1 // SPDX-License-Identifier: (GPL-2.0 OR MPL-1.1)
2 /* src/prism2/driver/hfa384x_usb.c
4 * Functions that talk to the USB variant of the Intersil hfa384x MAC
6 * Copyright (C) 1999 AbsoluteValue Systems, Inc. All Rights Reserved.
7 * --------------------------------------------------------------------
11 * The contents of this file are subject to the Mozilla Public
12 * License Version 1.1 (the "License"); you may not use this file
13 * except in compliance with the License. You may obtain a copy of
14 * the License at http://www.mozilla.org/MPL/
16 * Software distributed under the License is distributed on an "AS
17 * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
18 * implied. See the License for the specific language governing
19 * rights and limitations under the License.
21 * Alternatively, the contents of this file may be used under the
22 * terms of the GNU Public License version 2 (the "GPL"), in which
23 * case the provisions of the GPL are applicable instead of the
24 * above. If you wish to allow the use of your version of this file
25 * only under the terms of the GPL and not to allow others to use
26 * your version of this file under the MPL, indicate your decision
27 * by deleting the provisions above and replace them with the notice
28 * and other provisions required by the GPL. If you do not delete
29 * the provisions above, a recipient may use your version of this
30 * file under either the MPL or the GPL.
32 * --------------------------------------------------------------------
34 * Inquiries regarding the linux-wlan Open Source project can be
37 * AbsoluteValue Systems Inc.
39 * http://www.linux-wlan.com
41 * --------------------------------------------------------------------
43 * Portions of the development of this software were funded by
44 * Intersil Corporation as part of PRISM(R) chipset product development.
46 * --------------------------------------------------------------------
48 * This file implements functions that correspond to the prism2/hfa384x
49 * 802.11 MAC hardware and firmware host interface.
51 * The functions can be considered to represent several levels of
52 * abstraction. The lowest level functions are simply C-callable wrappers
53 * around the register accesses. The next higher level represents C-callable
54 * prism2 API functions that match the Intersil documentation as closely
55 * as is reasonable. The next higher layer implements common sequences
56 * of invocations of the API layer (e.g. write to bap, followed by cmd).
59 * hfa384x_drvr_xxx Highest level abstractions provided by the
60 * hfa384x code. They are driver defined wrappers
61 * for common sequences. These functions generally
62 * use the services of the lower levels.
64 * hfa384x_drvr_xxxconfig An example of the drvr level abstraction. These
65 * functions are wrappers for the RID get/set
66 * sequence. They call copy_[to|from]_bap() and
67 * cmd_access(). These functions operate on the
68 * RIDs and buffers without validation. The caller
69 * is responsible for that.
71 * API wrapper functions:
72 * hfa384x_cmd_xxx functions that provide access to the f/w commands.
73 * The function arguments correspond to each command
74 * argument, even command arguments that get packed
75 * into single registers. These functions _just_
76 * issue the command by setting the cmd/parm regs
77 * & reading the status/resp regs. Additional
78 * activities required to fully use a command
79 * (read/write from/to bap, get/set int status etc.)
80 * are implemented separately. Think of these as
81 * C-callable prism2 commands.
83 * Lowest Layer Functions:
84 * hfa384x_docmd_xxx These functions implement the sequence required
85 * to issue any prism2 command. Primarily used by the
86 * hfa384x_cmd_xxx functions.
88 * hfa384x_bap_xxx BAP read/write access functions.
89 * Note: we usually use BAP0 for non-interrupt context
90 * and BAP1 for interrupt context.
92 * hfa384x_dl_xxx download related functions.
94 * Driver State Issues:
95 * Note that there are two pairs of functions that manage the
96 * 'initialized' and 'running' states of the hw/MAC combo. The four
97 * functions are create(), destroy(), start(), and stop(). create()
98 * sets up the data structures required to support the hfa384x_*
99 * functions and destroy() cleans them up. The start() function gets
100 * the actual hardware running and enables the interrupts. The stop()
101 * function shuts the hardware down. The sequence should be:
105 * . Do interesting things w/ the hardware
110 * Note that destroy() can be called without calling stop() first.
111 * --------------------------------------------------------------------
114 #include <linux/module.h>
115 #include <linux/kernel.h>
116 #include <linux/sched.h>
117 #include <linux/types.h>
118 #include <linux/slab.h>
119 #include <linux/wireless.h>
120 #include <linux/netdevice.h>
121 #include <linux/timer.h>
122 #include <linux/io.h>
123 #include <linux/delay.h>
124 #include <asm/byteorder.h>
125 #include <linux/bitops.h>
126 #include <linux/list.h>
127 #include <linux/usb.h>
128 #include <linux/byteorder/generic.h>
130 #include "p80211types.h"
131 #include "p80211hdr.h"
132 #include "p80211mgmt.h"
133 #include "p80211conv.h"
134 #include "p80211msg.h"
135 #include "p80211netdev.h"
136 #include "p80211req.h"
137 #include "p80211metadef.h"
138 #include "p80211metastruct.h"
140 #include "prism2mgmt.h"
147 #define THROTTLE_JIFFIES (HZ / 8)
148 #define URB_ASYNC_UNLINK 0
149 #define USB_QUEUE_BULK 0
151 #define ROUNDUP64(a) (((a) + 63) & ~63)
154 static void dbprint_urb(struct urb *urb);
157 static void hfa384x_int_rxmonitor(struct wlandevice *wlandev,
158 struct hfa384x_usb_rxfrm *rxfrm);
160 static void hfa384x_usb_defer(struct work_struct *data);
162 static int submit_rx_urb(struct hfa384x *hw, gfp_t flags);
164 static int submit_tx_urb(struct hfa384x *hw, struct urb *tx_urb, gfp_t flags);
166 /*---------------------------------------------------*/
168 static void hfa384x_usbout_callback(struct urb *urb);
169 static void hfa384x_ctlxout_callback(struct urb *urb);
170 static void hfa384x_usbin_callback(struct urb *urb);
173 hfa384x_usbin_txcompl(struct wlandevice *wlandev, union hfa384x_usbin *usbin);
175 static void hfa384x_usbin_rx(struct wlandevice *wlandev, struct sk_buff *skb);
177 static void hfa384x_usbin_info(struct wlandevice *wlandev,
178 union hfa384x_usbin *usbin);
180 static void hfa384x_usbin_ctlx(struct hfa384x *hw, union hfa384x_usbin *usbin,
183 /*---------------------------------------------------*/
184 /* Functions to support the prism2 usb command queue */
186 static void hfa384x_usbctlxq_run(struct hfa384x *hw);
188 static void hfa384x_usbctlx_reqtimerfn(struct timer_list *t);
190 static void hfa384x_usbctlx_resptimerfn(struct timer_list *t);
192 static void hfa384x_usb_throttlefn(struct timer_list *t);
194 static void hfa384x_usbctlx_completion_task(unsigned long data);
196 static void hfa384x_usbctlx_reaper_task(unsigned long data);
198 static int hfa384x_usbctlx_submit(struct hfa384x *hw,
199 struct hfa384x_usbctlx *ctlx);
201 static void unlocked_usbctlx_complete(struct hfa384x *hw,
202 struct hfa384x_usbctlx *ctlx);
204 struct usbctlx_completor {
205 int (*complete)(struct usbctlx_completor *completor);
209 hfa384x_usbctlx_complete_sync(struct hfa384x *hw,
210 struct hfa384x_usbctlx *ctlx,
211 struct usbctlx_completor *completor);
214 unlocked_usbctlx_cancel_async(struct hfa384x *hw, struct hfa384x_usbctlx *ctlx);
216 static void hfa384x_cb_status(struct hfa384x *hw,
217 const struct hfa384x_usbctlx *ctlx);
220 usbctlx_get_status(const struct hfa384x_usb_statusresp *cmdresp,
221 struct hfa384x_cmdresult *result);
224 usbctlx_get_rridresult(const struct hfa384x_usb_rridresp *rridresp,
225 struct hfa384x_rridresult *result);
227 /*---------------------------------------------------*/
228 /* Low level req/resp CTLX formatters and submitters */
230 hfa384x_docmd(struct hfa384x *hw,
231 struct hfa384x_metacmd *cmd);
234 hfa384x_dorrid(struct hfa384x *hw,
238 unsigned int riddatalen,
239 ctlx_cmdcb_t cmdcb, ctlx_usercb_t usercb, void *usercb_data);
242 hfa384x_dowrid(struct hfa384x *hw,
246 unsigned int riddatalen,
247 ctlx_cmdcb_t cmdcb, ctlx_usercb_t usercb, void *usercb_data);
250 hfa384x_dormem(struct hfa384x *hw,
257 hfa384x_dowmem(struct hfa384x *hw,
263 static int hfa384x_isgood_pdrcode(u16 pdrcode);
265 static inline const char *ctlxstr(enum ctlx_state s)
267 static const char * const ctlx_str[] = {
272 "Request packet submitted",
273 "Request packet completed",
274 "Response packet completed"
280 static inline struct hfa384x_usbctlx *get_active_ctlx(struct hfa384x *hw)
282 return list_entry(hw->ctlxq.active.next, struct hfa384x_usbctlx, list);
286 void dbprint_urb(struct urb *urb)
288 pr_debug("urb->pipe=0x%08x\n", urb->pipe);
289 pr_debug("urb->status=0x%08x\n", urb->status);
290 pr_debug("urb->transfer_flags=0x%08x\n", urb->transfer_flags);
291 pr_debug("urb->transfer_buffer=0x%08x\n",
292 (unsigned int)urb->transfer_buffer);
293 pr_debug("urb->transfer_buffer_length=0x%08x\n",
294 urb->transfer_buffer_length);
295 pr_debug("urb->actual_length=0x%08x\n", urb->actual_length);
296 pr_debug("urb->setup_packet(ctl)=0x%08x\n",
297 (unsigned int)urb->setup_packet);
298 pr_debug("urb->start_frame(iso/irq)=0x%08x\n", urb->start_frame);
299 pr_debug("urb->interval(irq)=0x%08x\n", urb->interval);
300 pr_debug("urb->error_count(iso)=0x%08x\n", urb->error_count);
301 pr_debug("urb->context=0x%08x\n", (unsigned int)urb->context);
302 pr_debug("urb->complete=0x%08x\n", (unsigned int)urb->complete);
306 /*----------------------------------------------------------------
309 * Listen for input data on the BULK-IN pipe. If the pipe has
310 * stalled then schedule it to be reset.
314 * memflags memory allocation flags
317 * error code from submission
321 *----------------------------------------------------------------
323 static int submit_rx_urb(struct hfa384x *hw, gfp_t memflags)
328 skb = dev_alloc_skb(sizeof(union hfa384x_usbin));
334 /* Post the IN urb */
335 usb_fill_bulk_urb(&hw->rx_urb, hw->usb,
337 skb->data, sizeof(union hfa384x_usbin),
338 hfa384x_usbin_callback, hw->wlandev);
340 hw->rx_urb_skb = skb;
343 if (!hw->wlandev->hwremoved &&
344 !test_bit(WORK_RX_HALT, &hw->usb_flags)) {
345 result = usb_submit_urb(&hw->rx_urb, memflags);
347 /* Check whether we need to reset the RX pipe */
348 if (result == -EPIPE) {
349 netdev_warn(hw->wlandev->netdev,
350 "%s rx pipe stalled: requesting reset\n",
351 hw->wlandev->netdev->name);
352 if (!test_and_set_bit(WORK_RX_HALT, &hw->usb_flags))
353 schedule_work(&hw->usb_work);
357 /* Don't leak memory if anything should go wrong */
360 hw->rx_urb_skb = NULL;
367 /*----------------------------------------------------------------
370 * Prepares and submits the URB of transmitted data. If the
371 * submission fails then it will schedule the output pipe to
376 * tx_urb URB of data for transmission
377 * memflags memory allocation flags
380 * error code from submission
384 *----------------------------------------------------------------
386 static int submit_tx_urb(struct hfa384x *hw, struct urb *tx_urb, gfp_t memflags)
388 struct net_device *netdev = hw->wlandev->netdev;
392 if (netif_running(netdev)) {
393 if (!hw->wlandev->hwremoved &&
394 !test_bit(WORK_TX_HALT, &hw->usb_flags)) {
395 result = usb_submit_urb(tx_urb, memflags);
397 /* Test whether we need to reset the TX pipe */
398 if (result == -EPIPE) {
399 netdev_warn(hw->wlandev->netdev,
400 "%s tx pipe stalled: requesting reset\n",
402 set_bit(WORK_TX_HALT, &hw->usb_flags);
403 schedule_work(&hw->usb_work);
404 } else if (result == 0) {
405 netif_stop_queue(netdev);
413 /*----------------------------------------------------------------
416 * There are some things that the USB stack cannot do while
417 * in interrupt context, so we arrange this function to run
418 * in process context.
421 * hw device structure
427 * process (by design)
428 *----------------------------------------------------------------
430 static void hfa384x_usb_defer(struct work_struct *data)
432 struct hfa384x *hw = container_of(data, struct hfa384x, usb_work);
433 struct net_device *netdev = hw->wlandev->netdev;
435 /* Don't bother trying to reset anything if the plug
436 * has been pulled ...
