dhd_sdio.c revision 0bc9a8cb24f9a1fa556c081cd9d9edc89121a636
1/* 2 * Copyright (c) 2010 Broadcom Corporation 3 * 4 * Permission to use, copy, modify, and/or distribute this software for any 5 * purpose with or without fee is hereby granted, provided that the above 6 * copyright notice and this permission notice appear in all copies. 7 * 8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 11 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION 13 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN 14 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 */ 16 17#include <linux/types.h> 18#include <linux/kernel.h> 19#include <linux/kthread.h> 20#include <linux/printk.h> 21#include <linux/pci_ids.h> 22#include <linux/netdevice.h> 23#include <linux/interrupt.h> 24#include <linux/sched.h> 25#include <linux/mmc/sdio.h> 26#include <linux/mmc/sdio_func.h> 27#include <linux/mmc/card.h> 28#include <linux/semaphore.h> 29#include <linux/firmware.h> 30#include <linux/module.h> 31#include <linux/bcma/bcma.h> 32#include <linux/debugfs.h> 33#include <linux/vmalloc.h> 34#include <asm/unaligned.h> 35#include <defs.h> 36#include <brcmu_wifi.h> 37#include <brcmu_utils.h> 38#include <brcm_hw_ids.h> 39#include <soc.h> 40#include "sdio_host.h" 41#include "sdio_chip.h" 42 43#define DCMD_RESP_TIMEOUT 2000 /* In milli second */ 44 45#ifdef DEBUG 46 47#define BRCMF_TRAP_INFO_SIZE 80 48 49#define CBUF_LEN (128) 50 51/* Device console log buffer state */ 52#define CONSOLE_BUFFER_MAX 2024 53 54struct rte_log_le { 55 __le32 buf; /* Can't be pointer on (64-bit) hosts */ 56 __le32 buf_size; 57 __le32 idx; 58 char *_buf_compat; /* Redundant pointer for backward compat. */ 59}; 60 61struct rte_console { 62 /* Virtual UART 63 * When there is no UART (e.g. Quickturn), 64 * the host should write a complete 65 * input line directly into cbuf and then write 66 * the length into vcons_in. 67 * This may also be used when there is a real UART 68 * (at risk of conflicting with 69 * the real UART). vcons_out is currently unused. 70 */ 71 uint vcons_in; 72 uint vcons_out; 73 74 /* Output (logging) buffer 75 * Console output is written to a ring buffer log_buf at index log_idx. 76 * The host may read the output when it sees log_idx advance. 77 * Output will be lost if the output wraps around faster than the host 78 * polls. 79 */ 80 struct rte_log_le log_le; 81 82 /* Console input line buffer 83 * Characters are read one at a time into cbuf 84 * until <CR> is received, then 85 * the buffer is processed as a command line. 86 * Also used for virtual UART. 87 */ 88 uint cbuf_idx; 89 char cbuf[CBUF_LEN]; 90}; 91 92#endif /* DEBUG */ 93#include <chipcommon.h> 94 95#include "dhd_bus.h" 96#include "dhd_dbg.h" 97 98#define TXQLEN 2048 /* bulk tx queue length */ 99#define TXHI (TXQLEN - 256) /* turn on flow control above TXHI */ 100#define TXLOW (TXHI - 256) /* turn off flow control below TXLOW */ 101#define PRIOMASK 7 102 103#define TXRETRIES 2 /* # of retries for tx frames */ 104 105#define BRCMF_RXBOUND 50 /* Default for max rx frames in 106 one scheduling */ 107 108#define BRCMF_TXBOUND 20 /* Default for max tx frames in 109 one scheduling */ 110 111#define BRCMF_TXMINMAX 1 /* Max tx frames if rx still pending */ 112 113#define MEMBLOCK 2048 /* Block size used for downloading 114 of dongle image */ 115#define MAX_DATA_BUF (32 * 1024) /* Must be large enough to hold 116 biggest possible glom */ 117 118#define BRCMF_FIRSTREAD (1 << 6) 119 120 121/* SBSDIO_DEVICE_CTL */ 122 123/* 1: device will assert busy signal when receiving CMD53 */ 124#define SBSDIO_DEVCTL_SETBUSY 0x01 125/* 1: assertion of sdio interrupt is synchronous to the sdio clock */ 126#define SBSDIO_DEVCTL_SPI_INTR_SYNC 0x02 127/* 1: mask all interrupts to host except the chipActive (rev 8) */ 128#define SBSDIO_DEVCTL_CA_INT_ONLY 0x04 129/* 1: isolate internal sdio signals, put external pads in tri-state; requires 130 * sdio bus power cycle to clear (rev 9) */ 131#define SBSDIO_DEVCTL_PADS_ISO 0x08 132/* Force SD->SB reset mapping (rev 11) */ 133#define SBSDIO_DEVCTL_SB_RST_CTL 0x30 134/* Determined by CoreControl bit */ 135#define SBSDIO_DEVCTL_RST_CORECTL 0x00 136/* Force backplane reset */ 137#define SBSDIO_DEVCTL_RST_BPRESET 0x10 138/* Force no backplane reset */ 139#define SBSDIO_DEVCTL_RST_NOBPRESET 0x20 140 141/* direct(mapped) cis space */ 142 143/* MAPPED common CIS address */ 144#define SBSDIO_CIS_BASE_COMMON 0x1000 145/* maximum bytes in one CIS */ 146#define SBSDIO_CIS_SIZE_LIMIT 0x200 147/* cis offset addr is < 17 bits */ 148#define SBSDIO_CIS_OFT_ADDR_MASK 0x1FFFF 149 150/* manfid tuple length, include tuple, link bytes */ 151#define SBSDIO_CIS_MANFID_TUPLE_LEN 6 152 153/* intstatus */ 154#define I_SMB_SW0 (1 << 0) /* To SB Mail S/W interrupt 0 */ 155#define I_SMB_SW1 (1 << 1) /* To SB Mail S/W interrupt 1 */ 156#define I_SMB_SW2 (1 << 2) /* To SB Mail S/W interrupt 2 */ 157#define I_SMB_SW3 (1 << 3) /* To SB Mail S/W interrupt 3 */ 158#define I_SMB_SW_MASK 0x0000000f /* To SB Mail S/W interrupts mask */ 159#define I_SMB_SW_SHIFT 0 /* To SB Mail S/W interrupts shift */ 160#define I_HMB_SW0 (1 << 4) /* To Host Mail S/W interrupt 0 */ 161#define I_HMB_SW1 (1 << 5) /* To Host Mail S/W interrupt 1 */ 162#define I_HMB_SW2 (1 << 6) /* To Host Mail S/W interrupt 2 */ 163#define I_HMB_SW3 (1 << 7) /* To Host Mail S/W interrupt 3 */ 164#define I_HMB_SW_MASK 0x000000f0 /* To Host Mail S/W interrupts mask */ 165#define I_HMB_SW_SHIFT 4 /* To Host Mail S/W interrupts shift */ 166#define I_WR_OOSYNC (1 << 8) /* Write Frame Out Of Sync */ 167#define I_RD_OOSYNC (1 << 9) /* Read Frame Out Of Sync */ 168#define I_PC (1 << 10) /* descriptor error */ 169#define I_PD (1 << 11) /* data error */ 170#define I_DE (1 << 12) /* Descriptor protocol Error */ 171#define I_RU (1 << 13) /* Receive descriptor Underflow */ 172#define I_RO (1 << 14) /* Receive fifo Overflow */ 173#define I_XU (1 << 15) /* Transmit fifo Underflow */ 174#define I_RI (1 << 16) /* Receive Interrupt */ 175#define I_BUSPWR (1 << 17) /* SDIO Bus Power Change (rev 9) */ 176#define I_XMTDATA_AVAIL (1 << 23) /* bits in fifo */ 177#define I_XI (1 << 24) /* Transmit Interrupt */ 178#define I_RF_TERM (1 << 25) /* Read Frame Terminate */ 179#define I_WF_TERM (1 << 26) /* Write Frame Terminate */ 180#define I_PCMCIA_XU (1 << 27) /* PCMCIA Transmit FIFO Underflow */ 181#define I_SBINT (1 << 28) /* sbintstatus Interrupt */ 182#define I_CHIPACTIVE (1 << 29) /* chip from doze to active state */ 183#define I_SRESET (1 << 30) /* CCCR RES interrupt */ 184#define I_IOE2 (1U << 31) /* CCCR IOE2 Bit Changed */ 185#define I_ERRORS (I_PC | I_PD | I_DE | I_RU | I_RO | I_XU) 186#define I_DMA (I_RI | I_XI | I_ERRORS) 187 188/* corecontrol */ 189#define CC_CISRDY (1 << 0) /* CIS Ready */ 190#define CC_BPRESEN (1 << 1) /* CCCR RES signal */ 191#define CC_F2RDY (1 << 2) /* set CCCR IOR2 bit */ 192#define CC_CLRPADSISO (1 << 3) /* clear SDIO pads isolation */ 193#define CC_XMTDATAAVAIL_MODE (1 << 4) 194#define CC_XMTDATAAVAIL_CTRL (1 << 5) 195 196/* SDA_FRAMECTRL */ 197#define SFC_RF_TERM (1 << 0) /* Read Frame Terminate */ 198#define SFC_WF_TERM (1 << 1) /* Write Frame Terminate */ 199#define SFC_CRC4WOOS (1 << 2) /* CRC error for write out of sync */ 200#define SFC_ABORTALL (1 << 3) /* Abort all in-progress frames */ 201 202/* HW frame tag */ 203#define SDPCM_FRAMETAG_LEN 4 /* 2 bytes len, 2 bytes check val */ 204 205/* Total length of frame header for dongle protocol */ 206#define SDPCM_HDRLEN (SDPCM_FRAMETAG_LEN + SDPCM_SWHEADER_LEN) 207#define SDPCM_RESERVE (SDPCM_HDRLEN + BRCMF_SDALIGN) 208 209/* 210 * Software allocation of To SB Mailbox resources 211 */ 212 213/* tosbmailbox bits corresponding to intstatus bits */ 214#define SMB_NAK (1 << 0) /* Frame NAK */ 215#define SMB_INT_ACK (1 << 1) /* Host Interrupt ACK */ 216#define SMB_USE_OOB (1 << 2) /* Use OOB Wakeup */ 217#define SMB_DEV_INT (1 << 3) /* Miscellaneous Interrupt */ 218 219/* tosbmailboxdata */ 220#define SMB_DATA_VERSION_SHIFT 16 /* host protocol version */ 221 222/* 223 * Software allocation of To Host Mailbox resources 224 */ 225 226/* intstatus bits */ 227#define I_HMB_FC_STATE I_HMB_SW0 /* Flow Control State */ 228#define I_HMB_FC_CHANGE I_HMB_SW1 /* Flow Control State Changed */ 229#define I_HMB_FRAME_IND I_HMB_SW2 /* Frame Indication */ 230#define I_HMB_HOST_INT I_HMB_SW3 /* Miscellaneous Interrupt */ 231 232/* tohostmailboxdata */ 233#define HMB_DATA_NAKHANDLED 1 /* retransmit NAK'd frame */ 234#define HMB_DATA_DEVREADY 2 /* talk to host after enable */ 235#define HMB_DATA_FC 4 /* per prio flowcontrol update flag */ 236#define HMB_DATA_FWREADY 8 /* fw ready for protocol activity */ 237 238#define HMB_DATA_FCDATA_MASK 0xff000000 239#define HMB_DATA_FCDATA_SHIFT 24 240 241#define HMB_DATA_VERSION_MASK 0x00ff0000 242#define HMB_DATA_VERSION_SHIFT 16 243 244/* 245 * Software-defined protocol header 246 */ 247 248/* Current protocol version */ 249#define SDPCM_PROT_VERSION 4 250 251/* SW frame header */ 252#define SDPCM_PACKET_SEQUENCE(p) (((u8 *)p)[0] & 0xff) 253 254#define SDPCM_CHANNEL_MASK 0x00000f00 255#define SDPCM_CHANNEL_SHIFT 8 256#define SDPCM_PACKET_CHANNEL(p) (((u8 *)p)[1] & 0x0f) 257 258#define SDPCM_NEXTLEN_OFFSET 2 259 260/* Data Offset from SOF (HW Tag, SW Tag, Pad) */ 261#define SDPCM_DOFFSET_OFFSET 3 /* Data Offset */ 262#define SDPCM_DOFFSET_VALUE(p) (((u8 *)p)[SDPCM_DOFFSET_OFFSET] & 0xff) 263#define SDPCM_DOFFSET_MASK 0xff000000 264#define SDPCM_DOFFSET_SHIFT 24 265#define SDPCM_FCMASK_OFFSET 4 /* Flow control */ 266#define SDPCM_FCMASK_VALUE(p) (((u8 *)p)[SDPCM_FCMASK_OFFSET] & 0xff) 267#define SDPCM_WINDOW_OFFSET 5 /* Credit based fc */ 268#define SDPCM_WINDOW_VALUE(p) (((u8 *)p)[SDPCM_WINDOW_OFFSET] & 0xff) 269 270#define SDPCM_SWHEADER_LEN 8 /* SW header is 64 bits */ 271 272/* logical channel numbers */ 273#define SDPCM_CONTROL_CHANNEL 0 /* Control channel Id */ 274#define SDPCM_EVENT_CHANNEL 1 /* Asyc Event Indication Channel Id */ 275#define SDPCM_DATA_CHANNEL 2 /* Data Xmit/Recv Channel Id */ 276#define SDPCM_GLOM_CHANNEL 3 /* For coalesced packets */ 277#define SDPCM_TEST_CHANNEL 15 /* Reserved for test/debug packets */ 278 279#define SDPCM_SEQUENCE_WRAP 256 /* wrap-around val for 8bit frame seq */ 280 281#define SDPCM_GLOMDESC(p) (((u8 *)p)[1] & 0x80) 282 283/* 284 * Shared structure between dongle and the host. 285 * The structure contains pointers to trap or assert information. 286 */ 287#define SDPCM_SHARED_VERSION 0x0003 288#define SDPCM_SHARED_VERSION_MASK 0x00FF 289#define SDPCM_SHARED_ASSERT_BUILT 0x0100 290#define SDPCM_SHARED_ASSERT 0x0200 291#define SDPCM_SHARED_TRAP 0x0400 292 293/* Space for header read, limit for data packets */ 294#define MAX_HDR_READ (1 << 6) 295#define MAX_RX_DATASZ 2048 296 297/* Maximum milliseconds to wait for F2 to come up */ 298#define BRCMF_WAIT_F2RDY 3000 299 300/* Bump up limit on waiting for HT to account for first startup; 301 * if the image is doing a CRC calculation before programming the PMU 302 * for HT availability, it could take a couple hundred ms more, so 303 * max out at a 1 second (1000000us). 304 */ 305#undef PMU_MAX_TRANSITION_DLY 306#define PMU_MAX_TRANSITION_DLY 1000000 307 308/* Value for ChipClockCSR during initial setup */ 309#define BRCMF_INIT_CLKCTL1 (SBSDIO_FORCE_HW_CLKREQ_OFF | \ 310 SBSDIO_ALP_AVAIL_REQ) 311 312/* Flags for SDH calls */ 313#define F2SYNC (SDIO_REQ_4BYTE | SDIO_REQ_FIXED) 314 315#define BRCMF_SDIO_FW_NAME "brcm/brcmfmac-sdio.bin" 316#define BRCMF_SDIO_NV_NAME "brcm/brcmfmac-sdio.txt" 317MODULE_FIRMWARE(BRCMF_SDIO_FW_NAME); 318MODULE_FIRMWARE(BRCMF_SDIO_NV_NAME); 319 320#define BRCMF_IDLE_IMMEDIATE (-1) /* Enter idle immediately */ 321#define BRCMF_IDLE_ACTIVE 0 /* Do not request any SD clock change 322 * when idle 323 */ 324#define BRCMF_IDLE_INTERVAL 1 325 326/* 327 * Conversion of 802.1D priority to precedence level 328 */ 329static uint prio2prec(u32 prio) 330{ 331 return (prio == PRIO_8021D_NONE || prio == PRIO_8021D_BE) ? 332 (prio^2) : prio; 333} 334 335/* core registers */ 336struct sdpcmd_regs { 337 u32 corecontrol; /* 0x00, rev8 */ 338 u32 corestatus; /* rev8 */ 339 u32 PAD[1]; 340 u32 biststatus; /* rev8 */ 341 342 /* PCMCIA access */ 343 u16 pcmciamesportaladdr; /* 0x010, rev8 */ 344 u16 PAD[1]; 345 u16 pcmciamesportalmask; /* rev8 */ 346 u16 PAD[1]; 347 u16 pcmciawrframebc; /* rev8 */ 348 u16 PAD[1]; 349 u16 pcmciaunderflowtimer; /* rev8 */ 350 u16 PAD[1]; 351 352 /* interrupt */ 353 u32 intstatus; /* 0x020, rev8 */ 354 u32 hostintmask; /* rev8 */ 355 u32 intmask; /* rev8 */ 356 u32 sbintstatus; /* rev8 */ 357 u32 sbintmask; /* rev8 */ 358 u32 funcintmask; /* rev4 */ 359 u32 PAD[2]; 360 u32 tosbmailbox; /* 0x040, rev8 */ 361 u32 tohostmailbox; /* rev8 */ 362 u32 tosbmailboxdata; /* rev8 */ 363 u32 tohostmailboxdata; /* rev8 */ 364 365 /* synchronized access to registers in SDIO clock domain */ 366 u32 sdioaccess; /* 0x050, rev8 */ 367 u32 PAD[3]; 368 369 /* PCMCIA frame control */ 370 u8 pcmciaframectrl; /* 0x060, rev8 */ 371 u8 PAD[3]; 372 u8 pcmciawatermark; /* rev8 */ 373 u8 PAD[155]; 374 375 /* interrupt batching control */ 376 u32 intrcvlazy; /* 0x100, rev8 */ 377 u32 PAD[3]; 378 379 /* counters */ 380 u32 cmd52rd; /* 0x110, rev8 */ 381 u32 cmd52wr; /* rev8 */ 382 u32 cmd53rd; /* rev8 */ 383 u32 cmd53wr; /* rev8 */ 384 u32 abort; /* rev8 */ 385 u32 datacrcerror; /* rev8 */ 386 u32 rdoutofsync; /* rev8 */ 387 u32 wroutofsync; /* rev8 */ 388 u32 writebusy; /* rev8 */ 389 u32 readwait; /* rev8 */ 390 u32 readterm; /* rev8 */ 391 u32 writeterm; /* rev8 */ 392 u32 PAD[40]; 393 u32 clockctlstatus; /* rev8 */ 394 u32 PAD[7]; 395 396 u32 PAD[128]; /* DMA engines */ 397 398 /* SDIO/PCMCIA CIS region */ 399 char cis[512]; /* 0x400-0x5ff, rev6 */ 400 401 /* PCMCIA function control registers */ 402 char pcmciafcr[256]; /* 0x600-6ff, rev6 */ 403 u16 PAD[55]; 404 405 /* PCMCIA backplane access */ 406 u16 backplanecsr; /* 0x76E, rev6 */ 407 u16 backplaneaddr0; /* rev6 */ 408 u16 backplaneaddr1; /* rev6 */ 409 u16 backplaneaddr2; /* rev6 */ 410 u16 backplaneaddr3; /* rev6 */ 411 u16 backplanedata0; /* rev6 */ 412 u16 backplanedata1; /* rev6 */ 413 u16 backplanedata2; /* rev6 */ 414 u16 backplanedata3; /* rev6 */ 415 u16 PAD[31]; 416 417 /* sprom "size" & "blank" info */ 418 u16 spromstatus; /* 0x7BE, rev2 */ 419 u32 PAD[464]; 420 421 u16 PAD[0x80]; 422}; 423 424#ifdef DEBUG 425/* Device console log buffer state */ 426struct brcmf_console { 427 uint count; /* Poll interval msec counter */ 428 uint log_addr; /* Log struct address (fixed) */ 429 struct rte_log_le log_le; /* Log struct (host copy) */ 430 uint bufsize; /* Size of log buffer */ 431 u8 *buf; /* Log buffer (host copy) */ 432 uint last; /* Last buffer read index */ 433}; 434 435struct brcmf_trap_info { 436 __le32 type; 437 __le32 epc; 438 __le32 cpsr; 439 __le32 spsr; 440 __le32 r0; /* a1 */ 441 __le32 r1; /* a2 */ 442 __le32 r2; /* a3 */ 443 __le32 r3; /* a4 */ 444 __le32 r4; /* v1 */ 445 __le32 r5; /* v2 */ 446 __le32 r6; /* v3 */ 447 __le32 r7; /* v4 */ 448 __le32 r8; /* v5 */ 449 __le32 r9; /* sb/v6 */ 450 __le32 r10; /* sl/v7 */ 451 __le32 r11; /* fp/v8 */ 452 __le32 r12; /* ip */ 453 __le32 r13; /* sp */ 454 __le32 r14; /* lr */ 455 __le32 pc; /* r15 */ 456}; 457#endif /* DEBUG */ 458 459struct sdpcm_shared { 460 u32 flags; 461 u32 trap_addr; 462 u32 assert_exp_addr; 463 u32 assert_file_addr; 464 u32 assert_line; 465 u32 console_addr; /* Address of struct rte_console */ 466 u32 msgtrace_addr; 467 u8 tag[32]; 468 u32 brpt_addr; 469}; 470 471struct sdpcm_shared_le { 472 __le32 flags; 473 __le32 trap_addr; 474 __le32 assert_exp_addr; 475 __le32 assert_file_addr; 476 __le32 assert_line; 477 __le32 console_addr; /* Address of struct rte_console */ 478 __le32 msgtrace_addr; 479 u8 tag[32]; 480 __le32 brpt_addr; 481}; 482 483/* SDIO read frame info */ 484struct brcmf_sdio_read { 485 u8 seq_num; 486 u8 channel; 487 u16 len; 488 u16 len_left; 489 u16 len_nxtfrm; 490 u8 dat_offset; 491}; 492 493/* misc chip info needed by some of the routines */ 494/* Private data for SDIO bus interaction */ 495struct brcmf_sdio { 496 struct brcmf_sdio_dev *sdiodev; /* sdio device handler */ 497 struct chip_info *ci; /* Chip info struct */ 498 char *vars; /* Variables (from CIS and/or other) */ 499 uint varsz; /* Size of variables buffer */ 500 501 u32 ramsize; /* Size of RAM in SOCRAM (bytes) */ 502 503 u32 hostintmask; /* Copy of Host Interrupt Mask */ 504 atomic_t intstatus; /* Intstatus bits (events) pending */ 505 atomic_t fcstate; /* State of dongle flow-control */ 506 507 uint blocksize; /* Block size of SDIO transfers */ 508 uint roundup; /* Max roundup limit */ 509 510 struct pktq txq; /* Queue length used for flow-control */ 511 u8 flowcontrol; /* per prio flow control bitmask */ 512 u8 tx_seq; /* Transmit sequence number (next) */ 513 u8 tx_max; /* Maximum transmit sequence allowed */ 514 515 u8 hdrbuf[MAX_HDR_READ + BRCMF_SDALIGN]; 516 u8 *rxhdr; /* Header of current rx frame (in hdrbuf) */ 517 u8 rx_seq; /* Receive sequence number (expected) */ 518 struct brcmf_sdio_read cur_read; 519 /* info of current read frame */ 520 bool rxskip; /* Skip receive (awaiting NAK ACK) */ 521 bool rxpending; /* Data frame pending in dongle */ 522 523 uint rxbound; /* Rx frames to read before resched */ 524 uint txbound; /* Tx frames to send before resched */ 525 uint txminmax; 526 527 struct sk_buff *glomd; /* Packet containing glomming descriptor */ 528 struct sk_buff_head glom; /* Packet list for glommed superframe */ 529 uint glomerr; /* Glom packet read errors */ 530 531 u8 *rxbuf; /* Buffer for receiving control packets */ 532 uint rxblen; /* Allocated length of rxbuf */ 533 u8 *rxctl; /* Aligned pointer into rxbuf */ 534 u8 *rxctl_orig; /* pointer for freeing rxctl */ 535 u8 *databuf; /* Buffer for receiving big glom packet */ 536 u8 *dataptr; /* Aligned pointer into databuf */ 537 uint rxlen; /* Length of valid data in buffer */ 538 spinlock_t rxctl_lock; /* protection lock for ctrl frame resources */ 539 540 u8 sdpcm_ver; /* Bus protocol reported by dongle */ 541 542 bool intr; /* Use interrupts */ 543 bool poll; /* Use polling */ 544 atomic_t ipend; /* Device interrupt is pending */ 545 uint spurious; /* Count of spurious interrupts */ 546 uint pollrate; /* Ticks between device polls */ 547 uint polltick; /* Tick counter */ 548 549#ifdef DEBUG 550 uint console_interval; 551 struct brcmf_console console; /* Console output polling support */ 552 uint console_addr; /* Console address from shared struct */ 553#endif /* DEBUG */ 554 555 uint clkstate; /* State of sd and backplane clock(s) */ 556 bool activity; /* Activity flag for clock down */ 557 s32 idletime; /* Control for activity timeout */ 558 s32 idlecount; /* Activity timeout counter */ 559 s32 idleclock; /* How to set bus driver when idle */ 560 s32 sd_rxchain; 561 bool use_rxchain; /* If brcmf should use PKT chains */ 562 bool rxflow_mode; /* Rx flow control mode */ 563 bool rxflow; /* Is rx flow control on */ 564 bool alp_only; /* Don't use HT clock (ALP only) */ 565 566 u8 *ctrl_frame_buf; 567 u32 ctrl_frame_len; 568 bool ctrl_frame_stat; 569 570 spinlock_t txqlock; 571 wait_queue_head_t ctrl_wait; 572 wait_queue_head_t dcmd_resp_wait; 573 574 struct timer_list timer; 575 struct completion watchdog_wait; 576 struct task_struct *watchdog_tsk; 577 bool wd_timer_valid; 578 uint save_ms; 579 580 struct workqueue_struct *brcmf_wq; 581 struct work_struct datawork; 582 struct list_head dpc_tsklst; 583 spinlock_t dpc_tl_lock; 584 585 const struct firmware *firmware; 586 u32 fw_ptr; 587 588 bool txoff; /* Transmit flow-controlled */ 589 struct brcmf_sdio_count sdcnt; 590}; 591 592/* clkstate */ 593#define CLK_NONE 0 594#define CLK_SDONLY 1 595#define CLK_PENDING 2 /* Not used yet */ 596#define CLK_AVAIL 3 597 598#ifdef DEBUG 599static int qcount[NUMPRIO]; 600static int tx_packets[NUMPRIO]; 601#endif /* DEBUG */ 602 603#define SDIO_DRIVE_STRENGTH 6 /* in milliamps */ 604 605#define RETRYCHAN(chan) ((chan) == SDPCM_EVENT_CHANNEL) 606 607/* Retry count for register access failures */ 608static const uint retry_limit = 2; 609 610/* Limit on rounding up frames */ 611static const uint max_roundup = 512; 612 613#define ALIGNMENT 4 614 615enum brcmf_sdio_frmtype { 616 BRCMF_SDIO_FT_NORMAL, 617 BRCMF_SDIO_FT_SUPER, 618 BRCMF_SDIO_FT_SUB, 619}; 620 621static void pkt_align(struct sk_buff *p, int len, int align) 622{ 623 uint datalign; 624 datalign = (unsigned long)(p->data); 625 datalign = roundup(datalign, (align)) - datalign; 626 if (datalign) 627 skb_pull(p, datalign); 628 __skb_trim(p, len); 629} 630 631/* To check if there's window offered */ 632static bool data_ok(struct brcmf_sdio *bus) 633{ 634 return (u8)(bus->tx_max - bus->tx_seq) != 0 && 635 ((u8)(bus->tx_max - bus->tx_seq) & 0x80) == 0; 636} 637 638/* 639 * Reads a register in the SDIO hardware block. This block occupies a series of 640 * adresses on the 32 bit backplane bus. 641 */ 642static int 643r_sdreg32(struct brcmf_sdio *bus, u32 *regvar, u32 offset) 644{ 645 u8 idx = brcmf_sdio_chip_getinfidx(bus->ci, BCMA_CORE_SDIO_DEV); 646 int ret; 647 648 *regvar = brcmf_sdio_regrl(bus->sdiodev, 649 bus->ci->c_inf[idx].base + offset, &ret); 650 651 return ret; 652} 653 654static int 655w_sdreg32(struct brcmf_sdio *bus, u32 regval, u32 reg_offset) 656{ 657 u8 idx = brcmf_sdio_chip_getinfidx(bus->ci, BCMA_CORE_SDIO_DEV); 658 int ret; 659 660 brcmf_sdio_regwl(bus->sdiodev, 661 bus->ci->c_inf[idx].base + reg_offset, 662 regval, &ret); 663 664 return ret; 665} 666 667#define PKT_AVAILABLE() (intstatus & I_HMB_FRAME_IND) 668 669#define HOSTINTMASK (I_HMB_SW_MASK | I_CHIPACTIVE) 670 671/* Turn backplane clock on or off */ 672static int brcmf_sdbrcm_htclk(struct brcmf_sdio *bus, bool on, bool pendok) 673{ 674 int err; 675 u8 clkctl, clkreq, devctl; 676 unsigned long timeout; 677 678 brcmf_dbg(TRACE, "Enter\n"); 679 680 clkctl = 0; 681 682 if (on) { 683 /* Request HT Avail */ 684 clkreq = 685 bus->alp_only ? SBSDIO_ALP_AVAIL_REQ : SBSDIO_HT_AVAIL_REQ; 686 687 brcmf_sdio_regwb(bus->sdiodev, SBSDIO_FUNC1_CHIPCLKCSR, 688 clkreq, &err); 689 if (err) { 690 brcmf_err("HT Avail request error: %d\n", err); 691 return -EBADE; 692 } 693 694 /* Check current status */ 695 clkctl = brcmf_sdio_regrb(bus->sdiodev, 696 SBSDIO_FUNC1_CHIPCLKCSR, &err); 697 if (err) { 698 brcmf_err("HT Avail read error: %d\n", err); 699 return -EBADE; 700 } 701 702 /* Go to pending and await interrupt if appropriate */ 703 if (!SBSDIO_CLKAV(clkctl, bus->alp_only) && pendok) { 704 /* Allow only clock-available interrupt */ 705 devctl = brcmf_sdio_regrb(bus->sdiodev, 706 SBSDIO_DEVICE_CTL, &err); 707 if (err) { 708 brcmf_err("Devctl error setting CA: %d\n", 709 err); 710 return -EBADE; 711 } 712 713 devctl |= SBSDIO_DEVCTL_CA_INT_ONLY; 714 brcmf_sdio_regwb(bus->sdiodev, SBSDIO_DEVICE_CTL, 715 devctl, &err); 716 brcmf_dbg(INFO, "CLKCTL: set PENDING\n"); 717 bus->clkstate = CLK_PENDING; 718 719 return 0; 720 } else if (bus->clkstate == CLK_PENDING) { 721 /* Cancel CA-only interrupt filter */ 722 devctl = brcmf_sdio_regrb(bus->sdiodev, 723 SBSDIO_DEVICE_CTL, &err); 724 devctl &= ~SBSDIO_DEVCTL_CA_INT_ONLY; 725 brcmf_sdio_regwb(bus->sdiodev, SBSDIO_DEVICE_CTL, 726 devctl, &err); 727 } 728 729 /* Otherwise, wait here (polling) for HT Avail */ 730 timeout = jiffies + 731 msecs_to_jiffies(PMU_MAX_TRANSITION_DLY/1000); 732 while (!SBSDIO_CLKAV(clkctl, bus->alp_only)) { 733 clkctl = brcmf_sdio_regrb(bus->sdiodev, 734 SBSDIO_FUNC1_CHIPCLKCSR, 735 &err); 736 if (time_after(jiffies, timeout)) 737 break; 738 else 739 usleep_range(5000, 10000); 740 } 741 if (err) { 742 brcmf_err("HT Avail request error: %d\n", err); 743 return -EBADE; 744 } 745 if (!SBSDIO_CLKAV(clkctl, bus->alp_only)) { 746 brcmf_err("HT Avail timeout (%d): clkctl 0x%02x\n", 747 PMU_MAX_TRANSITION_DLY, clkctl); 748 return -EBADE; 749 } 750 751 /* Mark clock available */ 752 bus->clkstate = CLK_AVAIL; 753 brcmf_dbg(INFO, "CLKCTL: turned ON\n"); 754 755#if defined(DEBUG) 756 if (!bus->alp_only) { 757 if (SBSDIO_ALPONLY(clkctl)) 758 brcmf_err("HT Clock should be on\n"); 759 } 760#endif /* defined (DEBUG) */ 761 762 bus->activity = true; 763 } else { 764 clkreq = 0; 765 766 if (bus->clkstate == CLK_PENDING) { 767 /* Cancel CA-only interrupt filter */ 768 devctl = brcmf_sdio_regrb(bus->sdiodev, 769 SBSDIO_DEVICE_CTL, &err); 770 devctl &= ~SBSDIO_DEVCTL_CA_INT_ONLY; 771 brcmf_sdio_regwb(bus->sdiodev, SBSDIO_DEVICE_CTL, 772 devctl, &err); 773 } 774 775 bus->clkstate = CLK_SDONLY; 776 brcmf_sdio_regwb(bus->sdiodev, SBSDIO_FUNC1_CHIPCLKCSR, 777 clkreq, &err); 778 brcmf_dbg(INFO, "CLKCTL: turned OFF\n"); 779 if (err) { 780 brcmf_err("Failed access turning clock off: %d\n", 781 err); 782 return -EBADE; 783 } 784 } 785 return 0; 786} 787 788/* Change idle/active SD state */ 789static int brcmf_sdbrcm_sdclk(struct brcmf_sdio *bus, bool on) 790{ 791 brcmf_dbg(TRACE, "Enter\n"); 792 793 if (on) 794 bus->clkstate = CLK_SDONLY; 795 else 796 bus->clkstate = CLK_NONE; 797 798 return 0; 799} 800 801/* Transition SD and backplane clock readiness */ 802static int brcmf_sdbrcm_clkctl(struct brcmf_sdio *bus, uint target, bool pendok) 803{ 804#ifdef DEBUG 805 uint oldstate = bus->clkstate; 806#endif /* DEBUG */ 807 808 brcmf_dbg(TRACE, "Enter\n"); 809 810 /* Early exit if we're already there */ 811 if (bus->clkstate == target) { 812 if (target == CLK_AVAIL) { 813 brcmf_sdbrcm_wd_timer(bus, BRCMF_WD_POLL_MS); 814 bus->activity = true; 815 } 816 return 0; 817 } 818 819 switch (target) { 820 case CLK_AVAIL: 821 /* Make sure SD clock is available */ 822 if (bus->clkstate == CLK_NONE) 823 brcmf_sdbrcm_sdclk(bus, true); 824 /* Now request HT Avail on the backplane */ 825 brcmf_sdbrcm_htclk(bus, true, pendok); 826 brcmf_sdbrcm_wd_timer(bus, BRCMF_WD_POLL_MS); 827 bus->activity = true; 828 break; 829 830 case CLK_SDONLY: 831 /* Remove HT request, or bring up SD clock */ 832 if (bus->clkstate == CLK_NONE) 833 brcmf_sdbrcm_sdclk(bus, true); 834 else if (bus->clkstate == CLK_AVAIL) 835 brcmf_sdbrcm_htclk(bus, false, false); 836 else 837 brcmf_err("request for %d -> %d\n", 838 bus->clkstate, target); 839 brcmf_sdbrcm_wd_timer(bus, BRCMF_WD_POLL_MS); 840 break; 841 842 case CLK_NONE: 843 /* Make sure to remove HT request */ 844 if (bus->clkstate == CLK_AVAIL) 845 brcmf_sdbrcm_htclk(bus, false, false); 846 /* Now remove the SD clock */ 847 brcmf_sdbrcm_sdclk(bus, false); 848 brcmf_sdbrcm_wd_timer(bus, 0); 849 break; 850 } 851#ifdef DEBUG 852 brcmf_dbg(INFO, "%d -> %d\n", oldstate, bus->clkstate); 853#endif /* DEBUG */ 854 855 return 0; 856} 857 858static u32 brcmf_sdbrcm_hostmail(struct brcmf_sdio *bus) 859{ 860 u32 intstatus = 0; 861 u32 hmb_data; 862 u8 fcbits; 863 int ret; 864 865 brcmf_dbg(TRACE, "Enter\n"); 866 867 /* Read mailbox data and ack that we did so */ 868 ret = r_sdreg32(bus, &hmb_data, 869 offsetof(struct sdpcmd_regs, tohostmailboxdata)); 870 871 if (ret == 0) 872 w_sdreg32(bus, SMB_INT_ACK, 873 offsetof(struct sdpcmd_regs, tosbmailbox)); 874 bus->sdcnt.f1regdata += 2; 875 876 /* Dongle recomposed rx frames, accept them again */ 877 if (hmb_data & HMB_DATA_NAKHANDLED) { 878 brcmf_dbg(INFO, "Dongle reports NAK handled, expect rtx of %d\n", 879 bus->rx_seq); 880 if (!bus->rxskip) 881 brcmf_err("unexpected NAKHANDLED!\n"); 882 883 bus->rxskip = false; 884 intstatus |= I_HMB_FRAME_IND; 885 } 886 887 /* 888 * DEVREADY does not occur with gSPI. 889 */ 890 if (hmb_data & (HMB_DATA_DEVREADY | HMB_DATA_FWREADY)) { 891 bus->sdpcm_ver = 892 (hmb_data & HMB_DATA_VERSION_MASK) >> 893 HMB_DATA_VERSION_SHIFT; 894 if (bus->sdpcm_ver != SDPCM_PROT_VERSION) 895 brcmf_err("Version mismatch, dongle reports %d, " 896 "expecting %d\n", 897 bus->sdpcm_ver, SDPCM_PROT_VERSION); 898 else 899 brcmf_dbg(INFO, "Dongle ready, protocol version %d\n", 900 bus->sdpcm_ver); 901 } 902 903 /* 904 * Flow Control has been moved into the RX headers and this out of band 905 * method isn't used any more. 906 * remaining backward compatible with older dongles. 