "p80211metadef.h"
150 #include "p80211metastruct.h"
152 #include "prism2mgmt.h"
154 /*================================================================*/
155 /* Local Constants */
162 typedef enum cmd_mode CMD_MODE;
164 #define THROTTLE_JIFFIES (HZ/8)
165 #define URB_ASYNC_UNLINK 0
166 #define USB_QUEUE_BULK 0
168 /*================================================================*/
171 #define ROUNDUP64(a) (((a)+63)&~63)
173 /*================================================================*/
176 /*================================================================*/
177 /* Local Static Definitions */
178 extern int prism2_debug;
180 /*================================================================*/
181 /* Local Function Declarations */
185 dbprint_urb(struct urb* urb);
189 hfa384x_int_rxmonitor(
190 wlandevice_t *wlandev,
191 hfa384x_usb_rxfrm_t *rxfrm);
194 hfa384x_usb_defer(struct work_struct *data);
197 submit_rx_urb(hfa384x_t *hw, gfp_t flags);
200 submit_tx_urb(hfa384x_t *hw, struct urb *tx_urb, gfp_t flags);
202 /*---------------------------------------------------*/
205 hfa384x_usbout_callback(struct urb *urb);
207 hfa384x_ctlxout_callback(struct urb *urb);
209 hfa384x_usbin_callback(struct urb *urb);
212 hfa384x_usbin_txcompl(wlandevice_t *wlandev, hfa384x_usbin_t *usbin);
215 hfa384x_usbin_rx(wlandevice_t *wlandev, struct sk_buff *skb);
218 hfa384x_usbin_info(wlandevice_t *wlandev, hfa384x_usbin_t *usbin);
221 hfa384x_usbout_tx(wlandevice_t *wlandev, hfa384x_usbout_t *usbout);
223 static void hfa384x_usbin_ctlx(hfa384x_t *hw, hfa384x_usbin_t *usbin,
226 /*---------------------------------------------------*/
227 /* Functions to support the prism2 usb command queue */
230 hfa384x_usbctlxq_run(hfa384x_t *hw);
233 hfa384x_usbctlx_reqtimerfn(unsigned long data);
236 hfa384x_usbctlx_resptimerfn(unsigned long data);
239 hfa384x_usb_throttlefn(unsigned long data);
242 hfa384x_usbctlx_completion_task(unsigned long data);
245 hfa384x_usbctlx_reaper_task(unsigned long data);
248 hfa384x_usbctlx_submit(hfa384x_t *hw, hfa384x_usbctlx_t *ctlx);
251 unlocked_usbctlx_complete(hfa384x_t *hw, hfa384x_usbctlx_t *ctlx);
253 struct usbctlx_completor
255 int (*complete)(struct usbctlx_completor*);
257 typedef struct usbctlx_completor usbctlx_completor_t;
260 hfa384x_usbctlx_complete_sync(hfa384x_t *hw,
261 hfa384x_usbctlx_t *ctlx,
262 usbctlx_completor_t *completor);
265 unlocked_usbctlx_cancel_async(hfa384x_t *hw, hfa384x_usbctlx_t *ctlx);
268 hfa384x_cb_status(hfa384x_t *hw, const hfa384x_usbctlx_t *ctlx);
271 hfa384x_cb_rrid(hfa384x_t *hw, const hfa384x_usbctlx_t *ctlx);
274 usbctlx_get_status(const hfa384x_usb_cmdresp_t *cmdresp,
275 hfa384x_cmdresult_t *result);
278 usbctlx_get_rridresult(const hfa384x_usb_rridresp_t *rridresp,
279 hfa384x_rridresult_t *result);
281 /*---------------------------------------------------*/
282 /* Low level req/resp CTLX formatters and submitters */
287 hfa384x_metacmd_t *cmd,
289 ctlx_usercb_t usercb,
298 unsigned int riddatalen,
300 ctlx_usercb_t usercb,
309 unsigned int riddatalen,
311 ctlx_usercb_t usercb,
323 ctlx_usercb_t usercb,
335 ctlx_usercb_t usercb,
339 hfa384x_isgood_pdrcode(u16 pdrcode);
341 /*================================================================*/
342 /* Function Definitions */
343 static inline const char* ctlxstr(CTLX_STATE s)
345 static const char* ctlx_str[] = {
350 "Request packet submitted",
351 "Request packet completed",
352 "Response packet completed"
359 static inline hfa384x_usbctlx_t*
360 get_active_ctlx(hfa384x_t *hw)
362 return list_entry(hw->ctlxq.active.next, hfa384x_usbctlx_t, list);
368 dbprint_urb(struct urb* urb)
370 WLAN_LOG_DEBUG(3,"urb->pipe=0x%08x\n", urb->pipe);
371 WLAN_LOG_DEBUG(3,"urb->status=0x%08x\n", urb->status);
372 WLAN_LOG_DEBUG(3,"urb->transfer_flags=0x%08x\n", urb->transfer_flags);
373 WLAN_LOG_DEBUG(3,"urb->transfer_buffer=0x%08x\n", (unsigned int)urb->transfer_buffer);
374 WLAN_LOG_DEBUG(3,"urb->transfer_buffer_length=0x%08x\n", urb->transfer_buffer_length);
375 WLAN_LOG_DEBUG(3,"urb->actual_length=0x%08x\n", urb->actual_length);
376 WLAN_LOG_DEBUG(3,"urb->bandwidth=0x%08x\n", urb->bandwidth);
377 WLAN_LOG_DEBUG(3,"urb->setup_packet(ctl)=0x%08x\n", (unsigned int)urb->setup_packet);
378 WLAN_LOG_DEBUG(3,"urb->start_frame(iso/irq)=0x%08x\n", urb->start_frame);
379 WLAN_LOG_DEBUG(3,"urb->interval(irq)=0x%08x\n", urb->interval);
380 WLAN_LOG_DEBUG(3,"urb->error_count(iso)=0x%08x\n", urb->error_count);
381 WLAN_LOG_DEBUG(3,"urb->timeout=0x%08x\n", urb->timeout);
382 WLAN_LOG_DEBUG(3,"urb->context=0x%08x\n", (unsigned int)urb->context);
383 WLAN_LOG_DEBUG(3,"urb->complete=0x%08x\n", (unsigned int)urb->complete);
388 /*----------------------------------------------------------------
391 * Listen for input data on the BULK-IN pipe. If the pipe has
392 * stalled then schedule it to be reset.
396 * memflags memory allocation flags
399 * error code from submission
403 ----------------------------------------------------------------*/
405 submit_rx_urb(hfa384x_t *hw, gfp_t memflags)
410 skb = dev_alloc_skb(sizeof(hfa384x_usbin_t));
416 /* Post the IN urb */
417 usb_fill_bulk_urb(&hw->rx_urb, hw->usb,
419 skb->data, sizeof(hfa384x_usbin_t),
420 hfa384x_usbin_callback, hw->wlandev);
422 hw->rx_urb_skb = skb;
425 if ( !hw->wlandev->hwremoved && !test_bit(WORK_RX_HALT, &hw->usb_flags)) {
426 result = SUBMIT_URB(&hw->rx_urb, memflags);
428 /* Check whether we need to reset the RX pipe */
429 if (result == -EPIPE) {
430 WLAN_LOG_WARNING("%s rx pipe stalled: requesting reset\n",
431 hw->wlandev->netdev->name);
432 if ( !test_and_set_bit(WORK_RX_HALT, &hw->usb_flags) )
433 schedule_work(&hw->usb_work);
437 /* Don't leak memory if anything should go wrong */
440 hw->rx_urb_skb = NULL;
447 /*----------------------------------------------------------------
450 * Prepares and submits the URB of transmitted data. If the
451 * submission fails then it will schedule the output pipe to
456 * tx_urb URB of data for tranmission
457 * memflags memory allocation flags
460 * error code from submission
464 ----------------------------------------------------------------*/
466 submit_tx_urb(hfa384x_t *hw, struct urb *tx_urb, gfp_t memflags)
468 struct net_device *netdev = hw->wlandev->netdev;
472 if ( netif_running(netdev) ) {
474 if ( !hw->wlandev->hwremoved && !test_bit(WORK_TX_HALT, &hw->usb_flags) ) {
475 result = SUBMIT_URB(tx_urb, memflags);
477 /* Test whether we need to reset the TX pipe */
478 if (result == -EPIPE) {
479 WLAN_LOG_WARNING("%s tx pipe stalled: requesting reset\n",
481 set_bit(WORK_TX_HALT, &hw->usb_flags);
482 schedule_work(&hw->usb_work);
483 } else if (result == 0) {
484 netif_stop_queue(netdev);
492 /*----------------------------------------------------------------
495 * There are some things that the USB stack cannot do while
496 * in interrupt context, so we arrange this function to run
497 * in process context.
500 * hw device structure
506 * process (by design)
507 ----------------------------------------------------------------*/
509 hfa384x_usb_defer(struct work_struct *data)
511 hfa384x_t *hw = container_of(data, struct hfa384x, usb_work);
512 struct net_device *netdev = hw->wlandev->netdev;
514 /* Don't bother trying to reset anything if the plug
515 * has been pulled ...
517 if ( hw->wlandev->hwremoved ) {
521 /* Reception has stopped: try to reset the input pipe */
522 if (test_bit(WORK_RX_HALT, &hw->usb_flags)) {
525 usb_kill_urb(&hw->rx_urb); /* Cannot be holding spinlock! */
527 ret = usb_clear_halt(hw->usb, hw->endp_in);
530 "Failed to clear rx pipe for %s: err=%d\n",
533 printk(KERN_INFO "%s rx pipe reset complete.\n",
535 clear_bit(WORK_RX_HALT, &hw->usb_flags);
536 set_bit(WORK_RX_RESUME, &hw->usb_flags);
540 /* Resume receiving data back from the device. */
541 if ( test_bit(WORK_RX_RESUME, &hw->usb_flags) ) {
544 ret = submit_rx_urb(hw, GFP_KERNEL);
547 "Failed to resume %s rx pipe.\n", netdev->name);
549 clear_bit(WORK_RX_RESUME, &hw->usb_flags);
553 /* Transmission has stopped: try to reset the output pipe */
554 if (test_bit(WORK_TX_HALT, &hw->usb_flags)) {
557 usb_kill_urb(&hw->tx_urb);
558 ret = usb_clear_halt(hw->usb, hw->endp_out);
561 "Failed to clear tx pipe for %s: err=%d\n",
564 printk(KERN_INFO "%s tx pipe reset complete.\n",
566 clear_bit(WORK_TX_HALT, &hw->usb_flags);
567 set_bit(WORK_TX_RESUME, &hw->usb_flags);
569 /* Stopping the BULK-OUT pipe also blocked
570 * us from sending any more CTLX URBs, so
571 * we need to re-run our queue ...
573 hfa384x_usbctlxq_run(hw);
577 /* Resume transmitting. */
578 if ( test_and_clear_bit(WORK_TX_RESUME, &hw->usb_flags) ) {
579 netif_wake_queue(hw->wlandev->netdev);
584 /*----------------------------------------------------------------
587 * Sets up the hfa384x_t data structure for use. Note this
588 * does _not_ intialize the actual hardware, just the data structures
589 * we use to keep track of its state.
592 * hw device structure
593 * irq device irq number
594 * iobase i/o base address for register access
595 * membase memory base address for register access
604 ----------------------------------------------------------------*/
606 hfa384x_create( hfa384x_t *hw, struct usb_device *usb)
608 memset(hw, 0, sizeof(hfa384x_t));
611 /* set up the endpoints */
612 hw->endp_in = usb_rcvbulkpipe(usb, 1);
613 hw->endp_out = usb_sndbulkpipe(usb, 2);
615 /* Set up the waitq */
616 init_waitqueue_head(&hw->cmdq);
618 /* Initialize the command queue */
619 spin_lock_init(&hw->ctlxq.lock);
620 INIT_LIST_HEAD(&hw->ctlxq.pending);
621 INIT_LIST_HEAD(&hw->ctlxq.active);
622 INIT_LIST_HEAD(&hw->ctlxq.completing);
623 INIT_LIST_HEAD(&hw->ctlxq.reapable);
625 /* Initialize the authentication queue */
626 skb_queue_head_init(&hw->authq);
628 tasklet_init(&hw->reaper_bh,
629 hfa384x_usbctlx_reaper_task,
631 tasklet_init(&hw->completion_bh,
632 hfa384x_usbctlx_completion_task,
634 INIT_WORK(&hw->link_bh, prism2sta_processing_defer);
635 INIT_WORK(&hw->usb_work, hfa384x_usb_defer);
637 init_timer(&hw->throttle);
638 hw->throttle.function = hfa384x_usb_throttlefn;
639 hw->throttle.data = (unsigned long)hw;
641 init_timer(&hw->resptimer);
642 hw->resptimer.function = hfa384x_usbctlx_resptimerfn;
643 hw->resptimer.data = (unsigned long)hw;
645 init_timer(&hw->reqtimer);
646 hw->reqtimer.function = hfa384x_usbctlx_reqtimerfn;
647 hw->reqtimer.data = (unsigned long)hw;
649 usb_init_urb(&hw->rx_urb);
650 usb_init_urb(&hw->tx_urb);
651 usb_init_urb(&hw->ctlx_urb);
653 hw->link_status = HFA384x_LINK_NOTCONNECTED;
654 hw->state = HFA384x_STATE_INIT;
656 INIT_WORK(&hw->commsqual_bh, prism2sta_commsqual_defer);
657 init_timer(&hw->commsqual_timer);
658 hw->commsqual_timer.data = (unsigned long) hw;
659 hw->commsqual_timer.function = prism2sta_commsqual_timer;
663 /*----------------------------------------------------------------
666 * Partner to hfa384x_create(). This function cleans up the hw
667 * structure so that it can be freed by the caller using a simple
668 * kfree. Currently, this function is just a placeholder. If, at some
669 * point in the future, an hw in the 'shutdown' state requires a 'deep'
670 * kfree, this is where it should be done. Note that if this function
671 * is called on a _running_ hw structure, the drvr_stop() function is
675 * hw device structure
678 * nothing, this function is not allowed to fail.
