drivers/net/wireless/ath/ath6kl/init.c

   1
   2 /*
   3  * Copyright (c) 2011 Atheros Communications Inc.
   4  *
   5  * Permission to use, copy, modify, and/or distribute this software for any
   6  * purpose with or without fee is hereby granted, provided that the above
   7  * copyright notice and this permission notice appear in all copies.
   8  *
   9  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
  10  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
  11  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
  12  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
  13  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
  14  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
  15  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  16  */
  17
  18 #include <linux/moduleparam.h>
  19 #include <linux/of.h>
  20 #include <linux/mmc/sdio_func.h>
  21 #include "core.h"
  22 #include "cfg80211.h"
  23 #include "target.h"
  24 #include "debug.h"
  25 #include "hif-ops.h"
  26
  27 unsigned int debug_mask;
  28 static unsigned int testmode;
  29
  30 module_param(debug_mask, uint, 0644);
  31 module_param(testmode, uint, 0644);
  32
  33 /*
  34  * Include definitions here that can be used to tune the WLAN module
  35  * behavior. Different customers can tune the behavior as per their needs,
  36  * here.
  37  */
  38
  39 /*
  40  * This configuration item enable/disable keepalive support.
  41  * Keepalive support: In the absence of any data traffic to AP, null
  42  * frames will be sent to the AP at periodic interval, to keep the association
  43  * active. This configuration item defines the periodic interval.
  44  * Use value of zero to disable keepalive support
  45  * Default: 60 seconds
  46  */
  47 #define WLAN_CONFIG_KEEP_ALIVE_INTERVAL 60
  48
  49 /*
  50  * This configuration item sets the value of disconnect timeout
  51  * Firmware delays sending the disconnec event to the host for this
  52  * timeout after is gets disconnected from the current AP.
  53  * If the firmware successly roams within the disconnect timeout
  54  * it sends a new connect event
  55  */
  56 #define WLAN_CONFIG_DISCONNECT_TIMEOUT 10
  57
  58 #define CONFIG_AR600x_DEBUG_UART_TX_PIN 8
  59
  60 #define ATH6KL_DATA_OFFSET    64
  61 struct sk_buff *ath6kl_buf_alloc(int size)
  62 {
  63         struct sk_buff *skb;
  64         u16 reserved;
  65
  66         /* Add chacheline space at front and back of buffer */
  67         reserved = (2 * L1_CACHE_BYTES) + ATH6KL_DATA_OFFSET +
  68                    sizeof(struct htc_packet) + ATH6KL_HTC_ALIGN_BYTES;
  69         skb = dev_alloc_skb(size + reserved);
  70
  71         if (skb)
  72                 skb_reserve(skb, reserved - L1_CACHE_BYTES);
  73         return skb;
  74 }
  75
  76 void ath6kl_init_profile_info(struct ath6kl_vif *vif)
  77 {
  78         vif->ssid_len = 0;
  79         memset(vif->ssid, 0, sizeof(vif->ssid));
  80
  81         vif->dot11_auth_mode = OPEN_AUTH;
  82         vif->auth_mode = NONE_AUTH;
  83         vif->prwise_crypto = NONE_CRYPT;
  84         vif->prwise_crypto_len = 0;
  85         vif->grp_crypto = NONE_CRYPT;
  86         vif->grp_crypto_len = 0;
  87         memset(vif->wep_key_list, 0, sizeof(vif->wep_key_list));
  88         memset(vif->req_bssid, 0, sizeof(vif->req_bssid));
  89         memset(vif->bssid, 0, sizeof(vif->bssid));
  90         vif->bss_ch = 0;
  91 }
  92
  93 static int ath6kl_set_host_app_area(struct ath6kl *ar)
  94 {
  95         u32 address, data;
  96         struct host_app_area host_app_area;
  97
  98         /* Fetch the address of the host_app_area_s
  99          * instance in the host interest area */
 100         address = ath6kl_get_hi_item_addr(ar, HI_ITEM(hi_app_host_interest));
 101         address = TARG_VTOP(ar->target_type, address);
 102
 103         if (ath6kl_diag_read32(ar, address, &data))
 104                 return -EIO;
 105
 106         address = TARG_VTOP(ar->target_type, data);
 107         host_app_area.wmi_protocol_ver = cpu_to_le32(WMI_PROTOCOL_VERSION);
 108         if (ath6kl_diag_write(ar, address, (u8 *) &host_app_area,
 109                               sizeof(struct host_app_area)))
 110                 return -EIO;
 111
 112         return 0;
 113 }
 114
 115 static inline void set_ac2_ep_map(struct ath6kl *ar,
 116                                   u8 ac,
 117                                   enum htc_endpoint_id ep)
 118 {
 119         ar->ac2ep_map[ac] = ep;
 120         ar->ep2ac_map[ep] = ac;
 121 }
 122
 123 /* connect to a service */
 124 static int ath6kl_connectservice(struct ath6kl *ar,
 125                                  struct htc_service_connect_req  *con_req,
 126                                  char *desc)
 127 {
 128         int status;
 129         struct htc_service_connect_resp response;
 130
 131         memset(&response, 0, sizeof(response));
 132
 133         status = ath6kl_htc_conn_service(ar->htc_target, con_req, &response);
 134         if (status) {
 135                 ath6kl_err("failed to connect to %s service status:%d\n",
 136                            desc, status);
 137                 return status;
 138         }
 139
 140         switch (con_req->svc_id) {
 141         case WMI_CONTROL_SVC:
 142                 if (test_bit(WMI_ENABLED, &ar->flag))
 143                         ath6kl_wmi_set_control_ep(ar->wmi, response.endpoint);
 144                 ar->ctrl_ep = response.endpoint;
 145                 break;
 146         case WMI_DATA_BE_SVC:
 147                 set_ac2_ep_map(ar, WMM_AC_BE, response.endpoint);
 148                 break;
 149         case WMI_DATA_BK_SVC:
 150                 set_ac2_ep_map(ar, WMM_AC_BK, response.endpoint);
 151                 break;
 152         case WMI_DATA_VI_SVC:
 153                 set_ac2_ep_map(ar, WMM_AC_VI, response.endpoint);
 154                 break;
 155         case WMI_DATA_VO_SVC:
 156                 set_ac2_ep_map(ar, WMM_AC_VO, response.endpoint);
 157                 break;
 158         default:
 159                 ath6kl_err("service id is not mapped %d\n", con_req->svc_id);
 160                 return -EINVAL;
 161         }
 162
 163         return 0;
 164 }
 165
 166 static int ath6kl_init_service_ep(struct ath6kl *ar)
 167 {
 168         struct htc_service_connect_req connect;
 169
 170         memset(&connect, 0, sizeof(connect));
 171
 172         /* these fields are the same for all service endpoints */
 173         connect.ep_cb.rx = ath6kl_rx;
 174         connect.ep_cb.rx_refill = ath6kl_rx_refill;
 175         connect.ep_cb.tx_full = ath6kl_tx_queue_full;
 176
 177         /*
 178          * Set the max queue depth so that our ath6kl_tx_queue_full handler
 179          * gets called.
 180         */
 181         connect.max_txq_depth = MAX_DEFAULT_SEND_QUEUE_DEPTH;
 182         connect.ep_cb.rx_refill_thresh = ATH6KL_MAX_RX_BUFFERS / 4;
 183         if (!connect.ep_cb.rx_refill_thresh)
 184                 connect.ep_cb.rx_refill_thresh++;
 185
 186         /* connect to control service */
 187         connect.svc_id = WMI_CONTROL_SVC;
 188         if (ath6kl_connectservice(ar, &connect, "WMI CONTROL"))
 189                 return -EIO;
 190
 191         connect.flags |= HTC_FLGS_TX_BNDL_PAD_EN;
 192
 193         /*
 194          * Limit the HTC message size on the send path, although e can
 195          * receive A-MSDU frames of 4K, we will only send ethernet-sized
 196          * (802.3) frames on the send path.
 197          */
 198         connect.max_rxmsg_sz = WMI_MAX_TX_DATA_FRAME_LENGTH;
 199
 200         /*
 201          * To reduce the amount of committed memory for larger A_MSDU
 202          * frames, use the recv-alloc threshold mechanism for larger
 203          * packets.
 204          */
 205         connect.ep_cb.rx_alloc_thresh = ATH6KL_BUFFER_SIZE;
 206         connect.ep_cb.rx_allocthresh = ath6kl_alloc_amsdu_rxbuf;
 207
 208         /*
 209          * For the remaining data services set the connection flag to
 210          * reduce dribbling, if configured to do so.
