1 /* src/prism2/driver/hfa384x_usb.c
3 * Functions that talk to the USB variantof the Intersil hfa384x MAC
5 * Copyright (C) 1999 AbsoluteValue Systems, Inc. All Rights Reserved.
6 * --------------------------------------------------------------------
10 * The contents of this file are subject to the Mozilla Public
11 * License Version 1.1 (the "License"); you may not use this file
12 * except in compliance with the License. You may obtain a copy of
13 * the License at http://www.mozilla.org/MPL/
15 * Software distributed under the License is distributed on an "AS
16 * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
17 * implied. See the License for the specific language governing
18 * rights and limitations under the License.
20 * Alternatively, the contents of this file may be used under the
21 * terms of the GNU Public License version 2 (the "GPL"), in which
22 * case the provisions of the GPL are applicable instead of the
23 * above. If you wish to allow the use of your version of this file
24 * only under the terms of the GPL and not to allow others to use
25 * your version of this file under the MPL, indicate your decision
26 * by deleting the provisions above and replace them with the notice
27 * and other provisions required by the GPL. If you do not delete
28 * the provisions above, a recipient may use your version of this
29 * file under either the MPL or the GPL.
31 * --------------------------------------------------------------------
33 * Inquiries regarding the linux-wlan Open Source project can be
36 * AbsoluteValue Systems Inc.
38 * http://www.linux-wlan.com
40 * --------------------------------------------------------------------
42 * Portions of the development of this software were funded by
43 * Intersil Corporation as part of PRISM(R) chipset product development.
45 * --------------------------------------------------------------------
47 * This file implements functions that correspond to the prism2/hfa384x
48 * 802.11 MAC hardware and firmware host interface.
50 * The functions can be considered to represent several levels of
51 * abstraction. The lowest level functions are simply C-callable wrappers
52 * around the register accesses. The next higher level represents C-callable
53 * prism2 API functions that match the Intersil documentation as closely
54 * as is reasonable. The next higher layer implements common sequences
55 * of invocations of the API layer (e.g. write to bap, followed by cmd).
58 * hfa384x_drvr_xxx Highest level abstractions provided by the
59 * hfa384x code. They are driver defined wrappers
60 * for common sequences. These functions generally
61 * use the services of the lower levels.
63 * hfa384x_drvr_xxxconfig An example of the drvr level abstraction. These
64 * functions are wrappers for the RID get/set
65 * sequence. They call copy_[to|from]_bap() and
66 * cmd_access(). These functions operate on the
67 * RIDs and buffers without validation. The caller
68 * is responsible for that.
70 * API wrapper functions:
71 * hfa384x_cmd_xxx functions that provide access to the f/w commands.
72 * The function arguments correspond to each command
73 * argument, even command arguments that get packed
74 * into single registers. These functions _just_
75 * issue the command by setting the cmd/parm regs
76 * & reading the status/resp regs. Additional
77 * activities required to fully use a command
78 * (read/write from/to bap, get/set int status etc.)
79 * are implemented separately. Think of these as
80 * C-callable prism2 commands.
82 * Lowest Layer Functions:
83 * hfa384x_docmd_xxx These functions implement the sequence required
84 * to issue any prism2 command. Primarily used by the
85 * hfa384x_cmd_xxx functions.
87 * hfa384x_bap_xxx BAP read/write access functions.
88 * Note: we usually use BAP0 for non-interrupt context
89 * and BAP1 for interrupt context.
91 * hfa384x_dl_xxx download related functions.
93 * Driver State Issues:
94 * Note that there are two pairs of functions that manage the
95 * 'initialized' and 'running' states of the hw/MAC combo. The four
96 * functions are create(), destroy(), start(), and stop(). create()
97 * sets up the data structures required to support the hfa384x_*
98 * functions and destroy() cleans them up. The start() function gets
99 * the actual hardware running and enables the interrupts. The stop()
100 * function shuts the hardware down. The sequence should be:
104 * . Do interesting things w/ the hardware
109 * Note that destroy() can be called without calling stop() first.
110 * --------------------------------------------------------------------
113 #include <linux/module.h>
114 #include <linux/kernel.h>
115 #include <linux/sched.h>
116 #include <linux/types.h>
117 #include <linux/slab.h>
118 #include <linux/wireless.h>
119 #include <linux/netdevice.h>
120 #include <linux/timer.h>
121 #include <linux/io.h>
122 #include <linux/delay.h>
123 #include <asm/byteorder.h>
124 #include <linux/bitops.h>
125 #include <linux/list.h>
126 #include <linux/usb.h>
127 #include <linux/byteorder/generic.h>
129 #define SUBMIT_URB(u, f) usb_submit_urb(u, f)
131 #include "p80211types.h"
132 #include "p80211hdr.h"
133 #include "p80211mgmt.h"
134 #include "p80211conv.h"
135 #include "p80211msg.h"
136 #include "p80211netdev.h"
137 #include "p80211req.h"
138 #include "p80211metadef.h"
139 #include "p80211metastruct.h"
141 #include "prism2mgmt.h"
148 #define THROTTLE_JIFFIES (HZ / 8)
149 #define URB_ASYNC_UNLINK 0
150 #define USB_QUEUE_BULK 0
152 #define ROUNDUP64(a) (((a) + 63) & ~63)
155 static void dbprint_urb(struct urb *urb);
159 hfa384x_int_rxmonitor(wlandevice_t *wlandev, hfa384x_usb_rxfrm_t *rxfrm);
161 static void hfa384x_usb_defer(struct work_struct *data);
163 static int submit_rx_urb(hfa384x_t *hw, gfp_t flags);
165 static int submit_tx_urb(hfa384x_t *hw, struct urb *tx_urb, gfp_t flags);
167 /*---------------------------------------------------*/
169 static void hfa384x_usbout_callback(struct urb *urb);
170 static void hfa384x_ctlxout_callback(struct urb *urb);
171 static void hfa384x_usbin_callback(struct urb *urb);
174 hfa384x_usbin_txcompl(wlandevice_t *wlandev, hfa384x_usbin_t *usbin);
176 static void hfa384x_usbin_rx(wlandevice_t *wlandev, struct sk_buff *skb);
178 static void hfa384x_usbin_info(wlandevice_t *wlandev, hfa384x_usbin_t *usbin);
180 static void hfa384x_usbin_ctlx(hfa384x_t *hw, hfa384x_usbin_t *usbin,
183 /*---------------------------------------------------*/
184 /* Functions to support the prism2 usb command queue */
186 static void hfa384x_usbctlxq_run(hfa384x_t *hw);
188 static void hfa384x_usbctlx_reqtimerfn(unsigned long data);
190 static void hfa384x_usbctlx_resptimerfn(unsigned long data);
192 static void hfa384x_usb_throttlefn(unsigned long data);
194 static void hfa384x_usbctlx_completion_task(unsigned long data);
196 static void hfa384x_usbctlx_reaper_task(unsigned long data);
198 static int hfa384x_usbctlx_submit(hfa384x_t *hw, hfa384x_usbctlx_t *ctlx);
200 static void unlocked_usbctlx_complete(hfa384x_t *hw, hfa384x_usbctlx_t *ctlx);
202 struct usbctlx_completor {
203 int (*complete)(struct usbctlx_completor *);
207 hfa384x_usbctlx_complete_sync(hfa384x_t *hw,
208 hfa384x_usbctlx_t *ctlx,
209 struct usbctlx_completor *completor);
212 unlocked_usbctlx_cancel_async(hfa384x_t *hw, hfa384x_usbctlx_t *ctlx);
214 static void hfa384x_cb_status(hfa384x_t *hw, const hfa384x_usbctlx_t *ctlx);
217 usbctlx_get_status(const hfa384x_usb_cmdresp_t *cmdresp,
218 hfa384x_cmdresult_t *result);
221 usbctlx_get_rridresult(const hfa384x_usb_rridresp_t *rridresp,
222 hfa384x_rridresult_t *result);
224 /*---------------------------------------------------*/
225 /* Low level req/resp CTLX formatters and submitters */
227 hfa384x_docmd(hfa384x_t *hw,
229 hfa384x_metacmd_t *cmd,
230 ctlx_cmdcb_t cmdcb, ctlx_usercb_t usercb, void *usercb_data);
233 hfa384x_dorrid(hfa384x_t *hw,
237 unsigned int riddatalen,
238 ctlx_cmdcb_t cmdcb, ctlx_usercb_t usercb, void *usercb_data);
241 hfa384x_dowrid(hfa384x_t *hw,
245 unsigned int riddatalen,
246 ctlx_cmdcb_t cmdcb, ctlx_usercb_t usercb, void *usercb_data);
249 hfa384x_dormem(hfa384x_t *hw,
255 ctlx_cmdcb_t cmdcb, ctlx_usercb_t usercb, void *usercb_data);
258 hfa384x_dowmem(hfa384x_t *hw,
264 ctlx_cmdcb_t cmdcb, ctlx_usercb_t usercb, void *usercb_data);
266 static int hfa384x_isgood_pdrcode(u16 pdrcode);
268 static inline const char *ctlxstr(CTLX_STATE s)
270 static const char * const ctlx_str[] = {
275 "Request packet submitted",
276 "Request packet completed",
277 "Response packet completed"
283 static inline hfa384x_usbctlx_t *get_active_ctlx(hfa384x_t *hw)
285 return list_entry(hw->ctlxq.active.next, hfa384x_usbctlx_t, list);
289 void dbprint_urb(struct urb *urb)
291 pr_debug("urb->pipe=0x%08x\n", urb->pipe);
292 pr_debug("urb->status=0x%08x\n", urb->status);
293 pr_debug("urb->transfer_flags=0x%08x\n", urb->transfer_flags);
294 pr_debug("urb->transfer_buffer=0x%08x\n",
295 (unsigned int)urb->transfer_buffer);
296 pr_debug("urb->transfer_buffer_length=0x%08x\n",
297 urb->transfer_buffer_length);
298 pr_debug("urb->actual_length=0x%08x\n", urb->actual_length);
299 pr_debug("urb->bandwidth=0x%08x\n", urb->bandwidth);
300 pr_debug("urb->setup_packet(ctl)=0x%08x\n",
301 (unsigned int)urb->setup_packet);
302 pr_debug("urb->start_frame(iso/irq)=0x%08x\n", urb->start_frame);
303 pr_debug("urb->interval(irq)=0x%08x\n", urb->interval);
304 pr_debug("urb->error_count(iso)=0x%08x\n", urb->error_count);
305 pr_debug("urb->timeout=0x%08x\n", urb->timeout);
306 pr_debug("urb->context=0x%08x\n", (unsigned int)urb->context);
307 pr_debug("urb->complete=0x%08x\n", (unsigned int)urb->complete);
311 /*----------------------------------------------------------------
314 * Listen for input data on the BULK-IN pipe. If the pipe has
315 * stalled then schedule it to be reset.
319 * memflags memory allocation flags
322 * error code from submission
326 ----------------------------------------------------------------*/
327 static int submit_rx_urb(hfa384x_t *hw, gfp_t memflags)
332 skb = dev_alloc_skb(sizeof(hfa384x_usbin_t));
338 /* Post the IN urb */
339 usb_fill_bulk_urb(&hw->rx_urb, hw->usb,
341 skb->data, sizeof(hfa384x_usbin_t),
342 hfa384x_usbin_callback, hw->wlandev);
344 hw->rx_urb_skb = skb;
347 if (!hw->wlandev->hwremoved &&
348 !test_bit(WORK_RX_HALT, &hw->usb_flags)) {
349 result = SUBMIT_URB(&hw->rx_urb, memflags);
351 /* Check whether we need to reset the RX pipe */
352 if (result == -EPIPE) {
353 netdev_warn(hw->wlandev->netdev,
354 "%s rx pipe stalled: requesting reset\n",
355 hw->wlandev->netdev->name);
356 if (!test_and_set_bit(WORK_RX_HALT, &hw->usb_flags))
357 schedule_work(&hw->usb_work);
361 /* Don't leak memory if anything should go wrong */
364 hw->rx_urb_skb = NULL;
371 /*----------------------------------------------------------------
374 * Prepares and submits the URB of transmitted data. If the
375 * submission fails then it will schedule the output pipe to
380 * tx_urb URB of data for transmission
381 * memflags memory allocation flags
384 * error code from submission
388 ----------------------------------------------------------------*/
389 static int submit_tx_urb(hfa384x_t *hw, struct urb *tx_urb, gfp_t memflags)
391 struct net_device *netdev = hw->wlandev->netdev;
395 if (netif_running(netdev)) {
396 if (!hw->wlandev->hwremoved &&
397 !test_bit(WORK_TX_HALT, &hw->usb_flags)) {
398 result = SUBMIT_URB(tx_urb, memflags);
400 /* Test whether we need to reset the TX pipe */
401 if (result == -EPIPE) {
402 netdev_warn(hw->wlandev->netdev,
403 "%s tx pipe stalled: requesting reset\n",
405 set_bit(WORK_TX_HALT, &hw->usb_flags);
406 schedule_work(&hw->usb_work);
407 } else if (result == 0) {
408 netif_stop_queue(netdev);
416 /*----------------------------------------------------------------
419 * There are some things that the USB stack cannot do while
420 * in interrupt context, so we arrange this function to run
421 * in process context.
424 * hw device structure
430 * process (by design)
431 ----------------------------------------------------------------*/
432 static void hfa384x_usb_defer(struct work_struct *data)
434 hfa384x_t *hw = container_of(data, struct hfa384x, usb_work);
435 struct net_device *netdev = hw->wlandev->netdev;
437 /* Don't bother trying to reset anything if the plug
438 * has been pulled ...