907 */ 908 if (hmb_data & HMB_DATA_FC) { 909 fcbits = (hmb_data & HMB_DATA_FCDATA_MASK) >> 910 HMB_DATA_FCDATA_SHIFT; 911 912 if (fcbits & ~bus->flowcontrol) 913 bus->sdcnt.fc_xoff++; 914 915 if (bus->flowcontrol & ~fcbits) 916 bus->sdcnt.fc_xon++; 917 918 bus->sdcnt.fc_rcvd++; 919 bus->flowcontrol = fcbits; 920 } 921 922 /* Shouldn't be any others */ 923 if (hmb_data & ~(HMB_DATA_DEVREADY | 924 HMB_DATA_NAKHANDLED | 925 HMB_DATA_FC | 926 HMB_DATA_FWREADY | 927 HMB_DATA_FCDATA_MASK | HMB_DATA_VERSION_MASK)) 928 brcmf_err("Unknown mailbox data content: 0x%02x\n", 929 hmb_data); 930 931 return intstatus; 932} 933 934static void brcmf_sdbrcm_rxfail(struct brcmf_sdio *bus, bool abort, bool rtx) 935{ 936 uint retries = 0; 937 u16 lastrbc; 938 u8 hi, lo; 939 int err; 940 941 brcmf_err("%sterminate frame%s\n", 942 abort ? "abort command, " : "", 943 rtx ? ", send NAK" : ""); 944 945 if (abort) 946 brcmf_sdcard_abort(bus->sdiodev, SDIO_FUNC_2); 947 948 brcmf_sdio_regwb(bus->sdiodev, SBSDIO_FUNC1_FRAMECTRL, 949 SFC_RF_TERM, &err); 950 bus->sdcnt.f1regdata++; 951 952 /* Wait until the packet has been flushed (device/FIFO stable) */ 953 for (lastrbc = retries = 0xffff; retries > 0; retries--) { 954 hi = brcmf_sdio_regrb(bus->sdiodev, 955 SBSDIO_FUNC1_RFRAMEBCHI, &err); 956 lo = brcmf_sdio_regrb(bus->sdiodev, 957 SBSDIO_FUNC1_RFRAMEBCLO, &err); 958 bus->sdcnt.f1regdata += 2; 959 960 if ((hi == 0) && (lo == 0)) 961 break; 962 963 if ((hi > (lastrbc >> 8)) && (lo > (lastrbc & 0x00ff))) { 964 brcmf_err("count growing: last 0x%04x now 0x%04x\n", 965 lastrbc, (hi << 8) + lo); 966 } 967 lastrbc = (hi << 8) + lo; 968 } 969 970 if (!retries) 971 brcmf_err("count never zeroed: last 0x%04x\n", lastrbc); 972 else 973 brcmf_dbg(INFO, "flush took %d iterations\n", 0xffff - retries); 974 975 if (rtx) { 976 bus->sdcnt.rxrtx++; 977 err = w_sdreg32(bus, SMB_NAK, 978 offsetof(struct sdpcmd_regs, tosbmailbox)); 979 980 bus->sdcnt.f1regdata++; 981 if (err == 0) 982 bus->rxskip = true; 983 } 984 985 /* Clear partial in any case */ 986 bus->cur_read.len = 0; 987 988 /* If we can't reach the device, signal failure */ 989 if (err) 990 bus->sdiodev->bus_if->state = BRCMF_BUS_DOWN; 991} 992 993/* copy a buffer into a pkt buffer chain */ 994static uint brcmf_sdbrcm_glom_from_buf(struct brcmf_sdio *bus, uint len) 995{ 996 uint n, ret = 0; 997 struct sk_buff *p; 998 u8 *buf; 999 1000 buf = bus->dataptr; 1001 1002 /* copy the data */ 1003 skb_queue_walk(&bus->glom, p) { 1004 n = min_t(uint, p->len, len); 1005 memcpy(p->data, buf, n); 1006 buf += n; 1007 len -= n; 1008 ret += n; 1009 if (!len) 1010 break; 1011 } 1012 1013 return ret; 1014} 1015 1016/* return total length of buffer chain */ 1017static uint brcmf_sdbrcm_glom_len(struct brcmf_sdio *bus) 1018{ 1019 struct sk_buff *p; 1020 uint total; 1021 1022 total = 0; 1023 skb_queue_walk(&bus->glom, p) 1024 total += p->len; 1025 return total; 1026} 1027 1028static void brcmf_sdbrcm_free_glom(struct brcmf_sdio *bus) 1029{ 1030 struct sk_buff *cur, *next; 1031 1032 skb_queue_walk_safe(&bus->glom, cur, next) { 1033 skb_unlink(cur, &bus->glom); 1034 brcmu_pkt_buf_free_skb(cur); 1035 } 1036} 1037 1038static int brcmf_sdio_hdparser(struct brcmf_sdio *bus, u8 *header, 1039 struct brcmf_sdio_read *rd, 1040 enum brcmf_sdio_frmtype type) 1041{ 1042 u16 len, checksum; 1043 u8 rx_seq, fc, tx_seq_max; 1044 1045 /* 1046 * 4 bytes hardware header (frame tag) 1047 * Byte 0~1: Frame length 1048 * Byte 2~3: Checksum, bit-wise inverse of frame length 1049 */ 1050 len = get_unaligned_le16(header); 1051 checksum = get_unaligned_le16(header + sizeof(u16)); 1052 /* All zero means no more to read */ 1053 if (!(len | checksum)) { 1054 bus->rxpending = false; 1055 return -ENODATA; 1056 } 1057 if ((u16)(~(len ^ checksum))) { 1058 brcmf_err("HW header checksum error\n"); 1059 bus->sdcnt.rx_badhdr++; 1060 brcmf_sdbrcm_rxfail(bus, false, false); 1061 return -EIO; 1062 } 1063 if (len < SDPCM_HDRLEN) { 1064 brcmf_err("HW header length error\n"); 1065 return -EPROTO; 1066 } 1067 if (type == BRCMF_SDIO_FT_SUPER && 1068 (roundup(len, bus->blocksize) != rd->len)) { 1069 brcmf_err("HW superframe header length error\n"); 1070 return -EPROTO; 1071 } 1072 if (type == BRCMF_SDIO_FT_SUB && len > rd->len) { 1073 brcmf_err("HW subframe header length error\n"); 1074 return -EPROTO; 1075 } 1076 rd->len = len; 1077 1078 /* 1079 * 8 bytes hardware header 1080 * Byte 0: Rx sequence number 1081 * Byte 1: 4 MSB Channel number, 4 LSB arbitrary flag 1082 * Byte 2: Length of next data frame 1083 * Byte 3: Data offset 1084 * Byte 4: Flow control bits 1085 * Byte 5: Maximum Sequence number allow for Tx 1086 * Byte 6~7: Reserved 1087 */ 1088 if (type == BRCMF_SDIO_FT_SUPER && 1089 SDPCM_GLOMDESC(&header[SDPCM_FRAMETAG_LEN])) { 1090 brcmf_err("Glom descriptor found in superframe head\n"); 1091 rd->len = 0; 1092 return -EINVAL; 1093 } 1094 rx_seq = SDPCM_PACKET_SEQUENCE(&header[SDPCM_FRAMETAG_LEN]); 1095 rd->channel = SDPCM_PACKET_CHANNEL(&header[SDPCM_FRAMETAG_LEN]); 1096 if (len > MAX_RX_DATASZ && rd->channel != SDPCM_CONTROL_CHANNEL && 1097 type != BRCMF_SDIO_FT_SUPER) { 1098 brcmf_err("HW header length too long\n"); 1099 bus->sdcnt.rx_toolong++; 1100 brcmf_sdbrcm_rxfail(bus, false, false); 1101 rd->len = 0; 1102 return -EPROTO; 1103 } 1104 if (type == BRCMF_SDIO_FT_SUPER && rd->channel != SDPCM_GLOM_CHANNEL) { 1105 brcmf_err("Wrong channel for superframe\n"); 1106 rd->len = 0; 1107 return -EINVAL; 1108 } 1109 if (type == BRCMF_SDIO_FT_SUB && rd->channel != SDPCM_DATA_CHANNEL && 1110 rd->channel != SDPCM_EVENT_CHANNEL) { 1111 brcmf_err("Wrong channel for subframe\n"); 1112 rd->len = 0; 1113 return -EINVAL; 1114 } 1115 rd->dat_offset = SDPCM_DOFFSET_VALUE(&header[SDPCM_FRAMETAG_LEN]); 1116 if (rd->dat_offset < SDPCM_HDRLEN || rd->dat_offset > rd->len) { 1117 brcmf_err("seq %d: bad data offset\n", rx_seq); 1118 bus->sdcnt.rx_badhdr++; 1119 brcmf_sdbrcm_rxfail(bus, false, false); 1120 rd->len = 0; 1121 return -ENXIO; 1122 } 1123 if (rd->seq_num != rx_seq) { 1124 brcmf_err("seq %d: sequence number error, expect %d\n", 1125 rx_seq, rd->seq_num); 1126 bus->sdcnt.rx_badseq++; 1127 rd->seq_num = rx_seq; 1128 } 1129 /* no need to check the reset for subframe */ 1130 if (type == BRCMF_SDIO_FT_SUB) 1131 return 0; 1132 rd->len_nxtfrm = header[SDPCM_FRAMETAG_LEN + SDPCM_NEXTLEN_OFFSET]; 1133 if (rd->len_nxtfrm << 4 > MAX_RX_DATASZ) { 1134 /* only warm for NON glom packet */ 1135 if (rd->channel != SDPCM_GLOM_CHANNEL) 1136 brcmf_err("seq %d: next length error\n", rx_seq); 1137 rd->len_nxtfrm = 0; 1138 } 1139 fc = SDPCM_FCMASK_VALUE(&header[SDPCM_FRAMETAG_LEN]); 1140 if (bus->flowcontrol != fc) { 1141 if (~bus->flowcontrol & fc) 1142 bus->sdcnt.fc_xoff++; 1143 if (bus->flowcontrol & ~fc) 1144 bus->sdcnt.fc_xon++; 1145 bus->sdcnt.fc_rcvd++; 1146 bus->flowcontrol = fc; 1147 } 1148 tx_seq_max = SDPCM_WINDOW_VALUE(&header[SDPCM_FRAMETAG_LEN]); 1149 if ((u8)(tx_seq_max - bus->tx_seq) > 0x40) { 1150 brcmf_err("seq %d: max tx seq number error\n", rx_seq); 1151 tx_seq_max = bus->tx_seq + 2; 1152 } 1153 bus->tx_max = tx_seq_max; 1154 1155 return 0; 1156} 1157 1158static u8 brcmf_sdbrcm_rxglom(struct brcmf_sdio *bus, u8 rxseq) 1159{ 1160 u16 dlen, totlen; 1161 u8 *dptr, num = 0; 1162 1163 u16 sublen; 1164 struct sk_buff *pfirst, *pnext; 1165 1166 int errcode; 1167 u8 doff, sfdoff; 1168 1169 bool usechain = bus->use_rxchain; 1170 1171 struct brcmf_sdio_read rd_new; 1172 1173 /* If packets, issue read(s) and send up packet chain */ 1174 /* Return sequence numbers consumed? */ 1175 1176 brcmf_dbg(TRACE, "start: glomd %p glom %p\n", 1177 bus->glomd, skb_peek(&bus->glom)); 1178 1179 /* If there's a descriptor, generate the packet chain */ 1180 if (bus->glomd) { 1181 pfirst = pnext = NULL; 1182 dlen = (u16) (bus->glomd->len); 1183 dptr = bus->glomd->data; 1184 if (!dlen || (dlen & 1)) { 1185 brcmf_err("bad glomd len(%d), ignore descriptor\n", 1186 dlen); 1187 dlen = 0; 1188 } 1189 1190 for (totlen = num = 0; dlen; num++) { 1191 /* Get (and move past) next length */ 1192 sublen = get_unaligned_le16(dptr); 1193 dlen -= sizeof(u16); 1194 dptr += sizeof(u16); 1195 if ((sublen < SDPCM_HDRLEN) || 1196 ((num == 0) && (sublen < (2 * SDPCM_HDRLEN)))) { 1197 brcmf_err("descriptor len %d bad: %d\n", 1198 num, sublen); 1199 pnext = NULL; 1200 break; 1201 } 1202 if (sublen % BRCMF_SDALIGN) { 1203 brcmf_err("sublen %d not multiple of %d\n", 1204 sublen, BRCMF_SDALIGN); 1205 usechain = false; 1206 } 1207 totlen += sublen; 1208 1209 /* For last frame, adjust read len so total 1210 is a block multiple */ 1211 if (!dlen) { 1212 sublen += 1213 (roundup(totlen, bus->blocksize) - totlen); 1214 totlen = roundup(totlen, bus->blocksize); 1215 } 1216 1217 /* Allocate/chain packet for next subframe */ 1218 pnext = brcmu_pkt_buf_get_skb(sublen + BRCMF_SDALIGN); 1219 if (pnext == NULL) { 1220 brcmf_err("bcm_pkt_buf_get_skb failed, num %d len %d\n", 1221 num, sublen); 1222 break; 1223 } 1224 skb_queue_tail(&bus->glom, pnext); 1225 1226 /* Adhere to start alignment requirements */ 1227 pkt_align(pnext, sublen, BRCMF_SDALIGN); 1228 } 1229 1230 /* If all allocations succeeded, save packet chain 1231 in bus structure */ 1232 if (pnext) { 1233 brcmf_dbg(GLOM, "allocated %d-byte packet chain for %d subframes\n", 1234 totlen, num); 1235 if (BRCMF_GLOM_ON() && bus->cur_read.len && 1236 totlen != bus->cur_read.len) { 1237 brcmf_dbg(GLOM, "glomdesc mismatch: nextlen %d glomdesc %d rxseq %d\n", 1238 bus->cur_read.len, totlen, rxseq); 1239 } 1240 pfirst = pnext = NULL; 1241 } else { 1242 brcmf_sdbrcm_free_glom(bus); 1243 num = 0; 1244 } 1245 1246 /* Done with descriptor packet */ 1247 brcmu_pkt_buf_free_skb(bus->glomd); 1248 bus->glomd = NULL; 1249 bus->cur_read.len = 0; 1250 } 1251 1252 /* Ok -- either we just generated a packet chain, 1253 or had one from before */ 1254 if (!skb_queue_empty(&bus->glom)) { 1255 if (BRCMF_GLOM_ON()) { 1256 brcmf_dbg(GLOM, "try superframe read, packet chain:\n"); 1257 skb_queue_walk(&bus->glom, pnext) { 1258 brcmf_dbg(GLOM, " %p: %p len 0x%04x (%d)\n", 1259 pnext, (u8 *) (pnext->data), 1260 pnext->len, pnext->len); 1261 } 1262 } 1263 1264 pfirst = skb_peek(&bus->glom); 1265 dlen = (u16) brcmf_sdbrcm_glom_len(bus); 1266 1267 /* Do an SDIO read for the superframe. Configurable iovar to 1268 * read directly into the chained packet, or allocate a large 1269 * packet and and copy into the chain. 1270 */ 1271 sdio_claim_host(bus->sdiodev->func[1]); 1272 if (usechain) { 1273 errcode = brcmf_sdcard_recv_chain(bus->sdiodev, 1274 bus->sdiodev->sbwad, 1275 SDIO_FUNC_2, F2SYNC, &bus->glom); 1276 } else if (bus->dataptr) { 1277 errcode = brcmf_sdcard_recv_buf(bus->sdiodev, 1278 bus->sdiodev->sbwad, 1279 SDIO_FUNC_2, F2SYNC, 1280 bus->dataptr, dlen); 1281 sublen = (u16) brcmf_sdbrcm_glom_from_buf(bus, dlen); 1282 if (sublen != dlen) { 1283 brcmf_err("FAILED TO COPY, dlen %d sublen %d\n", 1284 dlen, sublen); 1285 errcode = -1; 1286 } 1287 pnext = NULL; 1288 } else { 1289 brcmf_err("COULDN'T ALLOC %d-BYTE GLOM, FORCE FAILURE\n", 1290 dlen); 1291 errcode = -1; 1292 } 1293 sdio_release_host(bus->sdiodev->func[1]); 1294 bus->sdcnt.f2rxdata++; 1295 1296 /* On failure, kill the superframe, allow a couple retries */ 1297 if (errcode < 0) { 1298 brcmf_err("glom read of %d bytes failed: %d\n", 1299 dlen, errcode); 1300 1301 sdio_claim_host(bus->sdiodev->func[1]); 1302 if (bus->glomerr++ < 3) { 1303 brcmf_sdbrcm_rxfail(bus, true, true); 1304 } else { 1305 bus->glomerr = 0; 1306 brcmf_sdbrcm_rxfail(bus, true, false); 1307 bus->sdcnt.rxglomfail++; 1308 brcmf_sdbrcm_free_glom(bus); 1309 } 1310 sdio_release_host(bus->sdiodev->func[1]); 1311 return 0; 1312 } 1313 1314 brcmf_dbg_hex_dump(BRCMF_GLOM_ON(), 1315 pfirst->data, min_t(int, pfirst->len, 48), 1316 "SUPERFRAME:\n"); 1317 1318 rd_new.seq_num = rxseq; 1319 rd_new.len = dlen; 1320 sdio_claim_host(bus->sdiodev->func[1]); 1321 errcode = brcmf_sdio_hdparser(bus, pfirst->data, &rd_new, 1322 BRCMF_SDIO_FT_SUPER); 1323 sdio_release_host(bus->sdiodev->func[1]); 1324 bus->cur_read.len = rd_new.len_nxtfrm << 4; 1325 1326 /* Remove superframe header, remember offset */ 1327 skb_pull(pfirst, rd_new.dat_offset); 1328 sfdoff = rd_new.dat_offset; 1329 num = 0; 1330 1331 /* Validate all the subframe headers */ 1332 skb_queue_walk(&bus->glom, pnext) { 1333 /* leave when invalid subframe is found */ 1334 if (errcode) 1335 break; 1336 1337 rd_new.len = pnext->len; 1338 rd_new.seq_num = rxseq++; 1339 sdio_claim_host(bus->sdiodev->func[1]); 1340 errcode = brcmf_sdio_hdparser(bus, pnext->data, &rd_new, 1341 BRCMF_SDIO_FT_SUB); 1342 sdio_release_host(bus->sdiodev->func[1]); 1343 brcmf_dbg_hex_dump(BRCMF_GLOM_ON(), 1344 pnext->data, 32, "subframe:\n"); 1345 1346 num++; 1347 } 1348 1349 if (errcode) { 1350 /* Terminate frame on error, request 1351 a couple retries */ 1352 sdio_claim_host(bus->sdiodev->func[1]); 1353 if (bus->glomerr++ < 3) { 1354 /* Restore superframe header space */ 1355 skb_push(pfirst, sfdoff); 1356 brcmf_sdbrcm_rxfail(bus, true, true); 1357 } else { 1358 bus->glomerr = 0; 1359 brcmf_sdbrcm_rxfail(bus, true, false); 1360 bus->sdcnt.rxglomfail++; 1361 brcmf_sdbrcm_free_glom(bus); 1362 } 1363 sdio_release_host(bus->sdiodev->func[1]); 1364 bus->cur_read.len = 0; 1365 return 0; 1366 } 1367 1368 /* Basic SD framing looks ok - process each packet (header) */ 1369 1370 skb_queue_walk_safe(&bus->glom, pfirst, pnext) { 1371 dptr = (u8 *) (pfirst->data); 1372 sublen = get_unaligned_le16(dptr); 1373 doff = SDPCM_DOFFSET_VALUE(&dptr[SDPCM_FRAMETAG_LEN]); 1374 1375 brcmf_dbg_hex_dump(BRCMF_BYTES_ON() && BRCMF_DATA_ON(), 1376 dptr, pfirst->len, 1377 "Rx Subframe Data:\n"); 1378 1379 __skb_trim(pfirst, sublen); 1380 skb_pull(pfirst, doff); 1381 1382 if (pfirst->len == 0) { 1383 skb_unlink(pfirst, &bus->glom); 1384 brcmu_pkt_buf_free_skb(pfirst); 1385 continue; 1386 } 1387 1388 brcmf_dbg_hex_dump(BRCMF_GLOM_ON(), 1389 pfirst->data, 1390 min_t(int, pfirst->len, 32), 1391 "subframe %d to stack, %p (%p/%d) nxt/lnk %p/%p\n", 1392 bus->glom.qlen, pfirst, pfirst->data, 1393 pfirst->len, pfirst->next, 1394 pfirst->prev); 1395 } 1396 /* sent any remaining packets up */ 1397 if (bus->glom.qlen) 1398 brcmf_rx_frames(bus->sdiodev->dev, &bus->glom); 1399 1400 bus->sdcnt.rxglomframes++; 1401 bus->sdcnt.rxglompkts += bus->glom.qlen; 1402 } 1403 return num; 1404} 1405 1406static int brcmf_sdbrcm_dcmd_resp_wait(struct brcmf_sdio *bus, uint *condition, 1407 bool *pending) 1408{ 1409 DECLARE_WAITQUEUE(wait, current); 1410 int timeout = msecs_to_jiffies(DCMD_RESP_TIMEOUT); 1411 1412 /* Wait until control frame is available */ 1413 add_wait_queue(&bus->dcmd_resp_wait, &wait); 1414 set_current_state(TASK_INTERRUPTIBLE); 1415 1416 while (!(*condition) && (!signal_pending(current) && timeout)) 1417 timeout = schedule_timeout(timeout); 1418 1419 if (signal_pending(current)) 1420 *pending = true; 1421 1422 set_current_state(TASK_RUNNING); 1423 remove_wait_queue(&bus->dcmd_resp_wait, &wait); 1424 1425 return timeout; 1426} 1427 1428static int brcmf_sdbrcm_dcmd_resp_wake(struct brcmf_sdio *bus) 1429{ 1430 if (waitqueue_active(&bus->dcmd_resp_wait)) 1431 wake_up_interruptible(&bus->dcmd_resp_wait); 1432 1433 return 0; 1434} 1435static void 1436brcmf_sdbrcm_read_control(struct brcmf_sdio *bus, u8 *hdr, uint len, uint doff) 1437{ 1438 uint rdlen, pad; 1439 u8 *buf = NULL, *rbuf; 1440 int sdret; 1441 1442 brcmf_dbg(TRACE, "Enter\n"); 1443 1444 if (bus->rxblen) 1445 buf = vzalloc(bus->rxblen); 1446 if (!buf) { 1447 brcmf_err("no memory for control frame\n"); 1448 goto done; 1449 } 1450 rbuf = bus->rxbuf; 1451 pad = ((unsigned long)rbuf % BRCMF_SDALIGN); 1452 if (pad) 1453 rbuf += (BRCMF_SDALIGN - pad); 1454 1455 /* Copy the already-read portion over */ 1456 memcpy(buf, hdr, BRCMF_FIRSTREAD); 1457 if (len <= BRCMF_FIRSTREAD) 1458 goto gotpkt; 1459 1460 /* Raise rdlen to next SDIO block to avoid tail command */ 1461 rdlen = len - BRCMF_FIRSTREAD; 1462 if (bus->roundup && bus->blocksize && (rdlen > bus->blocksize)) { 1463 pad = bus->blocksize - (rdlen % bus->blocksize); 1464 if ((pad <= bus->roundup) && (pad < bus->blocksize) && 1465 ((len + pad) < bus->sdiodev->bus_if->maxctl)) 1466 rdlen += pad; 1467 } else if (rdlen % BRCMF_SDALIGN) { 1468 rdlen += BRCMF_SDALIGN - (rdlen % BRCMF_SDALIGN); 1469 } 1470 1471 /* Satisfy length-alignment requirements */ 1472 if (rdlen & (ALIGNMENT - 1)) 1473 rdlen = roundup(rdlen, ALIGNMENT); 1474 1475 /* Drop if the read is too big or it exceeds our maximum */ 1476 if ((rdlen + BRCMF_FIRSTREAD) > bus->sdiodev->bus_if->maxctl) { 1477 brcmf_err("%d-byte control read exceeds %d-byte buffer\n", 1478 rdlen, bus->sdiodev->bus_if->maxctl); 1479 brcmf_sdbrcm_rxfail(bus, false, false); 1480 goto done; 1481 } 1482 1483 if ((len - doff) > bus->sdiodev->bus_if->maxctl) { 1484 brcmf_err("%d-byte ctl frame (%d-byte ctl data) exceeds %d-byte limit\n", 1485 len, len - doff, bus->sdiodev->bus_if->maxctl); 1486 bus->sdcnt.rx_toolong++; 1487 brcmf_sdbrcm_rxfail(bus, false, false); 1488 goto done; 1489 } 1490 1491 /* Read remain of frame body */ 1492 sdret = brcmf_sdcard_recv_buf(bus->sdiodev, 1493 bus->sdiodev->sbwad, 1494 SDIO_FUNC_2, 1495 F2SYNC, rbuf, rdlen); 1496 bus->sdcnt.f2rxdata++; 1497 1498 /* Control frame failures need retransmission */ 1499 if (sdret < 0) { 1500 brcmf_err("read %d control bytes failed: %d\n", 1501 rdlen, sdret); 1502 bus->sdcnt.rxc_errors++; 1503 brcmf_sdbrcm_rxfail(bus, true, true); 1504 goto done; 1505 } else 1506 memcpy(buf + BRCMF_FIRSTREAD, rbuf, rdlen); 1507 1508gotpkt: 1509 1510 brcmf_dbg_hex_dump(BRCMF_BYTES_ON() && BRCMF_CTL_ON(), 1511 buf, len, "RxCtrl:\n"); 1512 1513 /* Point to valid data and indicate its length */ 1514 spin_lock_bh(&bus->rxctl_lock); 1515 if (bus->rxctl) { 1516 brcmf_err("last control frame is being processed.