drivers/net/wireless/ath/ath6kl/init.c

   1
   2 /*
   3  * Copyright (c) 2011 Atheros Communications Inc.
   4  *
   5  * Permission to use, copy, modify, and/or distribute this software for any
   6  * purpose with or without fee is hereby granted, provided that the above
   7  * copyright notice and this permission notice appear in all copies.
   8  *
   9  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
  10  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
  11  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
  12  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
  13  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
  14  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
  15  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  16  */
  17
  18 #include <linux/moduleparam.h>
  19 #include <linux/of.h>
  20 #include <linux/mmc/sdio_func.h>
  21 #include "core.h"
  22 #include "cfg80211.h"
  23 #include "target.h"
  24 #include "debug.h"
  25 #include "hif-ops.h"
  26
  27 unsigned int debug_mask;
  28 static unsigned int testmode;
  29
  30 module_param(debug_mask, uint, 0644);
  31 module_param(testmode, uint, 0644);
  32
  33 /*
  34  * Include definitions here that can be used to tune the WLAN module
  35  * behavior. Different customers can tune the behavior as per their needs,
  36  * here.
  37  */
  38
  39 /*
  40  * This configuration item enable/disable keepalive support.
  41  * Keepalive support: In the absence of any data traffic to AP, null
  42  * frames will be sent to the AP at periodic interval, to keep the association
  43  * active. This configuration item defines the periodic interval.
  44  * Use value of zero to disable keepalive support
  45  * Default: 60 seconds
  46  */
  47 #define WLAN_CONFIG_KEEP_ALIVE_INTERVAL 60
  48
  49 /*
  50  * This configuration item sets the value of disconnect timeout
  51  * Firmware delays sending the disconnec event to the host for this
  52  * timeout after is gets disconnected from the current AP.
  53  * If the firmware successly roams within the disconnect timeout
  54  * it sends a new connect event
  55  */
  56 #define WLAN_CONFIG_DISCONNECT_TIMEOUT 10
  57
  58 #define CONFIG_AR600x_DEBUG_UART_TX_PIN 8
  59
  60 #define ATH6KL_DATA_OFFSET    64
  61 struct sk_buff *ath6kl_buf_alloc(int size)
  62 {
  63         struct sk_buff *skb;
  64         u16 reserved;
  65
  66         /* Add chacheline space at front and back of buffer */
  67         reserved = (2 * L1_CACHE_BYTES) + ATH6KL_DATA_OFFSET +
  68                    sizeof(struct htc_packet) + ATH6KL_HTC_ALIGN_BYTES;
  69         skb = dev_alloc_skb(size + reserved);
  70
  71         if (skb)
  72                 skb_reserve(skb, reserved - L1_CACHE_BYTES);
  73         return skb;
  74 }
  75
  76 void ath6kl_init_profile_info(struct ath6kl_vif *vif)
  77 {
  78         vif->ssid_len = 0;
  79         memset(vif->ssid, 0, sizeof(vif->ssid));
  80
  81         vif->dot11_auth_mode = OPEN_AUTH;
  82         vif->auth_mode = NONE_AUTH;
  83         vif->prwise_crypto = NONE_CRYPT;
  84         vif->prwise_crypto_len = 0;
  85         vif->grp_crypto = NONE_CRYPT;
  86         vif->grp_crypto_len = 0;
  87         memset(vif->wep_key_list, 0, sizeof(vif->wep_key_list));
  88         memset(vif->req_bssid, 0, sizeof(vif->req_bssid));
  89         memset(vif->bssid, 0, sizeof(vif->bssid));
  90         vif->bss_ch = 0;
  91 }
  92
  93 static int ath6kl_set_host_app_area(struct ath6kl *ar)
  94 {
  95         u32 address, data;
  96         struct host_app_area host_app_area;
  97
  98         /* Fetch the address of the host_app_area_s
  99          * instance in the host interest area */
 100         address = ath6kl_get_hi_item_addr(ar, HI_ITEM(hi_app_host_interest));
 101         address = TARG_VTOP(ar->target_type, address);
 102
 103         if (ath6kl_diag_read32(ar, address, &data))
 104                 return -EIO;
 105
 106         address = TARG_VTOP(ar->target_type, data);
 107         host_app_area.wmi_protocol_ver = cpu_to_le32(WMI_PROTOCOL_VERSION);
 108         if (ath6kl_diag_write(ar, address, (u8 *) &host_app_area,
 109                               sizeof(struct host_app_area)))
 110                 return -EIO;
 111
 112         return 0;
 113 }
 114
 115 static inline void set_ac2_ep_map(struct ath6kl *ar,
 116                                   u8 ac,
 117                                   enum htc_endpoint_id ep)
 118 {
 119         ar->ac2ep_map[ac] = ep;
 120         ar->ep2ac_map[ep] = ac;
 121 }
 122
 123 /* connect to a service */
 124 static int ath6kl_connectservice(struct ath6kl *ar,
 125                                  struct htc_service_connect_req  *con_req,
 126                                  char *desc)
 127 {
 128         int status;
 129         struct htc_service_connect_resp response;
 130
 131         memset(&response, 0, sizeof(response));
 132
 133         status = ath6kl_htc_conn_service(ar->htc_target, con_req, &response);
 134         if (status) {
 135                 ath6kl_err("failed to connect to %s service status:%d\n",
 136                            desc, status);
 137                 return status;
 138         }
 139
 140         switch (con_req->svc_id) {
 141         case WMI_CONTROL_SVC:
 142                 if (test_bit(WMI_ENABLED, &ar->flag))
 143                         ath6kl_wmi_set_control_ep(ar->wmi, response.endpoint);
 144                 ar->ctrl_ep = response.endpoint;
 145                 break;
 146         case WMI_DATA_BE_SVC:
 147                 set_ac2_ep_map(ar, WMM_AC_BE, response.endpoint);
 148                 break;
 149         case WMI_DATA_BK_SVC:
 150                 set_ac2_ep_map(ar, WMM_AC_BK, response.endpoint);
 151                 break;
 152         case WMI_DATA_VI_SVC:
 153                 set_ac2_ep_map(ar, WMM_AC_VI, response.endpoint);
 154                 break;
 155         case WMI_DATA_VO_SVC:
 156                 set_ac2_ep_map(ar, WMM_AC_VO, response.endpoint);
 157                 break;
 158         default:
 159                 ath6kl_err("service id is not mapped %d\n", con_req->svc_id);
 160                 return -EINVAL;
 161         }
 162
 163         return 0;
 164 }
 165
 166 static int ath6kl_init_service_ep(struct ath6kl *ar)
 167 {
 168         struct htc_service_connect_req connect;
 169
 170         memset(&connect, 0, sizeof(connect));
 171
 172         /* these fields are the same for all service endpoints */
 173         connect.ep_cb.rx = ath6kl_rx;
 174         connect.ep_cb.rx_refill = ath6kl_rx_refill;
 175         connect.ep_cb.tx_full = ath6kl_tx_queue_full;
 176
 177         /*
 178          * Set the max queue depth so that our ath6kl_tx_queue_full handler
 179          * gets called.
 180         */
 181         connect.max_txq_depth = MAX_DEFAULT_SEND_QUEUE_DEPTH;
 182         connect.ep_cb.rx_refill_thresh = ATH6KL_MAX_RX_BUFFERS / 4;
 183         if (!connect.ep_cb.rx_refill_thresh)
 184                 connect.ep_cb.rx_refill_thresh++;
 185
 186         /* connect to control service */
 187         connect.svc_id = WMI_CONTROL_SVC;
 188         if (ath6kl_connectservice(ar, &connect, "WMI CONTROL"))
 189                 return -EIO;
 190
 191         connect.flags |= HTC_FLGS_TX_BNDL_PAD_EN;
 192
 193         /*
 194          * Limit the HTC message size on the send path, although e can
 195          * receive A-MSDU frames of 4K, we will only send ethernet-sized
 196          * (802.3) frames on the send path.
 197          */
 198         connect.max_rxmsg_sz = WMI_MAX_TX_DATA_FRAME_LENGTH;
 199
 200         /*
 201          * To reduce the amount of committed memory for larger A_MSDU
 202          * frames, use the recv-alloc threshold mechanism for larger
 203          * packets.
 204          */
 205         connect.ep_cb.rx_alloc_thresh = ATH6KL_BUFFER_SIZE;
 206         connect.ep_cb.rx_allocthresh = ath6kl_alloc_amsdu_rxbuf;
 207
 208         /*
 209          * For the remaining data services set the connection flag to
 210          * reduce dribbling, if configured to do so.