440 if (hw->wlandev->hwremoved)
443 /* Reception has stopped: try to reset the input pipe */
444 if (test_bit(WORK_RX_HALT, &hw->usb_flags)) {
447 usb_kill_urb(&hw->rx_urb); /* Cannot be holding spinlock! */
449 ret = usb_clear_halt(hw->usb, hw->endp_in);
451 netdev_err(hw->wlandev->netdev,
452 "Failed to clear rx pipe for %s: err=%d\n",
455 netdev_info(hw->wlandev->netdev, "%s rx pipe reset complete.\n",
457 clear_bit(WORK_RX_HALT, &hw->usb_flags);
458 set_bit(WORK_RX_RESUME, &hw->usb_flags);
462 /* Resume receiving data back from the device. */
463 if (test_bit(WORK_RX_RESUME, &hw->usb_flags)) {
466 ret = submit_rx_urb(hw, GFP_KERNEL);
468 netdev_err(hw->wlandev->netdev,
469 "Failed to resume %s rx pipe.\n",
472 clear_bit(WORK_RX_RESUME, &hw->usb_flags);
476 /* Transmission has stopped: try to reset the output pipe */
477 if (test_bit(WORK_TX_HALT, &hw->usb_flags)) {
480 usb_kill_urb(&hw->tx_urb);
481 ret = usb_clear_halt(hw->usb, hw->endp_out);
483 netdev_err(hw->wlandev->netdev,
484 "Failed to clear tx pipe for %s: err=%d\n",
487 netdev_info(hw->wlandev->netdev, "%s tx pipe reset complete.\n",
489 clear_bit(WORK_TX_HALT, &hw->usb_flags);
490 set_bit(WORK_TX_RESUME, &hw->usb_flags);
492 /* Stopping the BULK-OUT pipe also blocked
493 * us from sending any more CTLX URBs, so
494 * we need to re-run our queue ...
496 hfa384x_usbctlxq_run(hw);
500 /* Resume transmitting. */
501 if (test_and_clear_bit(WORK_TX_RESUME, &hw->usb_flags))
502 netif_wake_queue(hw->wlandev->netdev);
505 /*----------------------------------------------------------------
508 * Sets up the hfa384x_t data structure for use. Note this
509 * does _not_ initialize the actual hardware, just the data structures
510 * we use to keep track of its state.
513 * hw device structure
514 * irq device irq number
515 * iobase i/o base address for register access
516 * membase memory base address for register access
525 ----------------------------------------------------------------*/
526 void hfa384x_create(hfa384x_t *hw, struct usb_device *usb)
528 memset(hw, 0, sizeof(hfa384x_t));
531 /* set up the endpoints */
532 hw->endp_in = usb_rcvbulkpipe(usb, 1);
533 hw->endp_out = usb_sndbulkpipe(usb, 2);
535 /* Set up the waitq */
536 init_waitqueue_head(&hw->cmdq);
538 /* Initialize the command queue */
539 spin_lock_init(&hw->ctlxq.lock);
540 INIT_LIST_HEAD(&hw->ctlxq.pending);
541 INIT_LIST_HEAD(&hw->ctlxq.active);
542 INIT_LIST_HEAD(&hw->ctlxq.completing);
543 INIT_LIST_HEAD(&hw->ctlxq.reapable);
545 /* Initialize the authentication queue */
546 skb_queue_head_init(&hw->authq);
548 tasklet_init(&hw->reaper_bh,
549 hfa384x_usbctlx_reaper_task, (unsigned long)hw);
550 tasklet_init(&hw->completion_bh,
551 hfa384x_usbctlx_completion_task, (unsigned long)hw);
552 INIT_WORK(&hw->link_bh, prism2sta_processing_defer);
553 INIT_WORK(&hw->usb_work, hfa384x_usb_defer);
555 setup_timer(&hw->throttle, hfa384x_usb_throttlefn, (unsigned long)hw);
557 setup_timer(&hw->resptimer, hfa384x_usbctlx_resptimerfn,
560 setup_timer(&hw->reqtimer, hfa384x_usbctlx_reqtimerfn,
563 usb_init_urb(&hw->rx_urb);
564 usb_init_urb(&hw->tx_urb);
565 usb_init_urb(&hw->ctlx_urb);
567 hw->link_status = HFA384x_LINK_NOTCONNECTED;
568 hw->state = HFA384x_STATE_INIT;
570 INIT_WORK(&hw->commsqual_bh, prism2sta_commsqual_defer);
571 setup_timer(&hw->commsqual_timer, prism2sta_commsqual_timer,
575 /*----------------------------------------------------------------
578 * Partner to hfa384x_create(). This function cleans up the hw
579 * structure so that it can be freed by the caller using a simple
580 * kfree. Currently, this function is just a placeholder. If, at some
581 * point in the future, an hw in the 'shutdown' state requires a 'deep'
582 * kfree, this is where it should be done. Note that if this function
583 * is called on a _running_ hw structure, the drvr_stop() function is
587 * hw device structure
590 * nothing, this function is not allowed to fail.
596 ----------------------------------------------------------------*/
597 void hfa384x_destroy(hfa384x_t *hw)
601 if (hw->state == HFA384x_STATE_RUNNING)
602 hfa384x_drvr_stop(hw);
603 hw->state = HFA384x_STATE_PREINIT;
605 kfree(hw->scanresults);
606 hw->scanresults = NULL;
608 /* Now to clean out the auth queue */
609 while ((skb = skb_dequeue(&hw->authq)))
613 static hfa384x_usbctlx_t *usbctlx_alloc(void)
615 hfa384x_usbctlx_t *ctlx;
617 ctlx = kzalloc(sizeof(*ctlx),
618 in_interrupt() ? GFP_ATOMIC : GFP_KERNEL);
620 init_completion(&ctlx->done);
626 usbctlx_get_status(const hfa384x_usb_cmdresp_t *cmdresp,
627 hfa384x_cmdresult_t *result)
629 result->status = le16_to_cpu(cmdresp->status);
630 result->resp0 = le16_to_cpu(cmdresp->resp0);
631 result->resp1 = le16_to_cpu(cmdresp->resp1);
632 result->resp2 = le16_to_cpu(cmdresp->resp2);
634 pr_debug("cmdresult:status=0x%04x resp0=0x%04x resp1=0x%04x resp2=0x%04x\n",
635 result->status, result->resp0, result->resp1, result->resp2);
637 return result->status & HFA384x_STATUS_RESULT;
641 usbctlx_get_rridresult(const hfa384x_usb_rridresp_t *rridresp,
642 hfa384x_rridresult_t *result)
644 result->rid = le16_to_cpu(rridresp->rid);
645 result->riddata = rridresp->data;
646 result->riddata_len = ((le16_to_cpu(rridresp->frmlen) - 1) * 2);
649 /*----------------------------------------------------------------
651 * This completor must be passed to hfa384x_usbctlx_complete_sync()
652 * when processing a CTLX that returns a hfa384x_cmdresult_t structure.
653 ----------------------------------------------------------------*/
654 struct usbctlx_cmd_completor {
655 struct usbctlx_completor head;
657 const hfa384x_usb_cmdresp_t *cmdresp;
658 hfa384x_cmdresult_t *result;
661 static inline int usbctlx_cmd_completor_fn(struct usbctlx_completor *head)
663 struct usbctlx_cmd_completor *complete;
665 complete = (struct usbctlx_cmd_completor *)head;
666 return usbctlx_get_status(complete->cmdresp, complete->result);
669 static inline struct usbctlx_completor *init_cmd_completor(
670 struct usbctlx_cmd_completor
672 const hfa384x_usb_cmdresp_t
674 hfa384x_cmdresult_t *result)
676 completor->head.complete = usbctlx_cmd_completor_fn;
677 completor->cmdresp = cmdresp;
678 completor->result = result;
679 return &(completor->head);
682 /*----------------------------------------------------------------
684 * This completor must be passed to hfa384x_usbctlx_complete_sync()
685 * when processing a CTLX that reads a RID.
686 ----------------------------------------------------------------*/
687 struct usbctlx_rrid_completor {
688 struct usbctlx_completor head;
690 const hfa384x_usb_rridresp_t *rridresp;
692 unsigned int riddatalen;
695 static int usbctlx_rrid_completor_fn(struct usbctlx_completor *head)
697 struct usbctlx_rrid_completor *complete;
698 hfa384x_rridresult_t rridresult;
700 complete = (struct usbctlx_rrid_completor *)head;
701 usbctlx_get_rridresult(complete->rridresp, &rridresult);
703 /* Validate the length, note body len calculation in bytes */
704 if (rridresult.riddata_len != complete->riddatalen) {
705 pr_warn("RID len mismatch, rid=0x%04x hlen=%d fwlen=%d\n",
707 complete->riddatalen, rridresult.riddata_len);
711 memcpy(complete->riddata, rridresult.riddata, complete->riddatalen);
715 static inline struct usbctlx_completor *init_rrid_completor(
716 struct usbctlx_rrid_completor
718 const hfa384x_usb_rridresp_t
721 unsigned int riddatalen)
723 completor->head.complete = usbctlx_rrid_completor_fn;
724 completor->rridresp = rridresp;
725 completor->riddata = riddata;
726 completor->riddatalen = riddatalen;
727 return &(completor->head);
730 /*----------------------------------------------------------------
732 * Interprets the results of a synchronous RID-write
733 ----------------------------------------------------------------*/
734 #define init_wrid_completor init_cmd_completor
736 /*----------------------------------------------------------------
738 * Interprets the results of a synchronous memory-write
739 ----------------------------------------------------------------*/
740 #define init_wmem_completor init_cmd_completor
742 /*----------------------------------------------------------------
744 * Interprets the results of a synchronous memory-read
745 ----------------------------------------------------------------*/
746 struct usbctlx_rmem_completor {
747 struct usbctlx_completor head;
749 const hfa384x_usb_rmemresp_t *rmemresp;
754 static int usbctlx_rmem_completor_fn(struct usbctlx_completor *head)
756 struct usbctlx_rmem_completor *complete =
757 (struct usbctlx_rmem_completor *)head;
759 pr_debug("rmemresp:len=%d\n", complete->rmemresp->frmlen);
760 memcpy(complete->data, complete->rmemresp->data, complete->len);
764 static inline struct usbctlx_completor *init_rmem_completor(
765 struct usbctlx_rmem_completor
767 hfa384x_usb_rmemresp_t
772 completor->head.complete = usbctlx_rmem_completor_fn;
773 completor->rmemresp = rmemresp;
774 completor->data = data;
775 completor->len = len;
776 return &(completor->head);
779 /*----------------------------------------------------------------
782 * Ctlx_complete handler for async CMD type control exchanges.
783 * mark the hw struct as such.
785 * Note: If the handling is changed here, it should probably be
786 * changed in docmd as well.
790 * ctlx completed CTLX
799 ----------------------------------------------------------------*/
800 static void hfa384x_cb_status(hfa384x_t *hw, const hfa384x_usbctlx_t *ctlx)
802 if (ctlx->usercb != NULL) {
803 hfa384x_cmdresult_t cmdresult;
805 if (ctlx->state != CTLX_COMPLETE) {
806 memset(&cmdresult, 0, sizeof(cmdresult));
808 HFA384x_STATUS_RESULT_SET(HFA384x_CMD_ERR);
810 usbctlx_get_status(&ctlx->inbuf.cmdresp, &cmdresult);
813 ctlx->usercb(hw, &cmdresult, ctlx->usercb_data);
817 static inline int hfa384x_docmd_wait(hfa384x_t *hw, hfa384x_metacmd_t *cmd)
819 return hfa384x_docmd(hw, DOWAIT, cmd, NULL, NULL, NULL);
823 hfa384x_docmd_async(hfa384x_t *hw,
824 hfa384x_metacmd_t *cmd,
825 ctlx_cmdcb_t cmdcb, ctlx_usercb_t usercb, void *usercb_data)
827 return hfa384x_docmd(hw, DOASYNC, cmd, cmdcb, usercb, usercb_data);
831 hfa384x_dorrid_wait(hfa384x_t *hw, u16 rid, void *riddata,
832 unsigned int riddatalen)
834 return hfa384x_dorrid(hw, DOWAIT,
835 rid, riddata, riddatalen, NULL, NULL, NULL);
839 hfa384x_dorrid_async(hfa384x_t *hw,
840 u16 rid, void *riddata, unsigned int riddatalen,
842 ctlx_usercb_t usercb, void *usercb_data)
844 return hfa384x_dorrid(hw, DOASYNC,
845 rid, riddata, riddatalen,
846 cmdcb, usercb, usercb_data);
850 hfa384x_dowrid_wait(hfa384x_t *hw, u16 rid, void *riddata,
851 unsigned int riddatalen)
853 return hfa384x_dowrid(hw, DOWAIT,
854 rid, riddata, riddatalen, NULL, NULL, NULL);
858 hfa384x_dowrid_async(hfa384x_t *hw,
859 u16 rid, void *riddata, unsigned int riddatalen,
861 ctlx_usercb_t usercb, void *usercb_data)
863 return hfa384x_dowrid(hw, DOASYNC,
864 rid, riddata, riddatalen,
865 cmdcb, usercb, usercb_data);
869 hfa384x_dormem_wait(hfa384x_t *hw,
870 u16 page, u16 offset, void *data, unsigned int len)
872 return hfa384x_dormem(hw, DOWAIT,
873 page, offset, data, len, NULL, NULL, NULL);
877 hfa384x_dormem_async(hfa384x_t *hw,
878 u16 page, u16 offset, void *data, unsigned int len,
880 ctlx_usercb_t usercb, void *usercb_data)
882 return hfa384x_dormem(hw, DOASYNC,
883 page, offset, data, len,
884 cmdcb, usercb, usercb_data);
888 hfa384x_dowmem_wait(hfa384x_t *hw,
889 u16 page, u16 offset, void *data, unsigned int len)
891 return hfa384x_dowmem(hw, DOWAIT,
892 page, offset, data, len, NULL, NULL, NULL);
896 hfa384x_dowmem_async(hfa384x_t *hw,
902 ctlx_usercb_t usercb, void *usercb_data)
904 return hfa384x_dowmem(hw, DOASYNC,
905 page, offset, data, len,
906 cmdcb, usercb, usercb_data);
909 /*----------------------------------------------------------------
910 * hfa384x_cmd_initialize
912 * Issues the initialize command and sets the hw->state based
916 * hw device structure
920 * >0 f/w reported error - f/w status code
921 * <0 driver reported error
927 ----------------------------------------------------------------*/
928 int hfa384x_cmd_initialize(hfa384x_t *hw)
932 hfa384x_metacmd_t cmd;
934 cmd.cmd = HFA384x_CMDCODE_INIT;
939 result = hfa384x_docmd_wait(hw, &cmd);
941 pr_debug("cmdresp.init: status=0x%04x, resp0=0x%04x, resp1=0x%04x, resp2=0x%04x\n",
943 cmd.result.resp0, cmd.result.resp1, cmd.result.resp2);
945 for (i = 0; i < HFA384x_NUMPORTS_MAX; i++)
946 hw->port_enabled[i] = 0;
949 hw->link_status = HFA384x_LINK_NOTCONNECTED;
954 /*----------------------------------------------------------------
955 * hfa384x_cmd_disable
957 * Issues the disable command to stop communications on one of
961 * hw device structure
962 * macport MAC port number (host order)
966 * >0 f/w reported failure - f/w status code
967 * <0 driver reported error (timeout|bad arg)
973 ----------------------------------------------------------------*/
974 int hfa384x_cmd_disable(hfa384x_t *hw, u16 macport)
976 hfa384x_metacmd_t cmd;
978 cmd.cmd = HFA384x_CMD_CMDCODE_SET(HFA384x_CMDCODE_DISABLE) |
979 HFA384x_CMD_MACPORT_SET(macport);
984 return hfa384x_docmd_wait(hw, &cmd);
987 /*----------------------------------------------------------------
990 * Issues the enable command to enable communications on one of
994 * hw device structure
995 * macport MAC port number
999 * >0 f/w reported failure - f/w status code
1000 * <0 driver reported error (timeout|bad arg)
1006 ----------------------------------------------------------------*/
1007 int hfa384x_cmd_enable(hfa384x_t *hw, u16 macport)
1009 hfa384x_metacmd_t cmd;
1011 cmd.cmd = HFA384x_CMD_CMDCODE_SET(HFA384x_CMDCODE_ENABLE) |
1012 HFA384x_CMD_MACPORT_SET(macport);
1017 return hfa384x_docmd_wait(hw, &cmd);
1020 /*----------------------------------------------------------------
1021 * hfa384x_cmd_monitor
1023 * Enables the 'monitor mode' of the MAC. Here's the description of
1024 * monitor mode that I've received thus far:
1026 * "The "monitor mode" of operation is that the MAC passes all
1027 * frames for which the PLCP checks are correct. All received
1028 * MPDUs are passed to the host with MAC Port = 7, with a
1029 * receive status of good, FCS error, or undecryptable. Passing
1030 * certain MPDUs is a violation of the 802.11 standard, but useful
1031 * for a debugging tool." Normal communication is not possible
1032 * while monitor mode is enabled.