 211          */
 212         connect.conn_flags |= HTC_CONN_FLGS_REDUCE_CRED_DRIB;
 213         connect.conn_flags &= ~HTC_CONN_FLGS_THRESH_MASK;
 214         connect.conn_flags |= HTC_CONN_FLGS_THRESH_LVL_HALF;
 215
 216         connect.svc_id = WMI_DATA_BE_SVC;
 217
 218         if (ath6kl_connectservice(ar, &connect, "WMI DATA BE"))
 219                 return -EIO;
 220
 221         /* connect to back-ground map this to WMI LOW_PRI */
 222         connect.svc_id = WMI_DATA_BK_SVC;
 223         if (ath6kl_connectservice(ar, &connect, "WMI DATA BK"))
 224                 return -EIO;
 225
 226         /* connect to Video service, map this to to HI PRI */
 227         connect.svc_id = WMI_DATA_VI_SVC;
 228         if (ath6kl_connectservice(ar, &connect, "WMI DATA VI"))
 229                 return -EIO;
 230
 231         /*
 232          * Connect to VO service, this is currently not mapped to a WMI
 233          * priority stream due to historical reasons. WMI originally
 234          * defined 3 priorities over 3 mailboxes We can change this when
 235          * WMI is reworked so that priorities are not dependent on
 236          * mailboxes.
 237          */
 238         connect.svc_id = WMI_DATA_VO_SVC;
 239         if (ath6kl_connectservice(ar, &connect, "WMI DATA VO"))
 240                 return -EIO;
 241
 242         return 0;
 243 }
 244
 245 void ath6kl_init_control_info(struct ath6kl_vif *vif)
 246 {
 247         ath6kl_init_profile_info(vif);
 248         vif->def_txkey_index = 0;
 249         memset(vif->wep_key_list, 0, sizeof(vif->wep_key_list));
 250         vif->ch_hint = 0;
 251 }
 252
 253 /*
 254  * Set HTC/Mbox operational parameters, this can only be called when the
 255  * target is in the BMI phase.
 256  */
 257 static int ath6kl_set_htc_params(struct ath6kl *ar, u32 mbox_isr_yield_val,
 258                                  u8 htc_ctrl_buf)
 259 {
 260         int status;
 261         u32 blk_size;
 262
 263         blk_size = ar->mbox_info.block_size;
 264
 265         if (htc_ctrl_buf)
 266                 blk_size |=  ((u32)htc_ctrl_buf) << 16;
 267
 268         /* set the host interest area for the block size */
 269         status = ath6kl_bmi_write(ar,
 270                         ath6kl_get_hi_item_addr(ar,
 271                         HI_ITEM(hi_mbox_io_block_sz)),
 272                         (u8 *)&blk_size,
 273                         4);
 274         if (status) {
 275                 ath6kl_err("bmi_write_memory for IO block size failed\n");
 276                 goto out;
 277         }
 278
 279         ath6kl_dbg(ATH6KL_DBG_TRC, "block size set: %d (target addr:0x%X)\n",
 280                    blk_size,
 281                    ath6kl_get_hi_item_addr(ar, HI_ITEM(hi_mbox_io_block_sz)));
 282
 283         if (mbox_isr_yield_val) {
 284                 /* set the host interest area for the mbox ISR yield limit */
 285                 status = ath6kl_bmi_write(ar,
 286                                 ath6kl_get_hi_item_addr(ar,
 287                                 HI_ITEM(hi_mbox_isr_yield_limit)),
 288                                 (u8 *)&mbox_isr_yield_val,
 289                                 4);
 290                 if (status) {
 291                         ath6kl_err("bmi_write_memory for yield limit failed\n");
 292                         goto out;
 293                 }
 294         }
 295
 296 out:
 297         return status;
 298 }
 299
 300 #define REG_DUMP_COUNT_AR6003   60
 301 #define REGISTER_DUMP_LEN_MAX   60
 302
 303 static void ath6kl_dump_target_assert_info(struct ath6kl *ar)
 304 {
 305         u32 address;
 306         u32 regdump_loc = 0;
 307         int status;
 308         u32 regdump_val[REGISTER_DUMP_LEN_MAX];
 309         u32 i;
 310
 311         if (ar->target_type != TARGET_TYPE_AR6003)
 312                 return;
 313
 314         /* the reg dump pointer is copied to the host interest area */
 315         address = ath6kl_get_hi_item_addr(ar, HI_ITEM(hi_failure_state));
 316         address = TARG_VTOP(ar->target_type, address);
 317
 318         /* read RAM location through diagnostic window */
 319         status = ath6kl_diag_read32(ar, address, &regdump_loc);
 320
 321         if (status || !regdump_loc) {
 322                 ath6kl_err("failed to get ptr to register dump area\n");
 323                 return;
 324         }
 325
 326         ath6kl_dbg(ATH6KL_DBG_TRC, "location of register dump data: 0x%X\n",
 327                 regdump_loc);
 328         regdump_loc = TARG_VTOP(ar->target_type, regdump_loc);
 329
 330         /* fetch register dump data */
 331         status = ath6kl_diag_read(ar, regdump_loc, (u8 *)&regdump_val[0],
 332                                   REG_DUMP_COUNT_AR6003 * (sizeof(u32)));
 333
 334         if (status) {
 335                 ath6kl_err("failed to get register dump\n");
 336                 return;
 337         }
 338         ath6kl_dbg(ATH6KL_DBG_TRC, "Register Dump:\n");
 339
 340         for (i = 0; i < REG_DUMP_COUNT_AR6003; i++)
 341                 ath6kl_dbg(ATH6KL_DBG_TRC, " %d :  0x%8.8X\n",
 342                            i, regdump_val[i]);
 343
 344 }
 345
 346 void ath6kl_target_failure(struct ath6kl *ar)
 347 {
 348         ath6kl_err("target asserted\n");
 349
 350         /* try dumping target assertion information (if any) */
 351         ath6kl_dump_target_assert_info(ar);
 352
 353 }
 354
 355 static int ath6kl_target_config_wlan_params(struct ath6kl *ar)
 356 {
 357         int status = 0;
 358         int ret;
 359
 360         /*
 361          * Configure the device for rx dot11 header rules. "0,0" are the
 362          * default values. Required if checksum offload is needed. Set
 363          * RxMetaVersion to 2.
 364          */
 365         if (ath6kl_wmi_set_rx_frame_format_cmd(ar->wmi,
 366                                                ar->rx_meta_ver, 0, 0)) {
 367                 ath6kl_err("unable to set the rx frame format\n");
 368                 status = -EIO;
 369         }
 370
 371         if (ar->conf_flags & ATH6KL_CONF_IGNORE_PS_FAIL_EVT_IN_SCAN)
 372                 if ((ath6kl_wmi_pmparams_cmd(ar->wmi, 0, 1, 0, 0, 1,
 373                      IGNORE_POWER_SAVE_FAIL_EVENT_DURING_SCAN)) != 0) {
 374                         ath6kl_err("unable to set power save fail event policy\n");
 375                         status = -EIO;
 376                 }
 377
 378         if (!(ar->conf_flags & ATH6KL_CONF_IGNORE_ERP_BARKER))
 379                 if ((ath6kl_wmi_set_lpreamble_cmd(ar->wmi, 0,
 380                      WMI_DONOT_IGNORE_BARKER_IN_ERP)) != 0) {
 381                         ath6kl_err("unable to set barker preamble policy\n");
 382                         status = -EIO;
 383                 }
 384
 385         if (ath6kl_wmi_set_keepalive_cmd(ar->wmi,
 386                         WLAN_CONFIG_KEEP_ALIVE_INTERVAL)) {
 387                 ath6kl_err("unable to set keep alive interval\n");
 388                 status = -EIO;
 389         }
 390
 391         if (ath6kl_wmi_disctimeout_cmd(ar->wmi,
 392                         WLAN_CONFIG_DISCONNECT_TIMEOUT)) {
 393                 ath6kl_err("unable to set disconnect timeout\n");
 394                 status = -EIO;
 395         }
 396
 397         if (!(ar->conf_flags & ATH6KL_CONF_ENABLE_TX_BURST))
 398                 if (ath6kl_wmi_set_wmm_txop(ar->wmi, WMI_TXOP_DISABLED)) {
 399                         ath6kl_err("unable to set txop bursting\n");
 400                         status = -EIO;
 401                 }
 402
 403         if (ar->p2p) {
 404                 ret = ath6kl_wmi_info_req_cmd(ar->wmi,
 405                                               P2P_FLAG_CAPABILITIES_REQ |
 406                                               P2P_FLAG_MACADDR_REQ |
 407                                               P2P_FLAG_HMODEL_REQ);
 408                 if (ret) {
 409                         ath6kl_dbg(ATH6KL_DBG_TRC, "failed to request P2P "
 410                                    "capabilities (%d) - assuming P2P not "
 411                                    "supported\n", ret);
 412                         ar->p2p = 0;
 413                 }
 414         }
 415
 416         if (ar->p2p) {
 417                 /* Enable Probe Request reporting for P2P */
 418                 ret = ath6kl_wmi_probe_report_req_cmd(ar->wmi, true);
 419                 if (ret) {
 420                         ath6kl_dbg(ATH6KL_DBG_TRC, "failed to enable Probe "
 421                                    "Request reporting (%d)\n", ret);
 422                 }
 423         }
 424
 425         return status;
 426 }
 427
 428 int ath6kl_configure_target(struct ath6kl *ar)
 429 {
 430         u32 param, ram_reserved_size;
 431         u8 fw_iftype, fw_mode = 0, fw_submode = 0;
 432         int i;
 433
 434         /*
 435          * Note: Even though the firmware interface type is
 436          * chosen as BSS_STA for all three interfaces, can
 437          * be configured to IBSS/AP as long as the fw submode
 438          * remains normal mode (0 - AP, STA and IBSS). But
 439          * due to an target assert in firmware only one interface is
 440          * configured for now.