684 ----------------------------------------------------------------*/
686 hfa384x_destroy( hfa384x_t *hw)
690 if ( hw->state == HFA384x_STATE_RUNNING ) {
691 hfa384x_drvr_stop(hw);
693 hw->state = HFA384x_STATE_PREINIT;
695 if (hw->scanresults) {
696 kfree(hw->scanresults);
697 hw->scanresults = NULL;
700 /* Now to clean out the auth queue */
701 while ( (skb = skb_dequeue(&hw->authq)) ) {
707 /*----------------------------------------------------------------
709 static hfa384x_usbctlx_t* usbctlx_alloc(void)
711 hfa384x_usbctlx_t *ctlx;
713 ctlx = kmalloc(sizeof(*ctlx), in_interrupt() ? GFP_ATOMIC : GFP_KERNEL);
716 memset(ctlx, 0, sizeof(*ctlx));
717 init_completion(&ctlx->done);
724 /*----------------------------------------------------------------
726 ----------------------------------------------------------------*/
728 usbctlx_get_status(const hfa384x_usb_cmdresp_t *cmdresp,
729 hfa384x_cmdresult_t *result)
731 result->status = hfa384x2host_16(cmdresp->status);
732 result->resp0 = hfa384x2host_16(cmdresp->resp0);
733 result->resp1 = hfa384x2host_16(cmdresp->resp1);
734 result->resp2 = hfa384x2host_16(cmdresp->resp2);
736 WLAN_LOG_DEBUG(4, "cmdresult:status=0x%04x "
737 "resp0=0x%04x resp1=0x%04x resp2=0x%04x\n",
743 return (result->status & HFA384x_STATUS_RESULT);
747 usbctlx_get_rridresult(const hfa384x_usb_rridresp_t *rridresp,
748 hfa384x_rridresult_t *result)
750 result->rid = hfa384x2host_16(rridresp->rid);
751 result->riddata = rridresp->data;
752 result->riddata_len = ((hfa384x2host_16(rridresp->frmlen) - 1) * 2);
757 /*----------------------------------------------------------------
759 * This completor must be passed to hfa384x_usbctlx_complete_sync()
760 * when processing a CTLX that returns a hfa384x_cmdresult_t structure.
761 ----------------------------------------------------------------*/
762 struct usbctlx_cmd_completor
764 usbctlx_completor_t head;
766 const hfa384x_usb_cmdresp_t *cmdresp;
767 hfa384x_cmdresult_t *result;
769 typedef struct usbctlx_cmd_completor usbctlx_cmd_completor_t;
771 static int usbctlx_cmd_completor_fn(usbctlx_completor_t *head)
773 usbctlx_cmd_completor_t *complete = (usbctlx_cmd_completor_t*)head;
774 return usbctlx_get_status(complete->cmdresp, complete->result);
777 static inline usbctlx_completor_t*
778 init_cmd_completor(usbctlx_cmd_completor_t *completor,
779 const hfa384x_usb_cmdresp_t *cmdresp,
780 hfa384x_cmdresult_t *result)
782 completor->head.complete = usbctlx_cmd_completor_fn;
783 completor->cmdresp = cmdresp;
784 completor->result = result;
785 return &(completor->head);
788 /*----------------------------------------------------------------
790 * This completor must be passed to hfa384x_usbctlx_complete_sync()
791 * when processing a CTLX that reads a RID.
792 ----------------------------------------------------------------*/
793 struct usbctlx_rrid_completor
795 usbctlx_completor_t head;
797 const hfa384x_usb_rridresp_t *rridresp;
799 unsigned int riddatalen;
801 typedef struct usbctlx_rrid_completor usbctlx_rrid_completor_t;
803 static int usbctlx_rrid_completor_fn(usbctlx_completor_t *head)
805 usbctlx_rrid_completor_t *complete = (usbctlx_rrid_completor_t*)head;
806 hfa384x_rridresult_t rridresult;
808 usbctlx_get_rridresult(complete->rridresp, &rridresult);
810 /* Validate the length, note body len calculation in bytes */
811 if ( rridresult.riddata_len != complete->riddatalen ) {
813 "RID len mismatch, rid=0x%04x hlen=%d fwlen=%d\n",
815 complete->riddatalen,
816 rridresult.riddata_len);
820 memcpy(complete->riddata,
822 complete->riddatalen);
826 static inline usbctlx_completor_t*
827 init_rrid_completor(usbctlx_rrid_completor_t *completor,
828 const hfa384x_usb_rridresp_t *rridresp,
830 unsigned int riddatalen)
832 completor->head.complete = usbctlx_rrid_completor_fn;
833 completor->rridresp = rridresp;
834 completor->riddata = riddata;
835 completor->riddatalen = riddatalen;
836 return &(completor->head);
839 /*----------------------------------------------------------------
841 * Interprets the results of a synchronous RID-write
842 ----------------------------------------------------------------*/
843 typedef usbctlx_cmd_completor_t usbctlx_wrid_completor_t;
844 #define init_wrid_completor init_cmd_completor
846 /*----------------------------------------------------------------
848 * Interprets the results of a synchronous memory-write
849 ----------------------------------------------------------------*/
850 typedef usbctlx_cmd_completor_t usbctlx_wmem_completor_t;
851 #define init_wmem_completor init_cmd_completor
853 /*----------------------------------------------------------------
855 * Interprets the results of a synchronous memory-read
856 ----------------------------------------------------------------*/
857 struct usbctlx_rmem_completor
859 usbctlx_completor_t head;
861 const hfa384x_usb_rmemresp_t *rmemresp;
865 typedef struct usbctlx_rmem_completor usbctlx_rmem_completor_t;
867 static int usbctlx_rmem_completor_fn(usbctlx_completor_t *head)
869 usbctlx_rmem_completor_t *complete = (usbctlx_rmem_completor_t*)head;
871 WLAN_LOG_DEBUG(4,"rmemresp:len=%d\n", complete->rmemresp->frmlen);
872 memcpy(complete->data, complete->rmemresp->data, complete->len);
876 static inline usbctlx_completor_t*
877 init_rmem_completor(usbctlx_rmem_completor_t *completor,
878 hfa384x_usb_rmemresp_t *rmemresp,
882 completor->head.complete = usbctlx_rmem_completor_fn;
883 completor->rmemresp = rmemresp;
884 completor->data = data;
885 completor->len = len;
886 return &(completor->head);
889 /*----------------------------------------------------------------
892 * Ctlx_complete handler for async CMD type control exchanges.
893 * mark the hw struct as such.
895 * Note: If the handling is changed here, it should probably be
896 * changed in docmd as well.
900 * ctlx completed CTLX
909 ----------------------------------------------------------------*/
911 hfa384x_cb_status(hfa384x_t *hw, const hfa384x_usbctlx_t *ctlx)
913 if ( ctlx->usercb != NULL ) {
914 hfa384x_cmdresult_t cmdresult;
916 if (ctlx->state != CTLX_COMPLETE) {
917 memset(&cmdresult, 0, sizeof(cmdresult));
918 cmdresult.status = HFA384x_STATUS_RESULT_SET(HFA384x_CMD_ERR);
920 usbctlx_get_status(&ctlx->inbuf.cmdresp, &cmdresult);
923 ctlx->usercb(hw, &cmdresult, ctlx->usercb_data);
928 /*----------------------------------------------------------------
931 * CTLX completion handler for async RRID type control exchanges.
933 * Note: If the handling is changed here, it should probably be
934 * changed in dorrid as well.
938 * ctlx completed CTLX
947 ----------------------------------------------------------------*/
949 hfa384x_cb_rrid(hfa384x_t *hw, const hfa384x_usbctlx_t *ctlx)
951 if ( ctlx->usercb != NULL ) {
952 hfa384x_rridresult_t rridresult;
954 if (ctlx->state != CTLX_COMPLETE) {
955 memset(&rridresult, 0, sizeof(rridresult));
956 rridresult.rid = hfa384x2host_16(ctlx->outbuf.rridreq.rid);
958 usbctlx_get_rridresult(&ctlx->inbuf.rridresp, &rridresult);
961 ctlx->usercb(hw, &rridresult, ctlx->usercb_data);
966 hfa384x_docmd_wait(hfa384x_t *hw, hfa384x_metacmd_t *cmd)
968 return hfa384x_docmd(hw, DOWAIT, cmd, NULL, NULL, NULL);
972 hfa384x_docmd_async(hfa384x_t *hw,
973 hfa384x_metacmd_t *cmd,
975 ctlx_usercb_t usercb,
978 return hfa384x_docmd(hw, DOASYNC, cmd,
979 cmdcb, usercb, usercb_data);
983 hfa384x_dorrid_wait(hfa384x_t *hw, u16 rid, void *riddata, unsigned int riddatalen)
985 return hfa384x_dorrid(hw, DOWAIT,
986 rid, riddata, riddatalen,
991 hfa384x_dorrid_async(hfa384x_t *hw,
992 u16 rid, void *riddata, unsigned int riddatalen,
994 ctlx_usercb_t usercb,
997 return hfa384x_dorrid(hw, DOASYNC,
998 rid, riddata, riddatalen,
999 cmdcb, usercb, usercb_data);
1003 hfa384x_dowrid_wait(hfa384x_t *hw, u16 rid, void *riddata, unsigned int riddatalen)
1005 return hfa384x_dowrid(hw, DOWAIT,
1006 rid, riddata, riddatalen,
1011 hfa384x_dowrid_async(hfa384x_t *hw,
1012 u16 rid, void *riddata, unsigned int riddatalen,
1014 ctlx_usercb_t usercb,
1017 return hfa384x_dowrid(hw, DOASYNC,
1018 rid, riddata, riddatalen,
1019 cmdcb, usercb, usercb_data);
1023 hfa384x_dormem_wait(hfa384x_t *hw,
1024 u16 page, u16 offset, void *data, unsigned int len)
1026 return hfa384x_dormem(hw, DOWAIT,
1027 page, offset, data, len,
1032 hfa384x_dormem_async(hfa384x_t *hw,
1033 u16 page, u16 offset, void *data, unsigned int len,
1035 ctlx_usercb_t usercb,
1038 return hfa384x_dormem(hw, DOASYNC,
1039 page, offset, data, len,
1040 cmdcb, usercb, usercb_data);
1044 hfa384x_dowmem_wait(
1051 return hfa384x_dowmem(hw, DOWAIT,
1052 page, offset, data, len,
1057 hfa384x_dowmem_async(
1064 ctlx_usercb_t usercb,
1067 return hfa384x_dowmem(hw, DOASYNC,
1068 page, offset, data, len,
1069 cmdcb, usercb, usercb_data);
1072 /*----------------------------------------------------------------
1073 * hfa384x_cmd_initialize
1075 * Issues the initialize command and sets the hw->state based
1079 * hw device structure
1083 * >0 f/w reported error - f/w status code
1084 * <0 driver reported error
1090 ----------------------------------------------------------------*/
1092 hfa384x_cmd_initialize(hfa384x_t *hw)
1096 hfa384x_metacmd_t cmd;
1098 cmd.cmd = HFA384x_CMDCODE_INIT;
1103 result = hfa384x_docmd_wait(hw, &cmd);
1106 WLAN_LOG_DEBUG(3,"cmdresp.init: "
1107 "status=0x%04x, resp0=0x%04x, "
1108 "resp1=0x%04x, resp2=0x%04x\n",
1113 if ( result == 0 ) {
1114 for ( i = 0; i < HFA384x_NUMPORTS_MAX; i++) {
1115 hw->port_enabled[i] = 0;
1119 hw->link_status = HFA384x_LINK_NOTCONNECTED;
1125 /*----------------------------------------------------------------
1126 * hfa384x_cmd_disable
1128 * Issues the disable command to stop communications on one of
1132 * hw device structure
1133 * macport MAC port number (host order)
1137 * >0 f/w reported failure - f/w status code
1138 * <0 driver reported error (timeout|bad arg)
1144 ----------------------------------------------------------------*/
1145 int hfa384x_cmd_disable(hfa384x_t *hw, u16 macport)
1148 hfa384x_metacmd_t cmd;
1150 cmd.cmd = HFA384x_CMD_CMDCODE_SET(HFA384x_CMDCODE_DISABLE) |
1151 HFA384x_CMD_MACPORT_SET(macport);
1156 result = hfa384x_docmd_wait(hw, &cmd);
1162 /*----------------------------------------------------------------
1163 * hfa384x_cmd_enable
1165 * Issues the enable command to enable communications on one of
1169 * hw device structure
1170 * macport MAC port number
1174 * >0 f/w reported failure - f/w status code
1175 * <0 driver reported error (timeout|bad arg)
1181 ----------------------------------------------------------------*/
1182 int hfa384x_cmd_enable(hfa384x_t *hw, u16 macport)
1185 hfa384x_metacmd_t cmd;
1187 cmd.cmd = HFA384x_CMD_CMDCODE_SET(HFA384x_CMDCODE_ENABLE) |
1188 HFA384x_CMD_MACPORT_SET(macport);
1193 result = hfa384x_docmd_wait(hw, &cmd);
1198 /*----------------------------------------------------------------
1199 * hfa384x_cmd_monitor
1201 * Enables the 'monitor mode' of the MAC. Here's the description of
1202 * monitor mode that I've received thus far:
1204 * "The "monitor mode" of operation is that the MAC passes all
1205 * frames for which the PLCP checks are correct. All received
1206 * MPDUs are passed to the host with MAC Port = 7, with a
1207 * receive status of good, FCS error, or undecryptable. Passing
1208 * certain MPDUs is a violation of the 802.11 standard, but useful
1209 * for a debugging tool." Normal communication is not possible
1210 * while monitor mode is enabled.
1213 * hw device structure
1214 * enable a code (0x0b|0x0f) that enables/disables
1215 * monitor mode. (host order)
1219 * >0 f/w reported failure - f/w status code
1220 * <0 driver reported error (timeout|bad arg)
1226 ----------------------------------------------------------------*/
1227 int hfa384x_cmd_monitor(hfa384x_t *hw, u16 enable)
1230 hfa384x_metacmd_t cmd;
1232 cmd.cmd = HFA384x_CMD_CMDCODE_SET(HFA384x_CMDCODE_MONITOR) |
1233 HFA384x_CMD_AINFO_SET(enable);
1238 result = hfa384x_docmd_wait(hw, &cmd);
1244 /*----------------------------------------------------------------
1245 * hfa384x_cmd_download
1247 * Sets the controls for the MAC controller code/data download
1248 * process. The arguments set the mode and address associated
1249 * with a download. Note that the aux registers should be enabled
1250 * prior to setting one of the download enable modes.
1253 * hw device structure
1254 * mode 0 - Disable programming and begin code exec
1255 * 1 - Enable volatile mem programming
1256 * 2 - Enable non-volatile mem programming
1257 * 3 - Program non-volatile section from NV download
1261 * highaddr For mode 1, sets the high & low order bits of
1262 * the "destination address". This address will be
1263 * the execution start address when download is
1264 * subsequently disabled.