\n"); 1517 spin_unlock_bh(&bus->rxctl_lock); 1518 vfree(buf); 1519 goto done; 1520 } 1521 bus->rxctl = buf + doff; 1522 bus->rxctl_orig = buf; 1523 bus->rxlen = len - doff; 1524 spin_unlock_bh(&bus->rxctl_lock); 1525 1526done: 1527 /* Awake any waiters */ 1528 brcmf_sdbrcm_dcmd_resp_wake(bus); 1529} 1530 1531/* Pad read to blocksize for efficiency */ 1532static void brcmf_pad(struct brcmf_sdio *bus, u16 *pad, u16 *rdlen) 1533{ 1534 if (bus->roundup && bus->blocksize && *rdlen > bus->blocksize) { 1535 *pad = bus->blocksize - (*rdlen % bus->blocksize); 1536 if (*pad <= bus->roundup && *pad < bus->blocksize && 1537 *rdlen + *pad + BRCMF_FIRSTREAD < MAX_RX_DATASZ) 1538 *rdlen += *pad; 1539 } else if (*rdlen % BRCMF_SDALIGN) { 1540 *rdlen += BRCMF_SDALIGN - (*rdlen % BRCMF_SDALIGN); 1541 } 1542} 1543 1544static uint brcmf_sdio_readframes(struct brcmf_sdio *bus, uint maxframes) 1545{ 1546 struct sk_buff *pkt; /* Packet for event or data frames */ 1547 struct sk_buff_head pktlist; /* needed for bus interface */ 1548 u16 pad; /* Number of pad bytes to read */ 1549 uint rxleft = 0; /* Remaining number of frames allowed */ 1550 int sdret; /* Return code from calls */ 1551 uint rxcount = 0; /* Total frames read */ 1552 struct brcmf_sdio_read *rd = &bus->cur_read, rd_new; 1553 u8 head_read = 0; 1554 1555 brcmf_dbg(TRACE, "Enter\n"); 1556 1557 /* Not finished unless we encounter no more frames indication */ 1558 bus->rxpending = true; 1559 1560 for (rd->seq_num = bus->rx_seq, rxleft = maxframes; 1561 !bus->rxskip && rxleft && 1562 bus->sdiodev->bus_if->state != BRCMF_BUS_DOWN; 1563 rd->seq_num++, rxleft--) { 1564 1565 /* Handle glomming separately */ 1566 if (bus->glomd || !skb_queue_empty(&bus->glom)) { 1567 u8 cnt; 1568 brcmf_dbg(GLOM, "calling rxglom: glomd %p, glom %p\n", 1569 bus->glomd, skb_peek(&bus->glom)); 1570 cnt = brcmf_sdbrcm_rxglom(bus, rd->seq_num); 1571 brcmf_dbg(GLOM, "rxglom returned %d\n", cnt); 1572 rd->seq_num += cnt - 1; 1573 rxleft = (rxleft > cnt) ? (rxleft - cnt) : 1; 1574 continue; 1575 } 1576 1577 rd->len_left = rd->len; 1578 /* read header first for unknow frame length */ 1579 sdio_claim_host(bus->sdiodev->func[1]); 1580 if (!rd->len) { 1581 sdret = brcmf_sdcard_recv_buf(bus->sdiodev, 1582 bus->sdiodev->sbwad, 1583 SDIO_FUNC_2, F2SYNC, 1584 bus->rxhdr, 1585 BRCMF_FIRSTREAD); 1586 bus->sdcnt.f2rxhdrs++; 1587 if (sdret < 0) { 1588 brcmf_err("RXHEADER FAILED: %d\n", 1589 sdret); 1590 bus->sdcnt.rx_hdrfail++; 1591 brcmf_sdbrcm_rxfail(bus, true, true); 1592 sdio_release_host(bus->sdiodev->func[1]); 1593 continue; 1594 } 1595 1596 brcmf_dbg_hex_dump(BRCMF_BYTES_ON() || BRCMF_HDRS_ON(), 1597 bus->rxhdr, SDPCM_HDRLEN, 1598 "RxHdr:\n"); 1599 1600 if (brcmf_sdio_hdparser(bus, bus->rxhdr, rd, 1601 BRCMF_SDIO_FT_NORMAL)) { 1602 sdio_release_host(bus->sdiodev->func[1]); 1603 if (!bus->rxpending) 1604 break; 1605 else 1606 continue; 1607 } 1608 1609 if (rd->channel == SDPCM_CONTROL_CHANNEL) { 1610 brcmf_sdbrcm_read_control(bus, bus->rxhdr, 1611 rd->len, 1612 rd->dat_offset); 1613 /* prepare the descriptor for the next read */ 1614 rd->len = rd->len_nxtfrm << 4; 1615 rd->len_nxtfrm = 0; 1616 /* treat all packet as event if we don't know */ 1617 rd->channel = SDPCM_EVENT_CHANNEL; 1618 sdio_release_host(bus->sdiodev->func[1]); 1619 continue; 1620 } 1621 rd->len_left = rd->len > BRCMF_FIRSTREAD ? 1622 rd->len - BRCMF_FIRSTREAD : 0; 1623 head_read = BRCMF_FIRSTREAD; 1624 } 1625 1626 brcmf_pad(bus, &pad, &rd->len_left); 1627 1628 pkt = brcmu_pkt_buf_get_skb(rd->len_left + head_read + 1629 BRCMF_SDALIGN); 1630 if (!pkt) { 1631 /* Give up on data, request rtx of events */ 1632 brcmf_err("brcmu_pkt_buf_get_skb failed\n"); 1633 brcmf_sdbrcm_rxfail(bus, false, 1634 RETRYCHAN(rd->channel)); 1635 sdio_release_host(bus->sdiodev->func[1]); 1636 continue; 1637 } 1638 skb_pull(pkt, head_read); 1639 pkt_align(pkt, rd->len_left, BRCMF_SDALIGN); 1640 1641 sdret = brcmf_sdcard_recv_pkt(bus->sdiodev, bus->sdiodev->sbwad, 1642 SDIO_FUNC_2, F2SYNC, pkt); 1643 bus->sdcnt.f2rxdata++; 1644 sdio_release_host(bus->sdiodev->func[1]); 1645 1646 if (sdret < 0) { 1647 brcmf_err("read %d bytes from channel %d failed: %d\n", 1648 rd->len, rd->channel, sdret); 1649 brcmu_pkt_buf_free_skb(pkt); 1650 sdio_claim_host(bus->sdiodev->func[1]); 1651 brcmf_sdbrcm_rxfail(bus, true, 1652 RETRYCHAN(rd->channel)); 1653 sdio_release_host(bus->sdiodev->func[1]); 1654 continue; 1655 } 1656 1657 if (head_read) { 1658 skb_push(pkt, head_read); 1659 memcpy(pkt->data, bus->rxhdr, head_read); 1660 head_read = 0; 1661 } else { 1662 memcpy(bus->rxhdr, pkt->data, SDPCM_HDRLEN); 1663 rd_new.seq_num = rd->seq_num; 1664 sdio_claim_host(bus->sdiodev->func[1]); 1665 if (brcmf_sdio_hdparser(bus, bus->rxhdr, &rd_new, 1666 BRCMF_SDIO_FT_NORMAL)) { 1667 rd->len = 0; 1668 brcmu_pkt_buf_free_skb(pkt); 1669 } 1670 bus->sdcnt.rx_readahead_cnt++; 1671 if (rd->len != roundup(rd_new.len, 16)) { 1672 brcmf_err("frame length mismatch:read %d, should be %d\n", 1673 rd->len, 1674 roundup(rd_new.len, 16) >> 4); 1675 rd->len = 0; 1676 brcmf_sdbrcm_rxfail(bus, true, true); 1677 sdio_release_host(bus->sdiodev->func[1]); 1678 brcmu_pkt_buf_free_skb(pkt); 1679 continue; 1680 } 1681 sdio_release_host(bus->sdiodev->func[1]); 1682 rd->len_nxtfrm = rd_new.len_nxtfrm; 1683 rd->channel = rd_new.channel; 1684 rd->dat_offset = rd_new.dat_offset; 1685 1686 brcmf_dbg_hex_dump(!(BRCMF_BYTES_ON() && 1687 BRCMF_DATA_ON()) && 1688 BRCMF_HDRS_ON(), 1689 bus->rxhdr, SDPCM_HDRLEN, 1690 "RxHdr:\n"); 1691 1692 if (rd_new.channel == SDPCM_CONTROL_CHANNEL) { 1693 brcmf_err("readahead on control packet %d?\n", 1694 rd_new.seq_num); 1695 /* Force retry w/normal header read */ 1696 rd->len = 0; 1697 sdio_claim_host(bus->sdiodev->func[1]); 1698 brcmf_sdbrcm_rxfail(bus, false, true); 1699 sdio_release_host(bus->sdiodev->func[1]); 1700 brcmu_pkt_buf_free_skb(pkt); 1701 continue; 1702 } 1703 } 1704 1705 brcmf_dbg_hex_dump(BRCMF_BYTES_ON() && BRCMF_DATA_ON(), 1706 pkt->data, rd->len, "Rx Data:\n"); 1707 1708 /* Save superframe descriptor and allocate packet frame */ 1709 if (rd->channel == SDPCM_GLOM_CHANNEL) { 1710 if (SDPCM_GLOMDESC(&bus->rxhdr[SDPCM_FRAMETAG_LEN])) { 1711 brcmf_dbg(GLOM, "glom descriptor, %d bytes:\n", 1712 rd->len); 1713 brcmf_dbg_hex_dump(BRCMF_GLOM_ON(), 1714 pkt->data, rd->len, 1715 "Glom Data:\n"); 1716 __skb_trim(pkt, rd->len); 1717 skb_pull(pkt, SDPCM_HDRLEN); 1718 bus->glomd = pkt; 1719 } else { 1720 brcmf_err("%s: glom superframe w/o " 1721 "descriptor!\n", __func__); 1722 sdio_claim_host(bus->sdiodev->func[1]); 1723 brcmf_sdbrcm_rxfail(bus, false, false); 1724 sdio_release_host(bus->sdiodev->func[1]); 1725 } 1726 /* prepare the descriptor for the next read */ 1727 rd->len = rd->len_nxtfrm << 4; 1728 rd->len_nxtfrm = 0; 1729 /* treat all packet as event if we don't know */ 1730 rd->channel = SDPCM_EVENT_CHANNEL; 1731 continue; 1732 } 1733 1734 /* Fill in packet len and prio, deliver upward */ 1735 __skb_trim(pkt, rd->len); 1736 skb_pull(pkt, rd->dat_offset); 1737 1738 /* prepare the descriptor for the next read */ 1739 rd->len = rd->len_nxtfrm << 4; 1740 rd->len_nxtfrm = 0; 1741 /* treat all packet as event if we don't know */ 1742 rd->channel = SDPCM_EVENT_CHANNEL; 1743 1744 if (pkt->len == 0) { 1745 brcmu_pkt_buf_free_skb(pkt); 1746 continue; 1747 } 1748 1749 skb_queue_head_init(&pktlist); 1750 skb_queue_tail(&pktlist, pkt); 1751 brcmf_rx_frames(bus->sdiodev->dev, &pktlist); 1752 } 1753 1754 rxcount = maxframes - rxleft; 1755 /* Message if we hit the limit */ 1756 if (!rxleft) 1757 brcmf_dbg(DATA, "hit rx limit of %d frames\n", maxframes); 1758 else 1759 brcmf_dbg(DATA, "processed %d frames\n", rxcount); 1760 /* Back off rxseq if awaiting rtx, update rx_seq */ 1761 if (bus->rxskip) 1762 rd->seq_num--; 1763 bus->rx_seq = rd->seq_num; 1764 1765 return rxcount; 1766} 1767 1768static void 1769brcmf_sdbrcm_wait_event_wakeup(struct brcmf_sdio *bus) 1770{ 1771 if (waitqueue_active(&bus->ctrl_wait)) 1772 wake_up_interruptible(&bus->ctrl_wait); 1773 return; 1774} 1775 1776/* Writes a HW/SW header into the packet and sends it. */ 1777/* Assumes: (a) header space already there, (b) caller holds lock */ 1778static int brcmf_sdbrcm_txpkt(struct brcmf_sdio *bus, struct sk_buff *pkt, 1779 uint chan, bool free_pkt) 1780{ 1781 int ret; 1782 u8 *frame; 1783 u16 len, pad = 0; 1784 u32 swheader; 1785 struct sk_buff *new; 1786 int i; 1787 1788 brcmf_dbg(TRACE, "Enter\n"); 1789 1790 frame = (u8 *) (pkt->data); 1791 1792 /* Add alignment padding, allocate new packet if needed */ 1793 pad = ((unsigned long)frame % BRCMF_SDALIGN); 1794 if (pad) { 1795 if (skb_headroom(pkt) < pad) { 1796 brcmf_dbg(INFO, "insufficient headroom %d for %d pad\n", 1797 skb_headroom(pkt), pad); 1798 bus->sdiodev->bus_if->tx_realloc++; 1799 new = brcmu_pkt_buf_get_skb(pkt->len + BRCMF_SDALIGN); 1800 if (!new) { 1801 brcmf_err("couldn't allocate new %d-byte packet\n", 1802 pkt->len + BRCMF_SDALIGN); 1803 ret = -ENOMEM; 1804 goto done; 1805 } 1806 1807 pkt_align(new, pkt->len, BRCMF_SDALIGN); 1808 memcpy(new->data, pkt->data, pkt->len); 1809 if (free_pkt) 1810 brcmu_pkt_buf_free_skb(pkt); 1811 /* free the pkt if canned one is not used */ 1812 free_pkt = true; 1813 pkt = new; 1814 frame = (u8 *) (pkt->data); 1815 /* precondition: (frame % BRCMF_SDALIGN) == 0) */ 1816 pad = 0; 1817 } else { 1818 skb_push(pkt, pad); 1819 frame = (u8 *) (pkt->data); 1820 /* precondition: pad + SDPCM_HDRLEN <= pkt->len */ 1821 memset(frame, 0, pad + SDPCM_HDRLEN); 1822 } 1823 } 1824 /* precondition: pad < BRCMF_SDALIGN */ 1825 1826 /* Hardware tag: 2 byte len followed by 2 byte ~len check (all LE) */ 1827 len = (u16) (pkt->len); 1828 *(__le16 *) frame = cpu_to_le16(len); 1829 *(((__le16 *) frame) + 1) = cpu_to_le16(~len); 1830 1831 /* Software tag: channel, sequence number, data offset */ 1832 swheader = 1833 ((chan << SDPCM_CHANNEL_SHIFT) & SDPCM_CHANNEL_MASK) | bus->tx_seq | 1834 (((pad + 1835 SDPCM_HDRLEN) << SDPCM_DOFFSET_SHIFT) & SDPCM_DOFFSET_MASK); 1836 1837 put_unaligned_le32(swheader, frame + SDPCM_FRAMETAG_LEN); 1838 put_unaligned_le32(0, frame + SDPCM_FRAMETAG_LEN + sizeof(swheader)); 1839 1840#ifdef DEBUG 1841 tx_packets[pkt->priority]++; 1842#endif 1843 1844 brcmf_dbg_hex_dump(BRCMF_BYTES_ON() && 1845 ((BRCMF_CTL_ON() && chan == SDPCM_CONTROL_CHANNEL) || 1846 (BRCMF_DATA_ON() && chan != SDPCM_CONTROL_CHANNEL)), 1847 frame, len, "Tx Frame:\n"); 1848 brcmf_dbg_hex_dump(!(BRCMF_BYTES_ON() && 1849 ((BRCMF_CTL_ON() && 1850 chan == SDPCM_CONTROL_CHANNEL) || 1851 (BRCMF_DATA_ON() && 1852 chan != SDPCM_CONTROL_CHANNEL))) && 1853 BRCMF_HDRS_ON(), 1854 frame, min_t(u16, len, 16), "TxHdr:\n"); 1855 1856 /* Raise len to next SDIO block to eliminate tail command */ 1857 if (bus->roundup && bus->blocksize && (len > bus->blocksize)) { 1858 u16 pad = bus->blocksize - (len % bus->blocksize); 1859 if ((pad <= bus->roundup) && (pad < bus->blocksize)) 1860 len += pad; 1861 } else if (len % BRCMF_SDALIGN) { 1862 len += BRCMF_SDALIGN - (len % BRCMF_SDALIGN); 1863 } 1864 1865 /* Some controllers have trouble with odd bytes -- round to even */ 1866 if (len & (ALIGNMENT - 1)) 1867 len = roundup(len, ALIGNMENT); 1868 1869 sdio_claim_host(bus->sdiodev->func[1]); 1870 ret = brcmf_sdcard_send_pkt(bus->sdiodev, bus->sdiodev->sbwad, 1871 SDIO_FUNC_2, F2SYNC, pkt); 1872 bus->sdcnt.f2txdata++; 1873 1874 if (ret < 0) { 1875 /* On failure, abort the command and terminate the frame */ 1876 brcmf_dbg(INFO, "sdio error %d, abort command and terminate frame\n", 1877 ret); 1878 bus->sdcnt.tx_sderrs++; 1879 1880 brcmf_sdcard_abort(bus->sdiodev, SDIO_FUNC_2); 1881 brcmf_sdio_regwb(bus->sdiodev, SBSDIO_FUNC1_FRAMECTRL, 1882 SFC_WF_TERM, NULL); 1883 bus->sdcnt.f1regdata++; 1884 1885 for (i = 0; i < 3; i++) { 1886 u8 hi, lo; 1887 hi = brcmf_sdio_regrb(bus->sdiodev, 1888 SBSDIO_FUNC1_WFRAMEBCHI, NULL); 1889 lo = brcmf_sdio_regrb(bus->sdiodev, 1890 SBSDIO_FUNC1_WFRAMEBCLO, NULL); 1891 bus->sdcnt.f1regdata += 2; 1892 if ((hi == 0) && (lo == 0)) 1893 break; 1894 } 1895 1896 } 1897 sdio_release_host(bus->sdiodev->func[1]); 1898 if (ret == 0) 1899 bus->tx_seq = (bus->tx_seq + 1) % SDPCM_SEQUENCE_WRAP; 1900 1901done: 1902 /* restore pkt buffer pointer before calling tx complete routine */ 1903 skb_pull(pkt, SDPCM_HDRLEN + pad); 1904 brcmf_txcomplete(bus->sdiodev->dev, pkt, ret != 0); 1905 1906 if (free_pkt) 1907 brcmu_pkt_buf_free_skb(pkt); 1908 1909 return ret; 1910} 1911 1912static uint brcmf_sdbrcm_sendfromq(struct brcmf_sdio *bus, uint maxframes) 1913{ 1914 struct sk_buff *pkt; 1915 u32 intstatus = 0; 1916 int ret = 0, prec_out; 1917 uint cnt = 0; 1918 uint datalen; 1919 u8 tx_prec_map; 1920 1921 brcmf_dbg(TRACE, "Enter\n"); 1922 1923 tx_prec_map = ~bus->flowcontrol; 1924 1925 /* Send frames until the limit or some other event */ 1926 for (cnt = 0; (cnt < maxframes) && data_ok(bus); cnt++) { 1927 spin_lock_bh(&bus->txqlock); 1928 pkt = brcmu_pktq_mdeq(&bus->txq, tx_prec_map, &prec_out); 1929 if (pkt == NULL) { 1930 spin_unlock_bh(&bus->txqlock); 1931 break; 1932 } 1933 spin_unlock_bh(&bus->txqlock); 1934 datalen = pkt->len - SDPCM_HDRLEN; 1935 1936 ret = brcmf_sdbrcm_txpkt(bus, pkt, SDPCM_DATA_CHANNEL, true); 1937 1938 /* In poll mode, need to check for other events */ 1939 if (!bus->intr && cnt) { 1940 /* Check device status, signal pending interrupt */ 1941 sdio_claim_host(bus->sdiodev->func[1]); 1942 ret = r_sdreg32(bus, &intstatus, 1943 offsetof(struct sdpcmd_regs, 1944 intstatus)); 1945 sdio_release_host(bus->sdiodev->func[1]); 1946 bus->sdcnt.f2txdata++; 1947 if (ret != 0) 1948 break; 1949 if (intstatus & bus->hostintmask) 1950 atomic_set(&bus->ipend, 1); 1951 } 1952 } 1953 1954 /* Deflow-control stack if needed */ 1955 if ((bus->sdiodev->bus_if->state == BRCMF_BUS_DATA) && 1956 bus->txoff && (pktq_len(&bus->txq) < TXLOW)) { 1957 bus->txoff = false; 1958 brcmf_txflowblock(bus->sdiodev->dev, false); 1959 } 1960 1961 return cnt; 1962} 1963 1964static void brcmf_sdbrcm_bus_stop(struct device *dev) 1965{ 1966 u32 local_hostintmask; 1967 u8 saveclk; 1968 int err; 1969 struct brcmf_bus *bus_if = dev_get_drvdata(dev); 1970 struct brcmf_sdio_dev *sdiodev = bus_if->bus_priv.sdio; 1971 struct brcmf_sdio *bus = sdiodev->bus; 1972 1973 brcmf_dbg(TRACE, "Enter\n"); 1974 1975 if (bus->watchdog_tsk) { 1976 send_sig(SIGTERM, bus->watchdog_tsk, 1); 1977 kthread_stop(bus->watchdog_tsk); 1978 bus->watchdog_tsk = NULL; 1979 } 1980 1981 sdio_claim_host(bus->sdiodev->func[1]); 1982 1983 /* Enable clock for device interrupts */ 1984 brcmf_sdbrcm_clkctl(bus, CLK_AVAIL, false); 1985 1986 /* Disable and clear interrupts at the chip level also */ 1987 w_sdreg32(bus, 0, offsetof(struct sdpcmd_regs, hostintmask)); 1988 local_hostintmask = bus->hostintmask; 1989 bus->hostintmask = 0; 1990 1991 /* Change our idea of bus state */ 1992 bus->sdiodev->bus_if->state = BRCMF_BUS_DOWN; 1993 1994 /* Force clocks on backplane to be sure F2 interrupt propagates */ 1995 saveclk = brcmf_sdio_regrb(bus->sdiodev, 1996 SBSDIO_FUNC1_CHIPCLKCSR, &err); 1997 if (!err) { 1998 brcmf_sdio_regwb(bus->sdiodev, SBSDIO_FUNC1_CHIPCLKCSR, 1999 (saveclk | SBSDIO_FORCE_HT), &err); 2000 } 2001 if (err) 2002 brcmf_err("Failed to force clock for F2: err %d\n", err); 2003 2004 /* Turn off the bus (F2), free any pending packets */ 2005 brcmf_dbg(INTR, "disable SDIO interrupts\n"); 2006 brcmf_sdio_regwb(bus->sdiodev, SDIO_CCCR_IOEx, SDIO_FUNC_ENABLE_1, 2007 NULL); 2008 2009 /* Clear any pending interrupts now that F2 is disabled */ 2010 w_sdreg32(bus, local_hostintmask, 2011 offsetof(struct sdpcmd_regs, intstatus)); 2012 2013 /* Turn off the backplane clock (only) */ 2014 brcmf_sdbrcm_clkctl(bus, CLK_SDONLY, false); 2015 sdio_release_host(bus->sdiodev->func[1]); 2016 2017 /* Clear the data packet queues */ 2018 brcmu_pktq_flush(&bus->txq, true, NULL, NULL); 2019 2020 /* Clear any held glomming stuff */ 2021 if (bus->glomd) 2022 brcmu_pkt_buf_free_skb(bus->glomd); 2023 brcmf_sdbrcm_free_glom(bus); 2024 2025 /* Clear rx control and wake any waiters */ 2026 spin_lock_bh(&bus->rxctl_lock); 2027 bus->rxlen = 0; 2028 spin_unlock_bh(&bus->rxctl_lock); 2029 brcmf_sdbrcm_dcmd_resp_wake(bus); 2030 2031 /* Reset some F2 state stuff */ 2032 bus->rxskip = false; 2033 bus->tx_seq = bus->rx_seq = 0; 2034} 2035 2036#ifdef CONFIG_BRCMFMAC_SDIO_OOB 2037static inline void brcmf_sdbrcm_clrintr(struct brcmf_sdio *bus) 2038{ 2039 unsigned long flags; 2040 2041 spin_lock_irqsave(&bus->sdiodev->irq_en_lock, flags); 2042 if (!bus->sdiodev->irq_en && !atomic_read(&bus->ipend)) { 2043 enable_irq(bus->sdiodev->irq); 2044 bus->sdiodev->irq_en = true; 2045 } 2046 spin_unlock_irqrestore(&bus->sdiodev->irq_en_lock, flags); 2047} 2048#else 2049static inline void brcmf_sdbrcm_clrintr(struct brcmf_sdio *bus) 2050{ 2051} 2052#endif /* CONFIG_BRCMFMAC_SDIO_OOB */ 2053 2054static inline void brcmf_sdbrcm_adddpctsk(struct brcmf_sdio *bus) 2055{ 2056 struct list_head *new_hd; 2057 unsigned long flags; 2058 2059 if (in_interrupt()) 2060 new_hd = kzalloc(sizeof(struct list_head), GFP_ATOMIC); 2061 else 2062 new_hd = kzalloc(sizeof(struct list_head), GFP_KERNEL); 2063 if (new_hd == NULL) 2064 return; 2065 2066 spin_lock_irqsave(&bus->dpc_tl_lock, flags); 2067 list_add_tail(new_hd, &bus->dpc_tsklst); 2068 spin_unlock_irqrestore(&bus->dpc_tl_lock, flags); 2069} 2070 2071static int brcmf_sdio_intr_rstatus(struct brcmf_sdio *bus) 2072{ 2073 u8 idx; 2074 u32 addr; 2075 unsigned long val; 2076 int n, ret; 2077 2078 idx = brcmf_sdio_chip_getinfidx(bus->ci, BCMA_CORE_SDIO_DEV); 2079 addr = bus->ci->c_inf[idx].base + 2080 offsetof(struct sdpcmd_regs, intstatus); 2081 2082 ret = brcmf_sdio_regrw_helper(bus->sdiodev, addr, &val, false); 2083 bus->sdcnt.f1regdata++; 2084 if (ret != 0) 2085 val = 0; 2086 2087 val &= bus->hostintmask; 2088 atomic_set(&bus->fcstate, !!(val & I_HMB_FC_STATE)); 2089 2090 /* Clear interrupts */ 2091 if (val) { 2092 ret = brcmf_sdio_regrw_helper(bus->sdiodev, addr, &val, true); 2093 bus->sdcnt.f1regdata++; 2094 } 2095 2096 if (ret) { 2097 atomic_set(&bus->intstatus, 0); 2098 } else if (val) { 2099 for_each_set_bit(n, &val, 32) 2100 set_bit(n, (unsigned long *)&bus->intstatus.counter); 2101 } 2102 2103 return ret; 2104} 2105 2106static void brcmf_sdbrcm_dpc(struct brcmf_sdio *bus) 2107{ 2108 u32 newstatus = 0; 2109 unsigned long intstatus; 2110 uint rxlimit = bus->rxbound; /* Rx frames to read before resched */ 2111 uint txlimit = bus->txbound; /* Tx frames to send before resched */ 2112 uint framecnt = 0; /* Temporary counter of tx/rx frames */ 2113 int err = 0, n; 2114 2115 brcmf_dbg(TRACE, "Enter\n"); 2116 2117 sdio_claim_host(bus->sdiodev->func[1]); 2118 2119 /* If waiting for HTAVAIL, check status */ 2120 if (bus->clkstate == CLK_PENDING) { 2121 u8 clkctl, devctl = 0; 2122 2123#ifdef DEBUG 2124 /* Check for inconsistent device control */ 2125 devctl = brcmf_sdio_regrb(bus->sdiodev, 2126 SBSDIO_DEVICE_CTL, &err); 2127 if (err) { 2128 brcmf_err("error reading DEVCTL: %d\n", err); 2129 bus->sdiodev->bus_if->state = BRCMF_BUS_DOWN; 2130 } 2131#endif /* DEBUG */ 2132 2133 /* Read CSR, if clock on switch to AVAIL, else ignore */ 2134 clkctl = brcmf_sdio_regrb(bus->sdiodev, 2135 SBSDIO_FUNC1_CHIPCLKCSR, &err); 2136 if (err) { 2137 brcmf_err("error reading CSR: %d\n", 2138 err); 2139 bus->sdiodev->bus_if->state = BRCMF_BUS_DOWN; 2140 } 2141 2142 brcmf_dbg(INFO, "DPC: PENDING, devctl 0x%02x clkctl 0x%02x\n", 2143 devctl, clkctl); 2144 2145 if (SBSDIO_HTAV(clkctl)) { 2146 devctl = brcmf_sdio_regrb(bus->sdiodev, 2147 SBSDIO_DEVICE_CTL, &err); 2148 if (err) { 2149 brcmf_err("error reading DEVCTL: %d\n", 2150 err); 2151 bus->sdiodev->bus_if->state = BRCMF_BUS_DOWN; 2152 } 2153 devctl &= ~SBSDIO_DEVCTL_CA_INT_ONLY; 2154 brcmf_sdio_regwb(bus->sdiodev, SBSDIO_DEVICE_CTL, 2155 devctl, &err); 2156 if (err) { 2157 brcmf_err("error writing DEVCTL: %d\n", 2158 err); 2159 bus->sdiodev->bus_if->state = BRCMF_BUS_DOWN; 2160 } 2161 bus->clkstate = CLK_AVAIL; 2162 } 2163 } 2164 2165 /* Make sure backplane clock is on */ 2166 brcmf_sdbrcm_clkctl(bus, CLK_AVAIL, true); 2167 2168 /* Pending interrupt indicates new device status */ 2169 if (atomic_read(&bus->ipend) > 0) { 2170 atomic_set(&bus->ipend, 0); 2171 err = brcmf_sdio_intr_rstatus(bus); 2172 } 2173 2174 /* Start with leftover status bits */ 2175 intstatus = atomic_xchg(&bus->intstatus, 0); 2176 2177 /* Handle flow-control change: read new state in case our ack 2178 * crossed another change interrupt. If change still set, assume 2179 * FC ON for safety, let next loop through do the debounce. 2180 */ 2181 if (intstatus & I_HMB_FC_CHANGE) { 2182 intstatus &= ~I_HMB_FC_CHANGE; 2183 err = w_sdreg32(bus, I_HMB_FC_CHANGE, 2184 offsetof(struct sdpcmd_regs, intstatus)); 2185 2186 err = r_sdreg32(bus, &newstatus, 2187 offsetof(struct sdpcmd_regs, intstatus)); 2188 bus->sdcnt.f1regdata += 2; 2189 atomic_set(&bus->fcstate, 2190 !!(newstatus & (I_HMB_FC_STATE | I_HMB_FC_CHANGE))); 2191 intstatus |= (newstatus & bus->hostintmask); 2192 } 2193 2194 /* Handle host mailbox indication */ 2195 if (intstatus & I_HMB_HOST_INT) { 2196 intstatus &= ~I_HMB_HOST_INT; 2197 intstatus |= brcmf_sdbrcm_hostmail(bus); 2198 } 2199 2200 sdio_release_host(bus->sdiodev->func[1]); 2201 2202 /* Generally don't ask for these, can get CRC errors... */ 2203 if (intstatus & I_WR_OOSYNC) { 2204 brcmf_err("Dongle reports WR_OOSYNC\n"); 2205 intstatus &= ~I_WR_OOSYNC; 2206 } 2207 2208 if (intstatus & I_RD_OOSYNC) { 2209 brcmf_err("Dongle reports RD_OOSYNC\n"); 2210 intstatus &= ~I_RD_OOSYNC; 2211 } 2212 2213 if (intstatus & I_SBINT) { 2214 brcmf_err("Dongle reports SBINT\n"); 2215 intstatus &= ~I_SBINT; 2216 } 2217 2218 /* Would be active due to wake-wlan in gSPI */ 2219 if (intstatus & I_CHIPACTIVE) { 2220 brcmf_dbg(INFO, "Dongle reports CHIPACTIVE\n"); 2221 intstatus &= ~I_CHIPACTIVE; 2222 } 2223 2224 /* Ignore frame indications if rxskip is set */ 2225 if (bus->rxskip) 2226 intstatus &= ~I_HMB_FRAME_IND; 2227 2228 /* On frame indication, read available frames */ 2229 if (PKT_AVAILABLE() && bus->clkstate == CLK_AVAIL) { 2230 framecnt = brcmf_sdio_readframes(bus, rxlimit); 2231 if (!bus->rxpending) 2232 intstatus &= ~I_HMB_FRAME_IND; 2233 rxlimit -= min(framecnt, rxlimit); 2234 } 2235 2236 /* Keep still-pending events for next scheduling */ 2237 if (intstatus) { 2238 for_each_set_bit(n, &intstatus, 32) 2239 set_bit(n, (unsigned long *)&bus->intstatus.counter); 2240 } 2241 2242 brcmf_sdbrcm_clrintr(bus); 2243 2244 if (data_ok(bus) && bus->ctrl_frame_stat && 2245 (bus->clkstate == CLK_AVAIL)) { 2246 int i; 2247 2248 sdio_claim_host(bus->sdiodev->func[1]); 2249 err = brcmf_sdcard_send_buf(bus->sdiodev, bus->sdiodev->sbwad, 2250 SDIO_FUNC_2, F2SYNC, bus->ctrl_frame_buf, 2251 (u32) bus->ctrl_frame_len); 2252 2253 if (err < 0) { 2254 /* On failure, abort the command and 2255 terminate the frame */ 2256 brcmf_dbg(INFO, "sdio error %d, abort command and terminate frame\n", 2257 err); 2258 bus->sdcnt.tx_sderrs++; 2259 2260 brcmf_sdcard_abort(bus->sdiodev, SDIO_FUNC_2); 2261 2262 brcmf_sdio_regwb(bus->sdiodev, SBSDIO_FUNC1_FRAMECTRL, 2263 SFC_WF_TERM, &err); 2264 bus->sdcnt.f1regdata++; 2265 2266 for (i = 0; i < 3; i++) { 2267 u8 hi, lo; 2268 hi = brcmf_sdio_regrb(bus->sdiodev, 2269 SBSDIO_FUNC1_WFRAMEBCHI, 2270 &err); 2271 lo = brcmf_sdio_regrb(bus->sdiodev, 2272 SBSDIO_FUNC1_WFRAMEBCLO, 2273 &err); 2274 bus->sdcnt.f1regdata += 2; 2275 if ((hi == 0) && (lo == 0)) 2276 break; 2277 } 2278 2279 } else { 2280 bus->tx_seq = (bus->tx_seq + 1) % SDPCM_SEQUENCE_WRAP; 2281 } 2282 sdio_release_host(bus->sdiodev->func[1]); 2283 bus->ctrl_frame_stat = false; 2284 brcmf_sdbrcm_wait_event_wakeup(bus); 2285 } 2286 /* Send queued frames (limit 1 if rx may still be pending) */ 2287 else if ((bus->clkstate == CLK_AVAIL) && !atomic_read(&bus->fcstate) && 2288 brcmu_pktq_mlen(&bus->txq, ~bus->flowcontrol) && txlimit 2289 && data_ok(bus)) { 2290 framecnt = bus->rxpending ? min(txlimit, bus->txminmax) : 2291 txlimit; 2292 framecnt = brcmf_sdbrcm_sendfromq(bus, framecnt); 2293 txlimit -= framecnt; 2294 } 2295 2296 if ((bus->sdiodev->bus_if->state == BRCMF_BUS_DOWN) || (err != 0)) { 2297 brcmf_err("failed backplane access over SDIO, halting operation\n"); 2298 bus->sdiodev->bus_if->state = BRCMF_BUS_DOWN; 2299 atomic_set(&bus->intstatus, 0); 2300 } else if (atomic_read(&bus->intstatus) || 2301 atomic_read(&bus->ipend) > 0 || 2302 (!atomic_read(&bus->fcstate) && 2303 brcmu_pktq_mlen(&bus->txq, ~bus->flowcontrol) && 2304 data_ok(bus)) || PKT_AVAILABLE()) { 2305 brcmf_sdbrcm_adddpctsk(bus); 2306 } 2307 2308 /* If we're done for now, turn off clock request. */ 2309 if ((bus->clkstate != CLK_PENDING) 2310 && bus->idletime == BRCMF_IDLE_IMMEDIATE) { 2311 bus->activity = false; 2312 sdio_claim_host(bus->sdiodev->func[1]); 2313 brcmf_sdbrcm_clkctl(bus, CLK_NONE, false); 2314 sdio_release_host(bus->sdiodev->func[1]); 2315 } 2316} 2317 2318static int brcmf_sdbrcm_bus_txdata(struct device *dev, struct sk_buff *pkt) 2319{ 2320 int ret = -EBADE; 2321 uint datalen, prec; 2322 struct brcmf_bus *bus_if = dev_get_drvdata(dev); 2323 struct brcmf_sdio_dev *sdiodev = bus_if->bus_priv.sdio; 2324 struct brcmf_sdio *bus = sdiodev->bus; 2325 unsigned long flags; 2326 2327 brcmf_dbg(TRACE, "Enter\n"); 2328 2329 datalen = pkt->len; 2330 2331 /* Add space for the header */ 2332 skb_push(pkt, SDPCM_HDRLEN); 2333 /* precondition: IS_ALIGNED((unsigned long)(pkt->data), 2) */ 2334 2335 prec = prio2prec((pkt->priority & PRIOMASK)); 2336 2337 /* Check for existing queue, current flow-control, 2338 pending event, or pending clock */ 2339 brcmf_dbg(TRACE, "deferring pktq len %d\n", pktq_len(&bus->txq)); 2340 bus->sdcnt.fcqueued++; 2341 2342 /* Priority based enq */ 2343 spin_lock_bh(&bus->txqlock); 2344 if (!brcmf_c_prec_enq(bus->sdiodev->dev, &bus->txq, pkt, prec)) { 2345 skb_pull(pkt, SDPCM_HDRLEN); 2346 brcmf_txcomplete(bus->sdiodev->dev, pkt, false); 2347 brcmu_pkt_buf_free_skb(pkt); 2348 brcmf_err("out of bus->txq !!!\n"); 2349 ret = -ENOSR; 2350 } else { 2351 ret = 0; 2352 } 2353 spin_unlock_bh(&bus->txqlock); 2354 2355 if (pktq_len(&bus->txq) >= TXHI) { 2356 bus->txoff = true; 2357 brcmf_txflowblock(bus->sdiodev->dev, true); 2358 } 2359 2360#ifdef DEBUG 2361 if (pktq_plen(&bus->txq, prec) > qcount[prec]) 2362 qcount[prec] = pktq_plen(&bus->txq, prec); 2363#endif 2364 2365 spin_lock_irqsave(&bus->dpc_tl_lock, flags); 2366 if (list_empty(&bus->dpc_tsklst)) { 2367 spin_unlock_irqrestore(&bus->dpc_tl_lock, flags); 2368 2369 brcmf_sdbrcm_adddpctsk(bus); 2370 queue_work(bus->brcmf_wq, &bus->datawork); 2371 } else { 2372 spin_unlock_irqrestore(&bus->dpc_tl_lock, flags); 2373 } 2374 2375 return ret; 2376} 2377 2378static int 2379brcmf_sdbrcm_membytes(struct brcmf_sdio *bus, bool write, u32 address, u8 *data, 2380 uint size) 2381{ 2382 int bcmerror = 0; 2383 u32 sdaddr; 2384 uint dsize; 2385 2386 /* Determine initial transfer parameters */ 2387 sdaddr = address & SBSDIO_SB_OFT_ADDR_MASK; 2388 if ((sdaddr + size) & SBSDIO_SBWINDOW_MASK) 2389 dsize = (SBSDIO_SB_OFT_ADDR_LIMIT - sdaddr); 2390 else 2391 dsize = size; 2392 2393 sdio_claim_host(bus->sdiodev->func[1]); 2394 2395 /* Set the backplane window to include the start address */ 2396 bcmerror = brcmf_sdcard_set_sbaddr_window(bus->sdiodev, address); 2397 if (bcmerror) { 2398 brcmf_err("window change failed\n"); 2399 goto xfer_done; 2400 } 2401 2402 /* Do the transfer(s) */ 2403 while (size) { 2404 brcmf_dbg(INFO, "%s %d bytes at offset 0x%08x in window 0x%08x\n", 2405 write ? "write" : "read", dsize, 2406 sdaddr, address & SBSDIO_SBWINDOW_MASK); 2407 bcmerror = brcmf_sdcard_rwdata(bus->sdiodev, write, 2408 sdaddr, data, dsize); 2409 if (bcmerror) { 2410 brcmf_err("membytes transfer failed\n"); 2411 break; 2412 } 2413 2414 /* Adjust for next transfer (if any) */ 2415 size -= dsize; 2416 if (size) { 2417 data += dsize; 2418 address += dsize; 2419 bcmerror = brcmf_sdcard_set_sbaddr_window(bus->sdiodev, 2420 address); 2421 if (bcmerror) { 2422 brcmf_err("window change failed\n"); 2423 break; 2424 } 2425 sdaddr = 0; 2426 dsize = min_t(uint, SBSDIO_SB_OFT_ADDR_LIMIT, size); 2427 } 2428 } 2429 2430xfer_done: 2431 /* Return the window to backplane enumeration space for core access */ 2432 if (brcmf_sdcard_set_sbaddr_window(bus->sdiodev, bus->sdiodev->sbwad)) 2433 brcmf_err("FAILED to set window back to 0x%x\n", 2434 bus->sdiodev->sbwad); 2435 2436 sdio_release_host(bus->sdiodev->func[1]); 2437 2438 return bcmerror; 2439} 2440 2441#ifdef DEBUG 2442#define CONSOLE_LINE_MAX 192 2443 2444static int brcmf_sdbrcm_readconsole(struct brcmf_sdio *bus) 2445{ 2446 struct brcmf_console *c = &bus->console; 2447 u8 line[CONSOLE_LINE_MAX], ch; 2448 u32 n, idx, addr; 2449 int rv; 2450 2451 /* Don't do anything until FWREADY updates console address */ 2452 if (bus->console_addr == 0) 2453 return 0; 2454 2455 /* Read console log struct */ 2456 addr = bus->console_addr + offsetof(struct rte_console, log_le); 2457 rv = brcmf_sdbrcm_membytes(bus, false, addr, (u8 *)&c->log_le, 2458 sizeof(c->log_le)); 2459 if (rv < 0) 2460 return rv; 2461 2462 /* Allocate console buffer (one time only) */ 2463 if (c->buf == NULL) { 2464 c->bufsize = le32_to_cpu(c->log_le.buf_size); 2465 c->buf = kmalloc(c->bufsize, GFP_ATOMIC); 2466 if (c->buf == NULL) 2467 return -ENOMEM; 2468 } 2469 2470 idx = le32_to_cpu(c->log_le.idx); 2471 2472 /* Protect against corrupt value */ 2473 if (idx > c->bufsize) 2474 return -EBADE; 2475 2476 /* Skip reading the console buffer if the index pointer 2477 has not moved */ 2478 if (idx == c->last) 2479 return 0; 2480 2481 /* Read the console buffer */ 2482 addr = le32_to_cpu(c->log_le.buf); 2483 rv = brcmf_sdbrcm_membytes(bus, false, addr, c->buf, c->bufsize); 2484 if (rv < 0) 2485 return rv; 2486 2487 while (c->last != idx) { 2488 for (n = 0; n < CONSOLE_LINE_MAX - 2; n++) { 2489 if (c->last == idx) { 2490 /* This would output a partial line. 2491 * Instead, back up 2492 * the buffer pointer and output this 2493 * line next time around. 