dhd_sdio.c revision 1799ddf18597da5aa1319b089736aafd05481774
1/* 2 * Copyright (c) 2010 Broadcom Corporation 3 * 4 * Permission to use, copy, modify, and/or distribute this software for any 5 * purpose with or without fee is hereby granted, provided that the above 6 * copyright notice and this permission notice appear in all copies. 7 * 8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 11 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION 13 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN 14 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 */ 16 17#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 18 19#include <linux/types.h> 20#include <linux/kernel.h> 21#include <linux/kthread.h> 22#include <linux/printk.h> 23#include <linux/pci_ids.h> 24#include <linux/netdevice.h> 25#include <linux/interrupt.h> 26#include <linux/sched.h> 27#include <linux/mmc/sdio.h> 28#include <linux/mmc/sdio_func.h> 29#include <linux/mmc/card.h> 30#include <linux/semaphore.h> 31#include <linux/firmware.h> 32#include <linux/module.h> 33#include <linux/bcma/bcma.h> 34#include <linux/debugfs.h> 35#include <linux/vmalloc.h> 36#include <asm/unaligned.h> 37#include <defs.h> 38#include <brcmu_wifi.h> 39#include <brcmu_utils.h> 40#include <brcm_hw_ids.h> 41#include <soc.h> 42#include "sdio_host.h" 43#include "sdio_chip.h" 44 45#define DCMD_RESP_TIMEOUT 2000 /* In milli second */ 46 47#ifdef DEBUG 48 49#define BRCMF_TRAP_INFO_SIZE 80 50 51#define CBUF_LEN (128) 52 53/* Device console log buffer state */ 54#define CONSOLE_BUFFER_MAX 2024 55 56struct rte_log_le { 57 __le32 buf; /* Can't be pointer on (64-bit) hosts */ 58 __le32 buf_size; 59 __le32 idx; 60 char *_buf_compat; /* Redundant pointer for backward compat. */ 61}; 62 63struct rte_console { 64 /* Virtual UART 65 * When there is no UART (e.g. Quickturn), 66 * the host should write a complete 67 * input line directly into cbuf and then write 68 * the length into vcons_in. 69 * This may also be used when there is a real UART 70 * (at risk of conflicting with 71 * the real UART). vcons_out is currently unused. 72 */ 73 uint vcons_in; 74 uint vcons_out; 75 76 /* Output (logging) buffer 77 * Console output is written to a ring buffer log_buf at index log_idx. 78 * The host may read the output when it sees log_idx advance. 79 * Output will be lost if the output wraps around faster than the host 80 * polls. 81 */ 82 struct rte_log_le log_le; 83 84 /* Console input line buffer 85 * Characters are read one at a time into cbuf 86 * until <CR> is received, then 87 * the buffer is processed as a command line. 88 * Also used for virtual UART. 89 */ 90 uint cbuf_idx; 91 char cbuf[CBUF_LEN]; 92}; 93 94#endif /* DEBUG */ 95#include <chipcommon.h> 96 97#include "dhd_bus.h" 98#include "dhd_dbg.h" 99 100#define TXQLEN 2048 /* bulk tx queue length */ 101#define TXHI (TXQLEN - 256) /* turn on flow control above TXHI */ 102#define TXLOW (TXHI - 256) /* turn off flow control below TXLOW */ 103#define PRIOMASK 7 104 105#define TXRETRIES 2 /* # of retries for tx frames */ 106 107#define BRCMF_RXBOUND 50 /* Default for max rx frames in 108 one scheduling */ 109 110#define BRCMF_TXBOUND 20 /* Default for max tx frames in 111 one scheduling */ 112 113#define BRCMF_TXMINMAX 1 /* Max tx frames if rx still pending */ 114 115#define MEMBLOCK 2048 /* Block size used for downloading 116 of dongle image */ 117#define MAX_DATA_BUF (32 * 1024) /* Must be large enough to hold 118 biggest possible glom */ 119 120#define BRCMF_FIRSTREAD (1 << 6) 121 122 123/* SBSDIO_DEVICE_CTL */ 124 125/* 1: device will assert busy signal when receiving CMD53 */ 126#define SBSDIO_DEVCTL_SETBUSY 0x01 127/* 1: assertion of sdio interrupt is synchronous to the sdio clock */ 128#define SBSDIO_DEVCTL_SPI_INTR_SYNC 0x02 129/* 1: mask all interrupts to host except the chipActive (rev 8) */ 130#define SBSDIO_DEVCTL_CA_INT_ONLY 0x04 131/* 1: isolate internal sdio signals, put external pads in tri-state; requires 132 * sdio bus power cycle to clear (rev 9) */ 133#define SBSDIO_DEVCTL_PADS_ISO 0x08 134/* Force SD->SB reset mapping (rev 11) */ 135#define SBSDIO_DEVCTL_SB_RST_CTL 0x30 136/* Determined by CoreControl bit */ 137#define SBSDIO_DEVCTL_RST_CORECTL 0x00 138/* Force backplane reset */ 139#define SBSDIO_DEVCTL_RST_BPRESET 0x10 140/* Force no backplane reset */ 141#define SBSDIO_DEVCTL_RST_NOBPRESET 0x20 142 143/* direct(mapped) cis space */ 144 145/* MAPPED common CIS address */ 146#define SBSDIO_CIS_BASE_COMMON 0x1000 147/* maximum bytes in one CIS */ 148#define SBSDIO_CIS_SIZE_LIMIT 0x200 149/* cis offset addr is < 17 bits */ 150#define SBSDIO_CIS_OFT_ADDR_MASK 0x1FFFF 151 152/* manfid tuple length, include tuple, link bytes */ 153#define SBSDIO_CIS_MANFID_TUPLE_LEN 6 154 155/* intstatus */ 156#define I_SMB_SW0 (1 << 0) /* To SB Mail S/W interrupt 0 */ 157#define I_SMB_SW1 (1 << 1) /* To SB Mail S/W interrupt 1 */ 158#define I_SMB_SW2 (1 << 2) /* To SB Mail S/W interrupt 2 */ 159#define I_SMB_SW3 (1 << 3) /* To SB Mail S/W interrupt 3 */ 160#define I_SMB_SW_MASK 0x0000000f /* To SB Mail S/W interrupts mask */ 161#define I_SMB_SW_SHIFT 0 /* To SB Mail S/W interrupts shift */ 162#define I_HMB_SW0 (1 << 4) /* To Host Mail S/W interrupt 0 */ 163#define I_HMB_SW1 (1 << 5) /* To Host Mail S/W interrupt 1 */ 164#define I_HMB_SW2 (1 << 6) /* To Host Mail S/W interrupt 2 */ 165#define I_HMB_SW3 (1 << 7) /* To Host Mail S/W interrupt 3 */ 166#define I_HMB_SW_MASK 0x000000f0 /* To Host Mail S/W interrupts mask */ 167#define I_HMB_SW_SHIFT 4 /* To Host Mail S/W interrupts shift */ 168#define I_WR_OOSYNC (1 << 8) /* Write Frame Out Of Sync */ 169#define I_RD_OOSYNC (1 << 9) /* Read Frame Out Of Sync */ 170#define I_PC (1 << 10) /* descriptor error */ 171#define I_PD (1 << 11) /* data error */ 172#define I_DE (1 << 12) /* Descriptor protocol Error */ 173#define I_RU (1 << 13) /* Receive descriptor Underflow */ 174#define I_RO (1 << 14) /* Receive fifo Overflow */ 175#define I_XU (1 << 15) /* Transmit fifo Underflow */ 176#define I_RI (1 << 16) /* Receive Interrupt */ 177#define I_BUSPWR (1 << 17) /* SDIO Bus Power Change (rev 9) */ 178#define I_XMTDATA_AVAIL (1 << 23) /* bits in fifo */ 179#define I_XI (1 << 24) /* Transmit Interrupt */ 180#define I_RF_TERM (1 << 25) /* Read Frame Terminate */ 181#define I_WF_TERM (1 << 26) /* Write Frame Terminate */ 182#define I_PCMCIA_XU (1 << 27) /* PCMCIA Transmit FIFO Underflow */ 183#define I_SBINT (1 << 28) /* sbintstatus Interrupt */ 184#define I_CHIPACTIVE (1 << 29) /* chip from doze to active state */ 185#define I_SRESET (1 << 30) /* CCCR RES interrupt */ 186#define I_IOE2 (1U << 31) /* CCCR IOE2 Bit Changed */ 187#define I_ERRORS (I_PC | I_PD | I_DE | I_RU | I_RO | I_XU) 188#define I_DMA (I_RI | I_XI | I_ERRORS) 189 190/* corecontrol */ 191#define CC_CISRDY (1 << 0) /* CIS Ready */ 192#define CC_BPRESEN (1 << 1) /* CCCR RES signal */ 193#define CC_F2RDY (1 << 2) /* set CCCR IOR2 bit */ 194#define CC_CLRPADSISO (1 << 3) /* clear SDIO pads isolation */ 195#define CC_XMTDATAAVAIL_MODE (1 << 4) 196#define CC_XMTDATAAVAIL_CTRL (1 << 5) 197 198/* SDA_FRAMECTRL */ 199#define SFC_RF_TERM (1 << 0) /* Read Frame Terminate */ 200#define SFC_WF_TERM (1 << 1) /* Write Frame Terminate */ 201#define SFC_CRC4WOOS (1 << 2) /* CRC error for write out of sync */ 202#define SFC_ABORTALL (1 << 3) /* Abort all in-progress frames */ 203 204/* HW frame tag */ 205#define SDPCM_FRAMETAG_LEN 4 /* 2 bytes len, 2 bytes check val */ 206 207/* Total length of frame header for dongle protocol */ 208#define SDPCM_HDRLEN (SDPCM_FRAMETAG_LEN + SDPCM_SWHEADER_LEN) 209#define SDPCM_RESERVE (SDPCM_HDRLEN + BRCMF_SDALIGN) 210 211/* 212 * Software allocation of To SB Mailbox resources 213 */ 214 215/* tosbmailbox bits corresponding to intstatus bits */ 216#define SMB_NAK (1 << 0) /* Frame NAK */ 217#define SMB_INT_ACK (1 << 1) /* Host Interrupt ACK */ 218#define SMB_USE_OOB (1 << 2) /* Use OOB Wakeup */ 219#define SMB_DEV_INT (1 << 3) /* Miscellaneous Interrupt */ 220 221/* tosbmailboxdata */ 222#define SMB_DATA_VERSION_SHIFT 16 /* host protocol version */ 223 224/* 225 * Software allocation of To Host Mailbox resources 226 */ 227 228/* intstatus bits */ 229#define I_HMB_FC_STATE I_HMB_SW0 /* Flow Control State */ 230#define I_HMB_FC_CHANGE I_HMB_SW1 /* Flow Control State Changed */ 231#define I_HMB_FRAME_IND I_HMB_SW2 /* Frame Indication */ 232#define I_HMB_HOST_INT I_HMB_SW3 /* Miscellaneous Interrupt */ 233 234/* tohostmailboxdata */ 235#define HMB_DATA_NAKHANDLED 1 /* retransmit NAK'd frame */ 236#define HMB_DATA_DEVREADY 2 /* talk to host after enable */ 237#define HMB_DATA_FC 4 /* per prio flowcontrol update flag */ 238#define HMB_DATA_FWREADY 8 /* fw ready for protocol activity */ 239 240#define HMB_DATA_FCDATA_MASK 0xff000000 241#define HMB_DATA_FCDATA_SHIFT 24 242 243#define HMB_DATA_VERSION_MASK 0x00ff0000 244#define HMB_DATA_VERSION_SHIFT 16 245 246/* 247 * Software-defined protocol header 248 */ 249 250/* Current protocol version */ 251#define SDPCM_PROT_VERSION 4 252 253/* SW frame header */ 254#define SDPCM_PACKET_SEQUENCE(p) (((u8 *)p)[0] & 0xff) 255 256#define SDPCM_CHANNEL_MASK 0x00000f00 257#define SDPCM_CHANNEL_SHIFT 8 258#define SDPCM_PACKET_CHANNEL(p) (((u8 *)p)[1] & 0x0f) 259 260#define SDPCM_NEXTLEN_OFFSET 2 261 262/* Data Offset from SOF (HW Tag, SW Tag, Pad) */ 263#define SDPCM_DOFFSET_OFFSET 3 /* Data Offset */ 264#define SDPCM_DOFFSET_VALUE(p) (((u8 *)p)[SDPCM_DOFFSET_OFFSET] & 0xff) 265#define SDPCM_DOFFSET_MASK 0xff000000 266#define SDPCM_DOFFSET_SHIFT 24 267#define SDPCM_FCMASK_OFFSET 4 /* Flow control */ 268#define SDPCM_FCMASK_VALUE(p) (((u8 *)p)[SDPCM_FCMASK_OFFSET] & 0xff) 269#define SDPCM_WINDOW_OFFSET 5 /* Credit based fc */ 270#define SDPCM_WINDOW_VALUE(p) (((u8 *)p)[SDPCM_WINDOW_OFFSET] & 0xff) 271 272#define SDPCM_SWHEADER_LEN 8 /* SW header is 64 bits */ 273 274/* logical channel numbers */ 275#define SDPCM_CONTROL_CHANNEL 0 /* Control channel Id */ 276#define SDPCM_EVENT_CHANNEL 1 /* Asyc Event Indication Channel Id */ 277#define SDPCM_DATA_CHANNEL 2 /* Data Xmit/Recv Channel Id */ 278#define SDPCM_GLOM_CHANNEL 3 /* For coalesced packets */ 279#define SDPCM_TEST_CHANNEL 15 /* Reserved for test/debug packets */ 280 281#define SDPCM_SEQUENCE_WRAP 256 /* wrap-around val for 8bit frame seq */ 282 283#define SDPCM_GLOMDESC(p) (((u8 *)p)[1] & 0x80) 284 285/* 286 * Shared structure between dongle and the host. 287 * The structure contains pointers to trap or assert information. 