1265 * For mode 2, sets the high & low order bits of
1266 * the destination in NV ram.
1267 * For modes 0 & 3, should be zero. (host order)
1268 * NOTE: these are CMD format.
1269 * codelen Length of the data to write in mode 2,
1270 * zero otherwise. (host order)
1274 * >0 f/w reported failure - f/w status code
1275 * <0 driver reported error (timeout|bad arg)
1281 ----------------------------------------------------------------*/
1282 int hfa384x_cmd_download(hfa384x_t *hw, u16 mode, u16 lowaddr,
1283 u16 highaddr, u16 codelen)
1286 hfa384x_metacmd_t cmd;
1289 "mode=%d, lowaddr=0x%04x, highaddr=0x%04x, codelen=%d\n",
1290 mode, lowaddr, highaddr, codelen);
1292 cmd.cmd = (HFA384x_CMD_CMDCODE_SET(HFA384x_CMDCODE_DOWNLD) |
1293 HFA384x_CMD_PROGMODE_SET(mode));
1295 cmd.parm0 = lowaddr;
1296 cmd.parm1 = highaddr;
1297 cmd.parm2 = codelen;
1299 result = hfa384x_docmd_wait(hw, &cmd);
1305 /*----------------------------------------------------------------
1306 * hfa384x_copy_from_aux
1308 * Copies a collection of bytes from the controller memory. The
1309 * Auxiliary port MUST be enabled prior to calling this function.
1310 * We _might_ be in a download state.
1313 * hw device structure
1314 * cardaddr address in hfa384x data space to read
1315 * auxctl address space select
1316 * buf ptr to destination host buffer
1317 * len length of data to transfer (in bytes)
1323 * buf contains the data copied
1328 ----------------------------------------------------------------*/
1330 hfa384x_copy_from_aux(
1331 hfa384x_t *hw, u32 cardaddr, u32 auxctl, void *buf, unsigned int len)
1333 printk(KERN_ERR "not used in USB.\n");
1337 /*----------------------------------------------------------------
1338 * hfa384x_copy_to_aux
1340 * Copies a collection of bytes to the controller memory. The
1341 * Auxiliary port MUST be enabled prior to calling this function.
1342 * We _might_ be in a download state.
1345 * hw device structure
1346 * cardaddr address in hfa384x data space to read
1347 * auxctl address space select
1348 * buf ptr to destination host buffer
1349 * len length of data to transfer (in bytes)
1355 * Controller memory now contains a copy of buf
1360 ----------------------------------------------------------------*/
1362 hfa384x_copy_to_aux(
1363 hfa384x_t *hw, u32 cardaddr, u32 auxctl, void *buf, unsigned int len)
1365 printk(KERN_ERR "not used in USB.\n");
1369 /*----------------------------------------------------------------
1372 * Perform a reset of the hfa38xx MAC core. We assume that the hw
1373 * structure is in its "created" state. That is, it is initialized
1374 * with proper values. Note that if a reset is done after the
1375 * device has been active for awhile, the caller might have to clean
1376 * up some leftover cruft in the hw structure.
1379 * hw device structure
1380 * holdtime how long (in ms) to hold the reset
1381 * settletime how long (in ms) to wait after releasing
1391 ----------------------------------------------------------------*/
1392 int hfa384x_corereset(hfa384x_t *hw, int holdtime, int settletime, int genesis)
1396 result=usb_reset_device(hw->usb);
1398 printk(KERN_ERR "usb_reset_device() failed, result=%d.\n",result);
1405 /*----------------------------------------------------------------
1406 * hfa384x_usbctlx_complete_sync
1408 * Waits for a synchronous CTLX object to complete,
1409 * and then handles the response.
1412 * hw device structure
1414 * completor functor object to decide what to
1415 * do with the CTLX's result.
1419 * -ERESTARTSYS Interrupted by a signal
1421 * -ENODEV Adapter was unplugged
1422 * ??? Result from completor
1428 ----------------------------------------------------------------*/
1429 static int hfa384x_usbctlx_complete_sync(hfa384x_t *hw,
1430 hfa384x_usbctlx_t *ctlx,
1431 usbctlx_completor_t *completor)
1433 unsigned long flags;
1436 result = wait_for_completion_interruptible(&ctlx->done);
1438 spin_lock_irqsave(&hw->ctlxq.lock, flags);
1441 * We can only handle the CTLX if the USB disconnect
1442 * function has not run yet ...
1445 if ( hw->wlandev->hwremoved )
1447 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
1450 else if ( result != 0 )
1455 * We were probably interrupted, so delete
1456 * this CTLX asynchronously, kill the timers
1457 * and the URB, and then start the next
1460 * NOTE: We can only delete the timers and
1461 * the URB if this CTLX is active.
1463 if (ctlx == get_active_ctlx(hw))
1465 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
1467 del_singleshot_timer_sync(&hw->reqtimer);
1468 del_singleshot_timer_sync(&hw->resptimer);
1469 hw->req_timer_done = 1;
1470 hw->resp_timer_done = 1;
1471 usb_kill_urb(&hw->ctlx_urb);
1473 spin_lock_irqsave(&hw->ctlxq.lock, flags);
1478 * This scenario is so unlikely that I'm
1479 * happy with a grubby "goto" solution ...
1481 if ( hw->wlandev->hwremoved )
1486 * The completion task will send this CTLX
1487 * to the reaper the next time it runs. We
1488 * are no longer in a hurry.
1491 ctlx->state = CTLX_REQ_FAILED;
1492 list_move_tail(&ctlx->list, &hw->ctlxq.completing);
1494 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
1497 hfa384x_usbctlxq_run(hw);
1499 if (ctlx->state == CTLX_COMPLETE) {
1500 result = completor->complete(completor);
1502 WLAN_LOG_WARNING("CTLX[%d] error: state(%s)\n",
1503 hfa384x2host_16(ctlx->outbuf.type),
1504 ctlxstr(ctlx->state));
1508 list_del(&ctlx->list);
1509 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
1516 /*----------------------------------------------------------------
1519 * Constructs a command CTLX and submits it.
1521 * NOTE: Any changes to the 'post-submit' code in this function
1522 * need to be carried over to hfa384x_cbcmd() since the handling
1523 * is virtually identical.
1526 * hw device structure
1527 * mode DOWAIT or DOASYNC
1528 * cmd cmd structure. Includes all arguments and result
1529 * data points. All in host order. in host order
1530 * cmdcb command-specific callback
1531 * usercb user callback for async calls, NULL for DOWAIT calls
1532 * usercb_data user supplied data pointer for async calls, NULL
1538 * -ERESTARTSYS Awakened on signal
1539 * >0 command indicated error, Status and Resp0-2 are
1547 ----------------------------------------------------------------*/
1552 hfa384x_metacmd_t *cmd,
1554 ctlx_usercb_t usercb,
1558 hfa384x_usbctlx_t *ctlx;
1560 ctlx = usbctlx_alloc();
1561 if ( ctlx == NULL ) {
1566 /* Initialize the command */
1567 ctlx->outbuf.cmdreq.type = host2hfa384x_16(HFA384x_USB_CMDREQ);
1568 ctlx->outbuf.cmdreq.cmd = host2hfa384x_16(cmd->cmd);
1569 ctlx->outbuf.cmdreq.parm0 = host2hfa384x_16(cmd->parm0);
1570 ctlx->outbuf.cmdreq.parm1 = host2hfa384x_16(cmd->parm1);
1571 ctlx->outbuf.cmdreq.parm2 = host2hfa384x_16(cmd->parm2);
1573 ctlx->outbufsize = sizeof(ctlx->outbuf.cmdreq);
1575 WLAN_LOG_DEBUG(4, "cmdreq: cmd=0x%04x "
1576 "parm0=0x%04x parm1=0x%04x parm2=0x%04x\n",
1582 ctlx->reapable = mode;
1583 ctlx->cmdcb = cmdcb;
1584 ctlx->usercb = usercb;
1585 ctlx->usercb_data = usercb_data;
1587 result = hfa384x_usbctlx_submit(hw, ctlx);
1590 } else if (mode == DOWAIT) {
1591 usbctlx_cmd_completor_t completor;
1593 result = hfa384x_usbctlx_complete_sync(
1594 hw, ctlx, init_cmd_completor(&completor,
1595 &ctlx->inbuf.cmdresp,
1604 /*----------------------------------------------------------------
1607 * Constructs a read rid CTLX and issues it.
1609 * NOTE: Any changes to the 'post-submit' code in this function
1610 * need to be carried over to hfa384x_cbrrid() since the handling
1611 * is virtually identical.
1614 * hw device structure
1615 * mode DOWAIT or DOASYNC
1616 * rid Read RID number (host order)
1617 * riddata Caller supplied buffer that MAC formatted RID.data
1618 * record will be written to for DOWAIT calls. Should
1619 * be NULL for DOASYNC calls.
1620 * riddatalen Buffer length for DOWAIT calls. Zero for DOASYNC calls.
1621 * cmdcb command callback for async calls, NULL for DOWAIT calls
1622 * usercb user callback for async calls, NULL for DOWAIT calls
1623 * usercb_data user supplied data pointer for async calls, NULL
1629 * -ERESTARTSYS Awakened on signal
1630 * -ENODATA riddatalen != macdatalen
1631 * >0 command indicated error, Status and Resp0-2 are
1637 * interrupt (DOASYNC)
1638 * process (DOWAIT or DOASYNC)
1639 ----------------------------------------------------------------*/
1646 unsigned int riddatalen,
1648 ctlx_usercb_t usercb,
1652 hfa384x_usbctlx_t *ctlx;
1654 ctlx = usbctlx_alloc();
1655 if ( ctlx == NULL ) {
1660 /* Initialize the command */
1661 ctlx->outbuf.rridreq.type = host2hfa384x_16(HFA384x_USB_RRIDREQ);
1662 ctlx->outbuf.rridreq.frmlen =
1663 host2hfa384x_16(sizeof(ctlx->outbuf.rridreq.rid));
1664 ctlx->outbuf.rridreq.rid = host2hfa384x_16(rid);
1666 ctlx->outbufsize = sizeof(ctlx->outbuf.rridreq);
1668 ctlx->reapable = mode;
1669 ctlx->cmdcb = cmdcb;
1670 ctlx->usercb = usercb;
1671 ctlx->usercb_data = usercb_data;
1673 /* Submit the CTLX */
1674 result = hfa384x_usbctlx_submit(hw, ctlx);
1677 } else if (mode == DOWAIT) {
1678 usbctlx_rrid_completor_t completor;
1680 result = hfa384x_usbctlx_complete_sync(
1681 hw, ctlx, init_rrid_completor(&completor,
1682 &ctlx->inbuf.rridresp,
1692 /*----------------------------------------------------------------
1695 * Constructs a write rid CTLX and issues it.
1697 * NOTE: Any changes to the 'post-submit' code in this function
1698 * need to be carried over to hfa384x_cbwrid() since the handling
1699 * is virtually identical.
1702 * hw device structure
1703 * CMD_MODE DOWAIT or DOASYNC
1705 * riddata Data portion of RID formatted for MAC
1706 * riddatalen Length of the data portion in bytes
1707 * cmdcb command callback for async calls, NULL for DOWAIT calls
1708 * usercb user callback for async calls, NULL for DOWAIT calls
1709 * usercb_data user supplied data pointer for async calls
1713 * -ETIMEDOUT timed out waiting for register ready or
1714 * command completion
1715 * >0 command indicated error, Status and Resp0-2 are
1721 * interrupt (DOASYNC)
1722 * process (DOWAIT or DOASYNC)
1723 ----------------------------------------------------------------*/
1730 unsigned int riddatalen,
1732 ctlx_usercb_t usercb,
1736 hfa384x_usbctlx_t *ctlx;
1738 ctlx = usbctlx_alloc();
1739 if ( ctlx == NULL ) {
1744 /* Initialize the command */
1745 ctlx->outbuf.wridreq.type = host2hfa384x_16(HFA384x_USB_WRIDREQ);
1746 ctlx->outbuf.wridreq.frmlen = host2hfa384x_16(
1747 (sizeof(ctlx->outbuf.wridreq.rid) +
1748 riddatalen + 1) / 2);
1749 ctlx->outbuf.wridreq.rid = host2hfa384x_16(rid);
1750 memcpy(ctlx->outbuf.wridreq.data, riddata, riddatalen);
1752 ctlx->outbufsize = sizeof(ctlx->outbuf.wridreq.type) +
1753 sizeof(ctlx->outbuf.wridreq.frmlen) +
1754 sizeof(ctlx->outbuf.wridreq.rid) +
1757 ctlx->reapable = mode;
1758 ctlx->cmdcb = cmdcb;
1759 ctlx->usercb = usercb;
1760 ctlx->usercb_data = usercb_data;
1762 /* Submit the CTLX */
1763 result = hfa384x_usbctlx_submit(hw, ctlx);
1766 } else if (mode == DOWAIT) {
1767 usbctlx_wrid_completor_t completor;
1768 hfa384x_cmdresult_t wridresult;
1770 result = hfa384x_usbctlx_complete_sync(
1773 init_wrid_completor(&completor,
1774 &ctlx->inbuf.wridresp,
1782 /*----------------------------------------------------------------
1785 * Constructs a readmem CTLX and issues it.
1787 * NOTE: Any changes to the 'post-submit' code in this function
1788 * need to be carried over to hfa384x_cbrmem() since the handling
1789 * is virtually identical.