438 if (hw->wlandev->hwremoved)
441 /* Reception has stopped: try to reset the input pipe */
442 if (test_bit(WORK_RX_HALT, &hw->usb_flags)) {
445 usb_kill_urb(&hw->rx_urb); /* Cannot be holding spinlock! */
447 ret = usb_clear_halt(hw->usb, hw->endp_in);
449 netdev_err(hw->wlandev->netdev,
450 "Failed to clear rx pipe for %s: err=%d\n",
453 netdev_info(hw->wlandev->netdev, "%s rx pipe reset complete.\n",
455 clear_bit(WORK_RX_HALT, &hw->usb_flags);
456 set_bit(WORK_RX_RESUME, &hw->usb_flags);
460 /* Resume receiving data back from the device. */
461 if (test_bit(WORK_RX_RESUME, &hw->usb_flags)) {
464 ret = submit_rx_urb(hw, GFP_KERNEL);
466 netdev_err(hw->wlandev->netdev,
467 "Failed to resume %s rx pipe.\n",
470 clear_bit(WORK_RX_RESUME, &hw->usb_flags);
474 /* Transmission has stopped: try to reset the output pipe */
475 if (test_bit(WORK_TX_HALT, &hw->usb_flags)) {
478 usb_kill_urb(&hw->tx_urb);
479 ret = usb_clear_halt(hw->usb, hw->endp_out);
481 netdev_err(hw->wlandev->netdev,
482 "Failed to clear tx pipe for %s: err=%d\n",
485 netdev_info(hw->wlandev->netdev, "%s tx pipe reset complete.\n",
487 clear_bit(WORK_TX_HALT, &hw->usb_flags);
488 set_bit(WORK_TX_RESUME, &hw->usb_flags);
490 /* Stopping the BULK-OUT pipe also blocked
491 * us from sending any more CTLX URBs, so
492 * we need to re-run our queue ...
494 hfa384x_usbctlxq_run(hw);
498 /* Resume transmitting. */
499 if (test_and_clear_bit(WORK_TX_RESUME, &hw->usb_flags))
500 netif_wake_queue(hw->wlandev->netdev);
503 /*----------------------------------------------------------------
506 * Sets up the struct hfa384x data structure for use. Note this
507 * does _not_ initialize the actual hardware, just the data structures
508 * we use to keep track of its state.
511 * hw device structure
512 * irq device irq number
513 * iobase i/o base address for register access
514 * membase memory base address for register access
523 *----------------------------------------------------------------
525 void hfa384x_create(struct hfa384x *hw, struct usb_device *usb)
527 memset(hw, 0, sizeof(*hw));
530 /* set up the endpoints */
531 hw->endp_in = usb_rcvbulkpipe(usb, 1);
532 hw->endp_out = usb_sndbulkpipe(usb, 2);
534 /* Set up the waitq */
535 init_waitqueue_head(&hw->cmdq);
537 /* Initialize the command queue */
538 spin_lock_init(&hw->ctlxq.lock);
539 INIT_LIST_HEAD(&hw->ctlxq.pending);
540 INIT_LIST_HEAD(&hw->ctlxq.active);
541 INIT_LIST_HEAD(&hw->ctlxq.completing);
542 INIT_LIST_HEAD(&hw->ctlxq.reapable);
544 /* Initialize the authentication queue */
545 skb_queue_head_init(&hw->authq);
547 tasklet_init(&hw->reaper_bh,
548 hfa384x_usbctlx_reaper_task, (unsigned long)hw);
549 tasklet_init(&hw->completion_bh,
550 hfa384x_usbctlx_completion_task, (unsigned long)hw);
551 INIT_WORK(&hw->link_bh, prism2sta_processing_defer);
552 INIT_WORK(&hw->usb_work, hfa384x_usb_defer);
554 timer_setup(&hw->throttle, hfa384x_usb_throttlefn, 0);
556 timer_setup(&hw->resptimer, hfa384x_usbctlx_resptimerfn, 0);
558 timer_setup(&hw->reqtimer, hfa384x_usbctlx_reqtimerfn, 0);
560 usb_init_urb(&hw->rx_urb);
561 usb_init_urb(&hw->tx_urb);
562 usb_init_urb(&hw->ctlx_urb);
564 hw->link_status = HFA384x_LINK_NOTCONNECTED;
565 hw->state = HFA384x_STATE_INIT;
567 INIT_WORK(&hw->commsqual_bh, prism2sta_commsqual_defer);
568 timer_setup(&hw->commsqual_timer, prism2sta_commsqual_timer, 0);
571 /*----------------------------------------------------------------
574 * Partner to hfa384x_create(). This function cleans up the hw
575 * structure so that it can be freed by the caller using a simple
576 * kfree. Currently, this function is just a placeholder. If, at some
577 * point in the future, an hw in the 'shutdown' state requires a 'deep'
578 * kfree, this is where it should be done. Note that if this function
579 * is called on a _running_ hw structure, the drvr_stop() function is
583 * hw device structure
586 * nothing, this function is not allowed to fail.
592 *----------------------------------------------------------------
594 void hfa384x_destroy(struct hfa384x *hw)
598 if (hw->state == HFA384x_STATE_RUNNING)
599 hfa384x_drvr_stop(hw);
600 hw->state = HFA384x_STATE_PREINIT;
602 kfree(hw->scanresults);
603 hw->scanresults = NULL;
605 /* Now to clean out the auth queue */
606 while ((skb = skb_dequeue(&hw->authq)))
610 static struct hfa384x_usbctlx *usbctlx_alloc(void)
612 struct hfa384x_usbctlx *ctlx;
614 ctlx = kzalloc(sizeof(*ctlx),
615 in_interrupt() ? GFP_ATOMIC : GFP_KERNEL);
617 init_completion(&ctlx->done);
623 usbctlx_get_status(const struct hfa384x_usb_statusresp *cmdresp,
624 struct hfa384x_cmdresult *result)
626 result->status = le16_to_cpu(cmdresp->status);
627 result->resp0 = le16_to_cpu(cmdresp->resp0);
628 result->resp1 = le16_to_cpu(cmdresp->resp1);
629 result->resp2 = le16_to_cpu(cmdresp->resp2);
631 pr_debug("cmdresult:status=0x%04x resp0=0x%04x resp1=0x%04x resp2=0x%04x\n",
632 result->status, result->resp0, result->resp1, result->resp2);
634 return result->status & HFA384x_STATUS_RESULT;
638 usbctlx_get_rridresult(const struct hfa384x_usb_rridresp *rridresp,
639 struct hfa384x_rridresult *result)
641 result->rid = le16_to_cpu(rridresp->rid);
642 result->riddata = rridresp->data;
643 result->riddata_len = ((le16_to_cpu(rridresp->frmlen) - 1) * 2);
646 /*----------------------------------------------------------------
648 * This completor must be passed to hfa384x_usbctlx_complete_sync()
649 * when processing a CTLX that returns a struct hfa384x_cmdresult structure.
650 *----------------------------------------------------------------
652 struct usbctlx_cmd_completor {
653 struct usbctlx_completor head;
655 const struct hfa384x_usb_statusresp *cmdresp;
656 struct hfa384x_cmdresult *result;
659 static inline int usbctlx_cmd_completor_fn(struct usbctlx_completor *head)
661 struct usbctlx_cmd_completor *complete;
663 complete = (struct usbctlx_cmd_completor *)head;
664 return usbctlx_get_status(complete->cmdresp, complete->result);
667 static inline struct usbctlx_completor *
668 init_cmd_completor(struct usbctlx_cmd_completor *completor,
669 const struct hfa384x_usb_statusresp *cmdresp,
670 struct hfa384x_cmdresult *result)
672 completor->head.complete = usbctlx_cmd_completor_fn;
673 completor->cmdresp = cmdresp;
674 completor->result = result;
675 return &completor->head;
678 /*----------------------------------------------------------------
680 * This completor must be passed to hfa384x_usbctlx_complete_sync()
681 * when processing a CTLX that reads a RID.
682 *----------------------------------------------------------------
684 struct usbctlx_rrid_completor {
685 struct usbctlx_completor head;
687 const struct hfa384x_usb_rridresp *rridresp;
689 unsigned int riddatalen;
692 static int usbctlx_rrid_completor_fn(struct usbctlx_completor *head)
694 struct usbctlx_rrid_completor *complete;
695 struct hfa384x_rridresult rridresult;
697 complete = (struct usbctlx_rrid_completor *)head;
698 usbctlx_get_rridresult(complete->rridresp, &rridresult);
700 /* Validate the length, note body len calculation in bytes */
701 if (rridresult.riddata_len != complete->riddatalen) {
702 pr_warn("RID len mismatch, rid=0x%04x hlen=%d fwlen=%d\n",
704 complete->riddatalen, rridresult.riddata_len);
708 memcpy(complete->riddata, rridresult.riddata, complete->riddatalen);
712 static inline struct usbctlx_completor *
713 init_rrid_completor(struct usbctlx_rrid_completor *completor,
714 const struct hfa384x_usb_rridresp *rridresp,
716 unsigned int riddatalen)
718 completor->head.complete = usbctlx_rrid_completor_fn;
719 completor->rridresp = rridresp;
720 completor->riddata = riddata;
721 completor->riddatalen = riddatalen;
722 return &completor->head;
725 /*----------------------------------------------------------------
727 * Interprets the results of a synchronous RID-write
728 *----------------------------------------------------------------
730 #define init_wrid_completor init_cmd_completor
732 /*----------------------------------------------------------------
734 * Interprets the results of a synchronous memory-write
735 *----------------------------------------------------------------
737 #define init_wmem_completor init_cmd_completor
739 /*----------------------------------------------------------------
741 * Interprets the results of a synchronous memory-read
742 *----------------------------------------------------------------
744 struct usbctlx_rmem_completor {
745 struct usbctlx_completor head;
747 const struct hfa384x_usb_rmemresp *rmemresp;
752 static int usbctlx_rmem_completor_fn(struct usbctlx_completor *head)
754 struct usbctlx_rmem_completor *complete =
755 (struct usbctlx_rmem_completor *)head;
757 pr_debug("rmemresp:len=%d\n", complete->rmemresp->frmlen);
758 memcpy(complete->data, complete->rmemresp->data, complete->len);
762 static inline struct usbctlx_completor *
763 init_rmem_completor(struct usbctlx_rmem_completor *completor,
764 struct hfa384x_usb_rmemresp *rmemresp,
768 completor->head.complete = usbctlx_rmem_completor_fn;
769 completor->rmemresp = rmemresp;
770 completor->data = data;
771 completor->len = len;
772 return &completor->head;
775 /*----------------------------------------------------------------
778 * Ctlx_complete handler for async CMD type control exchanges.
779 * mark the hw struct as such.
781 * Note: If the handling is changed here, it should probably be
782 * changed in docmd as well.
786 * ctlx completed CTLX
795 *----------------------------------------------------------------
797 static void hfa384x_cb_status(struct hfa384x *hw,
798 const struct hfa384x_usbctlx *ctlx)
801 struct hfa384x_cmdresult cmdresult;
803 if (ctlx->state != CTLX_COMPLETE) {
804 memset(&cmdresult, 0, sizeof(cmdresult));
806 HFA384x_STATUS_RESULT_SET(HFA384x_CMD_ERR);
808 usbctlx_get_status(&ctlx->inbuf.cmdresp, &cmdresult);
811 ctlx->usercb(hw, &cmdresult, ctlx->usercb_data);
815 /*----------------------------------------------------------------
816 * hfa384x_cmd_initialize
818 * Issues the initialize command and sets the hw->state based
822 * hw device structure
826 * >0 f/w reported error - f/w status code
827 * <0 driver reported error
833 *----------------------------------------------------------------
835 int hfa384x_cmd_initialize(struct hfa384x *hw)
839 struct hfa384x_metacmd cmd;
841 cmd.cmd = HFA384x_CMDCODE_INIT;
846 result = hfa384x_docmd(hw, &cmd);
848 pr_debug("cmdresp.init: status=0x%04x, resp0=0x%04x, resp1=0x%04x, resp2=0x%04x\n",
850 cmd.result.resp0, cmd.result.resp1, cmd.result.resp2);
852 for (i = 0; i < HFA384x_NUMPORTS_MAX; i++)
853 hw->port_enabled[i] = 0;
856 hw->link_status = HFA384x_LINK_NOTCONNECTED;
861 /*----------------------------------------------------------------
862 * hfa384x_cmd_disable
864 * Issues the disable command to stop communications on one of
868 * hw device structure
869 * macport MAC port number (host order)
873 * >0 f/w reported failure - f/w status code
874 * <0 driver reported error (timeout|bad arg)
880 *----------------------------------------------------------------
882 int hfa384x_cmd_disable(struct hfa384x *hw, u16 macport)
884 struct hfa384x_metacmd cmd;
886 cmd.cmd = HFA384x_CMD_CMDCODE_SET(HFA384x_CMDCODE_DISABLE) |
887 HFA384x_CMD_MACPORT_SET(macport);
892 return hfa384x_docmd(hw, &cmd);
895 /*----------------------------------------------------------------
898 * Issues the enable command to enable communications on one of
902 * hw device structure
903 * macport MAC port number
907 * >0 f/w reported failure - f/w status code
908 * <0 driver reported error (timeout|bad arg)
914 *----------------------------------------------------------------
916 int hfa384x_cmd_enable(struct hfa384x *hw, u16 macport)
918 struct hfa384x_metacmd cmd;
920 cmd.cmd = HFA384x_CMD_CMDCODE_SET(HFA384x_CMDCODE_ENABLE) |
921 HFA384x_CMD_MACPORT_SET(macport);
926 return hfa384x_docmd(hw, &cmd);
929 /*----------------------------------------------------------------
930 * hfa384x_cmd_monitor
932 * Enables the 'monitor mode' of the MAC. Here's the description of
933 * monitor mode that I've received thus far:
935 * "The "monitor mode" of operation is that the MAC passes all
936 * frames for which the PLCP checks are correct. All received
937 * MPDUs are passed to the host with MAC Port = 7, with a
938 * receive status of good, FCS error, or undecryptable. Passing
939 * certain MPDUs is a violation of the 802.11 standard, but useful
940 * for a debugging tool." Normal communication is not possible
941 * while monitor mode is enabled.