 211          */
 212         connect.conn_flags |= HTC_CONN_FLGS_REDUCE_CRED_DRIB;
 213         connect.conn_flags &= ~HTC_CONN_FLGS_THRESH_MASK;
 214         connect.conn_flags |= HTC_CONN_FLGS_THRESH_LVL_HALF;
 215
 216         connect.svc_id = WMI_DATA_BE_SVC;
 217
 218         if (ath6kl_connectservice(ar, &connect, "WMI DATA BE"))
 219                 return -EIO;
 220
 221         /* connect to back-ground map this to WMI LOW_PRI */
 222         connect.svc_id = WMI_DATA_BK_SVC;
 223         if (ath6kl_connectservice(ar, &connect, "WMI DATA BK"))
 224                 return -EIO;
 225
 226         /* connect to Video service, map this to to HI PRI */
 227         connect.svc_id = WMI_DATA_VI_SVC;
 228         if (ath6kl_connectservice(ar, &connect, "WMI DATA VI"))
 229                 return -EIO;
 230
 231         /*
 232          * Connect to VO service, this is currently not mapped to a WMI
 233          * priority stream due to historical reasons. WMI originally
 234          * defined 3 priorities over 3 mailboxes We can change this when
 235          * WMI is reworked so that priorities are not dependent on
 236          * mailboxes.
 237          */
 238         connect.svc_id = WMI_DATA_VO_SVC;
 239         if (ath6kl_connectservice(ar, &connect, "WMI DATA VO"))
 240                 return -EIO;
 241
 242         return 0;
 243 }
 244
 245 void ath6kl_init_control_info(struct ath6kl_vif *vif)
 246 {
 247         ath6kl_init_profile_info(vif);
 248         vif->def_txkey_index = 0;
 249         memset(vif->wep_key_list, 0, sizeof(vif->wep_key_list));
 250         vif->ch_hint = 0;
 251 }
 252
 253 /*
 254  * Set HTC/Mbox operational parameters, this can only be called when the
 255  * target is in the BMI phase.
 256  */
 257 static int ath6kl_set_htc_params(struct ath6kl *ar, u32 mbox_isr_yield_val,
 258                                  u8 htc_ctrl_buf)
 259 {
 260         int status;
 261         u32 blk_size;
 262
 263         blk_size = ar->mbox_info.block_size;
 264
 265         if (htc_ctrl_buf)
 266                 blk_size |=  ((u32)htc_ctrl_buf) << 16;
 267
 268         /* set the host interest area for the block size */
 269         status = ath6kl_bmi_write(ar,
 270                         ath6kl_get_hi_item_addr(ar,
 271                         HI_ITEM(hi_mbox_io_block_sz)),
 272                         (u8 *)&blk_size,
 273                         4);
 274         if (status) {
 275                 ath6kl_err("bmi_write_memory for IO block size failed\n");
 276                 goto out;
 277         }
 278
 279         ath6kl_dbg(ATH6KL_DBG_TRC, "block size set: %d (target addr:0x%X)\n",
 280                    blk_size,
 281                    ath6kl_get_hi_item_addr(ar, HI_ITEM(hi_mbox_io_block_sz)));
 282
 283         if (mbox_isr_yield_val) {
 284                 /* set the host interest area for the mbox ISR yield limit */
 285                 status = ath6kl_bmi_write(ar,
 286                                 ath6kl_get_hi_item_addr(ar,
 287                                 HI_ITEM(hi_mbox_isr_yield_limit)),
 288                                 (u8 *)&mbox_isr_yield_val,
 289                                 4);
 290                 if (status) {
 291                         ath6kl_err("bmi_write_memory for yield limit failed\n");
 292                         goto out;
 293                 }
 294         }
 295
 296 out:
 297         return status;
 298 }
 299
 300 #define REG_DUMP_COUNT_AR6003   60
 301 #define REGISTER_DUMP_LEN_MAX   60
 302
 303 static void ath6kl_dump_target_assert_info(struct ath6kl *ar)
 304 {
 305         u32 address;
 306         u32 regdump_loc = 0;
 307         int status;
 308         u32 regdump_val[REGISTER_DUMP_LEN_MAX];
 309         u32 i;
 310
 311         if (ar->target_type != TARGET_TYPE_AR6003)
 312                 return;
 313
 314         /* the reg dump pointer is copied to the host interest area */
 315         address = ath6kl_get_hi_item_addr(ar, HI_ITEM(hi_failure_state));
 316         address = TARG_VTOP(ar->target_type, address);
 317
 318         /* read RAM location through diagnostic window */
 319         status = ath6kl_diag_read32(ar, address, &regdump_loc);
 320
 321         if (status || !regdump_loc) {
 322                 ath6kl_err("failed to get ptr to register dump area\n");
 323                 return;
 324         }
 325
 326         ath6kl_dbg(ATH6KL_DBG_TRC, "location of register dump data: 0x%X\n",
 327                 regdump_loc);
 328         regdump_loc = TARG_VTOP(ar->target_type, regdump_loc);
 329
 330         /* fetch register dump data */
 331         status = ath6kl_diag_read(ar, regdump_loc, (u8 *)&regdump_val[0],
 332                                   REG_DUMP_COUNT_AR6003 * (sizeof(u32)));
 333
 334         if (status) {
 335                 ath6kl_err("failed to get register dump\n");
 336                 return;
 337         }
 338         ath6kl_dbg(ATH6KL_DBG_TRC, "Register Dump:\n");
 339
 340         for (i = 0; i < REG_DUMP_COUNT_AR6003; i++)
 341                 ath6kl_dbg(ATH6KL_DBG_TRC, " %d :  0x%8.8X\n",
 342                            i, regdump_val[i]);
 343
 344 }
 345
 346 void ath6kl_target_failure(struct ath6kl *ar)
 347 {
 348         ath6kl_err("target asserted\n");
 349
 350         /* try dumping target assertion information (if any) */
 351         ath6kl_dump_target_assert_info(ar);
 352
 353 }
 354
 355 static int ath6kl_target_config_wlan_params(struct ath6kl *ar, int idx)
 356 {
 357         int status = 0;
 358         int ret;
 359
 360         /*
 361          * Configure the device for rx dot11 header rules. "0,0" are the
 362          * default values. Required if checksum offload is needed. Set
 363          * RxMetaVersion to 2.
 364          */
 365         if (ath6kl_wmi_set_rx_frame_format_cmd(ar->wmi, idx,
 366                                                ar->rx_meta_ver, 0, 0)) {
 367                 ath6kl_err("unable to set the rx frame format\n");
 368                 status = -EIO;
 369         }
 370
 371         if (ar->conf_flags & ATH6KL_CONF_IGNORE_PS_FAIL_EVT_IN_SCAN)
 372                 if ((ath6kl_wmi_pmparams_cmd(ar->wmi, idx, 0, 1, 0, 0, 1,
 373                      IGNORE_POWER_SAVE_FAIL_EVENT_DURING_SCAN)) != 0) {
 374                         ath6kl_err("unable to set power save fail event policy\n");
 375                         status = -EIO;
 376                 }
 377
 378         if (!(ar->conf_flags & ATH6KL_CONF_IGNORE_ERP_BARKER))
 379                 if ((ath6kl_wmi_set_lpreamble_cmd(ar->wmi, idx, 0,
 380                      WMI_DONOT_IGNORE_BARKER_IN_ERP)) != 0) {
 381                         ath6kl_err("unable to set barker preamble policy\n");
 382                         status = -EIO;
 383                 }
 384
 385         if (ath6kl_wmi_set_keepalive_cmd(ar->wmi, idx,
 386                         WLAN_CONFIG_KEEP_ALIVE_INTERVAL)) {
 387                 ath6kl_err("unable to set keep alive interval\n");
 388                 status = -EIO;
 389         }
 390
 391         if (ath6kl_wmi_disctimeout_cmd(ar->wmi, idx,
 392                         WLAN_CONFIG_DISCONNECT_TIMEOUT)) {
 393                 ath6kl_err("unable to set disconnect timeout\n");
 394                 status = -EIO;
 395         }
 396
 397         if (!(ar->conf_flags & ATH6KL_CONF_ENABLE_TX_BURST))
 398                 if (ath6kl_wmi_set_wmm_txop(ar->wmi, idx, WMI_TXOP_DISABLED)) {
 399                         ath6kl_err("unable to set txop bursting\n");
 400                         status = -EIO;
 401                 }
 402
 403         /*
 404          * FIXME: Make sure p2p configurations are not applied to
 405          * non-p2p capable interfaces when multivif support is enabled.