 441          */
 442         fw_iftype = HI_OPTION_FW_MODE_BSS_STA;
 443
 444         for (i = 0; i < MAX_NUM_VIF; i++)
 445                 fw_mode |= fw_iftype << (i * HI_OPTION_FW_MODE_BITS);
 446
 447         /*
 448          * By default, submodes :
 449          *              vif[0] - AP/STA/IBSS
 450          *              vif[1] - "P2P dev"/"P2P GO"/"P2P Client"
 451          *              vif[2] - "P2P dev"/"P2P GO"/"P2P Client"
 452          */
 453
 454         for (i = 0; i < ar->max_norm_iface; i++)
 455                 fw_submode |= HI_OPTION_FW_SUBMODE_NONE <<
 456                               (i * HI_OPTION_FW_SUBMODE_BITS);
 457
 458         for (i = ar->max_norm_iface; i < MAX_NUM_VIF; i++)
 459                 fw_submode |= HI_OPTION_FW_SUBMODE_P2PDEV <<
 460                               (i * HI_OPTION_FW_SUBMODE_BITS);
 461
 462         /*
 463          * FIXME: This needs to be removed once the multivif
 464          * support is enabled.
 465          */
 466         if (ar->p2p)
 467                 fw_submode = HI_OPTION_FW_SUBMODE_P2PDEV;
 468
 469         param = HTC_PROTOCOL_VERSION;
 470         if (ath6kl_bmi_write(ar,
 471                              ath6kl_get_hi_item_addr(ar,
 472                              HI_ITEM(hi_app_host_interest)),
 473                              (u8 *)&param, 4) != 0) {
 474                 ath6kl_err("bmi_write_memory for htc version failed\n");
 475                 return -EIO;
 476         }
 477
 478         /* set the firmware mode to STA/IBSS/AP */
 479         param = 0;
 480
 481         if (ath6kl_bmi_read(ar,
 482                             ath6kl_get_hi_item_addr(ar,
 483                             HI_ITEM(hi_option_flag)),
 484                             (u8 *)&param, 4) != 0) {
 485                 ath6kl_err("bmi_read_memory for setting fwmode failed\n");
 486                 return -EIO;
 487         }
 488
 489         param |= (MAX_NUM_VIF << HI_OPTION_NUM_DEV_SHIFT);
 490         param |= fw_mode << HI_OPTION_FW_MODE_SHIFT;
 491         param |= fw_submode << HI_OPTION_FW_SUBMODE_SHIFT;
 492
 493         param |= (0 << HI_OPTION_MAC_ADDR_METHOD_SHIFT);
 494         param |= (0 << HI_OPTION_FW_BRIDGE_SHIFT);
 495
 496         if (ath6kl_bmi_write(ar,
 497                              ath6kl_get_hi_item_addr(ar,
 498                              HI_ITEM(hi_option_flag)),
 499                              (u8 *)&param,
 500                              4) != 0) {
 501                 ath6kl_err("bmi_write_memory for setting fwmode failed\n");
 502                 return -EIO;
 503         }
 504
 505         ath6kl_dbg(ATH6KL_DBG_TRC, "firmware mode set\n");
 506
 507         /*
 508          * Hardcode the address use for the extended board data
 509          * Ideally this should be pre-allocate by the OS at boot time
 510          * But since it is a new feature and board data is loaded
 511          * at init time, we have to workaround this from host.
 512          * It is difficult to patch the firmware boot code,
 513          * but possible in theory.
 514          */
 515
 516         param = ar->hw.board_ext_data_addr;
 517         ram_reserved_size = ar->hw.reserved_ram_size;
 518
 519         if (ath6kl_bmi_write(ar, ath6kl_get_hi_item_addr(ar,
 520                                         HI_ITEM(hi_board_ext_data)),
 521                              (u8 *)&param, 4) != 0) {
 522                 ath6kl_err("bmi_write_memory for hi_board_ext_data failed\n");
 523                 return -EIO;
 524         }
 525
 526         if (ath6kl_bmi_write(ar, ath6kl_get_hi_item_addr(ar,
 527                                         HI_ITEM(hi_end_ram_reserve_sz)),
 528                              (u8 *)&ram_reserved_size, 4) != 0) {
 529                 ath6kl_err("bmi_write_memory for hi_end_ram_reserve_sz failed\n");
 530                 return -EIO;
 531         }
 532
 533         /* set the block size for the target */
 534         if (ath6kl_set_htc_params(ar, MBOX_YIELD_LIMIT, 0))
 535                 /* use default number of control buffers */
 536                 return -EIO;
 537
 538         return 0;
 539 }
 540
 541 void ath6kl_core_free(struct ath6kl *ar)
 542 {
 543         wiphy_free(ar->wiphy);
 544 }
 545
 546 void ath6kl_core_cleanup(struct ath6kl *ar)
 547 {
 548         destroy_workqueue(ar->ath6kl_wq);
 549
 550         if (ar->htc_target)
 551                 ath6kl_htc_cleanup(ar->htc_target);
 552
 553         ath6kl_cookie_cleanup(ar);
 554
 555         ath6kl_cleanup_amsdu_rxbufs(ar);
 556
 557         ath6kl_bmi_cleanup(ar);
 558
 559         ath6kl_debug_cleanup(ar);
 560
 561         kfree(ar->fw_board);
 562         kfree(ar->fw_otp);
 563         kfree(ar->fw);
 564         kfree(ar->fw_patch);
 565
 566         ath6kl_deinit_ieee80211_hw(ar);
 567 }
 568
 569 /* firmware upload */
 570 static int ath6kl_get_fw(struct ath6kl *ar, const char *filename,
 571                          u8 **fw, size_t *fw_len)
 572 {
 573         const struct firmware *fw_entry;
 574         int ret;
 575
 576         ret = request_firmware(&fw_entry, filename, ar->dev);
 577         if (ret)
 578                 return ret;
 579
 580         *fw_len = fw_entry->size;
 581         *fw = kmemdup(fw_entry->data, fw_entry->size, GFP_KERNEL);
 582
 583         if (*fw == NULL)
 584                 ret = -ENOMEM;
 585
 586         release_firmware(fw_entry);
 587
 588         return ret;
 589 }
 590
 591 #ifdef CONFIG_OF
 592 static const char *get_target_ver_dir(const struct ath6kl *ar)
 593 {
 594         switch (ar->version.target_ver) {
 595         case AR6003_REV1_VERSION:
 596                 return "ath6k/AR6003/hw1.0";
 597         case AR6003_REV2_VERSION:
 598                 return "ath6k/AR6003/hw2.0";
 599         case AR6003_REV3_VERSION:
 600                 return "ath6k/AR6003/hw2.1.1";
 601         }
 602         ath6kl_warn("%s: unsupported target version 0x%x.\n", __func__,
 603                     ar->version.target_ver);
 604         return NULL;
 605 }
 606
 607 /*
 608  * Check the device tree for a board-id and use it to construct
 609  * the pathname to the firmware file.  Used (for now) to find a
 610  * fallback to the "bdata.bin" file--typically a symlink to the
 611  * appropriate board-specific file.