944 * hw device structure
945 * enable a code (0x0b|0x0f) that enables/disables
946 * monitor mode. (host order)
950 * >0 f/w reported failure - f/w status code
951 * <0 driver reported error (timeout|bad arg)
957 *----------------------------------------------------------------
959 int hfa384x_cmd_monitor(struct hfa384x *hw, u16 enable)
961 struct hfa384x_metacmd cmd;
963 cmd.cmd = HFA384x_CMD_CMDCODE_SET(HFA384x_CMDCODE_MONITOR) |
964 HFA384x_CMD_AINFO_SET(enable);
969 return hfa384x_docmd(hw, &cmd);
972 /*----------------------------------------------------------------
973 * hfa384x_cmd_download
975 * Sets the controls for the MAC controller code/data download
976 * process. The arguments set the mode and address associated
977 * with a download. Note that the aux registers should be enabled
978 * prior to setting one of the download enable modes.
981 * hw device structure
982 * mode 0 - Disable programming and begin code exec
983 * 1 - Enable volatile mem programming
984 * 2 - Enable non-volatile mem programming
985 * 3 - Program non-volatile section from NV download
989 * highaddr For mode 1, sets the high & low order bits of
990 * the "destination address". This address will be
991 * the execution start address when download is
992 * subsequently disabled.
993 * For mode 2, sets the high & low order bits of
994 * the destination in NV ram.
995 * For modes 0 & 3, should be zero. (host order)
996 * NOTE: these are CMD format.
997 * codelen Length of the data to write in mode 2,
998 * zero otherwise. (host order)
1002 * >0 f/w reported failure - f/w status code
1003 * <0 driver reported error (timeout|bad arg)
1009 *----------------------------------------------------------------
1011 int hfa384x_cmd_download(struct hfa384x *hw, u16 mode, u16 lowaddr,
1012 u16 highaddr, u16 codelen)
1014 struct hfa384x_metacmd cmd;
1016 pr_debug("mode=%d, lowaddr=0x%04x, highaddr=0x%04x, codelen=%d\n",
1017 mode, lowaddr, highaddr, codelen);
1019 cmd.cmd = (HFA384x_CMD_CMDCODE_SET(HFA384x_CMDCODE_DOWNLD) |
1020 HFA384x_CMD_PROGMODE_SET(mode));
1022 cmd.parm0 = lowaddr;
1023 cmd.parm1 = highaddr;
1024 cmd.parm2 = codelen;
1026 return hfa384x_docmd(hw, &cmd);
1029 /*----------------------------------------------------------------
1032 * Perform a reset of the hfa38xx MAC core. We assume that the hw
1033 * structure is in its "created" state. That is, it is initialized
1034 * with proper values. Note that if a reset is done after the
1035 * device has been active for awhile, the caller might have to clean
1036 * up some leftover cruft in the hw structure.
1039 * hw device structure
1040 * holdtime how long (in ms) to hold the reset
1041 * settletime how long (in ms) to wait after releasing
1051 *----------------------------------------------------------------
1053 int hfa384x_corereset(struct hfa384x *hw, int holdtime,
1054 int settletime, int genesis)
1058 result = usb_reset_device(hw->usb);
1060 netdev_err(hw->wlandev->netdev, "usb_reset_device() failed, result=%d.\n",
1067 /*----------------------------------------------------------------
1068 * hfa384x_usbctlx_complete_sync
1070 * Waits for a synchronous CTLX object to complete,
1071 * and then handles the response.
1074 * hw device structure
1076 * completor functor object to decide what to
1077 * do with the CTLX's result.
1081 * -ERESTARTSYS Interrupted by a signal
1083 * -ENODEV Adapter was unplugged
1084 * ??? Result from completor
1090 *----------------------------------------------------------------
1092 static int hfa384x_usbctlx_complete_sync(struct hfa384x *hw,
1093 struct hfa384x_usbctlx *ctlx,
1094 struct usbctlx_completor *completor)
1096 unsigned long flags;
1099 result = wait_for_completion_interruptible(&ctlx->done);
1101 spin_lock_irqsave(&hw->ctlxq.lock, flags);
1104 * We can only handle the CTLX if the USB disconnect
1105 * function has not run yet ...
1108 if (hw->wlandev->hwremoved) {
1109 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
1111 } else if (result != 0) {
1115 * We were probably interrupted, so delete
1116 * this CTLX asynchronously, kill the timers
1117 * and the URB, and then start the next
1120 * NOTE: We can only delete the timers and
1121 * the URB if this CTLX is active.
1123 if (ctlx == get_active_ctlx(hw)) {
1124 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
1126 del_singleshot_timer_sync(&hw->reqtimer);
1127 del_singleshot_timer_sync(&hw->resptimer);
1128 hw->req_timer_done = 1;
1129 hw->resp_timer_done = 1;
1130 usb_kill_urb(&hw->ctlx_urb);
1132 spin_lock_irqsave(&hw->ctlxq.lock, flags);
1137 * This scenario is so unlikely that I'm
1138 * happy with a grubby "goto" solution ...
1140 if (hw->wlandev->hwremoved)
1145 * The completion task will send this CTLX
1146 * to the reaper the next time it runs. We
1147 * are no longer in a hurry.
1150 ctlx->state = CTLX_REQ_FAILED;
1151 list_move_tail(&ctlx->list, &hw->ctlxq.completing);
1153 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
1156 hfa384x_usbctlxq_run(hw);
1158 if (ctlx->state == CTLX_COMPLETE) {
1159 result = completor->complete(completor);
1161 netdev_warn(hw->wlandev->netdev, "CTLX[%d] error: state(%s)\n",
1162 le16_to_cpu(ctlx->outbuf.type),
1163 ctlxstr(ctlx->state));
1167 list_del(&ctlx->list);
1168 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
1175 /*----------------------------------------------------------------
1178 * Constructs a command CTLX and submits it.
1180 * NOTE: Any changes to the 'post-submit' code in this function
1181 * need to be carried over to hfa384x_cbcmd() since the handling
1182 * is virtually identical.
1185 * hw device structure
1186 * cmd cmd structure. Includes all arguments and result
1187 * data points. All in host order. in host order
1192 * -ERESTARTSYS Awakened on signal
1193 * >0 command indicated error, Status and Resp0-2 are
1201 *----------------------------------------------------------------
1204 hfa384x_docmd(struct hfa384x *hw,
1205 struct hfa384x_metacmd *cmd)
1208 struct hfa384x_usbctlx *ctlx;
1210 ctlx = usbctlx_alloc();
1216 /* Initialize the command */
1217 ctlx->outbuf.cmdreq.type = cpu_to_le16(HFA384x_USB_CMDREQ);
1218 ctlx->outbuf.cmdreq.cmd = cpu_to_le16(cmd->cmd);
1219 ctlx->outbuf.cmdreq.parm0 = cpu_to_le16(cmd->parm0);
1220 ctlx->outbuf.cmdreq.parm1 = cpu_to_le16(cmd->parm1);
1221 ctlx->outbuf.cmdreq.parm2 = cpu_to_le16(cmd->parm2);
1223 ctlx->outbufsize = sizeof(ctlx->outbuf.cmdreq);
1225 pr_debug("cmdreq: cmd=0x%04x parm0=0x%04x parm1=0x%04x parm2=0x%04x\n",
1226 cmd->cmd, cmd->parm0, cmd->parm1, cmd->parm2);
1228 ctlx->reapable = DOWAIT;
1230 ctlx->usercb = NULL;
1231 ctlx->usercb_data = NULL;
1233 result = hfa384x_usbctlx_submit(hw, ctlx);
1237 struct usbctlx_cmd_completor cmd_completor;
1238 struct usbctlx_completor *completor;
1240 completor = init_cmd_completor(&cmd_completor,
1241 &ctlx->inbuf.cmdresp,
1244 result = hfa384x_usbctlx_complete_sync(hw, ctlx, completor);
1251 /*----------------------------------------------------------------
1254 * Constructs a read rid CTLX and issues it.
1256 * NOTE: Any changes to the 'post-submit' code in this function
1257 * need to be carried over to hfa384x_cbrrid() since the handling
1258 * is virtually identical.
1261 * hw device structure
1262 * mode DOWAIT or DOASYNC
1263 * rid Read RID number (host order)
1264 * riddata Caller supplied buffer that MAC formatted RID.data
1265 * record will be written to for DOWAIT calls. Should
1266 * be NULL for DOASYNC calls.
1267 * riddatalen Buffer length for DOWAIT calls. Zero for DOASYNC calls.
1268 * cmdcb command callback for async calls, NULL for DOWAIT calls
1269 * usercb user callback for async calls, NULL for DOWAIT calls
1270 * usercb_data user supplied data pointer for async calls, NULL
1276 * -ERESTARTSYS Awakened on signal
1277 * -ENODATA riddatalen != macdatalen
1278 * >0 command indicated error, Status and Resp0-2 are
1284 * interrupt (DOASYNC)
1285 * process (DOWAIT or DOASYNC)
1286 *----------------------------------------------------------------
1289 hfa384x_dorrid(struct hfa384x *hw,
1293 unsigned int riddatalen,
1294 ctlx_cmdcb_t cmdcb, ctlx_usercb_t usercb, void *usercb_data)
1297 struct hfa384x_usbctlx *ctlx;
1299 ctlx = usbctlx_alloc();
1305 /* Initialize the command */
1306 ctlx->outbuf.rridreq.type = cpu_to_le16(HFA384x_USB_RRIDREQ);
1307 ctlx->outbuf.rridreq.frmlen =
1308 cpu_to_le16(sizeof(ctlx->outbuf.rridreq.rid));
1309 ctlx->outbuf.rridreq.rid = cpu_to_le16(rid);
1311 ctlx->outbufsize = sizeof(ctlx->outbuf.rridreq);
1313 ctlx->reapable = mode;
1314 ctlx->cmdcb = cmdcb;
1315 ctlx->usercb = usercb;
1316 ctlx->usercb_data = usercb_data;
1318 /* Submit the CTLX */
1319 result = hfa384x_usbctlx_submit(hw, ctlx);
1322 } else if (mode == DOWAIT) {
1323 struct usbctlx_rrid_completor completor;
1326 hfa384x_usbctlx_complete_sync(hw, ctlx,
1329 &ctlx->inbuf.rridresp,
1330 riddata, riddatalen));
1337 /*----------------------------------------------------------------
1340 * Constructs a write rid CTLX and issues it.
1342 * NOTE: Any changes to the 'post-submit' code in this function
1343 * need to be carried over to hfa384x_cbwrid() since the handling
1344 * is virtually identical.
1347 * hw device structure
1348 * enum cmd_mode DOWAIT or DOASYNC
1350 * riddata Data portion of RID formatted for MAC
1351 * riddatalen Length of the data portion in bytes
1352 * cmdcb command callback for async calls, NULL for DOWAIT calls
1353 * usercb user callback for async calls, NULL for DOWAIT calls
1354 * usercb_data user supplied data pointer for async calls
1358 * -ETIMEDOUT timed out waiting for register ready or
1359 * command completion
1360 * >0 command indicated error, Status and Resp0-2 are
1366 * interrupt (DOASYNC)
1367 * process (DOWAIT or DOASYNC)
1368 *----------------------------------------------------------------
1371 hfa384x_dowrid(struct hfa384x *hw,
1375 unsigned int riddatalen,
1376 ctlx_cmdcb_t cmdcb, ctlx_usercb_t usercb, void *usercb_data)
1379 struct hfa384x_usbctlx *ctlx;
1381 ctlx = usbctlx_alloc();
1387 /* Initialize the command */
1388 ctlx->outbuf.wridreq.type = cpu_to_le16(HFA384x_USB_WRIDREQ);
1389 ctlx->outbuf.wridreq.frmlen = cpu_to_le16((sizeof
1390 (ctlx->outbuf.wridreq.rid) +
1391 riddatalen + 1) / 2);
1392 ctlx->outbuf.wridreq.rid = cpu_to_le16(rid);
1393 memcpy(ctlx->outbuf.wridreq.data, riddata, riddatalen);
1395 ctlx->outbufsize = sizeof(ctlx->outbuf.wridreq.type) +
1396 sizeof(ctlx->outbuf.wridreq.frmlen) +
1397 sizeof(ctlx->outbuf.wridreq.rid) + riddatalen;
1399 ctlx->reapable = mode;
1400 ctlx->cmdcb = cmdcb;
1401 ctlx->usercb = usercb;
1402 ctlx->usercb_data = usercb_data;
1404 /* Submit the CTLX */
1405 result = hfa384x_usbctlx_submit(hw, ctlx);
1408 } else if (mode == DOWAIT) {
1409 struct usbctlx_cmd_completor completor;
1410 struct hfa384x_cmdresult wridresult;
1412 result = hfa384x_usbctlx_complete_sync(hw,
1416 &ctlx->inbuf.wridresp,
1424 /*----------------------------------------------------------------
1427 * Constructs a readmem CTLX and issues it.
1429 * NOTE: Any changes to the 'post-submit' code in this function
1430 * need to be carried over to hfa384x_cbrmem() since the handling
1431 * is virtually identical.