 406          */
 407         if (ar->p2p) {
 408                 ret = ath6kl_wmi_info_req_cmd(ar->wmi, idx,
 409                                               P2P_FLAG_CAPABILITIES_REQ |
 410                                               P2P_FLAG_MACADDR_REQ |
 411                                               P2P_FLAG_HMODEL_REQ);
 412                 if (ret) {
 413                         ath6kl_dbg(ATH6KL_DBG_TRC, "failed to request P2P "
 414                                    "capabilities (%d) - assuming P2P not "
 415                                    "supported\n", ret);
 416                         ar->p2p = 0;
 417                 }
 418         }
 419
 420         /*
 421          * FIXME: Make sure p2p configurations are not applied to
 422          * non-p2p capable interfaces when multivif support is enabled.
 423          */
 424         if (ar->p2p) {
 425                 /* Enable Probe Request reporting for P2P */
 426                 ret = ath6kl_wmi_probe_report_req_cmd(ar->wmi, idx, true);
 427                 if (ret) {
 428                         ath6kl_dbg(ATH6KL_DBG_TRC, "failed to enable Probe "
 429                                    "Request reporting (%d)\n", ret);
 430                 }
 431         }
 432
 433         return status;
 434 }
 435
 436 int ath6kl_configure_target(struct ath6kl *ar)
 437 {
 438         u32 param, ram_reserved_size;
 439         u8 fw_iftype, fw_mode = 0, fw_submode = 0;
 440         int i;
 441
 442         /*
 443          * Note: Even though the firmware interface type is
 444          * chosen as BSS_STA for all three interfaces, can
 445          * be configured to IBSS/AP as long as the fw submode
 446          * remains normal mode (0 - AP, STA and IBSS). But
 447          * due to an target assert in firmware only one interface is
 448          * configured for now.
 449          */
 450         fw_iftype = HI_OPTION_FW_MODE_BSS_STA;
 451
 452         for (i = 0; i < MAX_NUM_VIF; i++)
 453                 fw_mode |= fw_iftype << (i * HI_OPTION_FW_MODE_BITS);
 454
 455         /*
 456          * By default, submodes :
 457          *              vif[0] - AP/STA/IBSS
 458          *              vif[1] - "P2P dev"/"P2P GO"/"P2P Client"
 459          *              vif[2] - "P2P dev"/"P2P GO"/"P2P Client"
 460          */
 461
 462         for (i = 0; i < ar->max_norm_iface; i++)
 463                 fw_submode |= HI_OPTION_FW_SUBMODE_NONE <<
 464                               (i * HI_OPTION_FW_SUBMODE_BITS);
 465
 466         for (i = ar->max_norm_iface; i < MAX_NUM_VIF; i++)
 467                 fw_submode |= HI_OPTION_FW_SUBMODE_P2PDEV <<
 468                               (i * HI_OPTION_FW_SUBMODE_BITS);
 469
 470         /*
 471          * FIXME: This needs to be removed once the multivif
 472          * support is enabled.
 473          */
 474         if (ar->p2p)
 475                 fw_submode = HI_OPTION_FW_SUBMODE_P2PDEV;
 476
 477         param = HTC_PROTOCOL_VERSION;
 478         if (ath6kl_bmi_write(ar,
 479                              ath6kl_get_hi_item_addr(ar,
 480                              HI_ITEM(hi_app_host_interest)),
 481                              (u8 *)&param, 4) != 0) {
 482                 ath6kl_err("bmi_write_memory for htc version failed\n");
 483                 return -EIO;
 484         }
 485
 486         /* set the firmware mode to STA/IBSS/AP */
 487         param = 0;
 488
 489         if (ath6kl_bmi_read(ar,
 490                             ath6kl_get_hi_item_addr(ar,
 491                             HI_ITEM(hi_option_flag)),
 492                             (u8 *)&param, 4) != 0) {
 493                 ath6kl_err("bmi_read_memory for setting fwmode failed\n");
 494                 return -EIO;
 495         }
 496
 497         param |= (MAX_NUM_VIF << HI_OPTION_NUM_DEV_SHIFT);
 498         param |= fw_mode << HI_OPTION_FW_MODE_SHIFT;
 499         param |= fw_submode << HI_OPTION_FW_SUBMODE_SHIFT;
 500
 501         param |= (0 << HI_OPTION_MAC_ADDR_METHOD_SHIFT);
 502         param |= (0 << HI_OPTION_FW_BRIDGE_SHIFT);
 503
 504         if (ath6kl_bmi_write(ar,
 505                              ath6kl_get_hi_item_addr(ar,
 506                              HI_ITEM(hi_option_flag)),
 507                              (u8 *)&param,
 508                              4) != 0) {
 509                 ath6kl_err("bmi_write_memory for setting fwmode failed\n");
 510                 return -EIO;
 511         }
 512
 513         ath6kl_dbg(ATH6KL_DBG_TRC, "firmware mode set\n");
 514
 515         /*
 516          * Hardcode the address use for the extended board data
 517          * Ideally this should be pre-allocate by the OS at boot time
 518          * But since it is a new feature and board data is loaded
 519          * at init time, we have to workaround this from host.
 520          * It is difficult to patch the firmware boot code,
 521          * but possible in theory.
 522          */
 523
 524         param = ar->hw.board_ext_data_addr;
 525         ram_reserved_size = ar->hw.reserved_ram_size;
 526
 527         if (ath6kl_bmi_write(ar, ath6kl_get_hi_item_addr(ar,
 528                                         HI_ITEM(hi_board_ext_data)),
 529                              (u8 *)&param, 4) != 0) {
 530                 ath6kl_err("bmi_write_memory for hi_board_ext_data failed\n");
 531                 return -EIO;
 532         }
 533
 534         if (ath6kl_bmi_write(ar, ath6kl_get_hi_item_addr(ar,
 535                                         HI_ITEM(hi_end_ram_reserve_sz)),
 536                              (u8 *)&ram_reserved_size, 4) != 0) {
 537                 ath6kl_err("bmi_write_memory for hi_end_ram_reserve_sz failed\n");
 538                 return -EIO;
 539         }
 540
 541         /* set the block size for the target */
 542         if (ath6kl_set_htc_params(ar, MBOX_YIELD_LIMIT, 0))
 543                 /* use default number of control buffers */
 544                 return -EIO;
 545
 546         return 0;
 547 }
 548
 549 void ath6kl_core_free(struct ath6kl *ar)
 550 {
 551         wiphy_free(ar->wiphy);
 552 }
 553
 554 void ath6kl_core_cleanup(struct ath6kl *ar)
 555 {
 556         destroy_workqueue(ar->ath6kl_wq);
 557
 558         if (ar->htc_target)
 559                 ath6kl_htc_cleanup(ar->htc_target);
 560
 561         ath6kl_cookie_cleanup(ar);
 562
 563         ath6kl_cleanup_amsdu_rxbufs(ar);
 564
 565         ath6kl_bmi_cleanup(ar);
 566
 567         ath6kl_debug_cleanup(ar);
 568
 569         kfree(ar->fw_board);
 570         kfree(ar->fw_otp);
 571         kfree(ar->fw);
 572         kfree(ar->fw_patch);
 573
 574         ath6kl_deinit_ieee80211_hw(ar);
 575 }
 576
 577 /* firmware upload */
 578 static int ath6kl_get_fw(struct ath6kl *ar, const char *filename,
 579                          u8 **fw, size_t *fw_len)
 580 {
 581         const struct firmware *fw_entry;
 582         int ret;
 583
 584         ret = request_firmware(&fw_entry, filename, ar->dev);
 585         if (ret)
 586                 return ret;
 587
 588         *fw_len = fw_entry->size;
 589         *fw = kmemdup(fw_entry->data, fw_entry->size, GFP_KERNEL);
 590
 591         if (*fw == NULL)
 592                 ret = -ENOMEM;
 593
 594         release_firmware(fw_entry);
 595
 596         return ret;
 597 }
 598
 599 #ifdef CONFIG_OF
 600 static const char *get_target_ver_dir(const struct ath6kl *ar)
 601 {
 602         switch (ar->version.target_ver) {
 603         case AR6003_REV1_VERSION:
 604                 return "ath6k/AR6003/hw1.0";
 605         case AR6003_REV2_VERSION:
 606                 return "ath6k/AR6003/hw2.0";
 607         case AR6003_REV3_VERSION:
 608                 return "ath6k/AR6003/hw2.1.1";
 609         }
 610         ath6kl_warn("%s: unsupported target version 0x%x.\n", __func__,
 611                     ar->version.target_ver);
 612         return NULL;
 613 }
 614
 615 /*
 616  * Check the device tree for a board-id and use it to construct
 617  * the pathname to the firmware file.  Used (for now) to find a
 618  * fallback to the "bdata.bin" file--typically a symlink to the
 619  * appropriate board-specific file.