1792 * hw device structure
1793 * mode DOWAIT or DOASYNC
1794 * page MAC address space page (CMD format)
1795 * offset MAC address space offset
1796 * data Ptr to data buffer to receive read
1797 * len Length of the data to read (max == 2048)
1798 * cmdcb command callback for async calls, NULL for DOWAIT calls
1799 * usercb user callback for async calls, NULL for DOWAIT calls
1800 * usercb_data user supplied data pointer for async calls
1804 * -ETIMEDOUT timed out waiting for register ready or
1805 * command completion
1806 * >0 command indicated error, Status and Resp0-2 are
1812 * interrupt (DOASYNC)
1813 * process (DOWAIT or DOASYNC)
1814 ----------------------------------------------------------------*/
1824 ctlx_usercb_t usercb,
1828 hfa384x_usbctlx_t *ctlx;
1830 ctlx = usbctlx_alloc();
1831 if ( ctlx == NULL ) {
1836 /* Initialize the command */
1837 ctlx->outbuf.rmemreq.type = host2hfa384x_16(HFA384x_USB_RMEMREQ);
1838 ctlx->outbuf.rmemreq.frmlen = host2hfa384x_16(
1839 sizeof(ctlx->outbuf.rmemreq.offset) +
1840 sizeof(ctlx->outbuf.rmemreq.page) +
1842 ctlx->outbuf.rmemreq.offset = host2hfa384x_16(offset);
1843 ctlx->outbuf.rmemreq.page = host2hfa384x_16(page);
1845 ctlx->outbufsize = sizeof(ctlx->outbuf.rmemreq);
1848 "type=0x%04x frmlen=%d offset=0x%04x page=0x%04x\n",
1849 ctlx->outbuf.rmemreq.type,
1850 ctlx->outbuf.rmemreq.frmlen,
1851 ctlx->outbuf.rmemreq.offset,
1852 ctlx->outbuf.rmemreq.page);
1854 WLAN_LOG_DEBUG(4,"pktsize=%zd\n",
1855 ROUNDUP64(sizeof(ctlx->outbuf.rmemreq)));
1857 ctlx->reapable = mode;
1858 ctlx->cmdcb = cmdcb;
1859 ctlx->usercb = usercb;
1860 ctlx->usercb_data = usercb_data;
1862 result = hfa384x_usbctlx_submit(hw, ctlx);
1865 } else if ( mode == DOWAIT ) {
1866 usbctlx_rmem_completor_t completor;
1868 result = hfa384x_usbctlx_complete_sync(
1869 hw, ctlx, init_rmem_completor(&completor,
1870 &ctlx->inbuf.rmemresp,
1881 /*----------------------------------------------------------------
1884 * Constructs a writemem CTLX and issues it.
1886 * NOTE: Any changes to the 'post-submit' code in this function
1887 * need to be carried over to hfa384x_cbwmem() since the handling
1888 * is virtually identical.
1891 * hw device structure
1892 * mode DOWAIT or DOASYNC
1893 * page MAC address space page (CMD format)
1894 * offset MAC address space offset
1895 * data Ptr to data buffer containing write data
1896 * len Length of the data to read (max == 2048)
1897 * cmdcb command callback for async calls, NULL for DOWAIT calls
1898 * usercb user callback for async calls, NULL for DOWAIT calls
1899 * usercb_data user supplied data pointer for async calls.
1903 * -ETIMEDOUT timed out waiting for register ready or
1904 * command completion
1905 * >0 command indicated error, Status and Resp0-2 are
1911 * interrupt (DOWAIT)
1912 * process (DOWAIT or DOASYNC)
1913 ----------------------------------------------------------------*/
1923 ctlx_usercb_t usercb,
1927 hfa384x_usbctlx_t *ctlx;
1929 WLAN_LOG_DEBUG(5, "page=0x%04x offset=0x%04x len=%d\n",
1932 ctlx = usbctlx_alloc();
1933 if ( ctlx == NULL ) {
1938 /* Initialize the command */
1939 ctlx->outbuf.wmemreq.type = host2hfa384x_16(HFA384x_USB_WMEMREQ);
1940 ctlx->outbuf.wmemreq.frmlen = host2hfa384x_16(
1941 sizeof(ctlx->outbuf.wmemreq.offset) +
1942 sizeof(ctlx->outbuf.wmemreq.page) +
1944 ctlx->outbuf.wmemreq.offset = host2hfa384x_16(offset);
1945 ctlx->outbuf.wmemreq.page = host2hfa384x_16(page);
1946 memcpy(ctlx->outbuf.wmemreq.data, data, len);
1948 ctlx->outbufsize = sizeof(ctlx->outbuf.wmemreq.type) +
1949 sizeof(ctlx->outbuf.wmemreq.frmlen) +
1950 sizeof(ctlx->outbuf.wmemreq.offset) +
1951 sizeof(ctlx->outbuf.wmemreq.page) +
1954 ctlx->reapable = mode;
1955 ctlx->cmdcb = cmdcb;
1956 ctlx->usercb = usercb;
1957 ctlx->usercb_data = usercb_data;
1959 result = hfa384x_usbctlx_submit(hw, ctlx);
1962 } else if ( mode == DOWAIT ) {
1963 usbctlx_wmem_completor_t completor;
1964 hfa384x_cmdresult_t wmemresult;
1966 result = hfa384x_usbctlx_complete_sync(
1969 init_wmem_completor(&completor,
1970 &ctlx->inbuf.wmemresp,
1979 /*----------------------------------------------------------------
1980 * hfa384x_drvr_commtallies
1982 * Send a commtallies inquiry to the MAC. Note that this is an async
1983 * call that will result in an info frame arriving sometime later.
1986 * hw device structure
1995 ----------------------------------------------------------------*/
1996 int hfa384x_drvr_commtallies( hfa384x_t *hw )
1998 hfa384x_metacmd_t cmd;
2000 cmd.cmd = HFA384x_CMDCODE_INQ;
2001 cmd.parm0 = HFA384x_IT_COMMTALLIES;
2005 hfa384x_docmd_async(hw, &cmd, NULL, NULL, NULL);
2011 /*----------------------------------------------------------------
2012 * hfa384x_drvr_disable
2014 * Issues the disable command to stop communications on one of
2015 * the MACs 'ports'. Only macport 0 is valid for stations.
2016 * APs may also disable macports 1-6. Only ports that have been
2017 * previously enabled may be disabled.
2020 * hw device structure
2021 * macport MAC port number (host order)
2025 * >0 f/w reported failure - f/w status code
2026 * <0 driver reported error (timeout|bad arg)
2032 ----------------------------------------------------------------*/
2033 int hfa384x_drvr_disable(hfa384x_t *hw, u16 macport)
2037 if ((!hw->isap && macport != 0) ||
2038 (hw->isap && !(macport <= HFA384x_PORTID_MAX)) ||
2039 !(hw->port_enabled[macport]) ){
2042 result = hfa384x_cmd_disable(hw, macport);
2043 if ( result == 0 ) {
2044 hw->port_enabled[macport] = 0;
2051 /*----------------------------------------------------------------
2052 * hfa384x_drvr_enable
2054 * Issues the enable command to enable communications on one of
2055 * the MACs 'ports'. Only macport 0 is valid for stations.
2056 * APs may also enable macports 1-6. Only ports that are currently
2057 * disabled may be enabled.
2060 * hw device structure
2061 * macport MAC port number
2065 * >0 f/w reported failure - f/w status code
2066 * <0 driver reported error (timeout|bad arg)
2072 ----------------------------------------------------------------*/
2073 int hfa384x_drvr_enable(hfa384x_t *hw, u16 macport)
2077 if ((!hw->isap && macport != 0) ||
2078 (hw->isap && !(macport <= HFA384x_PORTID_MAX)) ||
2079 (hw->port_enabled[macport]) ){
2082 result = hfa384x_cmd_enable(hw, macport);
2083 if ( result == 0 ) {
2084 hw->port_enabled[macport] = 1;
2091 /*----------------------------------------------------------------
2092 * hfa384x_drvr_flashdl_enable
2094 * Begins the flash download state. Checks to see that we're not
2095 * already in a download state and that a port isn't enabled.
2096 * Sets the download state and retrieves the flash download
2097 * buffer location, buffer size, and timeout length.
2100 * hw device structure
2104 * >0 f/w reported error - f/w status code
2105 * <0 driver reported error
2111 ----------------------------------------------------------------*/
2112 int hfa384x_drvr_flashdl_enable(hfa384x_t *hw)
2117 /* Check that a port isn't active */
2118 for ( i = 0; i < HFA384x_PORTID_MAX; i++) {
2119 if ( hw->port_enabled[i] ) {
2120 WLAN_LOG_DEBUG(1,"called when port enabled.\n");
2125 /* Check that we're not already in a download state */
2126 if ( hw->dlstate != HFA384x_DLSTATE_DISABLED ) {
2130 /* Retrieve the buffer loc&size and timeout */
2131 if ( (result = hfa384x_drvr_getconfig(hw, HFA384x_RID_DOWNLOADBUFFER,
2132 &(hw->bufinfo), sizeof(hw->bufinfo))) ) {
2135 hw->bufinfo.page = hfa384x2host_16(hw->bufinfo.page);
2136 hw->bufinfo.offset = hfa384x2host_16(hw->bufinfo.offset);
2137 hw->bufinfo.len = hfa384x2host_16(hw->bufinfo.len);
2138 if ( (result = hfa384x_drvr_getconfig16(hw, HFA384x_RID_MAXLOADTIME,
2139 &(hw->dltimeout))) ) {
2142 hw->dltimeout = hfa384x2host_16(hw->dltimeout);
2144 WLAN_LOG_DEBUG(1,"flashdl_enable\n");
2146 hw->dlstate = HFA384x_DLSTATE_FLASHENABLED;
2152 /*----------------------------------------------------------------
2153 * hfa384x_drvr_flashdl_disable
2155 * Ends the flash download state. Note that this will cause the MAC
2156 * firmware to restart.
2159 * hw device structure
2163 * >0 f/w reported error - f/w status code
2164 * <0 driver reported error
2170 ----------------------------------------------------------------*/
2171 int hfa384x_drvr_flashdl_disable(hfa384x_t *hw)
2173 /* Check that we're already in the download state */
2174 if ( hw->dlstate != HFA384x_DLSTATE_FLASHENABLED ) {
2178 WLAN_LOG_DEBUG(1,"flashdl_enable\n");
2180 /* There isn't much we can do at this point, so I don't */
2181 /* bother w/ the return value */
2182 hfa384x_cmd_download(hw, HFA384x_PROGMODE_DISABLE, 0, 0 , 0);
2183 hw->dlstate = HFA384x_DLSTATE_DISABLED;
2189 /*----------------------------------------------------------------
2190 * hfa384x_drvr_flashdl_write
2192 * Performs a FLASH download of a chunk of data. First checks to see
2193 * that we're in the FLASH download state, then sets the download
2194 * mode, uses the aux functions to 1) copy the data to the flash
2195 * buffer, 2) sets the download 'write flash' mode, 3) readback and
2196 * compare. Lather rinse, repeat as many times an necessary to get
2197 * all the given data into flash.
2198 * When all data has been written using this function (possibly
2199 * repeatedly), call drvr_flashdl_disable() to end the download state
2200 * and restart the MAC.
2203 * hw device structure
2204 * daddr Card address to write to. (host order)
2205 * buf Ptr to data to write.
2206 * len Length of data (host order).
2210 * >0 f/w reported error - f/w status code
2211 * <0 driver reported error
2217 ----------------------------------------------------------------*/
2219 hfa384x_drvr_flashdl_write(
2240 WLAN_LOG_DEBUG(5,"daddr=0x%08x len=%d\n", daddr, len);
2242 /* Check that we're in the flash download state */
2243 if ( hw->dlstate != HFA384x_DLSTATE_FLASHENABLED ) {
2247 printk(KERN_INFO "Download %d bytes to flash @0x%06x\n", len, daddr);
2249 /* Convert to flat address for arithmetic */
2250 /* NOTE: dlbuffer RID stores the address in AUX format */
2251 dlbufaddr = HFA384x_ADDR_AUX_MKFLAT(
2252 hw->bufinfo.page, hw->bufinfo.offset);
2254 "dlbuf.page=0x%04x dlbuf.offset=0x%04x dlbufaddr=0x%08x\n",
2255 hw->bufinfo.page, hw->bufinfo.offset, dlbufaddr);
2258 WLAN_LOG_WARNING("dlbuf@0x%06lx len=%d to=%d\n", dlbufaddr, hw->bufinfo.len, hw->dltimeout);
2260 /* Calculations to determine how many fills of the dlbuffer to do
2261 * and how many USB wmemreq's to do for each fill. At this point
2262 * in time, the dlbuffer size and the wmemreq size are the same.
2263 * Therefore, nwrites should always be 1. The extra complexity
2264 * here is a hedge against future changes.
2267 /* Figure out how many times to do the flash programming */
2268 nburns = len / hw->bufinfo.len;
2269 nburns += (len % hw->bufinfo.len) ? 1 : 0;
2271 /* For each flash program cycle, how many USB wmemreq's are needed? */
2272 nwrites = hw->bufinfo.len / HFA384x_USB_RWMEM_MAXLEN;
2273 nwrites += (hw->bufinfo.len % HFA384x_USB_RWMEM_MAXLEN) ? 1 : 0;
2276 for ( i = 0; i < nburns; i++) {
2277 /* Get the dest address and len */
2278 burnlen = (len - (hw->bufinfo.len * i)) > hw->bufinfo.len ?
2280 (len - (hw->bufinfo.len * i));
2281 burndaddr = daddr + (hw->bufinfo.len * i);
2282 burnlo = HFA384x_ADDR_CMD_MKOFF(burndaddr);
2283 burnhi = HFA384x_ADDR_CMD_MKPAGE(burndaddr);
2285 printk(KERN_INFO "Writing %d bytes to flash @0x%06x\n",
2286 burnlen, burndaddr);
2288 /* Set the download mode */
2289 result = hfa384x_cmd_download(hw, HFA384x_PROGMODE_NV,
2290 burnlo, burnhi, burnlen);
2292 printk(KERN_ERR "download(NV,lo=%x,hi=%x,len=%x) "
2293 "cmd failed, result=%d. Aborting d/l\n",
2294 burnlo, burnhi, burnlen, result);
2298 /* copy the data to the flash download buffer */
2299 for ( j=0; j < nwrites; j++) {
2301 (i*hw->bufinfo.len) +
2302 (j*HFA384x_USB_RWMEM_MAXLEN);
2304 writepage = HFA384x_ADDR_CMD_MKPAGE(
2306 (j*HFA384x_USB_RWMEM_MAXLEN));
2307 writeoffset = HFA384x_ADDR_CMD_MKOFF(
2309 (j*HFA384x_USB_RWMEM_MAXLEN));
2311 writelen = burnlen-(j*HFA384x_USB_RWMEM_MAXLEN);
2312 writelen = writelen > HFA384x_USB_RWMEM_MAXLEN ?
2313 HFA384x_USB_RWMEM_MAXLEN :
2316 result = hfa384x_dowmem_wait( hw,
2323 Comment out for debugging, assume the write was successful.
2326 "Write to dl buffer failed, "
2327 "result=0x%04x. Aborting.\n",
2335 /* set the download 'write flash' mode */
2336 result = hfa384x_cmd_download(hw,
2337 HFA384x_PROGMODE_NVWRITE,
2341 "download(NVWRITE,lo=%x,hi=%x,len=%x) "
2342 "cmd failed, result=%d. Aborting d/l\n",
2343 burnlo, burnhi, burnlen, result);
2347 /* TODO: We really should do a readback and compare. */
2352 /* Leave the firmware in the 'post-prog' mode. flashdl_disable will */
2353 /* actually disable programming mode. Remember, that will cause the */
2354 /* the firmware to effectively reset itself. */
2360 /*----------------------------------------------------------------
2361 * hfa384x_drvr_getconfig
2363 * Performs the sequence necessary to read a config/info item.