1434 * hw device structure
1435 * page MAC address space page (CMD format)
1436 * offset MAC address space offset
1437 * data Ptr to data buffer to receive read
1438 * len Length of the data to read (max == 2048)
1442 * -ETIMEDOUT timed out waiting for register ready or
1443 * command completion
1444 * >0 command indicated error, Status and Resp0-2 are
1451 *----------------------------------------------------------------
1454 hfa384x_dormem(struct hfa384x *hw,
1461 struct hfa384x_usbctlx *ctlx;
1463 ctlx = usbctlx_alloc();
1469 /* Initialize the command */
1470 ctlx->outbuf.rmemreq.type = cpu_to_le16(HFA384x_USB_RMEMREQ);
1471 ctlx->outbuf.rmemreq.frmlen =
1472 cpu_to_le16(sizeof(ctlx->outbuf.rmemreq.offset) +
1473 sizeof(ctlx->outbuf.rmemreq.page) + len);
1474 ctlx->outbuf.rmemreq.offset = cpu_to_le16(offset);
1475 ctlx->outbuf.rmemreq.page = cpu_to_le16(page);
1477 ctlx->outbufsize = sizeof(ctlx->outbuf.rmemreq);
1479 pr_debug("type=0x%04x frmlen=%d offset=0x%04x page=0x%04x\n",
1480 ctlx->outbuf.rmemreq.type,
1481 ctlx->outbuf.rmemreq.frmlen,
1482 ctlx->outbuf.rmemreq.offset, ctlx->outbuf.rmemreq.page);
1484 pr_debug("pktsize=%zd\n", ROUNDUP64(sizeof(ctlx->outbuf.rmemreq)));
1486 ctlx->reapable = DOWAIT;
1488 ctlx->usercb = NULL;
1489 ctlx->usercb_data = NULL;
1491 result = hfa384x_usbctlx_submit(hw, ctlx);
1495 struct usbctlx_rmem_completor completor;
1498 hfa384x_usbctlx_complete_sync(hw, ctlx,
1501 &ctlx->inbuf.rmemresp, data,
1509 /*----------------------------------------------------------------
1512 * Constructs a writemem CTLX and issues it.
1514 * NOTE: Any changes to the 'post-submit' code in this function
1515 * need to be carried over to hfa384x_cbwmem() since the handling
1516 * is virtually identical.
1519 * hw device structure
1520 * page MAC address space page (CMD format)
1521 * offset MAC address space offset
1522 * data Ptr to data buffer containing write data
1523 * len Length of the data to read (max == 2048)
1527 * -ETIMEDOUT timed out waiting for register ready or
1528 * command completion
1529 * >0 command indicated error, Status and Resp0-2 are
1535 * interrupt (DOWAIT)
1537 *----------------------------------------------------------------
1540 hfa384x_dowmem(struct hfa384x *hw,
1547 struct hfa384x_usbctlx *ctlx;
1549 pr_debug("page=0x%04x offset=0x%04x len=%d\n", page, offset, len);
1551 ctlx = usbctlx_alloc();
1557 /* Initialize the command */
1558 ctlx->outbuf.wmemreq.type = cpu_to_le16(HFA384x_USB_WMEMREQ);
1559 ctlx->outbuf.wmemreq.frmlen =
1560 cpu_to_le16(sizeof(ctlx->outbuf.wmemreq.offset) +
1561 sizeof(ctlx->outbuf.wmemreq.page) + len);
1562 ctlx->outbuf.wmemreq.offset = cpu_to_le16(offset);
1563 ctlx->outbuf.wmemreq.page = cpu_to_le16(page);
1564 memcpy(ctlx->outbuf.wmemreq.data, data, len);
1566 ctlx->outbufsize = sizeof(ctlx->outbuf.wmemreq.type) +
1567 sizeof(ctlx->outbuf.wmemreq.frmlen) +
1568 sizeof(ctlx->outbuf.wmemreq.offset) +
1569 sizeof(ctlx->outbuf.wmemreq.page) + len;
1571 ctlx->reapable = DOWAIT;
1573 ctlx->usercb = NULL;
1574 ctlx->usercb_data = NULL;
1576 result = hfa384x_usbctlx_submit(hw, ctlx);
1580 struct usbctlx_cmd_completor completor;
1581 struct hfa384x_cmdresult wmemresult;
1583 result = hfa384x_usbctlx_complete_sync(hw,
1587 &ctlx->inbuf.wmemresp,
1595 /*----------------------------------------------------------------
1596 * hfa384x_drvr_disable
1598 * Issues the disable command to stop communications on one of
1599 * the MACs 'ports'. Only macport 0 is valid for stations.
1600 * APs may also disable macports 1-6. Only ports that have been
1601 * previously enabled may be disabled.
1604 * hw device structure
1605 * macport MAC port number (host order)
1609 * >0 f/w reported failure - f/w status code
1610 * <0 driver reported error (timeout|bad arg)
1616 *----------------------------------------------------------------
1618 int hfa384x_drvr_disable(struct hfa384x *hw, u16 macport)
1622 if ((!hw->isap && macport != 0) ||
1623 (hw->isap && !(macport <= HFA384x_PORTID_MAX)) ||
1624 !(hw->port_enabled[macport])) {
1627 result = hfa384x_cmd_disable(hw, macport);
1629 hw->port_enabled[macport] = 0;
1634 /*----------------------------------------------------------------
1635 * hfa384x_drvr_enable
1637 * Issues the enable command to enable communications on one of
1638 * the MACs 'ports'. Only macport 0 is valid for stations.
1639 * APs may also enable macports 1-6. Only ports that are currently
1640 * disabled may be enabled.
1643 * hw device structure
1644 * macport MAC port number
1648 * >0 f/w reported failure - f/w status code
1649 * <0 driver reported error (timeout|bad arg)
1655 *----------------------------------------------------------------
1657 int hfa384x_drvr_enable(struct hfa384x *hw, u16 macport)
1661 if ((!hw->isap && macport != 0) ||
1662 (hw->isap && !(macport <= HFA384x_PORTID_MAX)) ||
1663 (hw->port_enabled[macport])) {
1666 result = hfa384x_cmd_enable(hw, macport);
1668 hw->port_enabled[macport] = 1;
1673 /*----------------------------------------------------------------
1674 * hfa384x_drvr_flashdl_enable
1676 * Begins the flash download state. Checks to see that we're not
1677 * already in a download state and that a port isn't enabled.
1678 * Sets the download state and retrieves the flash download
1679 * buffer location, buffer size, and timeout length.
1682 * hw device structure
1686 * >0 f/w reported error - f/w status code
1687 * <0 driver reported error
1693 *----------------------------------------------------------------
1695 int hfa384x_drvr_flashdl_enable(struct hfa384x *hw)
1700 /* Check that a port isn't active */
1701 for (i = 0; i < HFA384x_PORTID_MAX; i++) {
1702 if (hw->port_enabled[i]) {
1703 pr_debug("called when port enabled.\n");
1708 /* Check that we're not already in a download state */
1709 if (hw->dlstate != HFA384x_DLSTATE_DISABLED)
1712 /* Retrieve the buffer loc&size and timeout */
1713 result = hfa384x_drvr_getconfig(hw, HFA384x_RID_DOWNLOADBUFFER,
1714 &hw->bufinfo, sizeof(hw->bufinfo));
1718 le16_to_cpus(&hw->bufinfo.page);
1719 le16_to_cpus(&hw->bufinfo.offset);
1720 le16_to_cpus(&hw->bufinfo.len);
1721 result = hfa384x_drvr_getconfig16(hw, HFA384x_RID_MAXLOADTIME,
1726 le16_to_cpus(&hw->dltimeout);
1728 pr_debug("flashdl_enable\n");
1730 hw->dlstate = HFA384x_DLSTATE_FLASHENABLED;
1735 /*----------------------------------------------------------------
1736 * hfa384x_drvr_flashdl_disable
1738 * Ends the flash download state. Note that this will cause the MAC
1739 * firmware to restart.
1742 * hw device structure
1746 * >0 f/w reported error - f/w status code
1747 * <0 driver reported error
1753 *----------------------------------------------------------------
1755 int hfa384x_drvr_flashdl_disable(struct hfa384x *hw)
1757 /* Check that we're already in the download state */
1758 if (hw->dlstate != HFA384x_DLSTATE_FLASHENABLED)
1761 pr_debug("flashdl_enable\n");
1763 /* There isn't much we can do at this point, so I don't */
1764 /* bother w/ the return value */
1765 hfa384x_cmd_download(hw, HFA384x_PROGMODE_DISABLE, 0, 0, 0);
1766 hw->dlstate = HFA384x_DLSTATE_DISABLED;
1771 /*----------------------------------------------------------------
1772 * hfa384x_drvr_flashdl_write
1774 * Performs a FLASH download of a chunk of data. First checks to see
1775 * that we're in the FLASH download state, then sets the download
1776 * mode, uses the aux functions to 1) copy the data to the flash
1777 * buffer, 2) sets the download 'write flash' mode, 3) readback and
1778 * compare. Lather rinse, repeat as many times an necessary to get
1779 * all the given data into flash.
1780 * When all data has been written using this function (possibly
1781 * repeatedly), call drvr_flashdl_disable() to end the download state
1782 * and restart the MAC.
1785 * hw device structure
1786 * daddr Card address to write to. (host order)
1787 * buf Ptr to data to write.
1788 * len Length of data (host order).
1792 * >0 f/w reported error - f/w status code
1793 * <0 driver reported error
1799 *----------------------------------------------------------------
1801 int hfa384x_drvr_flashdl_write(struct hfa384x *hw, u32 daddr,
1819 pr_debug("daddr=0x%08x len=%d\n", daddr, len);
1821 /* Check that we're in the flash download state */
1822 if (hw->dlstate != HFA384x_DLSTATE_FLASHENABLED)
1825 netdev_info(hw->wlandev->netdev,
1826 "Download %d bytes to flash @0x%06x\n", len, daddr);
1828 /* Convert to flat address for arithmetic */
1829 /* NOTE: dlbuffer RID stores the address in AUX format */
1831 HFA384x_ADDR_AUX_MKFLAT(hw->bufinfo.page, hw->bufinfo.offset);
1832 pr_debug("dlbuf.page=0x%04x dlbuf.offset=0x%04x dlbufaddr=0x%08x\n",
1833 hw->bufinfo.page, hw->bufinfo.offset, dlbufaddr);
1834 /* Calculations to determine how many fills of the dlbuffer to do
1835 * and how many USB wmemreq's to do for each fill. At this point
1836 * in time, the dlbuffer size and the wmemreq size are the same.
1837 * Therefore, nwrites should always be 1. The extra complexity
1838 * here is a hedge against future changes.
1841 /* Figure out how many times to do the flash programming */
1842 nburns = len / hw->bufinfo.len;
1843 nburns += (len % hw->bufinfo.len) ? 1 : 0;
1845 /* For each flash program cycle, how many USB wmemreq's are needed? */
1846 nwrites = hw->bufinfo.len / HFA384x_USB_RWMEM_MAXLEN;
1847 nwrites += (hw->bufinfo.len % HFA384x_USB_RWMEM_MAXLEN) ? 1 : 0;
1850 for (i = 0; i < nburns; i++) {
1851 /* Get the dest address and len */
1852 burnlen = (len - (hw->bufinfo.len * i)) > hw->bufinfo.len ?
1853 hw->bufinfo.len : (len - (hw->bufinfo.len * i));
1854 burndaddr = daddr + (hw->bufinfo.len * i);
1855 burnlo = HFA384x_ADDR_CMD_MKOFF(burndaddr);
1856 burnhi = HFA384x_ADDR_CMD_MKPAGE(burndaddr);
1858 netdev_info(hw->wlandev->netdev, "Writing %d bytes to flash @0x%06x\n",
1859 burnlen, burndaddr);
1861 /* Set the download mode */
1862 result = hfa384x_cmd_download(hw, HFA384x_PROGMODE_NV,
1863 burnlo, burnhi, burnlen);
1865 netdev_err(hw->wlandev->netdev,
1866 "download(NV,lo=%x,hi=%x,len=%x) cmd failed, result=%d. Aborting d/l\n",
1867 burnlo, burnhi, burnlen, result);
1871 /* copy the data to the flash download buffer */
1872 for (j = 0; j < nwrites; j++) {
1874 (i * hw->bufinfo.len) +
1875 (j * HFA384x_USB_RWMEM_MAXLEN);
1877 writepage = HFA384x_ADDR_CMD_MKPAGE(dlbufaddr +
1878 (j * HFA384x_USB_RWMEM_MAXLEN));
1879 writeoffset = HFA384x_ADDR_CMD_MKOFF(dlbufaddr +
1880 (j * HFA384x_USB_RWMEM_MAXLEN));
1882 writelen = burnlen - (j * HFA384x_USB_RWMEM_MAXLEN);
1883 writelen = writelen > HFA384x_USB_RWMEM_MAXLEN ?
1884 HFA384x_USB_RWMEM_MAXLEN : writelen;
1886 result = hfa384x_dowmem(hw,
1889 writebuf, writelen);
1892 /* set the download 'write flash' mode */
1893 result = hfa384x_cmd_download(hw,
1894 HFA384x_PROGMODE_NVWRITE,
1897 netdev_err(hw->wlandev->netdev,
1898 "download(NVWRITE,lo=%x,hi=%x,len=%x) cmd failed, result=%d. Aborting d/l\n",
1899 burnlo, burnhi, burnlen, result);
1903 /* TODO: We really should do a readback and compare. */
1908 /* Leave the firmware in the 'post-prog' mode. flashdl_disable will */
1909 /* actually disable programming mode. Remember, that will cause the */
1910 /* the firmware to effectively reset itself. */
1915 /*----------------------------------------------------------------
1916 * hfa384x_drvr_getconfig
1918 * Performs the sequence necessary to read a config/info item.