 620  */
 621 static bool check_device_tree(struct ath6kl *ar)
 622 {
 623         static const char *board_id_prop = "atheros,board-id";
 624         struct device_node *node;
 625         char board_filename[64];
 626         const char *board_id;
 627         int ret;
 628
 629         for_each_compatible_node(node, NULL, "atheros,ath6kl") {
 630                 board_id = of_get_property(node, board_id_prop, NULL);
 631                 if (board_id == NULL) {
 632                         ath6kl_warn("No \"%s\" property on %s node.\n",
 633                                     board_id_prop, node->name);
 634                         continue;
 635                 }
 636                 snprintf(board_filename, sizeof(board_filename),
 637                          "%s/bdata.%s.bin", get_target_ver_dir(ar), board_id);
 638
 639                 ret = ath6kl_get_fw(ar, board_filename, &ar->fw_board,
 640                                     &ar->fw_board_len);
 641                 if (ret) {
 642                         ath6kl_err("Failed to get DT board file %s: %d\n",
 643                                    board_filename, ret);
 644                         continue;
 645                 }
 646                 return true;
 647         }
 648         return false;
 649 }
 650 #else
 651 static bool check_device_tree(struct ath6kl *ar)
 652 {
 653         return false;
 654 }
 655 #endif /* CONFIG_OF */
 656
 657 static int ath6kl_fetch_board_file(struct ath6kl *ar)
 658 {
 659         const char *filename;
 660         int ret;
 661
 662         if (ar->fw_board != NULL)
 663                 return 0;
 664
 665         switch (ar->version.target_ver) {
 666         case AR6003_REV2_VERSION:
 667                 filename = AR6003_REV2_BOARD_DATA_FILE;
 668                 break;
 669         case AR6004_REV1_VERSION:
 670                 filename = AR6004_REV1_BOARD_DATA_FILE;
 671                 break;
 672         default:
 673                 filename = AR6003_REV3_BOARD_DATA_FILE;
 674                 break;
 675         }
 676
 677         ret = ath6kl_get_fw(ar, filename, &ar->fw_board,
 678                             &ar->fw_board_len);
 679         if (ret == 0) {
 680                 /* managed to get proper board file */
 681                 return 0;
 682         }
 683
 684         if (check_device_tree(ar)) {
 685                 /* got board file from device tree */
 686                 return 0;
 687         }
 688
 689         /* there was no proper board file, try to use default instead */
 690         ath6kl_warn("Failed to get board file %s (%d), trying to find default board file.\n",
 691                     filename, ret);
 692
 693         switch (ar->version.target_ver) {
 694         case AR6003_REV2_VERSION:
 695                 filename = AR6003_REV2_DEFAULT_BOARD_DATA_FILE;
 696                 break;
 697         case AR6004_REV1_VERSION:
 698                 filename = AR6004_REV1_DEFAULT_BOARD_DATA_FILE;
 699                 break;
 700         default:
 701                 filename = AR6003_REV3_DEFAULT_BOARD_DATA_FILE;
 702                 break;
 703         }
 704
 705         ret = ath6kl_get_fw(ar, filename, &ar->fw_board,
 706                             &ar->fw_board_len);
 707         if (ret) {
 708                 ath6kl_err("Failed to get default board file %s: %d\n",
 709                            filename, ret);
 710                 return ret;
 711         }
 712
 713         ath6kl_warn("WARNING! No proper board file was not found, instead using a default board file.\n");
 714         ath6kl_warn("Most likely your hardware won't work as specified. Install correct board file!\n");
 715
 716         return 0;
 717 }
 718
 719 static int ath6kl_fetch_otp_file(struct ath6kl *ar)
 720 {
 721         const char *filename;
 722         int ret;
 723
 724         if (ar->fw_otp != NULL)
 725                 return 0;
 726
 727         switch (ar->version.target_ver) {
 728         case AR6003_REV2_VERSION:
 729                 filename = AR6003_REV2_OTP_FILE;
 730                 break;
 731         case AR6004_REV1_VERSION:
 732                 ath6kl_dbg(ATH6KL_DBG_TRC, "AR6004 doesn't need OTP file\n");
 733                 return 0;
 734                 break;
 735         default:
 736                 filename = AR6003_REV3_OTP_FILE;
 737                 break;
 738         }
 739
 740         ret = ath6kl_get_fw(ar, filename, &ar->fw_otp,
 741                             &ar->fw_otp_len);
 742         if (ret) {
 743                 ath6kl_err("Failed to get OTP file %s: %d\n",
 744                            filename, ret);
 745                 return ret;
 746         }
 747
 748         return 0;
 749 }
 750
 751 static int ath6kl_fetch_fw_file(struct ath6kl *ar)
 752 {
 753         const char *filename;
 754         int ret;
 755
 756         if (ar->fw != NULL)
 757                 return 0;
 758
 759         if (testmode) {
 760                 switch (ar->version.target_ver) {
 761                 case AR6003_REV2_VERSION:
 762                         filename = AR6003_REV2_TCMD_FIRMWARE_FILE;
 763                         break;
 764                 case AR6003_REV3_VERSION:
 765                         filename = AR6003_REV3_TCMD_FIRMWARE_FILE;
 766                         break;
 767                 case AR6004_REV1_VERSION:
 768                         ath6kl_warn("testmode not supported with ar6004\n");
 769                         return -EOPNOTSUPP;
 770                 default:
 771                         ath6kl_warn("unknown target version: 0x%x\n",
 772                                        ar->version.target_ver);
 773                         return -EINVAL;
 774                 }
 775
 776                 set_bit(TESTMODE, &ar->flag);
 777
 778                 goto get_fw;
 779         }
 780
 781         switch (ar->version.target_ver) {
 782         case AR6003_REV2_VERSION:
 783                 filename = AR6003_REV2_FIRMWARE_FILE;
 784                 break;
 785         case AR6004_REV1_VERSION:
 786                 filename = AR6004_REV1_FIRMWARE_FILE;
 787                 break;
 788         default:
 789                 filename = AR6003_REV3_FIRMWARE_FILE;
 790                 break;
 791         }
 792
 793 get_fw:
 794         ret = ath6kl_get_fw(ar, filename, &ar->fw, &ar->fw_len);
 795         if (ret) {
 796                 ath6kl_err("Failed to get firmware file %s: %d\n",
 797                            filename, ret);
 798                 return ret;
 799         }
 800
 801         return 0;
 802 }
 803
 804 static int ath6kl_fetch_patch_file(struct ath6kl *ar)
 805 {
 806         const char *filename;
 807         int ret;
 808
 809         switch (ar->version.target_ver) {
 810         case AR6003_REV2_VERSION:
 811                 filename = AR6003_REV2_PATCH_FILE;
 812                 break;
 813         case AR6004_REV1_VERSION:
 814                 /* FIXME: implement for AR6004 */
 815                 return 0;
 816                 break;
 817         default:
 818                 filename = AR6003_REV3_PATCH_FILE;
 819                 break;
 820         }
 821
 822         if (ar->fw_patch == NULL) {
 823                 ret = ath6kl_get_fw(ar, filename, &ar->fw_patch,
 824                                     &ar->fw_patch_len);
 825                 if (ret) {
 826                         ath6kl_err("Failed to get patch file %s: %d\n",
 827                                    filename, ret);
 828                         return ret;
 829                 }
 830         }
