dhd_sdio.c revision 086a2e0a63eef367dab9b4499ba0cfe3a309ec94
1/* 2 * Copyright (c) 2010 Broadcom Corporation 3 * 4 * Permission to use, copy, modify, and/or distribute this software for any 5 * purpose with or without fee is hereby granted, provided that the above 6 * copyright notice and this permission notice appear in all copies. 7 * 8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 11 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION 13 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN 14 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 */ 16 17#include <linux/types.h> 18#include <linux/kernel.h> 19#include <linux/kthread.h> 20#include <linux/printk.h> 21#include <linux/pci_ids.h> 22#include <linux/netdevice.h> 23#include <linux/interrupt.h> 24#include <linux/sched.h> 25#include <linux/mmc/sdio.h> 26#include <linux/mmc/sdio_func.h> 27#include <linux/mmc/card.h> 28#include <linux/semaphore.h> 29#include <linux/firmware.h> 30#include <linux/module.h> 31#include <linux/bcma/bcma.h> 32#include <asm/unaligned.h> 33#include <defs.h> 34#include <brcmu_wifi.h> 35#include <brcmu_utils.h> 36#include <brcm_hw_ids.h> 37#include <soc.h> 38#include "sdio_host.h" 39#include "sdio_chip.h" 40 41#define DCMD_RESP_TIMEOUT 2000 /* In milli second */ 42 43#ifdef BCMDBG 44 45#define BRCMF_TRAP_INFO_SIZE 80 46 47#define CBUF_LEN (128) 48 49struct rte_log_le { 50 __le32 buf; /* Can't be pointer on (64-bit) hosts */ 51 __le32 buf_size; 52 __le32 idx; 53 char *_buf_compat; /* Redundant pointer for backward compat. */ 54}; 55 56struct rte_console { 57 /* Virtual UART 58 * When there is no UART (e.g. Quickturn), 59 * the host should write a complete 60 * input line directly into cbuf and then write 61 * the length into vcons_in. 62 * This may also be used when there is a real UART 63 * (at risk of conflicting with 64 * the real UART). vcons_out is currently unused. 65 */ 66 uint vcons_in; 67 uint vcons_out; 68 69 /* Output (logging) buffer 70 * Console output is written to a ring buffer log_buf at index log_idx. 71 * The host may read the output when it sees log_idx advance. 72 * Output will be lost if the output wraps around faster than the host 73 * polls. 74 */ 75 struct rte_log_le log_le; 76 77 /* Console input line buffer 78 * Characters are read one at a time into cbuf 79 * until <CR> is received, then 80 * the buffer is processed as a command line. 81 * Also used for virtual UART. 82 */ 83 uint cbuf_idx; 84 char cbuf[CBUF_LEN]; 85}; 86 87#endif /* BCMDBG */ 88#include <chipcommon.h> 89 90#include "dhd.h" 91#include "dhd_bus.h" 92#include "dhd_proto.h" 93#include "dhd_dbg.h" 94#include <bcmchip.h> 95 96#define TXQLEN 2048 /* bulk tx queue length */ 97#define TXHI (TXQLEN - 256) /* turn on flow control above TXHI */ 98#define TXLOW (TXHI - 256) /* turn off flow control below TXLOW */ 99#define PRIOMASK 7 100 101#define TXRETRIES 2 /* # of retries for tx frames */ 102 103#define BRCMF_RXBOUND 50 /* Default for max rx frames in 104 one scheduling */ 105 106#define BRCMF_TXBOUND 20 /* Default for max tx frames in 107 one scheduling */ 108 109#define BRCMF_TXMINMAX 1 /* Max tx frames if rx still pending */ 110 111#define MEMBLOCK 2048 /* Block size used for downloading 112 of dongle image */ 113#define MAX_DATA_BUF (32 * 1024) /* Must be large enough to hold 114 biggest possible glom */ 115 116#define BRCMF_FIRSTREAD (1 << 6) 117 118 119/* SBSDIO_DEVICE_CTL */ 120 121/* 1: device will assert busy signal when receiving CMD53 */ 122#define SBSDIO_DEVCTL_SETBUSY 0x01 123/* 1: assertion of sdio interrupt is synchronous to the sdio clock */ 124#define SBSDIO_DEVCTL_SPI_INTR_SYNC 0x02 125/* 1: mask all interrupts to host except the chipActive (rev 8) */ 126#define SBSDIO_DEVCTL_CA_INT_ONLY 0x04 127/* 1: isolate internal sdio signals, put external pads in tri-state; requires 128 * sdio bus power cycle to clear (rev 9) */ 129#define SBSDIO_DEVCTL_PADS_ISO 0x08 130/* Force SD->SB reset mapping (rev 11) */ 131#define SBSDIO_DEVCTL_SB_RST_CTL 0x30 132/* Determined by CoreControl bit */ 133#define SBSDIO_DEVCTL_RST_CORECTL 0x00 134/* Force backplane reset */ 135#define SBSDIO_DEVCTL_RST_BPRESET 0x10 136/* Force no backplane reset */ 137#define SBSDIO_DEVCTL_RST_NOBPRESET 0x20 138 139/* direct(mapped) cis space */ 140 141/* MAPPED common CIS address */ 142#define SBSDIO_CIS_BASE_COMMON 0x1000 143/* maximum bytes in one CIS */ 144#define SBSDIO_CIS_SIZE_LIMIT 0x200 145/* cis offset addr is < 17 bits */ 146#define SBSDIO_CIS_OFT_ADDR_MASK 0x1FFFF 147 148/* manfid tuple length, include tuple, link bytes */ 149#define SBSDIO_CIS_MANFID_TUPLE_LEN 6 150 151/* intstatus */ 152#define I_SMB_SW0 (1 << 0) /* To SB Mail S/W interrupt 0 */ 153#define I_SMB_SW1 (1 << 1) /* To SB Mail S/W interrupt 1 */ 154#define I_SMB_SW2 (1 << 2) /* To SB Mail S/W interrupt 2 */ 155#define I_SMB_SW3 (1 << 3) /* To SB Mail S/W interrupt 3 */ 156#define I_SMB_SW_MASK 0x0000000f /* To SB Mail S/W interrupts mask */ 157#define I_SMB_SW_SHIFT 0 /* To SB Mail S/W interrupts shift */ 158#define I_HMB_SW0 (1 << 4) /* To Host Mail S/W interrupt 0 */ 159#define I_HMB_SW1 (1 << 5) /* To Host Mail S/W interrupt 1 */ 160#define I_HMB_SW2 (1 << 6) /* To Host Mail S/W interrupt 2 */ 161#define I_HMB_SW3 (1 << 7) /* To Host Mail S/W interrupt 3 */ 162#define I_HMB_SW_MASK 0x000000f0 /* To Host Mail S/W interrupts mask */ 163#define I_HMB_SW_SHIFT 4 /* To Host Mail S/W interrupts shift */ 164#define I_WR_OOSYNC (1 << 8) /* Write Frame Out Of Sync */ 165#define I_RD_OOSYNC (1 << 9) /* Read Frame Out Of Sync */ 166#define I_PC (1 << 10) /* descriptor error */ 167#define I_PD (1 << 11) /* data error */ 168#define I_DE (1 << 12) /* Descriptor protocol Error */ 169#define I_RU (1 << 13) /* Receive descriptor Underflow */ 170#define I_RO (1 << 14) /* Receive fifo Overflow */ 171#define I_XU (1 << 15) /* Transmit fifo Underflow */ 172#define I_RI (1 << 16) /* Receive Interrupt */ 173#define I_BUSPWR (1 << 17) /* SDIO Bus Power Change (rev 9) */ 174#define I_XMTDATA_AVAIL (1 << 23) /* bits in fifo */ 175#define I_XI (1 << 24) /* Transmit Interrupt */ 176#define I_RF_TERM (1 << 25) /* Read Frame Terminate */ 177#define I_WF_TERM (1 << 26) /* Write Frame Terminate */ 178#define I_PCMCIA_XU (1 << 27) /* PCMCIA Transmit FIFO Underflow */ 179#define I_SBINT (1 << 28) /* sbintstatus Interrupt */ 180#define I_CHIPACTIVE (1 << 29) /* chip from doze to active state */ 181#define I_SRESET (1 << 30) /* CCCR RES interrupt */ 182#define I_IOE2 (1U << 31) /* CCCR IOE2 Bit Changed */ 183#define I_ERRORS (I_PC | I_PD | I_DE | I_RU | I_RO | I_XU) 184#define I_DMA (I_RI | I_XI | I_ERRORS) 185 186/* corecontrol */ 187#define CC_CISRDY (1 << 0) /* CIS Ready */ 188#define CC_BPRESEN (1 << 1) /* CCCR RES signal */ 189#define CC_F2RDY (1 << 2) /* set CCCR IOR2 bit */ 190#define CC_CLRPADSISO (1 << 3) /* clear SDIO pads isolation */ 191#define CC_XMTDATAAVAIL_MODE (1 << 4) 192#define CC_XMTDATAAVAIL_CTRL (1 << 5) 193 194/* SDA_FRAMECTRL */ 195#define SFC_RF_TERM (1 << 0) /* Read Frame Terminate */ 196#define SFC_WF_TERM (1 << 1) /* Write Frame Terminate */ 197#define SFC_CRC4WOOS (1 << 2) /* CRC error for write out of sync */ 198#define SFC_ABORTALL (1 << 3) /* Abort all in-progress frames */ 199 200/* HW frame tag */ 201#define SDPCM_FRAMETAG_LEN 4 /* 2 bytes len, 2 bytes check val */ 202 203/* Total length of frame header for dongle protocol */ 204#define SDPCM_HDRLEN (SDPCM_FRAMETAG_LEN + SDPCM_SWHEADER_LEN) 205#define SDPCM_RESERVE (SDPCM_HDRLEN + BRCMF_SDALIGN) 206 207/* 208 * Software allocation of To SB Mailbox resources 209 */ 210 211/* tosbmailbox bits corresponding to intstatus bits */ 212#define SMB_NAK (1 << 0) /* Frame NAK */ 213#define SMB_INT_ACK (1 << 1) /* Host Interrupt ACK */ 214#define SMB_USE_OOB (1 << 2) /* Use OOB Wakeup */ 215#define SMB_DEV_INT (1 << 3) /* Miscellaneous Interrupt */ 216 217/* tosbmailboxdata */ 218#define SMB_DATA_VERSION_SHIFT 16 /* host protocol version */ 219 220/* 221 * Software allocation of To Host Mailbox resources 222 */ 223 224/* intstatus bits */ 225#define I_HMB_FC_STATE I_HMB_SW0 /* Flow Control State */ 226#define I_HMB_FC_CHANGE I_HMB_SW1 /* Flow Control State Changed */ 227#define I_HMB_FRAME_IND I_HMB_SW2 /* Frame Indication */ 228#define I_HMB_HOST_INT I_HMB_SW3 /* Miscellaneous Interrupt */ 229 230/* tohostmailboxdata */ 231#define HMB_DATA_NAKHANDLED 1 /* retransmit NAK'd frame */ 232#define HMB_DATA_DEVREADY 2 /* talk to host after enable */ 233#define HMB_DATA_FC 4 /* per prio flowcontrol update flag */ 234#define HMB_DATA_FWREADY 8 /* fw ready for protocol activity */ 235 236#define HMB_DATA_FCDATA_MASK 0xff000000 237#define HMB_DATA_FCDATA_SHIFT 24 238 239#define HMB_DATA_VERSION_MASK 0x00ff0000 240#define HMB_DATA_VERSION_SHIFT 16 241 242/* 243 * Software-defined protocol header 244 */ 245 246/* Current protocol version */ 247#define SDPCM_PROT_VERSION 4 248 249/* SW frame header */ 250#define SDPCM_PACKET_SEQUENCE(p) (((u8 *)p)[0] & 0xff) 251 252#define SDPCM_CHANNEL_MASK 0x00000f00 253#define SDPCM_CHANNEL_SHIFT 8 254#define SDPCM_PACKET_CHANNEL(p) (((u8 *)p)[1] & 0x0f) 255 256#define SDPCM_NEXTLEN_OFFSET 2 257 258/* Data Offset from SOF (HW Tag, SW Tag, Pad) */ 259#define SDPCM_DOFFSET_OFFSET 3 /* Data Offset */ 260#define SDPCM_DOFFSET_VALUE(p) (((u8 *)p)[SDPCM_DOFFSET_OFFSET] & 0xff) 261#define SDPCM_DOFFSET_MASK 0xff000000 262#define SDPCM_DOFFSET_SHIFT 24 263#define SDPCM_FCMASK_OFFSET 4 /* Flow control */ 264#define SDPCM_FCMASK_VALUE(p) (((u8 *)p)[SDPCM_FCMASK_OFFSET] & 0xff) 265#define SDPCM_WINDOW_OFFSET 5 /* Credit based fc */ 266#define SDPCM_WINDOW_VALUE(p) (((u8 *)p)[SDPCM_WINDOW_OFFSET] & 0xff) 267 268#define SDPCM_SWHEADER_LEN 8 /* SW header is 64 bits */ 269 270/* logical channel numbers */ 271#define SDPCM_CONTROL_CHANNEL 0 /* Control channel Id */ 272#define SDPCM_EVENT_CHANNEL 1 /* Asyc Event Indication Channel Id */ 273#define SDPCM_DATA_CHANNEL 2 /* Data Xmit/Recv Channel Id */ 274#define SDPCM_GLOM_CHANNEL 3 /* For coalesced packets */ 275#define SDPCM_TEST_CHANNEL 15 /* Reserved for test/debug packets */ 276 277#define SDPCM_SEQUENCE_WRAP 256 /* wrap-around val for 8bit frame seq */ 278 279#define SDPCM_GLOMDESC(p) (((u8 *)p)[1] & 0x80) 280 281/* 282 * Shared structure between dongle and the host. 283 * The structure contains pointers to trap or assert information. 284 */ 285#define SDPCM_SHARED_VERSION 0x0002 286#define SDPCM_SHARED_VERSION_MASK 0x00FF 287#define SDPCM_SHARED_ASSERT_BUILT 0x0100 288#define SDPCM_SHARED_ASSERT 0x0200 289#define SDPCM_SHARED_TRAP 0x0400 290 291/* Space for header read, limit for data packets */ 292#define MAX_HDR_READ (1 << 6) 293#define MAX_RX_DATASZ 2048 294 295/* Maximum milliseconds to wait for F2 to come up */ 296#define BRCMF_WAIT_F2RDY 3000 297 298/* Bump up limit on waiting for HT to account for first startup; 299 * if the image is doing a CRC calculation before programming the PMU 300 * for HT availability, it could take a couple hundred ms more, so 301 * max out at a 1 second (1000000us). 302 */ 303#undef PMU_MAX_TRANSITION_DLY 304#define PMU_MAX_TRANSITION_DLY 1000000 305 306/* Value for ChipClockCSR during initial setup */ 307#define BRCMF_INIT_CLKCTL1 (SBSDIO_FORCE_HW_CLKREQ_OFF | \ 308 SBSDIO_ALP_AVAIL_REQ) 309 310/* Flags for SDH calls */ 311#define F2SYNC (SDIO_REQ_4BYTE | SDIO_REQ_FIXED) 312 313/* 314 * Conversion of 802.1D priority to precedence level 315 */ 316static uint prio2prec(u32 prio) 317{ 318 return (prio == PRIO_8021D_NONE || prio == PRIO_8021D_BE) ? 319 (prio^2) : prio; 320} 321 322/* core registers */ 323struct sdpcmd_regs { 324 u32 corecontrol; /* 0x00, rev8 */ 325 u32 corestatus; /* rev8 */ 326 u32 PAD[1]; 327 u32 biststatus; /* rev8 */ 328 329 /* PCMCIA access */ 330 u16 pcmciamesportaladdr; /* 0x010, rev8 */ 331 u16 PAD[1]; 332 u16 pcmciamesportalmask; /* rev8 */ 333 u16 PAD[1]; 334 u16 pcmciawrframebc; /* rev8 */ 335 u16 PAD[1]; 336 u16 pcmciaunderflowtimer; /* rev8 */ 337 u16 PAD[1]; 338 339 /* interrupt */ 340 u32 intstatus; /* 0x020, rev8 */ 341 u32 hostintmask; /* rev8 */ 342 u32 intmask; /* rev8 */ 343 u32 sbintstatus; /* rev8 */ 344 u32 sbintmask; /* rev8 */ 345 u32 funcintmask; /* rev4 */ 346 u32 PAD[2]; 347 u32 tosbmailbox; /* 0x040, rev8 */ 348 u32 tohostmailbox; /* rev8 */ 349 u32 tosbmailboxdata; /* rev8 */ 350 u32 tohostmailboxdata; /* rev8 */ 351 352 /* synchronized access to registers in SDIO clock domain */ 353 u32 sdioaccess; /* 0x050, rev8 */ 354 u32 PAD[3]; 355 356 /* PCMCIA frame control */ 357 u8 pcmciaframectrl; /* 0x060, rev8 */ 358 u8 PAD[3]; 359 u8 pcmciawatermark; /* rev8 */ 360 u8 PAD[155]; 361 362 /* interrupt batching control */ 363 u32 intrcvlazy; /* 0x100, rev8 */ 364 u32 PAD[3]; 365 366 /* counters */ 367 u32 cmd52rd; /* 0x110, rev8 */ 368 u32 cmd52wr; /* rev8 */ 369 u32 cmd53rd; /* rev8 */ 370 u32 cmd53wr; /* rev8 */ 371 u32 abort; /* rev8 */ 372 u32 datacrcerror; /* rev8 */ 373 u32 rdoutofsync; /* rev8 */ 374 u32 wroutofsync; /* rev8 */ 375 u32 writebusy; /* rev8 */ 376 u32 readwait; /* rev8 */ 377 u32 readterm; /* rev8 */ 378 u32 writeterm; /* rev8 */ 379 u32 PAD[40]; 380 u32 clockctlstatus; /* rev8 */ 381 u32 PAD[7]; 382 383 u32 PAD[128]; /* DMA engines */ 384 385 /* SDIO/PCMCIA CIS region */ 386 char cis[512]; /* 0x400-0x5ff, rev6 */ 387 388 /* PCMCIA function control registers */ 389 char pcmciafcr[256]; /* 0x600-6ff, rev6 */ 390 u16 PAD[55]; 391 392 /* PCMCIA backplane access */ 393 u16 backplanecsr; /* 0x76E, rev6 */ 394 u16 backplaneaddr0; /* rev6 */ 395 u16 backplaneaddr1; /* rev6 */ 396 u16 backplaneaddr2; /* rev6 */ 397 u16 backplaneaddr3; /* rev6 */ 398 u16 backplanedata0; /* rev6 */ 399 u16 backplanedata1; /* rev6 */ 400 u16 backplanedata2; /* rev6 */ 401 u16 backplanedata3; /* rev6 */ 402 u16 PAD[31]; 403 404 /* sprom "size" & "blank" info */ 405 u16 spromstatus; /* 0x7BE, rev2 */ 406 u32 PAD[464]; 407 408 u16 PAD[0x80]; 409}; 410 411#ifdef BCMDBG 412/* Device console log buffer state */ 413struct brcmf_console { 414 uint count; /* Poll interval msec counter */ 415 uint log_addr; /* Log struct address (fixed) */ 416 struct rte_log_le log_le; /* Log struct (host copy) */ 417 uint bufsize; /* Size of log buffer */ 418 u8 *buf; /* Log buffer (host copy) */ 419 uint last; /* Last buffer read index */ 420}; 421#endif /* BCMDBG */ 422 423struct sdpcm_shared { 424 u32 flags; 425 u32 trap_addr; 426 u32 assert_exp_addr; 427 u32 assert_file_addr; 428 u32 assert_line; 429 u32 console_addr; /* Address of struct rte_console */ 430 u32 msgtrace_addr; 431 u8 tag[32]; 432}; 433 434struct sdpcm_shared_le { 435 __le32 flags; 436 __le32 trap_addr; 437 __le32 assert_exp_addr; 438 __le32 assert_file_addr; 439 __le32 assert_line; 440 __le32 console_addr; /* Address of struct rte_console */ 441 __le32 msgtrace_addr; 442 u8 tag[32]; 443}; 444 445 446/* misc chip info needed by some of the routines */ 447/* Private data for SDIO bus interaction */ 448struct brcmf_bus { 449 struct brcmf_pub *drvr; 450 451 struct brcmf_sdio_dev *sdiodev; /* sdio device handler */ 452 struct