2494 */ 2495 if (c->last >= n) 2496 c->last -= n; 2497 else 2498 c->last = c->bufsize - n; 2499 goto break2; 2500 } 2501 ch = c->buf[c->last]; 2502 c->last = (c->last + 1) % c->bufsize; 2503 if (ch == '\n') 2504 break; 2505 line[n] = ch; 2506 } 2507 2508 if (n > 0) { 2509 if (line[n - 1] == '\r') 2510 n--; 2511 line[n] = 0; 2512 pr_debug("CONSOLE: %s\n", line); 2513 } 2514 } 2515break2: 2516 2517 return 0; 2518} 2519#endif /* DEBUG */ 2520 2521static int brcmf_tx_frame(struct brcmf_sdio *bus, u8 *frame, u16 len) 2522{ 2523 int i; 2524 int ret; 2525 2526 bus->ctrl_frame_stat = false; 2527 ret = brcmf_sdcard_send_buf(bus->sdiodev, bus->sdiodev->sbwad, 2528 SDIO_FUNC_2, F2SYNC, frame, len); 2529 2530 if (ret < 0) { 2531 /* On failure, abort the command and terminate the frame */ 2532 brcmf_dbg(INFO, "sdio error %d, abort command and terminate frame\n", 2533 ret); 2534 bus->sdcnt.tx_sderrs++; 2535 2536 brcmf_sdcard_abort(bus->sdiodev, SDIO_FUNC_2); 2537 2538 brcmf_sdio_regwb(bus->sdiodev, SBSDIO_FUNC1_FRAMECTRL, 2539 SFC_WF_TERM, NULL); 2540 bus->sdcnt.f1regdata++; 2541 2542 for (i = 0; i < 3; i++) { 2543 u8 hi, lo; 2544 hi = brcmf_sdio_regrb(bus->sdiodev, 2545 SBSDIO_FUNC1_WFRAMEBCHI, NULL); 2546 lo = brcmf_sdio_regrb(bus->sdiodev, 2547 SBSDIO_FUNC1_WFRAMEBCLO, NULL); 2548 bus->sdcnt.f1regdata += 2; 2549 if (hi == 0 && lo == 0) 2550 break; 2551 } 2552 return ret; 2553 } 2554 2555 bus->tx_seq = (bus->tx_seq + 1) % SDPCM_SEQUENCE_WRAP; 2556 2557 return ret; 2558} 2559 2560static int 2561brcmf_sdbrcm_bus_txctl(struct device *dev, unsigned char *msg, uint msglen) 2562{ 2563 u8 *frame; 2564 u16 len; 2565 u32 swheader; 2566 uint retries = 0; 2567 u8 doff = 0; 2568 int ret = -1; 2569 struct brcmf_bus *bus_if = dev_get_drvdata(dev); 2570 struct brcmf_sdio_dev *sdiodev = bus_if->bus_priv.sdio; 2571 struct brcmf_sdio *bus = sdiodev->bus; 2572 unsigned long flags; 2573 2574 brcmf_dbg(TRACE, "Enter\n"); 2575 2576 /* Back the pointer to make a room for bus header */ 2577 frame = msg - SDPCM_HDRLEN; 2578 len = (msglen += SDPCM_HDRLEN); 2579 2580 /* Add alignment padding (optional for ctl frames) */ 2581 doff = ((unsigned long)frame % BRCMF_SDALIGN); 2582 if (doff) { 2583 frame -= doff; 2584 len += doff; 2585 msglen += doff; 2586 memset(frame, 0, doff + SDPCM_HDRLEN); 2587 } 2588 /* precondition: doff < BRCMF_SDALIGN */ 2589 doff += SDPCM_HDRLEN; 2590 2591 /* Round send length to next SDIO block */ 2592 if (bus->roundup && bus->blocksize && (len > bus->blocksize)) { 2593 u16 pad = bus->blocksize - (len % bus->blocksize); 2594 if ((pad <= bus->roundup) && (pad < bus->blocksize)) 2595 len += pad; 2596 } else if (len % BRCMF_SDALIGN) { 2597 len += BRCMF_SDALIGN - (len % BRCMF_SDALIGN); 2598 } 2599 2600 /* Satisfy length-alignment requirements */ 2601 if (len & (ALIGNMENT - 1)) 2602 len = roundup(len, ALIGNMENT); 2603 2604 /* precondition: IS_ALIGNED((unsigned long)frame, 2) */ 2605 2606 /* Make sure backplane clock is on */ 2607 sdio_claim_host(bus->sdiodev->func[1]); 2608 brcmf_sdbrcm_clkctl(bus, CLK_AVAIL, false); 2609 sdio_release_host(bus->sdiodev->func[1]); 2610 2611 /* Hardware tag: 2 byte len followed by 2 byte ~len check (all LE) */ 2612 *(__le16 *) frame = cpu_to_le16((u16) msglen); 2613 *(((__le16 *) frame) + 1) = cpu_to_le16(~msglen); 2614 2615 /* Software tag: channel, sequence number, data offset */ 2616 swheader = 2617 ((SDPCM_CONTROL_CHANNEL << SDPCM_CHANNEL_SHIFT) & 2618 SDPCM_CHANNEL_MASK) 2619 | bus->tx_seq | ((doff << SDPCM_DOFFSET_SHIFT) & 2620 SDPCM_DOFFSET_MASK); 2621 put_unaligned_le32(swheader, frame + SDPCM_FRAMETAG_LEN); 2622 put_unaligned_le32(0, frame + SDPCM_FRAMETAG_LEN + sizeof(swheader)); 2623 2624 if (!data_ok(bus)) { 2625 brcmf_dbg(INFO, "No bus credit bus->tx_max %d, bus->tx_seq %d\n", 2626 bus->tx_max, bus->tx_seq); 2627 bus->ctrl_frame_stat = true; 2628 /* Send from dpc */ 2629 bus->ctrl_frame_buf = frame; 2630 bus->ctrl_frame_len = len; 2631 2632 wait_event_interruptible_timeout(bus->ctrl_wait, 2633 !bus->ctrl_frame_stat, 2634 msecs_to_jiffies(2000)); 2635 2636 if (!bus->ctrl_frame_stat) { 2637 brcmf_dbg(INFO, "ctrl_frame_stat == false\n"); 2638 ret = 0; 2639 } else { 2640 brcmf_dbg(INFO, "ctrl_frame_stat == true\n"); 2641 ret = -1; 2642 } 2643 } 2644 2645 if (ret == -1) { 2646 brcmf_dbg_hex_dump(BRCMF_BYTES_ON() && BRCMF_CTL_ON(), 2647 frame, len, "Tx Frame:\n"); 2648 brcmf_dbg_hex_dump(!(BRCMF_BYTES_ON() && BRCMF_CTL_ON()) && 2649 BRCMF_HDRS_ON(), 2650 frame, min_t(u16, len, 16), "TxHdr:\n"); 2651 2652 do { 2653 sdio_claim_host(bus->sdiodev->func[1]); 2654 ret = brcmf_tx_frame(bus, frame, len); 2655 sdio_release_host(bus->sdiodev->func[1]); 2656 } while (ret < 0 && retries++ < TXRETRIES); 2657 } 2658 2659 spin_lock_irqsave(&bus->dpc_tl_lock, flags); 2660 if ((bus->idletime == BRCMF_IDLE_IMMEDIATE) && 2661 list_empty(&bus->dpc_tsklst)) { 2662 spin_unlock_irqrestore(&bus->dpc_tl_lock, flags); 2663 2664 bus->activity = false; 2665 sdio_claim_host(bus->sdiodev->func[1]); 2666 brcmf_sdbrcm_clkctl(bus, CLK_NONE, true); 2667 sdio_release_host(bus->sdiodev->func[1]); 2668 } else { 2669 spin_unlock_irqrestore(&bus->dpc_tl_lock, flags); 2670 } 2671 2672 if (ret) 2673 bus->sdcnt.tx_ctlerrs++; 2674 else 2675 bus->sdcnt.tx_ctlpkts++; 2676 2677 return ret ? -EIO : 0; 2678} 2679 2680#ifdef DEBUG 2681static inline bool brcmf_sdio_valid_shared_address(u32 addr) 2682{ 2683 return !(addr == 0 || ((~addr >> 16) & 0xffff) == (addr & 0xffff)); 2684} 2685 2686static int brcmf_sdio_readshared(struct brcmf_sdio *bus, 2687 struct sdpcm_shared *sh) 2688{ 2689 u32 addr; 2690 int rv; 2691 u32 shaddr = 0; 2692 struct sdpcm_shared_le sh_le; 2693 __le32 addr_le; 2694 2695 shaddr = bus->ramsize - 4; 2696 2697 /* 2698 * Read last word in socram to determine 2699 * address of sdpcm_shared structure 2700 */ 2701 sdio_claim_host(bus->sdiodev->func[1]); 2702 brcmf_sdbrcm_clkctl(bus, CLK_AVAIL, false); 2703 rv = brcmf_sdbrcm_membytes(bus, false, shaddr, 2704 (u8 *)&addr_le, 4); 2705 sdio_release_host(bus->sdiodev->func[1]); 2706 if (rv < 0) 2707 return rv; 2708 2709 addr = le32_to_cpu(addr_le); 2710 2711 brcmf_dbg(INFO, "sdpcm_shared address 0x%08X\n", addr); 2712 2713 /* 2714 * Check if addr is valid. 2715 * NVRAM length at the end of memory should have been overwritten. 2716 */ 2717 if (!brcmf_sdio_valid_shared_address(addr)) { 2718 brcmf_err("invalid sdpcm_shared address 0x%08X\n", 2719 addr); 2720 return -EINVAL; 2721 } 2722 2723 /* Read hndrte_shared structure */ 2724 rv = brcmf_sdbrcm_membytes(bus, false, addr, (u8 *)&sh_le, 2725 sizeof(struct sdpcm_shared_le)); 2726 if (rv < 0) 2727 return rv; 2728 2729 /* Endianness */ 2730 sh->flags = le32_to_cpu(sh_le.flags); 2731 sh->trap_addr = le32_to_cpu(sh_le.trap_addr); 2732 sh->assert_exp_addr = le32_to_cpu(sh_le.assert_exp_addr); 2733 sh->assert_file_addr = le32_to_cpu(sh_le.assert_file_addr); 2734 sh->assert_line = le32_to_cpu(sh_le.assert_line); 2735 sh->console_addr = le32_to_cpu(sh_le.console_addr); 2736 sh->msgtrace_addr = le32_to_cpu(sh_le.msgtrace_addr); 2737 2738 if ((sh->flags & SDPCM_SHARED_VERSION_MASK) != SDPCM_SHARED_VERSION) { 2739 brcmf_err("sdpcm_shared version mismatch: dhd %d dongle %d\n", 2740 SDPCM_SHARED_VERSION, 2741 sh->flags & SDPCM_SHARED_VERSION_MASK); 2742 return -EPROTO; 2743 } 2744 2745 return 0; 2746} 2747 2748static int brcmf_sdio_dump_console(struct brcmf_sdio *bus, 2749 struct sdpcm_shared *sh, char __user *data, 2750 size_t count) 2751{ 2752 u32 addr, console_ptr, console_size, console_index; 2753 char *conbuf = NULL; 2754 __le32 sh_val; 2755 int rv; 2756 loff_t pos = 0; 2757 int nbytes = 0; 2758 2759 /* obtain console information from device memory */ 2760 addr = sh->console_addr + offsetof(struct rte_console, log_le); 2761 rv = brcmf_sdbrcm_membytes(bus, false, addr, 2762 (u8 *)&sh_val, sizeof(u32)); 2763 if (rv < 0) 2764 return rv; 2765 console_ptr = le32_to_cpu(sh_val); 2766 2767 addr = sh->console_addr + offsetof(struct rte_console, log_le.buf_size); 2768 rv = brcmf_sdbrcm_membytes(bus, false, addr, 2769 (u8 *)&sh_val, sizeof(u32)); 2770 if (rv < 0) 2771 return rv; 2772 console_size = le32_to_cpu(sh_val); 2773 2774 addr = sh->console_addr + offsetof(struct rte_console, log_le.idx); 2775 rv = brcmf_sdbrcm_membytes(bus, false, addr, 2776 (u8 *)&sh_val, sizeof(u32)); 2777 if (rv < 0) 2778 return rv; 2779 console_index = le32_to_cpu(sh_val); 2780 2781 /* allocate buffer for console data */ 2782 if (console_size <= CONSOLE_BUFFER_MAX) 2783 conbuf = vzalloc(console_size+1); 2784 2785 if (!conbuf) 2786 return -ENOMEM; 2787 2788 /* obtain the console data from device */ 2789 conbuf[console_size] = '\0'; 2790 rv = brcmf_sdbrcm_membytes(bus, false, console_ptr, (u8 *)conbuf, 2791 console_size); 2792 if (rv < 0) 2793 goto done; 2794 2795 rv = simple_read_from_buffer(data, count, &pos, 2796 conbuf + console_index, 2797 console_size - console_index); 2798 if (rv < 0) 2799 goto done; 2800 2801 nbytes = rv; 2802 if (console_index > 0) { 2803 pos = 0; 2804 rv = simple_read_from_buffer(data+nbytes, count, &pos, 2805 conbuf, console_index - 1); 2806 if (rv < 0) 2807 goto done; 2808 rv += nbytes; 2809 } 2810done: 2811 vfree(conbuf); 2812 return rv; 2813} 2814 2815static int brcmf_sdio_trap_info(struct brcmf_sdio *bus, struct sdpcm_shared *sh, 2816 char __user *data, size_t count) 2817{ 2818 int error, res; 2819 char buf[350]; 2820 struct brcmf_trap_info tr; 2821 int nbytes; 2822 loff_t pos = 0; 2823 2824 if ((sh->flags & SDPCM_SHARED_TRAP) == 0) 2825 return 0; 2826 2827 error = brcmf_sdbrcm_membytes(bus, false, sh->trap_addr, (u8 *)&tr, 2828 sizeof(struct brcmf_trap_info)); 2829 if (error < 0) 2830 return error; 2831 2832 nbytes = brcmf_sdio_dump_console(bus, sh, data, count); 2833 if (nbytes < 0) 2834 return nbytes; 2835 2836 res = scnprintf(buf, sizeof(buf), 2837 "dongle trap info: type 0x%x @ epc 0x%08x\n" 2838 " cpsr 0x%08x spsr 0x%08x sp 0x%08x\n" 2839 " lr 0x%08x pc 0x%08x offset 0x%x\n" 2840 " r0 0x%08x r1 0x%08x r2 0x%08x r3 0x%08x\n" 2841 " r4 0x%08x r5 0x%08x r6 0x%08x r7 0x%08x\n", 2842 le32_to_cpu(tr.type), le32_to_cpu(tr.epc), 2843 le32_to_cpu(tr.cpsr), le32_to_cpu(tr.spsr), 2844 le32_to_cpu(tr.r13), le32_to_cpu(tr.r14), 2845 le32_to_cpu(tr.pc), sh->trap_addr, 2846 le32_to_cpu(tr.r0), le32_to_cpu(tr.r1), 2847 le32_to_cpu(tr.r2), le32_to_cpu(tr.r3), 2848 le32_to_cpu(tr.r4), le32_to_cpu(tr.r5), 2849 le32_to_cpu(tr.r6), le32_to_cpu(tr.r7)); 2850 2851 error = simple_read_from_buffer(data+nbytes, count, &pos, buf, res); 2852 if (error < 0) 2853 return error; 2854 2855 nbytes += error; 2856 return nbytes; 2857} 2858 2859static int brcmf_sdio_assert_info(struct brcmf_sdio *bus, 2860 struct sdpcm_shared *sh, char __user *data, 2861 size_t count) 2862{ 2863 int error = 0; 2864 char buf[200]; 2865 char file[80] = "?"; 2866 char expr[80] = "<???>"; 2867 int res; 2868 loff_t pos = 0; 2869 2870 if ((sh->flags & SDPCM_SHARED_ASSERT_BUILT) == 0) { 2871 brcmf_dbg(INFO, "firmware not built with -assert\n"); 2872 return 0; 2873 } else if ((sh->flags & SDPCM_SHARED_ASSERT) == 0) { 2874 brcmf_dbg(INFO, "no assert in dongle\n"); 2875 return 0; 2876 } 2877 2878 sdio_claim_host(bus->sdiodev->func[1]); 2879 if (sh->assert_file_addr != 0) { 2880 error = brcmf_sdbrcm_membytes(bus, false, sh->assert_file_addr, 2881 (u8 *)file, 80); 2882 if (error < 0) 2883 return error; 2884 } 2885 if (sh->assert_exp_addr != 0) { 2886 error = brcmf_sdbrcm_membytes(bus, false, sh->assert_exp_addr, 2887 (u8 *)expr, 80); 2888 if (error < 0) 2889 return error; 2890 } 2891 sdio_release_host(bus->sdiodev->func[1]); 2892 2893 res = scnprintf(buf, sizeof(buf), 2894 "dongle assert: %s:%d: assert(%s)\n", 2895 file, sh->assert_line, expr); 2896 return simple_read_from_buffer(data, count, &pos, buf, res); 2897} 2898 2899static int brcmf_sdbrcm_checkdied(struct brcmf_sdio *bus) 2900{ 2901 int error; 2902 struct sdpcm_shared sh; 2903 2904 error = brcmf_sdio_readshared(bus, &sh); 2905 2906 if (error < 0) 2907 return error; 2908 2909 if ((sh.flags & SDPCM_SHARED_ASSERT_BUILT) == 0) 2910 brcmf_dbg(INFO, "firmware not built with -assert\n"); 2911 else if (sh.flags & SDPCM_SHARED_ASSERT) 2912 brcmf_err("assertion in dongle\n"); 2913 2914 if (sh.flags & SDPCM_SHARED_TRAP) 2915 brcmf_err("firmware trap in dongle\n"); 2916 2917 return 0; 2918} 2919 2920static int brcmf_sdbrcm_died_dump(struct brcmf_sdio *bus, char __user *data, 2921 size_t count, loff_t *ppos) 2922{ 2923 int error = 0; 2924 struct sdpcm_shared sh; 2925 int nbytes = 0; 2926 loff_t pos = *ppos; 2927 2928 if (pos != 0) 2929 return 0; 2930 2931 error = brcmf_sdio_readshared(bus, &sh); 2932 if (error < 0) 2933 goto done; 2934 2935 error = brcmf_sdio_assert_info(bus, &sh, data, count); 2936 if (error < 0) 2937 goto done; 2938 2939 nbytes = error; 2940 error = brcmf_sdio_trap_info(bus, &sh, data, count); 2941 if (error < 0) 2942 goto done; 2943 2944 error += nbytes; 2945 *ppos += error; 2946done: 2947 return error; 2948} 2949 2950static ssize_t brcmf_sdio_forensic_read(struct file *f, char __user *data, 2951 size_t count, loff_t *ppos) 2952{ 2953 struct brcmf_sdio *bus = f->private_data; 2954 int res; 2955 2956 res = brcmf_sdbrcm_died_dump(bus, data, count, ppos); 2957 if (res > 0) 2958 *ppos += res; 2959 return (ssize_t)res; 2960} 2961 2962static const struct file_operations brcmf_sdio_forensic_ops = { 2963 .owner = THIS_MODULE, 2964 .open = simple_open, 2965 .read = brcmf_sdio_forensic_read 2966}; 2967 2968static void brcmf_sdio_debugfs_create(struct brcmf_sdio *bus) 2969{ 2970 struct brcmf_pub *drvr = bus->sdiodev->bus_if->drvr; 2971 struct dentry *dentry = brcmf_debugfs_get_devdir(drvr); 2972 2973 if (IS_ERR_OR_NULL(dentry)) 2974 return; 2975 2976 debugfs_create_file("forensics", S_IRUGO, dentry, bus, 2977 &brcmf_sdio_forensic_ops); 2978 brcmf_debugfs_create_sdio_count(drvr, &bus->sdcnt); 2979} 2980#else 2981static int brcmf_sdbrcm_checkdied(struct brcmf_sdio *bus) 2982{ 2983 return 0; 2984} 2985 2986static void brcmf_sdio_debugfs_create(struct brcmf_sdio *bus) 2987{ 2988} 2989#endif /* DEBUG */ 2990 2991static int 2992brcmf_sdbrcm_bus_rxctl(struct device *dev, unsigned char *msg, uint msglen) 2993{ 2994 int timeleft; 2995 uint rxlen = 0; 2996 bool pending; 2997 u8 *buf; 2998 struct brcmf_bus *bus_if = dev_get_drvdata(dev); 2999 struct brcmf_sdio_dev *sdiodev = bus_if->bus_priv.sdio; 3000 struct brcmf_sdio *bus = sdiodev->bus; 3001 3002 brcmf_dbg(TRACE, "Enter\n"); 3003 3004 /* Wait until control frame is available */ 3005 timeleft = brcmf_sdbrcm_dcmd_resp_wait(bus, &bus->rxlen, &pending); 3006 3007 spin_lock_bh(&bus->rxctl_lock); 3008 rxlen = bus->rxlen; 3009 memcpy(msg, bus->rxctl, min(msglen, rxlen)); 3010 bus->rxctl = NULL; 3011 buf = bus->rxctl_orig; 3012 bus->rxctl_orig = NULL; 3013 bus->rxlen = 0; 3014 spin_unlock_bh(&bus->rxctl_lock); 3015 vfree(buf); 3016 3017 if (rxlen) { 3018 brcmf_dbg(CTL, "resumed on rxctl frame, got %d expected %d\n", 3019 rxlen, msglen); 3020 } else if (timeleft == 0) { 3021 brcmf_err("resumed on timeout\n"); 3022 brcmf_sdbrcm_checkdied(bus); 3023 } else if (pending) { 3024 brcmf_dbg(CTL, "cancelled\n"); 3025 return -ERESTARTSYS; 3026 } else { 3027 brcmf_dbg(CTL, "resumed for unknown reason?