288 */ 289#define SDPCM_SHARED_VERSION 0x0003 290#define SDPCM_SHARED_VERSION_MASK 0x00FF 291#define SDPCM_SHARED_ASSERT_BUILT 0x0100 292#define SDPCM_SHARED_ASSERT 0x0200 293#define SDPCM_SHARED_TRAP 0x0400 294 295/* Space for header read, limit for data packets */ 296#define MAX_HDR_READ (1 << 6) 297#define MAX_RX_DATASZ 2048 298 299/* Maximum milliseconds to wait for F2 to come up */ 300#define BRCMF_WAIT_F2RDY 3000 301 302/* Bump up limit on waiting for HT to account for first startup; 303 * if the image is doing a CRC calculation before programming the PMU 304 * for HT availability, it could take a couple hundred ms more, so 305 * max out at a 1 second (1000000us). 306 */ 307#undef PMU_MAX_TRANSITION_DLY 308#define PMU_MAX_TRANSITION_DLY 1000000 309 310/* Value for ChipClockCSR during initial setup */ 311#define BRCMF_INIT_CLKCTL1 (SBSDIO_FORCE_HW_CLKREQ_OFF | \ 312 SBSDIO_ALP_AVAIL_REQ) 313 314/* Flags for SDH calls */ 315#define F2SYNC (SDIO_REQ_4BYTE | SDIO_REQ_FIXED) 316 317#define BRCMF_SDIO_FW_NAME "brcm/brcmfmac-sdio.bin" 318#define BRCMF_SDIO_NV_NAME "brcm/brcmfmac-sdio.txt" 319MODULE_FIRMWARE(BRCMF_SDIO_FW_NAME); 320MODULE_FIRMWARE(BRCMF_SDIO_NV_NAME); 321 322#define BRCMF_IDLE_IMMEDIATE (-1) /* Enter idle immediately */ 323#define BRCMF_IDLE_ACTIVE 0 /* Do not request any SD clock change 324 * when idle 325 */ 326#define BRCMF_IDLE_INTERVAL 1 327 328/* 329 * Conversion of 802.1D priority to precedence level 330 */ 331static uint prio2prec(u32 prio) 332{ 333 return (prio == PRIO_8021D_NONE || prio == PRIO_8021D_BE) ? 334 (prio^2) : prio; 335} 336 337/* core registers */ 338struct sdpcmd_regs { 339 u32 corecontrol; /* 0x00, rev8 */ 340 u32 corestatus; /* rev8 */ 341 u32 PAD[1]; 342 u32 biststatus; /* rev8 */ 343 344 /* PCMCIA access */ 345 u16 pcmciamesportaladdr; /* 0x010, rev8 */ 346 u16 PAD[1]; 347 u16 pcmciamesportalmask; /* rev8 */ 348 u16 PAD[1]; 349 u16 pcmciawrframebc; /* rev8 */ 350 u16 PAD[1]; 351 u16 pcmciaunderflowtimer; /* rev8 */ 352 u16 PAD[1]; 353 354 /* interrupt */ 355 u32 intstatus; /* 0x020, rev8 */ 356 u32 hostintmask; /* rev8 */ 357 u32 intmask; /* rev8 */ 358 u32 sbintstatus; /* rev8 */ 359 u32 sbintmask; /* rev8 */ 360 u32 funcintmask; /* rev4 */ 361 u32 PAD[2]; 362 u32 tosbmailbox; /* 0x040, rev8 */ 363 u32 tohostmailbox; /* rev8 */ 364 u32 tosbmailboxdata; /* rev8 */ 365 u32 tohostmailboxdata; /* rev8 */ 366 367 /* synchronized access to registers in SDIO clock domain */ 368 u32 sdioaccess; /* 0x050, rev8 */ 369 u32 PAD[3]; 370 371 /* PCMCIA frame control */ 372 u8 pcmciaframectrl; /* 0x060, rev8 */ 373 u8 PAD[3]; 374 u8 pcmciawatermark; /* rev8 */ 375 u8 PAD[155]; 376 377 /* interrupt batching control */ 378 u32 intrcvlazy; /* 0x100, rev8 */ 379 u32 PAD[3]; 380 381 /* counters */ 382 u32 cmd52rd; /* 0x110, rev8 */ 383 u32 cmd52wr; /* rev8 */ 384 u32 cmd53rd; /* rev8 */ 385 u32 cmd53wr; /* rev8 */ 386 u32 abort; /* rev8 */ 387 u32 datacrcerror; /* rev8 */ 388 u32 rdoutofsync; /* rev8 */ 389 u32 wroutofsync; /* rev8 */ 390 u32 writebusy; /* rev8 */ 391 u32 readwait; /* rev8 */ 392 u32 readterm; /* rev8 */ 393 u32 writeterm; /* rev8 */ 394 u32 PAD[40]; 395 u32 clockctlstatus; /* rev8 */ 396 u32 PAD[7]; 397 398 u32 PAD[128]; /* DMA engines */ 399 400 /* SDIO/PCMCIA CIS region */ 401 char cis[512]; /* 0x400-0x5ff, rev6 */ 402 403 /* PCMCIA function control registers */ 404 char pcmciafcr[256]; /* 0x600-6ff, rev6 */ 405 u16 PAD[55]; 406 407 /* PCMCIA backplane access */ 408 u16 backplanecsr; /* 0x76E, rev6 */ 409 u16 backplaneaddr0; /* rev6 */ 410 u16 backplaneaddr1; /* rev6 */ 411 u16 backplaneaddr2; /* rev6 */ 412 u16 backplaneaddr3; /* rev6 */ 413 u16 backplanedata0; /* rev6 */ 414 u16 backplanedata1; /* rev6 */ 415 u16 backplanedata2; /* rev6 */ 416 u16 backplanedata3; /* rev6 */ 417 u16 PAD[31]; 418 419 /* sprom "size" & "blank" info */ 420 u16 spromstatus; /* 0x7BE, rev2 */ 421 u32 PAD[464]; 422 423 u16 PAD[0x80]; 424}; 425 426#ifdef DEBUG 427/* Device console log buffer state */ 428struct brcmf_console { 429 uint count; /* Poll interval msec counter */ 430 uint log_addr; /* Log struct address (fixed) */ 431 struct rte_log_le log_le; /* Log struct (host copy) */ 432 uint bufsize; /* Size of log buffer */ 433 u8 *buf; /* Log buffer (host copy) */ 434 uint last; /* Last buffer read index */ 435}; 436 437struct brcmf_trap_info { 438 __le32 type; 439 __le32 epc; 440 __le32 cpsr; 441 __le32 spsr; 442 __le32 r0; /* a1 */ 443 __le32 r1; /* a2 */ 444 __le32 r2; /* a3 */ 445 __le32 r3; /* a4 */ 446 __le32 r4; /* v1 */ 447 __le32 r5; /* v2 */ 448 __le32 r6; /* v3 */ 449 __le32 r7; /* v4 */ 450 __le32 r8; /* v5 */ 451 __le32 r9; /* sb/v6 */ 452 __le32 r10; /* sl/v7 */ 453 __le32 r11; /* fp/v8 */ 454 __le32 r12; /* ip */ 455 __le32 r13; /* sp */ 456 __le32 r14; /* lr */ 457 __le32 pc; /* r15 */ 458}; 459#endif /* DEBUG */ 460 461struct sdpcm_shared { 462 u32 flags; 463 u32 trap_addr; 464 u32 assert_exp_addr; 465 u32 assert_file_addr; 466 u32 assert_line; 467 u32 console_addr; /* Address of struct rte_console */ 468 u32 msgtrace_addr; 469 u8 tag[32]; 470 u32 brpt_addr; 471}; 472 473struct sdpcm_shared_le { 474 __le32 flags; 475 __le32 trap_addr; 476 __le32 assert_exp_addr; 477 __le32 assert_file_addr; 478 __le32 assert_line; 479 __le32 console_addr; /* Address of struct rte_console */ 480 __le32 msgtrace_addr; 481 u8 tag[32]; 482 __le32 brpt_addr; 483}; 484 485/* SDIO read frame info */ 486struct brcmf_sdio_read { 487 u8 seq_num; 488 u8 channel; 489 u16 len; 490 u16 len_left; 491 u16 len_nxtfrm; 492 u8 dat_offset; 493}; 494 495/* misc chip info needed by some of the routines */ 496/* Private data for SDIO bus interaction */ 497struct brcmf_sdio { 498 struct brcmf_sdio_dev *sdiodev; /* sdio device handler */ 499 struct chip_info *ci; /* Chip info struct */ 500 char *vars; /* Variables (from CIS and/or other) */ 501 uint varsz; /* Size of variables buffer */ 502 503 u32 ramsize; /* Size of RAM in SOCRAM (bytes) */ 504 505 u32 hostintmask; /* Copy of Host Interrupt Mask */ 506 atomic_t intstatus; /* Intstatus bits (events) pending */ 507 atomic_t fcstate; /* State of dongle flow-control */ 508 509 uint blocksize; /* Block size of SDIO transfers */ 510 uint roundup; /* Max roundup limit */ 511 512 struct pktq txq; /* Queue length used for flow-control */ 513 u8 flowcontrol; /* per prio flow control bitmask */ 514 u8 tx_seq; /* Transmit sequence number (next) */ 515 u8 tx_max; /* Maximum transmit sequence allowed */ 516 517 u8 hdrbuf[MAX_HDR_READ + BRCMF_SDALIGN]; 518 u8 *rxhdr; /* Header of current rx frame (in hdrbuf) */ 519 u8 rx_seq; /* Receive sequence number (expected) */ 520 struct brcmf_sdio_read cur_read; 521 /* info of current read frame */ 522 bool rxskip; /* Skip receive (awaiting NAK ACK) */ 523 bool rxpending; /* Data frame pending in dongle */ 524 525 uint rxbound; /* Rx frames to read before resched */ 526 uint txbound; /* Tx frames to send before resched */ 527 uint txminmax; 528 529 struct sk_buff *glomd; /* Packet containing glomming descriptor */ 530 struct sk_buff_head glom; /* Packet list for glommed superframe */ 531 uint glomerr; /* Glom packet read errors */ 532 533 u8 *rxbuf; /* Buffer for receiving control packets */ 534 uint rxblen; /* Allocated length of rxbuf */ 535 u8 *rxctl; /* Aligned pointer into rxbuf */ 536 u8 *rxctl_orig; /* pointer for freeing rxctl */ 537 u8 *databuf; /* Buffer for receiving big glom packet */ 538 u8 *dataptr; /* Aligned pointer into databuf */ 539 uint rxlen; /* Length of valid data in buffer */ 540 spinlock_t rxctl_lock; /* protection lock for ctrl frame resources */ 541 542 u8 sdpcm_ver; /* Bus protocol reported by dongle */ 543 544 bool intr; /* Use interrupts */ 545 bool poll; /* Use polling */ 546 atomic_t ipend; /* Device interrupt is pending */ 547 uint spurious; /* Count of spurious interrupts */ 548 uint pollrate; /* Ticks between device polls */ 549 uint polltick; /* Tick counter */ 550 551#ifdef DEBUG 552 uint console_interval; 553 struct brcmf_console console; /* Console output polling support */ 554 uint console_addr; /* Console address from shared struct */ 555#endif /* DEBUG */ 556 557 uint clkstate; /* State of sd and backplane clock(s) */ 558 bool activity; /* Activity flag for clock down */ 559 s32 idletime; /* Control for activity timeout */ 560 s32 idlecount; /* Activity timeout counter */ 561 s32 idleclock; /* How to set bus driver when idle */ 562 s32 sd_rxchain; 563 bool use_rxchain; /* If brcmf should use PKT chains */ 564 bool rxflow_mode; /* Rx flow control mode */ 565 bool rxflow; /* Is rx flow control on */ 566 bool alp_only; /* Don't use HT clock (ALP only) */ 567 568 u8 *ctrl_frame_buf; 569 u32 ctrl_frame_len; 570 bool ctrl_frame_stat; 571 572 spinlock_t txqlock; 573 wait_queue_head_t ctrl_wait; 574 wait_queue_head_t dcmd_resp_wait; 575 576 struct timer_list timer; 577 struct completion watchdog_wait; 578 struct task_struct *watchdog_tsk; 579 bool wd_timer_valid; 580 uint save_ms; 581 582 struct workqueue_struct *brcmf_wq; 583 struct work_struct datawork; 584 struct list_head dpc_tsklst; 585 spinlock_t dpc_tl_lock; 586 587 const struct firmware *firmware; 588 u32 fw_ptr; 589 590 bool txoff; /* Transmit flow-controlled */ 591 struct brcmf_sdio_count sdcnt; 592}; 593 594/* clkstate */ 595#define CLK_NONE 0 596#define CLK_SDONLY 1 597#define CLK_PENDING 2 /* Not used yet */ 598#define CLK_AVAIL 3 599 600#ifdef DEBUG 601static int qcount[NUMPRIO]; 602static int tx_packets[NUMPRIO]; 603#endif /* DEBUG */ 604 605#define SDIO_DRIVE_STRENGTH 6 /* in milliamps */ 606 607#define RETRYCHAN(chan) ((chan) == SDPCM_EVENT_CHANNEL) 608 609/* Retry count for register access failures */ 610static const uint retry_limit = 2; 611 612/* Limit on rounding up frames */ 613static const uint max_roundup = 512; 614 615#define ALIGNMENT 4 616 617enum brcmf_sdio_frmtype { 618 BRCMF_SDIO_FT_NORMAL, 619 BRCMF_SDIO_FT_SUPER, 620 BRCMF_SDIO_FT_SUB, 621}; 622 623static void pkt_align(struct sk_buff *p, int len, int align) 624{ 625 uint datalign; 626 datalign = (unsigned long)(p->data); 627 datalign = roundup(datalign, (align)) - datalign; 628 if (datalign) 629 skb_pull(p, datalign); 630 __skb_trim(p, len); 631} 632 633/* To check if there's window offered */ 634static bool data_ok(struct brcmf_sdio *bus) 635{ 636 return (u8)(bus->tx_max - bus->tx_seq) != 0 && 637 ((u8)(bus->tx_max - bus->tx_seq) & 0x80) == 0; 638} 639 640/* 641 * Reads a register in the SDIO hardware block. This block occupies a series of 642 * adresses on the 32 bit backplane bus. 643 */ 644static int 645r_sdreg32(struct brcmf_sdio *bus, u32 *regvar, u32 offset) 646{ 647 u8 idx = brcmf_sdio_chip_getinfidx(bus->ci, BCMA_CORE_SDIO_DEV); 648 int ret; 649 650 *regvar = brcmf_sdio_regrl(bus->sdiodev, 651 bus->ci->c_inf[idx].base + offset, &ret); 652 653 return ret; 654} 655 656static int 657w_sdreg32(struct