chip_info *ci; /* Chip info struct */ 453 char *vars; /* Variables (from CIS and/or other) */ 454 uint varsz; /* Size of variables buffer */ 455 456 u32 ramsize; /* Size of RAM in SOCRAM (bytes) */ 457 458 u32 hostintmask; /* Copy of Host Interrupt Mask */ 459 u32 intstatus; /* Intstatus bits (events) pending */ 460 bool dpc_sched; /* Indicates DPC schedule (intrpt rcvd) */ 461 bool fcstate; /* State of dongle flow-control */ 462 463 uint blocksize; /* Block size of SDIO transfers */ 464 uint roundup; /* Max roundup limit */ 465 466 struct pktq txq; /* Queue length used for flow-control */ 467 u8 flowcontrol; /* per prio flow control bitmask */ 468 u8 tx_seq; /* Transmit sequence number (next) */ 469 u8 tx_max; /* Maximum transmit sequence allowed */ 470 471 u8 hdrbuf[MAX_HDR_READ + BRCMF_SDALIGN]; 472 u8 *rxhdr; /* Header of current rx frame (in hdrbuf) */ 473 u16 nextlen; /* Next Read Len from last header */ 474 u8 rx_seq; /* Receive sequence number (expected) */ 475 bool rxskip; /* Skip receive (awaiting NAK ACK) */ 476 477 uint rxbound; /* Rx frames to read before resched */ 478 uint txbound; /* Tx frames to send before resched */ 479 uint txminmax; 480 481 struct sk_buff *glomd; /* Packet containing glomming descriptor */ 482 struct sk_buff_head glom; /* Packet list for glommed superframe */ 483 uint glomerr; /* Glom packet read errors */ 484 485 u8 *rxbuf; /* Buffer for receiving control packets */ 486 uint rxblen; /* Allocated length of rxbuf */ 487 u8 *rxctl; /* Aligned pointer into rxbuf */ 488 u8 *databuf; /* Buffer for receiving big glom packet */ 489 u8 *dataptr; /* Aligned pointer into databuf */ 490 uint rxlen; /* Length of valid data in buffer */ 491 492 u8 sdpcm_ver; /* Bus protocol reported by dongle */ 493 494 bool intr; /* Use interrupts */ 495 bool poll; /* Use polling */ 496 bool ipend; /* Device interrupt is pending */ 497 uint intrcount; /* Count of device interrupt callbacks */ 498 uint lastintrs; /* Count as of last watchdog timer */ 499 uint spurious; /* Count of spurious interrupts */ 500 uint pollrate; /* Ticks between device polls */ 501 uint polltick; /* Tick counter */ 502 uint pollcnt; /* Count of active polls */ 503 504#ifdef BCMDBG 505 uint console_interval; 506 struct brcmf_console console; /* Console output polling support */ 507 uint console_addr; /* Console address from shared struct */ 508#endif /* BCMDBG */ 509 510 uint regfails; /* Count of R_REG failures */ 511 512 uint clkstate; /* State of sd and backplane clock(s) */ 513 bool activity; /* Activity flag for clock down */ 514 s32 idletime; /* Control for activity timeout */ 515 s32 idlecount; /* Activity timeout counter */ 516 s32 idleclock; /* How to set bus driver when idle */ 517 s32 sd_rxchain; 518 bool use_rxchain; /* If brcmf should use PKT chains */ 519 bool sleeping; /* Is SDIO bus sleeping? */ 520 bool rxflow_mode; /* Rx flow control mode */ 521 bool rxflow; /* Is rx flow control on */ 522 bool alp_only; /* Don't use HT clock (ALP only) */ 523/* Field to decide if rx of control frames happen in rxbuf or lb-pool */ 524 bool usebufpool; 525 526 /* Some additional counters */ 527 uint tx_sderrs; /* Count of tx attempts with sd errors */ 528 uint fcqueued; /* Tx packets that got queued */ 529 uint rxrtx; /* Count of rtx requests (NAK to dongle) */ 530 uint rx_toolong; /* Receive frames too long to receive */ 531 uint rxc_errors; /* SDIO errors when reading control frames */ 532 uint rx_hdrfail; /* SDIO errors on header reads */ 533 uint rx_badhdr; /* Bad received headers (roosync?) */ 534 uint rx_badseq; /* Mismatched rx sequence number */ 535 uint fc_rcvd; /* Number of flow-control events received */ 536 uint fc_xoff; /* Number which turned on flow-control */ 537 uint fc_xon; /* Number which turned off flow-control */ 538 uint rxglomfail; /* Failed deglom attempts */ 539 uint rxglomframes; /* Number of glom frames (superframes) */ 540 uint rxglompkts; /* Number of packets from glom frames */ 541 uint f2rxhdrs; /* Number of header reads */ 542 uint f2rxdata; /* Number of frame data reads */ 543 uint f2txdata; /* Number of f2 frame writes */ 544 uint f1regdata; /* Number of f1 register accesses */ 545 546 u8 *ctrl_frame_buf; 547 u32 ctrl_frame_len; 548 bool ctrl_frame_stat; 549 550 spinlock_t txqlock; 551 wait_queue_head_t ctrl_wait; 552 wait_queue_head_t dcmd_resp_wait; 553 554 struct timer_list timer; 555 struct completion watchdog_wait; 556 struct task_struct *watchdog_tsk; 557 bool wd_timer_valid; 558 uint save_ms; 559 560 struct task_struct *dpc_tsk; 561 struct completion dpc_wait; 562 563 struct semaphore sdsem; 564 565 const char *fw_name; 566 const struct firmware *firmware; 567 const char *nv_name; 568 u32 fw_ptr; 569}; 570 571/* clkstate */ 572#define CLK_NONE 0 573#define CLK_SDONLY 1 574#define CLK_PENDING 2 /* Not used yet */ 575#define CLK_AVAIL 3 576 577#ifdef BCMDBG 578static int qcount[NUMPRIO]; 579static int tx_packets[NUMPRIO]; 580#endif /* BCMDBG */ 581 582#define SDIO_DRIVE_STRENGTH 6 /* in milliamps */ 583 584#define RETRYCHAN(chan) ((chan) == SDPCM_EVENT_CHANNEL) 585 586/* Retry count for register access failures */ 587static const uint retry_limit = 2; 588 589/* Limit on rounding up frames */ 590static const uint max_roundup = 512; 591 592#define ALIGNMENT 4 593 594static void pkt_align(struct sk_buff *p, int len, int align) 595{ 596 uint datalign; 597 datalign = (unsigned long)(p->data); 598 datalign = roundup(datalign, (align)) - datalign; 599 if (datalign) 600 skb_pull(p, datalign); 601 __skb_trim(p, len); 602} 603 604/* To check if there's window offered */ 605static bool data_ok(struct brcmf_bus *bus) 606{ 607 return (u8)(bus->tx_max - bus->tx_seq) != 0 && 608 ((u8)(bus->tx_max - bus->tx_seq) & 0x80) == 0; 609} 610 611/* 612 * Reads a register in the SDIO hardware block. This block occupies a series of 613 * adresses on the 32 bit backplane bus. 614 */ 615static void 616r_sdreg32(struct brcmf_bus *bus, u32 *regvar, u32 reg_offset, u32 *retryvar) 617{ 618 u8 idx = brcmf_sdio_chip_getinfidx(bus->ci, BCMA_CORE_SDIO_DEV); 619 *retryvar = 0; 620 do { 621 *regvar = brcmf_sdcard_reg_read(bus->sdiodev, 622 bus->ci->c_inf[idx].base + reg_offset, 623 sizeof(u32)); 624 } while (brcmf_sdcard_regfail(bus->sdiodev) && 625 (++(*retryvar) <= retry_limit)); 626 if (*retryvar) { 627 bus->regfails += (*retryvar-1); 628 if (*retryvar > retry_limit) { 629 brcmf_dbg(ERROR, "FAILED READ %Xh\n", reg_offset); 630 *regvar = 0; 631 } 632 } 633} 634 635static void 636w_sdreg32(struct brcmf_bus *bus, u32 regval, u32 reg_offset, u32 *retryvar) 637{ 638 u8 idx = brcmf_sdio_chip_getinfidx(bus->ci, BCMA_CORE_SDIO_DEV); 639 *retryvar = 0; 640 do { 641 brcmf_sdcard_reg_write(bus->sdiodev, 642 bus->ci->c_inf[idx].base + reg_offset, 643 sizeof(u32), regval); 644 } while (brcmf_sdcard_regfail(bus->sdiodev) && 645 (++(*retryvar) <= retry_limit)); 646 if (*retryvar) { 647 bus->regfails += (*retryvar-1); 648 if (*retryvar > retry_limit) 649 brcmf_dbg(ERROR, "FAILED REGISTER WRITE %Xh\n", 650 reg_offset); 651 } 652} 653 654#define PKT_AVAILABLE() (intstatus & I_HMB_FRAME_IND) 655 656#define HOSTINTMASK (I_HMB_SW_MASK | I_CHIPACTIVE) 657 658/* Packet free applicable unconditionally for sdio and sdspi. 659 * Conditional if bufpool was present for gspi bus. 660 */ 661static void brcmf_sdbrcm_pktfree2(struct brcmf_bus *bus, struct sk_buff *pkt) 662{ 663 if (bus->usebufpool) 664 brcmu_pkt_buf_free_skb(pkt); 665} 666 667/* Turn backplane clock on or off */ 668static int brcmf_sdbrcm_htclk(struct brcmf_bus *bus, bool on, bool pendok) 669{ 670 int err; 671 u8 clkctl, clkreq, devctl; 672 unsigned long timeout; 673 674 brcmf_dbg(TRACE, "Enter\n"); 675 676 clkctl = 0; 677 678 if (on) { 679 /* Request HT Avail */ 680 clkreq = 681 bus->alp_only ? SBSDIO_ALP_AVAIL_REQ : SBSDIO_HT_AVAIL_REQ; 682 683 brcmf_sdcard_cfg_write(bus->sdiodev, SDIO_FUNC_1, 684 SBSDIO_FUNC1_CHIPCLKCSR, clkreq, &err); 685 if (err) { 686 brcmf_dbg(ERROR, "HT Avail request error: %d\n", err); 687 return -EBADE; 688 } 689 690 if (pendok && ((bus->ci->c_inf[1].id == PCMCIA_CORE_ID) 691 && (bus->ci->c_inf[1].rev == 9))) { 692 u32 dummy, retries; 693 r_sdreg32(bus, &dummy, 694 offsetof(struct sdpcmd_regs, clockctlstatus), 695 &retries); 696 } 697 698 /* Check current status */ 699 clkctl = brcmf_sdcard_cfg_read(bus->sdiodev, SDIO_FUNC_1, 700 SBSDIO_FUNC1_CHIPCLKCSR, &err); 701 if (err) { 702 brcmf_dbg(ERROR, "HT Avail read error: %d\n", err); 703 return -EBADE; 704 } 705 706 /* Go to pending and await interrupt if appropriate */ 707 if (!SBSDIO_CLKAV(clkctl, bus->alp_only) && pendok) { 708 /* Allow only clock-available interrupt */ 709 devctl = brcmf_sdcard_cfg_read(bus->sdiodev, 710 SDIO_FUNC_1, 711 SBSDIO_DEVICE_CTL, &err); 712 if (err) { 713 brcmf_dbg(ERROR, "Devctl error setting CA: %d\n", 714 err); 715 return -EBADE; 716 } 717 718 devctl |= SBSDIO_DEVCTL_CA_INT_ONLY; 719 brcmf_sdcard_cfg_write(bus->sdiodev, SDIO_FUNC_1, 720 SBSDIO_DEVICE_CTL, devctl, &err); 721 brcmf_dbg(INFO, "CLKCTL: set PENDING\n"); 722 bus->clkstate = CLK_PENDING; 723 724 return 0; 725 } else if (bus->clkstate == CLK_PENDING) { 726 /* Cancel CA-only interrupt filter */ 727 devctl = 728 brcmf_sdcard_cfg_read(bus->sdiodev, SDIO_FUNC_1, 729 SBSDIO_DEVICE_CTL, &err); 730 devctl &= ~SBSDIO_DEVCTL_CA_INT_ONLY; 731 brcmf_sdcard_cfg_write(bus->sdiodev, SDIO_FUNC_1, 732 SBSDIO_DEVICE_CTL, devctl, &err); 733 } 734 735 /* Otherwise, wait here (polling) for HT Avail */ 736 timeout = jiffies + 737 msecs_to_jiffies(PMU_MAX_TRANSITION_DLY/1000); 738 while (!SBSDIO_CLKAV(clkctl, bus->alp_only)) { 739 clkctl = brcmf_sdcard_cfg_read(bus->sdiodev, 740 SDIO_FUNC_1, 741 SBSDIO_FUNC1_CHIPCLKCSR, 742 &err); 743 if (time_after(jiffies, timeout)) 744 break; 745 else 746 usleep_range(5000, 10000); 747 } 748 if (err) { 749 brcmf_dbg(ERROR, "HT Avail request error: %d\n", err); 750 return -EBADE; 751 } 752 if (!SBSDIO_CLKAV(clkctl, bus->alp_only)) { 753 brcmf_dbg(ERROR, "HT Avail timeout (%d): clkctl 0x%02x\n", 754 PMU_MAX_TRANSITION_DLY, clkctl); 755 return -EBADE; 756 } 757 758 /* Mark clock available */ 759 bus->clkstate = CLK_AVAIL; 760 brcmf_dbg(INFO, "CLKCTL: turned ON\n"); 761 762#if defined(BCMDBG) 763 if (bus->alp_only != true) { 764 if (SBSDIO_ALPONLY(clkctl)) 765 brcmf_dbg(ERROR, "HT Clock should be on\n"); 766 } 767#endif /* defined (BCMDBG) */ 768 769 bus->activity = true; 770 } else { 771 clkreq = 0; 772 773 if (bus->clkstate == CLK_PENDING) { 774 /* Cancel CA-only interrupt filter */ 775 devctl = brcmf_sdcard_cfg_read(bus->sdiodev, 776 SDIO_FUNC_1, 777 SBSDIO_DEVICE_CTL, &err); 778 devctl &= ~SBSDIO_DEVCTL_CA_INT_ONLY; 779 brcmf_sdcard_cfg_write(bus->sdiodev, SDIO_FUNC_1, 780 SBSDIO_DEVICE_CTL, devctl, &err); 781 } 782 783 bus->clkstate = CLK_SDONLY; 784 brcmf_sdcard_cfg_write(bus->sdiodev, SDIO_FUNC_1, 785 SBSDIO_FUNC1_CHIPCLKCSR, clkreq, &err); 786 brcmf_dbg(INFO, "CLKCTL: turned OFF\n"); 787 if (err) { 788 brcmf_dbg(ERROR, "Failed access turning clock off: %d\n", 789 err); 790 return -EBADE; 791 } 792 } 793 return 0; 794} 795 796/* Change idle/active SD state */ 797static int brcmf_sdbrcm_sdclk(struct brcmf_bus *bus, bool on) 798{ 799 brcmf_dbg(TRACE, "Enter\n"); 800 801 if (on) 802 bus->clkstate = CLK_SDONLY; 803 else 804 bus->clkstate = CLK_NONE; 805 806 return 0; 807} 808 809/* Transition SD and backplane clock readiness */ 810static int brcmf_sdbrcm_clkctl(struct brcmf_bus *bus, uint target, bool pendok) 811{ 812#ifdef BCMDBG 813 uint oldstate = bus->clkstate; 814#endif /* BCMDBG */ 815 816 brcmf_dbg(TRACE, "Enter\n"); 817 818 /* Early exit if we're already there */ 819 if (bus->clkstate == target) { 820 if (target == CLK_AVAIL) { 821 brcmf_sdbrcm_wd_timer(bus, BRCMF_WD_POLL_MS); 822 bus->activity = true; 823 } 824 return 0; 825 } 826 827 switch (target) { 828 case CLK_AVAIL: 829 /* Make sure SD clock is available */ 830 if (bus->clkstate == CLK_NONE) 831 brcmf_sdbrcm_sdclk(bus, true); 832 /* Now request HT Avail on the backplane */ 833 brcmf_sdbrcm_htclk(bus, true, pendok); 834 brcmf_sdbrcm_wd_timer(bus, BRCMF_WD_POLL_MS); 835 bus->activity = true; 836 break; 837 838 case CLK_SDONLY: 839 /* Remove HT request, or bring up SD clock */ 840 if (bus->clkstate == CLK_NONE) 841 brcmf_sdbrcm_sdclk(bus, true); 842 else if (bus->clkstate == CLK_AVAIL) 843 brcmf_sdbrcm_htclk(bus, false, false); 844 else 845 brcmf_dbg(ERROR, "request for %d -> %d\n", 846 bus->clkstate, target); 847 brcmf_sdbrcm_wd_timer(bus, BRCMF_WD_POLL_MS); 848 break; 849 850 case CLK_NONE: 851 /* Make sure to remove HT request */ 852 if (bus->clkstate == CLK_AVAIL) 853 brcmf_sdbrcm_htclk(bus, false, false); 854 /* Now remove the SD clock */ 855 brcmf_sdbrcm_sdclk(bus, false); 856 brcmf_sdbrcm_wd_timer(bus, 0); 857 break; 858 } 859#ifdef BCMDBG 860 brcmf_dbg(INFO, "%d -> %d\n", oldstate, bus->clkstate); 861#endif /* BCMDBG */ 862 863 return 0; 864} 865 866static int brcmf_sdbrcm_bussleep(struct brcmf_bus *bus, bool sleep) 867{ 868 uint retries = 0; 869 870 brcmf_dbg(INFO, "request %s (currently %s)\n", 871 sleep ? "SLEEP" : "WAKE", 872 bus->sleeping ? "SLEEP" : "WAKE"); 873 874 /* Done if we're already in the requested state */ 875 if (sleep == bus->sleeping) 876 return 0; 877 878 /* Going to sleep: set the alarm and turn off the lights... */ 879 if (sleep) { 880 /* Don't sleep if something is pending */ 881 if (bus->dpc_sched || bus->rxskip || pktq_len(&bus->txq)) 882 return -EBUSY; 883 884 /* Make sure the controller has the bus up */ 885 brcmf_sdbrcm_clkctl(bus, CLK_AVAIL, false); 886 887 /* Tell device to start using OOB wakeup */ 888 w_sdreg32(bus, SMB_USE_OOB, 889 offsetof(struct sdpcmd_regs, tosbmailbox), &retries); 890 if (retries > retry_limit) 891 brcmf_dbg(ERROR, "CANNOT SIGNAL CHIP, WILL NOT WAKE UP!!\n"); 892 893 /* Turn off our contribution to the HT clock request */ 894 brcmf_sdbrcm_clkctl(bus, CLK_SDONLY, false); 895 896 brcmf_sdcard_cfg_write(bus->sdiodev, SDIO_FUNC_1, 897 SBSDIO_FUNC1_CHIPCLKCSR, 898 SBSDIO_FORCE_HW_CLKREQ_OFF, NULL); 899 900 /* Isolate the bus */ 901 brcmf_sdcard_cfg_write(bus->sdiodev, SDIO_FUNC_1, 902 SBSDIO_DEVICE_CTL, 903 SBSDIO_DEVCTL_PADS_ISO, NULL); 904 905 /* Change state */ 906 bus->sleeping = true; 907 908 } else { 909 /* Waking up: bus power up is ok, set local state */ 910 911 brcmf_sdcard_cfg_write(bus->sdiodev, SDIO_FUNC_1, 912 SBSDIO_FUNC1_CHIPCLKCSR, 0, NULL); 913 914 /* Force pad isolation off if possible 915 (in case power never toggled) */ 916 if ((bus->ci->c_inf[1].id == PCMCIA_CORE_ID) 917 && (bus->ci->c_inf[1].rev >= 10)) 918 brcmf_sdcard_cfg_write(bus->sdiodev, SDIO_FUNC_1, 919 SBSDIO_DEVICE_CTL, 0, NULL); 920 921 /* Make sure the controller has the bus up */ 922 brcmf_sdbrcm_clkctl(bus, CLK_AVAIL, false); 923 924 /* Send misc interrupt to indicate OOB not needed */ 925 w_sdreg32(bus, 0, offsetof(struct sdpcmd_regs, tosbmailboxdata), 926 &retries); 927 if (retries <= retry_limit) 928 w_sdreg32(bus, SMB_DEV_INT, 929 offsetof(struct sdpcmd_regs, tosbmailbox), 930 &retries); 931 932 if (retries > retry_limit) 933 brcmf_dbg(ERROR, "CANNOT SIGNAL CHIP TO CLEAR OOB!!