 831
 832         return 0;
 833 }
 834
 835 static int ath6kl_fetch_fw_api1(struct ath6kl *ar)
 836 {
 837         int ret;
 838
 839         ret = ath6kl_fetch_otp_file(ar);
 840         if (ret)
 841                 return ret;
 842
 843         ret = ath6kl_fetch_fw_file(ar);
 844         if (ret)
 845                 return ret;
 846
 847         ret = ath6kl_fetch_patch_file(ar);
 848         if (ret)
 849                 return ret;
 850
 851         return 0;
 852 }
 853
 854 static int ath6kl_fetch_fw_api2(struct ath6kl *ar)
 855 {
 856         size_t magic_len, len, ie_len;
 857         const struct firmware *fw;
 858         struct ath6kl_fw_ie *hdr;
 859         const char *filename;
 860         const u8 *data;
 861         int ret, ie_id, i, index, bit;
 862         __le32 *val;
 863
 864         switch (ar->version.target_ver) {
 865         case AR6003_REV2_VERSION:
 866                 filename = AR6003_REV2_FIRMWARE_2_FILE;
 867                 break;
 868         case AR6003_REV3_VERSION:
 869                 filename = AR6003_REV3_FIRMWARE_2_FILE;
 870                 break;
 871         case AR6004_REV1_VERSION:
 872                 filename = AR6004_REV1_FIRMWARE_2_FILE;
 873                 break;
 874         default:
 875                 return -EOPNOTSUPP;
 876         }
 877
 878         ret = request_firmware(&fw, filename, ar->dev);
 879         if (ret)
 880                 return ret;
 881
 882         data = fw->data;
 883         len = fw->size;
 884
 885         /* magic also includes the null byte, check that as well */
 886         magic_len = strlen(ATH6KL_FIRMWARE_MAGIC) + 1;
 887
 888         if (len < magic_len) {
 889                 ret = -EINVAL;
 890                 goto out;
 891         }
 892
 893         if (memcmp(data, ATH6KL_FIRMWARE_MAGIC, magic_len) != 0) {
 894                 ret = -EINVAL;
 895                 goto out;
 896         }
 897
 898         len -= magic_len;
 899         data += magic_len;
 900
 901         /* loop elements */
 902         while (len > sizeof(struct ath6kl_fw_ie)) {
 903                 /* hdr is unaligned! */
 904                 hdr = (struct ath6kl_fw_ie *) data;
 905
 906                 ie_id = le32_to_cpup(&hdr->id);
 907                 ie_len = le32_to_cpup(&hdr->len);
 908
 909                 len -= sizeof(*hdr);
 910                 data += sizeof(*hdr);
 911
 912                 if (len < ie_len) {
 913                         ret = -EINVAL;
 914                         goto out;
 915                 }
 916
 917                 switch (ie_id) {
 918                 case ATH6KL_FW_IE_OTP_IMAGE:
 919                         ath6kl_dbg(ATH6KL_DBG_BOOT, "found otp image ie (%zd B)\n",
 920                                 ie_len);
 921
 922                         ar->fw_otp = kmemdup(data, ie_len, GFP_KERNEL);
 923
 924                         if (ar->fw_otp == NULL) {
 925                                 ret = -ENOMEM;
 926                                 goto out;
 927                         }
 928
 929                         ar->fw_otp_len = ie_len;
 930                         break;
 931                 case ATH6KL_FW_IE_FW_IMAGE:
 932                         ath6kl_dbg(ATH6KL_DBG_BOOT, "found fw image ie (%zd B)\n",
 933                                 ie_len);
 934
 935                         ar->fw = kmemdup(data, ie_len, GFP_KERNEL);
 936
 937                         if (ar->fw == NULL) {
 938                                 ret = -ENOMEM;
 939                                 goto out;
 940                         }
 941
 942                         ar->fw_len = ie_len;
 943                         break;
 944                 case ATH6KL_FW_IE_PATCH_IMAGE:
 945                         ath6kl_dbg(ATH6KL_DBG_BOOT, "found patch image ie (%zd B)\n",
 946                                 ie_len);
 947
 948                         ar->fw_patch = kmemdup(data, ie_len, GFP_KERNEL);
 949
 950                         if (ar->fw_patch == NULL) {
 951                                 ret = -ENOMEM;
 952                                 goto out;
 953                         }
 954
 955                         ar->fw_patch_len = ie_len;
 956                         break;
 957                 case ATH6KL_FW_IE_RESERVED_RAM_SIZE:
 958                         val = (__le32 *) data;
 959                         ar->hw.reserved_ram_size = le32_to_cpup(val);
 960
 961                         ath6kl_dbg(ATH6KL_DBG_BOOT,
 962                                    "found reserved ram size ie 0x%d\n",
 963                                    ar->hw.reserved_ram_size);
 964                         break;
 965                 case ATH6KL_FW_IE_CAPABILITIES:
 966                         ath6kl_dbg(ATH6KL_DBG_BOOT,
 967                                    "found firmware capabilities ie (%zd B)\n",
 968                                    ie_len);
 969
 970                         for (i = 0; i < ATH6KL_FW_CAPABILITY_MAX; i++) {
 971                                 index = ALIGN(i, 8) / 8;
 972                                 bit = i % 8;
 973
 974                                 if (data[index] & (1 << bit))
 975                                         __set_bit(i, ar->fw_capabilities);
 976                         }
 977
 978                         ath6kl_dbg_dump(ATH6KL_DBG_BOOT, "capabilities", "",
 979                                         ar->fw_capabilities,
 980                                         sizeof(ar->fw_capabilities));
 981                         break;
 982                 case ATH6KL_FW_IE_PATCH_ADDR:
 983                         if (ie_len != sizeof(*val))
 984                                 break;
 985
 986                         val = (__le32 *) data;
 987                         ar->hw.dataset_patch_addr = le32_to_cpup(val);
 988
 989                         ath6kl_dbg(ATH6KL_DBG_BOOT,
 990                                    "found patch address ie 0x%d\n",
 991                                    ar->hw.dataset_patch_addr);
 992                         break;
 993                 default:
 994                         ath6kl_dbg(ATH6KL_DBG_BOOT, "Unknown fw ie: %u\n",
 995                                    le32_to_cpup(&hdr->id));
 996                         break;
 997                 }
 998
 999                 len -= ie_len;
1000                 data += ie_len;
1001         };
1002
1003         ret = 0;
1004 out:
1005         release_firmware(fw);
1006
1007         return ret;
1008 }
1009
1010 static int ath6kl_fetch_firmwares(struct ath6kl *ar)
1011 {
1012         int ret;
1013
1014         ret = ath6kl_fetch_board_file(ar);
1015         if (ret)
1016                 return ret;
1017
1018         ret = ath6kl_fetch_fw_api2(ar);
1019         if (ret == 0) {
1020                 ath6kl_dbg(ATH6KL_DBG_BOOT, "using fw api 2\n");
1021                 return 0;
1022         }
1023
1024         ret = ath6kl_fetch_fw_api1(ar);
1025         if (ret)
1026                 return ret;
1027
1028         ath6kl_dbg(ATH6KL_DBG_BOOT, "using fw api 1\n");
1029
1030         return 0;
1031 }
1032
1033 static int ath6kl_upload_board_file(struct ath6kl *ar)
1034 {
1035         u32 board_address, board_ext_address, param;
1036         u32 board_data_size, board_ext_data_size;
1037         int ret;
1038
1039         if (WARN_ON(ar->fw_board == NULL))
1040                 return -ENOENT;
1041
1042         /*
1043          * Determine where in Target RAM to write Board Data.
1044          * For AR6004, host determine Target RAM address for
1045          * writing board data.