2366 * hw device structure
2367 * rid config/info record id (host order)
2368 * buf host side record buffer. Upon return it will
2369 * contain the body portion of the record (minus the
2371 * len buffer length (in bytes, should match record length)
2375 * >0 f/w reported error - f/w status code
2376 * <0 driver reported error
2377 * -ENODATA length mismatch between argument and retrieved
2384 ----------------------------------------------------------------*/
2385 int hfa384x_drvr_getconfig(hfa384x_t *hw, u16 rid, void *buf, u16 len)
2389 result = hfa384x_dorrid_wait(hw, rid, buf, len);
2394 /*----------------------------------------------------------------
2395 * hfa384x_drvr_getconfig_async
2397 * Performs the sequence necessary to perform an async read of
2398 * of a config/info item.
2401 * hw device structure
2402 * rid config/info record id (host order)
2403 * buf host side record buffer. Upon return it will
2404 * contain the body portion of the record (minus the
2406 * len buffer length (in bytes, should match record length)
2407 * cbfn caller supplied callback, called when the command
2408 * is done (successful or not).
2409 * cbfndata pointer to some caller supplied data that will be
2410 * passed in as an argument to the cbfn.
2413 * nothing the cbfn gets a status argument identifying if
2416 * Queues an hfa384x_usbcmd_t for subsequent execution.
2420 ----------------------------------------------------------------*/
2422 hfa384x_drvr_getconfig_async(
2425 ctlx_usercb_t usercb,
2428 return hfa384x_dorrid_async(hw, rid, NULL, 0,
2429 hfa384x_cb_rrid, usercb, usercb_data);
2432 /*----------------------------------------------------------------
2433 * hfa384x_drvr_setconfig_async
2435 * Performs the sequence necessary to write a config/info item.
2438 * hw device structure
2439 * rid config/info record id (in host order)
2440 * buf host side record buffer
2441 * len buffer length (in bytes)
2442 * usercb completion callback
2443 * usercb_data completion callback argument
2447 * >0 f/w reported error - f/w status code
2448 * <0 driver reported error
2454 ----------------------------------------------------------------*/
2456 hfa384x_drvr_setconfig_async(
2461 ctlx_usercb_t usercb,
2464 return hfa384x_dowrid_async(hw, rid, buf, len,
2465 hfa384x_cb_status, usercb, usercb_data);
2468 /*----------------------------------------------------------------
2469 * hfa384x_drvr_handover
2471 * Sends a handover notification to the MAC.
2474 * hw device structure
2475 * addr address of station that's left
2479 * -ERESTARTSYS received signal while waiting for semaphore.
2480 * -EIO failed to write to bap, or failed in cmd.
2486 ----------------------------------------------------------------*/
2487 int hfa384x_drvr_handover( hfa384x_t *hw, u8 *addr)
2489 printk(KERN_ERR "Not currently supported in USB!\n");
2493 /*----------------------------------------------------------------
2494 * hfa384x_drvr_low_level
2496 * Write test commands to the card. Some test commands don't make
2497 * sense without prior set-up. For example, continous TX isn't very
2498 * useful until you set the channel. That functionality should be
2504 * -----------------------------------------------------------------*/
2505 int hfa384x_drvr_low_level(hfa384x_t *hw, hfa384x_metacmd_t *cmd)
2509 /* Do i need a host2hfa... conversion ? */
2511 result = hfa384x_docmd_wait(hw, cmd);
2516 /*----------------------------------------------------------------
2517 * hfa384x_drvr_ramdl_disable
2519 * Ends the ram download state.
2522 * hw device structure
2526 * >0 f/w reported error - f/w status code
2527 * <0 driver reported error
2533 ----------------------------------------------------------------*/
2535 hfa384x_drvr_ramdl_disable(hfa384x_t *hw)
2537 /* Check that we're already in the download state */
2538 if ( hw->dlstate != HFA384x_DLSTATE_RAMENABLED ) {
2542 WLAN_LOG_DEBUG(3,"ramdl_disable()\n");
2544 /* There isn't much we can do at this point, so I don't */
2545 /* bother w/ the return value */
2546 hfa384x_cmd_download(hw, HFA384x_PROGMODE_DISABLE, 0, 0 , 0);
2547 hw->dlstate = HFA384x_DLSTATE_DISABLED;
2553 /*----------------------------------------------------------------
2554 * hfa384x_drvr_ramdl_enable
2556 * Begins the ram download state. Checks to see that we're not
2557 * already in a download state and that a port isn't enabled.
2558 * Sets the download state and calls cmd_download with the
2559 * ENABLE_VOLATILE subcommand and the exeaddr argument.
2562 * hw device structure
2563 * exeaddr the card execution address that will be
2564 * jumped to when ramdl_disable() is called
2569 * >0 f/w reported error - f/w status code
2570 * <0 driver reported error
2576 ----------------------------------------------------------------*/
2578 hfa384x_drvr_ramdl_enable(hfa384x_t *hw, u32 exeaddr)
2585 /* Check that a port isn't active */
2586 for ( i = 0; i < HFA384x_PORTID_MAX; i++) {
2587 if ( hw->port_enabled[i] ) {
2589 "Can't download with a macport enabled.\n");
2594 /* Check that we're not already in a download state */
2595 if ( hw->dlstate != HFA384x_DLSTATE_DISABLED ) {
2597 "Download state not disabled.\n");
2601 WLAN_LOG_DEBUG(3,"ramdl_enable, exeaddr=0x%08x\n", exeaddr);
2603 /* Call the download(1,addr) function */
2604 lowaddr = HFA384x_ADDR_CMD_MKOFF(exeaddr);
2605 hiaddr = HFA384x_ADDR_CMD_MKPAGE(exeaddr);
2607 result = hfa384x_cmd_download(hw, HFA384x_PROGMODE_RAM,
2608 lowaddr, hiaddr, 0);
2611 /* Set the download state */
2612 hw->dlstate = HFA384x_DLSTATE_RAMENABLED;
2615 "cmd_download(0x%04x, 0x%04x) failed, result=%d.\n",
2625 /*----------------------------------------------------------------
2626 * hfa384x_drvr_ramdl_write
2628 * Performs a RAM download of a chunk of data. First checks to see
2629 * that we're in the RAM download state, then uses the [read|write]mem USB
2630 * commands to 1) copy the data, 2) readback and compare. The download
2631 * state is unaffected. When all data has been written using
2632 * this function, call drvr_ramdl_disable() to end the download state
2633 * and restart the MAC.
2636 * hw device structure
2637 * daddr Card address to write to. (host order)
2638 * buf Ptr to data to write.
2639 * len Length of data (host order).
2643 * >0 f/w reported error - f/w status code
2644 * <0 driver reported error
2650 ----------------------------------------------------------------*/
2652 hfa384x_drvr_ramdl_write(hfa384x_t *hw, u32 daddr, void* buf, u32 len)
2663 /* Check that we're in the ram download state */
2664 if ( hw->dlstate != HFA384x_DLSTATE_RAMENABLED ) {
2668 printk(KERN_INFO "Writing %d bytes to ram @0x%06x\n", len, daddr);
2670 /* How many dowmem calls? */
2671 nwrites = len / HFA384x_USB_RWMEM_MAXLEN;
2672 nwrites += len % HFA384x_USB_RWMEM_MAXLEN ? 1 : 0;
2674 /* Do blocking wmem's */
2675 for(i=0; i < nwrites; i++) {
2676 /* make address args */
2677 curraddr = daddr + (i * HFA384x_USB_RWMEM_MAXLEN);
2678 currpage = HFA384x_ADDR_CMD_MKPAGE(curraddr);
2679 curroffset = HFA384x_ADDR_CMD_MKOFF(curraddr);
2680 currlen = len - (i * HFA384x_USB_RWMEM_MAXLEN);
2681 if ( currlen > HFA384x_USB_RWMEM_MAXLEN) {
2682 currlen = HFA384x_USB_RWMEM_MAXLEN;
2685 /* Do blocking ctlx */
2686 result = hfa384x_dowmem_wait( hw,
2689 data + (i*HFA384x_USB_RWMEM_MAXLEN),
2694 /* TODO: We really should have a readback. */
2701 /*----------------------------------------------------------------
2702 * hfa384x_drvr_readpda
2704 * Performs the sequence to read the PDA space. Note there is no
2705 * drvr_writepda() function. Writing a PDA is
2706 * generally implemented by a calling component via calls to
2707 * cmd_download and writing to the flash download buffer via the
2711 * hw device structure
2712 * buf buffer to store PDA in
2717 * >0 f/w reported error - f/w status code
2718 * <0 driver reported error
2719 * -ETIMEOUT timout waiting for the cmd regs to become
2720 * available, or waiting for the control reg
2721 * to indicate the Aux port is enabled.
2722 * -ENODATA the buffer does NOT contain a valid PDA.
2723 * Either the card PDA is bad, or the auxdata
2724 * reads are giving us garbage.
2730 * process or non-card interrupt.
2731 ----------------------------------------------------------------*/
2732 int hfa384x_drvr_readpda(hfa384x_t *hw, void *buf, unsigned int len)
2738 int currpdr = 0; /* word offset of the current pdr */
2740 u16 pdrlen; /* pdr length in bytes, host order */
2741 u16 pdrcode; /* pdr code, host order */
2749 { HFA3842_PDA_BASE, 0},
2750 { HFA3841_PDA_BASE, 0},
2751 { HFA3841_PDA_BOGUS_BASE, 0}
2754 /* Read the pda from each known address. */
2755 for ( i = 0; i < ARRAY_SIZE(pdaloc); i++) {
2757 currpage = HFA384x_ADDR_CMD_MKPAGE(pdaloc[i].cardaddr);
2758 curroffset = HFA384x_ADDR_CMD_MKOFF(pdaloc[i].cardaddr);
2760 result = hfa384x_dormem_wait(hw,
2764 len); /* units of bytes */
2768 "Read from index %zd failed, continuing\n",
2773 /* Test for garbage */
2774 pdaok = 1; /* initially assume good */
2776 while ( pdaok && morepdrs ) {
2777 pdrlen = hfa384x2host_16(pda[currpdr]) * 2;
2778 pdrcode = hfa384x2host_16(pda[currpdr+1]);
2779 /* Test the record length */
2780 if ( pdrlen > HFA384x_PDR_LEN_MAX || pdrlen == 0) {
2781 printk(KERN_ERR "pdrlen invalid=%d\n",
2787 if ( !hfa384x_isgood_pdrcode(pdrcode) ) {
2788 printk(KERN_ERR "pdrcode invalid=%d\n",
2793 /* Test for completion */
2794 if ( pdrcode == HFA384x_PDR_END_OF_PDA) {
2798 /* Move to the next pdr (if necessary) */
2800 /* note the access to pda[], need words here */
2801 currpdr += hfa384x2host_16(pda[currpdr]) + 1;
2806 "PDA Read from 0x%08x in %s space.\n",
2808 pdaloc[i].auxctl == 0 ? "EXTDS" :
2809 pdaloc[i].auxctl == 1 ? "NV" :
2810 pdaloc[i].auxctl == 2 ? "PHY" :
2811 pdaloc[i].auxctl == 3 ? "ICSRAM" :
2816 result = pdaok ? 0 : -ENODATA;
2819 WLAN_LOG_DEBUG(3,"Failure: pda is not okay\n");
2826 /*----------------------------------------------------------------
2827 * hfa384x_drvr_setconfig
2829 * Performs the sequence necessary to write a config/info item.
2832 * hw device structure
2833 * rid config/info record id (in host order)
2834 * buf host side record buffer
2835 * len buffer length (in bytes)
2839 * >0 f/w reported error - f/w status code
2840 * <0 driver reported error
2846 ----------------------------------------------------------------*/
2847 int hfa384x_drvr_setconfig(hfa384x_t *hw, u16 rid, void *buf, u16 len)
2849 return hfa384x_dowrid_wait(hw, rid, buf, len);
2852 /*----------------------------------------------------------------
2853 * hfa384x_drvr_start
2855 * Issues the MAC initialize command, sets up some data structures,
2856 * and enables the interrupts. After this function completes, the
2857 * low-level stuff should be ready for any/all commands.
2860 * hw device structure
2863 * >0 f/w reported error - f/w status code
2864 * <0 driver reported error
2870 ----------------------------------------------------------------*/
2872 int hfa384x_drvr_start(hfa384x_t *hw)
2874 int result, result1, result2;
2879 /* Clear endpoint stalls - but only do this if the endpoint
2880 * is showing a stall status. Some prism2 cards seem to behave
2881 * badly if a clear_halt is called when the endpoint is already
2884 result = usb_get_status(hw->usb, USB_RECIP_ENDPOINT, hw->endp_in, &status);
2887 "Cannot get bulk in endpoint status.\n");
2890 if ((status == 1) && usb_clear_halt(hw->usb, hw->endp_in)) {
2892 "Failed to reset bulk in endpoint.\n");
2895 result = usb_get_status(hw->usb, USB_RECIP_ENDPOINT, hw->endp_out, &status);
2898 "Cannot get bulk out endpoint status.\n");
2901 if ((status == 1) && usb_clear_halt(hw->usb, hw->endp_out)) {
2903 "Failed to reset bulk out endpoint.\n");
2906 /* Synchronous unlink, in case we're trying to restart the driver */
2907 usb_kill_urb(&hw->rx_urb);
2909 /* Post the IN urb */
2910 result = submit_rx_urb(hw, GFP_KERNEL);
2913 "Fatal, failed to submit RX URB, result=%d\n",
2918 /* Call initialize twice, with a 1 second sleep in between.
2919 * This is a nasty work-around since many prism2 cards seem to
2920 * need time to settle after an init from cold. The second
2921 * call to initialize in theory is not necessary - but we call
2922 * it anyway as a double insurance policy:
2923 * 1) If the first init should fail, the second may well succeed
2924 * and the card can still be used
2925 * 2) It helps ensures all is well with the card after the first
2926 * init and settle time.