brcmf_sdio *bus, u32 regval, u32 reg_offset) 658{ 659 u8 idx = brcmf_sdio_chip_getinfidx(bus->ci, BCMA_CORE_SDIO_DEV); 660 int ret; 661 662 brcmf_sdio_regwl(bus->sdiodev, 663 bus->ci->c_inf[idx].base + reg_offset, 664 regval, &ret); 665 666 return ret; 667} 668 669#define PKT_AVAILABLE() (intstatus & I_HMB_FRAME_IND) 670 671#define HOSTINTMASK (I_HMB_SW_MASK | I_CHIPACTIVE) 672 673/* Turn backplane clock on or off */ 674static int brcmf_sdbrcm_htclk(struct brcmf_sdio *bus, bool on, bool pendok) 675{ 676 int err; 677 u8 clkctl, clkreq, devctl; 678 unsigned long timeout; 679 680 brcmf_dbg(TRACE, "Enter\n"); 681 682 clkctl = 0; 683 684 if (on) { 685 /* Request HT Avail */ 686 clkreq = 687 bus->alp_only ? SBSDIO_ALP_AVAIL_REQ : SBSDIO_HT_AVAIL_REQ; 688 689 brcmf_sdio_regwb(bus->sdiodev, SBSDIO_FUNC1_CHIPCLKCSR, 690 clkreq, &err); 691 if (err) { 692 brcmf_dbg(ERROR, "HT Avail request error: %d\n", err); 693 return -EBADE; 694 } 695 696 /* Check current status */ 697 clkctl = brcmf_sdio_regrb(bus->sdiodev, 698 SBSDIO_FUNC1_CHIPCLKCSR, &err); 699 if (err) { 700 brcmf_dbg(ERROR, "HT Avail read error: %d\n", err); 701 return -EBADE; 702 } 703 704 /* Go to pending and await interrupt if appropriate */ 705 if (!SBSDIO_CLKAV(clkctl, bus->alp_only) && pendok) { 706 /* Allow only clock-available interrupt */ 707 devctl = brcmf_sdio_regrb(bus->sdiodev, 708 SBSDIO_DEVICE_CTL, &err); 709 if (err) { 710 brcmf_dbg(ERROR, "Devctl error setting CA: %d\n", 711 err); 712 return -EBADE; 713 } 714 715 devctl |= SBSDIO_DEVCTL_CA_INT_ONLY; 716 brcmf_sdio_regwb(bus->sdiodev, SBSDIO_DEVICE_CTL, 717 devctl, &err); 718 brcmf_dbg(INFO, "CLKCTL: set PENDING\n"); 719 bus->clkstate = CLK_PENDING; 720 721 return 0; 722 } else if (bus->clkstate == CLK_PENDING) { 723 /* Cancel CA-only interrupt filter */ 724 devctl = brcmf_sdio_regrb(bus->sdiodev, 725 SBSDIO_DEVICE_CTL, &err); 726 devctl &= ~SBSDIO_DEVCTL_CA_INT_ONLY; 727 brcmf_sdio_regwb(bus->sdiodev, SBSDIO_DEVICE_CTL, 728 devctl, &err); 729 } 730 731 /* Otherwise, wait here (polling) for HT Avail */ 732 timeout = jiffies + 733 msecs_to_jiffies(PMU_MAX_TRANSITION_DLY/1000); 734 while (!SBSDIO_CLKAV(clkctl, bus->alp_only)) { 735 clkctl = brcmf_sdio_regrb(bus->sdiodev, 736 SBSDIO_FUNC1_CHIPCLKCSR, 737 &err); 738 if (time_after(jiffies, timeout)) 739 break; 740 else 741 usleep_range(5000, 10000); 742 } 743 if (err) { 744 brcmf_dbg(ERROR, "HT Avail request error: %d\n", err); 745 return -EBADE; 746 } 747 if (!SBSDIO_CLKAV(clkctl, bus->alp_only)) { 748 brcmf_dbg(ERROR, "HT Avail timeout (%d): clkctl 0x%02x\n", 749 PMU_MAX_TRANSITION_DLY, clkctl); 750 return -EBADE; 751 } 752 753 /* Mark clock available */ 754 bus->clkstate = CLK_AVAIL; 755 brcmf_dbg(INFO, "CLKCTL: turned ON\n"); 756 757#if defined(DEBUG) 758 if (!bus->alp_only) { 759 if (SBSDIO_ALPONLY(clkctl)) 760 brcmf_dbg(ERROR, "HT Clock should be on\n"); 761 } 762#endif /* defined (DEBUG) */ 763 764 bus->activity = true; 765 } else { 766 clkreq = 0; 767 768 if (bus->clkstate == CLK_PENDING) { 769 /* Cancel CA-only interrupt filter */ 770 devctl = brcmf_sdio_regrb(bus->sdiodev, 771 SBSDIO_DEVICE_CTL, &err); 772 devctl &= ~SBSDIO_DEVCTL_CA_INT_ONLY; 773 brcmf_sdio_regwb(bus->sdiodev, SBSDIO_DEVICE_CTL, 774 devctl, &err); 775 } 776 777 bus->clkstate = CLK_SDONLY; 778 brcmf_sdio_regwb(bus->sdiodev, SBSDIO_FUNC1_CHIPCLKCSR, 779 clkreq, &err); 780 brcmf_dbg(INFO, "CLKCTL: turned OFF\n"); 781 if (err) { 782 brcmf_dbg(ERROR, "Failed access turning clock off: %d\n", 783 err); 784 return -EBADE; 785 } 786 } 787 return 0; 788} 789 790/* Change idle/active SD state */ 791static int brcmf_sdbrcm_sdclk(struct brcmf_sdio *bus, bool on) 792{ 793 brcmf_dbg(TRACE, "Enter\n"); 794 795 if (on) 796 bus->clkstate = CLK_SDONLY; 797 else 798 bus->clkstate = CLK_NONE; 799 800 return 0; 801} 802 803/* Transition SD and backplane clock readiness */ 804static int brcmf_sdbrcm_clkctl(struct brcmf_sdio *bus, uint target, bool pendok) 805{ 806#ifdef DEBUG 807 uint oldstate = bus->clkstate; 808#endif /* DEBUG */ 809 810 brcmf_dbg(TRACE, "Enter\n"); 811 812 /* Early exit if we're already there */ 813 if (bus->clkstate == target) { 814 if (target == CLK_AVAIL) { 815 brcmf_sdbrcm_wd_timer(bus, BRCMF_WD_POLL_MS); 816 bus->activity = true; 817 } 818 return 0; 819 } 820 821 switch (target) { 822 case CLK_AVAIL: 823 /* Make sure SD clock is available */ 824 if (bus->clkstate == CLK_NONE) 825 brcmf_sdbrcm_sdclk(bus, true); 826 /* Now request HT Avail on the backplane */ 827 brcmf_sdbrcm_htclk(bus, true, pendok); 828 brcmf_sdbrcm_wd_timer(bus, BRCMF_WD_POLL_MS); 829 bus->activity = true; 830 break; 831 832 case CLK_SDONLY: 833 /* Remove HT request, or bring up SD clock */ 834 if (bus->clkstate == CLK_NONE) 835 brcmf_sdbrcm_sdclk(bus, true); 836 else if (bus->clkstate == CLK_AVAIL) 837 brcmf_sdbrcm_htclk(bus, false, false); 838 else 839 brcmf_dbg(ERROR, "request for %d -> %d\n", 840 bus->clkstate, target); 841 brcmf_sdbrcm_wd_timer(bus, BRCMF_WD_POLL_MS); 842 break; 843 844 case CLK_NONE: 845 /* Make sure to remove HT request */ 846 if (bus->clkstate == CLK_AVAIL) 847 brcmf_sdbrcm_htclk(bus, false, false); 848 /* Now remove the SD clock */ 849 brcmf_sdbrcm_sdclk(bus, false); 850 brcmf_sdbrcm_wd_timer(bus, 0); 851 break; 852 } 853#ifdef DEBUG 854 brcmf_dbg(INFO, "%d -> %d\n", oldstate, bus->clkstate); 855#endif /* DEBUG */ 856 857 return 0; 858} 859 860static u32 brcmf_sdbrcm_hostmail(struct brcmf_sdio *bus) 861{ 862 u32 intstatus = 0; 863 u32 hmb_data; 864 u8 fcbits; 865 int ret; 866 867 brcmf_dbg(TRACE, "Enter\n"); 868 869 /* Read mailbox data and ack that we did so */ 870 ret = r_sdreg32(bus, &hmb_data, 871 offsetof(struct sdpcmd_regs, tohostmailboxdata)); 872 873 if (ret == 0) 874 w_sdreg32(bus, SMB_INT_ACK, 875 offsetof(struct sdpcmd_regs, tosbmailbox)); 876 bus->sdcnt.f1regdata += 2; 877 878 /* Dongle recomposed rx frames, accept them again */ 879 if (hmb_data & HMB_DATA_NAKHANDLED) { 880 brcmf_dbg(INFO, "Dongle reports NAK handled, expect rtx of %d\n", 881 bus->rx_seq); 882 if (!bus->rxskip) 883 brcmf_dbg(ERROR, "unexpected NAKHANDLED!\n"); 884 885 bus->rxskip = false; 886 intstatus |= I_HMB_FRAME_IND; 887 } 888 889 /* 890 * DEVREADY does not occur with gSPI. 891 */ 892 if (hmb_data & (HMB_DATA_DEVREADY | HMB_DATA_FWREADY)) { 893 bus->sdpcm_ver = 894 (hmb_data & HMB_DATA_VERSION_MASK) >> 895 HMB_DATA_VERSION_SHIFT; 896 if (bus->sdpcm_ver != SDPCM_PROT_VERSION) 897 brcmf_dbg(ERROR, "Version mismatch, dongle reports %d, " 898 "expecting %d\n", 899 bus->sdpcm_ver, SDPCM_PROT_VERSION); 900 else 901 brcmf_dbg(INFO, "Dongle ready, protocol version %d\n", 902 bus->sdpcm_ver); 903 } 904 905 /* 906 * Flow Control has been moved into the RX headers and this out of band 907 * method isn't used any more. 908 * remaining backward compatible with older dongles. 909 */ 910 if (hmb_data & HMB_DATA_FC) { 911 fcbits = (hmb_data & HMB_DATA_FCDATA_MASK) >> 912 HMB_DATA_FCDATA_SHIFT; 913 914 if (fcbits & ~bus->flowcontrol) 915 bus->sdcnt.fc_xoff++; 916 917 if (bus->flowcontrol & ~fcbits) 918 bus->sdcnt.fc_xon++; 919 920 bus->sdcnt.fc_rcvd++; 921 bus->flowcontrol = fcbits; 922 } 923 924 /* Shouldn't be any others */ 925 if (hmb_data & ~(HMB_DATA_DEVREADY | 926 HMB_DATA_NAKHANDLED | 927 HMB_DATA_FC | 928 HMB_DATA_FWREADY | 929 HMB_DATA_FCDATA_MASK | HMB_DATA_VERSION_MASK)) 930 brcmf_dbg(ERROR, "Unknown mailbox data content: 0x%02x\n", 931 hmb_data); 932 933 return intstatus; 934} 935 936static void brcmf_sdbrcm_rxfail(struct brcmf_sdio *bus, bool abort, bool rtx) 937{ 938 uint retries = 0; 939 u16 lastrbc; 940 u8 hi, lo; 941 int err; 942 943 brcmf_dbg(ERROR, "%sterminate frame%s\n", 944 abort ? "abort command, " : "", 945 rtx ? ", send NAK" : ""); 946 947 if (abort) 948 brcmf_sdcard_abort(bus->sdiodev, SDIO_FUNC_2); 949 950 brcmf_sdio_regwb(bus->sdiodev, SBSDIO_FUNC1_FRAMECTRL, 951 SFC_RF_TERM, &err); 952 bus->sdcnt.f1regdata++; 953 954 /* Wait until the packet has been flushed (device/FIFO stable) */ 955 for (lastrbc = retries = 0xffff; retries > 0; retries--) { 956 hi = brcmf_sdio_regrb(bus->sdiodev, 957 SBSDIO_FUNC1_RFRAMEBCHI, &err); 958 lo = brcmf_sdio_regrb(bus->sdiodev, 959 SBSDIO_FUNC1_RFRAMEBCLO, &err); 960 bus->sdcnt.f1regdata += 2; 961 962 if ((hi == 0) && (lo == 0)) 963 break; 964 965 if ((hi > (lastrbc >> 8)) && (lo > (lastrbc & 0x00ff))) { 966 brcmf_dbg(ERROR, "count growing: last 0x%04x now 0x%04x\n", 967 lastrbc, (hi << 8) + lo); 968 } 969 lastrbc = (hi << 8) + lo; 970 } 971 972 if (!retries) 973 brcmf_dbg(ERROR, "count never zeroed: last 0x%04x\n", lastrbc); 974 else 975 brcmf_dbg(INFO, "flush took %d iterations\n", 0xffff - retries); 976 977 if (rtx) { 978 bus->sdcnt.rxrtx++; 979 err = w_sdreg32(bus, SMB_NAK, 980 offsetof(struct sdpcmd_regs, tosbmailbox)); 981 982 bus->sdcnt.f1regdata++; 983 if (err == 0) 984 bus->rxskip = true; 985 } 986 987 /* Clear partial in any case */ 988 bus->cur_read.len = 0; 989 990 /* If we can't reach the device, signal failure */ 991 if (err) 992 bus->sdiodev->bus_if->state = BRCMF_BUS_DOWN; 993} 994 995/* copy a buffer into a pkt buffer chain */ 996static uint brcmf_sdbrcm_glom_from_buf(struct brcmf_sdio *bus, uint len) 997{ 998 uint n, ret = 0; 999 struct sk_buff *p; 1000 u8 *buf; 1001 1002 buf = bus->dataptr; 1003 1004 /* copy the data */ 1005 skb_queue_walk(&bus->glom, p) { 1006 n = min_t(uint, p->len, len); 1007 memcpy(p->data, buf, n); 1008 buf += n; 1009 len -= n; 1010 ret += n; 1011 if (!len) 1012 break; 1013 } 1014 1015 return ret; 1016} 1017 1018/* return total length of buffer chain */ 1019static uint brcmf_sdbrcm_glom_len(struct brcmf_sdio *bus) 1020{ 1021 struct sk_buff *p; 1022 uint total; 1023 1024 total = 0; 1025 skb_queue_walk(&bus->glom, p) 1026 total += p->len; 1027 return total; 1028} 1029 1030static void brcmf_sdbrcm_free_glom(struct brcmf_sdio *bus) 1031{ 1032 struct sk_buff *cur, *next; 1033 1034 skb_queue_walk_safe(&bus->glom, cur, next) { 1035 skb_unlink(cur, &bus->glom); 1036 brcmu_pkt_buf_free_skb(cur); 1037 } 1038} 1039 1040static int brcmf_sdio_hdparser(struct brcmf_sdio *bus, u8 *header, 1041 struct brcmf_sdio_read *rd, 1042 enum brcmf_sdio_frmtype type) 1043{ 1044 u16 len, checksum; 1045 u8 rx_seq, fc, tx_seq_max; 1046 1047 /* 1048 * 4 bytes hardware header (frame tag) 1049 * Byte 0~1: Frame length 1050 * Byte 2~3: Checksum, bit-wise inverse of frame length 1051 */ 1052 len = get_unaligned_le16(header); 1053 checksum = get_unaligned_le16(header + sizeof(u16)); 1054 /* All zero means no more to read */ 1055 if (!