\n"); 3028 brcmf_sdbrcm_checkdied(bus); 3029 } 3030 3031 if (rxlen) 3032 bus->sdcnt.rx_ctlpkts++; 3033 else 3034 bus->sdcnt.rx_ctlerrs++; 3035 3036 return rxlen ? (int)rxlen : -ETIMEDOUT; 3037} 3038 3039static int brcmf_sdbrcm_write_vars(struct brcmf_sdio *bus) 3040{ 3041 int bcmerror = 0; 3042 u32 varaddr; 3043 u32 varsizew; 3044 __le32 varsizew_le; 3045#ifdef DEBUG 3046 char *nvram_ularray; 3047#endif /* DEBUG */ 3048 3049 /* Even if there are no vars are to be written, we still 3050 need to set the ramsize. */ 3051 varaddr = (bus->ramsize - 4) - bus->varsz; 3052 3053 if (bus->vars) { 3054 /* Write the vars list */ 3055 bcmerror = brcmf_sdbrcm_membytes(bus, true, varaddr, 3056 bus->vars, bus->varsz); 3057#ifdef DEBUG 3058 /* Verify NVRAM bytes */ 3059 brcmf_dbg(INFO, "Compare NVRAM dl & ul; varsize=%d\n", 3060 bus->varsz); 3061 nvram_ularray = kmalloc(bus->varsz, GFP_ATOMIC); 3062 if (!nvram_ularray) 3063 return -ENOMEM; 3064 3065 /* Upload image to verify downloaded contents. */ 3066 memset(nvram_ularray, 0xaa, bus->varsz); 3067 3068 /* Read the vars list to temp buffer for comparison */ 3069 bcmerror = brcmf_sdbrcm_membytes(bus, false, varaddr, 3070 nvram_ularray, bus->varsz); 3071 if (bcmerror) { 3072 brcmf_err("error %d on reading %d nvram bytes at 0x%08x\n", 3073 bcmerror, bus->varsz, varaddr); 3074 } 3075 /* Compare the org NVRAM with the one read from RAM */ 3076 if (memcmp(bus->vars, nvram_ularray, bus->varsz)) 3077 brcmf_err("Downloaded NVRAM image is corrupted\n"); 3078 else 3079 brcmf_err("Download/Upload/Compare of NVRAM ok\n"); 3080 3081 kfree(nvram_ularray); 3082#endif /* DEBUG */ 3083 } 3084 3085 /* adjust to the user specified RAM */ 3086 brcmf_dbg(INFO, "Physical memory size: %d\n", bus->ramsize); 3087 brcmf_dbg(INFO, "Vars are at %d, orig varsize is %d\n", 3088 varaddr, bus->varsz); 3089 3090 /* 3091 * Determine the length token: 3092 * Varsize, converted to words, in lower 16-bits, checksum 3093 * in upper 16-bits. 3094 */ 3095 if (bcmerror) { 3096 varsizew = 0; 3097 varsizew_le = cpu_to_le32(0); 3098 } else { 3099 varsizew = bus->varsz / 4; 3100 varsizew = (~varsizew << 16) | (varsizew & 0x0000FFFF); 3101 varsizew_le = cpu_to_le32(varsizew); 3102 } 3103 3104 brcmf_dbg(INFO, "New varsize is %d, length token=0x%08x\n", 3105 bus->varsz, varsizew); 3106 3107 /* Write the length token to the last word */ 3108 bcmerror = brcmf_sdbrcm_membytes(bus, true, (bus->ramsize - 4), 3109 (u8 *)&varsizew_le, 4); 3110 3111 return bcmerror; 3112} 3113 3114static int brcmf_sdbrcm_download_state(struct brcmf_sdio *bus, bool enter) 3115{ 3116 int bcmerror = 0; 3117 struct chip_info *ci = bus->ci; 3118 3119 /* To enter download state, disable ARM and reset SOCRAM. 3120 * To exit download state, simply reset ARM (default is RAM boot). 3121 */ 3122 if (enter) { 3123 bus->alp_only = true; 3124 3125 ci->coredisable(bus->sdiodev, ci, BCMA_CORE_ARM_CM3); 3126 3127 ci->resetcore(bus->sdiodev, ci, BCMA_CORE_INTERNAL_MEM); 3128 3129 /* Clear the top bit of memory */ 3130 if (bus->ramsize) { 3131 u32 zeros = 0; 3132 brcmf_sdbrcm_membytes(bus, true, bus->ramsize - 4, 3133 (u8 *)&zeros, 4); 3134 } 3135 } else { 3136 if (!ci->iscoreup(bus->sdiodev, ci, BCMA_CORE_INTERNAL_MEM)) { 3137 brcmf_err("SOCRAM core is down after reset?\n"); 3138 bcmerror = -EBADE; 3139 goto fail; 3140 } 3141 3142 bcmerror = brcmf_sdbrcm_write_vars(bus); 3143 if (bcmerror) { 3144 brcmf_err("no vars written to RAM\n"); 3145 bcmerror = 0; 3146 } 3147 3148 w_sdreg32(bus, 0xFFFFFFFF, 3149 offsetof(struct sdpcmd_regs, intstatus)); 3150 3151 ci->resetcore(bus->sdiodev, ci, BCMA_CORE_ARM_CM3); 3152 3153 /* Allow HT Clock now that the ARM is running. */ 3154 bus->alp_only = false; 3155 3156 bus->sdiodev->bus_if->state = BRCMF_BUS_LOAD; 3157 } 3158fail: 3159 return bcmerror; 3160} 3161 3162static int brcmf_sdbrcm_get_image(char *buf, int len, struct brcmf_sdio *bus) 3163{ 3164 if (bus->firmware->size < bus->fw_ptr + len) 3165 len = bus->firmware->size - bus->fw_ptr; 3166 3167 memcpy(buf, &bus->firmware->data[bus->fw_ptr], len); 3168 bus->fw_ptr += len; 3169 return len; 3170} 3171 3172static int brcmf_sdbrcm_download_code_file(struct brcmf_sdio *bus) 3173{ 3174 int offset = 0; 3175 uint len; 3176 u8 *memblock = NULL, *memptr; 3177 int ret; 3178 3179 brcmf_dbg(INFO, "Enter\n"); 3180 3181 ret = request_firmware(&bus->firmware, BRCMF_SDIO_FW_NAME, 3182 &bus->sdiodev->func[2]->dev); 3183 if (ret) { 3184 brcmf_err("Fail to request firmware %d\n", ret); 3185 return ret; 3186 } 3187 bus->fw_ptr = 0; 3188 3189 memptr = memblock = kmalloc(MEMBLOCK + BRCMF_SDALIGN, GFP_ATOMIC); 3190 if (memblock == NULL) { 3191 ret = -ENOMEM; 3192 goto err; 3193 } 3194 if ((u32)(unsigned long)memblock % BRCMF_SDALIGN) 3195 memptr += (BRCMF_SDALIGN - 3196 ((u32)(unsigned long)memblock % BRCMF_SDALIGN)); 3197 3198 /* Download image */ 3199 while ((len = 3200 brcmf_sdbrcm_get_image((char *)memptr, MEMBLOCK, bus))) { 3201 ret = brcmf_sdbrcm_membytes(bus, true, offset, memptr, len); 3202 if (ret) { 3203 brcmf_err("error %d on writing %d membytes at 0x%08x\n", 3204 ret, MEMBLOCK, offset); 3205 goto err; 3206 } 3207 3208 offset += MEMBLOCK; 3209 } 3210 3211err: 3212 kfree(memblock); 3213 3214 release_firmware(bus->firmware); 3215 bus->fw_ptr = 0; 3216 3217 return ret; 3218} 3219 3220/* 3221 * ProcessVars:Takes a buffer of "<var>=<value>\n" lines read from a file 3222 * and ending in a NUL. 3223 * Removes carriage returns, empty lines, comment lines, and converts 3224 * newlines to NULs. 3225 * Shortens buffer as needed and pads with NULs. End of buffer is marked 3226 * by two NULs. 3227*/ 3228 3229static int brcmf_process_nvram_vars(struct brcmf_sdio *bus) 3230{ 3231 char *varbuf; 3232 char *dp; 3233 bool findNewline; 3234 int column; 3235 int ret = 0; 3236 uint buf_len, n, len; 3237 3238 len = bus->firmware->size; 3239 varbuf = vmalloc(len); 3240 if (!varbuf) 3241 return -ENOMEM; 3242 3243 memcpy(varbuf, bus->firmware->data, len); 3244 dp = varbuf; 3245 3246 findNewline = false; 3247 column = 0; 3248 3249 for (n = 0; n < len; n++) { 3250 if (varbuf[n] == 0) 3251 break; 3252 if (varbuf[n] == '\r') 3253 continue; 3254 if (findNewline && varbuf[n] != '\n') 3255 continue; 3256 findNewline = false; 3257 if (varbuf[n] == '#') { 3258 findNewline = true; 3259 continue; 3260 } 3261 if (varbuf[n] == '\n') { 3262 if (column == 0) 3263 continue; 3264 *dp++ = 0; 3265 column = 0; 3266 continue; 3267 } 3268 *dp++ = varbuf[n]; 3269 column++; 3270 } 3271 buf_len = dp - varbuf; 3272 while (dp < varbuf + n) 3273 *dp++ = 0; 3274 3275 kfree(bus->vars); 3276 /* roundup needed for download to device */ 3277 bus->varsz = roundup(buf_len + 1, 4); 3278 bus->vars = kmalloc(bus->varsz, GFP_KERNEL); 3279 if (bus->vars == NULL) { 3280 bus->varsz = 0; 3281 ret = -ENOMEM; 3282 goto err; 3283 } 3284 3285 /* copy the processed variables and add null termination */ 3286 memcpy(bus->vars, varbuf, buf_len); 3287 bus->vars[buf_len] = 0; 3288err: 3289 vfree(varbuf); 3290 return ret; 3291} 3292 3293static int brcmf_sdbrcm_download_nvram(struct brcmf_sdio *bus) 3294{ 3295 int ret; 3296 3297 ret = request_firmware(&bus->firmware, BRCMF_SDIO_NV_NAME, 3298 &bus->sdiodev->func[2]->dev); 3299 if (ret) { 3300 brcmf_err("Fail to request nvram %d\n", ret); 3301 return ret; 3302 } 3303 3304 ret = brcmf_process_nvram_vars(bus); 3305 3306 release_firmware(bus->firmware); 3307 3308 return ret; 3309} 3310 3311static int _brcmf_sdbrcm_download_firmware(struct brcmf_sdio *bus) 3312{ 3313 int bcmerror = -1; 3314 3315 /* Keep arm in reset */ 3316 if (brcmf_sdbrcm_download_state(bus, true)) { 3317 brcmf_err("error placing ARM core in reset\n"); 3318 goto err; 3319 } 3320 3321 /* External image takes precedence if specified */ 3322 if (brcmf_sdbrcm_download_code_file(bus)) { 3323 brcmf_err("dongle image file download failed\n"); 3324 goto err; 3325 } 3326 3327 /* External nvram takes precedence if specified */ 3328 if (brcmf_sdbrcm_download_nvram(bus)) 3329 brcmf_err("dongle nvram file download failed\n"); 3330 3331 /* Take arm out of reset */ 3332 if (brcmf_sdbrcm_download_state(bus, false)) { 3333 brcmf_err("error getting out of ARM core reset\n"); 3334 goto err; 3335 } 3336 3337 bcmerror = 0; 3338 3339err: 3340 return bcmerror; 3341} 3342 3343static bool 3344brcmf_sdbrcm_download_firmware(struct brcmf_sdio *bus) 3345{ 3346 bool ret; 3347 3348 sdio_claim_host(bus->sdiodev->func[1]); 3349 3350 brcmf_sdbrcm_clkctl(bus, CLK_AVAIL, false); 3351 3352 ret = _brcmf_sdbrcm_download_firmware(bus) == 0; 3353 3354 brcmf_sdbrcm_clkctl(bus, CLK_SDONLY, false); 3355 3356 sdio_release_host(bus->sdiodev->func[1]); 3357 3358 return ret; 3359} 3360 3361static int brcmf_sdbrcm_bus_init(struct device *dev) 3362{ 3363 struct brcmf_bus *bus_if = dev_get_drvdata(dev); 3364 struct brcmf_sdio_dev *sdiodev = bus_if->bus_priv.sdio; 3365 struct brcmf_sdio *bus = sdiodev->bus; 3366 unsigned long timeout; 3367 u8 ready, enable; 3368 int err, ret = 0; 3369 u8 saveclk; 3370 3371 brcmf_dbg(TRACE, "Enter\n"); 3372 3373 /* try to download image and nvram to the dongle */ 3374 if (bus_if->state == BRCMF_BUS_DOWN) { 3375 if (!(brcmf_sdbrcm_download_firmware(bus))) 3376 return -1; 3377 } 3378 3379 if (!bus->sdiodev->bus_if->drvr) 3380 return 0; 3381 3382 /* Start the watchdog timer */ 3383 bus->sdcnt.tickcnt = 0; 3384 brcmf_sdbrcm_wd_timer(bus, BRCMF_WD_POLL_MS); 3385 3386 sdio_claim_host(bus->sdiodev->func[1]); 3387 3388 /* Make sure backplane clock is on, needed to generate F2 interrupt */ 3389 brcmf_sdbrcm_clkctl(bus, CLK_AVAIL, false); 3390 if (bus->clkstate != CLK_AVAIL) 3391 goto exit; 3392 3393 /* Force clocks on backplane to be sure F2 interrupt propagates */ 3394 saveclk = brcmf_sdio_regrb(bus->sdiodev, 3395 SBSDIO_FUNC1_CHIPCLKCSR, &err); 3396 if (!err) { 3397 brcmf_sdio_regwb(bus->sdiodev, SBSDIO_FUNC1_CHIPCLKCSR, 3398 (saveclk | SBSDIO_FORCE_HT), &err); 3399 } 3400 if (err) { 3401 brcmf_err("Failed to force clock for F2: err %d\n", err); 3402 goto exit; 3403 } 3404 3405 /* Enable function 2 (frame transfers) */ 3406 w_sdreg32(bus, SDPCM_PROT_VERSION << SMB_DATA_VERSION_SHIFT, 3407 offsetof(struct sdpcmd_regs, tosbmailboxdata)); 3408 enable = (SDIO_FUNC_ENABLE_1 | SDIO_FUNC_ENABLE_2); 3409 3410 brcmf_sdio_regwb(bus->sdiodev, SDIO_CCCR_IOEx, enable, NULL); 3411 3412 timeout = jiffies + msecs_to_jiffies(BRCMF_WAIT_F2RDY); 3413 ready = 0; 3414 while (enable != ready) { 3415 ready = brcmf_sdio_regrb(bus->sdiodev, 3416 SDIO_CCCR_IORx, NULL); 3417 if (time_after(jiffies, timeout)) 3418 break; 3419 else if (time_after(jiffies, timeout - BRCMF_WAIT_F2RDY + 50)) 3420 /* prevent busy waiting if it takes too long */ 3421 msleep_interruptible(20); 3422 } 3423 3424 brcmf_dbg(INFO, "enable 0x%02x, ready 0x%02x\n", enable, ready); 3425 3426 /* If F2 successfully enabled, set core and enable interrupts */ 3427 if (ready == enable) { 3428 /* Set up the interrupt mask and enable interrupts */ 3429 bus->hostintmask = HOSTINTMASK; 3430 w_sdreg32(bus, bus->hostintmask, 3431 offsetof(struct sdpcmd_regs, hostintmask)); 3432 3433 brcmf_sdio_regwb(bus->sdiodev, SBSDIO_WATERMARK, 8, &err); 3434 } else { 3435 /* Disable F2 again */ 3436 enable = SDIO_FUNC_ENABLE_1; 3437 brcmf_sdio_regwb(bus->sdiodev, SDIO_CCCR_IOEx, enable, NULL); 3438 ret = -ENODEV; 3439 } 3440 3441 /* Restore previous clock setting */ 3442 brcmf_sdio_regwb(bus->sdiodev, SBSDIO_FUNC1_CHIPCLKCSR, saveclk, &err); 3443 3444 if (ret == 0) { 3445 ret = brcmf_sdio_intr_register(bus->sdiodev); 3446 if (ret != 0) 3447 brcmf_err("intr register failed:%d\n", ret); 3448 } 3449 3450 /* If we didn't come up, turn off backplane clock */ 3451 if (bus_if->state != BRCMF_BUS_DATA) 3452 brcmf_sdbrcm_clkctl(bus, CLK_NONE, false); 3453 3454exit: 3455 sdio_release_host(bus->sdiodev->func[1]); 3456 3457 return ret; 3458} 3459 3460void brcmf_sdbrcm_isr(void *arg) 3461{ 3462 struct brcmf_sdio *bus = (struct brcmf_sdio *) arg; 3463 3464 brcmf_dbg(TRACE, "Enter\n"); 3465 3466 if (!bus) { 3467 brcmf_err("bus is null pointer, exiting\n"); 3468 return; 3469 } 3470 3471 if (bus->sdiodev->bus_if->state == BRCMF_BUS_DOWN) { 3472 brcmf_err("bus is down. we have nothing to do\n"); 3473 return; 3474 } 3475 /* Count the interrupt call */ 3476 bus->sdcnt.intrcount++; 3477 if (in_interrupt()) 3478 atomic_set(&bus->ipend, 1); 3479 else 3480 if (brcmf_sdio_intr_rstatus(bus)) { 3481 brcmf_err("failed backplane access\n"); 3482 bus->sdiodev->bus_if->state = BRCMF_BUS_DOWN; 3483 } 3484 3485 /* Disable additional interrupts (is this needed now)? */ 3486 if (!bus->intr) 3487 brcmf_err("isr w/o interrupt configured!