1046          */
1047         if (ar->target_type == TARGET_TYPE_AR6004) {
1048                 board_address = AR6004_REV1_BOARD_DATA_ADDRESS;
1049                 ath6kl_bmi_write(ar,
1050                                 ath6kl_get_hi_item_addr(ar,
1051                                 HI_ITEM(hi_board_data)),
1052                                 (u8 *) &board_address, 4);
1053         } else {
1054                 ath6kl_bmi_read(ar,
1055                                 ath6kl_get_hi_item_addr(ar,
1056                                 HI_ITEM(hi_board_data)),
1057                                 (u8 *) &board_address, 4);
1058         }
1059
1060         /* determine where in target ram to write extended board data */
1061         ath6kl_bmi_read(ar,
1062                         ath6kl_get_hi_item_addr(ar,
1063                         HI_ITEM(hi_board_ext_data)),
1064                         (u8 *) &board_ext_address, 4);
1065
1066         if (board_ext_address == 0) {
1067                 ath6kl_err("Failed to get board file target address.\n");
1068                 return -EINVAL;
1069         }
1070
1071         switch (ar->target_type) {
1072         case TARGET_TYPE_AR6003:
1073                 board_data_size = AR6003_BOARD_DATA_SZ;
1074                 board_ext_data_size = AR6003_BOARD_EXT_DATA_SZ;
1075                 break;
1076         case TARGET_TYPE_AR6004:
1077                 board_data_size = AR6004_BOARD_DATA_SZ;
1078                 board_ext_data_size = AR6004_BOARD_EXT_DATA_SZ;
1079                 break;
1080         default:
1081                 WARN_ON(1);
1082                 return -EINVAL;
1083                 break;
1084         }
1085
1086         if (ar->fw_board_len == (board_data_size +
1087                                  board_ext_data_size)) {
1088
1089                 /* write extended board data */
1090                 ath6kl_dbg(ATH6KL_DBG_BOOT,
1091                            "writing extended board data to 0x%x (%d B)\n",
1092                            board_ext_address, board_ext_data_size);
1093
1094                 ret = ath6kl_bmi_write(ar, board_ext_address,
1095                                        ar->fw_board + board_data_size,
1096                                        board_ext_data_size);
1097                 if (ret) {
1098                         ath6kl_err("Failed to write extended board data: %d\n",
1099                                    ret);
1100                         return ret;
1101                 }
1102
1103                 /* record that extended board data is initialized */
1104                 param = (board_ext_data_size << 16) | 1;
1105
1106                 ath6kl_bmi_write(ar,
1107                                  ath6kl_get_hi_item_addr(ar,
1108                                  HI_ITEM(hi_board_ext_data_config)),
1109                                  (unsigned char *) &param, 4);
1110         }
1111
1112         if (ar->fw_board_len < board_data_size) {
1113                 ath6kl_err("Too small board file: %zu\n", ar->fw_board_len);
1114                 ret = -EINVAL;
1115                 return ret;
1116         }
1117
1118         ath6kl_dbg(ATH6KL_DBG_BOOT, "writing board file to 0x%x (%d B)\n",
1119                    board_address, board_data_size);
1120
1121         ret = ath6kl_bmi_write(ar, board_address, ar->fw_board,
1122                                board_data_size);
1123
1124         if (ret) {
1125                 ath6kl_err("Board file bmi write failed: %d\n", ret);
1126                 return ret;
1127         }
1128
1129         /* record the fact that Board Data IS initialized */
1130         param = 1;
1131         ath6kl_bmi_write(ar,
1132                          ath6kl_get_hi_item_addr(ar,
1133                          HI_ITEM(hi_board_data_initialized)),
1134                          (u8 *)&param, 4);
1135
1136         return ret;
1137 }
1138
1139 static int ath6kl_upload_otp(struct ath6kl *ar)
1140 {
1141         u32 address, param;
1142         bool from_hw = false;
1143         int ret;
1144
1145         if (WARN_ON(ar->fw_otp == NULL))
1146                 return -ENOENT;
1147
1148         address = ar->hw.app_load_addr;
1149
1150         ath6kl_dbg(ATH6KL_DBG_BOOT, "writing otp to 0x%x (%zd B)\n", address,
1151                    ar->fw_otp_len);
1152
1153         ret = ath6kl_bmi_fast_download(ar, address, ar->fw_otp,
1154                                        ar->fw_otp_len);
1155         if (ret) {
1156                 ath6kl_err("Failed to upload OTP file: %d\n", ret);
1157                 return ret;
1158         }
1159
1160         /* read firmware start address */
1161         ret = ath6kl_bmi_read(ar,
1162                               ath6kl_get_hi_item_addr(ar,
1163                                                       HI_ITEM(hi_app_start)),
1164                               (u8 *) &address, sizeof(address));
1165
1166         if (ret) {
1167                 ath6kl_err("Failed to read hi_app_start: %d\n", ret);
1168                 return ret;
1169         }
1170
1171         if (ar->hw.app_start_override_addr == 0) {
1172                 ar->hw.app_start_override_addr = address;
1173                 from_hw = true;
1174         }
1175
1176         ath6kl_dbg(ATH6KL_DBG_BOOT, "app_start_override_addr%s 0x%x\n",
1177                    from_hw ? " (from hw)" : "",
1178                    ar->hw.app_start_override_addr);
1179
1180         /* execute the OTP code */
1181         ath6kl_dbg(ATH6KL_DBG_BOOT, "executing OTP at 0x%x\n",
1182                    ar->hw.app_start_override_addr);
1183         param = 0;
1184         ath6kl_bmi_execute(ar, ar->hw.app_start_override_addr, &param);
1185
1186         return ret;
1187 }
1188
1189 static int ath6kl_upload_firmware(struct ath6kl *ar)
1190 {
1191         u32 address;
1192         int ret;
1193
1194         if (WARN_ON(ar->fw == NULL))
1195                 return -ENOENT;
1196
1197         address = ar->hw.app_load_addr;
1198
1199         ath6kl_dbg(ATH6KL_DBG_BOOT, "writing firmware to 0x%x (%zd B)\n",
1200                    address, ar->fw_len);
1201
1202         ret = ath6kl_bmi_fast_download(ar, address, ar->fw, ar->fw_len);
1203
1204         if (ret) {
1205                 ath6kl_err("Failed to write firmware: %d\n", ret);
1206                 return ret;
1207         }
1208
1209         /*
1210          * Set starting address for firmware
1211          * Don't need to setup app_start override addr on AR6004
1212          */
1213         if (ar->target_type != TARGET_TYPE_AR6004) {
1214                 address = ar->hw.app_start_override_addr;
1215                 ath6kl_bmi_set_app_start(ar, address);
1216         }
1217         return ret;
1218 }
1219
1220 static int ath6kl_upload_patch(struct ath6kl *ar)
1221 {
1222         u32 address, param;
1223         int ret;
1224
1225         if (WARN_ON(ar->fw_patch == NULL))
1226                 return -ENOENT;
1227
1228         address = ar->hw.dataset_patch_addr;
1229
1230         ath6kl_dbg(ATH6KL_DBG_BOOT, "writing patch to 0x%x (%zd B)\n",
1231                    address, ar->fw_patch_len);
1232
1233         ret = ath6kl_bmi_write(ar, address, ar->fw_patch, ar->fw_patch_len);
1234         if (ret) {
1235                 ath6kl_err("Failed to write patch file: %d\n", ret);
1236                 return ret;
1237         }
1238
1239         param = address;
1240         ath6kl_bmi_write(ar,
1241                          ath6kl_get_hi_item_addr(ar,
1242                          HI_ITEM(hi_dset_list_head)),
1243                          (unsigned char *) &param, 4);
1244
1245         return 0;
1246 }
1247
1248 static int ath6kl_init_upload(struct ath6kl *ar)
1249 {
1250         u32 param, options, sleep, address;
1251         int status = 0;
1252
1253         if (ar->target_type != TARGET_TYPE_AR6003 &&
1254                 ar->target_type != TARGET_TYPE_AR6004)
1255                 return -EINVAL;
1256
1257         /* temporarily disable system sleep */
1258         address = MBOX_BASE_ADDRESS + LOCAL_SCRATCH_ADDRESS;
1259         status = ath6kl_bmi_reg_read(ar, address, &param);
1260         if (status)
1261                 return status;
1262
1263         options = param;
1264
1265         param |= ATH6KL_OPTION_SLEEP_DISABLE;
1266         status = ath6kl_bmi_reg_write(ar, address, param);
1267         if (status)
1268                 return status;
1269