(len | checksum)) { 1056 bus->rxpending = false; 1057 return -ENODATA; 1058 } 1059 if ((u16)(~(len ^ checksum))) { 1060 brcmf_dbg(ERROR, "HW header checksum error\n"); 1061 bus->sdcnt.rx_badhdr++; 1062 brcmf_sdbrcm_rxfail(bus, false, false); 1063 return -EIO; 1064 } 1065 if (len < SDPCM_HDRLEN) { 1066 brcmf_dbg(ERROR, "HW header length error\n"); 1067 return -EPROTO; 1068 } 1069 if (type == BRCMF_SDIO_FT_SUPER && 1070 (roundup(len, bus->blocksize) != rd->len)) { 1071 brcmf_dbg(ERROR, "HW superframe header length error\n"); 1072 return -EPROTO; 1073 } 1074 if (type == BRCMF_SDIO_FT_SUB && len > rd->len) { 1075 brcmf_dbg(ERROR, "HW subframe header length error\n"); 1076 return -EPROTO; 1077 } 1078 rd->len = len; 1079 1080 /* 1081 * 8 bytes hardware header 1082 * Byte 0: Rx sequence number 1083 * Byte 1: 4 MSB Channel number, 4 LSB arbitrary flag 1084 * Byte 2: Length of next data frame 1085 * Byte 3: Data offset 1086 * Byte 4: Flow control bits 1087 * Byte 5: Maximum Sequence number allow for Tx 1088 * Byte 6~7: Reserved 1089 */ 1090 if (type == BRCMF_SDIO_FT_SUPER && 1091 SDPCM_GLOMDESC(&header[SDPCM_FRAMETAG_LEN])) { 1092 brcmf_dbg(ERROR, "Glom descriptor found in superframe head\n"); 1093 rd->len = 0; 1094 return -EINVAL; 1095 } 1096 rx_seq = SDPCM_PACKET_SEQUENCE(&header[SDPCM_FRAMETAG_LEN]); 1097 rd->channel = SDPCM_PACKET_CHANNEL(&header[SDPCM_FRAMETAG_LEN]); 1098 if (len > MAX_RX_DATASZ && rd->channel != SDPCM_CONTROL_CHANNEL && 1099 type != BRCMF_SDIO_FT_SUPER) { 1100 brcmf_dbg(ERROR, "HW header length too long\n"); 1101 bus->sdiodev->bus_if->dstats.rx_errors++; 1102 bus->sdcnt.rx_toolong++; 1103 brcmf_sdbrcm_rxfail(bus, false, false); 1104 rd->len = 0; 1105 return -EPROTO; 1106 } 1107 if (type == BRCMF_SDIO_FT_SUPER && rd->channel != SDPCM_GLOM_CHANNEL) { 1108 brcmf_dbg(ERROR, "Wrong channel for superframe\n"); 1109 rd->len = 0; 1110 return -EINVAL; 1111 } 1112 if (type == BRCMF_SDIO_FT_SUB && rd->channel != SDPCM_DATA_CHANNEL && 1113 rd->channel != SDPCM_EVENT_CHANNEL) { 1114 brcmf_dbg(ERROR, "Wrong channel for subframe\n"); 1115 rd->len = 0; 1116 return -EINVAL; 1117 } 1118 rd->dat_offset = SDPCM_DOFFSET_VALUE(&header[SDPCM_FRAMETAG_LEN]); 1119 if (rd->dat_offset < SDPCM_HDRLEN || rd->dat_offset > rd->len) { 1120 brcmf_dbg(ERROR, "seq %d: bad data offset\n", rx_seq); 1121 bus->sdcnt.rx_badhdr++; 1122 brcmf_sdbrcm_rxfail(bus, false, false); 1123 rd->len = 0; 1124 return -ENXIO; 1125 } 1126 if (rd->seq_num != rx_seq) { 1127 brcmf_dbg(ERROR, "seq %d: sequence number error, expect %d\n", 1128 rx_seq, rd->seq_num); 1129 bus->sdcnt.rx_badseq++; 1130 rd->seq_num = rx_seq; 1131 } 1132 /* no need to check the reset for subframe */ 1133 if (type == BRCMF_SDIO_FT_SUB) 1134 return 0; 1135 rd->len_nxtfrm = header[SDPCM_FRAMETAG_LEN + SDPCM_NEXTLEN_OFFSET]; 1136 if (rd->len_nxtfrm << 4 > MAX_RX_DATASZ) { 1137 /* only warm for NON glom packet */ 1138 if (rd->channel != SDPCM_GLOM_CHANNEL) 1139 brcmf_dbg(ERROR, "seq %d: next length error\n", rx_seq); 1140 rd->len_nxtfrm = 0; 1141 } 1142 fc = SDPCM_FCMASK_VALUE(&header[SDPCM_FRAMETAG_LEN]); 1143 if (bus->flowcontrol != fc) { 1144 if (~bus->flowcontrol & fc) 1145 bus->sdcnt.fc_xoff++; 1146 if (bus->flowcontrol & ~fc) 1147 bus->sdcnt.fc_xon++; 1148 bus->sdcnt.fc_rcvd++; 1149 bus->flowcontrol = fc; 1150 } 1151 tx_seq_max = SDPCM_WINDOW_VALUE(&header[SDPCM_FRAMETAG_LEN]); 1152 if ((u8)(tx_seq_max - bus->tx_seq) > 0x40) { 1153 brcmf_dbg(ERROR, "seq %d: max tx seq number error\n", rx_seq); 1154 tx_seq_max = bus->tx_seq + 2; 1155 } 1156 bus->tx_max = tx_seq_max; 1157 1158 return 0; 1159} 1160 1161static u8 brcmf_sdbrcm_rxglom(struct brcmf_sdio *bus, u8 rxseq) 1162{ 1163 u16 dlen, totlen; 1164 u8 *dptr, num = 0; 1165 1166 u16 sublen; 1167 struct sk_buff *pfirst, *pnext; 1168 1169 int errcode; 1170 u8 doff, sfdoff; 1171 1172 int ifidx = 0; 1173 bool usechain = bus->use_rxchain; 1174 1175 struct brcmf_sdio_read rd_new; 1176 1177 /* If packets, issue read(s) and send up packet chain */ 1178 /* Return sequence numbers consumed? */ 1179 1180 brcmf_dbg(TRACE, "start: glomd %p glom %p\n", 1181 bus->glomd, skb_peek(&bus->glom)); 1182 1183 /* If there's a descriptor, generate the packet chain */ 1184 if (bus->glomd) { 1185 pfirst = pnext = NULL; 1186 dlen = (u16) (bus->glomd->len); 1187 dptr = bus->glomd->data; 1188 if (!dlen || (dlen & 1)) { 1189 brcmf_dbg(ERROR, "bad glomd len(%d), ignore descriptor\n", 1190 dlen); 1191 dlen = 0; 1192 } 1193 1194 for (totlen = num = 0; dlen; num++) { 1195 /* Get (and move past) next length */ 1196 sublen = get_unaligned_le16(dptr); 1197 dlen -= sizeof(u16); 1198 dptr += sizeof(u16); 1199 if ((sublen < SDPCM_HDRLEN) || 1200 ((num == 0) && (sublen < (2 * SDPCM_HDRLEN)))) { 1201 brcmf_dbg(ERROR, "descriptor len %d bad: %d\n", 1202 num, sublen); 1203 pnext = NULL; 1204 break; 1205 } 1206 if (sublen % BRCMF_SDALIGN) { 1207 brcmf_dbg(ERROR, "sublen %d not multiple of %d\n", 1208 sublen, BRCMF_SDALIGN); 1209 usechain = false; 1210 } 1211 totlen += sublen; 1212 1213 /* For last frame, adjust read len so total 1214 is a block multiple */ 1215 if (!dlen) { 1216 sublen += 1217 (roundup(totlen, bus->blocksize) - totlen); 1218 totlen = roundup(totlen, bus->blocksize); 1219 } 1220 1221 /* Allocate/chain packet for next subframe */ 1222 pnext = brcmu_pkt_buf_get_skb(sublen + BRCMF_SDALIGN); 1223 if (pnext == NULL) { 1224 brcmf_dbg(ERROR, "bcm_pkt_buf_get_skb failed, num %d len %d\n", 1225 num, sublen); 1226 break; 1227 } 1228 skb_queue_tail(&bus->glom, pnext); 1229 1230 /* Adhere to start alignment requirements */ 1231 pkt_align(pnext, sublen, BRCMF_SDALIGN); 1232 } 1233 1234 /* If all allocations succeeded, save packet chain 1235 in bus structure */ 1236 if (pnext) { 1237 brcmf_dbg(GLOM, "allocated %d-byte packet chain for %d subframes\n", 1238 totlen, num); 1239 if (BRCMF_GLOM_ON() && bus->cur_read.len && 1240 totlen != bus->cur_read.len) { 1241 brcmf_dbg(GLOM, "glomdesc mismatch: nextlen %d glomdesc %d rxseq %d\n", 1242 bus->cur_read.len, totlen, rxseq); 1243 } 1244 pfirst = pnext = NULL; 1245 } else { 1246 brcmf_sdbrcm_free_glom(bus); 1247 num = 0; 1248 } 1249 1250 /* Done with descriptor packet */ 1251 brcmu_pkt_buf_free_skb(bus->glomd); 1252 bus->glomd = NULL; 1253 bus->cur_read.len = 0; 1254 } 1255 1256 /* Ok -- either we just generated a packet chain, 1257 or had one from before */ 1258 if (!skb_queue_empty(&bus->glom)) { 1259 if (BRCMF_GLOM_ON()) { 1260 brcmf_dbg(GLOM, "try superframe read, packet chain:\n"); 1261 skb_queue_walk(&bus->glom, pnext) { 1262 brcmf_dbg(GLOM, " %p: %p len 0x%04x (%d)\n", 1263 pnext, (u8 *) (pnext->data), 1264 pnext->len, pnext->len); 1265 } 1266 } 1267 1268 pfirst = skb_peek(&bus->glom); 1269 dlen = (u16) brcmf_sdbrcm_glom_len(bus); 1270 1271 /* Do an SDIO read for the superframe. Configurable iovar to 1272 * read directly into the chained packet, or allocate a large 1273 * packet and and copy into the chain. 1274 */ 1275 sdio_claim_host(bus->sdiodev->func[1]); 1276 if (usechain) { 1277 errcode = brcmf_sdcard_recv_chain(bus->sdiodev, 1278 bus->sdiodev->sbwad, 1279 SDIO_FUNC_2, F2SYNC, &bus->glom); 1280 } else if (bus->dataptr) { 1281 errcode = brcmf_sdcard_recv_buf(bus->sdiodev, 1282 bus->sdiodev->sbwad, 1283 SDIO_FUNC_2, F2SYNC, 1284 bus->dataptr, dlen); 1285 sublen = (u16) brcmf_sdbrcm_glom_from_buf(bus, dlen); 1286 if (sublen != dlen) { 1287 brcmf_dbg(ERROR, "FAILED TO COPY, dlen %d sublen %d\n", 1288 dlen, sublen); 1289 errcode = -1; 1290 } 1291 pnext = NULL; 1292 } else { 1293 brcmf_dbg(ERROR, "COULDN'T ALLOC %d-BYTE GLOM, FORCE FAILURE\n", 1294 dlen); 1295 errcode = -1; 1296 } 1297 sdio_release_host(bus->sdiodev->func[1]); 1298 bus->sdcnt.f2rxdata++; 1299 1300 /* On failure, kill the superframe, allow a couple retries */ 1301 if (errcode < 0) { 1302 brcmf_dbg(ERROR, "glom read of %d bytes failed: %d\n", 1303 dlen, errcode); 1304 bus->sdiodev->bus_if->dstats.rx_errors++; 1305 1306 sdio_claim_host(bus->sdiodev->func[1]); 1307 if (bus->glomerr++ < 3) { 1308 brcmf_sdbrcm_rxfail(bus, true, true); 1309 } else { 1310 bus->glomerr = 0; 1311 brcmf_sdbrcm_rxfail(bus, true, false); 1312 bus->sdcnt.rxglomfail++; 1313 brcmf_sdbrcm_free_glom(bus); 1314 } 1315 sdio_release_host(bus->sdiodev->func[1]); 1316 return 0; 1317 } 1318 1319 brcmf_dbg_hex_dump(BRCMF_GLOM_ON(), 1320 pfirst->data, min_t(int, pfirst->len, 48), 1321 "SUPERFRAME:\n"); 1322 1323 rd_new.seq_num = rxseq; 1324 rd_new.len = dlen; 1325 sdio_claim_host(bus->sdiodev->func[1]); 1326 errcode = brcmf_sdio_hdparser(bus, pfirst->data, &rd_new, 1327 BRCMF_SDIO_FT_SUPER); 1328 sdio_release_host(bus->sdiodev->func[1]); 1329 bus->cur_read.len = rd_new.len_nxtfrm << 4; 1330 1331 /* Remove superframe header, remember offset */ 1332 skb_pull(pfirst, rd_new.dat_offset); 1333 sfdoff = rd_new.dat_offset; 1334 num = 0; 1335 1336 /* Validate all the subframe headers */ 1337 skb_queue_walk(&bus->glom, pnext) { 1338 /* leave when invalid subframe is found */ 1339 if (errcode) 1340 break; 1341 1342 rd_new.len = pnext->len; 1343 rd_new.seq_num = rxseq++; 1344 sdio_claim_host(bus->sdiodev->func[1]); 1345 errcode = brcmf_sdio_hdparser(bus, pnext->data, &rd_new, 1346 BRCMF_SDIO_FT_SUB); 1347 sdio_release_host(bus->sdiodev->func[1]); 1348 brcmf_dbg_hex_dump(BRCMF_GLOM_ON(), 1349 pnext->data, 32, "subframe:\n"); 1350 1351 num++; 1352 } 1353 1354 if (errcode) { 1355 /* Terminate frame on error, request 1356 a couple retries */ 1357 sdio_claim_host(bus->sdiodev->func[1]); 1358 if (bus->glomerr++ < 3) { 1359 /* Restore superframe header space */ 1360 skb_push(pfirst, sfdoff); 1361 brcmf_sdbrcm_rxfail(bus, true, true); 1362 } else { 1363 bus->glomerr = 0; 1364 brcmf_sdbrcm_rxfail(bus, true, false); 1365 bus->sdcnt.rxglomfail++; 1366 brcmf_sdbrcm_free_glom(bus); 1367 } 1368 sdio_release_host(bus->sdiodev->func[1]); 1369 bus->cur_read.len = 0; 1370 return 0; 1371 } 1372 1373 /* Basic SD framing looks ok - process each packet (header) */ 1374 1375 skb_queue_walk_safe(&bus->glom, pfirst, pnext) { 1376 dptr = (u8 *) (pfirst->data); 1377 sublen = get_unaligned_le16(dptr); 1378 doff = SDPCM_DOFFSET_VALUE(&dptr[SDPCM_FRAMETAG_LEN]); 1379 1380 brcmf_dbg_hex_dump(BRCMF_BYTES_ON() && BRCMF_DATA_ON(), 1381 dptr, pfirst->len, 1382 "Rx Subframe Data:\n"); 1383 1384 __skb_trim(pfirst, sublen); 1385 skb_pull(pfirst, doff); 1386 1387 if (pfirst->len == 0) { 1388 skb_unlink(pfirst, &bus->glom); 1389 brcmu_pkt_buf_free_skb(pfirst); 1390 continue; 1391 } else if (brcmf_proto_hdrpull(bus->sdiodev->dev, 1392 &ifidx, pfirst) != 0) { 1393 brcmf_dbg(ERROR, "rx protocol error\n"); 1394 bus->sdiodev->bus_if->dstats.rx_errors++; 1395 skb_unlink(pfirst, &bus->glom); 1396 brcmu_pkt_buf_free_skb(pfirst); 1397 continue; 1398 } 1399 1400 brcmf_dbg_hex_dump(BRCMF_GLOM_ON(), 1401 pfirst->data, 1402 min_t(int, pfirst->len, 32), 1403 "subframe %d to stack, %p (%p/%d) nxt/lnk %p/%p\n", 1404 bus->glom.qlen, pfirst, pfirst->data, 1405 pfirst->len, pfirst->next, 1406 pfirst->prev); 1407 } 1408 /* sent any remaining packets up */ 1409 if (bus->glom.qlen) 1410 brcmf_rx_frame(bus->sdiodev->dev, ifidx, &bus->glom); 1411 1412 bus->sdcnt.rxglomframes++; 1413 bus->sdcnt.rxglompkts += bus->glom.qlen; 1414 } 1415 return num; 1416} 1417 1418static int brcmf_sdbrcm_dcmd_resp_wait(struct brcmf_sdio *bus, uint *condition, 1419 bool *pending) 1420{ 1421 DECLARE_WAITQUEUE(wait, current); 1422 int timeout = msecs_to_jiffies(DCMD_RESP_TIMEOUT); 1423 1424 /* Wait until control frame is available */ 1425 add_wait_queue(&bus->dcmd_resp_wait, &wait); 1426 set_current_state(TASK_INTERRUPTIBLE); 1427 1428 while (!