1035 * hw device structure
1036 * enable a code (0x0b|0x0f) that enables/disables
1037 * monitor mode. (host order)
1041 * >0 f/w reported failure - f/w status code
1042 * <0 driver reported error (timeout|bad arg)
1048 ----------------------------------------------------------------*/
1049 int hfa384x_cmd_monitor(hfa384x_t *hw, u16 enable)
1051 hfa384x_metacmd_t cmd;
1053 cmd.cmd = HFA384x_CMD_CMDCODE_SET(HFA384x_CMDCODE_MONITOR) |
1054 HFA384x_CMD_AINFO_SET(enable);
1059 return hfa384x_docmd_wait(hw, &cmd);
1062 /*----------------------------------------------------------------
1063 * hfa384x_cmd_download
1065 * Sets the controls for the MAC controller code/data download
1066 * process. The arguments set the mode and address associated
1067 * with a download. Note that the aux registers should be enabled
1068 * prior to setting one of the download enable modes.
1071 * hw device structure
1072 * mode 0 - Disable programming and begin code exec
1073 * 1 - Enable volatile mem programming
1074 * 2 - Enable non-volatile mem programming
1075 * 3 - Program non-volatile section from NV download
1079 * highaddr For mode 1, sets the high & low order bits of
1080 * the "destination address". This address will be
1081 * the execution start address when download is
1082 * subsequently disabled.
1083 * For mode 2, sets the high & low order bits of
1084 * the destination in NV ram.
1085 * For modes 0 & 3, should be zero. (host order)
1086 * NOTE: these are CMD format.
1087 * codelen Length of the data to write in mode 2,
1088 * zero otherwise. (host order)
1092 * >0 f/w reported failure - f/w status code
1093 * <0 driver reported error (timeout|bad arg)
1099 ----------------------------------------------------------------*/
1100 int hfa384x_cmd_download(hfa384x_t *hw, u16 mode, u16 lowaddr,
1101 u16 highaddr, u16 codelen)
1103 hfa384x_metacmd_t cmd;
1105 pr_debug("mode=%d, lowaddr=0x%04x, highaddr=0x%04x, codelen=%d\n",
1106 mode, lowaddr, highaddr, codelen);
1108 cmd.cmd = (HFA384x_CMD_CMDCODE_SET(HFA384x_CMDCODE_DOWNLD) |
1109 HFA384x_CMD_PROGMODE_SET(mode));
1111 cmd.parm0 = lowaddr;
1112 cmd.parm1 = highaddr;
1113 cmd.parm2 = codelen;
1115 return hfa384x_docmd_wait(hw, &cmd);
1118 /*----------------------------------------------------------------
1121 * Perform a reset of the hfa38xx MAC core. We assume that the hw
1122 * structure is in its "created" state. That is, it is initialized
1123 * with proper values. Note that if a reset is done after the
1124 * device has been active for awhile, the caller might have to clean
1125 * up some leftover cruft in the hw structure.
1128 * hw device structure
1129 * holdtime how long (in ms) to hold the reset
1130 * settletime how long (in ms) to wait after releasing
1140 ----------------------------------------------------------------*/
1141 int hfa384x_corereset(hfa384x_t *hw, int holdtime, int settletime, int genesis)
1145 result = usb_reset_device(hw->usb);
1147 netdev_err(hw->wlandev->netdev, "usb_reset_device() failed, result=%d.\n",
1154 /*----------------------------------------------------------------
1155 * hfa384x_usbctlx_complete_sync
1157 * Waits for a synchronous CTLX object to complete,
1158 * and then handles the response.
1161 * hw device structure
1163 * completor functor object to decide what to
1164 * do with the CTLX's result.
1168 * -ERESTARTSYS Interrupted by a signal
1170 * -ENODEV Adapter was unplugged
1171 * ??? Result from completor
1177 ----------------------------------------------------------------*/
1178 static int hfa384x_usbctlx_complete_sync(hfa384x_t *hw,
1179 hfa384x_usbctlx_t *ctlx,
1180 struct usbctlx_completor *completor)
1182 unsigned long flags;
1185 result = wait_for_completion_interruptible(&ctlx->done);
1187 spin_lock_irqsave(&hw->ctlxq.lock, flags);
1190 * We can only handle the CTLX if the USB disconnect
1191 * function has not run yet ...
1194 if (hw->wlandev->hwremoved) {
1195 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
1197 } else if (result != 0) {
1201 * We were probably interrupted, so delete
1202 * this CTLX asynchronously, kill the timers
1203 * and the URB, and then start the next
1206 * NOTE: We can only delete the timers and
1207 * the URB if this CTLX is active.
1209 if (ctlx == get_active_ctlx(hw)) {
1210 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
1212 del_singleshot_timer_sync(&hw->reqtimer);
1213 del_singleshot_timer_sync(&hw->resptimer);
1214 hw->req_timer_done = 1;
1215 hw->resp_timer_done = 1;
1216 usb_kill_urb(&hw->ctlx_urb);
1218 spin_lock_irqsave(&hw->ctlxq.lock, flags);
1223 * This scenario is so unlikely that I'm
1224 * happy with a grubby "goto" solution ...
1226 if (hw->wlandev->hwremoved)
1231 * The completion task will send this CTLX
1232 * to the reaper the next time it runs. We
1233 * are no longer in a hurry.
1236 ctlx->state = CTLX_REQ_FAILED;
1237 list_move_tail(&ctlx->list, &hw->ctlxq.completing);
1239 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
1242 hfa384x_usbctlxq_run(hw);
1244 if (ctlx->state == CTLX_COMPLETE) {
1245 result = completor->complete(completor);
1247 netdev_warn(hw->wlandev->netdev, "CTLX[%d] error: state(%s)\n",
1248 le16_to_cpu(ctlx->outbuf.type),
1249 ctlxstr(ctlx->state));
1253 list_del(&ctlx->list);
1254 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
1261 /*----------------------------------------------------------------
1264 * Constructs a command CTLX and submits it.
1266 * NOTE: Any changes to the 'post-submit' code in this function
1267 * need to be carried over to hfa384x_cbcmd() since the handling
1268 * is virtually identical.
1271 * hw device structure
1272 * mode DOWAIT or DOASYNC
1273 * cmd cmd structure. Includes all arguments and result
1274 * data points. All in host order. in host order
1275 * cmdcb command-specific callback
1276 * usercb user callback for async calls, NULL for DOWAIT calls
1277 * usercb_data user supplied data pointer for async calls, NULL
1283 * -ERESTARTSYS Awakened on signal
1284 * >0 command indicated error, Status and Resp0-2 are
1292 ----------------------------------------------------------------*/
1294 hfa384x_docmd(hfa384x_t *hw,
1296 hfa384x_metacmd_t *cmd,
1297 ctlx_cmdcb_t cmdcb, ctlx_usercb_t usercb, void *usercb_data)
1300 hfa384x_usbctlx_t *ctlx;
1302 ctlx = usbctlx_alloc();
1308 /* Initialize the command */
1309 ctlx->outbuf.cmdreq.type = cpu_to_le16(HFA384x_USB_CMDREQ);
1310 ctlx->outbuf.cmdreq.cmd = cpu_to_le16(cmd->cmd);
1311 ctlx->outbuf.cmdreq.parm0 = cpu_to_le16(cmd->parm0);
1312 ctlx->outbuf.cmdreq.parm1 = cpu_to_le16(cmd->parm1);
1313 ctlx->outbuf.cmdreq.parm2 = cpu_to_le16(cmd->parm2);
1315 ctlx->outbufsize = sizeof(ctlx->outbuf.cmdreq);
1317 pr_debug("cmdreq: cmd=0x%04x parm0=0x%04x parm1=0x%04x parm2=0x%04x\n",
1318 cmd->cmd, cmd->parm0, cmd->parm1, cmd->parm2);
1320 ctlx->reapable = mode;
1321 ctlx->cmdcb = cmdcb;
1322 ctlx->usercb = usercb;
1323 ctlx->usercb_data = usercb_data;
1325 result = hfa384x_usbctlx_submit(hw, ctlx);
1328 } else if (mode == DOWAIT) {
1329 struct usbctlx_cmd_completor completor;
1332 hfa384x_usbctlx_complete_sync(hw, ctlx,
1333 init_cmd_completor(&completor,
1345 /*----------------------------------------------------------------
1348 * Constructs a read rid CTLX and issues it.
1350 * NOTE: Any changes to the 'post-submit' code in this function
1351 * need to be carried over to hfa384x_cbrrid() since the handling
1352 * is virtually identical.
1355 * hw device structure
1356 * mode DOWAIT or DOASYNC
1357 * rid Read RID number (host order)
1358 * riddata Caller supplied buffer that MAC formatted RID.data
1359 * record will be written to for DOWAIT calls. Should
1360 * be NULL for DOASYNC calls.
1361 * riddatalen Buffer length for DOWAIT calls. Zero for DOASYNC calls.
1362 * cmdcb command callback for async calls, NULL for DOWAIT calls
1363 * usercb user callback for async calls, NULL for DOWAIT calls
1364 * usercb_data user supplied data pointer for async calls, NULL
1370 * -ERESTARTSYS Awakened on signal
1371 * -ENODATA riddatalen != macdatalen
1372 * >0 command indicated error, Status and Resp0-2 are
1378 * interrupt (DOASYNC)
1379 * process (DOWAIT or DOASYNC)
1380 ----------------------------------------------------------------*/
1382 hfa384x_dorrid(hfa384x_t *hw,
1386 unsigned int riddatalen,
1387 ctlx_cmdcb_t cmdcb, ctlx_usercb_t usercb, void *usercb_data)
1390 hfa384x_usbctlx_t *ctlx;
1392 ctlx = usbctlx_alloc();
1398 /* Initialize the command */
1399 ctlx->outbuf.rridreq.type = cpu_to_le16(HFA384x_USB_RRIDREQ);
1400 ctlx->outbuf.rridreq.frmlen =
1401 cpu_to_le16(sizeof(ctlx->outbuf.rridreq.rid));
1402 ctlx->outbuf.rridreq.rid = cpu_to_le16(rid);
1404 ctlx->outbufsize = sizeof(ctlx->outbuf.rridreq);
1406 ctlx->reapable = mode;
1407 ctlx->cmdcb = cmdcb;
1408 ctlx->usercb = usercb;
1409 ctlx->usercb_data = usercb_data;
1411 /* Submit the CTLX */
1412 result = hfa384x_usbctlx_submit(hw, ctlx);
1415 } else if (mode == DOWAIT) {
1416 struct usbctlx_rrid_completor completor;
1419 hfa384x_usbctlx_complete_sync(hw, ctlx,
1422 &ctlx->inbuf.rridresp,
1423 riddata, riddatalen));
1430 /*----------------------------------------------------------------
1433 * Constructs a write rid CTLX and issues it.
1435 * NOTE: Any changes to the 'post-submit' code in this function
1436 * need to be carried over to hfa384x_cbwrid() since the handling
1437 * is virtually identical.
1440 * hw device structure
1441 * enum cmd_mode DOWAIT or DOASYNC
1443 * riddata Data portion of RID formatted for MAC
1444 * riddatalen Length of the data portion in bytes
1445 * cmdcb command callback for async calls, NULL for DOWAIT calls
1446 * usercb user callback for async calls, NULL for DOWAIT calls
1447 * usercb_data user supplied data pointer for async calls
1451 * -ETIMEDOUT timed out waiting for register ready or
1452 * command completion
1453 * >0 command indicated error, Status and Resp0-2 are
1459 * interrupt (DOASYNC)
1460 * process (DOWAIT or DOASYNC)
1461 ----------------------------------------------------------------*/
1463 hfa384x_dowrid(hfa384x_t *hw,
1467 unsigned int riddatalen,
1468 ctlx_cmdcb_t cmdcb, ctlx_usercb_t usercb, void *usercb_data)
1471 hfa384x_usbctlx_t *ctlx;
1473 ctlx = usbctlx_alloc();
1479 /* Initialize the command */
1480 ctlx->outbuf.wridreq.type = cpu_to_le16(HFA384x_USB_WRIDREQ);
1481 ctlx->outbuf.wridreq.frmlen = cpu_to_le16((sizeof
1482 (ctlx->outbuf.wridreq.rid) +
1483 riddatalen + 1) / 2);
1484 ctlx->outbuf.wridreq.rid = cpu_to_le16(rid);
1485 memcpy(ctlx->outbuf.wridreq.data, riddata, riddatalen);
1487 ctlx->outbufsize = sizeof(ctlx->outbuf.wridreq.type) +
1488 sizeof(ctlx->outbuf.wridreq.frmlen) +
1489 sizeof(ctlx->outbuf.wridreq.rid) + riddatalen;
1491 ctlx->reapable = mode;
1492 ctlx->cmdcb = cmdcb;
1493 ctlx->usercb = usercb;
1494 ctlx->usercb_data = usercb_data;
1496 /* Submit the CTLX */
1497 result = hfa384x_usbctlx_submit(hw, ctlx);
1500 } else if (mode == DOWAIT) {
1501 struct usbctlx_cmd_completor completor;
1502 hfa384x_cmdresult_t wridresult;
1504 result = hfa384x_usbctlx_complete_sync(hw,
1508 &ctlx->inbuf.wridresp,
1516 /*----------------------------------------------------------------
1519 * Constructs a readmem CTLX and issues it.