\n"); 934 935 /* Make sure we have SD bus access */ 936 brcmf_sdbrcm_clkctl(bus, CLK_SDONLY, false); 937 938 /* Change state */ 939 bus->sleeping = false; 940 } 941 942 return 0; 943} 944 945static void bus_wake(struct brcmf_bus *bus) 946{ 947 if (bus->sleeping) 948 brcmf_sdbrcm_bussleep(bus, false); 949} 950 951static u32 brcmf_sdbrcm_hostmail(struct brcmf_bus *bus) 952{ 953 u32 intstatus = 0; 954 u32 hmb_data; 955 u8 fcbits; 956 uint retries = 0; 957 958 brcmf_dbg(TRACE, "Enter\n"); 959 960 /* Read mailbox data and ack that we did so */ 961 r_sdreg32(bus, &hmb_data, 962 offsetof(struct sdpcmd_regs, tohostmailboxdata), &retries); 963 964 if (retries <= retry_limit) 965 w_sdreg32(bus, SMB_INT_ACK, 966 offsetof(struct sdpcmd_regs, tosbmailbox), &retries); 967 bus->f1regdata += 2; 968 969 /* Dongle recomposed rx frames, accept them again */ 970 if (hmb_data & HMB_DATA_NAKHANDLED) { 971 brcmf_dbg(INFO, "Dongle reports NAK handled, expect rtx of %d\n", 972 bus->rx_seq); 973 if (!bus->rxskip) 974 brcmf_dbg(ERROR, "unexpected NAKHANDLED!\n"); 975 976 bus->rxskip = false; 977 intstatus |= I_HMB_FRAME_IND; 978 } 979 980 /* 981 * DEVREADY does not occur with gSPI. 982 */ 983 if (hmb_data & (HMB_DATA_DEVREADY | HMB_DATA_FWREADY)) { 984 bus->sdpcm_ver = 985 (hmb_data & HMB_DATA_VERSION_MASK) >> 986 HMB_DATA_VERSION_SHIFT; 987 if (bus->sdpcm_ver != SDPCM_PROT_VERSION) 988 brcmf_dbg(ERROR, "Version mismatch, dongle reports %d, " 989 "expecting %d\n", 990 bus->sdpcm_ver, SDPCM_PROT_VERSION); 991 else 992 brcmf_dbg(INFO, "Dongle ready, protocol version %d\n", 993 bus->sdpcm_ver); 994 } 995 996 /* 997 * Flow Control has been moved into the RX headers and this out of band 998 * method isn't used any more. 999 * remaining backward compatible with older dongles. 1000 */ 1001 if (hmb_data & HMB_DATA_FC) { 1002 fcbits = (hmb_data & HMB_DATA_FCDATA_MASK) >> 1003 HMB_DATA_FCDATA_SHIFT; 1004 1005 if (fcbits & ~bus->flowcontrol) 1006 bus->fc_xoff++; 1007 1008 if (bus->flowcontrol & ~fcbits) 1009 bus->fc_xon++; 1010 1011 bus->fc_rcvd++; 1012 bus->flowcontrol = fcbits; 1013 } 1014 1015 /* Shouldn't be any others */ 1016 if (hmb_data & ~(HMB_DATA_DEVREADY | 1017 HMB_DATA_NAKHANDLED | 1018 HMB_DATA_FC | 1019 HMB_DATA_FWREADY | 1020 HMB_DATA_FCDATA_MASK | HMB_DATA_VERSION_MASK)) 1021 brcmf_dbg(ERROR, "Unknown mailbox data content: 0x%02x\n", 1022 hmb_data); 1023 1024 return intstatus; 1025} 1026 1027static void brcmf_sdbrcm_rxfail(struct brcmf_bus *bus, bool abort, bool rtx) 1028{ 1029 uint retries = 0; 1030 u16 lastrbc; 1031 u8 hi, lo; 1032 int err; 1033 1034 brcmf_dbg(ERROR, "%sterminate frame%s\n", 1035 abort ? "abort command, " : "", 1036 rtx ? ", send NAK" : ""); 1037 1038 if (abort) 1039 brcmf_sdcard_abort(bus->sdiodev, SDIO_FUNC_2); 1040 1041 brcmf_sdcard_cfg_write(bus->sdiodev, SDIO_FUNC_1, 1042 SBSDIO_FUNC1_FRAMECTRL, 1043 SFC_RF_TERM, &err); 1044 bus->f1regdata++; 1045 1046 /* Wait until the packet has been flushed (device/FIFO stable) */ 1047 for (lastrbc = retries = 0xffff; retries > 0; retries--) { 1048 hi = brcmf_sdcard_cfg_read(bus->sdiodev, SDIO_FUNC_1, 1049 SBSDIO_FUNC1_RFRAMEBCHI, NULL); 1050 lo = brcmf_sdcard_cfg_read(bus->sdiodev, SDIO_FUNC_1, 1051 SBSDIO_FUNC1_RFRAMEBCLO, NULL); 1052 bus->f1regdata += 2; 1053 1054 if ((hi == 0) && (lo == 0)) 1055 break; 1056 1057 if ((hi > (lastrbc >> 8)) && (lo > (lastrbc & 0x00ff))) { 1058 brcmf_dbg(ERROR, "count growing: last 0x%04x now 0x%04x\n", 1059 lastrbc, (hi << 8) + lo); 1060 } 1061 lastrbc = (hi << 8) + lo; 1062 } 1063 1064 if (!retries) 1065 brcmf_dbg(ERROR, "count never zeroed: last 0x%04x\n", lastrbc); 1066 else 1067 brcmf_dbg(INFO, "flush took %d iterations\n", 0xffff - retries); 1068 1069 if (rtx) { 1070 bus->rxrtx++; 1071 w_sdreg32(bus, SMB_NAK, 1072 offsetof(struct sdpcmd_regs, tosbmailbox), &retries); 1073 1074 bus->f1regdata++; 1075 if (retries <= retry_limit) 1076 bus->rxskip = true; 1077 } 1078 1079 /* Clear partial in any case */ 1080 bus->nextlen = 0; 1081 1082 /* If we can't reach the device, signal failure */ 1083 if (err || brcmf_sdcard_regfail(bus->sdiodev)) 1084 bus->drvr->busstate = BRCMF_BUS_DOWN; 1085} 1086 1087/* copy a buffer into a pkt buffer chain */ 1088static uint brcmf_sdbrcm_glom_from_buf(struct brcmf_bus *bus, uint len) 1089{ 1090 uint n, ret = 0; 1091 struct sk_buff *p; 1092 u8 *buf; 1093 1094 buf = bus->dataptr; 1095 1096 /* copy the data */ 1097 skb_queue_walk(&bus->glom, p) { 1098 n = min_t(uint, p->len, len); 1099 memcpy(p->data, buf, n); 1100 buf += n; 1101 len -= n; 1102 ret += n; 1103 if (!len) 1104 break; 1105 } 1106 1107 return ret; 1108} 1109 1110static u8 brcmf_sdbrcm_rxglom(struct brcmf_bus *bus, u8 rxseq) 1111{ 1112 u16 dlen, totlen; 1113 u8 *dptr, num = 0; 1114 1115 u16 sublen, check; 1116 struct sk_buff *pfirst, *plast, *pnext, *save_pfirst; 1117 1118 int errcode; 1119 u8 chan, seq, doff, sfdoff; 1120 u8 txmax; 1121 1122 int ifidx = 0; 1123 bool usechain = bus->use_rxchain; 1124 1125 /* If packets, issue read(s) and send up packet chain */ 1126 /* Return sequence numbers consumed? */ 1127 1128 brcmf_dbg(TRACE, "start: glomd %p glom %p\n", 1129 bus->glomd, skb_peek(&bus->glom)); 1130 1131 /* If there's a descriptor, generate the packet chain */ 1132 if (bus->glomd) { 1133 pfirst = plast = pnext = NULL; 1134 dlen = (u16) (bus->glomd->len); 1135 dptr = bus->glomd->data; 1136 if (!dlen || (dlen & 1)) { 1137 brcmf_dbg(ERROR, "bad glomd len(%d), ignore descriptor\n", 1138 dlen); 1139 dlen = 0; 1140 } 1141 1142 for (totlen = num = 0; dlen; num++) { 1143 /* Get (and move past) next length */ 1144 sublen = get_unaligned_le16(dptr); 1145 dlen -= sizeof(u16); 1146 dptr += sizeof(u16); 1147 if ((sublen < SDPCM_HDRLEN) || 1148 ((num == 0) && (sublen < (2 * SDPCM_HDRLEN)))) { 1149 brcmf_dbg(ERROR, "descriptor len %d bad: %d\n", 1150 num, sublen); 1151 pnext = NULL; 1152 break; 1153 } 1154 if (sublen % BRCMF_SDALIGN) { 1155 brcmf_dbg(ERROR, "sublen %d not multiple of %d\n", 1156 sublen, BRCMF_SDALIGN); 1157 usechain = false; 1158 } 1159 totlen += sublen; 1160 1161 /* For last frame, adjust read len so total 1162 is a block multiple */ 1163 if (!dlen) { 1164 sublen += 1165 (roundup(totlen, bus->blocksize) - totlen); 1166 totlen = roundup(totlen, bus->blocksize); 1167 } 1168 1169 /* Allocate/chain packet for next subframe */ 1170 pnext = brcmu_pkt_buf_get_skb(sublen + BRCMF_SDALIGN); 1171 if (pnext == NULL) { 1172 brcmf_dbg(ERROR, "bcm_pkt_buf_get_skb failed, num %d len %d\n", 1173 num, sublen); 1174 break; 1175 } 1176 skb_queue_tail(&bus->glom, pnext); 1177 1178 /* Adhere to start alignment requirements */ 1179 pkt_align(pnext, sublen, BRCMF_SDALIGN); 1180 } 1181 1182 /* If all allocations succeeded, save packet chain 1183 in bus structure */ 1184 if (pnext) { 1185 brcmf_dbg(GLOM, "allocated %d-byte packet chain for %d subframes\n", 1186 totlen, num); 1187 if (BRCMF_GLOM_ON() && bus->nextlen && 1188 totlen != bus->nextlen) { 1189 brcmf_dbg(GLOM, "glomdesc mismatch: nextlen %d glomdesc %d rxseq %d\n", 1190 bus->nextlen, totlen, rxseq); 1191 } 1192 pfirst = pnext = NULL; 1193 } else { 1194 if (!skb_queue_empty(&bus->glom)) 1195 skb_queue_walk_safe(&bus->glom, pfirst, pnext) { 1196 skb_unlink(pfirst, &bus->glom); 1197 brcmu_pkt_buf_free_skb(pfirst); 1198 } 1199 num = 0; 1200 } 1201 1202 /* Done with descriptor packet */ 1203 brcmu_pkt_buf_free_skb(bus->glomd); 1204 bus->glomd = NULL; 1205 bus->nextlen = 0; 1206 } 1207 1208 /* Ok -- either we just generated a packet chain, 1209 or had one from before */ 1210 if (!skb_queue_empty(&bus->glom)) { 1211 if (BRCMF_GLOM_ON()) { 1212 brcmf_dbg(GLOM, "try superframe read, packet chain:\n"); 1213 skb_queue_walk(&bus->glom, pnext) { 1214 brcmf_dbg(GLOM, " %p: %p len 0x%04x (%d)\n", 1215 pnext, (u8 *) (pnext->data), 1216 pnext->len, pnext->len); 1217 } 1218 } 1219 1220 pfirst = skb_peek(&bus->glom); 1221 dlen = (u16) brcmu_pkttotlen(pfirst); 1222 1223 /* Do an SDIO read for the superframe. Configurable iovar to 1224 * read directly into the chained packet, or allocate a large 1225 * packet and and copy into the chain. 1226 */ 1227 if (usechain) { 1228 errcode = brcmf_sdcard_recv_buf(bus->sdiodev, 1229 bus->sdiodev->sbwad, 1230 SDIO_FUNC_2, 1231 F2SYNC, (u8 *) pfirst->data, dlen, 1232 pfirst); 1233 } else if (bus->dataptr) { 1234 errcode = brcmf_sdcard_recv_buf(bus->sdiodev, 1235 bus->sdiodev->sbwad, 1236 SDIO_FUNC_2, 1237 F2SYNC, bus->dataptr, dlen, 1238 NULL); 1239 sublen = (u16) brcmf_sdbrcm_glom_from_buf(bus, dlen); 1240 if (sublen != dlen) { 1241 brcmf_dbg(ERROR, "FAILED TO COPY, dlen %d sublen %d\n", 1242 dlen, sublen); 1243 errcode = -1; 1244 } 1245 pnext = NULL; 1246 } else { 1247 brcmf_dbg(ERROR, "COULDN'T ALLOC %d-BYTE GLOM, FORCE FAILURE\n", 1248 dlen); 1249 errcode = -1; 1250 } 1251 bus->f2rxdata++; 1252 1253 /* On failure, kill the superframe, allow a couple retries */ 1254 if (errcode < 0) { 1255 brcmf_dbg(ERROR, "glom read of %d bytes failed: %d\n", 1256 dlen, errcode); 1257 bus->drvr->rx_errors++; 1258 1259 if (bus->glomerr++ < 3) { 1260 brcmf_sdbrcm_rxfail(bus, true, true); 1261 } else { 1262 bus->glomerr = 0; 1263 brcmf_sdbrcm_rxfail(bus, true, false); 1264 bus->rxglomfail++; 1265 skb_queue_walk_safe(&bus->glom, pfirst, pnext) { 1266 skb_unlink(pfirst, &bus->glom); 1267 brcmu_pkt_buf_free_skb(pfirst); 1268 } 1269 } 1270 return 0; 1271 } 1272#ifdef BCMDBG 1273 if (BRCMF_GLOM_ON()) { 1274 printk(KERN_DEBUG "SUPERFRAME:\n"); 1275 print_hex_dump_bytes("", DUMP_PREFIX_OFFSET, 1276 pfirst->data, min_t(int, pfirst->len, 48)); 1277 } 1278#endif 1279 1280 /* Validate the superframe header */ 1281 dptr = (u8 *) (pfirst->data); 1282 sublen = get_unaligned_le16(dptr); 1283 check = get_unaligned_le16(dptr + sizeof(u16)); 1284 1285 chan = SDPCM_PACKET_CHANNEL(&dptr[SDPCM_FRAMETAG_LEN]); 1286 seq = SDPCM_PACKET_SEQUENCE(&dptr[SDPCM_FRAMETAG_LEN]); 1287 bus->nextlen = dptr[SDPCM_FRAMETAG_LEN + SDPCM_NEXTLEN_OFFSET]; 1288 if ((bus->nextlen << 4) > MAX_RX_DATASZ) { 1289 brcmf_dbg(INFO, "nextlen too large (%d) seq %d\n", 1290 bus->nextlen, seq); 1291 bus->nextlen = 0; 1292 } 1293 doff = SDPCM_DOFFSET_VALUE(&dptr[SDPCM_FRAMETAG_LEN]); 1294 txmax = SDPCM_WINDOW_VALUE(&dptr[SDPCM_FRAMETAG_LEN]); 1295 1296 errcode = 0; 1297 if ((u16)~(sublen ^ check)) { 1298 brcmf_dbg(ERROR, "(superframe): HW hdr error: len/check 0x%04x/0x%04x\n", 1299 sublen, check); 1300 errcode = -1; 1301 } else if (roundup(sublen, bus->blocksize) != dlen) { 1302 brcmf_dbg(ERROR, "(superframe): len 0x%04x, rounded 0x%04x, expect 0x%04x\n", 1303 sublen, roundup(sublen, bus->blocksize), 1304 dlen); 1305 errcode = -1; 1306 } else if (SDPCM_PACKET_CHANNEL(&dptr[SDPCM_FRAMETAG_LEN]) != 1307 SDPCM_GLOM_CHANNEL) { 1308 brcmf_dbg(ERROR, "(superframe): bad channel %d\n", 1309 SDPCM_PACKET_CHANNEL( 1310 &dptr[SDPCM_FRAMETAG_LEN])); 1311 errcode = -1; 1312 } else if (SDPCM_GLOMDESC(&dptr[SDPCM_FRAMETAG_LEN])) { 1313 brcmf_dbg(ERROR, "(superframe): got 2nd descriptor?\n"); 1314 errcode = -1; 1315 } else if ((doff < SDPCM_HDRLEN) || 1316 (doff > (pfirst->len - SDPCM_HDRLEN))) { 1317 brcmf_dbg(ERROR, "(superframe): Bad data offset %d: HW %d pkt %d min %d\n", 1318 doff, sublen, pfirst->len, SDPCM_HDRLEN); 1319 errcode = -1; 1320 } 1321 1322 /* Check sequence number of superframe SW header */ 1323 if (rxseq != seq) { 1324 brcmf_dbg(INFO, "(superframe) rx_seq %d, expected %d\n", 1325 seq, rxseq); 1326 bus->rx_badseq++; 1327 rxseq = seq; 1328 } 1329 1330 /* Check window for sanity */ 1331 if ((u8) (txmax - bus->tx_seq) > 0x40) { 1332 brcmf_dbg(ERROR, "unlikely tx max %d with tx_seq %d\n", 1333 txmax, bus->tx_seq); 1334 txmax = bus->tx_seq + 2; 1335 } 1336 bus->tx_max = txmax; 1337 1338 /* Remove superframe header, remember offset */ 1339 skb_pull(pfirst, doff); 1340 sfdoff = doff; 1341 1342 /* Validate all the subframe headers */ 1343 for (num = 0, pnext = pfirst; pnext && !errcode; 1344 num++, pnext = pnext->next) { 1345 dptr = (u8 *) (pnext->data); 1346 dlen = (u16) (pnext->len); 1347 sublen = get_unaligned_le16(dptr); 1348 check = get_unaligned_le16(dptr + sizeof(u16)); 1349 chan = SDPCM_PACKET_CHANNEL(&dptr[SDPCM_FRAMETAG_LEN]); 1350 doff = SDPCM_DOFFSET_VALUE(&dptr[SDPCM_FRAMETAG_LEN]); 1351#ifdef BCMDBG 1352 if (BRCMF_GLOM_ON()) { 1353 printk(KERN_DEBUG "subframe:\n"); 1354 print_hex_dump_bytes("", DUMP_PREFIX_OFFSET, 1355 dptr, 32); 1356 } 1357#endif 1358 1359 if ((u16)~(sublen ^ check)) { 1360 brcmf_dbg(ERROR, "(subframe %d): HW hdr error: len/check 0x%04x/0x%04x\n", 1361 num, sublen, check); 1362 errcode = -1; 1363 } else if ((sublen > dlen) || (sublen < SDPCM_HDRLEN)) { 1364 brcmf_dbg(ERROR, "(subframe %d): length mismatch: len 0x%04x, expect 0x%04x\n", 1365 num, sublen, dlen); 1366 errcode = -1; 1367 } else if ((chan != SDPCM_DATA_CHANNEL) && 1368 (chan != SDPCM_EVENT_CHANNEL)) { 1369 brcmf_dbg(ERROR, "(subframe %d): bad channel %d\n", 1370 num, chan); 1371 errcode = -1; 1372 } else if ((doff < SDPCM_HDRLEN) || (doff > sublen)) { 1373 brcmf_dbg(ERROR, "(subframe %d): Bad data offset %d: HW %d min %d\n", 1374 num, doff, sublen, SDPCM_HDRLEN); 1375 errcode = -1; 1376 } 1377 } 1378 1379 if (errcode) { 1380 /* Terminate frame on error, request 1381 a couple retries */ 1382 if (bus->glomerr++ < 3) { 1383 /* Restore superframe header space */ 1384 skb_push(pfirst, sfdoff); 1385 brcmf_sdbrcm_rxfail(bus, true, true); 1386 } else { 1387 bus->glomerr = 0; 1388 brcmf_sdbrcm_rxfail(bus, true, false); 1389 bus->rxglomfail++; 1390 skb_queue_walk_safe(&bus->glom, pfirst, pnext) { 1391 skb_unlink(pfirst, &bus->glom); 1392 brcmu_pkt_buf_free_skb(pfirst); 1393 } 1394 } 1395 bus->nextlen = 0; 1396 return 0; 1397 } 1398 1399 /* Basic SD framing looks ok - process each packet (header) */ 1400 save_pfirst = pfirst; 1401 plast = NULL; 1402 1403 for (num = 0; pfirst; rxseq++, pfirst = pnext) { 1404 pnext = pfirst->next; 1405 pfirst->next = NULL; 1406 1407 dptr = (u8 *) (pfirst->data); 1408 sublen = get_unaligned_le16(dptr); 1409 chan = SDPCM_PACKET_CHANNEL(&dptr[SDPCM_FRAMETAG_LEN]); 1410 seq = SDPCM_PACKET_SEQUENCE(&dptr[SDPCM_FRAMETAG_LEN]); 1411 doff = SDPCM_DOFFSET_VALUE(&dptr[SDPCM_FRAMETAG_LEN]); 1412 1413 brcmf_dbg(GLOM, "Get subframe %d, %p(%p/%d), sublen %d chan %d seq %d\n", 1414 num, pfirst, pfirst->data, 1415 pfirst->len, sublen, chan, seq); 1416 1417 /* precondition: chan == SDPCM_DATA_CHANNEL || 1418 chan == SDPCM_EVENT_CHANNEL */ 1419 1420 if (rxseq != seq) { 1421 brcmf_dbg(GLOM, "rx_seq %d, expected %d\n", 1422 seq, rxseq); 1423 bus->rx_badseq++; 1424 rxseq = seq; 1425 } 1426#ifdef BCMDBG 1427 if (BRCMF_BYTES_ON() && BRCMF_DATA_ON()) { 1428 printk(KERN_DEBUG "Rx Subframe Data:\n"); 1429 print_hex_dump_bytes("", DUMP_PREFIX_OFFSET, 1430 dptr, dlen); 1431 } 1432#endif 1433 1434 __skb_trim(pfirst, sublen); 1435 skb_pull(pfirst, doff); 1436 1437 if (pfirst->len == 0) { 1438 brcmu_pkt_buf_free_skb(pfirst); 1439 if (plast) 1440 plast->next = pnext; 1441 else 1442 save_pfirst = pnext; 1443 1444 continue; 1445 } else if (brcmf_proto_hdrpull(bus->drvr, &ifidx, 1446 pfirst) != 0) { 1447 brcmf_dbg(ERROR, "rx protocol error\n"); 1448 bus->drvr->rx_errors++; 1449 brcmu_pkt_buf_free_skb(pfirst); 1450 if (plast) 1451 plast->next = pnext; 1452 else 1453 save_pfirst = pnext; 1454 1455 continue; 1456 } 1457 1458 /* this packet will go up, link back into 1459 chain and count it */ 1460 pfirst->next = pnext; 1461 plast = pfirst; 1462 num++; 1463 1464#ifdef BCMDBG 1465 if (BRCMF_GLOM_ON()) { 1466 brcmf_dbg(GLOM, "subframe %d to stack, %p (%p/%d) nxt/lnk %p/%p\n", 1467 num, pfirst, pfirst->data, 1468 pfirst->len, pfirst->next, 1469 pfirst->prev); 1470 print_hex_dump_bytes("", DUMP_PREFIX_OFFSET, 1471 pfirst->data, 1472 min_t(int, pfirst->len, 32)); 1473 } 1474#endif /* BCMDBG */ 1475 } 1476 if (num) { 1477 up(&bus->sdsem); 1478 brcmf_rx_frame(bus->drvr, ifidx, save_pfirst, num); 1479 down(&bus->sdsem); 1480 } 1481 1482 bus->rxglomframes++; 1483 bus->rxglompkts += num; 1484 } 1485 return num; 1486} 1487 1488static int brcmf_sdbrcm_dcmd_resp_wait(struct brcmf_bus *bus, uint *condition, 1489 bool *pending) 1490{ 1491 DECLARE_WAITQUEUE(wait, current); 1492 int timeout = msecs_to_jiffies(DCMD_RESP_TIMEOUT); 1493 1494 /* Wait until control frame is available */ 1495 add_wait_queue(&bus->dcmd_resp_wait, &wait); 1496 set_current_state(TASK_INTERRUPTIBLE); 1497 1498 while (!