(*condition) && (!signal_pending(current) && timeout)) 1429 timeout = schedule_timeout(timeout); 1430 1431 if (signal_pending(current)) 1432 *pending = true; 1433 1434 set_current_state(TASK_RUNNING); 1435 remove_wait_queue(&bus->dcmd_resp_wait, &wait); 1436 1437 return timeout; 1438} 1439 1440static int brcmf_sdbrcm_dcmd_resp_wake(struct brcmf_sdio *bus) 1441{ 1442 if (waitqueue_active(&bus->dcmd_resp_wait)) 1443 wake_up_interruptible(&bus->dcmd_resp_wait); 1444 1445 return 0; 1446} 1447static void 1448brcmf_sdbrcm_read_control(struct brcmf_sdio *bus, u8 *hdr, uint len, uint doff) 1449{ 1450 uint rdlen, pad; 1451 u8 *buf = NULL, *rbuf; 1452 int sdret; 1453 1454 brcmf_dbg(TRACE, "Enter\n"); 1455 1456 if (bus->rxblen) 1457 buf = vzalloc(bus->rxblen); 1458 if (!buf) { 1459 brcmf_dbg(ERROR, "no memory for control frame\n"); 1460 goto done; 1461 } 1462 rbuf = bus->rxbuf; 1463 pad = ((unsigned long)rbuf % BRCMF_SDALIGN); 1464 if (pad) 1465 rbuf += (BRCMF_SDALIGN - pad); 1466 1467 /* Copy the already-read portion over */ 1468 memcpy(buf, hdr, BRCMF_FIRSTREAD); 1469 if (len <= BRCMF_FIRSTREAD) 1470 goto gotpkt; 1471 1472 /* Raise rdlen to next SDIO block to avoid tail command */ 1473 rdlen = len - BRCMF_FIRSTREAD; 1474 if (bus->roundup && bus->blocksize && (rdlen > bus->blocksize)) { 1475 pad = bus->blocksize - (rdlen % bus->blocksize); 1476 if ((pad <= bus->roundup) && (pad < bus->blocksize) && 1477 ((len + pad) < bus->sdiodev->bus_if->maxctl)) 1478 rdlen += pad; 1479 } else if (rdlen % BRCMF_SDALIGN) { 1480 rdlen += BRCMF_SDALIGN - (rdlen % BRCMF_SDALIGN); 1481 } 1482 1483 /* Satisfy length-alignment requirements */ 1484 if (rdlen & (ALIGNMENT - 1)) 1485 rdlen = roundup(rdlen, ALIGNMENT); 1486 1487 /* Drop if the read is too big or it exceeds our maximum */ 1488 if ((rdlen + BRCMF_FIRSTREAD) > bus->sdiodev->bus_if->maxctl) { 1489 brcmf_dbg(ERROR, "%d-byte control read exceeds %d-byte buffer\n", 1490 rdlen, bus->sdiodev->bus_if->maxctl); 1491 bus->sdiodev->bus_if->dstats.rx_errors++; 1492 brcmf_sdbrcm_rxfail(bus, false, false); 1493 goto done; 1494 } 1495 1496 if ((len - doff) > bus->sdiodev->bus_if->maxctl) { 1497 brcmf_dbg(ERROR, "%d-byte ctl frame (%d-byte ctl data) exceeds %d-byte limit\n", 1498 len, len - doff, bus->sdiodev->bus_if->maxctl); 1499 bus->sdiodev->bus_if->dstats.rx_errors++; 1500 bus->sdcnt.rx_toolong++; 1501 brcmf_sdbrcm_rxfail(bus, false, false); 1502 goto done; 1503 } 1504 1505 /* Read remain of frame body */ 1506 sdret = brcmf_sdcard_recv_buf(bus->sdiodev, 1507 bus->sdiodev->sbwad, 1508 SDIO_FUNC_2, 1509 F2SYNC, rbuf, rdlen); 1510 bus->sdcnt.f2rxdata++; 1511 1512 /* Control frame failures need retransmission */ 1513 if (sdret < 0) { 1514 brcmf_dbg(ERROR, "read %d control bytes failed: %d\n", 1515 rdlen, sdret); 1516 bus->sdcnt.rxc_errors++; 1517 brcmf_sdbrcm_rxfail(bus, true, true); 1518 goto done; 1519 } else 1520 memcpy(buf + BRCMF_FIRSTREAD, rbuf, rdlen); 1521 1522gotpkt: 1523 1524 brcmf_dbg_hex_dump(BRCMF_BYTES_ON() && BRCMF_CTL_ON(), 1525 buf, len, "RxCtrl:\n"); 1526 1527 /* Point to valid data and indicate its length */ 1528 spin_lock_bh(&bus->rxctl_lock); 1529 if (bus->rxctl) { 1530 brcmf_dbg(ERROR, "last control frame is being processed.\n"); 1531 spin_unlock_bh(&bus->rxctl_lock); 1532 vfree(buf); 1533 goto done; 1534 } 1535 bus->rxctl = buf + doff; 1536 bus->rxctl_orig = buf; 1537 bus->rxlen = len - doff; 1538 spin_unlock_bh(&bus->rxctl_lock); 1539 1540done: 1541 /* Awake any waiters */ 1542 brcmf_sdbrcm_dcmd_resp_wake(bus); 1543} 1544 1545/* Pad read to blocksize for efficiency */ 1546static void brcmf_pad(struct brcmf_sdio *bus, u16 *pad, u16 *rdlen) 1547{ 1548 if (bus->roundup && bus->blocksize && *rdlen > bus->blocksize) { 1549 *pad = bus->blocksize - (*rdlen % bus->blocksize); 1550 if (*pad <= bus->roundup && *pad < bus->blocksize && 1551 *rdlen + *pad + BRCMF_FIRSTREAD < MAX_RX_DATASZ) 1552 *rdlen += *pad; 1553 } else if (*rdlen % BRCMF_SDALIGN) { 1554 *rdlen += BRCMF_SDALIGN - (*rdlen % BRCMF_SDALIGN); 1555 } 1556} 1557 1558static uint brcmf_sdio_readframes(struct brcmf_sdio *bus, uint maxframes) 1559{ 1560 struct sk_buff *pkt; /* Packet for event or data frames */ 1561 u16 pad; /* Number of pad bytes to read */ 1562 uint rxleft = 0; /* Remaining number of frames allowed */ 1563 int sdret; /* Return code from calls */ 1564 int ifidx = 0; 1565 uint rxcount = 0; /* Total frames read */ 1566 struct brcmf_sdio_read *rd = &bus->cur_read, rd_new; 1567 u8 head_read = 0; 1568 1569 brcmf_dbg(TRACE, "Enter\n"); 1570 1571 /* Not finished unless we encounter no more frames indication */ 1572 bus->rxpending = true; 1573 1574 for (rd->seq_num = bus->rx_seq, rxleft = maxframes; 1575 !bus->rxskip && rxleft && 1576 bus->sdiodev->bus_if->state != BRCMF_BUS_DOWN; 1577 rd->seq_num++, rxleft--) { 1578 1579 /* Handle glomming separately */ 1580 if (bus->glomd || !skb_queue_empty(&bus->glom)) { 1581 u8 cnt; 1582 brcmf_dbg(GLOM, "calling rxglom: glomd %p, glom %p\n", 1583 bus->glomd, skb_peek(&bus->glom)); 1584 cnt = brcmf_sdbrcm_rxglom(bus, rd->seq_num); 1585 brcmf_dbg(GLOM, "rxglom returned %d\n", cnt); 1586 rd->seq_num += cnt - 1; 1587 rxleft = (rxleft > cnt) ? (rxleft - cnt) : 1; 1588 continue; 1589 } 1590 1591 rd->len_left = rd->len; 1592 /* read header first for unknow frame length */ 1593 sdio_claim_host(bus->sdiodev->func[1]); 1594 if (!rd->len) { 1595 sdret = brcmf_sdcard_recv_buf(bus->sdiodev, 1596 bus->sdiodev->sbwad, 1597 SDIO_FUNC_2, F2SYNC, 1598 bus->rxhdr, 1599 BRCMF_FIRSTREAD); 1600 bus->sdcnt.f2rxhdrs++; 1601 if (sdret < 0) { 1602 brcmf_dbg(ERROR, "RXHEADER FAILED: %d\n", 1603 sdret); 1604 bus->sdcnt.rx_hdrfail++; 1605 brcmf_sdbrcm_rxfail(bus, true, true); 1606 sdio_release_host(bus->sdiodev->func[1]); 1607 continue; 1608 } 1609 1610 brcmf_dbg_hex_dump(BRCMF_BYTES_ON() || BRCMF_HDRS_ON(), 1611 bus->rxhdr, SDPCM_HDRLEN, 1612 "RxHdr:\n"); 1613 1614 if (brcmf_sdio_hdparser(bus, bus->rxhdr, rd, 1615 BRCMF_SDIO_FT_NORMAL)) { 1616 sdio_release_host(bus->sdiodev->func[1]); 1617 if (!bus->rxpending) 1618 break; 1619 else 1620 continue; 1621 } 1622 1623 if (rd->channel == SDPCM_CONTROL_CHANNEL) { 1624 brcmf_sdbrcm_read_control(bus, bus->rxhdr, 1625 rd->len, 1626 rd->dat_offset); 1627 /* prepare the descriptor for the next read */ 1628 rd->len = rd->len_nxtfrm << 4; 1629 rd->len_nxtfrm = 0; 1630 /* treat all packet as event if we don't know */ 1631 rd->channel = SDPCM_EVENT_CHANNEL; 1632 sdio_release_host(bus->sdiodev->func[1]); 1633 continue; 1634 } 1635 rd->len_left = rd->len > BRCMF_FIRSTREAD ? 1636 rd->len - BRCMF_FIRSTREAD : 0; 1637 head_read = BRCMF_FIRSTREAD; 1638 } 1639 1640 brcmf_pad(bus, &pad, &rd->len_left); 1641 1642 pkt = brcmu_pkt_buf_get_skb(rd->len_left + head_read + 1643 BRCMF_SDALIGN); 1644 if (!pkt) { 1645 /* Give up on data, request rtx of events */ 1646 brcmf_dbg(ERROR, "brcmu_pkt_buf_get_skb failed\n"); 1647 bus->sdiodev->bus_if->dstats.rx_dropped++; 1648 brcmf_sdbrcm_rxfail(bus, false, 1649 RETRYCHAN(rd->channel)); 1650 sdio_release_host(bus->sdiodev->func[1]); 1651 continue; 1652 } 1653 skb_pull(pkt, head_read); 1654 pkt_align(pkt, rd->len_left, BRCMF_SDALIGN); 1655 1656 sdret = brcmf_sdcard_recv_pkt(bus->sdiodev, bus->sdiodev->sbwad, 1657 SDIO_FUNC_2, F2SYNC, pkt); 1658 bus->sdcnt.f2rxdata++; 1659 sdio_release_host(bus->sdiodev->func[1]); 1660 1661 if (sdret < 0) { 1662 brcmf_dbg(ERROR, "read %d bytes from channel %d failed: %d\n", 1663 rd->len, rd->channel, sdret); 1664 brcmu_pkt_buf_free_skb(pkt); 1665 bus->sdiodev->bus_if->dstats.rx_errors++; 1666 sdio_claim_host(bus->sdiodev->func[1]); 1667 brcmf_sdbrcm_rxfail(bus, true, 1668 RETRYCHAN(rd->channel)); 1669 sdio_release_host(bus->sdiodev->func[1]); 1670 continue; 1671 } 1672 1673 if (head_read) { 1674 skb_push(pkt, head_read); 1675 memcpy(pkt->data, bus->rxhdr, head_read); 1676 head_read = 0; 1677 } else { 1678 memcpy(bus->rxhdr, pkt->data, SDPCM_HDRLEN); 1679 rd_new.seq_num = rd->seq_num; 1680 sdio_claim_host(bus->sdiodev->func[1]); 1681 if (brcmf_sdio_hdparser(bus, bus->rxhdr, &rd_new, 1682 BRCMF_SDIO_FT_NORMAL)) { 1683 rd->len = 0; 1684 brcmu_pkt_buf_free_skb(pkt); 1685 } 1686 bus->sdcnt.rx_readahead_cnt++; 1687 if (rd->len != roundup(rd_new.len, 16)) { 1688 brcmf_dbg(ERROR, "frame length mismatch:read %d, should be %d\n", 1689 rd->len, 1690 roundup(rd_new.len, 16) >> 4); 1691 rd->len = 0; 1692 brcmf_sdbrcm_rxfail(bus, true, true); 1693 sdio_release_host(bus->sdiodev->func[1]); 1694 brcmu_pkt_buf_free_skb(pkt); 1695 continue; 1696 } 1697 sdio_release_host(bus->sdiodev->func[1]); 1698 rd->len_nxtfrm = rd_new.len_nxtfrm; 1699 rd->channel = rd_new.channel; 1700 rd->dat_offset = rd_new.dat_offset; 1701 1702 brcmf_dbg_hex_dump(!(BRCMF_BYTES_ON() && 1703 BRCMF_DATA_ON()) && 1704 BRCMF_HDRS_ON(), 1705 bus->rxhdr, SDPCM_HDRLEN, 1706 "RxHdr:\n"); 1707 1708 if (rd_new.channel == SDPCM_CONTROL_CHANNEL) { 1709 brcmf_dbg(ERROR, "readahead on control packet %d?\n", 1710 rd_new.seq_num); 1711 /* Force retry w/normal header read */ 1712 rd->len = 0; 1713 sdio_claim_host(bus->sdiodev->func[1]); 1714 brcmf_sdbrcm_rxfail(bus, false, true); 1715 sdio_release_host(bus->sdiodev->func[1]); 1716 brcmu_pkt_buf_free_skb(pkt); 1717 continue; 1718 } 1719 } 1720 1721 brcmf_dbg_hex_dump(BRCMF_BYTES_ON() && BRCMF_DATA_ON(), 1722 pkt->data, rd->len, "Rx Data:\n"); 1723 1724 /* Save superframe descriptor and allocate packet frame */ 1725 if (rd->channel == SDPCM_GLOM_CHANNEL) { 1726 if (SDPCM_GLOMDESC(&bus->rxhdr[SDPCM_FRAMETAG_LEN])) { 1727 brcmf_dbg(GLOM, "glom descriptor, %d bytes:\n", 1728 rd->len); 1729 brcmf_dbg_hex_dump(BRCMF_GLOM_ON(), 1730 pkt->data, rd->len, 1731 "Glom Data:\n"); 1732 __skb_trim(pkt, rd->len); 1733 skb_pull(pkt, SDPCM_HDRLEN); 1734 bus->glomd = pkt; 1735 } else { 1736 brcmf_dbg(ERROR, "%s: glom superframe w/o " 1737 "descriptor!