2928 result1 = hfa384x_cmd_initialize(hw);
2930 result = result2 = hfa384x_cmd_initialize(hw);
2934 "cmd_initialize() failed on two attempts, results %d and %d\n",
2936 usb_kill_urb(&hw->rx_urb);
2939 WLAN_LOG_DEBUG(0, "First cmd_initialize() failed (result %d),\n",
2941 WLAN_LOG_DEBUG(0, "but second attempt succeeded. All should be ok\n");
2943 } else if (result2 != 0) {
2945 "First cmd_initialize() succeeded, but second attempt failed (result=%d)\n",
2947 WLAN_LOG_WARNING("Most likely the card will be functional\n");
2951 hw->state = HFA384x_STATE_RUNNING;
2958 /*----------------------------------------------------------------
2961 * Shuts down the MAC to the point where it is safe to unload the
2962 * driver. Any subsystem that may be holding a data or function
2963 * ptr into the driver must be cleared/deinitialized.
2966 * hw device structure
2969 * >0 f/w reported error - f/w status code
2970 * <0 driver reported error
2976 ----------------------------------------------------------------*/
2978 hfa384x_drvr_stop(hfa384x_t *hw)
2985 /* There's no need for spinlocks here. The USB "disconnect"
2986 * function sets this "removed" flag and then calls us.
2988 if ( !hw->wlandev->hwremoved ) {
2989 /* Call initialize to leave the MAC in its 'reset' state */
2990 hfa384x_cmd_initialize(hw);
2992 /* Cancel the rxurb */
2993 usb_kill_urb(&hw->rx_urb);
2996 hw->link_status = HFA384x_LINK_NOTCONNECTED;
2997 hw->state = HFA384x_STATE_INIT;
2999 del_timer_sync(&hw->commsqual_timer);
3001 /* Clear all the port status */
3002 for ( i = 0; i < HFA384x_NUMPORTS_MAX; i++) {
3003 hw->port_enabled[i] = 0;
3009 /*----------------------------------------------------------------
3010 * hfa384x_drvr_txframe
3012 * Takes a frame from prism2sta and queues it for transmission.
3015 * hw device structure
3016 * skb packet buffer struct. Contains an 802.11
3018 * p80211_hdr points to the 802.11 header for the packet.
3020 * 0 Success and more buffs available
3021 * 1 Success but no more buffs
3022 * 2 Allocation failure
3023 * 4 Buffer full or queue busy
3029 ----------------------------------------------------------------*/
3030 int hfa384x_drvr_txframe(hfa384x_t *hw, struct sk_buff *skb, p80211_hdr_t *p80211_hdr, p80211_metawep_t *p80211_wep)
3033 int usbpktlen = sizeof(hfa384x_tx_frame_t);
3038 if (hw->tx_urb.status == -EINPROGRESS) {
3039 WLAN_LOG_WARNING("TX URB already in use\n");
3044 /* Build Tx frame structure */
3045 /* Set up the control field */
3046 memset(&hw->txbuff.txfrm.desc, 0, sizeof(hw->txbuff.txfrm.desc));
3048 /* Setup the usb type field */
3049 hw->txbuff.type = host2hfa384x_16(HFA384x_USB_TXFRM);
3051 /* Set up the sw_support field to identify this frame */
3052 hw->txbuff.txfrm.desc.sw_support = 0x0123;
3054 /* Tx complete and Tx exception disable per dleach. Might be causing
3057 //#define DOEXC SLP -- doboth breaks horribly under load, doexc less so.
3059 hw->txbuff.txfrm.desc.tx_control =
3060 HFA384x_TX_MACPORT_SET(0) | HFA384x_TX_STRUCTYPE_SET(1) |
3061 HFA384x_TX_TXEX_SET(1) | HFA384x_TX_TXOK_SET(1);
3062 #elif defined(DOEXC)
3063 hw->txbuff.txfrm.desc.tx_control =
3064 HFA384x_TX_MACPORT_SET(0) | HFA384x_TX_STRUCTYPE_SET(1) |
3065 HFA384x_TX_TXEX_SET(1) | HFA384x_TX_TXOK_SET(0);
3067 hw->txbuff.txfrm.desc.tx_control =
3068 HFA384x_TX_MACPORT_SET(0) | HFA384x_TX_STRUCTYPE_SET(1) |
3069 HFA384x_TX_TXEX_SET(0) | HFA384x_TX_TXOK_SET(0);
3071 hw->txbuff.txfrm.desc.tx_control =
3072 host2hfa384x_16(hw->txbuff.txfrm.desc.tx_control);
3074 /* copy the header over to the txdesc */
3075 memcpy(&(hw->txbuff.txfrm.desc.frame_control), p80211_hdr, sizeof(p80211_hdr_t));
3077 /* if we're using host WEP, increase size by IV+ICV */
3078 if (p80211_wep->data) {
3079 hw->txbuff.txfrm.desc.data_len = host2hfa384x_16(skb->len+8);
3080 // hw->txbuff.txfrm.desc.tx_control |= HFA384x_TX_NOENCRYPT_SET(1);
3083 hw->txbuff.txfrm.desc.data_len = host2hfa384x_16(skb->len);
3086 usbpktlen += skb->len;
3088 /* copy over the WEP IV if we are using host WEP */
3089 ptr = hw->txbuff.txfrm.data;
3090 if (p80211_wep->data) {
3091 memcpy(ptr, p80211_wep->iv, sizeof(p80211_wep->iv));
3092 ptr+= sizeof(p80211_wep->iv);
3093 memcpy(ptr, p80211_wep->data, skb->len);
3095 memcpy(ptr, skb->data, skb->len);
3097 /* copy over the packet data */
3100 /* copy over the WEP ICV if we are using host WEP */
3101 if (p80211_wep->data) {
3102 memcpy(ptr, p80211_wep->icv, sizeof(p80211_wep->icv));
3105 /* Send the USB packet */
3106 usb_fill_bulk_urb( &(hw->tx_urb), hw->usb,
3108 &(hw->txbuff), ROUNDUP64(usbpktlen),
3109 hfa384x_usbout_callback, hw->wlandev );
3110 hw->tx_urb.transfer_flags |= USB_QUEUE_BULK;
3113 ret = submit_tx_urb(hw, &hw->tx_urb, GFP_ATOMIC);
3116 "submit_tx_urb() failed, error=%d\n", ret);
3124 void hfa384x_tx_timeout(wlandevice_t *wlandev)
3126 hfa384x_t *hw = wlandev->priv;
3127 unsigned long flags;
3129 spin_lock_irqsave(&hw->ctlxq.lock, flags);
3131 if ( !hw->wlandev->hwremoved &&
3132 /* Note the bitwise OR, not the logical OR. */
3133 ( !test_and_set_bit(WORK_TX_HALT, &hw->usb_flags) |
3134 !test_and_set_bit(WORK_RX_HALT, &hw->usb_flags) ) )
3136 schedule_work(&hw->usb_work);
3139 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
3142 /*----------------------------------------------------------------
3143 * hfa384x_usbctlx_reaper_task
3145 * Tasklet to delete dead CTLX objects
3148 * data ptr to a hfa384x_t
3154 ----------------------------------------------------------------*/
3155 static void hfa384x_usbctlx_reaper_task(unsigned long data)
3157 hfa384x_t *hw = (hfa384x_t*)data;
3158 struct list_head *entry;
3159 struct list_head *temp;
3160 unsigned long flags;
3162 spin_lock_irqsave(&hw->ctlxq.lock, flags);
3164 /* This list is guaranteed to be empty if someone
3165 * has unplugged the adapter.
3167 list_for_each_safe(entry, temp, &hw->ctlxq.reapable) {
3168 hfa384x_usbctlx_t *ctlx;
3170 ctlx = list_entry(entry, hfa384x_usbctlx_t, list);
3171 list_del(&ctlx->list);
3175 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
3179 /*----------------------------------------------------------------
3180 * hfa384x_usbctlx_completion_task
3182 * Tasklet to call completion handlers for returned CTLXs
3185 * data ptr to hfa384x_t
3192 ----------------------------------------------------------------*/
3193 static void hfa384x_usbctlx_completion_task(unsigned long data)
3195 hfa384x_t *hw = (hfa384x_t*)data;
3196 struct list_head *entry;
3197 struct list_head *temp;
3198 unsigned long flags;
3202 spin_lock_irqsave(&hw->ctlxq.lock, flags);
3204 /* This list is guaranteed to be empty if someone
3205 * has unplugged the adapter ...
3207 list_for_each_safe(entry, temp, &hw->ctlxq.completing) {
3208 hfa384x_usbctlx_t *ctlx;
3210 ctlx = list_entry(entry, hfa384x_usbctlx_t, list);
3212 /* Call the completion function that this
3213 * command was assigned, assuming it has one.
3215 if ( ctlx->cmdcb != NULL ) {
3216 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
3217 ctlx->cmdcb(hw, ctlx);
3218 spin_lock_irqsave(&hw->ctlxq.lock, flags);
3220 /* Make sure we don't try and complete
3221 * this CTLX more than once!
3225 /* Did someone yank the adapter out
3226 * while our list was (briefly) unlocked?
3228 if ( hw->wlandev->hwremoved )
3236 * "Reapable" CTLXs are ones which don't have any
3237 * threads waiting for them to die. Hence they must
3238 * be delivered to The Reaper!
3240 if ( ctlx->reapable ) {
3241 /* Move the CTLX off the "completing" list (hopefully)
3242 * on to the "reapable" list where the reaper task
3243 * can find it. And "reapable" means that this CTLX
3244 * isn't sitting on a wait-queue somewhere.
3246 list_move_tail(&ctlx->list, &hw->ctlxq.reapable);
3250 complete(&ctlx->done);
3252 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
3255 tasklet_schedule(&hw->reaper_bh);
3258 /*----------------------------------------------------------------
3259 * unlocked_usbctlx_cancel_async
3261 * Mark the CTLX dead asynchronously, and ensure that the
3262 * next command on the queue is run afterwards.
3265 * hw ptr to the hfa384x_t structure
3266 * ctlx ptr to a CTLX structure
3269 * 0 the CTLX's URB is inactive
3270 * -EINPROGRESS the URB is currently being unlinked
3273 * Either process or interrupt, but presumably interrupt
3274 ----------------------------------------------------------------*/
3275 static int unlocked_usbctlx_cancel_async(hfa384x_t *hw, hfa384x_usbctlx_t *ctlx)
3280 * Try to delete the URB containing our request packet.
3281 * If we succeed, then its completion handler will be
3282 * called with a status of -ECONNRESET.
3284 hw->ctlx_urb.transfer_flags |= URB_ASYNC_UNLINK;
3285 ret = usb_unlink_urb(&hw->ctlx_urb);
3287 if (ret != -EINPROGRESS) {
3289 * The OUT URB had either already completed
3290 * or was still in the pending queue, so the
3291 * URB's completion function will not be called.
3292 * We will have to complete the CTLX ourselves.
3294 ctlx->state = CTLX_REQ_FAILED;
3295 unlocked_usbctlx_complete(hw, ctlx);
3302 /*----------------------------------------------------------------
3303 * unlocked_usbctlx_complete
3305 * A CTLX has completed. It may have been successful, it may not
3306 * have been. At this point, the CTLX should be quiescent. The URBs
3307 * aren't active and the timers should have been stopped.
3309 * The CTLX is migrated to the "completing" queue, and the completing
3310 * tasklet is scheduled.
3313 * hw ptr to a hfa384x_t structure
3314 * ctlx ptr to a ctlx structure
3322 * Either, assume interrupt
3323 ----------------------------------------------------------------*/
3324 static void unlocked_usbctlx_complete(hfa384x_t *hw, hfa384x_usbctlx_t *ctlx)
3326 /* Timers have been stopped, and ctlx should be in
3327 * a terminal state. Retire it from the "active"
3330 list_move_tail(&ctlx->list, &hw->ctlxq.completing);
3331 tasklet_schedule(&hw->completion_bh);
3333 switch (ctlx->state) {
3335 case CTLX_REQ_FAILED:
3336 /* This are the correct terminating states. */
3340 printk(KERN_ERR "CTLX[%d] not in a terminating state(%s)\n",
3341 hfa384x2host_16(ctlx->outbuf.type),
3342 ctlxstr(ctlx->state));
3347 /*----------------------------------------------------------------
3348 * hfa384x_usbctlxq_run
3350 * Checks to see if the head item is running. If not, starts it.
3353 * hw ptr to hfa384x_t
3362 ----------------------------------------------------------------*/
3364 hfa384x_usbctlxq_run(hfa384x_t *hw)
3366 unsigned long flags;
3369 spin_lock_irqsave(&hw->ctlxq.lock, flags);
3371 /* Only one active CTLX at any one time, because there's no
3372 * other (reliable) way to match the response URB to the
3375 * Don't touch any of these CTLXs if the hardware
3376 * has been removed or the USB subsystem is stalled.
3378 if ( !list_empty(&hw->ctlxq.active) ||
3379 test_bit(WORK_TX_HALT, &hw->usb_flags) ||
3380 hw->wlandev->hwremoved )
3383 while ( !list_empty(&hw->ctlxq.pending) ) {
3384 hfa384x_usbctlx_t *head;
3387 /* This is the first pending command */
3388 head = list_entry(hw->ctlxq.pending.next,
3392 /* We need to split this off to avoid a race condition */
3393 list_move_tail(&head->list, &hw->ctlxq.active);
3395 /* Fill the out packet */
3396 usb_fill_bulk_urb( &(hw->ctlx_urb), hw->usb,
3398 &(head->outbuf), ROUNDUP64(head->outbufsize),
3399 hfa384x_ctlxout_callback, hw);
3400 hw->ctlx_urb.transfer_flags |= USB_QUEUE_BULK;
3402 /* Now submit the URB and update the CTLX's state
3404 if ((result = SUBMIT_URB(&hw->ctlx_urb, GFP_ATOMIC)) == 0) {
3405 /* This CTLX is now running on the active queue */
3406 head->state = CTLX_REQ_SUBMITTED;
3408 /* Start the OUT wait timer */
3409 hw->req_timer_done = 0;
3410 hw->reqtimer.expires = jiffies + HZ;
3411 add_timer(&hw->reqtimer);
3413 /* Start the IN wait timer */
3414 hw->resp_timer_done = 0;
3415 hw->resptimer.expires = jiffies + 2*HZ;
3416 add_timer(&hw->resptimer);
3421 if (result == -EPIPE) {
3422 /* The OUT pipe needs resetting, so put
3423 * this CTLX back in the "pending" queue
3424 * and schedule a reset ...