1921 * hw device structure
1922 * rid config/info record id (host order)
1923 * buf host side record buffer. Upon return it will
1924 * contain the body portion of the record (minus the
1926 * len buffer length (in bytes, should match record length)
1930 * >0 f/w reported error - f/w status code
1931 * <0 driver reported error
1932 * -ENODATA length mismatch between argument and retrieved
1939 *----------------------------------------------------------------
1941 int hfa384x_drvr_getconfig(struct hfa384x *hw, u16 rid, void *buf, u16 len)
1943 return hfa384x_dorrid(hw, DOWAIT, rid, buf, len, NULL, NULL, NULL);
1946 /*----------------------------------------------------------------
1947 * hfa384x_drvr_setconfig_async
1949 * Performs the sequence necessary to write a config/info item.
1952 * hw device structure
1953 * rid config/info record id (in host order)
1954 * buf host side record buffer
1955 * len buffer length (in bytes)
1956 * usercb completion callback
1957 * usercb_data completion callback argument
1961 * >0 f/w reported error - f/w status code
1962 * <0 driver reported error
1968 *----------------------------------------------------------------
1971 hfa384x_drvr_setconfig_async(struct hfa384x *hw,
1974 u16 len, ctlx_usercb_t usercb, void *usercb_data)
1976 return hfa384x_dowrid(hw, DOASYNC, rid, buf, len, hfa384x_cb_status,
1977 usercb, usercb_data);
1980 /*----------------------------------------------------------------
1981 * hfa384x_drvr_ramdl_disable
1983 * Ends the ram download state.
1986 * hw device structure
1990 * >0 f/w reported error - f/w status code
1991 * <0 driver reported error
1997 *----------------------------------------------------------------
1999 int hfa384x_drvr_ramdl_disable(struct hfa384x *hw)
2001 /* Check that we're already in the download state */
2002 if (hw->dlstate != HFA384x_DLSTATE_RAMENABLED)
2005 pr_debug("ramdl_disable()\n");
2007 /* There isn't much we can do at this point, so I don't */
2008 /* bother w/ the return value */
2009 hfa384x_cmd_download(hw, HFA384x_PROGMODE_DISABLE, 0, 0, 0);
2010 hw->dlstate = HFA384x_DLSTATE_DISABLED;
2015 /*----------------------------------------------------------------
2016 * hfa384x_drvr_ramdl_enable
2018 * Begins the ram download state. Checks to see that we're not
2019 * already in a download state and that a port isn't enabled.
2020 * Sets the download state and calls cmd_download with the
2021 * ENABLE_VOLATILE subcommand and the exeaddr argument.
2024 * hw device structure
2025 * exeaddr the card execution address that will be
2026 * jumped to when ramdl_disable() is called
2031 * >0 f/w reported error - f/w status code
2032 * <0 driver reported error
2038 *----------------------------------------------------------------
2040 int hfa384x_drvr_ramdl_enable(struct hfa384x *hw, u32 exeaddr)
2047 /* Check that a port isn't active */
2048 for (i = 0; i < HFA384x_PORTID_MAX; i++) {
2049 if (hw->port_enabled[i]) {
2050 netdev_err(hw->wlandev->netdev,
2051 "Can't download with a macport enabled.\n");
2056 /* Check that we're not already in a download state */
2057 if (hw->dlstate != HFA384x_DLSTATE_DISABLED) {
2058 netdev_err(hw->wlandev->netdev,
2059 "Download state not disabled.\n");
2063 pr_debug("ramdl_enable, exeaddr=0x%08x\n", exeaddr);
2065 /* Call the download(1,addr) function */
2066 lowaddr = HFA384x_ADDR_CMD_MKOFF(exeaddr);
2067 hiaddr = HFA384x_ADDR_CMD_MKPAGE(exeaddr);
2069 result = hfa384x_cmd_download(hw, HFA384x_PROGMODE_RAM,
2070 lowaddr, hiaddr, 0);
2073 /* Set the download state */
2074 hw->dlstate = HFA384x_DLSTATE_RAMENABLED;
2076 pr_debug("cmd_download(0x%04x, 0x%04x) failed, result=%d.\n",
2077 lowaddr, hiaddr, result);
2083 /*----------------------------------------------------------------
2084 * hfa384x_drvr_ramdl_write
2086 * Performs a RAM download of a chunk of data. First checks to see
2087 * that we're in the RAM download state, then uses the [read|write]mem USB
2088 * commands to 1) copy the data, 2) readback and compare. The download
2089 * state is unaffected. When all data has been written using
2090 * this function, call drvr_ramdl_disable() to end the download state
2091 * and restart the MAC.
2094 * hw device structure
2095 * daddr Card address to write to. (host order)
2096 * buf Ptr to data to write.
2097 * len Length of data (host order).
2101 * >0 f/w reported error - f/w status code
2102 * <0 driver reported error
2108 *----------------------------------------------------------------
2110 int hfa384x_drvr_ramdl_write(struct hfa384x *hw, u32 daddr, void *buf, u32 len)
2121 /* Check that we're in the ram download state */
2122 if (hw->dlstate != HFA384x_DLSTATE_RAMENABLED)
2125 netdev_info(hw->wlandev->netdev, "Writing %d bytes to ram @0x%06x\n",
2128 /* How many dowmem calls? */
2129 nwrites = len / HFA384x_USB_RWMEM_MAXLEN;
2130 nwrites += len % HFA384x_USB_RWMEM_MAXLEN ? 1 : 0;
2132 /* Do blocking wmem's */
2133 for (i = 0; i < nwrites; i++) {
2134 /* make address args */
2135 curraddr = daddr + (i * HFA384x_USB_RWMEM_MAXLEN);
2136 currpage = HFA384x_ADDR_CMD_MKPAGE(curraddr);
2137 curroffset = HFA384x_ADDR_CMD_MKOFF(curraddr);
2138 currlen = len - (i * HFA384x_USB_RWMEM_MAXLEN);
2139 if (currlen > HFA384x_USB_RWMEM_MAXLEN)
2140 currlen = HFA384x_USB_RWMEM_MAXLEN;
2142 /* Do blocking ctlx */
2143 result = hfa384x_dowmem(hw,
2146 data + (i * HFA384x_USB_RWMEM_MAXLEN),
2152 /* TODO: We really should have a readback. */
2158 /*----------------------------------------------------------------
2159 * hfa384x_drvr_readpda
2161 * Performs the sequence to read the PDA space. Note there is no
2162 * drvr_writepda() function. Writing a PDA is
2163 * generally implemented by a calling component via calls to
2164 * cmd_download and writing to the flash download buffer via the
2168 * hw device structure
2169 * buf buffer to store PDA in
2174 * >0 f/w reported error - f/w status code
2175 * <0 driver reported error
2176 * -ETIMEDOUT timeout waiting for the cmd regs to become
2177 * available, or waiting for the control reg
2178 * to indicate the Aux port is enabled.
2179 * -ENODATA the buffer does NOT contain a valid PDA.
2180 * Either the card PDA is bad, or the auxdata
2181 * reads are giving us garbage.
2187 * process or non-card interrupt.
2188 *----------------------------------------------------------------
2190 int hfa384x_drvr_readpda(struct hfa384x *hw, void *buf, unsigned int len)
2196 int currpdr = 0; /* word offset of the current pdr */
2198 u16 pdrlen; /* pdr length in bytes, host order */
2199 u16 pdrcode; /* pdr code, host order */
2207 HFA3842_PDA_BASE, 0}, {
2208 HFA3841_PDA_BASE, 0}, {
2209 HFA3841_PDA_BOGUS_BASE, 0}
2212 /* Read the pda from each known address. */
2213 for (i = 0; i < ARRAY_SIZE(pdaloc); i++) {
2215 currpage = HFA384x_ADDR_CMD_MKPAGE(pdaloc[i].cardaddr);
2216 curroffset = HFA384x_ADDR_CMD_MKOFF(pdaloc[i].cardaddr);
2218 /* units of bytes */
2219 result = hfa384x_dormem(hw, currpage, curroffset, buf,
2223 netdev_warn(hw->wlandev->netdev,
2224 "Read from index %zd failed, continuing\n",
2229 /* Test for garbage */
2230 pdaok = 1; /* initially assume good */
2232 while (pdaok && morepdrs) {
2233 pdrlen = le16_to_cpu(pda[currpdr]) * 2;
2234 pdrcode = le16_to_cpu(pda[currpdr + 1]);
2235 /* Test the record length */
2236 if (pdrlen > HFA384x_PDR_LEN_MAX || pdrlen == 0) {
2237 netdev_err(hw->wlandev->netdev,
2238 "pdrlen invalid=%d\n", pdrlen);
2243 if (!hfa384x_isgood_pdrcode(pdrcode)) {
2244 netdev_err(hw->wlandev->netdev, "pdrcode invalid=%d\n",
2249 /* Test for completion */
2250 if (pdrcode == HFA384x_PDR_END_OF_PDA)
2253 /* Move to the next pdr (if necessary) */
2255 /* note the access to pda[], need words here */
2256 currpdr += le16_to_cpu(pda[currpdr]) + 1;
2260 netdev_info(hw->wlandev->netdev,
2261 "PDA Read from 0x%08x in %s space.\n",
2263 pdaloc[i].auxctl == 0 ? "EXTDS" :
2264 pdaloc[i].auxctl == 1 ? "NV" :
2265 pdaloc[i].auxctl == 2 ? "PHY" :
2266 pdaloc[i].auxctl == 3 ? "ICSRAM" :
2271 result = pdaok ? 0 : -ENODATA;
2274 pr_debug("Failure: pda is not okay\n");
2279 /*----------------------------------------------------------------
2280 * hfa384x_drvr_setconfig
2282 * Performs the sequence necessary to write a config/info item.
2285 * hw device structure
2286 * rid config/info record id (in host order)
2287 * buf host side record buffer
2288 * len buffer length (in bytes)
2292 * >0 f/w reported error - f/w status code
2293 * <0 driver reported error
2299 *----------------------------------------------------------------
2301 int hfa384x_drvr_setconfig(struct hfa384x *hw, u16 rid, void *buf, u16 len)
2303 return hfa384x_dowrid(hw, DOWAIT, rid, buf, len, NULL, NULL, NULL);
2306 /*----------------------------------------------------------------
2307 * hfa384x_drvr_start
2309 * Issues the MAC initialize command, sets up some data structures,
2310 * and enables the interrupts. After this function completes, the
2311 * low-level stuff should be ready for any/all commands.
2314 * hw device structure
2317 * >0 f/w reported error - f/w status code
2318 * <0 driver reported error
2324 *----------------------------------------------------------------
2326 int hfa384x_drvr_start(struct hfa384x *hw)
2328 int result, result1, result2;
2333 /* Clear endpoint stalls - but only do this if the endpoint
2334 * is showing a stall status. Some prism2 cards seem to behave
2335 * badly if a clear_halt is called when the endpoint is already
2339 usb_get_std_status(hw->usb, USB_RECIP_ENDPOINT, hw->endp_in,
2342 netdev_err(hw->wlandev->netdev, "Cannot get bulk in endpoint status.\n");
2345 if ((status == 1) && usb_clear_halt(hw->usb, hw->endp_in))
2346 netdev_err(hw->wlandev->netdev, "Failed to reset bulk in endpoint.\n");
2349 usb_get_std_status(hw->usb, USB_RECIP_ENDPOINT, hw->endp_out,
2352 netdev_err(hw->wlandev->netdev, "Cannot get bulk out endpoint status.\n");
2355 if ((status == 1) && usb_clear_halt(hw->usb, hw->endp_out))
2356 netdev_err(hw->wlandev->netdev, "Failed to reset bulk out endpoint.\n");
2358 /* Synchronous unlink, in case we're trying to restart the driver */
2359 usb_kill_urb(&hw->rx_urb);
2361 /* Post the IN urb */
2362 result = submit_rx_urb(hw, GFP_KERNEL);
2364 netdev_err(hw->wlandev->netdev,
2365 "Fatal, failed to submit RX URB, result=%d\n",
2370 /* Call initialize twice, with a 1 second sleep in between.
2371 * This is a nasty work-around since many prism2 cards seem to
2372 * need time to settle after an init from cold. The second
2373 * call to initialize in theory is not necessary - but we call
2374 * it anyway as a double insurance policy:
2375 * 1) If the first init should fail, the second may well succeed
2376 * and the card can still be used
2377 * 2) It helps ensures all is well with the card after the first
2378 * init and settle time.
2380 result1 = hfa384x_cmd_initialize(hw);
2382 result = hfa384x_cmd_initialize(hw);
2386 netdev_err(hw->wlandev->netdev,
2387 "cmd_initialize() failed on two attempts, results %d and %d\n",
2389 usb_kill_urb(&hw->rx_urb);
2392 pr_debug("First cmd_initialize() failed (result %d),\n",
2394 pr_debug("but second attempt succeeded. All should be ok\n");
2396 } else if (result2 != 0) {
2397 netdev_warn(hw->wlandev->netdev, "First cmd_initialize() succeeded, but second attempt failed (result=%d)\n",
2399 netdev_warn(hw->wlandev->netdev,
2400 "Most likely the card will be functional\n");
2404 hw->state = HFA384x_STATE_RUNNING;
2410 /*----------------------------------------------------------------
2413 * Shuts down the MAC to the point where it is safe to unload the
2414 * driver. Any subsystem that may be holding a data or function
2415 * ptr into the driver must be cleared/deinitialized.
2418 * hw device structure
2421 * >0 f/w reported error - f/w status code
2422 * <0 driver reported error
2428 *----------------------------------------------------------------
2430 int hfa384x_drvr_stop(struct hfa384x *hw)
2436 /* There's no need for spinlocks here. The USB "disconnect"
2437 * function sets this "removed" flag and then calls us.