1521 * NOTE: Any changes to the 'post-submit' code in this function
1522 * need to be carried over to hfa384x_cbrmem() since the handling
1523 * is virtually identical.
1526 * hw device structure
1527 * mode DOWAIT or DOASYNC
1528 * page MAC address space page (CMD format)
1529 * offset MAC address space offset
1530 * data Ptr to data buffer to receive read
1531 * len Length of the data to read (max == 2048)
1532 * cmdcb command callback for async calls, NULL for DOWAIT calls
1533 * usercb user callback for async calls, NULL for DOWAIT calls
1534 * usercb_data user supplied data pointer for async calls
1538 * -ETIMEDOUT timed out waiting for register ready or
1539 * command completion
1540 * >0 command indicated error, Status and Resp0-2 are
1546 * interrupt (DOASYNC)
1547 * process (DOWAIT or DOASYNC)
1548 ----------------------------------------------------------------*/
1550 hfa384x_dormem(hfa384x_t *hw,
1556 ctlx_cmdcb_t cmdcb, ctlx_usercb_t usercb, void *usercb_data)
1559 hfa384x_usbctlx_t *ctlx;
1561 ctlx = usbctlx_alloc();
1567 /* Initialize the command */
1568 ctlx->outbuf.rmemreq.type = cpu_to_le16(HFA384x_USB_RMEMREQ);
1569 ctlx->outbuf.rmemreq.frmlen =
1570 cpu_to_le16(sizeof(ctlx->outbuf.rmemreq.offset) +
1571 sizeof(ctlx->outbuf.rmemreq.page) + len);
1572 ctlx->outbuf.rmemreq.offset = cpu_to_le16(offset);
1573 ctlx->outbuf.rmemreq.page = cpu_to_le16(page);
1575 ctlx->outbufsize = sizeof(ctlx->outbuf.rmemreq);
1577 pr_debug("type=0x%04x frmlen=%d offset=0x%04x page=0x%04x\n",
1578 ctlx->outbuf.rmemreq.type,
1579 ctlx->outbuf.rmemreq.frmlen,
1580 ctlx->outbuf.rmemreq.offset, ctlx->outbuf.rmemreq.page);
1582 pr_debug("pktsize=%zd\n", ROUNDUP64(sizeof(ctlx->outbuf.rmemreq)));
1584 ctlx->reapable = mode;
1585 ctlx->cmdcb = cmdcb;
1586 ctlx->usercb = usercb;
1587 ctlx->usercb_data = usercb_data;
1589 result = hfa384x_usbctlx_submit(hw, ctlx);
1592 } else if (mode == DOWAIT) {
1593 struct usbctlx_rmem_completor completor;
1596 hfa384x_usbctlx_complete_sync(hw, ctlx,
1599 &ctlx->inbuf.rmemresp, data,
1607 /*----------------------------------------------------------------
1610 * Constructs a writemem CTLX and issues it.
1612 * NOTE: Any changes to the 'post-submit' code in this function
1613 * need to be carried over to hfa384x_cbwmem() since the handling
1614 * is virtually identical.
1617 * hw device structure
1618 * mode DOWAIT or DOASYNC
1619 * page MAC address space page (CMD format)
1620 * offset MAC address space offset
1621 * data Ptr to data buffer containing write data
1622 * len Length of the data to read (max == 2048)
1623 * cmdcb command callback for async calls, NULL for DOWAIT calls
1624 * usercb user callback for async calls, NULL for DOWAIT calls
1625 * usercb_data user supplied data pointer for async calls.
1629 * -ETIMEDOUT timed out waiting for register ready or
1630 * command completion
1631 * >0 command indicated error, Status and Resp0-2 are
1637 * interrupt (DOWAIT)
1638 * process (DOWAIT or DOASYNC)
1639 ----------------------------------------------------------------*/
1641 hfa384x_dowmem(hfa384x_t *hw,
1647 ctlx_cmdcb_t cmdcb, ctlx_usercb_t usercb, void *usercb_data)
1650 hfa384x_usbctlx_t *ctlx;
1652 pr_debug("page=0x%04x offset=0x%04x len=%d\n", page, offset, len);
1654 ctlx = usbctlx_alloc();
1660 /* Initialize the command */
1661 ctlx->outbuf.wmemreq.type = cpu_to_le16(HFA384x_USB_WMEMREQ);
1662 ctlx->outbuf.wmemreq.frmlen =
1663 cpu_to_le16(sizeof(ctlx->outbuf.wmemreq.offset) +
1664 sizeof(ctlx->outbuf.wmemreq.page) + len);
1665 ctlx->outbuf.wmemreq.offset = cpu_to_le16(offset);
1666 ctlx->outbuf.wmemreq.page = cpu_to_le16(page);
1667 memcpy(ctlx->outbuf.wmemreq.data, data, len);
1669 ctlx->outbufsize = sizeof(ctlx->outbuf.wmemreq.type) +
1670 sizeof(ctlx->outbuf.wmemreq.frmlen) +
1671 sizeof(ctlx->outbuf.wmemreq.offset) +
1672 sizeof(ctlx->outbuf.wmemreq.page) + len;
1674 ctlx->reapable = mode;
1675 ctlx->cmdcb = cmdcb;
1676 ctlx->usercb = usercb;
1677 ctlx->usercb_data = usercb_data;
1679 result = hfa384x_usbctlx_submit(hw, ctlx);
1682 } else if (mode == DOWAIT) {
1683 struct usbctlx_cmd_completor completor;
1684 hfa384x_cmdresult_t wmemresult;
1686 result = hfa384x_usbctlx_complete_sync(hw,
1690 &ctlx->inbuf.wmemresp,
1698 /*----------------------------------------------------------------
1699 * hfa384x_drvr_disable
1701 * Issues the disable command to stop communications on one of
1702 * the MACs 'ports'. Only macport 0 is valid for stations.
1703 * APs may also disable macports 1-6. Only ports that have been
1704 * previously enabled may be disabled.
1707 * hw device structure
1708 * macport MAC port number (host order)
1712 * >0 f/w reported failure - f/w status code
1713 * <0 driver reported error (timeout|bad arg)
1719 ----------------------------------------------------------------*/
1720 int hfa384x_drvr_disable(hfa384x_t *hw, u16 macport)
1724 if ((!hw->isap && macport != 0) ||
1725 (hw->isap && !(macport <= HFA384x_PORTID_MAX)) ||
1726 !(hw->port_enabled[macport])) {
1729 result = hfa384x_cmd_disable(hw, macport);
1731 hw->port_enabled[macport] = 0;
1736 /*----------------------------------------------------------------
1737 * hfa384x_drvr_enable
1739 * Issues the enable command to enable communications on one of
1740 * the MACs 'ports'. Only macport 0 is valid for stations.
1741 * APs may also enable macports 1-6. Only ports that are currently
1742 * disabled may be enabled.
1745 * hw device structure
1746 * macport MAC port number
1750 * >0 f/w reported failure - f/w status code
1751 * <0 driver reported error (timeout|bad arg)
1757 ----------------------------------------------------------------*/
1758 int hfa384x_drvr_enable(hfa384x_t *hw, u16 macport)
1762 if ((!hw->isap && macport != 0) ||
1763 (hw->isap && !(macport <= HFA384x_PORTID_MAX)) ||
1764 (hw->port_enabled[macport])) {
1767 result = hfa384x_cmd_enable(hw, macport);
1769 hw->port_enabled[macport] = 1;
1774 /*----------------------------------------------------------------
1775 * hfa384x_drvr_flashdl_enable
1777 * Begins the flash download state. Checks to see that we're not
1778 * already in a download state and that a port isn't enabled.
1779 * Sets the download state and retrieves the flash download
1780 * buffer location, buffer size, and timeout length.
1783 * hw device structure
1787 * >0 f/w reported error - f/w status code
1788 * <0 driver reported error
1794 ----------------------------------------------------------------*/
1795 int hfa384x_drvr_flashdl_enable(hfa384x_t *hw)
1800 /* Check that a port isn't active */
1801 for (i = 0; i < HFA384x_PORTID_MAX; i++) {
1802 if (hw->port_enabled[i]) {
1803 pr_debug("called when port enabled.\n");
1808 /* Check that we're not already in a download state */
1809 if (hw->dlstate != HFA384x_DLSTATE_DISABLED)
1812 /* Retrieve the buffer loc&size and timeout */
1813 result = hfa384x_drvr_getconfig(hw, HFA384x_RID_DOWNLOADBUFFER,
1814 &(hw->bufinfo), sizeof(hw->bufinfo));
1818 hw->bufinfo.page = le16_to_cpu(hw->bufinfo.page);
1819 hw->bufinfo.offset = le16_to_cpu(hw->bufinfo.offset);
1820 hw->bufinfo.len = le16_to_cpu(hw->bufinfo.len);
1821 result = hfa384x_drvr_getconfig16(hw, HFA384x_RID_MAXLOADTIME,
1826 hw->dltimeout = le16_to_cpu(hw->dltimeout);
1828 pr_debug("flashdl_enable\n");
1830 hw->dlstate = HFA384x_DLSTATE_FLASHENABLED;
1835 /*----------------------------------------------------------------
1836 * hfa384x_drvr_flashdl_disable
1838 * Ends the flash download state. Note that this will cause the MAC
1839 * firmware to restart.
1842 * hw device structure
1846 * >0 f/w reported error - f/w status code
1847 * <0 driver reported error
1853 ----------------------------------------------------------------*/
1854 int hfa384x_drvr_flashdl_disable(hfa384x_t *hw)
1856 /* Check that we're already in the download state */
1857 if (hw->dlstate != HFA384x_DLSTATE_FLASHENABLED)
1860 pr_debug("flashdl_enable\n");
1862 /* There isn't much we can do at this point, so I don't */
1863 /* bother w/ the return value */
1864 hfa384x_cmd_download(hw, HFA384x_PROGMODE_DISABLE, 0, 0, 0);
1865 hw->dlstate = HFA384x_DLSTATE_DISABLED;
1870 /*----------------------------------------------------------------
1871 * hfa384x_drvr_flashdl_write
1873 * Performs a FLASH download of a chunk of data. First checks to see
1874 * that we're in the FLASH download state, then sets the download
1875 * mode, uses the aux functions to 1) copy the data to the flash
1876 * buffer, 2) sets the download 'write flash' mode, 3) readback and
1877 * compare. Lather rinse, repeat as many times an necessary to get
1878 * all the given data into flash.
1879 * When all data has been written using this function (possibly
1880 * repeatedly), call drvr_flashdl_disable() to end the download state
1881 * and restart the MAC.
1884 * hw device structure
1885 * daddr Card address to write to. (host order)
1886 * buf Ptr to data to write.
1887 * len Length of data (host order).
1891 * >0 f/w reported error - f/w status code
1892 * <0 driver reported error
1898 ----------------------------------------------------------------*/
1899 int hfa384x_drvr_flashdl_write(hfa384x_t *hw, u32 daddr, void *buf, u32 len)
1916 pr_debug("daddr=0x%08x len=%d\n", daddr, len);
1918 /* Check that we're in the flash download state */
1919 if (hw->dlstate != HFA384x_DLSTATE_FLASHENABLED)
1922 netdev_info(hw->wlandev->netdev,
1923 "Download %d bytes to flash @0x%06x\n", len, daddr);
1925 /* Convert to flat address for arithmetic */
1926 /* NOTE: dlbuffer RID stores the address in AUX format */
1928 HFA384x_ADDR_AUX_MKFLAT(hw->bufinfo.page, hw->bufinfo.offset);
1929 pr_debug("dlbuf.page=0x%04x dlbuf.offset=0x%04x dlbufaddr=0x%08x\n",
1930 hw->bufinfo.page, hw->bufinfo.offset, dlbufaddr);
1931 /* Calculations to determine how many fills of the dlbuffer to do
1932 * and how many USB wmemreq's to do for each fill. At this point
1933 * in time, the dlbuffer size and the wmemreq size are the same.
1934 * Therefore, nwrites should always be 1. The extra complexity
1935 * here is a hedge against future changes.
1938 /* Figure out how many times to do the flash programming */
1939 nburns = len / hw->bufinfo.len;
1940 nburns += (len % hw->bufinfo.len) ? 1 : 0;
1942 /* For each flash program cycle, how many USB wmemreq's are needed? */
1943 nwrites = hw->bufinfo.len / HFA384x_USB_RWMEM_MAXLEN;
1944 nwrites += (hw->bufinfo.len % HFA384x_USB_RWMEM_MAXLEN) ? 1 : 0;
1947 for (i = 0; i < nburns; i++) {
1948 /* Get the dest address and len */
1949 burnlen = (len - (hw->bufinfo.len * i)) > hw->bufinfo.len ?