3426 WLAN_LOG_WARNING("%s tx pipe stalled: requesting reset\n",
3427 hw->wlandev->netdev->name);
3428 list_move(&head->list, &hw->ctlxq.pending);
3429 set_bit(WORK_TX_HALT, &hw->usb_flags);
3430 schedule_work(&hw->usb_work);
3434 if (result == -ESHUTDOWN) {
3435 WLAN_LOG_WARNING("%s urb shutdown!\n",
3436 hw->wlandev->netdev->name);
3440 printk(KERN_ERR "Failed to submit CTLX[%d]: error=%d\n",
3441 hfa384x2host_16(head->outbuf.type), result);
3442 unlocked_usbctlx_complete(hw, head);
3446 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
3450 /*----------------------------------------------------------------
3451 * hfa384x_usbin_callback
3453 * Callback for URBs on the BULKIN endpoint.
3456 * urb ptr to the completed urb
3465 ----------------------------------------------------------------*/
3466 static void hfa384x_usbin_callback(struct urb *urb)
3468 wlandevice_t *wlandev = urb->context;
3470 hfa384x_usbin_t *usbin = (hfa384x_usbin_t *) urb->transfer_buffer;
3471 struct sk_buff *skb = NULL;
3484 wlandev->hwremoved )
3491 skb = hw->rx_urb_skb;
3492 if (!skb || (skb->data != urb->transfer_buffer)) {
3495 hw->rx_urb_skb = NULL;
3497 /* Check for error conditions within the URB */
3498 switch (urb->status) {
3502 /* Check for short packet */
3503 if ( urb->actual_length == 0 ) {
3504 ++(wlandev->linux_stats.rx_errors);
3505 ++(wlandev->linux_stats.rx_length_errors);
3511 WLAN_LOG_WARNING("%s rx pipe stalled: requesting reset\n",
3512 wlandev->netdev->name);
3513 if ( !test_and_set_bit(WORK_RX_HALT, &hw->usb_flags) )
3514 schedule_work(&hw->usb_work);
3515 ++(wlandev->linux_stats.rx_errors);
3522 if ( !test_and_set_bit(THROTTLE_RX, &hw->usb_flags) &&
3523 !timer_pending(&hw->throttle) ) {
3524 mod_timer(&hw->throttle, jiffies + THROTTLE_JIFFIES);
3526 ++(wlandev->linux_stats.rx_errors);
3531 ++(wlandev->linux_stats.rx_over_errors);
3537 WLAN_LOG_DEBUG(3,"status=%d, device removed.\n", urb->status);
3543 WLAN_LOG_DEBUG(3,"status=%d, urb explicitly unlinked.\n", urb->status);
3548 WLAN_LOG_DEBUG(3,"urb status=%d, transfer flags=0x%x\n",
3549 urb->status, urb->transfer_flags);
3550 ++(wlandev->linux_stats.rx_errors);
3555 urb_status = urb->status;
3557 if (action != ABORT) {
3558 /* Repost the RX URB */
3559 result = submit_rx_urb(hw, GFP_ATOMIC);
3563 "Fatal, failed to resubmit rx_urb. error=%d\n",
3568 /* Handle any USB-IN packet */
3569 /* Note: the check of the sw_support field, the type field doesn't
3570 * have bit 12 set like the docs suggest.
3572 type = hfa384x2host_16(usbin->type);
3573 if (HFA384x_USB_ISRXFRM(type)) {
3574 if (action == HANDLE) {
3575 if (usbin->txfrm.desc.sw_support == 0x0123) {
3576 hfa384x_usbin_txcompl(wlandev, usbin);
3578 skb_put(skb, sizeof(*usbin));
3579 hfa384x_usbin_rx(wlandev, skb);
3585 if (HFA384x_USB_ISTXFRM(type)) {
3586 if (action == HANDLE)
3587 hfa384x_usbin_txcompl(wlandev, usbin);
3591 case HFA384x_USB_INFOFRM:
3592 if (action == ABORT)
3594 if (action == HANDLE)
3595 hfa384x_usbin_info(wlandev, usbin);
3598 case HFA384x_USB_CMDRESP:
3599 case HFA384x_USB_WRIDRESP:
3600 case HFA384x_USB_RRIDRESP:
3601 case HFA384x_USB_WMEMRESP:
3602 case HFA384x_USB_RMEMRESP:
3603 /* ALWAYS, ALWAYS, ALWAYS handle this CTLX!!!! */
3604 hfa384x_usbin_ctlx(hw, usbin, urb_status);
3607 case HFA384x_USB_BUFAVAIL:
3608 WLAN_LOG_DEBUG(3,"Received BUFAVAIL packet, frmlen=%d\n",
3609 usbin->bufavail.frmlen);
3612 case HFA384x_USB_ERROR:
3613 WLAN_LOG_DEBUG(3,"Received USB_ERROR packet, errortype=%d\n",
3614 usbin->usberror.errortype);
3618 WLAN_LOG_DEBUG(3,"Unrecognized USBIN packet, type=%x, status=%d\n",
3619 usbin->type, urb_status);
3630 /*----------------------------------------------------------------
3631 * hfa384x_usbin_ctlx
3633 * We've received a URB containing a Prism2 "response" message.
3634 * This message needs to be matched up with a CTLX on the active
3635 * queue and our state updated accordingly.
3638 * hw ptr to hfa384x_t
3639 * usbin ptr to USB IN packet
3640 * urb_status status of this Bulk-In URB
3649 ----------------------------------------------------------------*/
3650 static void hfa384x_usbin_ctlx(hfa384x_t *hw, hfa384x_usbin_t *usbin,
3653 hfa384x_usbctlx_t *ctlx;
3655 unsigned long flags;
3658 spin_lock_irqsave(&hw->ctlxq.lock, flags);
3660 /* There can be only one CTLX on the active queue
3661 * at any one time, and this is the CTLX that the
3662 * timers are waiting for.
3664 if ( list_empty(&hw->ctlxq.active) ) {
3668 /* Remove the "response timeout". It's possible that
3669 * we are already too late, and that the timeout is
3670 * already running. And that's just too bad for us,
3671 * because we could lose our CTLX from the active
3674 if (del_timer(&hw->resptimer) == 0) {
3675 if (hw->resp_timer_done == 0) {
3676 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
3681 hw->resp_timer_done = 1;
3684 ctlx = get_active_ctlx(hw);
3686 if (urb_status != 0) {
3688 * Bad CTLX, so get rid of it. But we only
3689 * remove it from the active queue if we're no
3690 * longer expecting the OUT URB to complete.
3692 if (unlocked_usbctlx_cancel_async(hw, ctlx) == 0)
3695 const u16 intype = (usbin->type&~host2hfa384x_16(0x8000));
3698 * Check that our message is what we're expecting ...
3700 if (ctlx->outbuf.type != intype) {
3701 WLAN_LOG_WARNING("Expected IN[%d], received IN[%d] - ignored.\n",
3702 hfa384x2host_16(ctlx->outbuf.type),
3703 hfa384x2host_16(intype));
3707 /* This URB has succeeded, so grab the data ... */
3708 memcpy(&ctlx->inbuf, usbin, sizeof(ctlx->inbuf));
3710 switch (ctlx->state) {
3711 case CTLX_REQ_SUBMITTED:
3713 * We have received our response URB before
3714 * our request has been acknowledged. Odd,
3715 * but our OUT URB is still alive...
3717 WLAN_LOG_DEBUG(0, "Causality violation: please reboot Universe, or email linux-wlan-devel@lists.linux-wlan.com\n");
3718 ctlx->state = CTLX_RESP_COMPLETE;
3721 case CTLX_REQ_COMPLETE:
3723 * This is the usual path: our request
3724 * has already been acknowledged, and
3725 * now we have received the reply too.
3727 ctlx->state = CTLX_COMPLETE;
3728 unlocked_usbctlx_complete(hw, ctlx);
3734 * Throw this CTLX away ...
3736 printk(KERN_ERR "Matched IN URB, CTLX[%d] in invalid state(%s)."
3738 hfa384x2host_16(ctlx->outbuf.type),
3739 ctlxstr(ctlx->state));
3740 if (unlocked_usbctlx_cancel_async(hw, ctlx) == 0)
3747 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
3750 hfa384x_usbctlxq_run(hw);
3754 /*----------------------------------------------------------------
3755 * hfa384x_usbin_txcompl
3757 * At this point we have the results of a previous transmit.
3760 * wlandev wlan device
3761 * usbin ptr to the usb transfer buffer
3770 ----------------------------------------------------------------*/
3771 static void hfa384x_usbin_txcompl(wlandevice_t *wlandev, hfa384x_usbin_t *usbin)
3775 status = hfa384x2host_16(usbin->type); /* yeah I know it says type...*/
3777 /* Was there an error? */
3778 if (HFA384x_TXSTATUS_ISERROR(status)) {
3779 prism2sta_ev_txexc(wlandev, status);
3781 prism2sta_ev_tx(wlandev, status);
3783 // prism2sta_ev_alloc(wlandev);
3787 /*----------------------------------------------------------------
3790 * At this point we have a successful received a rx frame packet.
3793 * wlandev wlan device
3794 * usbin ptr to the usb transfer buffer
3803 ----------------------------------------------------------------*/
3804 static void hfa384x_usbin_rx(wlandevice_t *wlandev, struct sk_buff *skb)
3806 hfa384x_usbin_t *usbin = (hfa384x_usbin_t *) skb->data;
3807 hfa384x_t *hw = wlandev->priv;
3809 p80211_rxmeta_t *rxmeta;
3813 /* Byte order convert once up front. */
3814 usbin->rxfrm.desc.status =
3815 hfa384x2host_16(usbin->rxfrm.desc.status);
3816 usbin->rxfrm.desc.time =
3817 hfa384x2host_32(usbin->rxfrm.desc.time);
3819 /* Now handle frame based on port# */
3820 switch( HFA384x_RXSTATUS_MACPORT_GET(usbin->rxfrm.desc.status) )
3823 fc = le16_to_cpu(usbin->rxfrm.desc.frame_control);
3825 /* If exclude and we receive an unencrypted, drop it */
3826 if ( (wlandev->hostwep & HOSTWEP_EXCLUDEUNENCRYPTED) &&
3827 !WLAN_GET_FC_ISWEP(fc)){
3831 data_len = hfa384x2host_16(usbin->rxfrm.desc.data_len);
3833 /* How much header data do we have? */
3834 hdrlen = p80211_headerlen(fc);
3836 /* Pull off the descriptor */
3837 skb_pull(skb, sizeof(hfa384x_rx_frame_t));
3839 /* Now shunt the header block up against the data block
3840 * with an "overlapping" copy
3842 memmove(skb_push(skb, hdrlen),
3843 &usbin->rxfrm.desc.frame_control,
3846 skb->dev = wlandev->netdev;
3847 skb->dev->last_rx = jiffies;
3849 /* And set the frame length properly */
3850 skb_trim(skb, data_len + hdrlen);
3852 /* The prism2 series does not return the CRC */
3853 memset(skb_put(skb, WLAN_CRC_LEN), 0xff, WLAN_CRC_LEN);
3855 skb_reset_mac_header(skb);
3857 /* Attach the rxmeta, set some stuff */
3858 p80211skb_rxmeta_attach(wlandev, skb);
3859 rxmeta = P80211SKB_RXMETA(skb);
3860 rxmeta->mactime = usbin->rxfrm.desc.time;
3861 rxmeta->rxrate = usbin->rxfrm.desc.rate;
3862 rxmeta->signal = usbin->rxfrm.desc.signal - hw->dbmadjust;
3863 rxmeta->noise = usbin->rxfrm.desc.silence - hw->dbmadjust;
3865 prism2sta_ev_rx(wlandev, skb);
3870 if ( ! HFA384x_RXSTATUS_ISFCSERR(usbin->rxfrm.desc.status) ) {
3871 /* Copy to wlansnif skb */
3872 hfa384x_int_rxmonitor( wlandev, &usbin->rxfrm);
3875 WLAN_LOG_DEBUG(3,"Received monitor frame: FCSerr set\n");
3880 WLAN_LOG_WARNING("Received frame on unsupported port=%d\n",
3881 HFA384x_RXSTATUS_MACPORT_GET(usbin->rxfrm.desc.status) );
3890 /*----------------------------------------------------------------
3891 * hfa384x_int_rxmonitor
3893 * Helper function for int_rx. Handles monitor frames.
3894 * Note that this function allocates space for the FCS and sets it
3895 * to 0xffffffff. The hfa384x doesn't give us the FCS value but the
3896 * higher layers expect it. 0xffffffff is used as a flag to indicate
3900 * wlandev wlan device structure
3901 * rxfrm rx descriptor read from card in int_rx
3907 * Allocates an skb and passes it up via the PF_PACKET interface.
3910 ----------------------------------------------------------------*/
3911 static void hfa384x_int_rxmonitor( wlandevice_t *wlandev, hfa384x_usb_rxfrm_t *rxfrm)
3913 hfa384x_rx_frame_t *rxdesc = &(rxfrm->desc);
3914 unsigned int hdrlen = 0;
3915 unsigned int datalen = 0;
3916 unsigned int skblen = 0;
3919 struct sk_buff *skb;
3920 hfa384x_t *hw = wlandev->priv;
3922 /* Don't forget the status, time, and data_len fields are in host order */
3923 /* Figure out how big the frame is */
3924 fc = le16_to_cpu(rxdesc->frame_control);
3925 hdrlen = p80211_headerlen(fc);
3926 datalen = hfa384x2host_16(rxdesc->data_len);
3928 /* Allocate an ind message+framesize skb */
3929 skblen = sizeof(p80211_caphdr_t) +
3930 hdrlen + datalen + WLAN_CRC_LEN;
3932 /* sanity check the length */
3934 (sizeof(p80211_caphdr_t) +
3935 WLAN_HDR_A4_LEN + WLAN_DATA_MAXLEN + WLAN_CRC_LEN) ) {
3936 WLAN_LOG_DEBUG(1, "overlen frm: len=%zd\n",
3937 skblen - sizeof(p80211_caphdr_t));
3940 if ( (skb = dev_alloc_skb(skblen)) == NULL ) {
3941 printk(KERN_ERR "alloc_skb failed trying to allocate %d bytes\n", skblen);
3945 /* only prepend the prism header if in the right mode */
3946 if ((wlandev->netdev->type == ARPHRD_IEEE80211_PRISM) &&
3947 (hw->sniffhdr != 0)) {
3948 p80211_caphdr_t *caphdr;
3949 /* The NEW header format! */
3950 datap = skb_put(skb, sizeof(p80211_caphdr_t));
3951 caphdr = (p80211_caphdr_t*) datap;
3953 caphdr->version = htonl(P80211CAPTURE_VERSION);
3954 caphdr->length = htonl(sizeof(p80211_caphdr_t));
3955 caphdr->mactime = __cpu_to_be64(rxdesc->time) * 1000;
3956 caphdr->hosttime = __cpu_to_be64(jiffies);
3957 caphdr->phytype = htonl(4); /* dss_dot11_b */
3958 caphdr->channel = htonl(hw->sniff_channel);
3959 caphdr->datarate = htonl(rxdesc->rate);
3960 caphdr->antenna = htonl(0); /* unknown */
3961 caphdr->priority = htonl(0); /* unknown */
3962 caphdr->ssi_type = htonl(3); /* rssi_raw */
3963 caphdr->ssi_signal = htonl(rxdesc->signal);
3964 caphdr->ssi_noise = htonl(rxdesc->silence);
3965 caphdr->preamble = htonl(0); /* unknown */
3966 caphdr->encoding = htonl(1); /* cck */
3969 /* Copy the 802.11 header to the skb (ctl frames may be less than a full header) */
3970 datap = skb_put(skb, hdrlen);
3971 memcpy( datap, &(rxdesc->frame_control), hdrlen);
3973 /* If any, copy the data from the card to the skb */
3976 datap = skb_put(skb, datalen);
3977 memcpy(datap, rxfrm->data, datalen);
3979 /* check for unencrypted stuff if WEP bit set. */
3980 if (*(datap - hdrlen + 1) & 0x40) // wep set
3981 if ((*(datap) == 0xaa) && (*(datap+1) == 0xaa))
3982 *(datap - hdrlen + 1) &= 0xbf; // clear wep; it's the 802.2 header!