\n", __func__); 1738 sdio_claim_host(bus->sdiodev->func[1]); 1739 brcmf_sdbrcm_rxfail(bus, false, false); 1740 sdio_release_host(bus->sdiodev->func[1]); 1741 } 1742 /* prepare the descriptor for the next read */ 1743 rd->len = rd->len_nxtfrm << 4; 1744 rd->len_nxtfrm = 0; 1745 /* treat all packet as event if we don't know */ 1746 rd->channel = SDPCM_EVENT_CHANNEL; 1747 continue; 1748 } 1749 1750 /* Fill in packet len and prio, deliver upward */ 1751 __skb_trim(pkt, rd->len); 1752 skb_pull(pkt, rd->dat_offset); 1753 1754 /* prepare the descriptor for the next read */ 1755 rd->len = rd->len_nxtfrm << 4; 1756 rd->len_nxtfrm = 0; 1757 /* treat all packet as event if we don't know */ 1758 rd->channel = SDPCM_EVENT_CHANNEL; 1759 1760 if (pkt->len == 0) { 1761 brcmu_pkt_buf_free_skb(pkt); 1762 continue; 1763 } else if (brcmf_proto_hdrpull(bus->sdiodev->dev, &ifidx, 1764 pkt) != 0) { 1765 brcmf_dbg(ERROR, "rx protocol error\n"); 1766 brcmu_pkt_buf_free_skb(pkt); 1767 bus->sdiodev->bus_if->dstats.rx_errors++; 1768 continue; 1769 } 1770 1771 brcmf_rx_packet(bus->sdiodev->dev, ifidx, pkt); 1772 } 1773 1774 rxcount = maxframes - rxleft; 1775 /* Message if we hit the limit */ 1776 if (!rxleft) 1777 brcmf_dbg(DATA, "hit rx limit of %d frames\n", maxframes); 1778 else 1779 brcmf_dbg(DATA, "processed %d frames\n", rxcount); 1780 /* Back off rxseq if awaiting rtx, update rx_seq */ 1781 if (bus->rxskip) 1782 rd->seq_num--; 1783 bus->rx_seq = rd->seq_num; 1784 1785 return rxcount; 1786} 1787 1788static void 1789brcmf_sdbrcm_wait_event_wakeup(struct brcmf_sdio *bus) 1790{ 1791 if (waitqueue_active(&bus->ctrl_wait)) 1792 wake_up_interruptible(&bus->ctrl_wait); 1793 return; 1794} 1795 1796/* Writes a HW/SW header into the packet and sends it. */ 1797/* Assumes: (a) header space already there, (b) caller holds lock */ 1798static int brcmf_sdbrcm_txpkt(struct brcmf_sdio *bus, struct sk_buff *pkt, 1799 uint chan, bool free_pkt) 1800{ 1801 int ret; 1802 u8 *frame; 1803 u16 len, pad = 0; 1804 u32 swheader; 1805 struct sk_buff *new; 1806 int i; 1807 1808 brcmf_dbg(TRACE, "Enter\n"); 1809 1810 frame = (u8 *) (pkt->data); 1811 1812 /* Add alignment padding, allocate new packet if needed */ 1813 pad = ((unsigned long)frame % BRCMF_SDALIGN); 1814 if (pad) { 1815 if (skb_headroom(pkt) < pad) { 1816 brcmf_dbg(INFO, "insufficient headroom %d for %d pad\n", 1817 skb_headroom(pkt), pad); 1818 bus->sdiodev->bus_if->tx_realloc++; 1819 new = brcmu_pkt_buf_get_skb(pkt->len + BRCMF_SDALIGN); 1820 if (!new) { 1821 brcmf_dbg(ERROR, "couldn't allocate new %d-byte packet\n", 1822 pkt->len + BRCMF_SDALIGN); 1823 ret = -ENOMEM; 1824 goto done; 1825 } 1826 1827 pkt_align(new, pkt->len, BRCMF_SDALIGN); 1828 memcpy(new->data, pkt->data, pkt->len); 1829 if (free_pkt) 1830 brcmu_pkt_buf_free_skb(pkt); 1831 /* free the pkt if canned one is not used */ 1832 free_pkt = true; 1833 pkt = new; 1834 frame = (u8 *) (pkt->data); 1835 /* precondition: (frame % BRCMF_SDALIGN) == 0) */ 1836 pad = 0; 1837 } else { 1838 skb_push(pkt, pad); 1839 frame = (u8 *) (pkt->data); 1840 /* precondition: pad + SDPCM_HDRLEN <= pkt->len */ 1841 memset(frame, 0, pad + SDPCM_HDRLEN); 1842 } 1843 } 1844 /* precondition: pad < BRCMF_SDALIGN */ 1845 1846 /* Hardware tag: 2 byte len followed by 2 byte ~len check (all LE) */ 1847 len = (u16) (pkt->len); 1848 *(__le16 *) frame = cpu_to_le16(len); 1849 *(((__le16 *) frame) + 1) = cpu_to_le16(~len); 1850 1851 /* Software tag: channel, sequence number, data offset */ 1852 swheader = 1853 ((chan << SDPCM_CHANNEL_SHIFT) & SDPCM_CHANNEL_MASK) | bus->tx_seq | 1854 (((pad + 1855 SDPCM_HDRLEN) << SDPCM_DOFFSET_SHIFT) & SDPCM_DOFFSET_MASK); 1856 1857 put_unaligned_le32(swheader, frame + SDPCM_FRAMETAG_LEN); 1858 put_unaligned_le32(0, frame + SDPCM_FRAMETAG_LEN + sizeof(swheader)); 1859 1860#ifdef DEBUG 1861 tx_packets[pkt->priority]++; 1862#endif 1863 1864 brcmf_dbg_hex_dump(BRCMF_BYTES_ON() && 1865 ((BRCMF_CTL_ON() && chan == SDPCM_CONTROL_CHANNEL) || 1866 (BRCMF_DATA_ON() && chan != SDPCM_CONTROL_CHANNEL)), 1867 frame, len, "Tx Frame:\n"); 1868 brcmf_dbg_hex_dump(!(BRCMF_BYTES_ON() && 1869 ((BRCMF_CTL_ON() && 1870 chan == SDPCM_CONTROL_CHANNEL) || 1871 (BRCMF_DATA_ON() && 1872 chan != SDPCM_CONTROL_CHANNEL))) && 1873 BRCMF_HDRS_ON(), 1874 frame, min_t(u16, len, 16), "TxHdr:\n"); 1875 1876 /* Raise len to next SDIO block to eliminate tail command */ 1877 if (bus->roundup && bus->blocksize && (len > bus->blocksize)) { 1878 u16 pad = bus->blocksize - (len % bus->blocksize); 1879 if ((pad <= bus->roundup) && (pad < bus->blocksize)) 1880 len += pad; 1881 } else if (len % BRCMF_SDALIGN) { 1882 len += BRCMF_SDALIGN - (len % BRCMF_SDALIGN); 1883 } 1884 1885 /* Some controllers have trouble with odd bytes -- round to even */ 1886 if (len & (ALIGNMENT - 1)) 1887 len = roundup(len, ALIGNMENT); 1888 1889 sdio_claim_host(bus->sdiodev->func[1]); 1890 ret = brcmf_sdcard_send_pkt(bus->sdiodev, bus->sdiodev->sbwad, 1891 SDIO_FUNC_2, F2SYNC, pkt); 1892 bus->sdcnt.f2txdata++; 1893 1894 if (ret < 0) { 1895 /* On failure, abort the command and terminate the frame */ 1896 brcmf_dbg(INFO, "sdio error %d, abort command and terminate frame\n", 1897 ret); 1898 bus->sdcnt.tx_sderrs++; 1899 1900 brcmf_sdcard_abort(bus->sdiodev, SDIO_FUNC_2); 1901 brcmf_sdio_regwb(bus->sdiodev, SBSDIO_FUNC1_FRAMECTRL, 1902 SFC_WF_TERM, NULL); 1903 bus->sdcnt.f1regdata++; 1904 1905 for (i = 0; i < 3; i++) { 1906 u8 hi, lo; 1907 hi = brcmf_sdio_regrb(bus->sdiodev, 1908 SBSDIO_FUNC1_WFRAMEBCHI, NULL); 1909 lo = brcmf_sdio_regrb(bus->sdiodev, 1910 SBSDIO_FUNC1_WFRAMEBCLO, NULL); 1911 bus->sdcnt.f1regdata += 2; 1912 if ((hi == 0) && (lo == 0)) 1913 break; 1914 } 1915 1916 } 1917 sdio_release_host(bus->sdiodev->func[1]); 1918 if (ret == 0) 1919 bus->tx_seq = (bus->tx_seq + 1) % SDPCM_SEQUENCE_WRAP; 1920 1921done: 1922 /* restore pkt buffer pointer before calling tx complete routine */ 1923 skb_pull(pkt, SDPCM_HDRLEN + pad); 1924 brcmf_txcomplete(bus->sdiodev->dev, pkt, ret != 0); 1925 1926 if (free_pkt) 1927 brcmu_pkt_buf_free_skb(pkt); 1928 1929 return ret; 1930} 1931 1932static uint brcmf_sdbrcm_sendfromq(struct brcmf_sdio *bus, uint maxframes) 1933{ 1934 struct sk_buff *pkt; 1935 u32 intstatus = 0; 1936 int ret = 0, prec_out; 1937 uint cnt = 0; 1938 uint datalen; 1939 u8 tx_prec_map; 1940 1941 brcmf_dbg(TRACE, "Enter\n"); 1942 1943 tx_prec_map = ~bus->flowcontrol; 1944 1945 /* Send frames until the limit or some other event */ 1946 for (cnt = 0; (cnt < maxframes) && data_ok(bus); cnt++) { 1947 spin_lock_bh(&bus->txqlock); 1948 pkt = brcmu_pktq_mdeq(&bus->txq, tx_prec_map, &prec_out); 1949 if (pkt == NULL) { 1950 spin_unlock_bh(&bus->txqlock); 1951 break; 1952 } 1953 spin_unlock_bh(&bus->txqlock); 1954 datalen = pkt->len - SDPCM_HDRLEN; 1955 1956 ret = brcmf_sdbrcm_txpkt(bus, pkt, SDPCM_DATA_CHANNEL, true); 1957 if (ret) 1958 bus->sdiodev->bus_if->dstats.tx_errors++; 1959 else 1960 bus->sdiodev->bus_if->dstats.tx_bytes += datalen; 1961 1962 /* In poll mode, need to check for other events */ 1963 if (!bus->intr && cnt) { 1964 /* Check device status, signal pending interrupt */ 1965 sdio_claim_host(bus->sdiodev->func[1]); 1966 ret = r_sdreg32(bus, &intstatus, 1967 offsetof(struct sdpcmd_regs, 1968 intstatus)); 1969 sdio_release_host(bus->sdiodev->func[1]); 1970 bus->sdcnt.f2txdata++; 1971 if (ret != 0) 1972 break; 1973 if (intstatus & bus->hostintmask) 1974 atomic_set(&bus->ipend, 1); 1975 } 1976 } 1977 1978 /* Deflow-control stack if needed */ 1979 if (bus->sdiodev->bus_if->drvr_up && 1980 (bus->sdiodev->bus_if->state == BRCMF_BUS_DATA) && 1981 bus->txoff && (pktq_len(&bus->txq) < TXLOW)) { 1982 bus->txoff = false; 1983 brcmf_txflowblock(bus->sdiodev->dev, false); 1984 } 1985 1986 return cnt; 1987} 1988 1989static void brcmf_sdbrcm_bus_stop(struct device *dev) 1990{ 1991 u32 local_hostintmask; 1992 u8 saveclk; 1993 int err; 1994 struct brcmf_bus *bus_if = dev_get_drvdata(dev); 1995 struct brcmf_sdio_dev *sdiodev = bus_if->bus_priv.sdio; 1996 struct brcmf_sdio *bus = sdiodev->bus; 1997 1998 brcmf_dbg(TRACE, "Enter\n"); 1999 2000 if (bus->watchdog_tsk) { 2001 send_sig(SIGTERM, bus->watchdog_tsk, 1); 2002 kthread_stop(bus->watchdog_tsk); 2003 bus->watchdog_tsk = NULL; 2004 } 2005 2006 sdio_claim_host(bus->sdiodev->func[1]); 2007 2008 /* Enable clock for device interrupts */ 2009 brcmf_sdbrcm_clkctl(bus, CLK_AVAIL, false); 2010 2011 /* Disable and clear interrupts at the chip level also */ 2012 w_sdreg32(bus, 0, offsetof(struct sdpcmd_regs, hostintmask)); 2013 local_hostintmask = bus->hostintmask; 2014 bus->hostintmask = 0; 2015 2016 /* Change our idea of bus state */ 2017 bus->sdiodev->bus_if->state = BRCMF_BUS_DOWN; 2018 2019 /* Force clocks on backplane to be sure F2 interrupt propagates */ 2020 saveclk = brcmf_sdio_regrb(bus->sdiodev, 2021 SBSDIO_FUNC1_CHIPCLKCSR, &err); 2022 if (!err) { 2023 brcmf_sdio_regwb(bus->sdiodev, SBSDIO_FUNC1_CHIPCLKCSR, 2024 (saveclk | SBSDIO_FORCE_HT), &err); 2025 } 2026 if (err) 2027 brcmf_dbg(ERROR, "Failed to force clock for F2: err %d\n", err); 2028 2029 /* Turn off the bus (F2), free any pending packets */ 2030 brcmf_dbg(INTR, "disable SDIO interrupts\n"); 2031 brcmf_sdio_regwb(bus->sdiodev, SDIO_CCCR_IOEx, SDIO_FUNC_ENABLE_1, 2032 NULL); 2033 2034 /* Clear any pending interrupts now that F2 is disabled */ 2035 w_sdreg32(bus, local_hostintmask, 2036 offsetof(struct sdpcmd_regs, intstatus)); 2037 2038 /* Turn off the backplane clock (only) */ 2039 brcmf_sdbrcm_clkctl(bus, CLK_SDONLY, false); 2040 sdio_release_host(bus->sdiodev->func[1]); 2041 2042 /* Clear the data packet queues */ 2043 brcmu_pktq_flush(&bus->txq, true, NULL, NULL); 2044 2045 /* Clear any held glomming stuff */ 2046 if (bus->glomd) 2047 brcmu_pkt_buf_free_skb(bus->glomd); 2048 brcmf_sdbrcm_free_glom(bus); 2049 2050 /* Clear rx control and wake any waiters */ 2051 spin_lock_bh(&bus->rxctl_lock); 2052 bus->rxlen = 0; 2053 spin_unlock_bh(&bus->rxctl_lock); 2054 brcmf_sdbrcm_dcmd_resp_wake(bus); 2055 2056 /* Reset some F2 state stuff */ 2057 bus->rxskip = false; 2058 bus->tx_seq = bus->rx_seq = 0; 2059} 2060 2061#ifdef CONFIG_BRCMFMAC_SDIO_OOB 2062static inline void brcmf_sdbrcm_clrintr(struct brcmf_sdio *bus) 2063{ 2064 unsigned long flags; 2065 2066 spin_lock_irqsave(&bus->sdiodev->irq_en_lock, flags); 2067 if (!bus->sdiodev->irq_en && !atomic_read(&bus->ipend)) { 2068 enable_irq(bus->sdiodev->irq); 2069 bus->sdiodev->irq_en = true; 2070 } 2071 spin_unlock_irqrestore(&bus->sdiodev->irq_en_lock, flags); 2072} 2073#else 2074static inline void brcmf_sdbrcm_clrintr(struct brcmf_sdio *bus) 2075{ 2076} 2077#endif /* CONFIG_BRCMFMAC_SDIO_OOB */ 2078 2079static inline void brcmf_sdbrcm_adddpctsk(struct brcmf_sdio *bus) 2080{ 2081 struct list_head *new_hd; 2082 unsigned long flags; 2083 2084 if (in_interrupt()) 2085 new_hd = kzalloc(sizeof(struct list_head), GFP_ATOMIC); 2086 else 2087 new_hd = kzalloc(sizeof(struct list_head), GFP_KERNEL); 2088 if (new_hd == NULL) 2089 return; 2090 2091 spin_lock_irqsave(&bus->dpc_tl_lock, flags); 2092 list_add_tail(new_hd, &bus->dpc_tsklst); 2093 spin_unlock_irqrestore(&bus->dpc_tl_lock, flags); 2094} 2095 2096static int brcmf_sdio_intr_rstatus(struct brcmf_sdio *bus) 2097{ 2098 u8 idx; 2099 u32 addr; 2100 unsigned long val; 2101 int n, ret; 2102 2103 idx = brcmf_sdio_chip_getinfidx(bus->ci, BCMA_CORE_SDIO_DEV); 2104 addr = bus->ci->c_inf[idx].base + 2105 offsetof(struct sdpcmd_regs, intstatus); 2106 2107 ret = brcmf_sdio_regrw_helper(bus->sdiodev, addr, &val, false); 2108 bus->sdcnt.f1regdata++; 2109 if (ret != 0) 2110 val = 0; 2111 2112 val &= bus->hostintmask; 2113 atomic_set(&bus->fcstate, !!