(*condition) && (!signal_pending(current) && timeout)) 1499 timeout = schedule_timeout(timeout); 1500 1501 if (signal_pending(current)) 1502 *pending = true; 1503 1504 set_current_state(TASK_RUNNING); 1505 remove_wait_queue(&bus->dcmd_resp_wait, &wait); 1506 1507 return timeout; 1508} 1509 1510static int brcmf_sdbrcm_dcmd_resp_wake(struct brcmf_bus *bus) 1511{ 1512 if (waitqueue_active(&bus->dcmd_resp_wait)) 1513 wake_up_interruptible(&bus->dcmd_resp_wait); 1514 1515 return 0; 1516} 1517static void 1518brcmf_sdbrcm_read_control(struct brcmf_bus *bus, u8 *hdr, uint len, uint doff) 1519{ 1520 uint rdlen, pad; 1521 1522 int sdret; 1523 1524 brcmf_dbg(TRACE, "Enter\n"); 1525 1526 /* Set rxctl for frame (w/optional alignment) */ 1527 bus->rxctl = bus->rxbuf; 1528 bus->rxctl += BRCMF_FIRSTREAD; 1529 pad = ((unsigned long)bus->rxctl % BRCMF_SDALIGN); 1530 if (pad) 1531 bus->rxctl += (BRCMF_SDALIGN - pad); 1532 bus->rxctl -= BRCMF_FIRSTREAD; 1533 1534 /* Copy the already-read portion over */ 1535 memcpy(bus->rxctl, hdr, BRCMF_FIRSTREAD); 1536 if (len <= BRCMF_FIRSTREAD) 1537 goto gotpkt; 1538 1539 /* Raise rdlen to next SDIO block to avoid tail command */ 1540 rdlen = len - BRCMF_FIRSTREAD; 1541 if (bus->roundup && bus->blocksize && (rdlen > bus->blocksize)) { 1542 pad = bus->blocksize - (rdlen % bus->blocksize); 1543 if ((pad <= bus->roundup) && (pad < bus->blocksize) && 1544 ((len + pad) < bus->drvr->maxctl)) 1545 rdlen += pad; 1546 } else if (rdlen % BRCMF_SDALIGN) { 1547 rdlen += BRCMF_SDALIGN - (rdlen % BRCMF_SDALIGN); 1548 } 1549 1550 /* Satisfy length-alignment requirements */ 1551 if (rdlen & (ALIGNMENT - 1)) 1552 rdlen = roundup(rdlen, ALIGNMENT); 1553 1554 /* Drop if the read is too big or it exceeds our maximum */ 1555 if ((rdlen + BRCMF_FIRSTREAD) > bus->drvr->maxctl) { 1556 brcmf_dbg(ERROR, "%d-byte control read exceeds %d-byte buffer\n", 1557 rdlen, bus->drvr->maxctl); 1558 bus->drvr->rx_errors++; 1559 brcmf_sdbrcm_rxfail(bus, false, false); 1560 goto done; 1561 } 1562 1563 if ((len - doff) > bus->drvr->maxctl) { 1564 brcmf_dbg(ERROR, "%d-byte ctl frame (%d-byte ctl data) exceeds %d-byte limit\n", 1565 len, len - doff, bus->drvr->maxctl); 1566 bus->drvr->rx_errors++; 1567 bus->rx_toolong++; 1568 brcmf_sdbrcm_rxfail(bus, false, false); 1569 goto done; 1570 } 1571 1572 /* Read remainder of frame body into the rxctl buffer */ 1573 sdret = brcmf_sdcard_recv_buf(bus->sdiodev, 1574 bus->sdiodev->sbwad, 1575 SDIO_FUNC_2, 1576 F2SYNC, (bus->rxctl + BRCMF_FIRSTREAD), rdlen, 1577 NULL); 1578 bus->f2rxdata++; 1579 1580 /* Control frame failures need retransmission */ 1581 if (sdret < 0) { 1582 brcmf_dbg(ERROR, "read %d control bytes failed: %d\n", 1583 rdlen, sdret); 1584 bus->rxc_errors++; 1585 brcmf_sdbrcm_rxfail(bus, true, true); 1586 goto done; 1587 } 1588 1589gotpkt: 1590 1591#ifdef BCMDBG 1592 if (BRCMF_BYTES_ON() && BRCMF_CTL_ON()) { 1593 printk(KERN_DEBUG "RxCtrl:\n"); 1594 print_hex_dump_bytes("", DUMP_PREFIX_OFFSET, bus->rxctl, len); 1595 } 1596#endif 1597 1598 /* Point to valid data and indicate its length */ 1599 bus->rxctl += doff; 1600 bus->rxlen = len - doff; 1601 1602done: 1603 /* Awake any waiters */ 1604 brcmf_sdbrcm_dcmd_resp_wake(bus); 1605} 1606 1607/* Pad read to blocksize for efficiency */ 1608static void brcmf_pad(struct brcmf_bus *bus, u16 *pad, u16 *rdlen) 1609{ 1610 if (bus->roundup && bus->blocksize && *rdlen > bus->blocksize) { 1611 *pad = bus->blocksize - (*rdlen % bus->blocksize); 1612 if (*pad <= bus->roundup && *pad < bus->blocksize && 1613 *rdlen + *pad + BRCMF_FIRSTREAD < MAX_RX_DATASZ) 1614 *rdlen += *pad; 1615 } else if (*rdlen % BRCMF_SDALIGN) { 1616 *rdlen += BRCMF_SDALIGN - (*rdlen % BRCMF_SDALIGN); 1617 } 1618} 1619 1620static void 1621brcmf_alloc_pkt_and_read(struct brcmf_bus *bus, u16 rdlen, 1622 struct sk_buff **pkt, u8 **rxbuf) 1623{ 1624 int sdret; /* Return code from calls */ 1625 1626 *pkt = brcmu_pkt_buf_get_skb(rdlen + BRCMF_SDALIGN); 1627 if (*pkt == NULL) 1628 return; 1629 1630 pkt_align(*pkt, rdlen, BRCMF_SDALIGN); 1631 *rxbuf = (u8 *) ((*pkt)->data); 1632 /* Read the entire frame */ 1633 sdret = brcmf_sdcard_recv_buf(bus->sdiodev, bus->sdiodev->sbwad, 1634 SDIO_FUNC_2, F2SYNC, 1635 *rxbuf, rdlen, *pkt); 1636 bus->f2rxdata++; 1637 1638 if (sdret < 0) { 1639 brcmf_dbg(ERROR, "(nextlen): read %d bytes failed: %d\n", 1640 rdlen, sdret); 1641 brcmu_pkt_buf_free_skb(*pkt); 1642 bus->drvr->rx_errors++; 1643 /* Force retry w/normal header read. 1644 * Don't attempt NAK for 1645 * gSPI 1646 */ 1647 brcmf_sdbrcm_rxfail(bus, true, true); 1648 *pkt = NULL; 1649 } 1650} 1651 1652/* Checks the header */ 1653static int 1654brcmf_check_rxbuf(struct brcmf_bus *bus, struct sk_buff *pkt, u8 *rxbuf, 1655 u8 rxseq, u16 nextlen, u16 *len) 1656{ 1657 u16 check; 1658 bool len_consistent; /* Result of comparing readahead len and 1659 len from hw-hdr */ 1660 1661 memcpy(bus->rxhdr, rxbuf, SDPCM_HDRLEN); 1662 1663 /* Extract hardware header fields */ 1664 *len = get_unaligned_le16(bus->rxhdr); 1665 check = get_unaligned_le16(bus->rxhdr + sizeof(u16)); 1666 1667 /* All zeros means readahead info was bad */ 1668 if (!(*len | check)) { 1669 brcmf_dbg(INFO, "(nextlen): read zeros in HW header???\n"); 1670 goto fail; 1671 } 1672 1673 /* Validate check bytes */ 1674 if ((u16)~(*len ^ check)) { 1675 brcmf_dbg(ERROR, "(nextlen): HW hdr error: nextlen/len/check 0x%04x/0x%04x/0x%04x\n", 1676 nextlen, *len, check); 1677 bus->rx_badhdr++; 1678 brcmf_sdbrcm_rxfail(bus, false, false); 1679 goto fail; 1680 } 1681 1682 /* Validate frame length */ 1683 if (*len < SDPCM_HDRLEN) { 1684 brcmf_dbg(ERROR, "(nextlen): HW hdr length invalid: %d\n", 1685 *len); 1686 goto fail; 1687 } 1688 1689 /* Check for consistency with readahead info */ 1690 len_consistent = (nextlen != (roundup(*len, 16) >> 4)); 1691 if (len_consistent) { 1692 /* Mismatch, force retry w/normal 1693 header (may be >4K) */ 1694 brcmf_dbg(ERROR, "(nextlen): mismatch, nextlen %d len %d rnd %d; expected rxseq %d\n", 1695 nextlen, *len, roundup(*len, 16), 1696 rxseq); 1697 brcmf_sdbrcm_rxfail(bus, true, true); 1698 goto fail; 1699 } 1700 1701 return 0; 1702 1703fail: 1704 brcmf_sdbrcm_pktfree2(bus, pkt); 1705 return -EINVAL; 1706} 1707 1708/* Return true if there may be more frames to read */ 1709static uint 1710brcmf_sdbrcm_readframes(struct brcmf_bus *bus, uint maxframes, bool *finished) 1711{ 1712 u16 len, check; /* Extracted hardware header fields */ 1713 u8 chan, seq, doff; /* Extracted software header fields */ 1714 u8 fcbits; /* Extracted fcbits from software header */ 1715 1716 struct sk_buff *pkt; /* Packet for event or data frames */ 1717 u16 pad; /* Number of pad bytes to read */ 1718 u16 rdlen; /* Total number of bytes to read */ 1719 u8 rxseq; /* Next sequence number to expect */ 1720 uint rxleft = 0; /* Remaining number of frames allowed */ 1721 int sdret; /* Return code from calls */ 1722 u8 txmax; /* Maximum tx sequence offered */ 1723 u8 *rxbuf; 1724 int ifidx = 0; 1725 uint rxcount = 0; /* Total frames read */ 1726 1727 brcmf_dbg(TRACE, "Enter\n"); 1728 1729 /* Not finished unless we encounter no more frames indication */ 1730 *finished = false; 1731 1732 for (rxseq = bus->rx_seq, rxleft = maxframes; 1733 !bus->rxskip && rxleft && bus->drvr->busstate != BRCMF_BUS_DOWN; 1734 rxseq++, rxleft--) { 1735 1736 /* Handle glomming separately */ 1737 if (bus->glomd || !skb_queue_empty(&bus->glom)) { 1738 u8 cnt; 1739 brcmf_dbg(GLOM, "calling rxglom: glomd %p, glom %p\n", 1740 bus->glomd, skb_peek(&bus->glom)); 1741 cnt = brcmf_sdbrcm_rxglom(bus, rxseq); 1742 brcmf_dbg(GLOM, "rxglom returned %d\n", cnt); 1743 rxseq += cnt - 1; 1744 rxleft = (rxleft > cnt) ? (rxleft - cnt) : 1; 1745 continue; 1746 } 1747 1748 /* Try doing single read if we can */ 1749 if (bus->nextlen) { 1750 u16 nextlen = bus->nextlen; 1751 bus->nextlen = 0; 1752 1753 rdlen = len = nextlen << 4; 1754 brcmf_pad(bus, &pad, &rdlen); 1755 1756 /* 1757 * After the frame is received we have to 1758 * distinguish whether it is data 1759 * or non-data frame. 1760 */ 1761 brcmf_alloc_pkt_and_read(bus, rdlen, &pkt, &rxbuf); 1762 if (pkt == NULL) { 1763 /* Give up on data, request rtx of events */ 1764 brcmf_dbg(ERROR, "(nextlen): brcmf_alloc_pkt_and_read failed: len %d rdlen %d expected rxseq %d\n", 1765 len, rdlen, rxseq); 1766 continue; 1767 } 1768 1769 if (brcmf_check_rxbuf(bus, pkt, rxbuf, rxseq, nextlen, 1770 &len) < 0) 1771 continue; 1772 1773 /* Extract software header fields */ 1774 chan = SDPCM_PACKET_CHANNEL( 1775 &bus->rxhdr[SDPCM_FRAMETAG_LEN]); 1776 seq = SDPCM_PACKET_SEQUENCE( 1777 &bus->rxhdr[SDPCM_FRAMETAG_LEN]); 1778 doff = SDPCM_DOFFSET_VALUE( 1779 &bus->rxhdr[SDPCM_FRAMETAG_LEN]); 1780 txmax = SDPCM_WINDOW_VALUE( 1781 &bus->rxhdr[SDPCM_FRAMETAG_LEN]); 1782 1783 bus->nextlen = 1784 bus->rxhdr[SDPCM_FRAMETAG_LEN + 1785 SDPCM_NEXTLEN_OFFSET]; 1786 if ((bus->nextlen << 4) > MAX_RX_DATASZ) { 1787 brcmf_dbg(INFO, "(nextlen): got frame w/nextlen too large (%d), seq %d\n", 1788 bus->nextlen, seq); 1789 bus->nextlen = 0; 1790 } 1791 1792 bus->drvr->rx_readahead_cnt++; 1793 1794 /* Handle Flow Control */ 1795 fcbits = SDPCM_FCMASK_VALUE( 1796 &bus->rxhdr[SDPCM_FRAMETAG_LEN]); 1797 1798 if (bus->flowcontrol != fcbits) { 1799 if (~bus->flowcontrol & fcbits) 1800 bus->fc_xoff++; 1801 1802 if (bus->flowcontrol & ~fcbits) 1803 bus->fc_xon++; 1804 1805 bus->fc_rcvd++; 1806 bus->flowcontrol = fcbits; 1807 } 1808 1809 /* Check and update sequence number */ 1810 if (rxseq != seq) { 1811 brcmf_dbg(INFO, "(nextlen): rx_seq %d, expected %d\n", 1812 seq, rxseq); 1813 bus->rx_badseq++; 1814 rxseq = seq; 1815 } 1816 1817 /* Check window for sanity */ 1818 if ((u8) (txmax - bus->tx_seq) > 0x40) { 1819 brcmf_dbg(ERROR, "got unlikely tx max %d with tx_seq %d\n", 1820 txmax, bus->tx_seq); 1821 txmax = bus->tx_seq + 2; 1822 } 1823 bus->tx_max = txmax; 1824 1825#ifdef BCMDBG 1826 if (BRCMF_BYTES_ON() && BRCMF_DATA_ON()) { 1827 printk(KERN_DEBUG "Rx Data:\n"); 1828 print_hex_dump_bytes("", DUMP_PREFIX_OFFSET, 1829 rxbuf, len); 1830 } else if (BRCMF_HDRS_ON()) { 1831 printk(KERN_DEBUG "RxHdr:\n"); 1832 print_hex_dump_bytes("", DUMP_PREFIX_OFFSET, 1833 bus->rxhdr, SDPCM_HDRLEN); 1834 } 1835#endif 1836 1837 if (chan == SDPCM_CONTROL_CHANNEL) { 1838 brcmf_dbg(ERROR, "(nextlen): readahead on control packet %d?\n", 1839 seq); 1840 /* Force retry w/normal header read */ 1841 bus->nextlen = 0; 1842 brcmf_sdbrcm_rxfail(bus, false, true); 1843 brcmf_sdbrcm_pktfree2(bus, pkt); 1844 continue; 1845 } 1846 1847 /* Validate data offset */ 1848 if ((doff < SDPCM_HDRLEN) || (doff > len)) { 1849 brcmf_dbg(ERROR, "(nextlen): bad data offset %d: HW len %d min %d\n", 1850 doff, len, SDPCM_HDRLEN); 1851 brcmf_sdbrcm_rxfail(bus, false, false); 1852 brcmf_sdbrcm_pktfree2(bus, pkt); 1853 continue; 1854 } 1855 1856 /* All done with this one -- now deliver the packet */ 1857 goto deliver; 1858 } 1859 1860 /* Read frame header (hardware and software) */ 1861 sdret = brcmf_sdcard_recv_buf(bus->sdiodev, bus->sdiodev->sbwad, 1862 SDIO_FUNC_2, F2SYNC, bus->rxhdr, 1863 BRCMF_FIRSTREAD, NULL); 1864 bus->f2rxhdrs++; 1865 1866 if (sdret < 0) { 1867 brcmf_dbg(ERROR, "RXHEADER FAILED: %d\n", sdret); 1868 bus->rx_hdrfail++; 1869 brcmf_sdbrcm_rxfail(bus, true, true); 1870 continue; 1871 } 1872#ifdef BCMDBG 1873 if (BRCMF_BYTES_ON() || BRCMF_HDRS_ON()) { 1874 printk(KERN_DEBUG "RxHdr:\n"); 1875 print_hex_dump_bytes("", DUMP_PREFIX_OFFSET, 1876 bus->rxhdr, SDPCM_HDRLEN); 1877 } 1878#endif 1879 1880 /* Extract hardware header fields */ 1881 len = get_unaligned_le16(bus->rxhdr); 1882 check = get_unaligned_le16(bus->rxhdr + sizeof(u16)); 1883 1884 /* All zeros means no more frames */ 1885 if (!