 612  */
 613 static bool check_device_tree(struct ath6kl *ar)
 614 {
 615         static const char *board_id_prop = "atheros,board-id";
 616         struct device_node *node;
 617         char board_filename[64];
 618         const char *board_id;
 619         int ret;
 620
 621         for_each_compatible_node(node, NULL, "atheros,ath6kl") {
 622                 board_id = of_get_property(node, board_id_prop, NULL);
 623                 if (board_id == NULL) {
 624                         ath6kl_warn("No \"%s\" property on %s node.\n",
 625                                     board_id_prop, node->name);
 626                         continue;
 627                 }
 628                 snprintf(board_filename, sizeof(board_filename),
 629                          "%s/bdata.%s.bin", get_target_ver_dir(ar), board_id);
 630
 631                 ret = ath6kl_get_fw(ar, board_filename, &ar->fw_board,
 632                                     &ar->fw_board_len);
 633                 if (ret) {
 634                         ath6kl_err("Failed to get DT board file %s: %d\n",
 635                                    board_filename, ret);
 636                         continue;
 637                 }
 638                 return true;
 639         }
 640         return false;
 641 }
 642 #else
 643 static bool check_device_tree(struct ath6kl *ar)
 644 {
 645         return false;
 646 }
 647 #endif /* CONFIG_OF */
 648
 649 static int ath6kl_fetch_board_file(struct ath6kl *ar)
 650 {
 651         const char *filename;
 652         int ret;
 653
 654         if (ar->fw_board != NULL)
 655                 return 0;
 656
 657         switch (ar->version.target_ver) {
 658         case AR6003_REV2_VERSION:
 659                 filename = AR6003_REV2_BOARD_DATA_FILE;
 660                 break;
 661         case AR6004_REV1_VERSION:
 662                 filename = AR6004_REV1_BOARD_DATA_FILE;
 663                 break;
 664         default:
 665                 filename = AR6003_REV3_BOARD_DATA_FILE;
 666                 break;
 667         }
 668
 669         ret = ath6kl_get_fw(ar, filename, &ar->fw_board,
 670                             &ar->fw_board_len);
 671         if (ret == 0) {
 672                 /* managed to get proper board file */
 673                 return 0;
 674         }
 675
 676         if (check_device_tree(ar)) {
 677                 /* got board file from device tree */
 678                 return 0;
 679         }
 680
 681         /* there was no proper board file, try to use default instead */
 682         ath6kl_warn("Failed to get board file %s (%d), trying to find default board file.\n",
 683                     filename, ret);
 684
 685         switch (ar->version.target_ver) {
 686         case AR6003_REV2_VERSION:
 687                 filename = AR6003_REV2_DEFAULT_BOARD_DATA_FILE;
 688                 break;
 689         case AR6004_REV1_VERSION:
 690                 filename = AR6004_REV1_DEFAULT_BOARD_DATA_FILE;
 691                 break;
 692         default:
 693                 filename = AR6003_REV3_DEFAULT_BOARD_DATA_FILE;
 694                 break;
 695         }
 696
 697         ret = ath6kl_get_fw(ar, filename, &ar->fw_board,
 698                             &ar->fw_board_len);
 699         if (ret) {
 700                 ath6kl_err("Failed to get default board file %s: %d\n",
 701                            filename, ret);
 702                 return ret;
 703         }
 704
 705         ath6kl_warn("WARNING! No proper board file was not found, instead using a default board file.\n");
 706         ath6kl_warn("Most likely your hardware won't work as specified. Install correct board file!\n");
 707
 708         return 0;
 709 }
 710
 711 static int ath6kl_fetch_otp_file(struct ath6kl *ar)
 712 {
 713         const char *filename;
 714         int ret;
 715
 716         if (ar->fw_otp != NULL)
 717                 return 0;
 718
 719         switch (ar->version.target_ver) {
 720         case AR6003_REV2_VERSION:
 721                 filename = AR6003_REV2_OTP_FILE;
 722                 break;
 723         case AR6004_REV1_VERSION:
 724                 ath6kl_dbg(ATH6KL_DBG_TRC, "AR6004 doesn't need OTP file\n");
 725                 return 0;
 726                 break;
 727         default:
 728                 filename = AR6003_REV3_OTP_FILE;
 729                 break;
 730         }
 731
 732         ret = ath6kl_get_fw(ar, filename, &ar->fw_otp,
 733                             &ar->fw_otp_len);
 734         if (ret) {
 735                 ath6kl_err("Failed to get OTP file %s: %d\n",
 736                            filename, ret);
 737                 return ret;
 738         }
 739
 740         return 0;
 741 }
 742
 743 static int ath6kl_fetch_fw_file(struct ath6kl *ar)
 744 {
 745         const char *filename;
 746         int ret;
 747
 748         if (ar->fw != NULL)
 749                 return 0;
 750
 751         if (testmode) {
 752                 switch (ar->version.target_ver) {
 753                 case AR6003_REV2_VERSION:
 754                         filename = AR6003_REV2_TCMD_FIRMWARE_FILE;
 755                         break;
 756                 case AR6003_REV3_VERSION:
 757                         filename = AR6003_REV3_TCMD_FIRMWARE_FILE;
 758                         break;
 759                 case AR6004_REV1_VERSION:
 760                         ath6kl_warn("testmode not supported with ar6004\n");
 761                         return -EOPNOTSUPP;
 762                 default:
 763                         ath6kl_warn("unknown target version: 0x%x\n",
 764                                        ar->version.target_ver);
 765                         return -EINVAL;
 766                 }
 767
 768                 set_bit(TESTMODE, &ar->flag);
 769
 770                 goto get_fw;
 771         }
 772
 773         switch (ar->version.target_ver) {
 774         case AR6003_REV2_VERSION:
 775                 filename = AR6003_REV2_FIRMWARE_FILE;
 776                 break;
 777         case AR6004_REV1_VERSION:
 778                 filename = AR6004_REV1_FIRMWARE_FILE;
 779                 break;
 780         default:
 781                 filename = AR6003_REV3_FIRMWARE_FILE;
 782                 break;
 783         }
 784
 785 get_fw:
 786         ret = ath6kl_get_fw(ar, filename, &ar->fw, &ar->fw_len);
 787         if (ret) {
 788                 ath6kl_err("Failed to get firmware file %s: %d\n",
 789                            filename, ret);
 790                 return ret;
 791         }
 792
 793         return 0;
 794 }
 795
 796 static int ath6kl_fetch_patch_file(struct ath6kl *ar)
 797 {
 798         const char *filename;
 799         int ret;
 800
 801         switch (ar->version.target_ver) {
 802         case AR6003_REV2_VERSION:
 803                 filename = AR6003_REV2_PATCH_FILE;
 804                 break;
 805         case AR6004_REV1_VERSION:
 806                 /* FIXME: implement for AR6004 */
 807                 return 0;
 808                 break;
 809         default:
 810                 filename = AR6003_REV3_PATCH_FILE;
 811                 break;
 812         }
 813
 814         if (ar->fw_patch == NULL) {
 815                 ret = ath6kl_get_fw(ar, filename, &ar->fw_patch,
 816                                     &ar->fw_patch_len);
 817                 if (ret) {
 818                         ath6kl_err("Failed to get patch file %s: %d\n",
 819                                    filename, ret);
 820                         return ret;
 821                 }
 822         }