1950 hw->bufinfo.len : (len - (hw->bufinfo.len * i));
1951 burndaddr = daddr + (hw->bufinfo.len * i);
1952 burnlo = HFA384x_ADDR_CMD_MKOFF(burndaddr);
1953 burnhi = HFA384x_ADDR_CMD_MKPAGE(burndaddr);
1955 netdev_info(hw->wlandev->netdev, "Writing %d bytes to flash @0x%06x\n",
1956 burnlen, burndaddr);
1958 /* Set the download mode */
1959 result = hfa384x_cmd_download(hw, HFA384x_PROGMODE_NV,
1960 burnlo, burnhi, burnlen);
1962 netdev_err(hw->wlandev->netdev,
1963 "download(NV,lo=%x,hi=%x,len=%x) cmd failed, result=%d. Aborting d/l\n",
1964 burnlo, burnhi, burnlen, result);
1968 /* copy the data to the flash download buffer */
1969 for (j = 0; j < nwrites; j++) {
1971 (i * hw->bufinfo.len) +
1972 (j * HFA384x_USB_RWMEM_MAXLEN);
1974 writepage = HFA384x_ADDR_CMD_MKPAGE(dlbufaddr +
1975 (j * HFA384x_USB_RWMEM_MAXLEN));
1976 writeoffset = HFA384x_ADDR_CMD_MKOFF(dlbufaddr +
1977 (j * HFA384x_USB_RWMEM_MAXLEN));
1979 writelen = burnlen - (j * HFA384x_USB_RWMEM_MAXLEN);
1980 writelen = writelen > HFA384x_USB_RWMEM_MAXLEN ?
1981 HFA384x_USB_RWMEM_MAXLEN : writelen;
1983 result = hfa384x_dowmem_wait(hw,
1986 writebuf, writelen);
1989 /* set the download 'write flash' mode */
1990 result = hfa384x_cmd_download(hw,
1991 HFA384x_PROGMODE_NVWRITE,
1994 netdev_err(hw->wlandev->netdev,
1995 "download(NVWRITE,lo=%x,hi=%x,len=%x) cmd failed, result=%d. Aborting d/l\n",
1996 burnlo, burnhi, burnlen, result);
2000 /* TODO: We really should do a readback and compare. */
2005 /* Leave the firmware in the 'post-prog' mode. flashdl_disable will */
2006 /* actually disable programming mode. Remember, that will cause the */
2007 /* the firmware to effectively reset itself. */
2012 /*----------------------------------------------------------------
2013 * hfa384x_drvr_getconfig
2015 * Performs the sequence necessary to read a config/info item.
2018 * hw device structure
2019 * rid config/info record id (host order)
2020 * buf host side record buffer. Upon return it will
2021 * contain the body portion of the record (minus the
2023 * len buffer length (in bytes, should match record length)
2027 * >0 f/w reported error - f/w status code
2028 * <0 driver reported error
2029 * -ENODATA length mismatch between argument and retrieved
2036 ----------------------------------------------------------------*/
2037 int hfa384x_drvr_getconfig(hfa384x_t *hw, u16 rid, void *buf, u16 len)
2039 return hfa384x_dorrid_wait(hw, rid, buf, len);
2042 /*----------------------------------------------------------------
2043 * hfa384x_drvr_setconfig_async
2045 * Performs the sequence necessary to write a config/info item.
2048 * hw device structure
2049 * rid config/info record id (in host order)
2050 * buf host side record buffer
2051 * len buffer length (in bytes)
2052 * usercb completion callback
2053 * usercb_data completion callback argument
2057 * >0 f/w reported error - f/w status code
2058 * <0 driver reported error
2064 ----------------------------------------------------------------*/
2066 hfa384x_drvr_setconfig_async(hfa384x_t *hw,
2069 u16 len, ctlx_usercb_t usercb, void *usercb_data)
2071 return hfa384x_dowrid_async(hw, rid, buf, len,
2072 hfa384x_cb_status, usercb, usercb_data);
2075 /*----------------------------------------------------------------
2076 * hfa384x_drvr_ramdl_disable
2078 * Ends the ram download state.
2081 * hw device structure
2085 * >0 f/w reported error - f/w status code
2086 * <0 driver reported error
2092 ----------------------------------------------------------------*/
2093 int hfa384x_drvr_ramdl_disable(hfa384x_t *hw)
2095 /* Check that we're already in the download state */
2096 if (hw->dlstate != HFA384x_DLSTATE_RAMENABLED)
2099 pr_debug("ramdl_disable()\n");
2101 /* There isn't much we can do at this point, so I don't */
2102 /* bother w/ the return value */
2103 hfa384x_cmd_download(hw, HFA384x_PROGMODE_DISABLE, 0, 0, 0);
2104 hw->dlstate = HFA384x_DLSTATE_DISABLED;
2109 /*----------------------------------------------------------------
2110 * hfa384x_drvr_ramdl_enable
2112 * Begins the ram download state. Checks to see that we're not
2113 * already in a download state and that a port isn't enabled.
2114 * Sets the download state and calls cmd_download with the
2115 * ENABLE_VOLATILE subcommand and the exeaddr argument.
2118 * hw device structure
2119 * exeaddr the card execution address that will be
2120 * jumped to when ramdl_disable() is called
2125 * >0 f/w reported error - f/w status code
2126 * <0 driver reported error
2132 ----------------------------------------------------------------*/
2133 int hfa384x_drvr_ramdl_enable(hfa384x_t *hw, u32 exeaddr)
2140 /* Check that a port isn't active */
2141 for (i = 0; i < HFA384x_PORTID_MAX; i++) {
2142 if (hw->port_enabled[i]) {
2143 netdev_err(hw->wlandev->netdev,
2144 "Can't download with a macport enabled.\n");
2149 /* Check that we're not already in a download state */
2150 if (hw->dlstate != HFA384x_DLSTATE_DISABLED) {
2151 netdev_err(hw->wlandev->netdev, "Download state not disabled.\n");
2155 pr_debug("ramdl_enable, exeaddr=0x%08x\n", exeaddr);
2157 /* Call the download(1,addr) function */
2158 lowaddr = HFA384x_ADDR_CMD_MKOFF(exeaddr);
2159 hiaddr = HFA384x_ADDR_CMD_MKPAGE(exeaddr);
2161 result = hfa384x_cmd_download(hw, HFA384x_PROGMODE_RAM,
2162 lowaddr, hiaddr, 0);
2165 /* Set the download state */
2166 hw->dlstate = HFA384x_DLSTATE_RAMENABLED;
2168 pr_debug("cmd_download(0x%04x, 0x%04x) failed, result=%d.\n",
2169 lowaddr, hiaddr, result);
2175 /*----------------------------------------------------------------
2176 * hfa384x_drvr_ramdl_write
2178 * Performs a RAM download of a chunk of data. First checks to see
2179 * that we're in the RAM download state, then uses the [read|write]mem USB
2180 * commands to 1) copy the data, 2) readback and compare. The download
2181 * state is unaffected. When all data has been written using
2182 * this function, call drvr_ramdl_disable() to end the download state
2183 * and restart the MAC.
2186 * hw device structure
2187 * daddr Card address to write to. (host order)
2188 * buf Ptr to data to write.
2189 * len Length of data (host order).
2193 * >0 f/w reported error - f/w status code
2194 * <0 driver reported error
2200 ----------------------------------------------------------------*/
2201 int hfa384x_drvr_ramdl_write(hfa384x_t *hw, u32 daddr, void *buf, u32 len)
2212 /* Check that we're in the ram download state */
2213 if (hw->dlstate != HFA384x_DLSTATE_RAMENABLED)
2216 netdev_info(hw->wlandev->netdev, "Writing %d bytes to ram @0x%06x\n",
2219 /* How many dowmem calls? */
2220 nwrites = len / HFA384x_USB_RWMEM_MAXLEN;
2221 nwrites += len % HFA384x_USB_RWMEM_MAXLEN ? 1 : 0;
2223 /* Do blocking wmem's */
2224 for (i = 0; i < nwrites; i++) {
2225 /* make address args */
2226 curraddr = daddr + (i * HFA384x_USB_RWMEM_MAXLEN);
2227 currpage = HFA384x_ADDR_CMD_MKPAGE(curraddr);
2228 curroffset = HFA384x_ADDR_CMD_MKOFF(curraddr);
2229 currlen = len - (i * HFA384x_USB_RWMEM_MAXLEN);
2230 if (currlen > HFA384x_USB_RWMEM_MAXLEN)
2231 currlen = HFA384x_USB_RWMEM_MAXLEN;
2233 /* Do blocking ctlx */
2234 result = hfa384x_dowmem_wait(hw,
2238 (i * HFA384x_USB_RWMEM_MAXLEN),
2244 /* TODO: We really should have a readback. */
2250 /*----------------------------------------------------------------
2251 * hfa384x_drvr_readpda
2253 * Performs the sequence to read the PDA space. Note there is no
2254 * drvr_writepda() function. Writing a PDA is
2255 * generally implemented by a calling component via calls to
2256 * cmd_download and writing to the flash download buffer via the
2260 * hw device structure
2261 * buf buffer to store PDA in
2266 * >0 f/w reported error - f/w status code
2267 * <0 driver reported error
2268 * -ETIMEDOUT timeout waiting for the cmd regs to become
2269 * available, or waiting for the control reg
2270 * to indicate the Aux port is enabled.
2271 * -ENODATA the buffer does NOT contain a valid PDA.
2272 * Either the card PDA is bad, or the auxdata
2273 * reads are giving us garbage.
2279 * process or non-card interrupt.
2280 ----------------------------------------------------------------*/
2281 int hfa384x_drvr_readpda(hfa384x_t *hw, void *buf, unsigned int len)
2287 int currpdr = 0; /* word offset of the current pdr */
2289 u16 pdrlen; /* pdr length in bytes, host order */
2290 u16 pdrcode; /* pdr code, host order */
2298 HFA3842_PDA_BASE, 0}, {
2299 HFA3841_PDA_BASE, 0}, {
2300 HFA3841_PDA_BOGUS_BASE, 0}
2303 /* Read the pda from each known address. */
2304 for (i = 0; i < ARRAY_SIZE(pdaloc); i++) {
2306 currpage = HFA384x_ADDR_CMD_MKPAGE(pdaloc[i].cardaddr);
2307 curroffset = HFA384x_ADDR_CMD_MKOFF(pdaloc[i].cardaddr);
2309 /* units of bytes */
2310 result = hfa384x_dormem_wait(hw, currpage, curroffset, buf,
2314 netdev_warn(hw->wlandev->netdev,
2315 "Read from index %zd failed, continuing\n",
2320 /* Test for garbage */
2321 pdaok = 1; /* initially assume good */
2323 while (pdaok && morepdrs) {
2324 pdrlen = le16_to_cpu(pda[currpdr]) * 2;
2325 pdrcode = le16_to_cpu(pda[currpdr + 1]);
2326 /* Test the record length */
2327 if (pdrlen > HFA384x_PDR_LEN_MAX || pdrlen == 0) {
2328 netdev_err(hw->wlandev->netdev,
2329 "pdrlen invalid=%d\n", pdrlen);
2334 if (!hfa384x_isgood_pdrcode(pdrcode)) {
2335 netdev_err(hw->wlandev->netdev, "pdrcode invalid=%d\n",
2340 /* Test for completion */
2341 if (pdrcode == HFA384x_PDR_END_OF_PDA)
2344 /* Move to the next pdr (if necessary) */
2346 /* note the access to pda[], need words here */
2347 currpdr += le16_to_cpu(pda[currpdr]) + 1;
2351 netdev_info(hw->wlandev->netdev,
2352 "PDA Read from 0x%08x in %s space.\n",
2354 pdaloc[i].auxctl == 0 ? "EXTDS" :
2355 pdaloc[i].auxctl == 1 ? "NV" :
2356 pdaloc[i].auxctl == 2 ? "PHY" :
2357 pdaloc[i].auxctl == 3 ? "ICSRAM" :
2362 result = pdaok ? 0 : -ENODATA;
2365 pr_debug("Failure: pda is not okay\n");
2370 /*----------------------------------------------------------------
2371 * hfa384x_drvr_setconfig
2373 * Performs the sequence necessary to write a config/info item.
2376 * hw device structure
2377 * rid config/info record id (in host order)
2378 * buf host side record buffer
2379 * len buffer length (in bytes)
2383 * >0 f/w reported error - f/w status code
2384 * <0 driver reported error
2390 ----------------------------------------------------------------*/
2391 int hfa384x_drvr_setconfig(hfa384x_t *hw, u16 rid, void *buf, u16 len)
2393 return hfa384x_dowrid_wait(hw, rid, buf, len);
2396 /*----------------------------------------------------------------
2397 * hfa384x_drvr_start
2399 * Issues the MAC initialize command, sets up some data structures,
2400 * and enables the interrupts. After this function completes, the
2401 * low-level stuff should be ready for any/all commands.
2404 * hw device structure
2407 * >0 f/w reported error - f/w status code
2408 * <0 driver reported error
2414 ----------------------------------------------------------------*/
2416 int hfa384x_drvr_start(hfa384x_t *hw)
2418 int result, result1, result2;
2423 /* Clear endpoint stalls - but only do this if the endpoint
2424 * is showing a stall status. Some prism2 cards seem to behave
2425 * badly if a clear_halt is called when the endpoint is already
2429 usb_get_status(hw->usb, USB_RECIP_ENDPOINT, hw->endp_in, &status);
2431 netdev_err(hw->wlandev->netdev, "Cannot get bulk in endpoint status.\n");
2434 if ((status == 1) && usb_clear_halt(hw->usb, hw->endp_in))
2435 netdev_err(hw->wlandev->netdev, "Failed to reset bulk in endpoint.\n");
2438 usb_get_status(hw->usb, USB_RECIP_ENDPOINT, hw->endp_out, &status);
2440 netdev_err(hw->wlandev->netdev, "Cannot get bulk out endpoint status.\n");
2443 if ((status == 1) && usb_clear_halt(hw->usb, hw->endp_out))
2444 netdev_err(hw->wlandev->netdev, "Failed to reset bulk out endpoint.\n");
2446 /* Synchronous unlink, in case we're trying to restart the driver */
2447 usb_kill_urb(&hw->rx_urb);
2449 /* Post the IN urb */
2450 result = submit_rx_urb(hw, GFP_KERNEL);
2452 netdev_err(hw->wlandev->netdev,
2453 "Fatal, failed to submit RX URB, result=%d\n",
2458 /* Call initialize twice, with a 1 second sleep in between.
2459 * This is a nasty work-around since many prism2 cards seem to
2460 * need time to settle after an init from cold. The second
2461 * call to initialize in theory is not necessary - but we call
2462 * it anyway as a double insurance policy:
2463 * 1) If the first init should fail, the second may well succeed
2464 * and the card can still be used
2465 * 2) It helps ensures all is well with the card after the first
2466 * init and settle time.