(len | check)) { 1886 *finished = true; 1887 break; 1888 } 1889 1890 /* Validate check bytes */ 1891 if ((u16) ~(len ^ check)) { 1892 brcmf_dbg(ERROR, "HW hdr err: len/check 0x%04x/0x%04x\n", 1893 len, check); 1894 bus->rx_badhdr++; 1895 brcmf_sdbrcm_rxfail(bus, false, false); 1896 continue; 1897 } 1898 1899 /* Validate frame length */ 1900 if (len < SDPCM_HDRLEN) { 1901 brcmf_dbg(ERROR, "HW hdr length invalid: %d\n", len); 1902 continue; 1903 } 1904 1905 /* Extract software header fields */ 1906 chan = SDPCM_PACKET_CHANNEL(&bus->rxhdr[SDPCM_FRAMETAG_LEN]); 1907 seq = SDPCM_PACKET_SEQUENCE(&bus->rxhdr[SDPCM_FRAMETAG_LEN]); 1908 doff = SDPCM_DOFFSET_VALUE(&bus->rxhdr[SDPCM_FRAMETAG_LEN]); 1909 txmax = SDPCM_WINDOW_VALUE(&bus->rxhdr[SDPCM_FRAMETAG_LEN]); 1910 1911 /* Validate data offset */ 1912 if ((doff < SDPCM_HDRLEN) || (doff > len)) { 1913 brcmf_dbg(ERROR, "Bad data offset %d: HW len %d, min %d seq %d\n", 1914 doff, len, SDPCM_HDRLEN, seq); 1915 bus->rx_badhdr++; 1916 brcmf_sdbrcm_rxfail(bus, false, false); 1917 continue; 1918 } 1919 1920 /* Save the readahead length if there is one */ 1921 bus->nextlen = 1922 bus->rxhdr[SDPCM_FRAMETAG_LEN + SDPCM_NEXTLEN_OFFSET]; 1923 if ((bus->nextlen << 4) > MAX_RX_DATASZ) { 1924 brcmf_dbg(INFO, "(nextlen): got frame w/nextlen too large (%d), seq %d\n", 1925 bus->nextlen, seq); 1926 bus->nextlen = 0; 1927 } 1928 1929 /* Handle Flow Control */ 1930 fcbits = SDPCM_FCMASK_VALUE(&bus->rxhdr[SDPCM_FRAMETAG_LEN]); 1931 1932 if (bus->flowcontrol != fcbits) { 1933 if (~bus->flowcontrol & fcbits) 1934 bus->fc_xoff++; 1935 1936 if (bus->flowcontrol & ~fcbits) 1937 bus->fc_xon++; 1938 1939 bus->fc_rcvd++; 1940 bus->flowcontrol = fcbits; 1941 } 1942 1943 /* Check and update sequence number */ 1944 if (rxseq != seq) { 1945 brcmf_dbg(INFO, "rx_seq %d, expected %d\n", seq, rxseq); 1946 bus->rx_badseq++; 1947 rxseq = seq; 1948 } 1949 1950 /* Check window for sanity */ 1951 if ((u8) (txmax - bus->tx_seq) > 0x40) { 1952 brcmf_dbg(ERROR, "unlikely tx max %d with tx_seq %d\n", 1953 txmax, bus->tx_seq); 1954 txmax = bus->tx_seq + 2; 1955 } 1956 bus->tx_max = txmax; 1957 1958 /* Call a separate function for control frames */ 1959 if (chan == SDPCM_CONTROL_CHANNEL) { 1960 brcmf_sdbrcm_read_control(bus, bus->rxhdr, len, doff); 1961 continue; 1962 } 1963 1964 /* precondition: chan is either SDPCM_DATA_CHANNEL, 1965 SDPCM_EVENT_CHANNEL, SDPCM_TEST_CHANNEL or 1966 SDPCM_GLOM_CHANNEL */ 1967 1968 /* Length to read */ 1969 rdlen = (len > BRCMF_FIRSTREAD) ? (len - BRCMF_FIRSTREAD) : 0; 1970 1971 /* May pad read to blocksize for efficiency */ 1972 if (bus->roundup && bus->blocksize && 1973 (rdlen > bus->blocksize)) { 1974 pad = bus->blocksize - (rdlen % bus->blocksize); 1975 if ((pad <= bus->roundup) && (pad < bus->blocksize) && 1976 ((rdlen + pad + BRCMF_FIRSTREAD) < MAX_RX_DATASZ)) 1977 rdlen += pad; 1978 } else if (rdlen % BRCMF_SDALIGN) { 1979 rdlen += BRCMF_SDALIGN - (rdlen % BRCMF_SDALIGN); 1980 } 1981 1982 /* Satisfy length-alignment requirements */ 1983 if (rdlen & (ALIGNMENT - 1)) 1984 rdlen = roundup(rdlen, ALIGNMENT); 1985 1986 if ((rdlen + BRCMF_FIRSTREAD) > MAX_RX_DATASZ) { 1987 /* Too long -- skip this frame */ 1988 brcmf_dbg(ERROR, "too long: len %d rdlen %d\n", 1989 len, rdlen); 1990 bus->drvr->rx_errors++; 1991 bus->rx_toolong++; 1992 brcmf_sdbrcm_rxfail(bus, false, false); 1993 continue; 1994 } 1995 1996 pkt = brcmu_pkt_buf_get_skb(rdlen + 1997 BRCMF_FIRSTREAD + BRCMF_SDALIGN); 1998 if (!pkt) { 1999 /* Give up on data, request rtx of events */ 2000 brcmf_dbg(ERROR, "brcmu_pkt_buf_get_skb failed: rdlen %d chan %d\n", 2001 rdlen, chan); 2002 bus->drvr->rx_dropped++; 2003 brcmf_sdbrcm_rxfail(bus, false, RETRYCHAN(chan)); 2004 continue; 2005 } 2006 2007 /* Leave room for what we already read, and align remainder */ 2008 skb_pull(pkt, BRCMF_FIRSTREAD); 2009 pkt_align(pkt, rdlen, BRCMF_SDALIGN); 2010 2011 /* Read the remaining frame data */ 2012 sdret = brcmf_sdcard_recv_buf(bus->sdiodev, bus->sdiodev->sbwad, 2013 SDIO_FUNC_2, F2SYNC, ((u8 *) (pkt->data)), 2014 rdlen, pkt); 2015 bus->f2rxdata++; 2016 2017 if (sdret < 0) { 2018 brcmf_dbg(ERROR, "read %d %s bytes failed: %d\n", rdlen, 2019 ((chan == SDPCM_EVENT_CHANNEL) ? "event" 2020 : ((chan == SDPCM_DATA_CHANNEL) ? "data" 2021 : "test")), sdret); 2022 brcmu_pkt_buf_free_skb(pkt); 2023 bus->drvr->rx_errors++; 2024 brcmf_sdbrcm_rxfail(bus, true, RETRYCHAN(chan)); 2025 continue; 2026 } 2027 2028 /* Copy the already-read portion */ 2029 skb_push(pkt, BRCMF_FIRSTREAD); 2030 memcpy(pkt->data, bus->rxhdr, BRCMF_FIRSTREAD); 2031 2032#ifdef BCMDBG 2033 if (BRCMF_BYTES_ON() && BRCMF_DATA_ON()) { 2034 printk(KERN_DEBUG "Rx Data:\n"); 2035 print_hex_dump_bytes("", DUMP_PREFIX_OFFSET, 2036 pkt->data, len); 2037 } 2038#endif 2039 2040deliver: 2041 /* Save superframe descriptor and allocate packet frame */ 2042 if (chan == SDPCM_GLOM_CHANNEL) { 2043 if (SDPCM_GLOMDESC(&bus->rxhdr[SDPCM_FRAMETAG_LEN])) { 2044 brcmf_dbg(GLOM, "glom descriptor, %d bytes:\n", 2045 len); 2046#ifdef BCMDBG 2047 if (BRCMF_GLOM_ON()) { 2048 printk(KERN_DEBUG "Glom Data:\n"); 2049 print_hex_dump_bytes("", 2050 DUMP_PREFIX_OFFSET, 2051 pkt->data, len); 2052 } 2053#endif 2054 __skb_trim(pkt, len); 2055 skb_pull(pkt, SDPCM_HDRLEN); 2056 bus->glomd = pkt; 2057 } else { 2058 brcmf_dbg(ERROR, "%s: glom superframe w/o " 2059 "descriptor!\n", __func__); 2060 brcmf_sdbrcm_rxfail(bus, false, false); 2061 } 2062 continue; 2063 } 2064 2065 /* Fill in packet len and prio, deliver upward */ 2066 __skb_trim(pkt, len); 2067 skb_pull(pkt, doff); 2068 2069 if (pkt->len == 0) { 2070 brcmu_pkt_buf_free_skb(pkt); 2071 continue; 2072 } else if (brcmf_proto_hdrpull(bus->drvr, &ifidx, pkt) != 0) { 2073 brcmf_dbg(ERROR, "rx protocol error\n"); 2074 brcmu_pkt_buf_free_skb(pkt); 2075 bus->drvr->rx_errors++; 2076 continue; 2077 } 2078 2079 /* Unlock during rx call */ 2080 up(&bus->sdsem); 2081 brcmf_rx_frame(bus->drvr, ifidx, pkt, 1); 2082 down(&bus->sdsem); 2083 } 2084 rxcount = maxframes - rxleft; 2085#ifdef BCMDBG 2086 /* Message if we hit the limit */ 2087 if (!rxleft) 2088 brcmf_dbg(DATA, "hit rx limit of %d frames\n", 2089 maxframes); 2090 else 2091#endif /* BCMDBG */ 2092 brcmf_dbg(DATA, "processed %d frames\n", rxcount); 2093 /* Back off rxseq if awaiting rtx, update rx_seq */ 2094 if (bus->rxskip) 2095 rxseq--; 2096 bus->rx_seq = rxseq; 2097 2098 return rxcount; 2099} 2100 2101static int 2102brcmf_sdbrcm_send_buf(struct brcmf_bus *bus, u32 addr, uint fn, uint flags, 2103 u8 *buf, uint nbytes, struct sk_buff *pkt) 2104{ 2105 return brcmf_sdcard_send_buf 2106 (bus->sdiodev, addr, fn, flags, buf, nbytes, pkt); 2107} 2108 2109static void 2110brcmf_sdbrcm_wait_for_event(struct brcmf_bus *bus, bool *lockvar) 2111{ 2112 up(&bus->sdsem); 2113 wait_event_interruptible_timeout(bus->ctrl_wait, 2114 (*lockvar == false), HZ * 2); 2115 down(&bus->sdsem); 2116 return; 2117} 2118 2119static void 2120brcmf_sdbrcm_wait_event_wakeup(struct brcmf_bus *bus) 2121{ 2122 if (waitqueue_active(&bus->ctrl_wait)) 2123 wake_up_interruptible(&bus->ctrl_wait); 2124 return; 2125} 2126 2127/* Writes a HW/SW header into the packet and sends it. */ 2128/* Assumes: (a) header space already there, (b) caller holds lock */ 2129static int brcmf_sdbrcm_txpkt(struct brcmf_bus *bus, struct sk_buff *pkt, 2130 uint chan, bool free_pkt) 2131{ 2132 int ret; 2133 u8 *frame; 2134 u16 len, pad = 0; 2135 u32 swheader; 2136 struct sk_buff *new; 2137 int i; 2138 2139 brcmf_dbg(TRACE, "Enter\n"); 2140 2141 frame = (u8 *) (pkt->data); 2142 2143 /* Add alignment padding, allocate new packet if needed */ 2144 pad = ((unsigned long)frame % BRCMF_SDALIGN); 2145 if (pad) { 2146 if (skb_headroom(pkt) < pad) { 2147 brcmf_dbg(INFO, "insufficient headroom %d for %d pad\n", 2148 skb_headroom(pkt), pad); 2149 bus->drvr->tx_realloc++; 2150 new = brcmu_pkt_buf_get_skb(pkt->len + BRCMF_SDALIGN); 2151 if (!new) { 2152 brcmf_dbg(ERROR, "couldn't allocate new %d-byte packet\n", 2153 pkt->len + BRCMF_SDALIGN); 2154 ret = -ENOMEM; 2155 goto done; 2156 } 2157 2158 pkt_align(new, pkt->len, BRCMF_SDALIGN); 2159 memcpy(new->data, pkt->data, pkt->len); 2160 if (free_pkt) 2161 brcmu_pkt_buf_free_skb(pkt); 2162 /* free the pkt if canned one is not used */ 2163 free_pkt = true; 2164 pkt = new; 2165 frame = (u8 *) (pkt->data); 2166 /* precondition: (frame % BRCMF_SDALIGN) == 0) */ 2167 pad = 0; 2168 } else { 2169 skb_push(pkt, pad); 2170 frame = (u8 *) (pkt->data); 2171 /* precondition: pad + SDPCM_HDRLEN <= pkt->len */ 2172 memset(frame, 0, pad + SDPCM_HDRLEN); 2173 } 2174 } 2175 /* precondition: pad < BRCMF_SDALIGN */ 2176 2177 /* Hardware tag: 2 byte len followed by 2 byte ~len check (all LE) */ 2178 len = (u16) (pkt->len); 2179 *(__le16 *) frame = cpu_to_le16(len); 2180 *(((__le16 *) frame) + 1) = cpu_to_le16(~len); 2181 2182 /* Software tag: channel, sequence number, data offset */ 2183 swheader = 2184 ((chan << SDPCM_CHANNEL_SHIFT) & SDPCM_CHANNEL_MASK) | bus->tx_seq | 2185 (((pad + 2186 SDPCM_HDRLEN) << SDPCM_DOFFSET_SHIFT) & SDPCM_DOFFSET_MASK); 2187 2188 put_unaligned_le32(swheader, frame + SDPCM_FRAMETAG_LEN); 2189 put_unaligned_le32(0, frame + SDPCM_FRAMETAG_LEN + sizeof(swheader)); 2190 2191#ifdef BCMDBG 2192 tx_packets[pkt->priority]++; 2193 if (BRCMF_BYTES_ON() && 2194 (((BRCMF_CTL_ON() && (chan == SDPCM_CONTROL_CHANNEL)) || 2195 (BRCMF_DATA_ON() && (chan != SDPCM_CONTROL_CHANNEL))))) { 2196 printk(KERN_DEBUG "Tx Frame:\n"); 2197 print_hex_dump_bytes("", DUMP_PREFIX_OFFSET, frame, len); 2198 } else if (BRCMF_HDRS_ON()) { 2199 printk(KERN_DEBUG "TxHdr:\n"); 2200 print_hex_dump_bytes("", DUMP_PREFIX_OFFSET, 2201 frame, min_t(u16, len, 16)); 2202 } 2203#endif 2204 2205 /* Raise len to next SDIO block to eliminate tail command */ 2206 if (bus->roundup && bus->blocksize && (len > bus->blocksize)) { 2207 u16 pad = bus->blocksize - (len % bus->blocksize); 2208 if ((pad <= bus->roundup) && (pad < bus->blocksize)) 2209 len += pad; 2210 } else if (len % BRCMF_SDALIGN) { 2211 len += BRCMF_SDALIGN - (len % BRCMF_SDALIGN); 2212 } 2213 2214 /* Some controllers have trouble with odd bytes -- round to even */ 2215 if (len & (ALIGNMENT - 1)) 2216 len = roundup(len, ALIGNMENT); 2217 2218 ret = brcmf_sdbrcm_send_buf(bus, bus->sdiodev->sbwad, 2219 SDIO_FUNC_2, F2SYNC, frame, 2220 len, pkt); 2221 bus->f2txdata++; 2222 2223 if (ret < 0) { 2224 /* On failure, abort the command and terminate the frame */ 2225 brcmf_dbg(INFO, "sdio error %d, abort command and terminate frame\n", 2226 ret); 2227 bus->tx_sderrs++; 2228 2229 brcmf_sdcard_abort(bus->sdiodev, SDIO_FUNC_2); 2230 brcmf_sdcard_cfg_write(bus->sdiodev, SDIO_FUNC_1, 2231 SBSDIO_FUNC1_FRAMECTRL, SFC_WF_TERM, 2232 NULL); 2233 bus->f1regdata++; 2234 2235 for (i = 0; i < 3; i++) { 2236 u8 hi, lo; 2237 hi = brcmf_sdcard_cfg_read(bus->sdiodev, 2238 SDIO_FUNC_1, 2239 SBSDIO_FUNC1_WFRAMEBCHI, 2240 NULL); 2241 lo = brcmf_sdcard_cfg_read(bus->sdiodev, 2242 SDIO_FUNC_1, 2243 SBSDIO_FUNC1_WFRAMEBCLO, 2244 NULL); 2245 bus->f1regdata += 2; 2246 if ((hi == 0) && (lo == 0)) 2247 break; 2248 } 2249 2250 } 2251 if (ret == 0) 2252 bus->tx_seq = (bus->tx_seq + 1) % SDPCM_SEQUENCE_WRAP; 2253 2254done: 2255 /* restore pkt buffer pointer before calling tx complete routine */ 2256 skb_pull(pkt, SDPCM_HDRLEN + pad); 2257 up(&bus->sdsem); 2258 brcmf_txcomplete(bus->drvr, pkt, ret != 0); 2259 down(&bus->sdsem); 2260 2261 if (free_pkt) 2262 brcmu_pkt_buf_free_skb(pkt); 2263 2264 return ret; 2265} 2266 2267static uint brcmf_sdbrcm_sendfromq(struct brcmf_bus *bus, uint maxframes) 2268{ 2269 struct sk_buff *pkt; 2270 u32 intstatus = 0; 2271 uint retries = 0; 2272 int ret = 0, prec_out; 2273 uint cnt = 0; 2274 uint datalen; 2275 u8 tx_prec_map; 2276 2277 struct brcmf_pub *drvr = bus->drvr; 2278 2279 brcmf_dbg(TRACE, "Enter\n"); 2280 2281 tx_prec_map = ~bus->flowcontrol; 2282 2283 /* Send frames until the limit or some other event */ 2284 for (cnt = 0; (cnt < maxframes) && data_ok(bus); cnt++) { 2285 spin_lock_bh(&bus->txqlock); 2286 pkt = brcmu_pktq_mdeq(&bus->txq, tx_prec_map, &prec_out); 2287 if (pkt == NULL) { 2288 spin_unlock_bh(&bus->txqlock); 2289 break; 2290 } 2291 spin_unlock_bh(&bus->txqlock); 2292 datalen = pkt->len - SDPCM_HDRLEN; 2293 2294 ret = brcmf_sdbrcm_txpkt(bus, pkt, SDPCM_DATA_CHANNEL, true); 2295 if (ret) 2296 bus->drvr->tx_errors++; 2297 else 2298 bus->drvr->dstats.tx_bytes += datalen; 2299 2300 /* In poll mode, need to check for other events */ 2301 if (!bus->intr && cnt) { 2302 /* Check device status, signal pending interrupt */ 2303 r_sdreg32(bus, &intstatus, 2304 offsetof(struct sdpcmd_regs, intstatus), 2305 &retries); 2306 bus->f2txdata++; 2307 if (brcmf_sdcard_regfail(bus->sdiodev)) 2308 break; 2309 if (intstatus & bus->hostintmask) 2310 bus->ipend = true; 2311 } 2312 } 2313 2314 /* Deflow-control stack if needed */ 2315 if (drvr->up && (drvr->busstate == BRCMF_BUS_DATA) && 2316 drvr->txoff && (pktq_len(&bus->txq) < TXLOW)) 2317 brcmf_txflowcontrol(drvr, 0, OFF); 2318 2319 return cnt; 2320} 2321 2322static bool brcmf_sdbrcm_dpc(struct brcmf_bus *bus) 2323{ 2324 u32 intstatus, newstatus = 0; 2325 uint retries = 0; 2326 uint rxlimit = bus->rxbound; /* Rx frames to read before resched */ 2327 uint txlimit = bus->txbound; /* Tx frames to send before resched */ 2328 uint framecnt = 0; /* Temporary counter of tx/rx frames */ 2329 bool rxdone = true; /* Flag for no more read data */ 2330 bool resched = false; /* Flag indicating resched wanted */ 2331 2332 brcmf_dbg(TRACE, "Enter\n"); 2333 2334 /* Start with leftover status bits */ 2335 intstatus = bus->intstatus; 2336 2337 down(&bus->sdsem); 2338 2339 /* If waiting for HTAVAIL, check status */ 2340 if (bus->clkstate == CLK_PENDING) { 2341 int err; 2342 u8 clkctl, devctl = 0; 2343 2344#ifdef BCMDBG 2345 /* Check for inconsistent device control */ 2346 devctl = brcmf_sdcard_cfg_read(bus->sdiodev, SDIO_FUNC_1, 2347 SBSDIO_DEVICE_CTL, &err); 2348 if (err) { 2349 brcmf_dbg(ERROR, "error reading DEVCTL: %d\n", err); 2350 bus->drvr->busstate = BRCMF_BUS_DOWN; 2351 } 2352#endif /* BCMDBG */ 2353 2354 /* Read CSR, if clock on switch to AVAIL, else ignore */ 2355 clkctl = brcmf_sdcard_cfg_read(bus->sdiodev, SDIO_FUNC_1, 2356 SBSDIO_FUNC1_CHIPCLKCSR, &err); 2357 if (err) { 2358 brcmf_dbg(ERROR, "error reading CSR: %d\n", 2359 err); 2360 bus->drvr->busstate = BRCMF_BUS_DOWN; 2361 } 2362 2363 brcmf_dbg(INFO, "DPC: PENDING, devctl 0x%02x clkctl 0x%02x\n", 2364 devctl, clkctl); 2365 2366 if (SBSDIO_HTAV(clkctl)) { 2367 devctl = brcmf_sdcard_cfg_read(bus->sdiodev, 2368 SDIO_FUNC_1, 2369 SBSDIO_DEVICE_CTL, &err); 2370 if (err) { 2371 brcmf_dbg(ERROR, "error reading DEVCTL: %d\n", 2372 err); 2373 bus->drvr->busstate = BRCMF_BUS_DOWN; 2374 } 2375 devctl &= ~SBSDIO_DEVCTL_CA_INT_ONLY; 2376 brcmf_sdcard_cfg_write(bus->sdiodev, SDIO_FUNC_1, 2377 SBSDIO_DEVICE_CTL, devctl, &err); 2378 if (err) { 2379 brcmf_dbg(ERROR, "error writing DEVCTL: %d\n", 2380 err); 2381 bus->drvr->busstate = BRCMF_BUS_DOWN; 2382 } 2383 bus->clkstate = CLK_AVAIL; 2384 } else { 2385 goto clkwait; 2386 } 2387 } 2388 2389 bus_wake(bus); 2390 2391 /* Make sure backplane clock is on */ 2392 brcmf_sdbrcm_clkctl(bus, CLK_AVAIL, true); 2393 if (bus->clkstate == CLK_PENDING) 2394 goto clkwait; 2395 2396 /* Pending interrupt indicates new device status */ 2397 if (bus->ipend) { 2398 bus->ipend = false; 2399 r_sdreg32(bus, &newstatus, 2400 offsetof(struct sdpcmd_regs, intstatus), &retries); 2401 bus->f1regdata++; 2402 if (brcmf_sdcard_regfail(bus->sdiodev)) 2403 newstatus = 0; 2404 newstatus &= bus->hostintmask; 2405 bus->fcstate = !!(newstatus & I_HMB_FC_STATE); 2406 if (newstatus) { 2407 w_sdreg32(bus, newstatus, 2408 offsetof(struct sdpcmd_regs, intstatus), 2409 &retries); 2410 bus->f1regdata++; 2411 } 2412 } 2413 2414 /* Merge new bits with previous */ 2415 intstatus |= newstatus; 2416 bus->intstatus = 0; 2417 2418 /* Handle flow-control change: read new state in case our ack 2419 * crossed another change interrupt. If change still set, assume 2420 * FC ON for safety, let next loop through do the debounce. 2421 */ 2422 if (intstatus & I_HMB_FC_CHANGE) { 2423 intstatus &= ~I_HMB_FC_CHANGE; 2424 w_sdreg32(bus, I_HMB_FC_CHANGE, 2425 offsetof(struct sdpcmd_regs, intstatus), &retries); 2426 2427 r_sdreg32(bus, &newstatus, 2428 offsetof(struct sdpcmd_regs, intstatus), &retries); 2429 bus->f1regdata += 2; 2430 bus->fcstate = 2431 !!