 823
 824         return 0;
 825 }
 826
 827 static int ath6kl_fetch_fw_api1(struct ath6kl *ar)
 828 {
 829         int ret;
 830
 831         ret = ath6kl_fetch_otp_file(ar);
 832         if (ret)
 833                 return ret;
 834
 835         ret = ath6kl_fetch_fw_file(ar);
 836         if (ret)
 837                 return ret;
 838
 839         ret = ath6kl_fetch_patch_file(ar);
 840         if (ret)
 841                 return ret;
 842
 843         return 0;
 844 }
 845
 846 static int ath6kl_fetch_fw_api2(struct ath6kl *ar)
 847 {
 848         size_t magic_len, len, ie_len;
 849         const struct firmware *fw;
 850         struct ath6kl_fw_ie *hdr;
 851         const char *filename;
 852         const u8 *data;
 853         int ret, ie_id, i, index, bit;
 854         __le32 *val;
 855
 856         switch (ar->version.target_ver) {
 857         case AR6003_REV2_VERSION:
 858                 filename = AR6003_REV2_FIRMWARE_2_FILE;
 859                 break;
 860         case AR6003_REV3_VERSION:
 861                 filename = AR6003_REV3_FIRMWARE_2_FILE;
 862                 break;
 863         case AR6004_REV1_VERSION:
 864                 filename = AR6004_REV1_FIRMWARE_2_FILE;
 865                 break;
 866         default:
 867                 return -EOPNOTSUPP;
 868         }
 869
 870         ret = request_firmware(&fw, filename, ar->dev);
 871         if (ret)
 872                 return ret;
 873
 874         data = fw->data;
 875         len = fw->size;
 876
 877         /* magic also includes the null byte, check that as well */
 878         magic_len = strlen(ATH6KL_FIRMWARE_MAGIC) + 1;
 879
 880         if (len < magic_len) {
 881                 ret = -EINVAL;
 882                 goto out;
 883         }
 884
 885         if (memcmp(data, ATH6KL_FIRMWARE_MAGIC, magic_len) != 0) {
 886                 ret = -EINVAL;
 887                 goto out;
 888         }
 889
 890         len -= magic_len;
 891         data += magic_len;
 892
 893         /* loop elements */
 894         while (len > sizeof(struct ath6kl_fw_ie)) {
 895                 /* hdr is unaligned! */
 896                 hdr = (struct ath6kl_fw_ie *) data;
 897
 898                 ie_id = le32_to_cpup(&hdr->id);
 899                 ie_len = le32_to_cpup(&hdr->len);
 900
 901                 len -= sizeof(*hdr);
 902                 data += sizeof(*hdr);
 903
 904                 if (len < ie_len) {
 905                         ret = -EINVAL;
 906                         goto out;
 907                 }
 908
 909                 switch (ie_id) {
 910                 case ATH6KL_FW_IE_OTP_IMAGE:
 911                         ath6kl_dbg(ATH6KL_DBG_BOOT, "found otp image ie (%zd B)\n",
 912                                 ie_len);
 913
 914                         ar->fw_otp = kmemdup(data, ie_len, GFP_KERNEL);
 915
 916                         if (ar->fw_otp == NULL) {
 917                                 ret = -ENOMEM;
 918                                 goto out;
 919                         }
 920
 921                         ar->fw_otp_len = ie_len;
 922                         break;
 923                 case ATH6KL_FW_IE_FW_IMAGE:
 924                         ath6kl_dbg(ATH6KL_DBG_BOOT, "found fw image ie (%zd B)\n",
 925                                 ie_len);
 926
 927                         ar->fw = kmemdup(data, ie_len, GFP_KERNEL);
 928
 929                         if (ar->fw == NULL) {
 930                                 ret = -ENOMEM;
 931                                 goto out;
 932                         }
 933
 934                         ar->fw_len = ie_len;
 935                         break;
 936                 case ATH6KL_FW_IE_PATCH_IMAGE:
 937                         ath6kl_dbg(ATH6KL_DBG_BOOT, "found patch image ie (%zd B)\n",
 938                                 ie_len);
 939
 940                         ar->fw_patch = kmemdup(data, ie_len, GFP_KERNEL);
 941
 942                         if (ar->fw_patch == NULL) {
 943                                 ret = -ENOMEM;
 944                                 goto out;
 945                         }
 946
 947                         ar->fw_patch_len = ie_len;
 948                         break;
 949                 case ATH6KL_FW_IE_RESERVED_RAM_SIZE:
 950                         val = (__le32 *) data;
 951                         ar->hw.reserved_ram_size = le32_to_cpup(val);
 952
 953                         ath6kl_dbg(ATH6KL_DBG_BOOT,
 954                                    "found reserved ram size ie 0x%d\n",
 955                                    ar->hw.reserved_ram_size);
 956                         break;
 957                 case ATH6KL_FW_IE_CAPABILITIES:
 958                         ath6kl_dbg(ATH6KL_DBG_BOOT,
 959                                    "found firmware capabilities ie (%zd B)\n",
 960                                    ie_len);
 961
 962                         for (i = 0; i < ATH6KL_FW_CAPABILITY_MAX; i++) {
 963                                 index = ALIGN(i, 8) / 8;
 964                                 bit = i % 8;
 965
 966                                 if (data[index] & (1 << bit))
 967                                         __set_bit(i, ar->fw_capabilities);
 968                         }
 969
 970                         ath6kl_dbg_dump(ATH6KL_DBG_BOOT, "capabilities", "",
 971                                         ar->fw_capabilities,
 972                                         sizeof(ar->fw_capabilities));
 973                         break;
 974                 case ATH6KL_FW_IE_PATCH_ADDR:
 975                         if (ie_len != sizeof(*val))
 976                                 break;
 977
 978                         val = (__le32 *) data;
 979                         ar->hw.dataset_patch_addr = le32_to_cpup(val);
 980
 981                         ath6kl_dbg(ATH6KL_DBG_BOOT,
 982                                    "found patch address ie 0x%d\n",
 983                                    ar->hw.dataset_patch_addr);
 984                         break;
 985                 default:
 986                         ath6kl_dbg(ATH6KL_DBG_BOOT, "Unknown fw ie: %u\n",
 987                                    le32_to_cpup(&hdr->id));
 988                         break;
 989                 }
 990
 991                 len -= ie_len;
 992                 data += ie_len;
 993         };
 994
 995         ret = 0;
 996 out:
 997         release_firmware(fw);
 998
 999         return ret;
1000 }
1001
1002 static int ath6kl_fetch_firmwares(struct ath6kl *ar)
1003 {
1004         int ret;
1005
1006         ret = ath6kl_fetch_board_file(ar);
1007         if (ret)
1008                 return ret;
1009
1010         ret = ath6kl_fetch_fw_api2(ar);
1011         if (ret == 0) {
1012                 ath6kl_dbg(ATH6KL_DBG_BOOT, "using fw api 2\n");
1013                 return 0;
1014         }
1015
1016         ret = ath6kl_fetch_fw_api1(ar);
1017         if (ret)
1018                 return ret;
1019
1020         ath6kl_dbg(ATH6KL_DBG_BOOT, "using fw api 1\n");
1021
1022         return 0;
1023 }
1024
1025 static int ath6kl_upload_board_file(struct ath6kl *ar)
1026 {
1027         u32 board_address, board_ext_address, param;
1028         u32 board_data_size, board_ext_data_size;
1029         int ret;
1030
1031         if (WARN_ON(ar->fw_board == NULL))
1032                 return -ENOENT;
1033
1034         /*
1035          * Determine where in Target RAM to write Board Data.
1036          * For AR6004, host determine Target RAM address for
1037          * writing board data.