1270         address = RTC_BASE_ADDRESS + SYSTEM_SLEEP_ADDRESS;
1271         status = ath6kl_bmi_reg_read(ar, address, &param);
1272         if (status)
1273                 return status;
1274
1275         sleep = param;
1276
1277         param |= SM(SYSTEM_SLEEP_DISABLE, 1);
1278         status = ath6kl_bmi_reg_write(ar, address, param);
1279         if (status)
1280                 return status;
1281
1282         ath6kl_dbg(ATH6KL_DBG_TRC, "old options: %d, old sleep: %d\n",
1283                    options, sleep);
1284
1285         /* program analog PLL register */
1286         /* no need to control 40/44MHz clock on AR6004 */
1287         if (ar->target_type != TARGET_TYPE_AR6004) {
1288                 status = ath6kl_bmi_reg_write(ar, ATH6KL_ANALOG_PLL_REGISTER,
1289                                               0xF9104001);
1290
1291                 if (status)
1292                         return status;
1293
1294                 /* Run at 80/88MHz by default */
1295                 param = SM(CPU_CLOCK_STANDARD, 1);
1296
1297                 address = RTC_BASE_ADDRESS + CPU_CLOCK_ADDRESS;
1298                 status = ath6kl_bmi_reg_write(ar, address, param);
1299                 if (status)
1300                         return status;
1301         }
1302
1303         param = 0;
1304         address = RTC_BASE_ADDRESS + LPO_CAL_ADDRESS;
1305         param = SM(LPO_CAL_ENABLE, 1);
1306         status = ath6kl_bmi_reg_write(ar, address, param);
1307         if (status)
1308                 return status;
1309
1310         /* WAR to avoid SDIO CRC err */
1311         if (ar->version.target_ver == AR6003_REV2_VERSION) {
1312                 ath6kl_err("temporary war to avoid sdio crc error\n");
1313
1314                 param = 0x20;
1315
1316                 address = GPIO_BASE_ADDRESS + GPIO_PIN10_ADDRESS;
1317                 status = ath6kl_bmi_reg_write(ar, address, param);
1318                 if (status)
1319                         return status;
1320
1321                 address = GPIO_BASE_ADDRESS + GPIO_PIN11_ADDRESS;
1322                 status = ath6kl_bmi_reg_write(ar, address, param);
1323                 if (status)
1324                         return status;
1325
1326                 address = GPIO_BASE_ADDRESS + GPIO_PIN12_ADDRESS;
1327                 status = ath6kl_bmi_reg_write(ar, address, param);
1328                 if (status)
1329                         return status;
1330
1331                 address = GPIO_BASE_ADDRESS + GPIO_PIN13_ADDRESS;
1332                 status = ath6kl_bmi_reg_write(ar, address, param);
1333                 if (status)
1334                         return status;
1335         }
1336
1337         /* write EEPROM data to Target RAM */
1338         status = ath6kl_upload_board_file(ar);
1339         if (status)
1340                 return status;
1341
1342         /* transfer One time Programmable data */
1343         status = ath6kl_upload_otp(ar);
1344         if (status)
1345                 return status;
1346
1347         /* Download Target firmware */
1348         status = ath6kl_upload_firmware(ar);
1349         if (status)
1350                 return status;
1351
1352         status = ath6kl_upload_patch(ar);
1353         if (status)
1354                 return status;
1355
1356         /* Restore system sleep */
1357         address = RTC_BASE_ADDRESS + SYSTEM_SLEEP_ADDRESS;
1358         status = ath6kl_bmi_reg_write(ar, address, sleep);
1359         if (status)
1360                 return status;
1361
1362         address = MBOX_BASE_ADDRESS + LOCAL_SCRATCH_ADDRESS;
1363         param = options | 0x20;
1364         status = ath6kl_bmi_reg_write(ar, address, param);
1365         if (status)
1366                 return status;
1367
1368         /* Configure GPIO AR6003 UART */
1369         param = CONFIG_AR600x_DEBUG_UART_TX_PIN;
1370         status = ath6kl_bmi_write(ar,
1371                                   ath6kl_get_hi_item_addr(ar,
1372                                   HI_ITEM(hi_dbg_uart_txpin)),
1373                                   (u8 *)&param, 4);
1374
1375         return status;
1376 }
1377
1378 static int ath6kl_init_hw_params(struct ath6kl *ar)
1379 {
1380         switch (ar->version.target_ver) {
1381         case AR6003_REV2_VERSION:
1382                 ar->hw.dataset_patch_addr = AR6003_REV2_DATASET_PATCH_ADDRESS;
1383                 ar->hw.app_load_addr = AR6003_REV2_APP_LOAD_ADDRESS;
1384                 ar->hw.board_ext_data_addr = AR6003_REV2_BOARD_EXT_DATA_ADDRESS;
1385                 ar->hw.reserved_ram_size = AR6003_REV2_RAM_RESERVE_SIZE;
1386
1387                 /* hw2.0 needs override address hardcoded */
1388                 ar->hw.app_start_override_addr = 0x944C00;
1389
1390                 break;
1391         case AR6003_REV3_VERSION:
1392                 ar->hw.dataset_patch_addr = AR6003_REV3_DATASET_PATCH_ADDRESS;
1393                 ar->hw.app_load_addr = 0x1234;
1394                 ar->hw.board_ext_data_addr = AR6003_REV3_BOARD_EXT_DATA_ADDRESS;
1395                 ar->hw.reserved_ram_size = AR6003_REV3_RAM_RESERVE_SIZE;
1396                 break;
1397         case AR6004_REV1_VERSION:
1398                 ar->hw.dataset_patch_addr = AR6003_REV2_DATASET_PATCH_ADDRESS;
1399                 ar->hw.app_load_addr = AR6003_REV3_APP_LOAD_ADDRESS;
1400                 ar->hw.board_ext_data_addr = AR6004_REV1_BOARD_EXT_DATA_ADDRESS;
1401                 ar->hw.reserved_ram_size = AR6004_REV1_RAM_RESERVE_SIZE;
1402                 break;
1403         default:
1404                 ath6kl_err("Unsupported hardware version: 0x%x\n",
1405                            ar->version.target_ver);
1406                 return -EINVAL;
1407         }
1408
1409         ath6kl_dbg(ATH6KL_DBG_BOOT,
1410                    "target_ver 0x%x target_type 0x%x dataset_patch 0x%x app_load_addr 0x%x\n",
1411                    ar->version.target_ver, ar->target_type,
1412                    ar->hw.dataset_patch_addr, ar->hw.app_load_addr);
1413         ath6kl_dbg(ATH6KL_DBG_BOOT,
1414                    "app_start_override_addr 0x%x board_ext_data_addr 0x%x reserved_ram_size 0x%x",
1415                    ar->hw.app_start_override_addr, ar->hw.board_ext_data_addr,
1416                    ar->hw.reserved_ram_size);
1417
1418         return 0;
1419 }
1420
1421 static int ath6kl_init(struct ath6kl *ar)
1422 {
1423         int status = 0;
1424         s32 timeleft;
1425         struct net_device *ndev;
1426         int i;
1427
1428         if (!ar)
1429                 return -EIO;
1430
1431         /* Do we need to finish the BMI phase */
1432         if (ath6kl_bmi_done(ar)) {
1433                 status = -EIO;
1434                 goto ath6kl_init_done;
1435         }
1436
1437         /* Indicate that WMI is enabled (although not ready yet) */
1438         set_bit(WMI_ENABLED, &ar->flag);
1439         ar->wmi = ath6kl_wmi_init(ar);
1440         if (!ar->wmi) {
1441                 ath6kl_err("failed to initialize wmi\n");
1442                 status = -EIO;
1443                 goto ath6kl_init_done;
1444         }
1445
1446         ath6kl_dbg(ATH6KL_DBG_TRC, "%s: got wmi @ 0x%p.\n", __func__, ar->wmi);
1447
1448         status = ath6kl_register_ieee80211_hw(ar);
1449         if (status)
1450                 goto err_node_cleanup;
1451
1452         status = ath6kl_debug_init(ar);
1453         if (status) {
1454                 wiphy_unregister(ar->wiphy);
1455                 goto err_node_cleanup;
1456         }
1457
1458         for (i = 0; i < MAX_NUM_VIF; i++)
1459                 ar->avail_idx_map |= BIT(i);
1460
1461         rtnl_lock();
1462
1463         /* Add an initial station interface */
1464         ndev = ath6kl_interface_add(ar, "wlan%d", NL80211_IFTYPE_STATION, 0,
1465                                     INFRA_NETWORK);
1466
1467         rtnl_unlock();
1468
1469         if (!ndev) {
1470                 ath6kl_err("Failed to instantiate a network device\n");
1471                 status = -ENOMEM;
1472                 wiphy_unregister(ar->wiphy);
1473                 goto err_debug_init;
1474         }
1475
1476
1477         ath6kl_dbg(ATH6KL_DBG_TRC, "%s: name=%s dev=0x%p, ar=0x%p\n",
1478                         __func__, ndev->name, ndev, ar);
1479
1480         /*
1481          * The reason we have to wait for the target here is that the
1482          * driver layer has to init BMI in order to set the host block
1483          * size.