(newstatus & (I_HMB_FC_STATE | I_HMB_FC_CHANGE)); 2432 intstatus |= (newstatus & bus->hostintmask); 2433 } 2434 2435 /* Handle host mailbox indication */ 2436 if (intstatus & I_HMB_HOST_INT) { 2437 intstatus &= ~I_HMB_HOST_INT; 2438 intstatus |= brcmf_sdbrcm_hostmail(bus); 2439 } 2440 2441 /* Generally don't ask for these, can get CRC errors... */ 2442 if (intstatus & I_WR_OOSYNC) { 2443 brcmf_dbg(ERROR, "Dongle reports WR_OOSYNC\n"); 2444 intstatus &= ~I_WR_OOSYNC; 2445 } 2446 2447 if (intstatus & I_RD_OOSYNC) { 2448 brcmf_dbg(ERROR, "Dongle reports RD_OOSYNC\n"); 2449 intstatus &= ~I_RD_OOSYNC; 2450 } 2451 2452 if (intstatus & I_SBINT) { 2453 brcmf_dbg(ERROR, "Dongle reports SBINT\n"); 2454 intstatus &= ~I_SBINT; 2455 } 2456 2457 /* Would be active due to wake-wlan in gSPI */ 2458 if (intstatus & I_CHIPACTIVE) { 2459 brcmf_dbg(INFO, "Dongle reports CHIPACTIVE\n"); 2460 intstatus &= ~I_CHIPACTIVE; 2461 } 2462 2463 /* Ignore frame indications if rxskip is set */ 2464 if (bus->rxskip) 2465 intstatus &= ~I_HMB_FRAME_IND; 2466 2467 /* On frame indication, read available frames */ 2468 if (PKT_AVAILABLE()) { 2469 framecnt = brcmf_sdbrcm_readframes(bus, rxlimit, &rxdone); 2470 if (rxdone || bus->rxskip) 2471 intstatus &= ~I_HMB_FRAME_IND; 2472 rxlimit -= min(framecnt, rxlimit); 2473 } 2474 2475 /* Keep still-pending events for next scheduling */ 2476 bus->intstatus = intstatus; 2477 2478clkwait: 2479 if (data_ok(bus) && bus->ctrl_frame_stat && 2480 (bus->clkstate == CLK_AVAIL)) { 2481 int ret, i; 2482 2483 ret = brcmf_sdbrcm_send_buf(bus, bus->sdiodev->sbwad, 2484 SDIO_FUNC_2, F2SYNC, (u8 *) bus->ctrl_frame_buf, 2485 (u32) bus->ctrl_frame_len, NULL); 2486 2487 if (ret < 0) { 2488 /* On failure, abort the command and 2489 terminate the frame */ 2490 brcmf_dbg(INFO, "sdio error %d, abort command and terminate frame\n", 2491 ret); 2492 bus->tx_sderrs++; 2493 2494 brcmf_sdcard_abort(bus->sdiodev, SDIO_FUNC_2); 2495 2496 brcmf_sdcard_cfg_write(bus->sdiodev, SDIO_FUNC_1, 2497 SBSDIO_FUNC1_FRAMECTRL, SFC_WF_TERM, 2498 NULL); 2499 bus->f1regdata++; 2500 2501 for (i = 0; i < 3; i++) { 2502 u8 hi, lo; 2503 hi = brcmf_sdcard_cfg_read(bus->sdiodev, 2504 SDIO_FUNC_1, 2505 SBSDIO_FUNC1_WFRAMEBCHI, 2506 NULL); 2507 lo = brcmf_sdcard_cfg_read(bus->sdiodev, 2508 SDIO_FUNC_1, 2509 SBSDIO_FUNC1_WFRAMEBCLO, 2510 NULL); 2511 bus->f1regdata += 2; 2512 if ((hi == 0) && (lo == 0)) 2513 break; 2514 } 2515 2516 } 2517 if (ret == 0) 2518 bus->tx_seq = (bus->tx_seq + 1) % SDPCM_SEQUENCE_WRAP; 2519 2520 brcmf_dbg(INFO, "Return_dpc value is : %d\n", ret); 2521 bus->ctrl_frame_stat = false; 2522 brcmf_sdbrcm_wait_event_wakeup(bus); 2523 } 2524 /* Send queued frames (limit 1 if rx may still be pending) */ 2525 else if ((bus->clkstate == CLK_AVAIL) && !bus->fcstate && 2526 brcmu_pktq_mlen(&bus->txq, ~bus->flowcontrol) && txlimit 2527 && data_ok(bus)) { 2528 framecnt = rxdone ? txlimit : min(txlimit, bus->txminmax); 2529 framecnt = brcmf_sdbrcm_sendfromq(bus, framecnt); 2530 txlimit -= framecnt; 2531 } 2532 2533 /* Resched if events or tx frames are pending, 2534 else await next interrupt */ 2535 /* On failed register access, all bets are off: 2536 no resched or interrupts */ 2537 if ((bus->drvr->busstate == BRCMF_BUS_DOWN) || 2538 brcmf_sdcard_regfail(bus->sdiodev)) { 2539 brcmf_dbg(ERROR, "failed backplane access over SDIO, halting operation %d\n", 2540 brcmf_sdcard_regfail(bus->sdiodev)); 2541 bus->drvr->busstate = BRCMF_BUS_DOWN; 2542 bus->intstatus = 0; 2543 } else if (bus->clkstate == CLK_PENDING) { 2544 brcmf_dbg(INFO, "rescheduled due to CLK_PENDING awaiting I_CHIPACTIVE interrupt\n"); 2545 resched = true; 2546 } else if (bus->intstatus || bus->ipend || 2547 (!bus->fcstate && brcmu_pktq_mlen(&bus->txq, ~bus->flowcontrol) 2548 && data_ok(bus)) || PKT_AVAILABLE()) { 2549 resched = true; 2550 } 2551 2552 bus->dpc_sched = resched; 2553 2554 /* If we're done for now, turn off clock request. */ 2555 if ((bus->clkstate != CLK_PENDING) 2556 && bus->idletime == BRCMF_IDLE_IMMEDIATE) { 2557 bus->activity = false; 2558 brcmf_sdbrcm_clkctl(bus, CLK_NONE, false); 2559 } 2560 2561 up(&bus->sdsem); 2562 2563 return resched; 2564} 2565 2566static int brcmf_sdbrcm_dpc_thread(void *data) 2567{ 2568 struct brcmf_bus *bus = (struct brcmf_bus *) data; 2569 2570 allow_signal(SIGTERM); 2571 /* Run until signal received */ 2572 while (1) { 2573 if (kthread_should_stop()) 2574 break; 2575 if (!wait_for_completion_interruptible(&bus->dpc_wait)) { 2576 /* Call bus dpc unless it indicated down 2577 (then clean stop) */ 2578 if (bus->drvr->busstate != BRCMF_BUS_DOWN) { 2579 if (brcmf_sdbrcm_dpc(bus)) 2580 complete(&bus->dpc_wait); 2581 } else { 2582 /* after stopping the bus, exit thread */ 2583 brcmf_sdbrcm_bus_stop(bus); 2584 bus->dpc_tsk = NULL; 2585 break; 2586 } 2587 } else 2588 break; 2589 } 2590 return 0; 2591} 2592 2593int brcmf_sdbrcm_bus_txdata(struct brcmf_bus *bus, struct sk_buff *pkt) 2594{ 2595 int ret = -EBADE; 2596 uint datalen, prec; 2597 2598 brcmf_dbg(TRACE, "Enter\n"); 2599 2600 datalen = pkt->len; 2601 2602 /* Add space for the header */ 2603 skb_push(pkt, SDPCM_HDRLEN); 2604 /* precondition: IS_ALIGNED((unsigned long)(pkt->data), 2) */ 2605 2606 prec = prio2prec((pkt->priority & PRIOMASK)); 2607 2608 /* Check for existing queue, current flow-control, 2609 pending event, or pending clock */ 2610 brcmf_dbg(TRACE, "deferring pktq len %d\n", pktq_len(&bus->txq)); 2611 bus->fcqueued++; 2612 2613 /* Priority based enq */ 2614 spin_lock_bh(&bus->txqlock); 2615 if (brcmf_c_prec_enq(bus->drvr, &bus->txq, pkt, prec) == false) { 2616 skb_pull(pkt, SDPCM_HDRLEN); 2617 brcmf_txcomplete(bus->drvr, pkt, false); 2618 brcmu_pkt_buf_free_skb(pkt); 2619 brcmf_dbg(ERROR, "out of bus->txq !!!\n"); 2620 ret = -ENOSR; 2621 } else { 2622 ret = 0; 2623 } 2624 spin_unlock_bh(&bus->txqlock); 2625 2626 if (pktq_len(&bus->txq) >= TXHI) 2627 brcmf_txflowcontrol(bus->drvr, 0, ON); 2628 2629#ifdef BCMDBG 2630 if (pktq_plen(&bus->txq, prec) > qcount[prec]) 2631 qcount[prec] = pktq_plen(&bus->txq, prec); 2632#endif 2633 /* Schedule DPC if needed to send queued packet(s) */ 2634 if (!bus->dpc_sched) { 2635 bus->dpc_sched = true; 2636 if (bus->dpc_tsk) 2637 complete(&bus->dpc_wait); 2638 } 2639 2640 return ret; 2641} 2642 2643static int 2644brcmf_sdbrcm_membytes(struct brcmf_bus *bus, bool write, u32 address, u8 *data, 2645 uint size) 2646{ 2647 int bcmerror = 0; 2648 u32 sdaddr; 2649 uint dsize; 2650 2651 /* Determine initial transfer parameters */ 2652 sdaddr = address & SBSDIO_SB_OFT_ADDR_MASK; 2653 if ((sdaddr + size) & SBSDIO_SBWINDOW_MASK) 2654 dsize = (SBSDIO_SB_OFT_ADDR_LIMIT - sdaddr); 2655 else 2656 dsize = size; 2657 2658 /* Set the backplane window to include the start address */ 2659 bcmerror = brcmf_sdcard_set_sbaddr_window(bus->sdiodev, address); 2660 if (bcmerror) { 2661 brcmf_dbg(ERROR, "window change failed\n"); 2662 goto xfer_done; 2663 } 2664 2665 /* Do the transfer(s) */ 2666 while (size) { 2667 brcmf_dbg(INFO, "%s %d bytes at offset 0x%08x in window 0x%08x\n", 2668 write ? "write" : "read", dsize, 2669 sdaddr, address & SBSDIO_SBWINDOW_MASK); 2670 bcmerror = brcmf_sdcard_rwdata(bus->sdiodev, write, 2671 sdaddr, data, dsize); 2672 if (bcmerror) { 2673 brcmf_dbg(ERROR, "membytes transfer failed\n"); 2674 break; 2675 } 2676 2677 /* Adjust for next transfer (if any) */ 2678 size -= dsize; 2679 if (size) { 2680 data += dsize; 2681 address += dsize; 2682 bcmerror = brcmf_sdcard_set_sbaddr_window(bus->sdiodev, 2683 address); 2684 if (bcmerror) { 2685 brcmf_dbg(ERROR, "window change failed\n"); 2686 break; 2687 } 2688 sdaddr = 0; 2689 dsize = min_t(uint, SBSDIO_SB_OFT_ADDR_LIMIT, size); 2690 } 2691 } 2692 2693xfer_done: 2694 /* Return the window to backplane enumeration space for core access */ 2695 if (brcmf_sdcard_set_sbaddr_window(bus->sdiodev, bus->sdiodev->sbwad)) 2696 brcmf_dbg(ERROR, "FAILED to set window back to 0x%x\n", 2697 bus->sdiodev->sbwad); 2698 2699 return bcmerror; 2700} 2701 2702#ifdef BCMDBG 2703#define CONSOLE_LINE_MAX 192 2704 2705static int brcmf_sdbrcm_readconsole(struct brcmf_bus *bus) 2706{ 2707 struct brcmf_console *c = &bus->console; 2708 u8 line[CONSOLE_LINE_MAX], ch; 2709 u32 n, idx, addr; 2710 int rv; 2711 2712 /* Don't do anything until FWREADY updates console address */ 2713 if (bus->console_addr == 0) 2714 return 0; 2715 2716 /* Read console log struct */ 2717 addr = bus->console_addr + offsetof(struct rte_console, log_le); 2718 rv = brcmf_sdbrcm_membytes(bus, false, addr, (u8 *)&c->log_le, 2719 sizeof(c->log_le)); 2720 if (rv < 0) 2721 return rv; 2722 2723 /* Allocate console buffer (one time only) */ 2724 if (c->buf == NULL) { 2725 c->bufsize = le32_to_cpu(c->log_le.buf_size); 2726 c->buf = kmalloc(c->bufsize, GFP_ATOMIC); 2727 if (c->buf == NULL) 2728 return -ENOMEM; 2729 } 2730 2731 idx = le32_to_cpu(c->log_le.idx); 2732 2733 /* Protect against corrupt value */ 2734 if (idx > c->bufsize) 2735 return -EBADE; 2736 2737 /* Skip reading the console buffer if the index pointer 2738 has not moved */ 2739 if (idx == c->last) 2740 return 0; 2741 2742 /* Read the console buffer */ 2743 addr = le32_to_cpu(c->log_le.buf); 2744 rv = brcmf_sdbrcm_membytes(bus, false, addr, c->buf, c->bufsize); 2745 if (rv < 0) 2746 return rv; 2747 2748 while (c->last != idx) { 2749 for (n = 0; n < CONSOLE_LINE_MAX - 2; n++) { 2750 if (c->last == idx) { 2751 /* This would output a partial line. 2752 * Instead, back up 2753 * the buffer pointer and output this 2754 * line next time around. 2755 */ 2756 if (c->last >= n) 2757 c->last -= n; 2758 else 2759 c->last = c->bufsize - n; 2760 goto break2; 2761 } 2762 ch = c->buf[c->last]; 2763 c->last = (c->last + 1) % c->bufsize; 2764 if (ch == '\n') 2765 break; 2766 line[n] = ch; 2767 } 2768 2769 if (n > 0) { 2770 if (line[n - 1] == '\r') 2771 n--; 2772 line[n] = 0; 2773 printk(KERN_DEBUG "CONSOLE: %s\n", line); 2774 } 2775 } 2776break2: 2777 2778 return 0; 2779} 2780#endif /* BCMDBG */ 2781 2782static int brcmf_tx_frame(struct brcmf_bus *bus, u8 *frame, u16 len) 2783{ 2784 int i; 2785 int ret; 2786 2787 bus->ctrl_frame_stat = false; 2788 ret = brcmf_sdbrcm_send_buf(bus, bus->sdiodev->sbwad, 2789 SDIO_FUNC_2, F2SYNC, frame, len, NULL); 2790 2791 if (ret < 0) { 2792 /* On failure, abort the command and terminate the frame */ 2793 brcmf_dbg(INFO, "sdio error %d, abort command and terminate frame\n", 2794 ret); 2795 bus->tx_sderrs++; 2796 2797 brcmf_sdcard_abort(bus->sdiodev, SDIO_FUNC_2); 2798 2799 brcmf_sdcard_cfg_write(bus->sdiodev, SDIO_FUNC_1, 2800 SBSDIO_FUNC1_FRAMECTRL, 2801 SFC_WF_TERM, NULL); 2802 bus->f1regdata++; 2803 2804 for (i = 0; i < 3; i++) { 2805 u8 hi, lo; 2806 hi = brcmf_sdcard_cfg_read(bus->sdiodev, SDIO_FUNC_1, 2807 SBSDIO_FUNC1_WFRAMEBCHI, 2808 NULL); 2809 lo = brcmf_sdcard_cfg_read(bus->sdiodev, SDIO_FUNC_1, 2810 SBSDIO_FUNC1_WFRAMEBCLO, 2811 NULL); 2812 bus->f1regdata += 2; 2813 if (hi == 0 && lo == 0) 2814 break; 2815 } 2816 return ret; 2817 } 2818 2819 bus->tx_seq = (bus->tx_seq + 1) % SDPCM_SEQUENCE_WRAP; 2820 2821 return ret; 2822} 2823 2824int 2825brcmf_sdbrcm_bus_txctl(struct brcmf_bus *bus, unsigned char *msg, uint msglen) 2826{ 2827 u8 *frame; 2828 u16 len; 2829 u32 swheader; 2830 uint retries = 0; 2831 u8 doff = 0; 2832 int ret = -1; 2833 2834 brcmf_dbg(TRACE, "Enter\n"); 2835 2836 /* Back the pointer to make a room for bus header */ 2837 frame = msg - SDPCM_HDRLEN; 2838 len = (msglen += SDPCM_HDRLEN); 2839 2840 /* Add alignment padding (optional for ctl frames) */ 2841 doff = ((unsigned long)frame % BRCMF_SDALIGN); 2842 if (doff) { 2843 frame -= doff; 2844 len += doff; 2845 msglen += doff; 2846 memset(frame, 0, doff + SDPCM_HDRLEN); 2847 } 2848 /* precondition: doff < BRCMF_SDALIGN */ 2849 doff += SDPCM_HDRLEN; 2850 2851 /* Round send length to next SDIO block */ 2852 if (bus->roundup && bus->blocksize && (len > bus->blocksize)) { 2853 u16 pad = bus->blocksize - (len % bus->blocksize); 2854 if ((pad <= bus->roundup) && (pad < bus->blocksize)) 2855 len += pad; 2856 } else if (len % BRCMF_SDALIGN) { 2857 len += BRCMF_SDALIGN - (len % BRCMF_SDALIGN); 2858 } 2859 2860 /* Satisfy length-alignment requirements */ 2861 if (len & (ALIGNMENT - 1)) 2862 len = roundup(len, ALIGNMENT); 2863 2864 /* precondition: IS_ALIGNED((unsigned long)frame, 2) */ 2865 2866 /* Need to lock here to protect txseq and SDIO tx calls */ 2867 down(&bus->sdsem); 2868 2869 bus_wake(bus); 2870 2871 /* Make sure backplane clock is on */ 2872 brcmf_sdbrcm_clkctl(bus, CLK_AVAIL, false); 2873 2874 /* Hardware tag: 2 byte len followed by 2 byte ~len check (all LE) */ 2875 *(__le16 *) frame = cpu_to_le16((u16) msglen); 2876 *(((__le16 *) frame) + 1) = cpu_to_le16(~msglen); 2877 2878 /* Software tag: channel, sequence number, data offset */ 2879 swheader = 2880 ((SDPCM_CONTROL_CHANNEL << SDPCM_CHANNEL_SHIFT) & 2881 SDPCM_CHANNEL_MASK) 2882 | bus->tx_seq | ((doff << SDPCM_DOFFSET_SHIFT) & 2883 SDPCM_DOFFSET_MASK); 2884 put_unaligned_le32(swheader, frame + SDPCM_FRAMETAG_LEN); 2885 put_unaligned_le32(0, frame + SDPCM_FRAMETAG_LEN + sizeof(swheader)); 2886 2887 if (!data_ok(bus)) { 2888 brcmf_dbg(INFO, "No bus credit bus->tx_max %d, bus->tx_seq %d\n", 2889 bus->tx_max, bus->tx_seq); 2890 bus->ctrl_frame_stat = true; 2891 /* Send from dpc */ 2892 bus->ctrl_frame_buf = frame; 2893 bus->ctrl_frame_len = len; 2894 2895 brcmf_sdbrcm_wait_for_event(bus, &bus->ctrl_frame_stat); 2896 2897 if (bus->ctrl_frame_stat == false) { 2898 brcmf_dbg(INFO, "ctrl_frame_stat == false\n"); 2899 ret = 0; 2900 } else { 2901 brcmf_dbg(INFO, "ctrl_frame_stat == true\n"); 2902 ret = -1; 2903 } 2904 } 2905 2906 if (ret == -1) { 2907#ifdef BCMDBG 2908 if (BRCMF_BYTES_ON() && BRCMF_CTL_ON()) { 2909 printk(KERN_DEBUG "Tx Frame:\n"); 2910 print_hex_dump_bytes("", DUMP_PREFIX_OFFSET, 2911 frame, len); 2912 } else if (BRCMF_HDRS_ON()) { 2913 printk(KERN_DEBUG "TxHdr:\n"); 2914 print_hex_dump_bytes("", DUMP_PREFIX_OFFSET, 2915 frame, min_t(u16, len, 16)); 2916 } 2917#endif 2918 2919 do { 2920 ret = brcmf_tx_frame(bus, frame, len); 2921 } while (ret < 0 && retries++ < TXRETRIES); 2922 } 2923 2924 if ((bus->idletime == BRCMF_IDLE_IMMEDIATE) && !bus->dpc_sched) { 2925 bus->activity = false; 2926 brcmf_sdbrcm_clkctl(bus, CLK_NONE, true); 2927 } 2928 2929 up(&bus->sdsem); 2930 2931 if (ret) 2932 bus->drvr->tx_ctlerrs++; 2933 else 2934 bus->drvr->tx_ctlpkts++; 2935 2936 return ret ? -EIO : 0; 2937} 2938 2939int 2940brcmf_sdbrcm_bus_rxctl(struct brcmf_bus *bus, unsigned char *msg, uint msglen) 2941{ 2942 int timeleft; 2943 uint rxlen = 0; 2944 bool pending; 2945 2946 brcmf_dbg(TRACE, "Enter\n"); 2947 2948 /* Wait until control frame is available */ 2949 timeleft = brcmf_sdbrcm_dcmd_resp_wait(bus, &bus->rxlen, &pending); 2950 2951 down(&bus->sdsem); 2952 rxlen = bus->rxlen; 2953 memcpy(msg, bus->rxctl, min(msglen, rxlen)); 2954 bus->rxlen = 0; 2955 up(&bus->sdsem); 2956 2957 if (rxlen) { 2958 brcmf_dbg(CTL, "resumed on rxctl frame, got %d expected %d\n", 2959 rxlen, msglen); 2960 } else if (timeleft == 0) { 2961 brcmf_dbg(ERROR, "resumed on timeout\n"); 2962 } else if (pending == true) { 2963 brcmf_dbg(CTL, "cancelled\n"); 2964 return -ERESTARTSYS; 2965 } else { 2966 brcmf_dbg(CTL, "resumed for unknown reason?