2468 result1 = hfa384x_cmd_initialize(hw);
2470 result = hfa384x_cmd_initialize(hw);
2474 netdev_err(hw->wlandev->netdev,
2475 "cmd_initialize() failed on two attempts, results %d and %d\n",
2477 usb_kill_urb(&hw->rx_urb);
2480 pr_debug("First cmd_initialize() failed (result %d),\n",
2482 pr_debug("but second attempt succeeded. All should be ok\n");
2484 } else if (result2 != 0) {
2485 netdev_warn(hw->wlandev->netdev, "First cmd_initialize() succeeded, but second attempt failed (result=%d)\n",
2487 netdev_warn(hw->wlandev->netdev,
2488 "Most likely the card will be functional\n");
2492 hw->state = HFA384x_STATE_RUNNING;
2498 /*----------------------------------------------------------------
2501 * Shuts down the MAC to the point where it is safe to unload the
2502 * driver. Any subsystem that may be holding a data or function
2503 * ptr into the driver must be cleared/deinitialized.
2506 * hw device structure
2509 * >0 f/w reported error - f/w status code
2510 * <0 driver reported error
2516 ----------------------------------------------------------------*/
2517 int hfa384x_drvr_stop(hfa384x_t *hw)
2523 /* There's no need for spinlocks here. The USB "disconnect"
2524 * function sets this "removed" flag and then calls us.
2526 if (!hw->wlandev->hwremoved) {
2527 /* Call initialize to leave the MAC in its 'reset' state */
2528 hfa384x_cmd_initialize(hw);
2530 /* Cancel the rxurb */
2531 usb_kill_urb(&hw->rx_urb);
2534 hw->link_status = HFA384x_LINK_NOTCONNECTED;
2535 hw->state = HFA384x_STATE_INIT;
2537 del_timer_sync(&hw->commsqual_timer);
2539 /* Clear all the port status */
2540 for (i = 0; i < HFA384x_NUMPORTS_MAX; i++)
2541 hw->port_enabled[i] = 0;
2546 /*----------------------------------------------------------------
2547 * hfa384x_drvr_txframe
2549 * Takes a frame from prism2sta and queues it for transmission.
2552 * hw device structure
2553 * skb packet buffer struct. Contains an 802.11
2555 * p80211_hdr points to the 802.11 header for the packet.
2557 * 0 Success and more buffs available
2558 * 1 Success but no more buffs
2559 * 2 Allocation failure
2560 * 4 Buffer full or queue busy
2566 ----------------------------------------------------------------*/
2567 int hfa384x_drvr_txframe(hfa384x_t *hw, struct sk_buff *skb,
2568 union p80211_hdr *p80211_hdr,
2569 struct p80211_metawep *p80211_wep)
2571 int usbpktlen = sizeof(hfa384x_tx_frame_t);
2576 if (hw->tx_urb.status == -EINPROGRESS) {
2577 netdev_warn(hw->wlandev->netdev, "TX URB already in use\n");
2582 /* Build Tx frame structure */
2583 /* Set up the control field */
2584 memset(&hw->txbuff.txfrm.desc, 0, sizeof(hw->txbuff.txfrm.desc));
2586 /* Setup the usb type field */
2587 hw->txbuff.type = cpu_to_le16(HFA384x_USB_TXFRM);
2589 /* Set up the sw_support field to identify this frame */
2590 hw->txbuff.txfrm.desc.sw_support = 0x0123;
2592 /* Tx complete and Tx exception disable per dleach. Might be causing
2595 /* #define DOEXC SLP -- doboth breaks horribly under load, doexc less so. */
2597 hw->txbuff.txfrm.desc.tx_control =
2598 HFA384x_TX_MACPORT_SET(0) | HFA384x_TX_STRUCTYPE_SET(1) |
2599 HFA384x_TX_TXEX_SET(1) | HFA384x_TX_TXOK_SET(1);
2600 #elif defined(DOEXC)
2601 hw->txbuff.txfrm.desc.tx_control =
2602 HFA384x_TX_MACPORT_SET(0) | HFA384x_TX_STRUCTYPE_SET(1) |
2603 HFA384x_TX_TXEX_SET(1) | HFA384x_TX_TXOK_SET(0);
2605 hw->txbuff.txfrm.desc.tx_control =
2606 HFA384x_TX_MACPORT_SET(0) | HFA384x_TX_STRUCTYPE_SET(1) |
2607 HFA384x_TX_TXEX_SET(0) | HFA384x_TX_TXOK_SET(0);
2609 hw->txbuff.txfrm.desc.tx_control =
2610 cpu_to_le16(hw->txbuff.txfrm.desc.tx_control);
2612 /* copy the header over to the txdesc */
2613 memcpy(&(hw->txbuff.txfrm.desc.frame_control), p80211_hdr,
2614 sizeof(union p80211_hdr));
2616 /* if we're using host WEP, increase size by IV+ICV */
2617 if (p80211_wep->data) {
2618 hw->txbuff.txfrm.desc.data_len = cpu_to_le16(skb->len + 8);
2621 hw->txbuff.txfrm.desc.data_len = cpu_to_le16(skb->len);
2624 usbpktlen += skb->len;
2626 /* copy over the WEP IV if we are using host WEP */
2627 ptr = hw->txbuff.txfrm.data;
2628 if (p80211_wep->data) {
2629 memcpy(ptr, p80211_wep->iv, sizeof(p80211_wep->iv));
2630 ptr += sizeof(p80211_wep->iv);
2631 memcpy(ptr, p80211_wep->data, skb->len);
2633 memcpy(ptr, skb->data, skb->len);
2635 /* copy over the packet data */
2638 /* copy over the WEP ICV if we are using host WEP */
2639 if (p80211_wep->data)
2640 memcpy(ptr, p80211_wep->icv, sizeof(p80211_wep->icv));
2642 /* Send the USB packet */
2643 usb_fill_bulk_urb(&(hw->tx_urb), hw->usb,
2645 &(hw->txbuff), ROUNDUP64(usbpktlen),
2646 hfa384x_usbout_callback, hw->wlandev);
2647 hw->tx_urb.transfer_flags |= USB_QUEUE_BULK;
2650 ret = submit_tx_urb(hw, &hw->tx_urb, GFP_ATOMIC);
2652 netdev_err(hw->wlandev->netdev,
2653 "submit_tx_urb() failed, error=%d\n", ret);
2661 void hfa384x_tx_timeout(wlandevice_t *wlandev)
2663 hfa384x_t *hw = wlandev->priv;
2664 unsigned long flags;
2666 spin_lock_irqsave(&hw->ctlxq.lock, flags);
2668 if (!hw->wlandev->hwremoved) {
2671 sched = !test_and_set_bit(WORK_TX_HALT, &hw->usb_flags);
2672 sched |= !test_and_set_bit(WORK_RX_HALT, &hw->usb_flags);
2674 schedule_work(&hw->usb_work);
2677 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
2680 /*----------------------------------------------------------------
2681 * hfa384x_usbctlx_reaper_task
2683 * Tasklet to delete dead CTLX objects
2686 * data ptr to a hfa384x_t
2692 ----------------------------------------------------------------*/
2693 static void hfa384x_usbctlx_reaper_task(unsigned long data)
2695 hfa384x_t *hw = (hfa384x_t *)data;
2696 hfa384x_usbctlx_t *ctlx, *temp;
2697 unsigned long flags;
2699 spin_lock_irqsave(&hw->ctlxq.lock, flags);
2701 /* This list is guaranteed to be empty if someone
2702 * has unplugged the adapter.
2704 list_for_each_entry_safe(ctlx, temp, &hw->ctlxq.reapable, list) {
2705 list_del(&ctlx->list);
2709 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
2712 /*----------------------------------------------------------------
2713 * hfa384x_usbctlx_completion_task
2715 * Tasklet to call completion handlers for returned CTLXs
2718 * data ptr to hfa384x_t
2725 ----------------------------------------------------------------*/
2726 static void hfa384x_usbctlx_completion_task(unsigned long data)
2728 hfa384x_t *hw = (hfa384x_t *)data;
2729 hfa384x_usbctlx_t *ctlx, *temp;
2730 unsigned long flags;
2734 spin_lock_irqsave(&hw->ctlxq.lock, flags);
2736 /* This list is guaranteed to be empty if someone
2737 * has unplugged the adapter ...
2739 list_for_each_entry_safe(ctlx, temp, &hw->ctlxq.completing, list) {
2740 /* Call the completion function that this
2741 * command was assigned, assuming it has one.
2743 if (ctlx->cmdcb != NULL) {
2744 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
2745 ctlx->cmdcb(hw, ctlx);
2746 spin_lock_irqsave(&hw->ctlxq.lock, flags);
2748 /* Make sure we don't try and complete
2749 * this CTLX more than once!
2753 /* Did someone yank the adapter out
2754 * while our list was (briefly) unlocked?
2756 if (hw->wlandev->hwremoved) {
2763 * "Reapable" CTLXs are ones which don't have any
2764 * threads waiting for them to die. Hence they must
2765 * be delivered to The Reaper!
2767 if (ctlx->reapable) {
2768 /* Move the CTLX off the "completing" list (hopefully)
2769 * on to the "reapable" list where the reaper task
2770 * can find it. And "reapable" means that this CTLX
2771 * isn't sitting on a wait-queue somewhere.
2773 list_move_tail(&ctlx->list, &hw->ctlxq.reapable);
2777 complete(&ctlx->done);
2779 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
2782 tasklet_schedule(&hw->reaper_bh);
2785 /*----------------------------------------------------------------
2786 * unlocked_usbctlx_cancel_async
2788 * Mark the CTLX dead asynchronously, and ensure that the
2789 * next command on the queue is run afterwards.
2792 * hw ptr to the hfa384x_t structure
2793 * ctlx ptr to a CTLX structure
2796 * 0 the CTLX's URB is inactive
2797 * -EINPROGRESS the URB is currently being unlinked
2800 * Either process or interrupt, but presumably interrupt
2801 ----------------------------------------------------------------*/
2802 static int unlocked_usbctlx_cancel_async(hfa384x_t *hw,
2803 hfa384x_usbctlx_t *ctlx)
2808 * Try to delete the URB containing our request packet.
2809 * If we succeed, then its completion handler will be
2810 * called with a status of -ECONNRESET.
2812 hw->ctlx_urb.transfer_flags |= URB_ASYNC_UNLINK;
2813 ret = usb_unlink_urb(&hw->ctlx_urb);
2815 if (ret != -EINPROGRESS) {
2817 * The OUT URB had either already completed
2818 * or was still in the pending queue, so the
2819 * URB's completion function will not be called.
2820 * We will have to complete the CTLX ourselves.
2822 ctlx->state = CTLX_REQ_FAILED;
2823 unlocked_usbctlx_complete(hw, ctlx);
2830 /*----------------------------------------------------------------
2831 * unlocked_usbctlx_complete
2833 * A CTLX has completed. It may have been successful, it may not
2834 * have been. At this point, the CTLX should be quiescent. The URBs
2835 * aren't active and the timers should have been stopped.
2837 * The CTLX is migrated to the "completing" queue, and the completing
2838 * tasklet is scheduled.
2841 * hw ptr to a hfa384x_t structure
2842 * ctlx ptr to a ctlx structure
2850 * Either, assume interrupt
2851 ----------------------------------------------------------------*/
2852 static void unlocked_usbctlx_complete(hfa384x_t *hw, hfa384x_usbctlx_t *ctlx)
2854 /* Timers have been stopped, and ctlx should be in
2855 * a terminal state. Retire it from the "active"
2858 list_move_tail(&ctlx->list, &hw->ctlxq.completing);
2859 tasklet_schedule(&hw->completion_bh);
2861 switch (ctlx->state) {
2863 case CTLX_REQ_FAILED:
2864 /* This are the correct terminating states. */
2868 netdev_err(hw->wlandev->netdev, "CTLX[%d] not in a terminating state(%s)\n",
2869 le16_to_cpu(ctlx->outbuf.type),
2870 ctlxstr(ctlx->state));
2875 /*----------------------------------------------------------------
2876 * hfa384x_usbctlxq_run
2878 * Checks to see if the head item is running. If not, starts it.
2881 * hw ptr to hfa384x_t
2890 ----------------------------------------------------------------*/
2891 static void hfa384x_usbctlxq_run(hfa384x_t *hw)
2893 unsigned long flags;
2896 spin_lock_irqsave(&hw->ctlxq.lock, flags);
2898 /* Only one active CTLX at any one time, because there's no
2899 * other (reliable) way to match the response URB to the
2902 * Don't touch any of these CTLXs if the hardware
2903 * has been removed or the USB subsystem is stalled.
2905 if (!list_empty(&hw->ctlxq.active) ||
2906 test_bit(WORK_TX_HALT, &hw->usb_flags) || hw->wlandev->hwremoved)
2909 while (!list_empty(&hw->ctlxq.pending)) {
2910 hfa384x_usbctlx_t *head;
2913 /* This is the first pending command */
2914 head = list_entry(hw->ctlxq.pending.next,
2915 hfa384x_usbctlx_t, list);
2917 /* We need to split this off to avoid a race condition */
2918 list_move_tail(&head->list, &hw->ctlxq.active);
2920 /* Fill the out packet */
2921 usb_fill_bulk_urb(&(hw->ctlx_urb), hw->usb,
2923 &(head->outbuf), ROUNDUP64(head->outbufsize),
2924 hfa384x_ctlxout_callback, hw);
2925 hw->ctlx_urb.transfer_flags |= USB_QUEUE_BULK;
2927 /* Now submit the URB and update the CTLX's state */
2928 result = SUBMIT_URB(&hw->ctlx_urb, GFP_ATOMIC);
2930 /* This CTLX is now running on the active queue */
2931 head->state = CTLX_REQ_SUBMITTED;
2933 /* Start the OUT wait timer */
2934 hw->req_timer_done = 0;
2935 hw->reqtimer.expires = jiffies + HZ;
2936 add_timer(&hw->reqtimer);
2938 /* Start the IN wait timer */
2939 hw->resp_timer_done = 0;
2940 hw->resptimer.expires = jiffies + 2 * HZ;
2941 add_timer(&hw->resptimer);
2946 if (result == -EPIPE) {
2947 /* The OUT pipe needs resetting, so put
2948 * this CTLX back in the "pending" queue
2949 * and schedule a reset ...