3985 if (hw->sniff_fcs) {
3987 datap = skb_put(skb, WLAN_CRC_LEN);
3988 memset( datap, 0xff, WLAN_CRC_LEN);
3991 /* pass it back up */
3992 prism2sta_ev_rx(wlandev, skb);
3999 /*----------------------------------------------------------------
4000 * hfa384x_usbin_info
4002 * At this point we have a successful received a Prism2 info frame.
4005 * wlandev wlan device
4006 * usbin ptr to the usb transfer buffer
4015 ----------------------------------------------------------------*/
4016 static void hfa384x_usbin_info(wlandevice_t *wlandev, hfa384x_usbin_t *usbin)
4018 usbin->infofrm.info.framelen = hfa384x2host_16(usbin->infofrm.info.framelen);
4019 prism2sta_ev_info(wlandev, &usbin->infofrm.info);
4024 /*----------------------------------------------------------------
4025 * hfa384x_usbout_callback
4027 * Callback for URBs on the BULKOUT endpoint.
4030 * urb ptr to the completed urb
4039 ----------------------------------------------------------------*/
4040 static void hfa384x_usbout_callback(struct urb *urb)
4042 wlandevice_t *wlandev = urb->context;
4043 hfa384x_usbout_t *usbout = urb->transfer_buffer;
4052 switch(urb->status) {
4054 hfa384x_usbout_tx(wlandev, usbout);
4059 hfa384x_t *hw = wlandev->priv;
4060 WLAN_LOG_WARNING("%s tx pipe stalled: requesting reset\n",
4061 wlandev->netdev->name);
4062 if ( !test_and_set_bit(WORK_TX_HALT, &hw->usb_flags) )
4063 schedule_work(&hw->usb_work);
4064 ++(wlandev->linux_stats.tx_errors);
4072 hfa384x_t *hw = wlandev->priv;
4074 if ( !test_and_set_bit(THROTTLE_TX, &hw->usb_flags)
4075 && !timer_pending(&hw->throttle) ) {
4076 mod_timer(&hw->throttle,
4077 jiffies + THROTTLE_JIFFIES);
4079 ++(wlandev->linux_stats.tx_errors);
4080 netif_stop_queue(wlandev->netdev);
4086 /* Ignorable errors */
4090 printk(KERN_INFO "unknown urb->status=%d\n", urb->status);
4091 ++(wlandev->linux_stats.tx_errors);
4098 /*----------------------------------------------------------------
4099 * hfa384x_ctlxout_callback
4101 * Callback for control data on the BULKOUT endpoint.
4104 * urb ptr to the completed urb
4113 ----------------------------------------------------------------*/
4114 static void hfa384x_ctlxout_callback(struct urb *urb)
4116 hfa384x_t *hw = urb->context;
4117 int delete_resptimer = 0;
4120 hfa384x_usbctlx_t *ctlx;
4121 unsigned long flags;
4123 WLAN_LOG_DEBUG(3,"urb->status=%d\n", urb->status);
4127 if ( (urb->status == -ESHUTDOWN) ||
4128 (urb->status == -ENODEV) ||
4133 spin_lock_irqsave(&hw->ctlxq.lock, flags);
4136 * Only one CTLX at a time on the "active" list, and
4137 * none at all if we are unplugged. However, we can
4138 * rely on the disconnect function to clean everything
4139 * up if someone unplugged the adapter.
4141 if ( list_empty(&hw->ctlxq.active) ) {
4142 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
4147 * Having something on the "active" queue means
4148 * that we have timers to worry about ...
4150 if (del_timer(&hw->reqtimer) == 0) {
4151 if (hw->req_timer_done == 0) {
4153 * This timer was actually running while we
4154 * were trying to delete it. Let it terminate
4155 * gracefully instead.
4157 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
4162 hw->req_timer_done = 1;
4165 ctlx = get_active_ctlx(hw);
4167 if ( urb->status == 0 ) {
4168 /* Request portion of a CTLX is successful */
4169 switch ( ctlx->state ) {
4170 case CTLX_REQ_SUBMITTED:
4171 /* This OUT-ACK received before IN */
4172 ctlx->state = CTLX_REQ_COMPLETE;
4175 case CTLX_RESP_COMPLETE:
4176 /* IN already received before this OUT-ACK,
4177 * so this command must now be complete.
4179 ctlx->state = CTLX_COMPLETE;
4180 unlocked_usbctlx_complete(hw, ctlx);
4185 /* This is NOT a valid CTLX "success" state! */
4187 "Illegal CTLX[%d] success state(%s, %d) in OUT URB\n",
4188 hfa384x2host_16(ctlx->outbuf.type),
4189 ctlxstr(ctlx->state), urb->status);
4193 /* If the pipe has stalled then we need to reset it */
4194 if ( (urb->status == -EPIPE) &&
4195 !test_and_set_bit(WORK_TX_HALT, &hw->usb_flags) ) {
4196 WLAN_LOG_WARNING("%s tx pipe stalled: requesting reset\n",
4197 hw->wlandev->netdev->name);
4198 schedule_work(&hw->usb_work);
4201 /* If someone cancels the OUT URB then its status
4202 * should be either -ECONNRESET or -ENOENT.
4204 ctlx->state = CTLX_REQ_FAILED;
4205 unlocked_usbctlx_complete(hw, ctlx);
4206 delete_resptimer = 1;
4211 if (delete_resptimer) {
4212 if ((timer_ok = del_timer(&hw->resptimer)) != 0) {
4213 hw->resp_timer_done = 1;
4217 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
4219 if ( !timer_ok && (hw->resp_timer_done == 0) ) {
4220 spin_lock_irqsave(&hw->ctlxq.lock, flags);
4225 hfa384x_usbctlxq_run(hw);
4232 /*----------------------------------------------------------------
4233 * hfa384x_usbctlx_reqtimerfn
4235 * Timer response function for CTLX request timeouts. If this
4236 * function is called, it means that the callback for the OUT
4237 * URB containing a Prism2.x XXX_Request was never called.
4240 * data a ptr to the hfa384x_t
4249 ----------------------------------------------------------------*/
4251 hfa384x_usbctlx_reqtimerfn(unsigned long data)
4253 hfa384x_t *hw = (hfa384x_t*)data;
4254 unsigned long flags;
4256 spin_lock_irqsave(&hw->ctlxq.lock, flags);
4258 hw->req_timer_done = 1;
4260 /* Removing the hardware automatically empties
4261 * the active list ...
4263 if ( !list_empty(&hw->ctlxq.active) )
4266 * We must ensure that our URB is removed from
4267 * the system, if it hasn't already expired.
4269 hw->ctlx_urb.transfer_flags |= URB_ASYNC_UNLINK;
4270 if (usb_unlink_urb(&hw->ctlx_urb) == -EINPROGRESS)
4272 hfa384x_usbctlx_t *ctlx = get_active_ctlx(hw);
4274 ctlx->state = CTLX_REQ_FAILED;
4276 /* This URB was active, but has now been
4277 * cancelled. It will now have a status of
4278 * -ECONNRESET in the callback function.
4280 * We are cancelling this CTLX, so we're
4281 * not going to need to wait for a response.
4282 * The URB's callback function will check
4283 * that this timer is truly dead.
4285 if (del_timer(&hw->resptimer) != 0)
4286 hw->resp_timer_done = 1;
4290 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
4294 /*----------------------------------------------------------------
4295 * hfa384x_usbctlx_resptimerfn
4297 * Timer response function for CTLX response timeouts. If this
4298 * function is called, it means that the callback for the IN
4299 * URB containing a Prism2.x XXX_Response was never called.
4302 * data a ptr to the hfa384x_t
4311 ----------------------------------------------------------------*/
4313 hfa384x_usbctlx_resptimerfn(unsigned long data)
4315 hfa384x_t *hw = (hfa384x_t*)data;
4316 unsigned long flags;
4318 spin_lock_irqsave(&hw->ctlxq.lock, flags);
4320 hw->resp_timer_done = 1;
4322 /* The active list will be empty if the
4323 * adapter has been unplugged ...
4325 if ( !list_empty(&hw->ctlxq.active) )
4327 hfa384x_usbctlx_t *ctlx = get_active_ctlx(hw);
4329 if ( unlocked_usbctlx_cancel_async(hw, ctlx) == 0 )
4331 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
4332 hfa384x_usbctlxq_run(hw);
4337 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
4344 /*----------------------------------------------------------------
4345 * hfa384x_usb_throttlefn
4358 ----------------------------------------------------------------*/
4360 hfa384x_usb_throttlefn(unsigned long data)
4362 hfa384x_t *hw = (hfa384x_t*)data;
4363 unsigned long flags;
4365 spin_lock_irqsave(&hw->ctlxq.lock, flags);
4368 * We need to check BOTH the RX and the TX throttle controls,
4369 * so we use the bitwise OR instead of the logical OR.
4371 WLAN_LOG_DEBUG(3, "flags=0x%lx\n", hw->usb_flags);
4372 if ( !hw->wlandev->hwremoved &&
4374 (test_and_clear_bit(THROTTLE_RX, &hw->usb_flags) &&
4375 !test_and_set_bit(WORK_RX_RESUME, &hw->usb_flags))
4377 (test_and_clear_bit(THROTTLE_TX, &hw->usb_flags) &&
4378 !test_and_set_bit(WORK_TX_RESUME, &hw->usb_flags))
4381 schedule_work(&hw->usb_work);
4384 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
4388 /*----------------------------------------------------------------
4389 * hfa384x_usbctlx_submit
4391 * Called from the doxxx functions to submit a CTLX to the queue
4394 * hw ptr to the hw struct
4395 * ctlx ctlx structure to enqueue
4398 * -ENODEV if the adapter is unplugged
4404 * process or interrupt
4405 ----------------------------------------------------------------*/
4407 hfa384x_usbctlx_submit(
4409 hfa384x_usbctlx_t *ctlx)
4411 unsigned long flags;
4414 spin_lock_irqsave(&hw->ctlxq.lock, flags);
4416 if (hw->wlandev->hwremoved) {
4417 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
4420 ctlx->state = CTLX_PENDING;
4421 list_add_tail(&ctlx->list, &hw->ctlxq.pending);
4423 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
4424 hfa384x_usbctlxq_run(hw);
4432 /*----------------------------------------------------------------
4435 * At this point we have finished a send of a frame. Mark the URB
4436 * as available and call ev_alloc to notify higher layers we're
4440 * wlandev wlan device
4441 * usbout ptr to the usb transfer buffer
4450 ----------------------------------------------------------------*/
4451 static void hfa384x_usbout_tx(wlandevice_t *wlandev, hfa384x_usbout_t *usbout)
4453 prism2sta_ev_alloc(wlandev);
4456 /*----------------------------------------------------------------
4457 * hfa384x_isgood_pdrcore
4459 * Quick check of PDR codes.
4462 * pdrcode PDR code number (host order)
4471 ----------------------------------------------------------------*/
4473 hfa384x_isgood_pdrcode(u16 pdrcode)
4476 case HFA384x_PDR_END_OF_PDA:
4477 case HFA384x_PDR_PCB_PARTNUM:
4478 case HFA384x_PDR_PDAVER:
4479 case HFA384x_PDR_NIC_SERIAL:
4480 case HFA384x_PDR_MKK_MEASUREMENTS:
4481 case HFA384x_PDR_NIC_RAMSIZE:
4482 case HFA384x_PDR_MFISUPRANGE:
4483 case HFA384x_PDR_CFISUPRANGE:
4484 case HFA384x_PDR_NICID:
4485 case HFA384x_PDR_MAC_ADDRESS:
4486 case HFA384x_PDR_REGDOMAIN:
4487 case HFA384x_PDR_ALLOWED_CHANNEL:
4488 case HFA384x_PDR_DEFAULT_CHANNEL:
4489 case HFA384x_PDR_TEMPTYPE:
4490 case HFA384x_PDR_IFR_SETTING:
4491 case HFA384x_PDR_RFR_SETTING:
4492 case HFA384x_PDR_HFA3861_BASELINE:
4493 case HFA384x_PDR_HFA3861_SHADOW:
4494 case HFA384x_PDR_HFA3861_IFRF:
4495 case HFA384x_PDR_HFA3861_CHCALSP:
4496 case HFA384x_PDR_HFA3861_CHCALI:
4497 case HFA384x_PDR_3842_NIC_CONFIG:
4498 case HFA384x_PDR_USB_ID:
4499 case HFA384x_PDR_PCI_ID:
4500 case HFA384x_PDR_PCI_IFCONF:
4501 case HFA384x_PDR_PCI_PMCONF:
4502 case HFA384x_PDR_RFENRGY:
4503 case HFA384x_PDR_HFA3861_MANF_TESTSP:
4504 case HFA384x_PDR_HFA3861_MANF_TESTI:
4509 if ( pdrcode < 0x1000 ) {
4510 /* code is OK, but we don't know exactly what it is */
4512 "Encountered unknown PDR#=0x%04x, "
4513 "assuming it's ok.\n",
4519 "Encountered unknown PDR#=0x%04x, "
4520 "(>=0x1000), assuming it's bad.\n",
4526 return 0; /* avoid compiler warnings */