\n"); 2967 } 2968 2969 if (rxlen) 2970 bus->drvr->rx_ctlpkts++; 2971 else 2972 bus->drvr->rx_ctlerrs++; 2973 2974 return rxlen ? (int)rxlen : -ETIMEDOUT; 2975} 2976 2977static int brcmf_sdbrcm_downloadvars(struct brcmf_bus *bus, void *arg, int len) 2978{ 2979 int bcmerror = 0; 2980 2981 brcmf_dbg(TRACE, "Enter\n"); 2982 2983 /* Basic sanity checks */ 2984 if (bus->drvr->up) { 2985 bcmerror = -EISCONN; 2986 goto err; 2987 } 2988 if (!len) { 2989 bcmerror = -EOVERFLOW; 2990 goto err; 2991 } 2992 2993 /* Free the old ones and replace with passed variables */ 2994 kfree(bus->vars); 2995 2996 bus->vars = kmalloc(len, GFP_ATOMIC); 2997 bus->varsz = bus->vars ? len : 0; 2998 if (bus->vars == NULL) { 2999 bcmerror = -ENOMEM; 3000 goto err; 3001 } 3002 3003 /* Copy the passed variables, which should include the 3004 terminating double-null */ 3005 memcpy(bus->vars, arg, bus->varsz); 3006err: 3007 return bcmerror; 3008} 3009 3010static int brcmf_sdbrcm_write_vars(struct brcmf_bus *bus) 3011{ 3012 int bcmerror = 0; 3013 u32 varsize; 3014 u32 varaddr; 3015 u8 *vbuffer; 3016 u32 varsizew; 3017 __le32 varsizew_le; 3018#ifdef BCMDBG 3019 char *nvram_ularray; 3020#endif /* BCMDBG */ 3021 3022 /* Even if there are no vars are to be written, we still 3023 need to set the ramsize. */ 3024 varsize = bus->varsz ? roundup(bus->varsz, 4) : 0; 3025 varaddr = (bus->ramsize - 4) - varsize; 3026 3027 if (bus->vars) { 3028 vbuffer = kzalloc(varsize, GFP_ATOMIC); 3029 if (!vbuffer) 3030 return -ENOMEM; 3031 3032 memcpy(vbuffer, bus->vars, bus->varsz); 3033 3034 /* Write the vars list */ 3035 bcmerror = 3036 brcmf_sdbrcm_membytes(bus, true, varaddr, vbuffer, varsize); 3037#ifdef BCMDBG 3038 /* Verify NVRAM bytes */ 3039 brcmf_dbg(INFO, "Compare NVRAM dl & ul; varsize=%d\n", varsize); 3040 nvram_ularray = kmalloc(varsize, GFP_ATOMIC); 3041 if (!nvram_ularray) 3042 return -ENOMEM; 3043 3044 /* Upload image to verify downloaded contents. */ 3045 memset(nvram_ularray, 0xaa, varsize); 3046 3047 /* Read the vars list to temp buffer for comparison */ 3048 bcmerror = 3049 brcmf_sdbrcm_membytes(bus, false, varaddr, nvram_ularray, 3050 varsize); 3051 if (bcmerror) { 3052 brcmf_dbg(ERROR, "error %d on reading %d nvram bytes at 0x%08x\n", 3053 bcmerror, varsize, varaddr); 3054 } 3055 /* Compare the org NVRAM with the one read from RAM */ 3056 if (memcmp(vbuffer, nvram_ularray, varsize)) 3057 brcmf_dbg(ERROR, "Downloaded NVRAM image is corrupted\n"); 3058 else 3059 brcmf_dbg(ERROR, "Download/Upload/Compare of NVRAM ok\n"); 3060 3061 kfree(nvram_ularray); 3062#endif /* BCMDBG */ 3063 3064 kfree(vbuffer); 3065 } 3066 3067 /* adjust to the user specified RAM */ 3068 brcmf_dbg(INFO, "Physical memory size: %d\n", bus->ramsize); 3069 brcmf_dbg(INFO, "Vars are at %d, orig varsize is %d\n", 3070 varaddr, varsize); 3071 varsize = ((bus->ramsize - 4) - varaddr); 3072 3073 /* 3074 * Determine the length token: 3075 * Varsize, converted to words, in lower 16-bits, checksum 3076 * in upper 16-bits. 3077 */ 3078 if (bcmerror) { 3079 varsizew = 0; 3080 varsizew_le = cpu_to_le32(0); 3081 } else { 3082 varsizew = varsize / 4; 3083 varsizew = (~varsizew << 16) | (varsizew & 0x0000FFFF); 3084 varsizew_le = cpu_to_le32(varsizew); 3085 } 3086 3087 brcmf_dbg(INFO, "New varsize is %d, length token=0x%08x\n", 3088 varsize, varsizew); 3089 3090 /* Write the length token to the last word */ 3091 bcmerror = brcmf_sdbrcm_membytes(bus, true, (bus->ramsize - 4), 3092 (u8 *)&varsizew_le, 4); 3093 3094 return bcmerror; 3095} 3096 3097static int brcmf_sdbrcm_download_state(struct brcmf_bus *bus, bool enter) 3098{ 3099 uint retries; 3100 int bcmerror = 0; 3101 struct chip_info *ci = bus->ci; 3102 3103 /* To enter download state, disable ARM and reset SOCRAM. 3104 * To exit download state, simply reset ARM (default is RAM boot). 3105 */ 3106 if (enter) { 3107 bus->alp_only = true; 3108 3109 ci->coredisable(bus->sdiodev, ci, BCMA_CORE_ARM_CM3); 3110 3111 brcmf_sdio_chip_resetcore(bus->sdiodev, ci, 3112 BCMA_CORE_INTERNAL_MEM); 3113 3114 /* Clear the top bit of memory */ 3115 if (bus->ramsize) { 3116 u32 zeros = 0; 3117 brcmf_sdbrcm_membytes(bus, true, bus->ramsize - 4, 3118 (u8 *)&zeros, 4); 3119 } 3120 } else { 3121 if (!ci->iscoreup(bus->sdiodev, ci, BCMA_CORE_INTERNAL_MEM)) { 3122 brcmf_dbg(ERROR, "SOCRAM core is down after reset?\n"); 3123 bcmerror = -EBADE; 3124 goto fail; 3125 } 3126 3127 bcmerror = brcmf_sdbrcm_write_vars(bus); 3128 if (bcmerror) { 3129 brcmf_dbg(ERROR, "no vars written to RAM\n"); 3130 bcmerror = 0; 3131 } 3132 3133 w_sdreg32(bus, 0xFFFFFFFF, 3134 offsetof(struct sdpcmd_regs, intstatus), &retries); 3135 3136 brcmf_sdio_chip_resetcore(bus->sdiodev, ci, BCMA_CORE_ARM_CM3); 3137 3138 /* Allow HT Clock now that the ARM is running. */ 3139 bus->alp_only = false; 3140 3141 bus->drvr->busstate = BRCMF_BUS_LOAD; 3142 } 3143fail: 3144 return bcmerror; 3145} 3146 3147static int brcmf_sdbrcm_get_image(char *buf, int len, struct brcmf_bus *bus) 3148{ 3149 if (bus->firmware->size < bus->fw_ptr + len) 3150 len = bus->firmware->size - bus->fw_ptr; 3151 3152 memcpy(buf, &bus->firmware->data[bus->fw_ptr], len); 3153 bus->fw_ptr += len; 3154 return len; 3155} 3156 3157MODULE_FIRMWARE(BCM4329_FW_NAME); 3158MODULE_FIRMWARE(BCM4329_NV_NAME); 3159 3160static int brcmf_sdbrcm_download_code_file(struct brcmf_bus *bus) 3161{ 3162 int offset = 0; 3163 uint len; 3164 u8 *memblock = NULL, *memptr; 3165 int ret; 3166 3167 brcmf_dbg(INFO, "Enter\n"); 3168 3169 bus->fw_name = BCM4329_FW_NAME; 3170 ret = request_firmware(&bus->firmware, bus->fw_name, 3171 &bus->sdiodev->func[2]->dev); 3172 if (ret) { 3173 brcmf_dbg(ERROR, "Fail to request firmware %d\n", ret); 3174 return ret; 3175 } 3176 bus->fw_ptr = 0; 3177 3178 memptr = memblock = kmalloc(MEMBLOCK + BRCMF_SDALIGN, GFP_ATOMIC); 3179 if (memblock == NULL) { 3180 ret = -ENOMEM; 3181 goto err; 3182 } 3183 if ((u32)(unsigned long)memblock % BRCMF_SDALIGN) 3184 memptr += (BRCMF_SDALIGN - 3185 ((u32)(unsigned long)memblock % BRCMF_SDALIGN)); 3186 3187 /* Download image */ 3188 while ((len = 3189 brcmf_sdbrcm_get_image((char *)memptr, MEMBLOCK, bus))) { 3190 ret = brcmf_sdbrcm_membytes(bus, true, offset, memptr, len); 3191 if (ret) { 3192 brcmf_dbg(ERROR, "error %d on writing %d membytes at 0x%08x\n", 3193 ret, MEMBLOCK, offset); 3194 goto err; 3195 } 3196 3197 offset += MEMBLOCK; 3198 } 3199 3200err: 3201 kfree(memblock); 3202 3203 release_firmware(bus->firmware); 3204 bus->fw_ptr = 0; 3205 3206 return ret; 3207} 3208 3209/* 3210 * ProcessVars:Takes a buffer of "<var>=<value>\n" lines read from a file 3211 * and ending in a NUL. 3212 * Removes carriage returns, empty lines, comment lines, and converts 3213 * newlines to NULs. 3214 * Shortens buffer as needed and pads with NULs. End of buffer is marked 3215 * by two NULs. 3216*/ 3217 3218static uint brcmf_process_nvram_vars(char *varbuf, uint len) 3219{ 3220 char *dp; 3221 bool findNewline; 3222 int column; 3223 uint buf_len, n; 3224 3225 dp = varbuf; 3226 3227 findNewline = false; 3228 column = 0; 3229 3230 for (n = 0; n < len; n++) { 3231 if (varbuf[n] == 0) 3232 break; 3233 if (varbuf[n] == '\r') 3234 continue; 3235 if (findNewline && varbuf[n] != '\n') 3236 continue; 3237 findNewline = false; 3238 if (varbuf[n] == '#') { 3239 findNewline = true; 3240 continue; 3241 } 3242 if (varbuf[n] == '\n') { 3243 if (column == 0) 3244 continue; 3245 *dp++ = 0; 3246 column = 0; 3247 continue; 3248 } 3249 *dp++ = varbuf[n]; 3250 column++; 3251 } 3252 buf_len = dp - varbuf; 3253 3254 while (dp < varbuf + n) 3255 *dp++ = 0; 3256 3257 return buf_len; 3258} 3259 3260static int brcmf_sdbrcm_download_nvram(struct brcmf_bus *bus) 3261{ 3262 uint len; 3263 char *memblock = NULL; 3264 char *bufp; 3265 int ret; 3266 3267 bus->nv_name = BCM4329_NV_NAME; 3268 ret = request_firmware(&bus->firmware, bus->nv_name, 3269 &bus->sdiodev->func[2]->dev); 3270 if (ret) { 3271 brcmf_dbg(ERROR, "Fail to request nvram %d\n", ret); 3272 return ret; 3273 } 3274 bus->fw_ptr = 0; 3275 3276 memblock = kmalloc(MEMBLOCK, GFP_ATOMIC); 3277 if (memblock == NULL) { 3278 ret = -ENOMEM; 3279 goto err; 3280 } 3281 3282 len = brcmf_sdbrcm_get_image(memblock, MEMBLOCK, bus); 3283 3284 if (len > 0 && len < MEMBLOCK) { 3285 bufp = (char *)memblock; 3286 bufp[len] = 0; 3287 len = brcmf_process_nvram_vars(bufp, len); 3288 bufp += len; 3289 *bufp++ = 0; 3290 if (len) 3291 ret = brcmf_sdbrcm_downloadvars(bus, memblock, len + 1); 3292 if (ret) 3293 brcmf_dbg(ERROR, "error downloading vars: %d\n", ret); 3294 } else { 3295 brcmf_dbg(ERROR, "error reading nvram file: %d\n", len); 3296 ret = -EIO; 3297 } 3298 3299err: 3300 kfree(memblock); 3301 3302 release_firmware(bus->firmware); 3303 bus->fw_ptr = 0; 3304 3305 return ret; 3306} 3307 3308static int _brcmf_sdbrcm_download_firmware(struct brcmf_bus *bus) 3309{ 3310 int bcmerror = -1; 3311 3312 /* Keep arm in reset */ 3313 if (brcmf_sdbrcm_download_state(bus, true)) { 3314 brcmf_dbg(ERROR, "error placing ARM core in reset\n"); 3315 goto err; 3316 } 3317 3318 /* External image takes precedence if specified */ 3319 if (brcmf_sdbrcm_download_code_file(bus)) { 3320 brcmf_dbg(ERROR, "dongle image file download failed\n"); 3321 goto err; 3322 } 3323 3324 /* External nvram takes precedence if specified */ 3325 if (brcmf_sdbrcm_download_nvram(bus)) 3326 brcmf_dbg(ERROR, "dongle nvram file download failed\n"); 3327 3328 /* Take arm out of reset */ 3329 if (brcmf_sdbrcm_download_state(bus, false)) { 3330 brcmf_dbg(ERROR, "error getting out of ARM core reset\n"); 3331 goto err; 3332 } 3333 3334 bcmerror = 0; 3335 3336err: 3337 return bcmerror; 3338} 3339 3340static bool 3341brcmf_sdbrcm_download_firmware(struct brcmf_bus *bus) 3342{ 3343 bool ret; 3344 3345 /* Download the firmware */ 3346 brcmf_sdbrcm_clkctl(bus, CLK_AVAIL, false); 3347 3348 ret = _brcmf_sdbrcm_download_firmware(bus) == 0; 3349 3350 brcmf_sdbrcm_clkctl(bus, CLK_SDONLY, false); 3351 3352 return ret; 3353} 3354 3355void brcmf_sdbrcm_bus_stop(struct brcmf_bus *bus) 3356{ 3357 u32 local_hostintmask; 3358 u8 saveclk; 3359 uint retries; 3360 int err; 3361 struct sk_buff *cur; 3362 struct sk_buff *next; 3363 3364 brcmf_dbg(TRACE, "Enter\n"); 3365 3366 if (bus->watchdog_tsk) { 3367 send_sig(SIGTERM, bus->watchdog_tsk, 1); 3368 kthread_stop(bus->watchdog_tsk); 3369 bus->watchdog_tsk = NULL; 3370 } 3371 3372 if (bus->dpc_tsk && bus->dpc_tsk != current) { 3373 send_sig(SIGTERM, bus->dpc_tsk, 1); 3374 kthread_stop(bus->dpc_tsk); 3375 bus->dpc_tsk = NULL; 3376 } 3377 3378 down(&bus->sdsem); 3379 3380 bus_wake(bus); 3381 3382 /* Enable clock for device interrupts */ 3383 brcmf_sdbrcm_clkctl(bus, CLK_AVAIL, false); 3384 3385 /* Disable and clear interrupts at the chip level also */ 3386 w_sdreg32(bus, 0, offsetof(struct sdpcmd_regs, hostintmask), &retries); 3387 local_hostintmask = bus->hostintmask; 3388 bus->hostintmask = 0; 3389 3390 /* Change our idea of bus state */ 3391 bus->drvr->busstate = BRCMF_BUS_DOWN; 3392 3393 /* Force clocks on backplane to be sure F2 interrupt propagates */ 3394 saveclk = brcmf_sdcard_cfg_read(bus->sdiodev, SDIO_FUNC_1, 3395 SBSDIO_FUNC1_CHIPCLKCSR, &err); 3396 if (!err) { 3397 brcmf_sdcard_cfg_write(bus->sdiodev, SDIO_FUNC_1, 3398 SBSDIO_FUNC1_CHIPCLKCSR, 3399 (saveclk | SBSDIO_FORCE_HT), &err); 3400 } 3401 if (err) 3402 brcmf_dbg(ERROR, "Failed to force clock for F2: err %d\n", err); 3403 3404 /* Turn off the bus (F2), free any pending packets */ 3405 brcmf_dbg(INTR, "disable SDIO interrupts\n"); 3406 brcmf_sdcard_cfg_write(bus->sdiodev, SDIO_FUNC_0, SDIO_CCCR_IOEx, 3407 SDIO_FUNC_ENABLE_1, NULL); 3408 3409 /* Clear any pending interrupts now that F2 is disabled */ 3410 w_sdreg32(bus, local_hostintmask, 3411 offsetof(struct sdpcmd_regs, intstatus), &retries); 3412 3413 /* Turn off the backplane clock (only) */ 3414 brcmf_sdbrcm_clkctl(bus, CLK_SDONLY, false); 3415 3416 /* Clear the data packet queues */ 3417 brcmu_pktq_flush(&bus->txq, true, NULL, NULL); 3418 3419 /* Clear any held glomming stuff */ 3420 if (bus->glomd) 3421 brcmu_pkt_buf_free_skb(bus->glomd); 3422 if (!skb_queue_empty(&bus->glom)) 3423 skb_queue_walk_safe(&bus->glom, cur, next) { 3424 skb_unlink(cur, &bus->glom); 3425 brcmu_pkt_buf_free_skb(cur); 3426 } 3427 3428 /* Clear rx control and wake any waiters */ 3429 bus->rxlen = 0; 3430 brcmf_sdbrcm_dcmd_resp_wake(bus); 3431 3432 /* Reset some F2 state stuff */ 3433 bus->rxskip = false; 3434 bus->tx_seq = bus->rx_seq = 0; 3435 3436 up(&bus->sdsem); 3437} 3438 3439int brcmf_sdbrcm_bus_init(struct brcmf_pub *drvr) 3440{ 3441 struct brcmf_bus *bus = drvr->bus; 3442 unsigned long timeout; 3443 uint retries = 0; 3444 u8 ready, enable; 3445 int err, ret = 0; 3446 u8 saveclk; 3447 3448 brcmf_dbg(TRACE, "Enter\n"); 3449 3450 /* try to download image and nvram to the dongle */ 3451 if (drvr->busstate == BRCMF_BUS_DOWN) { 3452 if (!(brcmf_sdbrcm_download_firmware(bus))) 3453 return -1; 3454 } 3455 3456 if (!bus->drvr) 3457 return 0; 3458 3459 /* Start the watchdog timer */ 3460 bus->drvr->tickcnt = 0; 3461 brcmf_sdbrcm_wd_timer(bus, BRCMF_WD_POLL_MS); 3462 3463 down(&bus->sdsem); 3464 3465 /* Make sure backplane clock is on, needed to generate F2 interrupt */ 3466 brcmf_sdbrcm_clkctl(bus, CLK_AVAIL, false); 3467 if (bus->clkstate != CLK_AVAIL) 3468 goto exit; 3469 3470 /* Force clocks on backplane to be sure F2 interrupt propagates */ 3471 saveclk = 3472 brcmf_sdcard_cfg_read(bus->sdiodev, SDIO_FUNC_1, 3473 SBSDIO_FUNC1_CHIPCLKCSR, &err); 3474 if (!err) { 3475 brcmf_sdcard_cfg_write(bus->sdiodev, SDIO_FUNC_1, 3476 SBSDIO_FUNC1_CHIPCLKCSR, 3477 (saveclk | SBSDIO_FORCE_HT), &err); 3478 } 3479 if (err) { 3480 brcmf_dbg(ERROR, "Failed to force clock for F2: err %d\n", err); 3481 goto exit; 3482 } 3483 3484 /* Enable function 2 (frame transfers) */ 3485 w_sdreg32(bus, SDPCM_PROT_VERSION << SMB_DATA_VERSION_SHIFT, 3486 offsetof(struct sdpcmd_regs, tosbmailboxdata), &retries); 3487 enable = (SDIO_FUNC_ENABLE_1 | SDIO_FUNC_ENABLE_2); 3488 3489 brcmf_sdcard_cfg_write(bus->sdiodev, SDIO_FUNC_0, SDIO_CCCR_IOEx, 3490 enable, NULL); 3491 3492 timeout = jiffies + msecs_to_jiffies(BRCMF_WAIT_F2RDY); 3493 ready = 0; 3494 while (enable != ready) { 3495 ready = brcmf_sdcard_cfg_read(bus->sdiodev, SDIO_FUNC_0, 3496 SDIO_CCCR_IORx, NULL); 3497 if (time_after(jiffies, timeout)) 3498 break; 3499 else if (time_after(jiffies, timeout - BRCMF_WAIT_F2RDY + 50)) 3500 /* prevent busy waiting if it takes too long */ 3501 msleep_interruptible(20); 3502 } 3503 3504 brcmf_dbg(INFO, "enable 0x%02x, ready 0x%02x\n", enable, ready); 3505 3506 /* If F2 successfully enabled, set core and enable interrupts */ 3507 if (ready == enable) { 3508 /* Set up the interrupt mask and enable interrupts */ 3509 bus->hostintmask = HOSTINTMASK; 3510 w_sdreg32(bus, bus->hostintmask, 3511 offsetof(struct sdpcmd_regs, hostintmask), &retries); 3512 3513 brcmf_sdcard_cfg_write(bus->sdiodev, SDIO_FUNC_1, 3514 SBSDIO_WATERMARK, 8, &err); 3515 3516 /* Set bus state according to enable result */ 3517 drvr->busstate = BRCMF_BUS_DATA; 3518 } 3519 3520 else { 3521 /* Disable F2 again */ 3522 enable = SDIO_FUNC_ENABLE_1; 3523 brcmf_sdcard_cfg_write(bus->sdiodev, SDIO_FUNC_0, 3524 SDIO_CCCR_IOEx, enable, NULL); 3525 } 3526 3527 /* Restore previous clock setting */ 3528 brcmf_sdcard_cfg_write(bus->sdiodev, SDIO_FUNC_1, 3529 SBSDIO_FUNC1_CHIPCLKCSR, saveclk, &err); 3530 3531 /* If we didn't come up, turn off backplane clock */ 3532 if (drvr->busstate != BRCMF_BUS_DATA) 3533 brcmf_sdbrcm_clkctl(bus, CLK_NONE, false); 3534 3535exit: 3536 up(&bus->sdsem); 3537 3538 return ret; 3539} 3540 3541void brcmf_sdbrcm_isr(void *arg) 3542{ 3543 struct brcmf_bus *bus = (struct brcmf_bus *) arg; 3544 3545 brcmf_dbg(TRACE, "Enter\n"); 3546 3547 if (!bus) { 3548 brcmf_dbg(ERROR, "bus is null pointer, exiting\n"); 3549 return; 3550 } 3551 3552 if (bus->drvr->busstate == BRCMF_BUS_DOWN) { 3553 brcmf_dbg(ERROR, "bus is down. we have nothing to do\n"); 3554 return; 3555 } 3556 /* Count the interrupt call */ 3557 bus->intrcount++; 3558 bus->ipend = true; 3559 3560 /* Shouldn't get this interrupt if we're sleeping? */ 3561 if (bus->sleeping) { 3562 brcmf_dbg(ERROR, "INTERRUPT WHILE SLEEPING??