\n"); 3488 3489 brcmf_sdbrcm_adddpctsk(bus); 3490 queue_work(bus->brcmf_wq, &bus->datawork); 3491} 3492 3493static bool brcmf_sdbrcm_bus_watchdog(struct brcmf_sdio *bus) 3494{ 3495#ifdef DEBUG 3496 struct brcmf_bus *bus_if = dev_get_drvdata(bus->sdiodev->dev); 3497#endif /* DEBUG */ 3498 unsigned long flags; 3499 3500 brcmf_dbg(TIMER, "Enter\n"); 3501 3502 /* Poll period: check device if appropriate. */ 3503 if (bus->poll && (++bus->polltick >= bus->pollrate)) { 3504 u32 intstatus = 0; 3505 3506 /* Reset poll tick */ 3507 bus->polltick = 0; 3508 3509 /* Check device if no interrupts */ 3510 if (!bus->intr || 3511 (bus->sdcnt.intrcount == bus->sdcnt.lastintrs)) { 3512 3513 spin_lock_irqsave(&bus->dpc_tl_lock, flags); 3514 if (list_empty(&bus->dpc_tsklst)) { 3515 u8 devpend; 3516 spin_unlock_irqrestore(&bus->dpc_tl_lock, 3517 flags); 3518 sdio_claim_host(bus->sdiodev->func[1]); 3519 devpend = brcmf_sdio_regrb(bus->sdiodev, 3520 SDIO_CCCR_INTx, 3521 NULL); 3522 sdio_release_host(bus->sdiodev->func[1]); 3523 intstatus = 3524 devpend & (INTR_STATUS_FUNC1 | 3525 INTR_STATUS_FUNC2); 3526 } else { 3527 spin_unlock_irqrestore(&bus->dpc_tl_lock, 3528 flags); 3529 } 3530 3531 /* If there is something, make like the ISR and 3532 schedule the DPC */ 3533 if (intstatus) { 3534 bus->sdcnt.pollcnt++; 3535 atomic_set(&bus->ipend, 1); 3536 3537 brcmf_sdbrcm_adddpctsk(bus); 3538 queue_work(bus->brcmf_wq, &bus->datawork); 3539 } 3540 } 3541 3542 /* Update interrupt tracking */ 3543 bus->sdcnt.lastintrs = bus->sdcnt.intrcount; 3544 } 3545#ifdef DEBUG 3546 /* Poll for console output periodically */ 3547 if (bus_if && bus_if->state == BRCMF_BUS_DATA && 3548 bus->console_interval != 0) { 3549 bus->console.count += BRCMF_WD_POLL_MS; 3550 if (bus->console.count >= bus->console_interval) { 3551 bus->console.count -= bus->console_interval; 3552 sdio_claim_host(bus->sdiodev->func[1]); 3553 /* Make sure backplane clock is on */ 3554 brcmf_sdbrcm_clkctl(bus, CLK_AVAIL, false); 3555 if (brcmf_sdbrcm_readconsole(bus) < 0) 3556 /* stop on error */ 3557 bus->console_interval = 0; 3558 sdio_release_host(bus->sdiodev->func[1]); 3559 } 3560 } 3561#endif /* DEBUG */ 3562 3563 /* On idle timeout clear activity flag and/or turn off clock */ 3564 if ((bus->idletime > 0) && (bus->clkstate == CLK_AVAIL)) { 3565 if (++bus->idlecount >= bus->idletime) { 3566 bus->idlecount = 0; 3567 if (bus->activity) { 3568 bus->activity = false; 3569 brcmf_sdbrcm_wd_timer(bus, BRCMF_WD_POLL_MS); 3570 } else { 3571 sdio_claim_host(bus->sdiodev->func[1]); 3572 brcmf_sdbrcm_clkctl(bus, CLK_NONE, false); 3573 sdio_release_host(bus->sdiodev->func[1]); 3574 } 3575 } 3576 } 3577 3578 return (atomic_read(&bus->ipend) > 0); 3579} 3580 3581static bool brcmf_sdbrcm_chipmatch(u16 chipid) 3582{ 3583 if (chipid == BCM43241_CHIP_ID) 3584 return true; 3585 if (chipid == BCM4329_CHIP_ID) 3586 return true; 3587 if (chipid == BCM4330_CHIP_ID) 3588 return true; 3589 if (chipid == BCM4334_CHIP_ID) 3590 return true; 3591 return false; 3592} 3593 3594static void brcmf_sdio_dataworker(struct work_struct *work) 3595{ 3596 struct brcmf_sdio *bus = container_of(work, struct brcmf_sdio, 3597 datawork); 3598 struct list_head *cur_hd, *tmp_hd; 3599 unsigned long flags; 3600 3601 spin_lock_irqsave(&bus->dpc_tl_lock, flags); 3602 list_for_each_safe(cur_hd, tmp_hd, &bus->dpc_tsklst) { 3603 spin_unlock_irqrestore(&bus->dpc_tl_lock, flags); 3604 3605 brcmf_sdbrcm_dpc(bus); 3606 3607 spin_lock_irqsave(&bus->dpc_tl_lock, flags); 3608 list_del(cur_hd); 3609 kfree(cur_hd); 3610 } 3611 spin_unlock_irqrestore(&bus->dpc_tl_lock, flags); 3612} 3613 3614static void brcmf_sdbrcm_release_malloc(struct brcmf_sdio *bus) 3615{ 3616 brcmf_dbg(TRACE, "Enter\n"); 3617 3618 kfree(bus->rxbuf); 3619 bus->rxctl = bus->rxbuf = NULL; 3620 bus->rxlen = 0; 3621 3622 kfree(bus->databuf); 3623 bus->databuf = NULL; 3624} 3625 3626static bool brcmf_sdbrcm_probe_malloc(struct brcmf_sdio *bus) 3627{ 3628 brcmf_dbg(TRACE, "Enter\n"); 3629 3630 if (bus->sdiodev->bus_if->maxctl) { 3631 bus->rxblen = 3632 roundup((bus->sdiodev->bus_if->maxctl + SDPCM_HDRLEN), 3633 ALIGNMENT) + BRCMF_SDALIGN; 3634 bus->rxbuf = kmalloc(bus->rxblen, GFP_ATOMIC); 3635 if (!(bus->rxbuf)) 3636 goto fail; 3637 } 3638 3639 /* Allocate buffer to receive glomed packet */ 3640 bus->databuf = kmalloc(MAX_DATA_BUF, GFP_ATOMIC); 3641 if (!(bus->databuf)) { 3642 /* release rxbuf which was already located as above */ 3643 if (!bus->rxblen) 3644 kfree(bus->rxbuf); 3645 goto fail; 3646 } 3647 3648 /* Align the buffer */ 3649 if ((unsigned long)bus->databuf % BRCMF_SDALIGN) 3650 bus->dataptr = bus->databuf + (BRCMF_SDALIGN - 3651 ((unsigned long)bus->databuf % BRCMF_SDALIGN)); 3652 else 3653 bus->dataptr = bus->databuf; 3654 3655 return true; 3656 3657fail: 3658 return false; 3659} 3660 3661static bool 3662brcmf_sdbrcm_probe_attach(struct brcmf_sdio *bus, u32 regsva) 3663{ 3664 u8 clkctl = 0; 3665 int err = 0; 3666 int reg_addr; 3667 u32 reg_val; 3668 u8 idx; 3669 3670 bus->alp_only = true; 3671 3672 sdio_claim_host(bus->sdiodev->func[1]); 3673 3674 pr_debug("F1 signature read @0x18000000=0x%4x\n", 3675 brcmf_sdio_regrl(bus->sdiodev, SI_ENUM_BASE, NULL)); 3676 3677 /* 3678 * Force PLL off until brcmf_sdio_chip_attach() 3679 * programs PLL control regs 3680 */ 3681 3682 brcmf_sdio_regwb(bus->sdiodev, SBSDIO_FUNC1_CHIPCLKCSR, 3683 BRCMF_INIT_CLKCTL1, &err); 3684 if (!err) 3685 clkctl = brcmf_sdio_regrb(bus->sdiodev, 3686 SBSDIO_FUNC1_CHIPCLKCSR, &err); 3687 3688 if (err || ((clkctl & ~SBSDIO_AVBITS) != BRCMF_INIT_CLKCTL1)) { 3689 brcmf_err("ChipClkCSR access: err %d wrote 0x%02x read 0x%02x\n", 3690 err, BRCMF_INIT_CLKCTL1, clkctl); 3691 goto fail; 3692 } 3693 3694 if (brcmf_sdio_chip_attach(bus->sdiodev, &bus->ci, regsva)) { 3695 brcmf_err("brcmf_sdio_chip_attach failed!\n"); 3696 goto fail; 3697 } 3698 3699 if (!brcmf_sdbrcm_chipmatch((u16) bus->ci->chip)) { 3700 brcmf_err("unsupported chip: 0x%04x\n", bus->ci->chip); 3701 goto fail; 3702 } 3703 3704 brcmf_sdio_chip_drivestrengthinit(bus->sdiodev, bus->ci, 3705 SDIO_DRIVE_STRENGTH); 3706 3707 /* Get info on the SOCRAM cores... */ 3708 bus->ramsize = bus->ci->ramsize; 3709 if (!(bus->ramsize)) { 3710 brcmf_err("failed to find SOCRAM memory!\n"); 3711 goto fail; 3712 } 3713 3714 /* Set core control so an SDIO reset does a backplane reset */ 3715 idx = brcmf_sdio_chip_getinfidx(bus->ci, BCMA_CORE_SDIO_DEV); 3716 reg_addr = bus->ci->c_inf[idx].base + 3717 offsetof(struct sdpcmd_regs, corecontrol); 3718 reg_val = brcmf_sdio_regrl(bus->sdiodev, reg_addr, NULL); 3719 brcmf_sdio_regwl(bus->sdiodev, reg_addr, reg_val | CC_BPRESEN, NULL); 3720 3721 sdio_release_host(bus->sdiodev->func[1]); 3722 3723 brcmu_pktq_init(&bus->txq, (PRIOMASK + 1), TXQLEN); 3724 3725 /* Locate an appropriately-aligned portion of hdrbuf */ 3726 bus->rxhdr = (u8 *) roundup((unsigned long)&bus->hdrbuf[0], 3727 BRCMF_SDALIGN); 3728 3729 /* Set the poll and/or interrupt flags */ 3730 bus->intr = true; 3731 bus->poll = false; 3732 if (bus->poll) 3733 bus->pollrate = 1; 3734 3735 return true; 3736 3737fail: 3738 sdio_release_host(bus->sdiodev->func[1]); 3739 return false; 3740} 3741 3742static bool brcmf_sdbrcm_probe_init(struct brcmf_sdio *bus) 3743{ 3744 brcmf_dbg(TRACE, "Enter\n"); 3745 3746 sdio_claim_host(bus->sdiodev->func[1]); 3747 3748 /* Disable F2 to clear any intermediate frame state on the dongle */ 3749 brcmf_sdio_regwb(bus->sdiodev, SDIO_CCCR_IOEx, 3750 SDIO_FUNC_ENABLE_1, NULL); 3751 3752 bus->sdiodev->bus_if->state = BRCMF_BUS_DOWN; 3753 bus->rxflow = false; 3754 3755 /* Done with backplane-dependent accesses, can drop clock... */ 3756 brcmf_sdio_regwb(bus->sdiodev, SBSDIO_FUNC1_CHIPCLKCSR, 0, NULL); 3757 3758 sdio_release_host(bus->sdiodev->func[1]); 3759 3760 /* ...and initialize clock/power states */ 3761 bus->clkstate = CLK_SDONLY; 3762 bus->idletime = BRCMF_IDLE_INTERVAL; 3763 bus->idleclock = BRCMF_IDLE_ACTIVE; 3764 3765 /* Query the F2 block size, set roundup accordingly */ 3766 bus->blocksize = bus->sdiodev->func[2]->cur_blksize; 3767 bus->roundup = min(max_roundup, bus->blocksize); 3768 3769 /* bus module does not support packet chaining */ 3770 bus->use_rxchain = false; 3771 bus->sd_rxchain = false; 3772 3773 return true; 3774} 3775 3776static int 3777brcmf_sdbrcm_watchdog_thread(void *data) 3778{ 3779 struct brcmf_sdio *bus = (struct brcmf_sdio *)data; 3780 3781 allow_signal(SIGTERM); 3782 /* Run until signal received */ 3783 while (1) { 3784 if (kthread_should_stop()) 3785 break; 3786 if (!wait_for_completion_interruptible(&bus->watchdog_wait)) { 3787 brcmf_sdbrcm_bus_watchdog(bus); 3788 /* Count the tick for reference */ 3789 bus->sdcnt.tickcnt++; 3790 } else 3791 break; 3792 } 3793 return 0; 3794} 3795 3796static void 3797brcmf_sdbrcm_watchdog(unsigned long data) 3798{ 3799 struct brcmf_sdio *bus = (struct brcmf_sdio *)data; 3800 3801 if (bus->watchdog_tsk) { 3802 complete(&bus->watchdog_wait); 3803 /* Reschedule the watchdog */ 3804 if (bus->wd_timer_valid) 3805 mod_timer(&bus->timer, 3806 jiffies + BRCMF_WD_POLL_MS * HZ / 1000); 3807 } 3808} 3809 3810static void brcmf_sdbrcm_release_dongle(struct brcmf_sdio *bus) 3811{ 3812 brcmf_dbg(TRACE, "Enter\n"); 3813 3814 if (bus->ci) { 3815 sdio_claim_host(bus->sdiodev->func[1]); 3816 brcmf_sdbrcm_clkctl(bus, CLK_AVAIL, false); 3817 brcmf_sdbrcm_clkctl(bus, CLK_NONE, false); 3818 sdio_release_host(bus->sdiodev->func[1]); 3819 brcmf_sdio_chip_detach(&bus->ci); 3820 if (bus->vars && bus->varsz) 3821 kfree(bus->vars); 3822 bus->vars = NULL; 3823 } 3824 3825 brcmf_dbg(TRACE, "Disconnected\n"); 3826} 3827 3828/* Detach and free everything */ 3829static void brcmf_sdbrcm_release(struct brcmf_sdio *bus) 3830{ 3831 brcmf_dbg(TRACE, "Enter\n"); 3832 3833 if (bus) { 3834 /* De-register interrupt handler */ 3835 brcmf_sdio_intr_unregister(bus->sdiodev); 3836 3837 cancel_work_sync(&bus->datawork); 3838 if (bus->brcmf_wq) 3839 destroy_workqueue(bus->brcmf_wq); 3840 3841 if (bus->sdiodev->bus_if->drvr) { 3842 brcmf_detach(bus->sdiodev->dev); 3843 brcmf_sdbrcm_release_dongle(bus); 3844 } 3845 3846 brcmf_sdbrcm_release_malloc(bus); 3847 3848 kfree(bus); 3849 } 3850 3851 brcmf_dbg(TRACE, "Disconnected\n"); 3852} 3853 3854static struct brcmf_bus_ops brcmf_sdio_bus_ops = { 3855 .stop = brcmf_sdbrcm_bus_stop, 3856 .init = brcmf_sdbrcm_bus_init, 3857 .txdata = brcmf_sdbrcm_bus_txdata, 3858 .txctl = brcmf_sdbrcm_bus_txctl, 3859 .rxctl = brcmf_sdbrcm_bus_rxctl, 3860}; 3861 3862void *brcmf_sdbrcm_probe(u32 regsva, struct brcmf_sdio_dev *sdiodev) 3863{ 3864 int ret; 3865 struct brcmf_sdio *bus; 3866 struct brcmf_bus_dcmd *dlst; 3867 u32 dngl_txglom; 3868 u32 dngl_txglomalign; 3869 u8 idx; 3870 3871 brcmf_dbg(TRACE, "Enter\n"); 3872 3873 /* We make an assumption about address window mappings: 3874 * regsva == SI_ENUM_BASE*/ 3875 3876 /* Allocate private bus interface state */ 3877 bus = kzalloc(sizeof(struct brcmf_sdio), GFP_ATOMIC); 3878 if (!bus) 3879 goto fail; 3880 3881 bus->sdiodev = sdiodev; 3882 sdiodev->bus = bus; 3883 skb_queue_head_init(&bus->glom); 3884 bus->txbound = BRCMF_TXBOUND; 3885 bus->rxbound = BRCMF_RXBOUND; 3886 bus->txminmax = BRCMF_TXMINMAX; 3887 bus->tx_seq = SDPCM_SEQUENCE_WRAP - 1; 3888 3889 INIT_WORK(&bus->datawork, brcmf_sdio_dataworker); 3890 bus->brcmf_wq = create_singlethread_workqueue("brcmf_wq"); 3891 if (bus->brcmf_wq == NULL) { 3892 brcmf_err("insufficient memory to create txworkqueue\n"); 3893 goto fail; 3894 } 3895 3896 /* attempt to attach to the dongle */ 3897 if (!(brcmf_sdbrcm_probe_attach(bus, regsva))) { 3898 brcmf_err("brcmf_sdbrcm_probe_attach failed\n"); 3899 goto fail; 3900 } 3901 3902 spin_lock_init(&bus->rxctl_lock); 3903 spin_lock_init(&bus->txqlock); 3904 init_waitqueue_head(&bus->ctrl_wait); 3905 init_waitqueue_head(&bus->dcmd_resp_wait); 3906 3907 /* Set up the watchdog timer */ 3908 init_timer(&bus->timer); 3909 bus->timer.data = (unsigned long)bus; 3910 bus->timer.function = brcmf_sdbrcm_watchdog; 3911 3912 /* Initialize watchdog thread */ 3913 init_completion(&bus->watchdog_wait); 3914 bus->watchdog_tsk = kthread_run(brcmf_sdbrcm_watchdog_thread, 3915 bus, "brcmf_watchdog"); 3916 if (IS_ERR(bus->watchdog_tsk)) { 3917 pr_warn("brcmf_watchdog thread failed to start\n"); 3918 bus->watchdog_tsk = NULL; 3919 } 3920 /* Initialize DPC thread */ 3921 INIT_LIST_HEAD(&bus->dpc_tsklst); 3922 spin_lock_init(&bus->dpc_tl_lock); 3923 3924 /* Assign bus interface call back */ 3925 bus->sdiodev->bus_if->dev = bus->sdiodev->dev; 3926 bus->sdiodev->bus_if->ops = &brcmf_sdio_bus_ops; 3927 bus->sdiodev->bus_if->chip = bus->ci->chip; 3928 bus->sdiodev->bus_if->chiprev = bus->ci->chiprev; 3929 3930 /* Attach to the brcmf/OS/network interface */ 3931 ret = brcmf_attach(SDPCM_RESERVE, bus->sdiodev->dev); 3932 if (ret != 0) { 3933 brcmf_err("brcmf_attach failed\n"); 3934 goto fail; 3935 } 3936 3937 /* Allocate buffers */ 3938 if (!(brcmf_sdbrcm_probe_malloc(bus))) { 3939 brcmf_err("brcmf_sdbrcm_probe_malloc failed\n"); 3940 goto fail; 3941 } 3942 3943 if (!(brcmf_sdbrcm_probe_init(bus))) { 3944 brcmf_err("brcmf_sdbrcm_probe_init failed\n"); 3945 goto fail; 3946 } 3947 3948 brcmf_sdio_debugfs_create(bus); 3949 brcmf_dbg(INFO, "completed!!\n"); 3950 3951 /* sdio bus core specific dcmd */ 3952 idx = brcmf_sdio_chip_getinfidx(bus->ci, BCMA_CORE_SDIO_DEV); 3953 dlst = kzalloc(sizeof(struct brcmf_bus_dcmd), GFP_KERNEL); 3954 if (dlst) { 3955 if (bus->ci->c_inf[idx].rev < 12) { 3956 /* for sdio core rev < 12, disable txgloming */ 3957 dngl_txglom = 0; 3958 dlst->name = "bus:txglom"; 3959 dlst->param = (char *)&dngl_txglom; 3960 dlst->param_len = sizeof(u32); 3961 } else { 3962 /* otherwise, set txglomalign */ 3963 dngl_txglomalign = bus->sdiodev->bus_if->align; 3964 dlst->name = "bus:txglomalign"; 3965 dlst->param = (char *)&dngl_txglomalign; 3966 dlst->param_len = sizeof(u32); 3967 } 3968 list_add(&dlst->list, &bus->sdiodev->bus_if->dcmd_list); 3969 } 3970 3971 /* if firmware path present try to download and bring up bus */ 3972 ret = brcmf_bus_start(bus->sdiodev->dev); 3973 if (ret != 0) { 3974 brcmf_err("dongle is not responding\n"); 3975 goto fail; 3976 } 3977 3978 return bus; 3979 3980fail: 3981 brcmf_sdbrcm_release(bus); 3982 return NULL; 3983} 3984 3985void brcmf_sdbrcm_disconnect(void *ptr) 3986{ 3987 struct brcmf_sdio *bus = (struct brcmf_sdio *)ptr; 3988 3989 brcmf_dbg(TRACE, "Enter\n"); 3990 3991 if (bus) 3992 brcmf_sdbrcm_release(bus); 3993 3994 brcmf_dbg(TRACE, "Disconnected\n"); 3995} 3996 3997void 3998brcmf_sdbrcm_wd_timer(struct brcmf_sdio *bus, uint wdtick) 3999{ 4000 /* Totally stop the timer */ 4001 if (!wdtick && bus->wd_timer_valid) { 4002 del_timer_sync(&bus->timer); 4003 bus->wd_timer_valid = false; 4004 bus->save_ms = wdtick; 4005 return; 4006 } 4007 4008 /* don't start the wd until fw is loaded */ 4009 if (bus->sdiodev->bus_if->state == BRCMF_BUS_DOWN) 4010 return; 4011 4012 if (wdtick) { 4013 if (bus->save_ms != BRCMF_WD_POLL_MS) { 4014 if (bus->wd_timer_valid) 4015 /* Stop timer and restart at new value */ 4016 del_timer_sync(&bus->timer); 4017 4018 /* Create timer again when watchdog period is 4019 dynamically changed or in the first instance 4020 */ 4021 bus->timer.expires = 4022 jiffies + BRCMF_WD_POLL_MS * HZ / 1000; 4023 add_timer(&bus->timer); 4024 4025 } else { 4026 /* Re arm the timer, at last watchdog period */ 4027 mod_timer(&bus->timer, 4028 jiffies + BRCMF_WD_POLL_MS * HZ / 1000); 4029 } 4030 4031 bus->wd_timer_valid = true; 4032 bus->save_ms = wdtick; 4033 } 4034} 4035