(val & I_HMB_FC_STATE)); 2114 2115 /* Clear interrupts */ 2116 if (val) { 2117 ret = brcmf_sdio_regrw_helper(bus->sdiodev, addr, &val, true); 2118 bus->sdcnt.f1regdata++; 2119 } 2120 2121 if (ret) { 2122 atomic_set(&bus->intstatus, 0); 2123 } else if (val) { 2124 for_each_set_bit(n, &val, 32) 2125 set_bit(n, (unsigned long *)&bus->intstatus.counter); 2126 } 2127 2128 return ret; 2129} 2130 2131static void brcmf_sdbrcm_dpc(struct brcmf_sdio *bus) 2132{ 2133 u32 newstatus = 0; 2134 unsigned long intstatus; 2135 uint rxlimit = bus->rxbound; /* Rx frames to read before resched */ 2136 uint txlimit = bus->txbound; /* Tx frames to send before resched */ 2137 uint framecnt = 0; /* Temporary counter of tx/rx frames */ 2138 int err = 0, n; 2139 2140 brcmf_dbg(TRACE, "Enter\n"); 2141 2142 sdio_claim_host(bus->sdiodev->func[1]); 2143 2144 /* If waiting for HTAVAIL, check status */ 2145 if (bus->clkstate == CLK_PENDING) { 2146 u8 clkctl, devctl = 0; 2147 2148#ifdef DEBUG 2149 /* Check for inconsistent device control */ 2150 devctl = brcmf_sdio_regrb(bus->sdiodev, 2151 SBSDIO_DEVICE_CTL, &err); 2152 if (err) { 2153 brcmf_dbg(ERROR, "error reading DEVCTL: %d\n", err); 2154 bus->sdiodev->bus_if->state = BRCMF_BUS_DOWN; 2155 } 2156#endif /* DEBUG */ 2157 2158 /* Read CSR, if clock on switch to AVAIL, else ignore */ 2159 clkctl = brcmf_sdio_regrb(bus->sdiodev, 2160 SBSDIO_FUNC1_CHIPCLKCSR, &err); 2161 if (err) { 2162 brcmf_dbg(ERROR, "error reading CSR: %d\n", 2163 err); 2164 bus->sdiodev->bus_if->state = BRCMF_BUS_DOWN; 2165 } 2166 2167 brcmf_dbg(INFO, "DPC: PENDING, devctl 0x%02x clkctl 0x%02x\n", 2168 devctl, clkctl); 2169 2170 if (SBSDIO_HTAV(clkctl)) { 2171 devctl = brcmf_sdio_regrb(bus->sdiodev, 2172 SBSDIO_DEVICE_CTL, &err); 2173 if (err) { 2174 brcmf_dbg(ERROR, "error reading DEVCTL: %d\n", 2175 err); 2176 bus->sdiodev->bus_if->state = BRCMF_BUS_DOWN; 2177 } 2178 devctl &= ~SBSDIO_DEVCTL_CA_INT_ONLY; 2179 brcmf_sdio_regwb(bus->sdiodev, SBSDIO_DEVICE_CTL, 2180 devctl, &err); 2181 if (err) { 2182 brcmf_dbg(ERROR, "error writing DEVCTL: %d\n", 2183 err); 2184 bus->sdiodev->bus_if->state = BRCMF_BUS_DOWN; 2185 } 2186 bus->clkstate = CLK_AVAIL; 2187 } 2188 } 2189 2190 /* Make sure backplane clock is on */ 2191 brcmf_sdbrcm_clkctl(bus, CLK_AVAIL, true); 2192 2193 /* Pending interrupt indicates new device status */ 2194 if (atomic_read(&bus->ipend) > 0) { 2195 atomic_set(&bus->ipend, 0); 2196 err = brcmf_sdio_intr_rstatus(bus); 2197 } 2198 2199 /* Start with leftover status bits */ 2200 intstatus = atomic_xchg(&bus->intstatus, 0); 2201 2202 /* Handle flow-control change: read new state in case our ack 2203 * crossed another change interrupt. If change still set, assume 2204 * FC ON for safety, let next loop through do the debounce. 2205 */ 2206 if (intstatus & I_HMB_FC_CHANGE) { 2207 intstatus &= ~I_HMB_FC_CHANGE; 2208 err = w_sdreg32(bus, I_HMB_FC_CHANGE, 2209 offsetof(struct sdpcmd_regs, intstatus)); 2210 2211 err = r_sdreg32(bus, &newstatus, 2212 offsetof(struct sdpcmd_regs, intstatus)); 2213 bus->sdcnt.f1regdata += 2; 2214 atomic_set(&bus->fcstate, 2215 !!(newstatus & (I_HMB_FC_STATE | I_HMB_FC_CHANGE))); 2216 intstatus |= (newstatus & bus->hostintmask); 2217 } 2218 2219 /* Handle host mailbox indication */ 2220 if (intstatus & I_HMB_HOST_INT) { 2221 intstatus &= ~I_HMB_HOST_INT; 2222 intstatus |= brcmf_sdbrcm_hostmail(bus); 2223 } 2224 2225 sdio_release_host(bus->sdiodev->func[1]); 2226 2227 /* Generally don't ask for these, can get CRC errors... */ 2228 if (intstatus & I_WR_OOSYNC) { 2229 brcmf_dbg(ERROR, "Dongle reports WR_OOSYNC\n"); 2230 intstatus &= ~I_WR_OOSYNC; 2231 } 2232 2233 if (intstatus & I_RD_OOSYNC) { 2234 brcmf_dbg(ERROR, "Dongle reports RD_OOSYNC\n"); 2235 intstatus &= ~I_RD_OOSYNC; 2236 } 2237 2238 if (intstatus & I_SBINT) { 2239 brcmf_dbg(ERROR, "Dongle reports SBINT\n"); 2240 intstatus &= ~I_SBINT; 2241 } 2242 2243 /* Would be active due to wake-wlan in gSPI */ 2244 if (intstatus & I_CHIPACTIVE) { 2245 brcmf_dbg(INFO, "Dongle reports CHIPACTIVE\n"); 2246 intstatus &= ~I_CHIPACTIVE; 2247 } 2248 2249 /* Ignore frame indications if rxskip is set */ 2250 if (bus->rxskip) 2251 intstatus &= ~I_HMB_FRAME_IND; 2252 2253 /* On frame indication, read available frames */ 2254 if (PKT_AVAILABLE() && bus->clkstate == CLK_AVAIL) { 2255 framecnt = brcmf_sdio_readframes(bus, rxlimit); 2256 if (!bus->rxpending) 2257 intstatus &= ~I_HMB_FRAME_IND; 2258 rxlimit -= min(framecnt, rxlimit); 2259 } 2260 2261 /* Keep still-pending events for next scheduling */ 2262 if (intstatus) { 2263 for_each_set_bit(n, &intstatus, 32) 2264 set_bit(n, (unsigned long *)&bus->intstatus.counter); 2265 } 2266 2267 brcmf_sdbrcm_clrintr(bus); 2268 2269 if (data_ok(bus) && bus->ctrl_frame_stat && 2270 (bus->clkstate == CLK_AVAIL)) { 2271 int i; 2272 2273 sdio_claim_host(bus->sdiodev->func[1]); 2274 err = brcmf_sdcard_send_buf(bus->sdiodev, bus->sdiodev->sbwad, 2275 SDIO_FUNC_2, F2SYNC, bus->ctrl_frame_buf, 2276 (u32) bus->ctrl_frame_len); 2277 2278 if (err < 0) { 2279 /* On failure, abort the command and 2280 terminate the frame */ 2281 brcmf_dbg(INFO, "sdio error %d, abort command and terminate frame\n", 2282 err); 2283 bus->sdcnt.tx_sderrs++; 2284 2285 brcmf_sdcard_abort(bus->sdiodev, SDIO_FUNC_2); 2286 2287 brcmf_sdio_regwb(bus->sdiodev, SBSDIO_FUNC1_FRAMECTRL, 2288 SFC_WF_TERM, &err); 2289 bus->sdcnt.f1regdata++; 2290 2291 for (i = 0; i < 3; i++) { 2292 u8 hi, lo; 2293 hi = brcmf_sdio_regrb(bus->sdiodev, 2294 SBSDIO_FUNC1_WFRAMEBCHI, 2295 &err); 2296 lo = brcmf_sdio_regrb(bus->sdiodev, 2297 SBSDIO_FUNC1_WFRAMEBCLO, 2298 &err); 2299 bus->sdcnt.f1regdata += 2; 2300 if ((hi == 0) && (lo == 0)) 2301 break; 2302 } 2303 2304 } else { 2305 bus->tx_seq = (bus->tx_seq + 1) % SDPCM_SEQUENCE_WRAP; 2306 } 2307 sdio_release_host(bus->sdiodev->func[1]); 2308 bus->ctrl_frame_stat = false; 2309 brcmf_sdbrcm_wait_event_wakeup(bus); 2310 } 2311 /* Send queued frames (limit 1 if rx may still be pending) */ 2312 else if ((bus->clkstate == CLK_AVAIL) && !atomic_read(&bus->fcstate) && 2313 brcmu_pktq_mlen(&bus->txq, ~bus->flowcontrol) && txlimit 2314 && data_ok(bus)) { 2315 framecnt = bus->rxpending ? min(txlimit, bus->txminmax) : 2316 txlimit; 2317 framecnt = brcmf_sdbrcm_sendfromq(bus, framecnt); 2318 txlimit -= framecnt; 2319 } 2320 2321 if ((bus->sdiodev->bus_if->state == BRCMF_BUS_DOWN) || (err != 0)) { 2322 brcmf_dbg(ERROR, "failed backplane access over SDIO, halting operation\n"); 2323 bus->sdiodev->bus_if->state = BRCMF_BUS_DOWN; 2324 atomic_set(&bus->intstatus, 0); 2325 } else if (atomic_read(&bus->intstatus) || 2326 atomic_read(&bus->ipend) > 0 || 2327 (!atomic_read(&bus->fcstate) && 2328 brcmu_pktq_mlen(&bus->txq, ~bus->flowcontrol) && 2329 data_ok(bus)) || PKT_AVAILABLE()) { 2330 brcmf_sdbrcm_adddpctsk(bus); 2331 } 2332 2333 /* If we're done for now, turn off clock request. */ 2334 if ((bus->clkstate != CLK_PENDING) 2335 && bus->idletime == BRCMF_IDLE_IMMEDIATE) { 2336 bus->activity = false; 2337 sdio_claim_host(bus->sdiodev->func[1]); 2338 brcmf_sdbrcm_clkctl(bus, CLK_NONE, false); 2339 sdio_release_host(bus->sdiodev->func[1]); 2340 } 2341} 2342 2343static int brcmf_sdbrcm_bus_txdata(struct device *dev, struct sk_buff *pkt) 2344{ 2345 int ret = -EBADE; 2346 uint datalen, prec; 2347 struct brcmf_bus *bus_if = dev_get_drvdata(dev); 2348 struct brcmf_sdio_dev *sdiodev = bus_if->bus_priv.sdio; 2349 struct brcmf_sdio *bus = sdiodev->bus; 2350 unsigned long flags; 2351 2352 brcmf_dbg(TRACE, "Enter\n"); 2353 2354 datalen = pkt->len; 2355 2356 /* Add space for the header */ 2357 skb_push(pkt, SDPCM_HDRLEN); 2358 /* precondition: IS_ALIGNED((unsigned long)(pkt->data), 2) */ 2359 2360 prec = prio2prec((pkt->priority & PRIOMASK)); 2361 2362 /* Check for existing queue, current flow-control, 2363 pending event, or pending clock */ 2364 brcmf_dbg(TRACE, "deferring pktq len %d\n", pktq_len(&bus->txq)); 2365 bus->sdcnt.fcqueued++; 2366 2367 /* Priority based enq */ 2368 spin_lock_bh(&bus->txqlock); 2369 if (!brcmf_c_prec_enq(bus->sdiodev->dev, &bus->txq, pkt, prec)) { 2370 skb_pull(pkt, SDPCM_HDRLEN); 2371 brcmf_txcomplete(bus->sdiodev->dev, pkt, false); 2372 brcmu_pkt_buf_free_skb(pkt); 2373 brcmf_dbg(ERROR, "out of bus->txq !!!\n"); 2374 ret = -ENOSR; 2375 } else { 2376 ret = 0; 2377 } 2378 spin_unlock_bh(&bus->txqlock); 2379 2380 if (pktq_len(&bus->txq) >= TXHI) { 2381 bus->txoff = true; 2382 brcmf_txflowblock(bus->sdiodev->dev, true); 2383 } 2384 2385#ifdef DEBUG 2386 if (pktq_plen(&bus->txq, prec) > qcount[prec]) 2387 qcount[prec] = pktq_plen(&bus->txq, prec); 2388#endif 2389 2390 spin_lock_irqsave(&bus->dpc_tl_lock, flags); 2391 if (list_empty(&bus->dpc_tsklst)) { 2392 spin_unlock_irqrestore(&bus->dpc_tl_lock, flags); 2393 2394 brcmf_sdbrcm_adddpctsk(bus); 2395 queue_work(bus->brcmf_wq, &bus->datawork); 2396 } else { 2397 spin_unlock_irqrestore(&bus->dpc_tl_lock, flags); 2398 } 2399 2400 return ret; 2401} 2402 2403static int 2404brcmf_sdbrcm_membytes(struct brcmf_sdio *bus, bool write, u32 address, u8 *data, 2405 uint size) 2406{ 2407 int bcmerror = 0; 2408 u32 sdaddr; 2409 uint dsize; 2410 2411 /* Determine initial transfer parameters */ 2412 sdaddr = address & SBSDIO_SB_OFT_ADDR_MASK; 2413 if ((sdaddr + size) & SBSDIO_SBWINDOW_MASK) 2414 dsize = (SBSDIO_SB_OFT_ADDR_LIMIT - sdaddr); 2415 else 2416 dsize = size; 2417 2418 sdio_claim_host(bus->sdiodev->func[1]); 2419 2420 /* Set the backplane window to include the start address */ 2421 bcmerror = brcmf_sdcard_set_sbaddr_window(bus->sdiodev, address); 2422 if (bcmerror) { 2423 brcmf_dbg(ERROR, "window change failed\n"); 2424 goto xfer_done; 2425 } 2426 2427 /* Do the transfer(s) */ 2428 while (size) { 2429 brcmf_dbg(INFO, "%s %d bytes at offset 0x%08x in window 0x%08x\n", 2430 write ? "write" : "read", dsize, 2431 sdaddr, address & SBSDIO_SBWINDOW_MASK); 