2439 if (!hw->wlandev->hwremoved) {
2440 /* Call initialize to leave the MAC in its 'reset' state */
2441 hfa384x_cmd_initialize(hw);
2443 /* Cancel the rxurb */
2444 usb_kill_urb(&hw->rx_urb);
2447 hw->link_status = HFA384x_LINK_NOTCONNECTED;
2448 hw->state = HFA384x_STATE_INIT;
2450 del_timer_sync(&hw->commsqual_timer);
2452 /* Clear all the port status */
2453 for (i = 0; i < HFA384x_NUMPORTS_MAX; i++)
2454 hw->port_enabled[i] = 0;
2459 /*----------------------------------------------------------------
2460 * hfa384x_drvr_txframe
2462 * Takes a frame from prism2sta and queues it for transmission.
2465 * hw device structure
2466 * skb packet buffer struct. Contains an 802.11
2468 * p80211_hdr points to the 802.11 header for the packet.
2470 * 0 Success and more buffs available
2471 * 1 Success but no more buffs
2472 * 2 Allocation failure
2473 * 4 Buffer full or queue busy
2479 *----------------------------------------------------------------
2481 int hfa384x_drvr_txframe(struct hfa384x *hw, struct sk_buff *skb,
2482 union p80211_hdr *p80211_hdr,
2483 struct p80211_metawep *p80211_wep)
2485 int usbpktlen = sizeof(struct hfa384x_tx_frame);
2490 if (hw->tx_urb.status == -EINPROGRESS) {
2491 netdev_warn(hw->wlandev->netdev, "TX URB already in use\n");
2496 /* Build Tx frame structure */
2497 /* Set up the control field */
2498 memset(&hw->txbuff.txfrm.desc, 0, sizeof(hw->txbuff.txfrm.desc));
2500 /* Setup the usb type field */
2501 hw->txbuff.type = cpu_to_le16(HFA384x_USB_TXFRM);
2503 /* Set up the sw_support field to identify this frame */
2504 hw->txbuff.txfrm.desc.sw_support = 0x0123;
2506 /* Tx complete and Tx exception disable per dleach. Might be causing
2509 /* #define DOEXC SLP -- doboth breaks horribly under load, doexc less so. */
2511 hw->txbuff.txfrm.desc.tx_control =
2512 HFA384x_TX_MACPORT_SET(0) | HFA384x_TX_STRUCTYPE_SET(1) |
2513 HFA384x_TX_TXEX_SET(1) | HFA384x_TX_TXOK_SET(1);
2514 #elif defined(DOEXC)
2515 hw->txbuff.txfrm.desc.tx_control =
2516 HFA384x_TX_MACPORT_SET(0) | HFA384x_TX_STRUCTYPE_SET(1) |
2517 HFA384x_TX_TXEX_SET(1) | HFA384x_TX_TXOK_SET(0);
2519 hw->txbuff.txfrm.desc.tx_control =
2520 HFA384x_TX_MACPORT_SET(0) | HFA384x_TX_STRUCTYPE_SET(1) |
2521 HFA384x_TX_TXEX_SET(0) | HFA384x_TX_TXOK_SET(0);
2523 cpu_to_le16s(&hw->txbuff.txfrm.desc.tx_control);
2525 /* copy the header over to the txdesc */
2526 memcpy(&hw->txbuff.txfrm.desc.frame_control, p80211_hdr,
2527 sizeof(union p80211_hdr));
2529 /* if we're using host WEP, increase size by IV+ICV */
2530 if (p80211_wep->data) {
2531 hw->txbuff.txfrm.desc.data_len = cpu_to_le16(skb->len + 8);
2534 hw->txbuff.txfrm.desc.data_len = cpu_to_le16(skb->len);
2537 usbpktlen += skb->len;
2539 /* copy over the WEP IV if we are using host WEP */
2540 ptr = hw->txbuff.txfrm.data;
2541 if (p80211_wep->data) {
2542 memcpy(ptr, p80211_wep->iv, sizeof(p80211_wep->iv));
2543 ptr += sizeof(p80211_wep->iv);
2544 memcpy(ptr, p80211_wep->data, skb->len);
2546 memcpy(ptr, skb->data, skb->len);
2548 /* copy over the packet data */
2551 /* copy over the WEP ICV if we are using host WEP */
2552 if (p80211_wep->data)
2553 memcpy(ptr, p80211_wep->icv, sizeof(p80211_wep->icv));
2555 /* Send the USB packet */
2556 usb_fill_bulk_urb(&hw->tx_urb, hw->usb,
2558 &hw->txbuff, ROUNDUP64(usbpktlen),
2559 hfa384x_usbout_callback, hw->wlandev);
2560 hw->tx_urb.transfer_flags |= USB_QUEUE_BULK;
2563 ret = submit_tx_urb(hw, &hw->tx_urb, GFP_ATOMIC);
2565 netdev_err(hw->wlandev->netdev,
2566 "submit_tx_urb() failed, error=%d\n", ret);
2574 void hfa384x_tx_timeout(struct wlandevice *wlandev)
2576 struct hfa384x *hw = wlandev->priv;
2577 unsigned long flags;
2579 spin_lock_irqsave(&hw->ctlxq.lock, flags);
2581 if (!hw->wlandev->hwremoved) {
2584 sched = !test_and_set_bit(WORK_TX_HALT, &hw->usb_flags);
2585 sched |= !test_and_set_bit(WORK_RX_HALT, &hw->usb_flags);
2587 schedule_work(&hw->usb_work);
2590 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
2593 /*----------------------------------------------------------------
2594 * hfa384x_usbctlx_reaper_task
2596 * Tasklet to delete dead CTLX objects
2599 * data ptr to a struct hfa384x
2605 *----------------------------------------------------------------
2607 static void hfa384x_usbctlx_reaper_task(unsigned long data)
2609 struct hfa384x *hw = (struct hfa384x *)data;
2610 struct hfa384x_usbctlx *ctlx, *temp;
2611 unsigned long flags;
2613 spin_lock_irqsave(&hw->ctlxq.lock, flags);
2615 /* This list is guaranteed to be empty if someone
2616 * has unplugged the adapter.
2618 list_for_each_entry_safe(ctlx, temp, &hw->ctlxq.reapable, list) {
2619 list_del(&ctlx->list);
2623 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
2626 /*----------------------------------------------------------------
2627 * hfa384x_usbctlx_completion_task
2629 * Tasklet to call completion handlers for returned CTLXs
2632 * data ptr to struct hfa384x
2639 *----------------------------------------------------------------
2641 static void hfa384x_usbctlx_completion_task(unsigned long data)
2643 struct hfa384x *hw = (struct hfa384x *)data;
2644 struct hfa384x_usbctlx *ctlx, *temp;
2645 unsigned long flags;
2649 spin_lock_irqsave(&hw->ctlxq.lock, flags);
2651 /* This list is guaranteed to be empty if someone
2652 * has unplugged the adapter ...
2654 list_for_each_entry_safe(ctlx, temp, &hw->ctlxq.completing, list) {
2655 /* Call the completion function that this
2656 * command was assigned, assuming it has one.
2659 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
2660 ctlx->cmdcb(hw, ctlx);
2661 spin_lock_irqsave(&hw->ctlxq.lock, flags);
2663 /* Make sure we don't try and complete
2664 * this CTLX more than once!
2668 /* Did someone yank the adapter out
2669 * while our list was (briefly) unlocked?
2671 if (hw->wlandev->hwremoved) {
2678 * "Reapable" CTLXs are ones which don't have any
2679 * threads waiting for them to die. Hence they must
2680 * be delivered to The Reaper!
2682 if (ctlx->reapable) {
2683 /* Move the CTLX off the "completing" list (hopefully)
2684 * on to the "reapable" list where the reaper task
2685 * can find it. And "reapable" means that this CTLX
2686 * isn't sitting on a wait-queue somewhere.
2688 list_move_tail(&ctlx->list, &hw->ctlxq.reapable);
2692 complete(&ctlx->done);
2694 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
2697 tasklet_schedule(&hw->reaper_bh);
2700 /*----------------------------------------------------------------
2701 * unlocked_usbctlx_cancel_async
2703 * Mark the CTLX dead asynchronously, and ensure that the
2704 * next command on the queue is run afterwards.
2707 * hw ptr to the struct hfa384x structure
2708 * ctlx ptr to a CTLX structure
2711 * 0 the CTLX's URB is inactive
2712 * -EINPROGRESS the URB is currently being unlinked
2715 * Either process or interrupt, but presumably interrupt
2716 *----------------------------------------------------------------
2718 static int unlocked_usbctlx_cancel_async(struct hfa384x *hw,
2719 struct hfa384x_usbctlx *ctlx)
2724 * Try to delete the URB containing our request packet.
2725 * If we succeed, then its completion handler will be
2726 * called with a status of -ECONNRESET.
2728 hw->ctlx_urb.transfer_flags |= URB_ASYNC_UNLINK;
2729 ret = usb_unlink_urb(&hw->ctlx_urb);
2731 if (ret != -EINPROGRESS) {
2733 * The OUT URB had either already completed
2734 * or was still in the pending queue, so the
2735 * URB's completion function will not be called.
2736 * We will have to complete the CTLX ourselves.
2738 ctlx->state = CTLX_REQ_FAILED;
2739 unlocked_usbctlx_complete(hw, ctlx);
2746 /*----------------------------------------------------------------
2747 * unlocked_usbctlx_complete
2749 * A CTLX has completed. It may have been successful, it may not
2750 * have been. At this point, the CTLX should be quiescent. The URBs
2751 * aren't active and the timers should have been stopped.
2753 * The CTLX is migrated to the "completing" queue, and the completing
2754 * tasklet is scheduled.
2757 * hw ptr to a struct hfa384x structure
2758 * ctlx ptr to a ctlx structure
2766 * Either, assume interrupt
2767 *----------------------------------------------------------------
2769 static void unlocked_usbctlx_complete(struct hfa384x *hw,
2770 struct hfa384x_usbctlx *ctlx)
2772 /* Timers have been stopped, and ctlx should be in
2773 * a terminal state. Retire it from the "active"
2776 list_move_tail(&ctlx->list, &hw->ctlxq.completing);
2777 tasklet_schedule(&hw->completion_bh);
2779 switch (ctlx->state) {
2781 case CTLX_REQ_FAILED:
2782 /* This are the correct terminating states. */
2786 netdev_err(hw->wlandev->netdev, "CTLX[%d] not in a terminating state(%s)\n",
2787 le16_to_cpu(ctlx->outbuf.type),
2788 ctlxstr(ctlx->state));
2793 /*----------------------------------------------------------------
2794 * hfa384x_usbctlxq_run
2796 * Checks to see if the head item is running. If not, starts it.
2799 * hw ptr to struct hfa384x
2808 *----------------------------------------------------------------
2810 static void hfa384x_usbctlxq_run(struct hfa384x *hw)
2812 unsigned long flags;
2815 spin_lock_irqsave(&hw->ctlxq.lock, flags);
2817 /* Only one active CTLX at any one time, because there's no
2818 * other (reliable) way to match the response URB to the
2821 * Don't touch any of these CTLXs if the hardware
2822 * has been removed or the USB subsystem is stalled.
2824 if (!list_empty(&hw->ctlxq.active) ||
2825 test_bit(WORK_TX_HALT, &hw->usb_flags) || hw->wlandev->hwremoved)
2828 while (!list_empty(&hw->ctlxq.pending)) {
2829 struct hfa384x_usbctlx *head;
2832 /* This is the first pending command */
2833 head = list_entry(hw->ctlxq.pending.next,
2834 struct hfa384x_usbctlx, list);
2836 /* We need to split this off to avoid a race condition */
2837 list_move_tail(&head->list, &hw->ctlxq.active);
2839 /* Fill the out packet */
2840 usb_fill_bulk_urb(&hw->ctlx_urb, hw->usb,
2842 &head->outbuf, ROUNDUP64(head->outbufsize),
2843 hfa384x_ctlxout_callback, hw);
2844 hw->ctlx_urb.transfer_flags |= USB_QUEUE_BULK;
2846 /* Now submit the URB and update the CTLX's state */
2847 result = usb_submit_urb(&hw->ctlx_urb, GFP_ATOMIC);
2849 /* This CTLX is now running on the active queue */
2850 head->state = CTLX_REQ_SUBMITTED;
2852 /* Start the OUT wait timer */
2853 hw->req_timer_done = 0;
2854 hw->reqtimer.expires = jiffies + HZ;
2855 add_timer(&hw->reqtimer);
2857 /* Start the IN wait timer */
2858 hw->resp_timer_done = 0;
2859 hw->resptimer.expires = jiffies + 2 * HZ;
2860 add_timer(&hw->resptimer);
2865 if (result == -EPIPE) {
2866 /* The OUT pipe needs resetting, so put
2867 * this CTLX back in the "pending" queue
2868 * and schedule a reset ...
2870 netdev_warn(hw->wlandev->netdev,
2871 "%s tx pipe stalled: requesting reset\n",
2872 hw->wlandev->netdev->name);
2873 list_move(&head->list, &hw->ctlxq.pending);
2874 set_bit(WORK_TX_HALT, &hw->usb_flags);
2875 schedule_work(&hw->usb_work);
2879 if (result == -ESHUTDOWN) {
2880 netdev_warn(hw->wlandev->netdev, "%s urb shutdown!\n",
2881 hw->wlandev->netdev->name);
2885 netdev_err(hw->wlandev->netdev, "Failed to submit CTLX[%d]: error=%d\n",
2886 le16_to_cpu(head->outbuf.type), result);
2887 unlocked_usbctlx_complete(hw, head);
2891 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
2894 /*----------------------------------------------------------------
2895 * hfa384x_usbin_callback
2897 * Callback for URBs on the BULKIN endpoint.