2951 netdev_warn(hw->wlandev->netdev,
2952 "%s tx pipe stalled: requesting reset\n",
2953 hw->wlandev->netdev->name);
2954 list_move(&head->list, &hw->ctlxq.pending);
2955 set_bit(WORK_TX_HALT, &hw->usb_flags);
2956 schedule_work(&hw->usb_work);
2960 if (result == -ESHUTDOWN) {
2961 netdev_warn(hw->wlandev->netdev, "%s urb shutdown!\n",
2962 hw->wlandev->netdev->name);
2966 netdev_err(hw->wlandev->netdev, "Failed to submit CTLX[%d]: error=%d\n",
2967 le16_to_cpu(head->outbuf.type), result);
2968 unlocked_usbctlx_complete(hw, head);
2972 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
2975 /*----------------------------------------------------------------
2976 * hfa384x_usbin_callback
2978 * Callback for URBs on the BULKIN endpoint.
2981 * urb ptr to the completed urb
2990 ----------------------------------------------------------------*/
2991 static void hfa384x_usbin_callback(struct urb *urb)
2993 wlandevice_t *wlandev = urb->context;
2995 hfa384x_usbin_t *usbin = (hfa384x_usbin_t *)urb->transfer_buffer;
2996 struct sk_buff *skb = NULL;
3007 if (!wlandev || !wlandev->netdev || wlandev->hwremoved)
3014 skb = hw->rx_urb_skb;
3015 BUG_ON(!skb || (skb->data != urb->transfer_buffer));
3017 hw->rx_urb_skb = NULL;
3019 /* Check for error conditions within the URB */
3020 switch (urb->status) {
3024 /* Check for short packet */
3025 if (urb->actual_length == 0) {
3026 wlandev->netdev->stats.rx_errors++;
3027 wlandev->netdev->stats.rx_length_errors++;
3033 netdev_warn(hw->wlandev->netdev, "%s rx pipe stalled: requesting reset\n",
3034 wlandev->netdev->name);
3035 if (!test_and_set_bit(WORK_RX_HALT, &hw->usb_flags))
3036 schedule_work(&hw->usb_work);
3037 wlandev->netdev->stats.rx_errors++;
3044 if (!test_and_set_bit(THROTTLE_RX, &hw->usb_flags) &&
3045 !timer_pending(&hw->throttle)) {
3046 mod_timer(&hw->throttle, jiffies + THROTTLE_JIFFIES);
3048 wlandev->netdev->stats.rx_errors++;
3053 wlandev->netdev->stats.rx_over_errors++;
3059 pr_debug("status=%d, device removed.\n", urb->status);
3065 pr_debug("status=%d, urb explicitly unlinked.\n", urb->status);
3070 pr_debug("urb status=%d, transfer flags=0x%x\n",
3071 urb->status, urb->transfer_flags);
3072 wlandev->netdev->stats.rx_errors++;
3077 urb_status = urb->status;
3079 if (action != ABORT) {
3080 /* Repost the RX URB */
3081 result = submit_rx_urb(hw, GFP_ATOMIC);
3084 netdev_err(hw->wlandev->netdev,
3085 "Fatal, failed to resubmit rx_urb. error=%d\n",
3090 /* Handle any USB-IN packet */
3091 /* Note: the check of the sw_support field, the type field doesn't
3092 * have bit 12 set like the docs suggest.
3094 type = le16_to_cpu(usbin->type);
3095 if (HFA384x_USB_ISRXFRM(type)) {
3096 if (action == HANDLE) {
3097 if (usbin->txfrm.desc.sw_support == 0x0123) {
3098 hfa384x_usbin_txcompl(wlandev, usbin);
3100 skb_put(skb, sizeof(*usbin));
3101 hfa384x_usbin_rx(wlandev, skb);
3107 if (HFA384x_USB_ISTXFRM(type)) {
3108 if (action == HANDLE)
3109 hfa384x_usbin_txcompl(wlandev, usbin);
3113 case HFA384x_USB_INFOFRM:
3114 if (action == ABORT)
3116 if (action == HANDLE)
3117 hfa384x_usbin_info(wlandev, usbin);
3120 case HFA384x_USB_CMDRESP:
3121 case HFA384x_USB_WRIDRESP:
3122 case HFA384x_USB_RRIDRESP:
3123 case HFA384x_USB_WMEMRESP:
3124 case HFA384x_USB_RMEMRESP:
3125 /* ALWAYS, ALWAYS, ALWAYS handle this CTLX!!!! */
3126 hfa384x_usbin_ctlx(hw, usbin, urb_status);
3129 case HFA384x_USB_BUFAVAIL:
3130 pr_debug("Received BUFAVAIL packet, frmlen=%d\n",
3131 usbin->bufavail.frmlen);
3134 case HFA384x_USB_ERROR:
3135 pr_debug("Received USB_ERROR packet, errortype=%d\n",
3136 usbin->usberror.errortype);
3140 pr_debug("Unrecognized USBIN packet, type=%x, status=%d\n",
3141 usbin->type, urb_status);
3151 /*----------------------------------------------------------------
3152 * hfa384x_usbin_ctlx
3154 * We've received a URB containing a Prism2 "response" message.
3155 * This message needs to be matched up with a CTLX on the active
3156 * queue and our state updated accordingly.
3159 * hw ptr to hfa384x_t
3160 * usbin ptr to USB IN packet
3161 * urb_status status of this Bulk-In URB
3170 ----------------------------------------------------------------*/
3171 static void hfa384x_usbin_ctlx(hfa384x_t *hw, hfa384x_usbin_t *usbin,
3174 hfa384x_usbctlx_t *ctlx;
3176 unsigned long flags;
3179 spin_lock_irqsave(&hw->ctlxq.lock, flags);
3181 /* There can be only one CTLX on the active queue
3182 * at any one time, and this is the CTLX that the
3183 * timers are waiting for.
3185 if (list_empty(&hw->ctlxq.active))
3188 /* Remove the "response timeout". It's possible that
3189 * we are already too late, and that the timeout is
3190 * already running. And that's just too bad for us,
3191 * because we could lose our CTLX from the active
3194 if (del_timer(&hw->resptimer) == 0) {
3195 if (hw->resp_timer_done == 0) {
3196 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
3200 hw->resp_timer_done = 1;
3203 ctlx = get_active_ctlx(hw);
3205 if (urb_status != 0) {
3207 * Bad CTLX, so get rid of it. But we only
3208 * remove it from the active queue if we're no
3209 * longer expecting the OUT URB to complete.
3211 if (unlocked_usbctlx_cancel_async(hw, ctlx) == 0)
3214 const __le16 intype = (usbin->type & ~cpu_to_le16(0x8000));
3217 * Check that our message is what we're expecting ...
3219 if (ctlx->outbuf.type != intype) {
3220 netdev_warn(hw->wlandev->netdev,
3221 "Expected IN[%d], received IN[%d] - ignored.\n",
3222 le16_to_cpu(ctlx->outbuf.type),
3223 le16_to_cpu(intype));
3227 /* This URB has succeeded, so grab the data ... */
3228 memcpy(&ctlx->inbuf, usbin, sizeof(ctlx->inbuf));
3230 switch (ctlx->state) {
3231 case CTLX_REQ_SUBMITTED:
3233 * We have received our response URB before
3234 * our request has been acknowledged. Odd,
3235 * but our OUT URB is still alive...
3237 pr_debug("Causality violation: please reboot Universe\n");
3238 ctlx->state = CTLX_RESP_COMPLETE;
3241 case CTLX_REQ_COMPLETE:
3243 * This is the usual path: our request
3244 * has already been acknowledged, and
3245 * now we have received the reply too.
3247 ctlx->state = CTLX_COMPLETE;
3248 unlocked_usbctlx_complete(hw, ctlx);
3254 * Throw this CTLX away ...
3256 netdev_err(hw->wlandev->netdev,
3257 "Matched IN URB, CTLX[%d] in invalid state(%s). Discarded.\n",
3258 le16_to_cpu(ctlx->outbuf.type),
3259 ctlxstr(ctlx->state));
3260 if (unlocked_usbctlx_cancel_async(hw, ctlx) == 0)
3267 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
3270 hfa384x_usbctlxq_run(hw);
3273 /*----------------------------------------------------------------
3274 * hfa384x_usbin_txcompl
3276 * At this point we have the results of a previous transmit.
3279 * wlandev wlan device
3280 * usbin ptr to the usb transfer buffer
3289 ----------------------------------------------------------------*/
3290 static void hfa384x_usbin_txcompl(wlandevice_t *wlandev,
3291 hfa384x_usbin_t *usbin)
3295 status = le16_to_cpu(usbin->type); /* yeah I know it says type... */
3297 /* Was there an error? */
3298 if (HFA384x_TXSTATUS_ISERROR(status))
3299 prism2sta_ev_txexc(wlandev, status);
3301 prism2sta_ev_tx(wlandev, status);
3304 /*----------------------------------------------------------------
3307 * At this point we have a successful received a rx frame packet.
3310 * wlandev wlan device
3311 * usbin ptr to the usb transfer buffer
3320 ----------------------------------------------------------------*/
3321 static void hfa384x_usbin_rx(wlandevice_t *wlandev, struct sk_buff *skb)
3323 hfa384x_usbin_t *usbin = (hfa384x_usbin_t *)skb->data;
3324 hfa384x_t *hw = wlandev->priv;
3326 struct p80211_rxmeta *rxmeta;
3330 /* Byte order convert once up front. */
3331 usbin->rxfrm.desc.status = le16_to_cpu(usbin->rxfrm.desc.status);
3332 usbin->rxfrm.desc.time = le32_to_cpu(usbin->rxfrm.desc.time);
3334 /* Now handle frame based on port# */
3335 switch (HFA384x_RXSTATUS_MACPORT_GET(usbin->rxfrm.desc.status)) {
3337 fc = le16_to_cpu(usbin->rxfrm.desc.frame_control);
3339 /* If exclude and we receive an unencrypted, drop it */
3340 if ((wlandev->hostwep & HOSTWEP_EXCLUDEUNENCRYPTED) &&
3341 !WLAN_GET_FC_ISWEP(fc)) {
3345 data_len = le16_to_cpu(usbin->rxfrm.desc.data_len);
3347 /* How much header data do we have? */
3348 hdrlen = p80211_headerlen(fc);
3350 /* Pull off the descriptor */
3351 skb_pull(skb, sizeof(hfa384x_rx_frame_t));
3353 /* Now shunt the header block up against the data block
3354 * with an "overlapping" copy
3356 memmove(skb_push(skb, hdrlen),
3357 &usbin->rxfrm.desc.frame_control, hdrlen);
3359 skb->dev = wlandev->netdev;
3360 skb->dev->last_rx = jiffies;
3362 /* And set the frame length properly */
3363 skb_trim(skb, data_len + hdrlen);
3365 /* The prism2 series does not return the CRC */
3366 memset(skb_put(skb, WLAN_CRC_LEN), 0xff, WLAN_CRC_LEN);
3368 skb_reset_mac_header(skb);
3370 /* Attach the rxmeta, set some stuff */
3371 p80211skb_rxmeta_attach(wlandev, skb);
3372 rxmeta = P80211SKB_RXMETA(skb);
3373 rxmeta->mactime = usbin->rxfrm.desc.time;
3374 rxmeta->rxrate = usbin->rxfrm.desc.rate;
3375 rxmeta->signal = usbin->rxfrm.desc.signal - hw->dbmadjust;
3376 rxmeta->noise = usbin->rxfrm.desc.silence - hw->dbmadjust;
3378 p80211netdev_rx(wlandev, skb);
3383 if (!HFA384x_RXSTATUS_ISFCSERR(usbin->rxfrm.desc.status)) {
3384 /* Copy to wlansnif skb */
3385 hfa384x_int_rxmonitor(wlandev, &usbin->rxfrm);
3388 pr_debug("Received monitor frame: FCSerr set\n");
3393 netdev_warn(hw->wlandev->netdev, "Received frame on unsupported port=%d\n",
3394 HFA384x_RXSTATUS_MACPORT_GET(
3395 usbin->rxfrm.desc.status));
3400 /*----------------------------------------------------------------
3401 * hfa384x_int_rxmonitor
3403 * Helper function for int_rx. Handles monitor frames.
3404 * Note that this function allocates space for the FCS and sets it
3405 * to 0xffffffff. The hfa384x doesn't give us the FCS value but the
3406 * higher layers expect it. 0xffffffff is used as a flag to indicate
3410 * wlandev wlan device structure
3411 * rxfrm rx descriptor read from card in int_rx
3417 * Allocates an skb and passes it up via the PF_PACKET interface.