\n"); 3563 return; 3564 } 3565 3566 /* Disable additional interrupts (is this needed now)? */ 3567 if (!bus->intr) 3568 brcmf_dbg(ERROR, "isr w/o interrupt configured!\n"); 3569 3570 bus->dpc_sched = true; 3571 if (bus->dpc_tsk) 3572 complete(&bus->dpc_wait); 3573} 3574 3575static bool brcmf_sdbrcm_bus_watchdog(struct brcmf_pub *drvr) 3576{ 3577 struct brcmf_bus *bus; 3578 3579 brcmf_dbg(TIMER, "Enter\n"); 3580 3581 bus = drvr->bus; 3582 3583 /* Ignore the timer if simulating bus down */ 3584 if (bus->sleeping) 3585 return false; 3586 3587 down(&bus->sdsem); 3588 3589 /* Poll period: check device if appropriate. */ 3590 if (bus->poll && (++bus->polltick >= bus->pollrate)) { 3591 u32 intstatus = 0; 3592 3593 /* Reset poll tick */ 3594 bus->polltick = 0; 3595 3596 /* Check device if no interrupts */ 3597 if (!bus->intr || (bus->intrcount == bus->lastintrs)) { 3598 3599 if (!bus->dpc_sched) { 3600 u8 devpend; 3601 devpend = brcmf_sdcard_cfg_read(bus->sdiodev, 3602 SDIO_FUNC_0, SDIO_CCCR_INTx, 3603 NULL); 3604 intstatus = 3605 devpend & (INTR_STATUS_FUNC1 | 3606 INTR_STATUS_FUNC2); 3607 } 3608 3609 /* If there is something, make like the ISR and 3610 schedule the DPC */ 3611 if (intstatus) { 3612 bus->pollcnt++; 3613 bus->ipend = true; 3614 3615 bus->dpc_sched = true; 3616 if (bus->dpc_tsk) 3617 complete(&bus->dpc_wait); 3618 } 3619 } 3620 3621 /* Update interrupt tracking */ 3622 bus->lastintrs = bus->intrcount; 3623 } 3624#ifdef BCMDBG 3625 /* Poll for console output periodically */ 3626 if (drvr->busstate == BRCMF_BUS_DATA && bus->console_interval != 0) { 3627 bus->console.count += BRCMF_WD_POLL_MS; 3628 if (bus->console.count >= bus->console_interval) { 3629 bus->console.count -= bus->console_interval; 3630 /* Make sure backplane clock is on */ 3631 brcmf_sdbrcm_clkctl(bus, CLK_AVAIL, false); 3632 if (brcmf_sdbrcm_readconsole(bus) < 0) 3633 /* stop on error */ 3634 bus->console_interval = 0; 3635 } 3636 } 3637#endif /* BCMDBG */ 3638 3639 /* On idle timeout clear activity flag and/or turn off clock */ 3640 if ((bus->idletime > 0) && (bus->clkstate == CLK_AVAIL)) { 3641 if (++bus->idlecount >= bus->idletime) { 3642 bus->idlecount = 0; 3643 if (bus->activity) { 3644 bus->activity = false; 3645 brcmf_sdbrcm_wd_timer(bus, BRCMF_WD_POLL_MS); 3646 } else { 3647 brcmf_sdbrcm_clkctl(bus, CLK_NONE, false); 3648 } 3649 } 3650 } 3651 3652 up(&bus->sdsem); 3653 3654 return bus->ipend; 3655} 3656 3657static bool brcmf_sdbrcm_chipmatch(u16 chipid) 3658{ 3659 if (chipid == BCM4329_CHIP_ID) 3660 return true; 3661 return false; 3662} 3663 3664static void brcmf_sdbrcm_release_malloc(struct brcmf_bus *bus) 3665{ 3666 brcmf_dbg(TRACE, "Enter\n"); 3667 3668 kfree(bus->rxbuf); 3669 bus->rxctl = bus->rxbuf = NULL; 3670 bus->rxlen = 0; 3671 3672 kfree(bus->databuf); 3673 bus->databuf = NULL; 3674} 3675 3676static bool brcmf_sdbrcm_probe_malloc(struct brcmf_bus *bus) 3677{ 3678 brcmf_dbg(TRACE, "Enter\n"); 3679 3680 if (bus->drvr->maxctl) { 3681 bus->rxblen = 3682 roundup((bus->drvr->maxctl + SDPCM_HDRLEN), 3683 ALIGNMENT) + BRCMF_SDALIGN; 3684 bus->rxbuf = kmalloc(bus->rxblen, GFP_ATOMIC); 3685 if (!(bus->rxbuf)) 3686 goto fail; 3687 } 3688 3689 /* Allocate buffer to receive glomed packet */ 3690 bus->databuf = kmalloc(MAX_DATA_BUF, GFP_ATOMIC); 3691 if (!(bus->databuf)) { 3692 /* release rxbuf which was already located as above */ 3693 if (!bus->rxblen) 3694 kfree(bus->rxbuf); 3695 goto fail; 3696 } 3697 3698 /* Align the buffer */ 3699 if ((unsigned long)bus->databuf % BRCMF_SDALIGN) 3700 bus->dataptr = bus->databuf + (BRCMF_SDALIGN - 3701 ((unsigned long)bus->databuf % BRCMF_SDALIGN)); 3702 else 3703 bus->dataptr = bus->databuf; 3704 3705 return true; 3706 3707fail: 3708 return false; 3709} 3710 3711static bool 3712brcmf_sdbrcm_probe_attach(struct brcmf_bus *bus, u32 regsva) 3713{ 3714 u8 clkctl = 0; 3715 int err = 0; 3716 int reg_addr; 3717 u32 reg_val; 3718 u8 idx; 3719 3720 bus->alp_only = true; 3721 3722 /* Return the window to backplane enumeration space for core access */ 3723 if (brcmf_sdcard_set_sbaddr_window(bus->sdiodev, SI_ENUM_BASE)) 3724 brcmf_dbg(ERROR, "FAILED to return to SI_ENUM_BASE\n"); 3725 3726#ifdef BCMDBG 3727 printk(KERN_DEBUG "F1 signature read @0x18000000=0x%4x\n", 3728 brcmf_sdcard_reg_read(bus->sdiodev, SI_ENUM_BASE, 4)); 3729 3730#endif /* BCMDBG */ 3731 3732 /* 3733 * Force PLL off until brcmf_sdio_chip_attach() 3734 * programs PLL control regs 3735 */ 3736 3737 brcmf_sdcard_cfg_write(bus->sdiodev, SDIO_FUNC_1, 3738 SBSDIO_FUNC1_CHIPCLKCSR, 3739 BRCMF_INIT_CLKCTL1, &err); 3740 if (!err) 3741 clkctl = 3742 brcmf_sdcard_cfg_read(bus->sdiodev, SDIO_FUNC_1, 3743 SBSDIO_FUNC1_CHIPCLKCSR, &err); 3744 3745 if (err || ((clkctl & ~SBSDIO_AVBITS) != BRCMF_INIT_CLKCTL1)) { 3746 brcmf_dbg(ERROR, "ChipClkCSR access: err %d wrote 0x%02x read 0x%02x\n", 3747 err, BRCMF_INIT_CLKCTL1, clkctl); 3748 goto fail; 3749 } 3750 3751 if (brcmf_sdio_chip_attach(bus->sdiodev, &bus->ci, regsva)) { 3752 brcmf_dbg(ERROR, "brcmf_sdio_chip_attach failed!\n"); 3753 goto fail; 3754 } 3755 3756 if (!brcmf_sdbrcm_chipmatch((u16) bus->ci->chip)) { 3757 brcmf_dbg(ERROR, "unsupported chip: 0x%04x\n", bus->ci->chip); 3758 goto fail; 3759 } 3760 3761 brcmf_sdio_chip_drivestrengthinit(bus->sdiodev, bus->ci, 3762 SDIO_DRIVE_STRENGTH); 3763 3764 /* Get info on the SOCRAM cores... */ 3765 bus->ramsize = bus->ci->ramsize; 3766 if (!(bus->ramsize)) { 3767 brcmf_dbg(ERROR, "failed to find SOCRAM memory!\n"); 3768 goto fail; 3769 } 3770 3771 /* Set core control so an SDIO reset does a backplane reset */ 3772 idx = brcmf_sdio_chip_getinfidx(bus->ci, BCMA_CORE_SDIO_DEV); 3773 reg_addr = bus->ci->c_inf[idx].base + 3774 offsetof(struct sdpcmd_regs, corecontrol); 3775 reg_val = brcmf_sdcard_reg_read(bus->sdiodev, reg_addr, sizeof(u32)); 3776 brcmf_sdcard_reg_write(bus->sdiodev, reg_addr, sizeof(u32), 3777 reg_val | CC_BPRESEN); 3778 3779 brcmu_pktq_init(&bus->txq, (PRIOMASK + 1), TXQLEN); 3780 3781 /* Locate an appropriately-aligned portion of hdrbuf */ 3782 bus->rxhdr = (u8 *) roundup((unsigned long)&bus->hdrbuf[0], 3783 BRCMF_SDALIGN); 3784 3785 /* Set the poll and/or interrupt flags */ 3786 bus->intr = true; 3787 bus->poll = false; 3788 if (bus->poll) 3789 bus->pollrate = 1; 3790 3791 return true; 3792 3793fail: 3794 return false; 3795} 3796 3797static bool brcmf_sdbrcm_probe_init(struct brcmf_bus *bus) 3798{ 3799 brcmf_dbg(TRACE, "Enter\n"); 3800 3801 /* Disable F2 to clear any intermediate frame state on the dongle */ 3802 brcmf_sdcard_cfg_write(bus->sdiodev, SDIO_FUNC_0, SDIO_CCCR_IOEx, 3803 SDIO_FUNC_ENABLE_1, NULL); 3804 3805 bus->drvr->busstate = BRCMF_BUS_DOWN; 3806 bus->sleeping = false; 3807 bus->rxflow = false; 3808 3809 /* Done with backplane-dependent accesses, can drop clock... */ 3810 brcmf_sdcard_cfg_write(bus->sdiodev, SDIO_FUNC_1, 3811 SBSDIO_FUNC1_CHIPCLKCSR, 0, NULL); 3812 3813 /* ...and initialize clock/power states */ 3814 bus->clkstate = CLK_SDONLY; 3815 bus->idletime = BRCMF_IDLE_INTERVAL; 3816 bus->idleclock = BRCMF_IDLE_ACTIVE; 3817 3818 /* Query the F2 block size, set roundup accordingly */ 3819 bus->blocksize = bus->sdiodev->func[2]->cur_blksize; 3820 bus->roundup = min(max_roundup, bus->blocksize); 3821 3822 /* bus module does not support packet chaining */ 3823 bus->use_rxchain = false; 3824 bus->sd_rxchain = false; 3825 3826 return true; 3827} 3828 3829static int 3830brcmf_sdbrcm_watchdog_thread(void *data) 3831{ 3832 struct brcmf_bus *bus = (struct brcmf_bus *)data; 3833 3834 allow_signal(SIGTERM); 3835 /* Run until signal received */ 3836 while (1) { 3837 if (kthread_should_stop()) 3838 break; 3839 if (!wait_for_completion_interruptible(&bus->watchdog_wait)) { 3840 brcmf_sdbrcm_bus_watchdog(bus->drvr); 3841 /* Count the tick for reference */ 3842 bus->drvr->tickcnt++; 3843 } else 3844 break; 3845 } 3846 return 0; 3847} 3848 3849static void 3850brcmf_sdbrcm_watchdog(unsigned long data) 3851{ 3852 struct brcmf_bus *bus = (struct brcmf_bus *)data; 3853 3854 if (bus->watchdog_tsk) { 3855 complete(&bus->watchdog_wait); 3856 /* Reschedule the watchdog */ 3857 if (bus->wd_timer_valid) 3858 mod_timer(&bus->timer, 3859 jiffies + BRCMF_WD_POLL_MS * HZ / 1000); 3860 } 3861} 3862 3863static void brcmf_sdbrcm_release_dongle(struct brcmf_bus *bus) 3864{ 3865 brcmf_dbg(TRACE, "Enter\n"); 3866 3867 if (bus->ci) { 3868 brcmf_sdbrcm_clkctl(bus, CLK_AVAIL, false); 3869 brcmf_sdbrcm_clkctl(bus, CLK_NONE, false); 3870 brcmf_sdio_chip_detach(&bus->ci); 3871 if (bus->vars && bus->varsz) 3872 kfree(bus->vars); 3873 bus->vars = NULL; 3874 } 3875 3876 brcmf_dbg(TRACE, "Disconnected\n"); 3877} 3878 3879/* Detach and free everything */ 3880static void brcmf_sdbrcm_release(struct brcmf_bus *bus) 3881{ 3882 brcmf_dbg(TRACE, "Enter\n"); 3883 3884 if (bus) { 3885 /* De-register interrupt handler */ 3886 brcmf_sdcard_intr_dereg(bus->sdiodev); 3887 3888 if (bus->drvr) { 3889 brcmf_detach(bus->drvr); 3890 brcmf_sdbrcm_release_dongle(bus); 3891 bus->drvr = NULL; 3892 } 3893 3894 brcmf_sdbrcm_release_malloc(bus); 3895 3896 kfree(bus); 3897 } 3898 3899 brcmf_dbg(TRACE, "Disconnected\n"); 3900} 3901 3902void *brcmf_sdbrcm_probe(u16 bus_no, u16 slot, u16 func, uint bustype, 3903 u32 regsva, struct brcmf_sdio_dev *sdiodev) 3904{ 3905 int ret; 3906 struct brcmf_bus *bus; 3907 3908 /* Init global variables at run-time, not as part of the declaration. 3909 * This is required to support init/de-init of the driver. 3910 * Initialization 3911 * of globals as part of the declaration results in non-deterministic 3912 * behavior since the value of the globals may be different on the 3913 * first time that the driver is initialized vs subsequent 3914 * initializations. 3915 */ 3916 brcmf_c_init(); 3917 3918 brcmf_dbg(TRACE, "Enter\n"); 3919 3920 /* We make an assumption about address window mappings: 3921 * regsva == SI_ENUM_BASE*/ 3922 3923 /* Allocate private bus interface state */ 3924 bus = kzalloc(sizeof(struct brcmf_bus), GFP_ATOMIC); 3925 if (!bus) 3926 goto fail; 3927 3928 bus->sdiodev = sdiodev; 3929 sdiodev->bus = bus; 3930 skb_queue_head_init(&bus->glom); 3931 bus->txbound = BRCMF_TXBOUND; 3932 bus->rxbound = BRCMF_RXBOUND; 3933 bus->txminmax = BRCMF_TXMINMAX; 3934 bus->tx_seq = SDPCM_SEQUENCE_WRAP - 1; 3935 bus->usebufpool = false; /* Use bufpool if allocated, 3936 else use locally malloced rxbuf */ 3937 3938 /* attempt to attach to the dongle */ 3939 if (!(brcmf_sdbrcm_probe_attach(bus, regsva))) { 3940 brcmf_dbg(ERROR, "brcmf_sdbrcm_probe_attach failed\n"); 3941 goto fail; 3942 } 3943 3944 spin_lock_init(&bus->txqlock); 3945 init_waitqueue_head(&bus->ctrl_wait); 3946 init_waitqueue_head(&bus->dcmd_resp_wait); 3947 3948 /* Set up the watchdog timer */ 3949 init_timer(&bus->timer); 3950 bus->timer.data = (unsigned long)bus; 3951 bus->timer.function = brcmf_sdbrcm_watchdog; 3952 3953 /* Initialize thread based operation and lock */ 3954 sema_init(&bus->sdsem, 1); 3955 3956 /* Initialize watchdog thread */ 3957 init_completion(&bus->watchdog_wait); 3958 bus->watchdog_tsk = kthread_run(brcmf_sdbrcm_watchdog_thread, 3959 bus, "brcmf_watchdog"); 3960 if (IS_ERR(bus->watchdog_tsk)) { 3961 printk(KERN_WARNING 3962 "brcmf_watchdog thread failed to start\n"); 3963 bus->watchdog_tsk = NULL; 3964 } 3965 /* Initialize DPC thread */ 3966 init_completion(&bus->dpc_wait); 3967 bus->dpc_tsk = kthread_run(brcmf_sdbrcm_dpc_thread, 3968 bus, "brcmf_dpc"); 3969 if (IS_ERR(bus->dpc_tsk)) { 3970 printk(KERN_WARNING 3971 "brcmf_dpc thread failed to start\n"); 3972 bus->dpc_tsk = NULL; 3973 } 3974 3975 /* Attach to the brcmf/OS/network interface */ 3976 bus->drvr = brcmf_attach(bus, SDPCM_RESERVE); 3977 if (!bus->drvr) { 3978 brcmf_dbg(ERROR, "brcmf_attach failed\n"); 3979 goto fail; 3980 } 3981 3982 /* Allocate buffers */ 3983 if (!(brcmf_sdbrcm_probe_malloc(bus))) { 3984 brcmf_dbg(ERROR, "brcmf_sdbrcm_probe_malloc failed\n"); 3985 goto fail; 3986 } 3987 3988 if (!(brcmf_sdbrcm_probe_init(bus))) { 3989 brcmf_dbg(ERROR, "brcmf_sdbrcm_probe_init failed\n"); 3990 goto fail; 3991 } 3992 3993 /* Register interrupt callback, but mask it (not operational yet). */ 3994 brcmf_dbg(INTR, "disable SDIO interrupts (not interested yet)\n"); 3995 ret = brcmf_sdcard_intr_reg(bus->sdiodev); 3996 if (ret != 0) { 3997 brcmf_dbg(ERROR, "FAILED: sdcard_intr_reg returned %d\n", ret); 3998 goto fail; 3999 } 4000 brcmf_dbg(INTR, "registered SDIO interrupt function ok\n"); 4001 4002 brcmf_dbg(INFO, "completed!!\n"); 4003 4004 /* if firmware path present try to download and bring up bus */ 4005 ret = brcmf_bus_start(bus->drvr); 4006 if (ret != 0) { 4007 if (ret == -ENOLINK) { 4008 brcmf_dbg(ERROR, "dongle is not responding\n"); 4009 goto fail; 4010 } 4011 } 4012 4013 /* add interface and open for business */ 4014 if (brcmf_add_if((struct brcmf_info *)bus->drvr, 0, "wlan%d", NULL)) { 4015 brcmf_dbg(ERROR, "Add primary net device interface failed!!\n"); 4016 goto fail; 4017 } 4018 4019 return bus; 4020 4021fail: 4022 brcmf_sdbrcm_release(bus); 4023 return NULL; 4024} 4025 4026void brcmf_sdbrcm_disconnect(void *ptr) 4027{ 4028 struct brcmf_bus *bus = (struct brcmf_bus *)ptr; 4029 4030 brcmf_dbg(TRACE, "Enter\n"); 4031 4032 if (bus) 4033 brcmf_sdbrcm_release(bus); 4034 4035 brcmf_dbg(TRACE, "Disconnected\n"); 4036} 4037 4038struct device *brcmf_bus_get_device(struct brcmf_bus *bus) 4039{ 4040 return &bus->sdiodev->func[2]->dev; 4041} 4042 4043void 4044brcmf_sdbrcm_wd_timer(struct brcmf_bus *bus, uint wdtick) 4045{ 4046 /* Totally stop the timer */ 4047 if (!wdtick && bus->wd_timer_valid == true) { 4048 del_timer_sync(&bus->timer); 4049 bus->wd_timer_valid = false; 4050 bus->save_ms = wdtick; 4051 return; 4052 } 4053 4054 /* don't start the wd until fw is loaded */ 4055 if (bus->drvr->busstate == BRCMF_BUS_DOWN) 4056 return; 4057 4058 if (wdtick) { 4059 if (bus->save_ms != BRCMF_WD_POLL_MS) { 4060 if (bus->wd_timer_valid == true) 4061 /* Stop timer and restart at new value */ 4062 del_timer_sync(&bus->timer); 4063 4064 /* Create timer again when watchdog period is 4065 dynamically changed or in the first instance 4066 */ 4067 bus->timer.expires = 4068 jiffies + BRCMF_WD_POLL_MS * HZ / 1000; 4069 add_timer(&bus->timer); 4070 4071 } else { 4072 /* Re arm the timer, at last watchdog period */ 4073 mod_timer(&bus->timer, 4074 jiffies + BRCMF_WD_POLL_MS * HZ / 1000); 4075 } 4076 4077 bus->wd_timer_valid = true; 4078 bus->save_ms = wdtick; 4079 } 4080} 4081