2900 * urb ptr to the completed urb
2909 *----------------------------------------------------------------
2911 static void hfa384x_usbin_callback(struct urb *urb)
2913 struct wlandevice *wlandev = urb->context;
2915 union hfa384x_usbin *usbin;
2916 struct sk_buff *skb = NULL;
2927 if (!wlandev || !wlandev->netdev || wlandev->hwremoved)
2934 skb = hw->rx_urb_skb;
2935 if (!skb || (skb->data != urb->transfer_buffer)) {
2940 hw->rx_urb_skb = NULL;
2942 /* Check for error conditions within the URB */
2943 switch (urb->status) {
2947 /* Check for short packet */
2948 if (urb->actual_length == 0) {
2949 wlandev->netdev->stats.rx_errors++;
2950 wlandev->netdev->stats.rx_length_errors++;
2956 netdev_warn(hw->wlandev->netdev, "%s rx pipe stalled: requesting reset\n",
2957 wlandev->netdev->name);
2958 if (!test_and_set_bit(WORK_RX_HALT, &hw->usb_flags))
2959 schedule_work(&hw->usb_work);
2960 wlandev->netdev->stats.rx_errors++;
2967 if (!test_and_set_bit(THROTTLE_RX, &hw->usb_flags) &&
2968 !timer_pending(&hw->throttle)) {
2969 mod_timer(&hw->throttle, jiffies + THROTTLE_JIFFIES);
2971 wlandev->netdev->stats.rx_errors++;
2976 wlandev->netdev->stats.rx_over_errors++;
2982 pr_debug("status=%d, device removed.\n", urb->status);
2988 pr_debug("status=%d, urb explicitly unlinked.\n", urb->status);
2993 pr_debug("urb status=%d, transfer flags=0x%x\n",
2994 urb->status, urb->transfer_flags);
2995 wlandev->netdev->stats.rx_errors++;
3000 /* Save values from the RX URB before reposting overwrites it. */
3001 urb_status = urb->status;
3002 usbin = (union hfa384x_usbin *)urb->transfer_buffer;
3004 if (action != ABORT) {
3005 /* Repost the RX URB */
3006 result = submit_rx_urb(hw, GFP_ATOMIC);
3009 netdev_err(hw->wlandev->netdev,
3010 "Fatal, failed to resubmit rx_urb. error=%d\n",
3015 /* Handle any USB-IN packet */
3016 /* Note: the check of the sw_support field, the type field doesn't
3017 * have bit 12 set like the docs suggest.
3019 type = le16_to_cpu(usbin->type);
3020 if (HFA384x_USB_ISRXFRM(type)) {
3021 if (action == HANDLE) {
3022 if (usbin->txfrm.desc.sw_support == 0x0123) {
3023 hfa384x_usbin_txcompl(wlandev, usbin);
3025 skb_put(skb, sizeof(*usbin));
3026 hfa384x_usbin_rx(wlandev, skb);
3032 if (HFA384x_USB_ISTXFRM(type)) {
3033 if (action == HANDLE)
3034 hfa384x_usbin_txcompl(wlandev, usbin);
3038 case HFA384x_USB_INFOFRM:
3039 if (action == ABORT)
3041 if (action == HANDLE)
3042 hfa384x_usbin_info(wlandev, usbin);
3045 case HFA384x_USB_CMDRESP:
3046 case HFA384x_USB_WRIDRESP:
3047 case HFA384x_USB_RRIDRESP:
3048 case HFA384x_USB_WMEMRESP:
3049 case HFA384x_USB_RMEMRESP:
3050 /* ALWAYS, ALWAYS, ALWAYS handle this CTLX!!!! */
3051 hfa384x_usbin_ctlx(hw, usbin, urb_status);
3054 case HFA384x_USB_BUFAVAIL:
3055 pr_debug("Received BUFAVAIL packet, frmlen=%d\n",
3056 usbin->bufavail.frmlen);
3059 case HFA384x_USB_ERROR:
3060 pr_debug("Received USB_ERROR packet, errortype=%d\n",
3061 usbin->usberror.errortype);
3065 pr_debug("Unrecognized USBIN packet, type=%x, status=%d\n",
3066 usbin->type, urb_status);
3076 /*----------------------------------------------------------------
3077 * hfa384x_usbin_ctlx
3079 * We've received a URB containing a Prism2 "response" message.
3080 * This message needs to be matched up with a CTLX on the active
3081 * queue and our state updated accordingly.
3084 * hw ptr to struct hfa384x
3085 * usbin ptr to USB IN packet
3086 * urb_status status of this Bulk-In URB
3095 *----------------------------------------------------------------
3097 static void hfa384x_usbin_ctlx(struct hfa384x *hw, union hfa384x_usbin *usbin,
3100 struct hfa384x_usbctlx *ctlx;
3102 unsigned long flags;
3105 spin_lock_irqsave(&hw->ctlxq.lock, flags);
3107 /* There can be only one CTLX on the active queue
3108 * at any one time, and this is the CTLX that the
3109 * timers are waiting for.
3111 if (list_empty(&hw->ctlxq.active))
3114 /* Remove the "response timeout". It's possible that
3115 * we are already too late, and that the timeout is
3116 * already running. And that's just too bad for us,
3117 * because we could lose our CTLX from the active
3120 if (del_timer(&hw->resptimer) == 0) {
3121 if (hw->resp_timer_done == 0) {
3122 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
3126 hw->resp_timer_done = 1;
3129 ctlx = get_active_ctlx(hw);
3131 if (urb_status != 0) {
3133 * Bad CTLX, so get rid of it. But we only
3134 * remove it from the active queue if we're no
3135 * longer expecting the OUT URB to complete.
3137 if (unlocked_usbctlx_cancel_async(hw, ctlx) == 0)
3140 const __le16 intype = (usbin->type & ~cpu_to_le16(0x8000));
3143 * Check that our message is what we're expecting ...
3145 if (ctlx->outbuf.type != intype) {
3146 netdev_warn(hw->wlandev->netdev,
3147 "Expected IN[%d], received IN[%d] - ignored.\n",
3148 le16_to_cpu(ctlx->outbuf.type),
3149 le16_to_cpu(intype));
3153 /* This URB has succeeded, so grab the data ... */
3154 memcpy(&ctlx->inbuf, usbin, sizeof(ctlx->inbuf));
3156 switch (ctlx->state) {
3157 case CTLX_REQ_SUBMITTED:
3159 * We have received our response URB before
3160 * our request has been acknowledged. Odd,
3161 * but our OUT URB is still alive...
3163 pr_debug("Causality violation: please reboot Universe\n");
3164 ctlx->state = CTLX_RESP_COMPLETE;
3167 case CTLX_REQ_COMPLETE:
3169 * This is the usual path: our request
3170 * has already been acknowledged, and
3171 * now we have received the reply too.
3173 ctlx->state = CTLX_COMPLETE;
3174 unlocked_usbctlx_complete(hw, ctlx);
3180 * Throw this CTLX away ...
3182 netdev_err(hw->wlandev->netdev,
3183 "Matched IN URB, CTLX[%d] in invalid state(%s). Discarded.\n",
3184 le16_to_cpu(ctlx->outbuf.type),
3185 ctlxstr(ctlx->state));
3186 if (unlocked_usbctlx_cancel_async(hw, ctlx) == 0)
3193 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
3196 hfa384x_usbctlxq_run(hw);
3199 /*----------------------------------------------------------------
3200 * hfa384x_usbin_txcompl
3202 * At this point we have the results of a previous transmit.
3205 * wlandev wlan device
3206 * usbin ptr to the usb transfer buffer
3215 *----------------------------------------------------------------
3217 static void hfa384x_usbin_txcompl(struct wlandevice *wlandev,
3218 union hfa384x_usbin *usbin)
3222 status = le16_to_cpu(usbin->type); /* yeah I know it says type... */
3224 /* Was there an error? */
3225 if (HFA384x_TXSTATUS_ISERROR(status))
3226 prism2sta_ev_txexc(wlandev, status);
3228 prism2sta_ev_tx(wlandev, status);
3231 /*----------------------------------------------------------------
3234 * At this point we have a successful received a rx frame packet.
3237 * wlandev wlan device
3238 * usbin ptr to the usb transfer buffer
3247 *----------------------------------------------------------------
3249 static void hfa384x_usbin_rx(struct wlandevice *wlandev, struct sk_buff *skb)
3251 union hfa384x_usbin *usbin = (union hfa384x_usbin *)skb->data;
3252 struct hfa384x *hw = wlandev->priv;
3254 struct p80211_rxmeta *rxmeta;
3258 /* Byte order convert once up front. */
3259 le16_to_cpus(&usbin->rxfrm.desc.status);
3260 le32_to_cpus(&usbin->rxfrm.desc.time);
3262 /* Now handle frame based on port# */
3263 switch (HFA384x_RXSTATUS_MACPORT_GET(usbin->rxfrm.desc.status)) {
3265 fc = le16_to_cpu(usbin->rxfrm.desc.frame_control);
3267 /* If exclude and we receive an unencrypted, drop it */
3268 if ((wlandev->hostwep & HOSTWEP_EXCLUDEUNENCRYPTED) &&
3269 !WLAN_GET_FC_ISWEP(fc)) {
3273 data_len = le16_to_cpu(usbin->rxfrm.desc.data_len);
3275 /* How much header data do we have? */
3276 hdrlen = p80211_headerlen(fc);
3278 /* Pull off the descriptor */
3279 skb_pull(skb, sizeof(struct hfa384x_rx_frame));
3281 /* Now shunt the header block up against the data block
3282 * with an "overlapping" copy
3284 memmove(skb_push(skb, hdrlen),
3285 &usbin->rxfrm.desc.frame_control, hdrlen);
3287 skb->dev = wlandev->netdev;
3289 /* And set the frame length properly */
3290 skb_trim(skb, data_len + hdrlen);
3292 /* The prism2 series does not return the CRC */
3293 memset(skb_put(skb, WLAN_CRC_LEN), 0xff, WLAN_CRC_LEN);
3295 skb_reset_mac_header(skb);
3297 /* Attach the rxmeta, set some stuff */
3298 p80211skb_rxmeta_attach(wlandev, skb);
3299 rxmeta = p80211skb_rxmeta(skb);
3300 rxmeta->mactime = usbin->rxfrm.desc.time;
3301 rxmeta->rxrate = usbin->rxfrm.desc.rate;
3302 rxmeta->signal = usbin->rxfrm.desc.signal - hw->dbmadjust;
3303 rxmeta->noise = usbin->rxfrm.desc.silence - hw->dbmadjust;
3305 p80211netdev_rx(wlandev, skb);
3310 if (!HFA384x_RXSTATUS_ISFCSERR(usbin->rxfrm.desc.status)) {
3311 /* Copy to wlansnif skb */
3312 hfa384x_int_rxmonitor(wlandev, &usbin->rxfrm);
3315 pr_debug("Received monitor frame: FCSerr set\n");
3320 netdev_warn(hw->wlandev->netdev, "Received frame on unsupported port=%d\n",
3321 HFA384x_RXSTATUS_MACPORT_GET(usbin->rxfrm.desc.status));
3326 /*----------------------------------------------------------------
3327 * hfa384x_int_rxmonitor
3329 * Helper function for int_rx. Handles monitor frames.
3330 * Note that this function allocates space for the FCS and sets it
3331 * to 0xffffffff. The hfa384x doesn't give us the FCS value but the
3332 * higher layers expect it. 0xffffffff is used as a flag to indicate
3336 * wlandev wlan device structure
3337 * rxfrm rx descriptor read from card in int_rx
3343 * Allocates an skb and passes it up via the PF_PACKET interface.
3346 *----------------------------------------------------------------
3348 static void hfa384x_int_rxmonitor(struct wlandevice *wlandev,
3349 struct hfa384x_usb_rxfrm *rxfrm)
3351 struct hfa384x_rx_frame *rxdesc = &rxfrm->desc;
3352 unsigned int hdrlen = 0;
3353 unsigned int datalen = 0;
3354 unsigned int skblen = 0;
3357 struct sk_buff *skb;
3358 struct hfa384x *hw = wlandev->priv;
3360 /* Remember the status, time, and data_len fields are in host order */
3361 /* Figure out how big the frame is */
3362 fc = le16_to_cpu(rxdesc->frame_control);
3363 hdrlen = p80211_headerlen(fc);
3364 datalen = le16_to_cpu(rxdesc->data_len);
3366 /* Allocate an ind message+framesize skb */
3367 skblen = sizeof(struct p80211_caphdr) + hdrlen + datalen + WLAN_CRC_LEN;
3369 /* sanity check the length */
3371 (sizeof(struct p80211_caphdr) +
3372 WLAN_HDR_A4_LEN + WLAN_DATA_MAXLEN + WLAN_CRC_LEN)) {
3373 pr_debug("overlen frm: len=%zd\n",
3374 skblen - sizeof(struct p80211_caphdr));
3377 skb = dev_alloc_skb(skblen);
3381 /* only prepend the prism header if in the right mode */
3382 if ((wlandev->netdev->type == ARPHRD_IEEE80211_PRISM) &&
3383 (hw->sniffhdr != 0)) {
3384 struct p80211_caphdr *caphdr;
3385 /* The NEW header format! */
3386 datap = skb_put(skb, sizeof(struct p80211_caphdr));
3387 caphdr = (struct p80211_caphdr *)datap;
3389 caphdr->version = htonl(P80211CAPTURE_VERSION);
3390 caphdr->length = htonl(sizeof(struct p80211_caphdr));
3391 caphdr->mactime = __cpu_to_be64(rxdesc->time * 1000);
3392 caphdr->hosttime = __cpu_to_be64(jiffies);
3393 caphdr->phytype = htonl(4); /* dss_dot11_b */
3394 caphdr->channel = htonl(hw->sniff_channel);
3395 caphdr->datarate = htonl(rxdesc->rate);
3396 caphdr->antenna = htonl(0); /* unknown */
3397 caphdr->priority = htonl(0); /* unknown */
3398 caphdr->ssi_type = htonl(3); /* rssi_raw */
3399 caphdr->ssi_signal = htonl(rxdesc->signal);
3400 caphdr->ssi_noise = htonl(rxdesc->silence);
3401 caphdr->preamble = htonl(0); /* unknown */
3402 caphdr->encoding = htonl(1); /* cck */
3405 /* Copy the 802.11 header to the skb
3406 * (ctl frames may be less than a full header)
3408 skb_put_data(skb, &rxdesc->frame_control, hdrlen);
3410 /* If any, copy the data from the card to the skb */
3412 datap = skb_put_data(skb, rxfrm->data, datalen);
3414 /* check for unencrypted stuff if WEP bit set. */
3415 if (*(datap - hdrlen + 1) & 0x40) /* wep set */
3416 if ((*(datap) == 0xaa) && (*(datap + 1) == 0xaa))
3417 /* clear wep; it's the 802.2 header! */
3418 *(datap - hdrlen + 1) &= 0xbf;
3421 if (hw->sniff_fcs) {
3423 datap = skb_put(skb, WLAN_CRC_LEN);
3424 memset(datap, 0xff, WLAN_CRC_LEN);
3427 /* pass it back up */
3428 p80211netdev_rx(wlandev, skb);
3431 /*----------------------------------------------------------------
3432 * hfa384x_usbin_info
3434 * At this point we have a successful received a Prism2 info frame.