1038          */
1039         if (ar->target_type == TARGET_TYPE_AR6004) {
1040                 board_address = AR6004_REV1_BOARD_DATA_ADDRESS;
1041                 ath6kl_bmi_write(ar,
1042                                 ath6kl_get_hi_item_addr(ar,
1043                                 HI_ITEM(hi_board_data)),
1044                                 (u8 *) &board_address, 4);
1045         } else {
1046                 ath6kl_bmi_read(ar,
1047                                 ath6kl_get_hi_item_addr(ar,
1048                                 HI_ITEM(hi_board_data)),
1049                                 (u8 *) &board_address, 4);
1050         }
1051
1052         /* determine where in target ram to write extended board data */
1053         ath6kl_bmi_read(ar,
1054                         ath6kl_get_hi_item_addr(ar,
1055                         HI_ITEM(hi_board_ext_data)),
1056                         (u8 *) &board_ext_address, 4);
1057
1058         if (board_ext_address == 0) {
1059                 ath6kl_err("Failed to get board file target address.\n");
1060                 return -EINVAL;
1061         }
1062
1063         switch (ar->target_type) {
1064         case TARGET_TYPE_AR6003:
1065                 board_data_size = AR6003_BOARD_DATA_SZ;
1066                 board_ext_data_size = AR6003_BOARD_EXT_DATA_SZ;
1067                 break;
1068         case TARGET_TYPE_AR6004:
1069                 board_data_size = AR6004_BOARD_DATA_SZ;
1070                 board_ext_data_size = AR6004_BOARD_EXT_DATA_SZ;
1071                 break;
1072         default:
1073                 WARN_ON(1);
1074                 return -EINVAL;
1075                 break;
1076         }
1077
1078         if (ar->fw_board_len == (board_data_size +
1079                                  board_ext_data_size)) {
1080
1081                 /* write extended board data */
1082                 ath6kl_dbg(ATH6KL_DBG_BOOT,
1083                            "writing extended board data to 0x%x (%d B)\n",
1084                            board_ext_address, board_ext_data_size);
1085
1086                 ret = ath6kl_bmi_write(ar, board_ext_address,
1087                                        ar->fw_board + board_data_size,
1088                                        board_ext_data_size);
1089                 if (ret) {
1090                         ath6kl_err("Failed to write extended board data: %d\n",
1091                                    ret);
1092                         return ret;
1093                 }
1094
1095                 /* record that extended board data is initialized */
1096                 param = (board_ext_data_size << 16) | 1;
1097
1098                 ath6kl_bmi_write(ar,
1099                                  ath6kl_get_hi_item_addr(ar,
1100                                  HI_ITEM(hi_board_ext_data_config)),
1101                                  (unsigned char *) &param, 4);
1102         }
1103
1104         if (ar->fw_board_len < board_data_size) {
1105                 ath6kl_err("Too small board file: %zu\n", ar->fw_board_len);
1106                 ret = -EINVAL;
1107                 return ret;
1108         }
1109
1110         ath6kl_dbg(ATH6KL_DBG_BOOT, "writing board file to 0x%x (%d B)\n",
1111                    board_address, board_data_size);
1112
1113         ret = ath6kl_bmi_write(ar, board_address, ar->fw_board,
1114                                board_data_size);
1115
1116         if (ret) {
1117                 ath6kl_err("Board file bmi write failed: %d\n", ret);
1118                 return ret;
1119         }
1120
1121         /* record the fact that Board Data IS initialized */
1122         param = 1;
1123         ath6kl_bmi_write(ar,
1124                          ath6kl_get_hi_item_addr(ar,
1125                          HI_ITEM(hi_board_data_initialized)),
1126                          (u8 *)&param, 4);
1127
1128         return ret;
1129 }
1130
1131 static int ath6kl_upload_otp(struct ath6kl *ar)
1132 {
1133         u32 address, param;
1134         bool from_hw = false;
1135         int ret;
1136
1137         if (WARN_ON(ar->fw_otp == NULL))
1138                 return -ENOENT;
1139
1140         address = ar->hw.app_load_addr;
1141
1142         ath6kl_dbg(ATH6KL_DBG_BOOT, "writing otp to 0x%x (%zd B)\n", address,
1143                    ar->fw_otp_len);
1144
1145         ret = ath6kl_bmi_fast_download(ar, address, ar->fw_otp,
1146                                        ar->fw_otp_len);
1147         if (ret) {
1148                 ath6kl_err("Failed to upload OTP file: %d\n", ret);
1149                 return ret;
1150         }
1151
1152         /* read firmware start address */
1153         ret = ath6kl_bmi_read(ar,
1154                               ath6kl_get_hi_item_addr(ar,
1155                                                       HI_ITEM(hi_app_start)),
1156                               (u8 *) &address, sizeof(address));
1157
1158         if (ret) {
1159                 ath6kl_err("Failed to read hi_app_start: %d\n", ret);
1160                 return ret;
1161         }
1162
1163         if (ar->hw.app_start_override_addr == 0) {
1164                 ar->hw.app_start_override_addr = address;
1165                 from_hw = true;
1166         }
1167
1168         ath6kl_dbg(ATH6KL_DBG_BOOT, "app_start_override_addr%s 0x%x\n",
1169                    from_hw ? " (from hw)" : "",
1170                    ar->hw.app_start_override_addr);
1171
1172         /* execute the OTP code */
1173         ath6kl_dbg(ATH6KL_DBG_BOOT, "executing OTP at 0x%x\n",
1174                    ar->hw.app_start_override_addr);
1175         param = 0;
1176         ath6kl_bmi_execute(ar, ar->hw.app_start_override_addr, &param);
1177
1178         return ret;
1179 }
1180
1181 static int ath6kl_upload_firmware(struct ath6kl *ar)
1182 {
1183         u32 address;
1184         int ret;
1185
1186         if (WARN_ON(ar->fw == NULL))
1187                 return -ENOENT;
1188
1189         address = ar->hw.app_load_addr;
1190
1191         ath6kl_dbg(ATH6KL_DBG_BOOT, "writing firmware to 0x%x (%zd B)\n",
1192                    address, ar->fw_len);
1193
1194         ret = ath6kl_bmi_fast_download(ar, address, ar->fw, ar->fw_len);
1195
1196         if (ret) {
1197                 ath6kl_err("Failed to write firmware: %d\n", ret);
1198                 return ret;
1199         }
1200
1201         /*
1202          * Set starting address for firmware
1203          * Don't need to setup app_start override addr on AR6004
1204          */
1205         if (ar->target_type != TARGET_TYPE_AR6004) {
1206                 address = ar->hw.app_start_override_addr;
1207                 ath6kl_bmi_set_app_start(ar, address);
1208         }
1209         return ret;
1210 }
1211
1212 static int ath6kl_upload_patch(struct ath6kl *ar)
1213 {
1214         u32 address, param;
1215         int ret;
1216
1217         if (WARN_ON(ar->fw_patch == NULL))
1218                 return -ENOENT;
1219
1220         address = ar->hw.dataset_patch_addr;
1221
1222         ath6kl_dbg(ATH6KL_DBG_BOOT, "writing patch to 0x%x (%zd B)\n",
1223                    address, ar->fw_patch_len);
1224
1225         ret = ath6kl_bmi_write(ar, address, ar->fw_patch, ar->fw_patch_len);
1226         if (ret) {
1227                 ath6kl_err("Failed to write patch file: %d\n", ret);
1228                 return ret;
1229         }
1230
1231         param = address;
1232         ath6kl_bmi_write(ar,
1233                          ath6kl_get_hi_item_addr(ar,
1234                          HI_ITEM(hi_dset_list_head)),
1235                          (unsigned char *) &param, 4);
1236
1237         return 0;
1238 }
1239
1240 static int ath6kl_init_upload(struct ath6kl *ar)
1241 {
1242         u32 param, options, sleep, address;
1243         int status = 0;
1244
1245         if (ar->target_type != TARGET_TYPE_AR6003 &&
1246                 ar->target_type != TARGET_TYPE_AR6004)
1247                 return -EINVAL;
1248
1249         /* temporarily disable system sleep */
1250         address = MBOX_BASE_ADDRESS + LOCAL_SCRATCH_ADDRESS;
1251         status = ath6kl_bmi_reg_read(ar, address, &param);
1252         if (status)
1253                 return status;
1254
1255         options = param;
1256
1257         param |= ATH6KL_OPTION_SLEEP_DISABLE;
1258         status = ath6kl_bmi_reg_write(ar, address, param);
1259         if (status)
1260                 return status;
1261