3420 ----------------------------------------------------------------*/
3421 static void hfa384x_int_rxmonitor(wlandevice_t *wlandev,
3422 hfa384x_usb_rxfrm_t *rxfrm)
3424 hfa384x_rx_frame_t *rxdesc = &(rxfrm->desc);
3425 unsigned int hdrlen = 0;
3426 unsigned int datalen = 0;
3427 unsigned int skblen = 0;
3430 struct sk_buff *skb;
3431 hfa384x_t *hw = wlandev->priv;
3433 /* Remember the status, time, and data_len fields are in host order */
3434 /* Figure out how big the frame is */
3435 fc = le16_to_cpu(rxdesc->frame_control);
3436 hdrlen = p80211_headerlen(fc);
3437 datalen = le16_to_cpu(rxdesc->data_len);
3439 /* Allocate an ind message+framesize skb */
3440 skblen = sizeof(struct p80211_caphdr) + hdrlen + datalen + WLAN_CRC_LEN;
3442 /* sanity check the length */
3444 (sizeof(struct p80211_caphdr) +
3445 WLAN_HDR_A4_LEN + WLAN_DATA_MAXLEN + WLAN_CRC_LEN)) {
3446 pr_debug("overlen frm: len=%zd\n",
3447 skblen - sizeof(struct p80211_caphdr));
3450 skb = dev_alloc_skb(skblen);
3454 /* only prepend the prism header if in the right mode */
3455 if ((wlandev->netdev->type == ARPHRD_IEEE80211_PRISM) &&
3456 (hw->sniffhdr != 0)) {
3457 struct p80211_caphdr *caphdr;
3458 /* The NEW header format! */
3459 datap = skb_put(skb, sizeof(struct p80211_caphdr));
3460 caphdr = (struct p80211_caphdr *)datap;
3462 caphdr->version = htonl(P80211CAPTURE_VERSION);
3463 caphdr->length = htonl(sizeof(struct p80211_caphdr));
3464 caphdr->mactime = __cpu_to_be64(rxdesc->time) * 1000;
3465 caphdr->hosttime = __cpu_to_be64(jiffies);
3466 caphdr->phytype = htonl(4); /* dss_dot11_b */
3467 caphdr->channel = htonl(hw->sniff_channel);
3468 caphdr->datarate = htonl(rxdesc->rate);
3469 caphdr->antenna = htonl(0); /* unknown */
3470 caphdr->priority = htonl(0); /* unknown */
3471 caphdr->ssi_type = htonl(3); /* rssi_raw */
3472 caphdr->ssi_signal = htonl(rxdesc->signal);
3473 caphdr->ssi_noise = htonl(rxdesc->silence);
3474 caphdr->preamble = htonl(0); /* unknown */
3475 caphdr->encoding = htonl(1); /* cck */
3478 /* Copy the 802.11 header to the skb
3479 (ctl frames may be less than a full header) */
3480 datap = skb_put(skb, hdrlen);
3481 memcpy(datap, &(rxdesc->frame_control), hdrlen);
3483 /* If any, copy the data from the card to the skb */
3485 datap = skb_put(skb, datalen);
3486 memcpy(datap, rxfrm->data, datalen);
3488 /* check for unencrypted stuff if WEP bit set. */
3489 if (*(datap - hdrlen + 1) & 0x40) /* wep set */
3490 if ((*(datap) == 0xaa) && (*(datap + 1) == 0xaa))
3491 /* clear wep; it's the 802.2 header! */
3492 *(datap - hdrlen + 1) &= 0xbf;
3495 if (hw->sniff_fcs) {
3497 datap = skb_put(skb, WLAN_CRC_LEN);
3498 memset(datap, 0xff, WLAN_CRC_LEN);
3501 /* pass it back up */
3502 p80211netdev_rx(wlandev, skb);
3505 /*----------------------------------------------------------------
3506 * hfa384x_usbin_info
3508 * At this point we have a successful received a Prism2 info frame.
3511 * wlandev wlan device
3512 * usbin ptr to the usb transfer buffer
3521 ----------------------------------------------------------------*/
3522 static void hfa384x_usbin_info(wlandevice_t *wlandev, hfa384x_usbin_t *usbin)
3524 usbin->infofrm.info.framelen =
3525 le16_to_cpu(usbin->infofrm.info.framelen);
3526 prism2sta_ev_info(wlandev, &usbin->infofrm.info);
3529 /*----------------------------------------------------------------
3530 * hfa384x_usbout_callback
3532 * Callback for URBs on the BULKOUT endpoint.
3535 * urb ptr to the completed urb
3544 ----------------------------------------------------------------*/
3545 static void hfa384x_usbout_callback(struct urb *urb)
3547 wlandevice_t *wlandev = urb->context;
3553 if (wlandev && wlandev->netdev) {
3554 switch (urb->status) {
3556 prism2sta_ev_alloc(wlandev);
3561 hfa384x_t *hw = wlandev->priv;
3563 netdev_warn(hw->wlandev->netdev,
3564 "%s tx pipe stalled: requesting reset\n",
3565 wlandev->netdev->name);
3566 if (!test_and_set_bit
3567 (WORK_TX_HALT, &hw->usb_flags))
3568 schedule_work(&hw->usb_work);
3569 wlandev->netdev->stats.tx_errors++;
3577 hfa384x_t *hw = wlandev->priv;
3579 if (!test_and_set_bit
3580 (THROTTLE_TX, &hw->usb_flags) &&
3581 !timer_pending(&hw->throttle)) {
3582 mod_timer(&hw->throttle,
3583 jiffies + THROTTLE_JIFFIES);
3585 wlandev->netdev->stats.tx_errors++;
3586 netif_stop_queue(wlandev->netdev);
3592 /* Ignorable errors */
3596 netdev_info(wlandev->netdev, "unknown urb->status=%d\n",
3598 wlandev->netdev->stats.tx_errors++;
3604 /*----------------------------------------------------------------
3605 * hfa384x_ctlxout_callback
3607 * Callback for control data on the BULKOUT endpoint.
3610 * urb ptr to the completed urb
3619 ----------------------------------------------------------------*/
3620 static void hfa384x_ctlxout_callback(struct urb *urb)
3622 hfa384x_t *hw = urb->context;
3623 int delete_resptimer = 0;
3626 hfa384x_usbctlx_t *ctlx;
3627 unsigned long flags;
3629 pr_debug("urb->status=%d\n", urb->status);
3633 if ((urb->status == -ESHUTDOWN) ||
3634 (urb->status == -ENODEV) || (hw == NULL))
3638 spin_lock_irqsave(&hw->ctlxq.lock, flags);
3641 * Only one CTLX at a time on the "active" list, and
3642 * none at all if we are unplugged. However, we can
3643 * rely on the disconnect function to clean everything
3644 * up if someone unplugged the adapter.
3646 if (list_empty(&hw->ctlxq.active)) {
3647 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
3652 * Having something on the "active" queue means
3653 * that we have timers to worry about ...
3655 if (del_timer(&hw->reqtimer) == 0) {
3656 if (hw->req_timer_done == 0) {
3658 * This timer was actually running while we
3659 * were trying to delete it. Let it terminate
3660 * gracefully instead.
3662 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
3666 hw->req_timer_done = 1;
3669 ctlx = get_active_ctlx(hw);
3671 if (urb->status == 0) {
3672 /* Request portion of a CTLX is successful */
3673 switch (ctlx->state) {
3674 case CTLX_REQ_SUBMITTED:
3675 /* This OUT-ACK received before IN */
3676 ctlx->state = CTLX_REQ_COMPLETE;
3679 case CTLX_RESP_COMPLETE:
3680 /* IN already received before this OUT-ACK,
3681 * so this command must now be complete.
3683 ctlx->state = CTLX_COMPLETE;
3684 unlocked_usbctlx_complete(hw, ctlx);
3689 /* This is NOT a valid CTLX "success" state! */
3690 netdev_err(hw->wlandev->netdev,
3691 "Illegal CTLX[%d] success state(%s, %d) in OUT URB\n",
3692 le16_to_cpu(ctlx->outbuf.type),
3693 ctlxstr(ctlx->state), urb->status);
3697 /* If the pipe has stalled then we need to reset it */
3698 if ((urb->status == -EPIPE) &&
3699 !test_and_set_bit(WORK_TX_HALT, &hw->usb_flags)) {
3700 netdev_warn(hw->wlandev->netdev,
3701 "%s tx pipe stalled: requesting reset\n",
3702 hw->wlandev->netdev->name);
3703 schedule_work(&hw->usb_work);
3706 /* If someone cancels the OUT URB then its status
3707 * should be either -ECONNRESET or -ENOENT.
3709 ctlx->state = CTLX_REQ_FAILED;
3710 unlocked_usbctlx_complete(hw, ctlx);
3711 delete_resptimer = 1;
3716 if (delete_resptimer) {
3717 timer_ok = del_timer(&hw->resptimer);
3719 hw->resp_timer_done = 1;
3722 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
3724 if (!timer_ok && (hw->resp_timer_done == 0)) {
3725 spin_lock_irqsave(&hw->ctlxq.lock, flags);
3730 hfa384x_usbctlxq_run(hw);
3733 /*----------------------------------------------------------------
3734 * hfa384x_usbctlx_reqtimerfn
3736 * Timer response function for CTLX request timeouts. If this
3737 * function is called, it means that the callback for the OUT
3738 * URB containing a Prism2.x XXX_Request was never called.
3741 * data a ptr to the hfa384x_t
3750 ----------------------------------------------------------------*/
3751 static void hfa384x_usbctlx_reqtimerfn(unsigned long data)
3753 hfa384x_t *hw = (hfa384x_t *)data;
3754 unsigned long flags;
3756 spin_lock_irqsave(&hw->ctlxq.lock, flags);
3758 hw->req_timer_done = 1;
3760 /* Removing the hardware automatically empties
3761 * the active list ...
3763 if (!list_empty(&hw->ctlxq.active)) {
3765 * We must ensure that our URB is removed from
3766 * the system, if it hasn't already expired.
3768 hw->ctlx_urb.transfer_flags |= URB_ASYNC_UNLINK;
3769 if (usb_unlink_urb(&hw->ctlx_urb) == -EINPROGRESS) {
3770 hfa384x_usbctlx_t *ctlx = get_active_ctlx(hw);
3772 ctlx->state = CTLX_REQ_FAILED;
3774 /* This URB was active, but has now been
3775 * cancelled. It will now have a status of
3776 * -ECONNRESET in the callback function.
3778 * We are cancelling this CTLX, so we're
3779 * not going to need to wait for a response.
3780 * The URB's callback function will check
3781 * that this timer is truly dead.
3783 if (del_timer(&hw->resptimer) != 0)
3784 hw->resp_timer_done = 1;
3788 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
3791 /*----------------------------------------------------------------
3792 * hfa384x_usbctlx_resptimerfn
3794 * Timer response function for CTLX response timeouts. If this
3795 * function is called, it means that the callback for the IN
3796 * URB containing a Prism2.x XXX_Response was never called.
3799 * data a ptr to the hfa384x_t
3808 ----------------------------------------------------------------*/
3809 static void hfa384x_usbctlx_resptimerfn(unsigned long data)
3811 hfa384x_t *hw = (hfa384x_t *)data;
3812 unsigned long flags;
3814 spin_lock_irqsave(&hw->ctlxq.lock, flags);
3816 hw->resp_timer_done = 1;
3818 /* The active list will be empty if the
3819 * adapter has been unplugged ...
3821 if (!list_empty(&hw->ctlxq.active)) {
3822 hfa384x_usbctlx_t *ctlx = get_active_ctlx(hw);
3824 if (unlocked_usbctlx_cancel_async(hw, ctlx) == 0) {
3825 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
3826 hfa384x_usbctlxq_run(hw);
3830 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
3833 /*----------------------------------------------------------------
3834 * hfa384x_usb_throttlefn
3847 ----------------------------------------------------------------*/
3848 static void hfa384x_usb_throttlefn(unsigned long data)
3850 hfa384x_t *hw = (hfa384x_t *)data;
3851 unsigned long flags;
3853 spin_lock_irqsave(&hw->ctlxq.lock, flags);
3856 * We need to check BOTH the RX and the TX throttle controls,
3857 * so we use the bitwise OR instead of the logical OR.
3859 pr_debug("flags=0x%lx\n", hw->usb_flags);
3860 if (!hw->wlandev->hwremoved &&
3861 ((test_and_clear_bit(THROTTLE_RX, &hw->usb_flags) &&
3862 !test_and_set_bit(WORK_RX_RESUME, &hw->usb_flags)) |
3863 (test_and_clear_bit(THROTTLE_TX, &hw->usb_flags) &&
3864 !test_and_set_bit(WORK_TX_RESUME, &hw->usb_flags))
3866 schedule_work(&hw->usb_work);
3869 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
3872 /*----------------------------------------------------------------
3873 * hfa384x_usbctlx_submit
3875 * Called from the doxxx functions to submit a CTLX to the queue
3878 * hw ptr to the hw struct
3879 * ctlx ctlx structure to enqueue
3882 * -ENODEV if the adapter is unplugged
3888 * process or interrupt
3889 ----------------------------------------------------------------*/
3890 static int hfa384x_usbctlx_submit(hfa384x_t *hw, hfa384x_usbctlx_t *ctlx)
3892 unsigned long flags;
3894 spin_lock_irqsave(&hw->ctlxq.lock, flags);
3896 if (hw->wlandev->hwremoved) {
3897 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
3901 ctlx->state = CTLX_PENDING;
3902 list_add_tail(&ctlx->list, &hw->ctlxq.pending);
3903 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
3904 hfa384x_usbctlxq_run(hw);
3909 /*----------------------------------------------------------------
3910 * hfa384x_isgood_pdrcore
3912 * Quick check of PDR codes.
3915 * pdrcode PDR code number (host order)
3924 ----------------------------------------------------------------*/
3925 static int hfa384x_isgood_pdrcode(u16 pdrcode)
3928 case HFA384x_PDR_END_OF_PDA:
3929 case HFA384x_PDR_PCB_PARTNUM:
3930 case HFA384x_PDR_PDAVER:
3931 case HFA384x_PDR_NIC_SERIAL:
3932 case HFA384x_PDR_MKK_MEASUREMENTS:
3933 case HFA384x_PDR_NIC_RAMSIZE:
3934 case HFA384x_PDR_MFISUPRANGE:
3935 case HFA384x_PDR_CFISUPRANGE:
3936 case HFA384x_PDR_NICID:
3937 case HFA384x_PDR_MAC_ADDRESS:
3938 case HFA384x_PDR_REGDOMAIN:
3939 case HFA384x_PDR_ALLOWED_CHANNEL:
3940 case HFA384x_PDR_DEFAULT_CHANNEL:
3941 case HFA384x_PDR_TEMPTYPE:
3942 case HFA384x_PDR_IFR_SETTING:
3943 case HFA384x_PDR_RFR_SETTING:
3944 case HFA384x_PDR_HFA3861_BASELINE:
3945 case HFA384x_PDR_HFA3861_SHADOW:
3946 case HFA384x_PDR_HFA3861_IFRF:
3947 case HFA384x_PDR_HFA3861_CHCALSP:
3948 case HFA384x_PDR_HFA3861_CHCALI:
3949 case HFA384x_PDR_3842_NIC_CONFIG:
3950 case HFA384x_PDR_USB_ID:
3951 case HFA384x_PDR_PCI_ID:
3952 case HFA384x_PDR_PCI_IFCONF:
3953 case HFA384x_PDR_PCI_PMCONF:
3954 case HFA384x_PDR_RFENRGY:
3955 case HFA384x_PDR_HFA3861_MANF_TESTSP:
3956 case HFA384x_PDR_HFA3861_MANF_TESTI:
3960 if (pdrcode < 0x1000) {
3961 /* code is OK, but we don't know exactly what it is */
3962 pr_debug("Encountered unknown PDR#=0x%04x, assuming it's ok.\n",
3969 pr_debug("Encountered unknown PDR#=0x%04x, (>=0x1000), assuming it's bad.\n",