3437 * wlandev wlan device
3438 * usbin ptr to the usb transfer buffer
3447 *----------------------------------------------------------------
3449 static void hfa384x_usbin_info(struct wlandevice *wlandev,
3450 union hfa384x_usbin *usbin)
3452 le16_to_cpus(&usbin->infofrm.info.framelen);
3453 prism2sta_ev_info(wlandev, &usbin->infofrm.info);
3456 /*----------------------------------------------------------------
3457 * hfa384x_usbout_callback
3459 * Callback for URBs on the BULKOUT endpoint.
3462 * urb ptr to the completed urb
3471 *----------------------------------------------------------------
3473 static void hfa384x_usbout_callback(struct urb *urb)
3475 struct wlandevice *wlandev = urb->context;
3481 if (wlandev && wlandev->netdev) {
3482 switch (urb->status) {
3484 prism2sta_ev_alloc(wlandev);
3488 struct hfa384x *hw = wlandev->priv;
3490 netdev_warn(hw->wlandev->netdev,
3491 "%s tx pipe stalled: requesting reset\n",
3492 wlandev->netdev->name);
3493 if (!test_and_set_bit(WORK_TX_HALT, &hw->usb_flags))
3494 schedule_work(&hw->usb_work);
3495 wlandev->netdev->stats.tx_errors++;
3502 struct hfa384x *hw = wlandev->priv;
3504 if (!test_and_set_bit(THROTTLE_TX, &hw->usb_flags) &&
3505 !timer_pending(&hw->throttle)) {
3506 mod_timer(&hw->throttle,
3507 jiffies + THROTTLE_JIFFIES);
3509 wlandev->netdev->stats.tx_errors++;
3510 netif_stop_queue(wlandev->netdev);
3516 /* Ignorable errors */
3520 netdev_info(wlandev->netdev, "unknown urb->status=%d\n",
3522 wlandev->netdev->stats.tx_errors++;
3528 /*----------------------------------------------------------------
3529 * hfa384x_ctlxout_callback
3531 * Callback for control data on the BULKOUT endpoint.
3534 * urb ptr to the completed urb
3543 *----------------------------------------------------------------
3545 static void hfa384x_ctlxout_callback(struct urb *urb)
3547 struct hfa384x *hw = urb->context;
3548 int delete_resptimer = 0;
3551 struct hfa384x_usbctlx *ctlx;
3552 unsigned long flags;
3554 pr_debug("urb->status=%d\n", urb->status);
3558 if ((urb->status == -ESHUTDOWN) ||
3559 (urb->status == -ENODEV) || !hw)
3563 spin_lock_irqsave(&hw->ctlxq.lock, flags);
3566 * Only one CTLX at a time on the "active" list, and
3567 * none at all if we are unplugged. However, we can
3568 * rely on the disconnect function to clean everything
3569 * up if someone unplugged the adapter.
3571 if (list_empty(&hw->ctlxq.active)) {
3572 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
3577 * Having something on the "active" queue means
3578 * that we have timers to worry about ...
3580 if (del_timer(&hw->reqtimer) == 0) {
3581 if (hw->req_timer_done == 0) {
3583 * This timer was actually running while we
3584 * were trying to delete it. Let it terminate
3585 * gracefully instead.
3587 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
3591 hw->req_timer_done = 1;
3594 ctlx = get_active_ctlx(hw);
3596 if (urb->status == 0) {
3597 /* Request portion of a CTLX is successful */
3598 switch (ctlx->state) {
3599 case CTLX_REQ_SUBMITTED:
3600 /* This OUT-ACK received before IN */
3601 ctlx->state = CTLX_REQ_COMPLETE;
3604 case CTLX_RESP_COMPLETE:
3605 /* IN already received before this OUT-ACK,
3606 * so this command must now be complete.
3608 ctlx->state = CTLX_COMPLETE;
3609 unlocked_usbctlx_complete(hw, ctlx);
3614 /* This is NOT a valid CTLX "success" state! */
3615 netdev_err(hw->wlandev->netdev,
3616 "Illegal CTLX[%d] success state(%s, %d) in OUT URB\n",
3617 le16_to_cpu(ctlx->outbuf.type),
3618 ctlxstr(ctlx->state), urb->status);
3622 /* If the pipe has stalled then we need to reset it */
3623 if ((urb->status == -EPIPE) &&
3624 !test_and_set_bit(WORK_TX_HALT, &hw->usb_flags)) {
3625 netdev_warn(hw->wlandev->netdev,
3626 "%s tx pipe stalled: requesting reset\n",
3627 hw->wlandev->netdev->name);
3628 schedule_work(&hw->usb_work);
3631 /* If someone cancels the OUT URB then its status
3632 * should be either -ECONNRESET or -ENOENT.
3634 ctlx->state = CTLX_REQ_FAILED;
3635 unlocked_usbctlx_complete(hw, ctlx);
3636 delete_resptimer = 1;
3641 if (delete_resptimer) {
3642 timer_ok = del_timer(&hw->resptimer);
3644 hw->resp_timer_done = 1;
3647 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
3649 if (!timer_ok && (hw->resp_timer_done == 0)) {
3650 spin_lock_irqsave(&hw->ctlxq.lock, flags);
3655 hfa384x_usbctlxq_run(hw);
3658 /*----------------------------------------------------------------
3659 * hfa384x_usbctlx_reqtimerfn
3661 * Timer response function for CTLX request timeouts. If this
3662 * function is called, it means that the callback for the OUT
3663 * URB containing a Prism2.x XXX_Request was never called.
3666 * data a ptr to the struct hfa384x
3675 *----------------------------------------------------------------
3677 static void hfa384x_usbctlx_reqtimerfn(struct timer_list *t)
3679 struct hfa384x *hw = from_timer(hw, t, reqtimer);
3680 unsigned long flags;
3682 spin_lock_irqsave(&hw->ctlxq.lock, flags);
3684 hw->req_timer_done = 1;
3686 /* Removing the hardware automatically empties
3687 * the active list ...
3689 if (!list_empty(&hw->ctlxq.active)) {
3691 * We must ensure that our URB is removed from
3692 * the system, if it hasn't already expired.
3694 hw->ctlx_urb.transfer_flags |= URB_ASYNC_UNLINK;
3695 if (usb_unlink_urb(&hw->ctlx_urb) == -EINPROGRESS) {
3696 struct hfa384x_usbctlx *ctlx = get_active_ctlx(hw);
3698 ctlx->state = CTLX_REQ_FAILED;
3700 /* This URB was active, but has now been
3701 * cancelled. It will now have a status of
3702 * -ECONNRESET in the callback function.
3704 * We are cancelling this CTLX, so we're
3705 * not going to need to wait for a response.
3706 * The URB's callback function will check
3707 * that this timer is truly dead.
3709 if (del_timer(&hw->resptimer) != 0)
3710 hw->resp_timer_done = 1;
3714 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
3717 /*----------------------------------------------------------------
3718 * hfa384x_usbctlx_resptimerfn
3720 * Timer response function for CTLX response timeouts. If this
3721 * function is called, it means that the callback for the IN
3722 * URB containing a Prism2.x XXX_Response was never called.
3725 * data a ptr to the struct hfa384x
3734 *----------------------------------------------------------------
3736 static void hfa384x_usbctlx_resptimerfn(struct timer_list *t)
3738 struct hfa384x *hw = from_timer(hw, t, resptimer);
3739 unsigned long flags;
3741 spin_lock_irqsave(&hw->ctlxq.lock, flags);
3743 hw->resp_timer_done = 1;
3745 /* The active list will be empty if the
3746 * adapter has been unplugged ...
3748 if (!list_empty(&hw->ctlxq.active)) {
3749 struct hfa384x_usbctlx *ctlx = get_active_ctlx(hw);
3751 if (unlocked_usbctlx_cancel_async(hw, ctlx) == 0) {
3752 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
3753 hfa384x_usbctlxq_run(hw);
3757 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
3760 /*----------------------------------------------------------------
3761 * hfa384x_usb_throttlefn
3774 *----------------------------------------------------------------
3776 static void hfa384x_usb_throttlefn(struct timer_list *t)
3778 struct hfa384x *hw = from_timer(hw, t, throttle);
3779 unsigned long flags;
3781 spin_lock_irqsave(&hw->ctlxq.lock, flags);
3784 * We need to check BOTH the RX and the TX throttle controls,
3785 * so we use the bitwise OR instead of the logical OR.
3787 pr_debug("flags=0x%lx\n", hw->usb_flags);
3788 if (!hw->wlandev->hwremoved &&
3789 ((test_and_clear_bit(THROTTLE_RX, &hw->usb_flags) &&
3790 !test_and_set_bit(WORK_RX_RESUME, &hw->usb_flags)) |
3791 (test_and_clear_bit(THROTTLE_TX, &hw->usb_flags) &&
3792 !test_and_set_bit(WORK_TX_RESUME, &hw->usb_flags))
3794 schedule_work(&hw->usb_work);
3797 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
3800 /*----------------------------------------------------------------
3801 * hfa384x_usbctlx_submit
3803 * Called from the doxxx functions to submit a CTLX to the queue
3806 * hw ptr to the hw struct
3807 * ctlx ctlx structure to enqueue
3810 * -ENODEV if the adapter is unplugged
3816 * process or interrupt
3817 *----------------------------------------------------------------
3819 static int hfa384x_usbctlx_submit(struct hfa384x *hw,
3820 struct hfa384x_usbctlx *ctlx)
3822 unsigned long flags;
3824 spin_lock_irqsave(&hw->ctlxq.lock, flags);
3826 if (hw->wlandev->hwremoved) {
3827 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
3831 ctlx->state = CTLX_PENDING;
3832 list_add_tail(&ctlx->list, &hw->ctlxq.pending);
3833 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
3834 hfa384x_usbctlxq_run(hw);
3839 /*----------------------------------------------------------------
3840 * hfa384x_isgood_pdrcore
3842 * Quick check of PDR codes.
3845 * pdrcode PDR code number (host order)
3854 *----------------------------------------------------------------
3856 static int hfa384x_isgood_pdrcode(u16 pdrcode)
3859 case HFA384x_PDR_END_OF_PDA:
3860 case HFA384x_PDR_PCB_PARTNUM:
3861 case HFA384x_PDR_PDAVER:
3862 case HFA384x_PDR_NIC_SERIAL:
3863 case HFA384x_PDR_MKK_MEASUREMENTS:
3864 case HFA384x_PDR_NIC_RAMSIZE:
3865 case HFA384x_PDR_MFISUPRANGE:
3866 case HFA384x_PDR_CFISUPRANGE:
3867 case HFA384x_PDR_NICID:
3868 case HFA384x_PDR_MAC_ADDRESS:
3869 case HFA384x_PDR_REGDOMAIN:
3870 case HFA384x_PDR_ALLOWED_CHANNEL:
3871 case HFA384x_PDR_DEFAULT_CHANNEL:
3872 case HFA384x_PDR_TEMPTYPE:
3873 case HFA384x_PDR_IFR_SETTING:
3874 case HFA384x_PDR_RFR_SETTING:
3875 case HFA384x_PDR_HFA3861_BASELINE:
3876 case HFA384x_PDR_HFA3861_SHADOW:
3877 case HFA384x_PDR_HFA3861_IFRF:
3878 case HFA384x_PDR_HFA3861_CHCALSP:
3879 case HFA384x_PDR_HFA3861_CHCALI:
3880 case HFA384x_PDR_3842_NIC_CONFIG:
3881 case HFA384x_PDR_USB_ID:
3882 case HFA384x_PDR_PCI_ID:
3883 case HFA384x_PDR_PCI_IFCONF:
3884 case HFA384x_PDR_PCI_PMCONF:
3885 case HFA384x_PDR_RFENRGY:
3886 case HFA384x_PDR_HFA3861_MANF_TESTSP:
3887 case HFA384x_PDR_HFA3861_MANF_TESTI:
3891 if (pdrcode < 0x1000) {
3892 /* code is OK, but we don't know exactly what it is */
3893 pr_debug("Encountered unknown PDR#=0x%04x, assuming it's ok.\n",
3900 pr_debug("Encountered unknown PDR#=0x%04x, (>=0x1000), assuming it's bad.\n",