1262         address = RTC_BASE_ADDRESS + SYSTEM_SLEEP_ADDRESS;
1263         status = ath6kl_bmi_reg_read(ar, address, &param);
1264         if (status)
1265                 return status;
1266
1267         sleep = param;
1268
1269         param |= SM(SYSTEM_SLEEP_DISABLE, 1);
1270         status = ath6kl_bmi_reg_write(ar, address, param);
1271         if (status)
1272                 return status;
1273
1274         ath6kl_dbg(ATH6KL_DBG_TRC, "old options: %d, old sleep: %d\n",
1275                    options, sleep);
1276
1277         /* program analog PLL register */
1278         /* no need to control 40/44MHz clock on AR6004 */
1279         if (ar->target_type != TARGET_TYPE_AR6004) {
1280                 status = ath6kl_bmi_reg_write(ar, ATH6KL_ANALOG_PLL_REGISTER,
1281                                               0xF9104001);
1282
1283                 if (status)
1284                         return status;
1285
1286                 /* Run at 80/88MHz by default */
1287                 param = SM(CPU_CLOCK_STANDARD, 1);
1288
1289                 address = RTC_BASE_ADDRESS + CPU_CLOCK_ADDRESS;
1290                 status = ath6kl_bmi_reg_write(ar, address, param);
1291                 if (status)
1292                         return status;
1293         }
1294
1295         param = 0;
1296         address = RTC_BASE_ADDRESS + LPO_CAL_ADDRESS;
1297         param = SM(LPO_CAL_ENABLE, 1);
1298         status = ath6kl_bmi_reg_write(ar, address, param);
1299         if (status)
1300                 return status;
1301
1302         /* WAR to avoid SDIO CRC err */
1303         if (ar->version.target_ver == AR6003_REV2_VERSION) {
1304                 ath6kl_err("temporary war to avoid sdio crc error\n");
1305
1306                 param = 0x20;
1307
1308                 address = GPIO_BASE_ADDRESS + GPIO_PIN10_ADDRESS;
1309                 status = ath6kl_bmi_reg_write(ar, address, param);
1310                 if (status)
1311                         return status;
1312
1313                 address = GPIO_BASE_ADDRESS + GPIO_PIN11_ADDRESS;
1314                 status = ath6kl_bmi_reg_write(ar, address, param);
1315                 if (status)
1316                         return status;
1317
1318                 address = GPIO_BASE_ADDRESS + GPIO_PIN12_ADDRESS;
1319                 status = ath6kl_bmi_reg_write(ar, address, param);
1320                 if (status)
1321                         return status;
1322
1323                 address = GPIO_BASE_ADDRESS + GPIO_PIN13_ADDRESS;
1324                 status = ath6kl_bmi_reg_write(ar, address, param);
1325                 if (status)
1326                         return status;
1327         }
1328
1329         /* write EEPROM data to Target RAM */
1330         status = ath6kl_upload_board_file(ar);
1331         if (status)
1332                 return status;
1333
1334         /* transfer One time Programmable data */
1335         status = ath6kl_upload_otp(ar);
1336         if (status)
1337                 return status;
1338
1339         /* Download Target firmware */
1340         status = ath6kl_upload_firmware(ar);
1341         if (status)
1342                 return status;
1343
1344         status = ath6kl_upload_patch(ar);
1345         if (status)
1346                 return status;
1347
1348         /* Restore system sleep */
1349         address = RTC_BASE_ADDRESS + SYSTEM_SLEEP_ADDRESS;
1350         status = ath6kl_bmi_reg_write(ar, address, sleep);
1351         if (status)
1352                 return status;
1353
1354         address = MBOX_BASE_ADDRESS + LOCAL_SCRATCH_ADDRESS;
1355         param = options | 0x20;
1356         status = ath6kl_bmi_reg_write(ar, address, param);
1357         if (status)
1358                 return status;
1359
1360         /* Configure GPIO AR6003 UART */
1361         param = CONFIG_AR600x_DEBUG_UART_TX_PIN;
1362         status = ath6kl_bmi_write(ar,
1363                                   ath6kl_get_hi_item_addr(ar,
1364                                   HI_ITEM(hi_dbg_uart_txpin)),
1365                                   (u8 *)&param, 4);
1366
1367         return status;
1368 }
1369
1370 static int ath6kl_init_hw_params(struct ath6kl *ar)
1371 {
1372         switch (ar->version.target_ver) {
1373         case AR6003_REV2_VERSION:
1374                 ar->hw.dataset_patch_addr = AR6003_REV2_DATASET_PATCH_ADDRESS;
1375                 ar->hw.app_load_addr = AR6003_REV2_APP_LOAD_ADDRESS;
1376                 ar->hw.board_ext_data_addr = AR6003_REV2_BOARD_EXT_DATA_ADDRESS;
1377                 ar->hw.reserved_ram_size = AR6003_REV2_RAM_RESERVE_SIZE;
1378
1379                 /* hw2.0 needs override address hardcoded */
1380                 ar->hw.app_start_override_addr = 0x944C00;
1381
1382                 break;
1383         case AR6003_REV3_VERSION:
1384                 ar->hw.dataset_patch_addr = AR6003_REV3_DATASET_PATCH_ADDRESS;
1385                 ar->hw.app_load_addr = 0x1234;
1386                 ar->hw.board_ext_data_addr = AR6003_REV3_BOARD_EXT_DATA_ADDRESS;
1387                 ar->hw.reserved_ram_size = AR6003_REV3_RAM_RESERVE_SIZE;
1388                 break;
1389         case AR6004_REV1_VERSION:
1390                 ar->hw.dataset_patch_addr = AR6003_REV2_DATASET_PATCH_ADDRESS;
1391                 ar->hw.app_load_addr = AR6003_REV3_APP_LOAD_ADDRESS;
1392                 ar->hw.board_ext_data_addr = AR6004_REV1_BOARD_EXT_DATA_ADDRESS;
1393                 ar->hw.reserved_ram_size = AR6004_REV1_RAM_RESERVE_SIZE;
1394                 break;
1395         default:
1396                 ath6kl_err("Unsupported hardware version: 0x%x\n",
1397                            ar->version.target_ver);
1398                 return -EINVAL;
1399         }
1400
1401         ath6kl_dbg(ATH6KL_DBG_BOOT,
1402                    "target_ver 0x%x target_type 0x%x dataset_patch 0x%x app_load_addr 0x%x\n",
1403                    ar->version.target_ver, ar->target_type,
1404                    ar->hw.dataset_patch_addr, ar->hw.app_load_addr);
1405         ath6kl_dbg(ATH6KL_DBG_BOOT,
1406                    "app_start_override_addr 0x%x board_ext_data_addr 0x%x reserved_ram_size 0x%x",
1407                    ar->hw.app_start_override_addr, ar->hw.board_ext_data_addr,
1408                    ar->hw.reserved_ram_size);
1409
1410         return 0;
1411 }
1412
1413 static int ath6kl_init(struct ath6kl *ar)
1414 {
1415         int status = 0;
1416         s32 timeleft;
1417         struct net_device *ndev;
1418         int i;
1419
1420         if (!ar)
1421                 return -EIO;
1422
1423         /* Do we need to finish the BMI phase */
1424         if (ath6kl_bmi_done(ar)) {
1425                 status = -EIO;
1426                 goto ath6kl_init_done;
1427         }
1428
1429         /* Indicate that WMI is enabled (although not ready yet) */
1430         set_bit(WMI_ENABLED, &ar->flag);
1431         ar->wmi = ath6kl_wmi_init(ar);
1432         if (!ar->wmi) {
1433                 ath6kl_err("failed to initialize wmi\n");
1434                 status = -EIO;
1435                 goto ath6kl_init_done;
1436         }
1437
1438         ath6kl_dbg(ATH6KL_DBG_TRC, "%s: got wmi @ 0x%p.\n", __func__, ar->wmi);
1439
1440         status = ath6kl_register_ieee80211_hw(ar);
1441         if (status)
1442                 goto err_node_cleanup;
1443
1444         status = ath6kl_debug_init(ar);
1445         if (status) {
1446                 wiphy_unregister(ar->wiphy);
1447                 goto err_node_cleanup;
1448         }
1449
1450         for (i = 0; i < MAX_NUM_VIF; i++)
1451                 ar->avail_idx_map |= BIT(i);
1452
1453         rtnl_lock();
1454
1455         /* Add an initial station interface */
1456         ndev = ath6kl_interface_add(ar, "wlan%d", NL80211_IFTYPE_STATION, 0,
1457                                     INFRA_NETWORK);
1458
1459         rtnl_unlock();
1460
1461         if (!ndev) {
1462                 ath6kl_err("Failed to instantiate a network device\n");
1463                 status = -ENOMEM;
1464                 wiphy_unregister(ar->wiphy);
1465                 goto err_debug_init;
1466         }
1467
1468
1469         ath6kl_dbg(ATH6KL_DBG_TRC, "%s: name=%s dev=0x%p, ar=0x%p\n",
1470                         __func__, ndev->name, ndev, ar);
1471
1472         /*
1473          * The reason we have to wait for the target here is that the
1474          * driver layer has to init BMI in order to set the host block
1475          * size.