1484          */
1485         if (ath6kl_htc_wait_target(ar->htc_target)) {
1486                 status = -EIO;
1487                 goto err_if_deinit;
1488         }
1489
1490         if (ath6kl_init_service_ep(ar)) {
1491                 status = -EIO;
1492                 goto err_cleanup_scatter;
1493         }
1494
1495         /* setup access class priority mappings */
1496         ar->ac_stream_pri_map[WMM_AC_BK] = 0; /* lowest  */
1497         ar->ac_stream_pri_map[WMM_AC_BE] = 1;
1498         ar->ac_stream_pri_map[WMM_AC_VI] = 2;
1499         ar->ac_stream_pri_map[WMM_AC_VO] = 3; /* highest */
1500
1501         /* give our connected endpoints some buffers */
1502         ath6kl_rx_refill(ar->htc_target, ar->ctrl_ep);
1503         ath6kl_rx_refill(ar->htc_target, ar->ac2ep_map[WMM_AC_BE]);
1504
1505         /* allocate some buffers that handle larger AMSDU frames */
1506         ath6kl_refill_amsdu_rxbufs(ar, ATH6KL_MAX_AMSDU_RX_BUFFERS);
1507
1508         /* setup credit distribution */
1509         ath6k_setup_credit_dist(ar->htc_target, &ar->credit_state_info);
1510
1511         ath6kl_cookie_init(ar);
1512
1513         /* start HTC */
1514         status = ath6kl_htc_start(ar->htc_target);
1515
1516         if (status) {
1517                 ath6kl_cookie_cleanup(ar);
1518                 goto err_rxbuf_cleanup;
1519         }
1520
1521         /* Wait for Wmi event to be ready */
1522         timeleft = wait_event_interruptible_timeout(ar->event_wq,
1523                                                     test_bit(WMI_READY,
1524                                                              &ar->flag),
1525                                                     WMI_TIMEOUT);
1526
1527         ath6kl_dbg(ATH6KL_DBG_BOOT, "firmware booted\n");
1528
1529         if (ar->version.abi_ver != ATH6KL_ABI_VERSION) {
1530                 ath6kl_err("abi version mismatch: host(0x%x), target(0x%x)\n",
1531                            ATH6KL_ABI_VERSION, ar->version.abi_ver);
1532                 status = -EIO;
1533                 goto err_htc_stop;
1534         }
1535
1536         if (!timeleft || signal_pending(current)) {
1537                 ath6kl_err("wmi is not ready or wait was interrupted\n");
1538                 status = -EIO;
1539                 goto err_htc_stop;
1540         }
1541
1542         ath6kl_dbg(ATH6KL_DBG_TRC, "%s: wmi is ready\n", __func__);
1543
1544         /* communicate the wmi protocol verision to the target */
1545         if ((ath6kl_set_host_app_area(ar)) != 0)
1546                 ath6kl_err("unable to set the host app area\n");
1547
1548         ar->conf_flags = ATH6KL_CONF_IGNORE_ERP_BARKER |
1549                          ATH6KL_CONF_ENABLE_11N | ATH6KL_CONF_ENABLE_TX_BURST;
1550
1551         ar->wiphy->flags |= WIPHY_FLAG_SUPPORTS_FW_ROAM |
1552                             WIPHY_FLAG_HAVE_AP_SME;
1553
1554         for (i = 0; i < MAX_NUM_VIF; i++) {
1555                 status = ath6kl_target_config_wlan_params(ar, i);
1556                 if (status)
1557                         goto err_htc_stop;
1558         }
1559
1560         /*
1561          * Set mac address which is received in ready event
1562          * FIXME: Move to ath6kl_interface_add()
1563          */
1564         memcpy(ndev->dev_addr, ar->mac_addr, ETH_ALEN);
1565
1566         return status;
1567
1568 err_htc_stop:
1569         ath6kl_htc_stop(ar->htc_target);
1570 err_rxbuf_cleanup:
1571         ath6kl_htc_flush_rx_buf(ar->htc_target);
1572         ath6kl_cleanup_amsdu_rxbufs(ar);
1573 err_cleanup_scatter:
1574         ath6kl_hif_cleanup_scatter(ar);
1575 err_if_deinit:
1576         rtnl_lock();
1577         ath6kl_deinit_if_data(netdev_priv(ndev));
1578         rtnl_unlock();
1579         wiphy_unregister(ar->wiphy);
1580 err_debug_init:
1581         ath6kl_debug_cleanup(ar);
1582 err_node_cleanup:
1583         ath6kl_wmi_shutdown(ar->wmi);
1584         clear_bit(WMI_ENABLED, &ar->flag);
1585         ar->wmi = NULL;
1586
1587 ath6kl_init_done:
1588         return status;
1589 }
1590
1591 int ath6kl_core_init(struct ath6kl *ar)
1592 {
1593         int ret = 0;
1594         struct ath6kl_bmi_target_info targ_info;
1595
1596         ar->ath6kl_wq = create_singlethread_workqueue("ath6kl");
1597         if (!ar->ath6kl_wq)
1598                 return -ENOMEM;
1599
1600         ret = ath6kl_bmi_init(ar);
1601         if (ret)
1602                 goto err_wq;
1603
1604         ret = ath6kl_bmi_get_target_info(ar, &targ_info);
1605         if (ret)
1606                 goto err_bmi_cleanup;
1607
1608         ar->version.target_ver = le32_to_cpu(targ_info.version);
1609         ar->target_type = le32_to_cpu(targ_info.type);
1610         ar->wiphy->hw_version = le32_to_cpu(targ_info.version);
1611
1612         ret = ath6kl_init_hw_params(ar);
1613         if (ret)
1614                 goto err_bmi_cleanup;
1615
1616         ret = ath6kl_configure_target(ar);
1617         if (ret)
1618                 goto err_bmi_cleanup;
1619
1620         ar->htc_target = ath6kl_htc_create(ar);
1621
1622         if (!ar->htc_target) {
1623                 ret = -ENOMEM;
1624                 goto err_bmi_cleanup;
1625         }
1626
1627         ret = ath6kl_fetch_firmwares(ar);
1628         if (ret)
1629                 goto err_htc_cleanup;
1630
1631         ret = ath6kl_init_upload(ar);
1632         if (ret)
1633                 goto err_htc_cleanup;
1634
1635         ret = ath6kl_init(ar);
1636         if (ret)
1637                 goto err_htc_cleanup;
1638
1639         return ret;
1640
1641 err_htc_cleanup:
1642         ath6kl_htc_cleanup(ar->htc_target);
1643 err_bmi_cleanup:
1644         ath6kl_bmi_cleanup(ar);
1645 err_wq:
1646         destroy_workqueue(ar->ath6kl_wq);
1647
1648         return ret;
1649 }
1650
1651 void ath6kl_cleanup_vif(struct ath6kl_vif *vif, bool wmi_ready)
1652 {
1653         static u8 bcast_mac[] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
1654         bool discon_issued;
1655
1656         netif_stop_queue(vif->ndev);
1657
1658         clear_bit(WLAN_ENABLED, &vif->flags);
1659
1660         if (wmi_ready) {
1661                 discon_issued = test_bit(CONNECTED, &vif->flags) ||
1662                                 test_bit(CONNECT_PEND, &vif->flags);
1663                 ath6kl_disconnect(vif);
1664                 del_timer(&vif->disconnect_timer);
1665
1666                 if (discon_issued)
1667                         ath6kl_disconnect_event(vif, DISCONNECT_CMD,
1668                                                 (vif->nw_type & AP_NETWORK) ?
1669                                                 bcast_mac : vif->bssid,
1670                                                 0, NULL, 0);
1671         }
1672
1673         if (vif->scan_req) {
1674                 cfg80211_scan_done(vif->scan_req, true);
1675                 vif->scan_req = NULL;
1676         }
1677 }
1678
1679 void ath6kl_stop_txrx(struct ath6kl *ar)
1680 {
1681         struct ath6kl_vif *vif, *tmp_vif;
1682
1683         set_bit(DESTROY_IN_PROGRESS, &ar->flag);
1684
1685         if (down_interruptible(&ar->sem)) {
1686                 ath6kl_err("down_interruptible failed\n");
1687                 return;
1688         }
1689
1690         spin_lock(&ar->list_lock);
1691         list_for_each_entry_safe(vif, tmp_vif, &ar->vif_list, list) {
1692                 list_del(&vif->list);
1693                 spin_unlock(&ar->list_lock);
1694                 ath6kl_cleanup_vif(vif, test_bit(WMI_READY, &ar->flag));
1695                 rtnl_lock();
1696                 ath6kl_deinit_if_data(vif);
1697                 rtnl_unlock();
1698                 spin_lock(&ar->list_lock);
1699         }
1700         spin_unlock(&ar->list_lock);
1701
1702         clear_bit(WMI_READY, &ar->flag);
1703
1704         /*
1705          * After wmi_shudown all WMI events will be dropped. We
1706          * need to cleanup the buffers allocated in AP mode and
1707          * give disconnect notification to stack, which usually
1708          * happens in the disconnect_event. Simulate the disconnect
1709          * event by calling the function directly. Sometimes
1710          * disconnect_event will be received when the debug logs
1711          * are collected.
1712          */
1713         ath6kl_wmi_shutdown(ar->wmi);
1714
1715         clear_bit(WMI_ENABLED, &ar->flag);
1716         if (ar->htc_target) {
1717                 ath6kl_dbg(ATH6KL_DBG_TRC, "%s: shut down htc\n", __func__);
1718                 ath6kl_htc_stop(ar->htc_target);
1719         }
1720
1721         /*
1722          * Try to reset the device if we can. The driver may have been
1723          * configure NOT to reset the target during a debug session.
1724          */
1725         ath6kl_dbg(ATH6KL_DBG_TRC,
1726                         "attempting to reset target on instance destroy\n");
1727         ath6kl_reset_device(ar, ar->target_type, true, true);
1728
1729         clear_bit(WLAN_ENABLED, &ar->flag);
1730 }