1476          */
1477         if (ath6kl_htc_wait_target(ar->htc_target)) {
1478                 status = -EIO;
1479                 goto err_if_deinit;
1480         }
1481
1482         if (ath6kl_init_service_ep(ar)) {
1483                 status = -EIO;
1484                 goto err_cleanup_scatter;
1485         }
1486
1487         /* setup access class priority mappings */
1488         ar->ac_stream_pri_map[WMM_AC_BK] = 0; /* lowest  */
1489         ar->ac_stream_pri_map[WMM_AC_BE] = 1;
1490         ar->ac_stream_pri_map[WMM_AC_VI] = 2;
1491         ar->ac_stream_pri_map[WMM_AC_VO] = 3; /* highest */
1492
1493         /* give our connected endpoints some buffers */
1494         ath6kl_rx_refill(ar->htc_target, ar->ctrl_ep);
1495         ath6kl_rx_refill(ar->htc_target, ar->ac2ep_map[WMM_AC_BE]);
1496
1497         /* allocate some buffers that handle larger AMSDU frames */
1498         ath6kl_refill_amsdu_rxbufs(ar, ATH6KL_MAX_AMSDU_RX_BUFFERS);
1499
1500         /* setup credit distribution */
1501         ath6k_setup_credit_dist(ar->htc_target, &ar->credit_state_info);
1502
1503         ath6kl_cookie_init(ar);
1504
1505         /* start HTC */
1506         status = ath6kl_htc_start(ar->htc_target);
1507
1508         if (status) {
1509                 ath6kl_cookie_cleanup(ar);
1510                 goto err_rxbuf_cleanup;
1511         }
1512
1513         /* Wait for Wmi event to be ready */
1514         timeleft = wait_event_interruptible_timeout(ar->event_wq,
1515                                                     test_bit(WMI_READY,
1516                                                              &ar->flag),
1517                                                     WMI_TIMEOUT);
1518
1519         ath6kl_dbg(ATH6KL_DBG_BOOT, "firmware booted\n");
1520
1521         if (ar->version.abi_ver != ATH6KL_ABI_VERSION) {
1522                 ath6kl_err("abi version mismatch: host(0x%x), target(0x%x)\n",
1523                            ATH6KL_ABI_VERSION, ar->version.abi_ver);
1524                 status = -EIO;
1525                 goto err_htc_stop;
1526         }
1527
1528         if (!timeleft || signal_pending(current)) {
1529                 ath6kl_err("wmi is not ready or wait was interrupted\n");
1530                 status = -EIO;
1531                 goto err_htc_stop;
1532         }
1533
1534         ath6kl_dbg(ATH6KL_DBG_TRC, "%s: wmi is ready\n", __func__);
1535
1536         /* communicate the wmi protocol verision to the target */
1537         if ((ath6kl_set_host_app_area(ar)) != 0)
1538                 ath6kl_err("unable to set the host app area\n");
1539
1540         ar->conf_flags = ATH6KL_CONF_IGNORE_ERP_BARKER |
1541                          ATH6KL_CONF_ENABLE_11N | ATH6KL_CONF_ENABLE_TX_BURST;
1542
1543         ar->wiphy->flags |= WIPHY_FLAG_SUPPORTS_FW_ROAM |
1544                             WIPHY_FLAG_HAVE_AP_SME;
1545
1546         status = ath6kl_target_config_wlan_params(ar);
1547         if (status)
1548                 goto err_htc_stop;
1549
1550         /*
1551          * Set mac address which is received in ready event
1552          * FIXME: Move to ath6kl_interface_add()
1553          */
1554         memcpy(ndev->dev_addr, ar->mac_addr, ETH_ALEN);
1555
1556         return status;
1557
1558 err_htc_stop:
1559         ath6kl_htc_stop(ar->htc_target);
1560 err_rxbuf_cleanup:
1561         ath6kl_htc_flush_rx_buf(ar->htc_target);
1562         ath6kl_cleanup_amsdu_rxbufs(ar);
1563 err_cleanup_scatter:
1564         ath6kl_hif_cleanup_scatter(ar);
1565 err_if_deinit:
1566         rtnl_lock();
1567         ath6kl_deinit_if_data(netdev_priv(ndev));
1568         rtnl_unlock();
1569         wiphy_unregister(ar->wiphy);
1570 err_debug_init:
1571         ath6kl_debug_cleanup(ar);
1572 err_node_cleanup:
1573         ath6kl_wmi_shutdown(ar->wmi);
1574         clear_bit(WMI_ENABLED, &ar->flag);
1575         ar->wmi = NULL;
1576
1577 ath6kl_init_done:
1578         return status;
1579 }
1580
1581 int ath6kl_core_init(struct ath6kl *ar)
1582 {
1583         int ret = 0;
1584         struct ath6kl_bmi_target_info targ_info;
1585
1586         ar->ath6kl_wq = create_singlethread_workqueue("ath6kl");
1587         if (!ar->ath6kl_wq)
1588                 return -ENOMEM;
1589
1590         ret = ath6kl_bmi_init(ar);
1591         if (ret)
1592                 goto err_wq;
1593
1594         ret = ath6kl_bmi_get_target_info(ar, &targ_info);
1595         if (ret)
1596                 goto err_bmi_cleanup;
1597
1598         ar->version.target_ver = le32_to_cpu(targ_info.version);
1599         ar->target_type = le32_to_cpu(targ_info.type);
1600         ar->wiphy->hw_version = le32_to_cpu(targ_info.version);
1601
1602         ret = ath6kl_init_hw_params(ar);
1603         if (ret)
1604                 goto err_bmi_cleanup;
1605
1606         ret = ath6kl_configure_target(ar);
1607         if (ret)
1608                 goto err_bmi_cleanup;
1609
1610         ar->htc_target = ath6kl_htc_create(ar);
1611
1612         if (!ar->htc_target) {
1613                 ret = -ENOMEM;
1614                 goto err_bmi_cleanup;
1615         }
1616
1617         ret = ath6kl_fetch_firmwares(ar);
1618         if (ret)
1619                 goto err_htc_cleanup;
1620
1621         ret = ath6kl_init_upload(ar);
1622         if (ret)
1623                 goto err_htc_cleanup;
1624
1625         ret = ath6kl_init(ar);
1626         if (ret)
1627                 goto err_htc_cleanup;
1628
1629         return ret;
1630
1631 err_htc_cleanup:
1632         ath6kl_htc_cleanup(ar->htc_target);
1633 err_bmi_cleanup:
1634         ath6kl_bmi_cleanup(ar);
1635 err_wq:
1636         destroy_workqueue(ar->ath6kl_wq);
1637
1638         return ret;
1639 }
1640
1641 void ath6kl_cleanup_vif(struct ath6kl_vif *vif, bool wmi_ready)
1642 {
1643         static u8 bcast_mac[] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
1644         bool discon_issued;
1645
1646         netif_stop_queue(vif->ndev);
1647
1648         clear_bit(WLAN_ENABLED, &vif->flags);
1649
1650         if (wmi_ready) {
1651                 discon_issued = test_bit(CONNECTED, &vif->flags) ||
1652                                 test_bit(CONNECT_PEND, &vif->flags);
1653                 ath6kl_disconnect(vif);
1654                 del_timer(&vif->disconnect_timer);
1655
1656                 if (discon_issued)
1657                         ath6kl_disconnect_event(vif, DISCONNECT_CMD,
1658                                                 (vif->nw_type & AP_NETWORK) ?
1659                                                 bcast_mac : vif->bssid,
1660                                                 0, NULL, 0);
1661         }
1662
1663         if (vif->scan_req) {
1664                 cfg80211_scan_done(vif->scan_req, true);
1665                 vif->scan_req = NULL;
1666         }
1667 }
1668
1669 void ath6kl_stop_txrx(struct ath6kl *ar)
1670 {
1671         struct ath6kl_vif *vif, *tmp_vif;
1672
1673         set_bit(DESTROY_IN_PROGRESS, &ar->flag);
1674
1675         if (down_interruptible(&ar->sem)) {
1676                 ath6kl_err("down_interruptible failed\n");
1677                 return;
1678         }
1679
1680         spin_lock(&ar->list_lock);
1681         list_for_each_entry_safe(vif, tmp_vif, &ar->vif_list, list) {
1682                 list_del(&vif->list);
1683                 spin_unlock(&ar->list_lock);
1684                 ath6kl_cleanup_vif(vif, test_bit(WMI_READY, &ar->flag));
1685                 rtnl_lock();
1686                 ath6kl_deinit_if_data(vif);
1687                 rtnl_unlock();
1688                 spin_lock(&ar->list_lock);
1689         }
1690         spin_unlock(&ar->list_lock);
1691
1692         clear_bit(WMI_READY, &ar->flag);
1693
1694         /*
1695          * After wmi_shudown all WMI events will be dropped. We
1696          * need to cleanup the buffers allocated in AP mode and
1697          * give disconnect notification to stack, which usually
1698          * happens in the disconnect_event. Simulate the disconnect
1699          * event by calling the function directly. Sometimes
1700          * disconnect_event will be received when the debug logs
1701          * are collected.
1702          */
1703         ath6kl_wmi_shutdown(ar->wmi);
1704
1705         clear_bit(WMI_ENABLED, &ar->flag);
1706         if (ar->htc_target) {
1707                 ath6kl_dbg(ATH6KL_DBG_TRC, "%s: shut down htc\n", __func__);
1708                 ath6kl_htc_stop(ar->htc_target);
1709         }
1710
1711         /*
1712          * Try to reset the device if we can. The driver may have been
1713          * configure NOT to reset the target during a debug session.
1714          */
1715         ath6kl_dbg(ATH6KL_DBG_TRC,
1716                         "attempting to reset target on instance destroy\n");
1717         ath6kl_reset_device(ar, ar->target_type, true, true);
1718
1719         clear_bit(WLAN_ENABLED, &ar->flag);
1720 }