2432 bcmerror = brcmf_sdcard_rwdata(bus->sdiodev, write, 2433 sdaddr, data, dsize); 2434 if (bcmerror) { 2435 brcmf_dbg(ERROR, "membytes transfer failed\n"); 2436 break; 2437 } 2438 2439 /* Adjust for next transfer (if any) */ 2440 size -= dsize; 2441 if (size) { 2442 data += dsize; 2443 address += dsize; 2444 bcmerror = brcmf_sdcard_set_sbaddr_window(bus->sdiodev, 2445 address); 2446 if (bcmerror) { 2447 brcmf_dbg(ERROR, "window change failed\n"); 2448 break; 2449 } 2450 sdaddr = 0; 2451 dsize = min_t(uint, SBSDIO_SB_OFT_ADDR_LIMIT, size); 2452 } 2453 } 2454 2455xfer_done: 2456 /* Return the window to backplane enumeration space for core access */ 2457 if (brcmf_sdcard_set_sbaddr_window(bus->sdiodev, bus->sdiodev->sbwad)) 2458 brcmf_dbg(ERROR, "FAILED to set window back to 0x%x\n", 2459 bus->sdiodev->sbwad); 2460 2461 sdio_release_host(bus->sdiodev->func[1]); 2462 2463 return bcmerror; 2464} 2465 2466#ifdef DEBUG 2467#define CONSOLE_LINE_MAX 192 2468 2469static int brcmf_sdbrcm_readconsole(struct brcmf_sdio *bus) 2470{ 2471 struct brcmf_console *c = &bus->console; 2472 u8 line[CONSOLE_LINE_MAX], ch; 2473 u32 n, idx, addr; 2474 int rv; 2475 2476 /* Don't do anything until FWREADY updates console address */ 2477 if (bus->console_addr == 0) 2478 return 0; 2479 2480 /* Read console log struct */ 2481 addr = bus->console_addr + offsetof(struct rte_console, log_le); 2482 rv = brcmf_sdbrcm_membytes(bus, false, addr, (u8 *)&c->log_le, 2483 sizeof(c->log_le)); 2484 if (rv < 0) 2485 return rv; 2486 2487 /* Allocate console buffer (one time only) */ 2488 if (c->buf == NULL) { 2489 c->bufsize = le32_to_cpu(c->log_le.buf_size); 2490 c->buf = kmalloc(c->bufsize, GFP_ATOMIC); 2491 if (c->buf == NULL) 2492 return -ENOMEM; 2493 } 2494 2495 idx = le32_to_cpu(c->log_le.idx); 2496 2497 /* Protect against corrupt value */ 2498 if (idx > c->bufsize) 2499 return -EBADE; 2500 2501 /* Skip reading the console buffer if the index pointer 2502 has not moved */ 2503 if (idx == c->last) 2504 return 0; 2505 2506 /* Read the console buffer */ 2507 addr = le32_to_cpu(c->log_le.buf); 2508 rv = brcmf_sdbrcm_membytes(bus, false, addr, c->buf, c->bufsize); 2509 if (rv < 0) 2510 return rv; 2511 2512 while (c->last != idx) { 2513 for (n = 0; n < CONSOLE_LINE_MAX - 2; n++) { 2514 if (c->last == idx) { 2515 /* This would output a partial line. 2516 * Instead, back up 2517 * the buffer pointer and output this 2518 * line next time around. 2519 */ 2520 if (c->last >= n) 2521 c->last -= n; 2522 else 2523 c->last = c->bufsize - n; 2524 goto break2; 2525 } 2526 ch = c->buf[c->last]; 2527 c->last = (c->last + 1) % c->bufsize; 2528 if (ch == '\n') 2529 break; 2530 line[n] = ch; 2531 } 2532 2533 if (n > 0) { 2534 if (line[n - 1] == '\r') 2535 n--; 2536 line[n] = 0; 2537 pr_debug("CONSOLE: %s\n", line); 2538 } 2539 } 2540break2: 2541 2542 return 0; 2543} 2544#endif /* DEBUG */ 2545 2546static int brcmf_tx_frame(struct brcmf_sdio *bus, u8 *frame, u16 len) 2547{ 2548 int i; 2549 int ret; 2550 2551 bus->ctrl_frame_stat = false; 2552 ret = brcmf_sdcard_send_buf(bus->sdiodev, bus->sdiodev->sbwad, 2553 SDIO_FUNC_2, F2SYNC, frame, len); 2554 2555 if (ret < 0) { 2556 /* On failure, abort the command and terminate the frame */ 2557 brcmf_dbg(INFO, "sdio error %d, abort command and terminate frame\n", 2558 ret); 2559 bus->sdcnt.tx_sderrs++; 2560 2561 brcmf_sdcard_abort(bus->sdiodev, SDIO_FUNC_2); 2562 2563 brcmf_sdio_regwb(bus->sdiodev, SBSDIO_FUNC1_FRAMECTRL, 2564 SFC_WF_TERM, NULL); 2565 bus->sdcnt.f1regdata++; 2566 2567 for (i = 0; i < 3; i++) { 2568 u8 hi, lo; 2569 hi = brcmf_sdio_regrb(bus->sdiodev, 2570 SBSDIO_FUNC1_WFRAMEBCHI, NULL); 2571 lo = brcmf_sdio_regrb(bus->sdiodev, 2572 SBSDIO_FUNC1_WFRAMEBCLO, NULL); 2573 bus->sdcnt.f1regdata += 2; 2574 if (hi == 0 && lo == 0) 2575 break; 2576 } 2577 return ret; 2578 } 2579 2580 bus->tx_seq = (bus->tx_seq + 1) % SDPCM_SEQUENCE_WRAP; 2581 2582 return ret; 2583} 2584 2585static int 2586brcmf_sdbrcm_bus_txctl(struct device *dev, unsigned char *msg, uint msglen) 2587{ 2588 u8 *frame; 2589 u16 len; 2590 u32 swheader; 2591 uint retries = 0; 2592 u8 doff = 0; 2593 int ret = -1; 2594 struct brcmf_bus *bus_if = dev_get_drvdata(dev); 2595 struct brcmf_sdio_dev *sdiodev = bus_if->bus_priv.sdio; 2596 struct brcmf_sdio *bus = sdiodev->bus; 2597 unsigned long flags; 2598 2599 brcmf_dbg(TRACE, "Enter\n"); 2600 2601 /* Back the pointer to make a room for bus header */ 2602 frame = msg - SDPCM_HDRLEN; 2603 len = (msglen += SDPCM_HDRLEN); 2604 2605 /* Add alignment padding (optional for ctl frames) */ 2606 doff = ((unsigned long)frame % BRCMF_SDALIGN); 2607 if (doff) { 2608 frame -= doff; 2609 len += doff; 2610 msglen += doff; 2611 memset(frame, 0, doff + SDPCM_HDRLEN); 2612 } 2613 /* precondition: doff < BRCMF_SDALIGN */ 2614 doff += SDPCM_HDRLEN; 2615 2616 /* Round send length to next SDIO block */ 2617 if (bus->roundup && bus->blocksize && (len > bus->blocksize)) { 2618 u16 pad = bus->blocksize - (len % bus->blocksize); 2619 if ((pad <= bus->roundup) && (pad < bus->blocksize)) 2620 len += pad; 2621 } else if (len % BRCMF_SDALIGN) { 2622 len += BRCMF_SDALIGN - (len % BRCMF_SDALIGN); 2623 } 2624 2625 /* Satisfy length-alignment requirements */ 2626 if (len & (ALIGNMENT - 1)) 2627 len = roundup(len, ALIGNMENT); 2628 2629 /* precondition: IS_ALIGNED((unsigned long)frame, 2) */ 2630 2631 /* Make sure backplane clock is on */ 2632 sdio_claim_host(bus->sdiodev->func[1]); 2633 brcmf_sdbrcm_clkctl(bus, CLK_AVAIL, false); 2634 sdio_release_host(bus->sdiodev->func[1]); 2635 2636 /* Hardware tag: 2 byte len followed by 2 byte ~len check (all LE) */ 2637 *(__le16 *) frame = cpu_to_le16((u16) msglen); 2638 *(((__le16 *) frame) + 1) = cpu_to_le16(~msglen); 2639 2640 /* Software tag: channel, sequence number, data offset */ 2641 swheader = 2642 ((SDPCM_CONTROL_CHANNEL << SDPCM_CHANNEL_SHIFT) & 2643 SDPCM_CHANNEL_MASK) 2644 | bus->tx_seq | ((doff << SDPCM_DOFFSET_SHIFT) & 2645 SDPCM_DOFFSET_MASK); 2646 put_unaligned_le32(swheader, frame + SDPCM_FRAMETAG_LEN); 2647 put_unaligned_le32(0, frame + SDPCM_FRAMETAG_LEN + sizeof(swheader)); 2648 2649 if (!data_ok(bus)) { 2650 brcmf_dbg(INFO, "No bus credit bus->tx_max %d, bus->tx_seq %d\n", 2651 bus->tx_max, bus->tx_seq); 2652 bus->ctrl_frame_stat = true; 2653 /* Send from dpc */ 2654 bus->ctrl_frame_buf = frame; 2655 bus->ctrl_frame_len = len; 2656 2657 wait_event_interruptible_timeout(bus->ctrl_wait, 2658 !bus->ctrl_frame_stat, 2659 msecs_to_jiffies(2000)); 2660 2661 if (!bus->ctrl_frame_stat) { 2662 brcmf_dbg(INFO, "ctrl_frame_stat == false\n"); 2663 ret = 0; 2664 } else { 2665 brcmf_dbg(INFO, "ctrl_frame_stat == true\n"); 2666 ret = -1; 2667 } 2668 } 2669 2670 if (ret == -1) { 2671 brcmf_dbg_hex_dump(BRCMF_BYTES_ON() && BRCMF_CTL_ON(), 2672 frame, len, "Tx Frame:\n"); 2673 brcmf_dbg_hex_dump(!(BRCMF_BYTES_ON() && BRCMF_CTL_ON()) && 2674 BRCMF_HDRS_ON(), 2675 frame, min_t(u16, len, 16), "TxHdr:\n"); 2676 2677 do { 2678 sdio_claim_host(bus->sdiodev->func[1]); 2679 ret = brcmf_tx_frame(bus, frame, len); 2680 sdio_release_host(bus->sdiodev->func[1]); 2681 } while (ret < 0 && retries++ < TXRETRIES); 2682 } 2683 2684 spin_lock_irqsave(&bus->dpc_tl_lock, flags); 2685 if ((bus->idletime == BRCMF_IDLE_IMMEDIATE) && 2686 list_empty(&bus->dpc_tsklst)) { 2687 spin_unlock_irqrestore(&bus->dpc_tl_lock, flags); 2688 2689 bus->activity = false; 2690 sdio_claim_host(bus->sdiodev->func[1]); 2691 brcmf_sdbrcm_clkctl(bus, CLK_NONE, true); 2692 sdio_release_host(bus->sdiodev->func[1]); 2693 } else { 2694 spin_unlock_irqrestore(&bus->dpc_tl_lock, flags); 2695 } 2696 2697 if (ret) 2698 bus->sdcnt.tx_ctlerrs++; 2699 else 2700 bus->sdcnt.tx_ctlpkts++; 2701 2702 return ret ? -EIO : 0; 2703} 2704 2705#ifdef DEBUG 2706static inline bool brcmf_sdio_valid_shared_address(u32 addr) 2707{ 2708 return !(addr == 0 || ((~addr >> 16) & 0xffff) == (addr & 0xffff)); 2709} 2710 2711static int brcmf_sdio_readshared(struct brcmf_sdio *bus, 2712 struct sdpcm_shared *sh) 2713{ 2714 u32 addr; 2715 int rv; 2716 u32 shaddr = 0; 2717 struct sdpcm_shared_le sh_le; 2718 __le32 addr_le; 2719 2720 shaddr = bus->ramsize - 4; 2721 2722 /* 2723 * Read last word in socram to determine 2724 * address of sdpcm_shared structure 2725 */ 2726 sdio_claim_host(bus->sdiodev->func[1]); 2727 rv = brcmf_sdbrcm_membytes(bus, false, shaddr, 2728 (u8 *)&addr_le, 4); 2729 sdio_claim_host(bus->sdiodev->func[1]); 2730 if (rv < 0) 2731 return rv; 2732 2733 addr = le32_to_cpu(addr_le); 2734 2735 brcmf_dbg(INFO, "sdpcm_shared address 0x%08X\n", addr); 2736 2737 /* 2738 * Check if addr is valid. 2739 * NVRAM length at the end of memory should have been overwritten. 2740 */ 2741 if (!brcmf_sdio_valid_shared_address(addr)) { 2742 brcmf_dbg(ERROR, "invalid sdpcm_shared address 0x%08X\n", 2743 addr); 2744 return -EINVAL; 2745 } 2746 2747 /* Read hndrte_shared structure */ 2748 sdio_claim_host(bus->sdiodev->func[1]); 2749 rv = brcmf_sdbrcm_membytes(bus, false, addr, (u8 *)&sh_le, 2750 sizeof(struct sdpcm_shared_le)); 2751 sdio_release_host(bus->sdiodev->func[1]); 2752 if (rv < 0) 2753 return rv; 2754 2755 /* Endianness */ 2756 sh->flags = le32_to_cpu(sh_le.flags); 2757 sh->trap_addr = le32_to_cpu(sh_le.trap_addr); 2758 sh->assert_exp_addr = le32_to_cpu(sh_le.assert_exp_addr); 2759 sh->assert_file_addr = le32_to_cpu(sh_le.assert_file_addr); 2760 sh->assert_line = le32_to_cpu(sh_le.assert_line); 2761 sh->console_addr = le32_to_cpu(sh_le.console_addr); 2762 sh->msgtrace_addr = le32_to_cpu(sh_le.msgtrace_addr); 2763 2764 if ((sh->flags & SDPCM_SHARED_VERSION_MASK) != SDPCM_SHARED_VERSION) { 2765 brcmf_dbg(ERROR, 2766 "sdpcm_shared version mismatch: dhd %d dongle %d\n", 2767 SDPCM_SHARED_VERSION, 2768 sh->flags & SDPCM_SHARED_VERSION_MASK); 2769 return -EPROTO; 2770 } 2771 2772 return 0; 2773} 2774 2775static int brcmf_sdio_dump_console(struct brcmf_sdio *bus, 2776 struct sdpcm_shared *sh, char __user *data, 2777 size_t count) 2778{ 2779 u32 addr, console_ptr, console_size, console_index; 2780 char *conbuf = NULL; 2781 __le32 sh_val; 2782 int rv; 2783 loff_t pos = 0; 2784 int nbytes = 0; 2785 2786 /* obtain console information from device memory */ 2787 addr = sh->console_addr + offsetof(struct rte_console, log_le); 2788 rv = brcmf_sdbrcm_membytes(bus, false, addr, 2789 (u8 *)&sh_val, sizeof(u32)); 2790 if (rv < 0) 2791 return rv; 2792 console_ptr = le32_to_cpu(sh_val); 2793 2794 addr = sh->console_addr + offsetof(struct rte_console, log_le.buf_size); 2795 rv = brcmf_sdbrcm_membytes(bus, false, addr, 2796 (u8 *)&sh_val, sizeof(u32)); 2797 if (rv < 0) 2798 return rv; 2799 console_size = le32_to_cpu(sh_val); 2800 2801 addr = sh->console_addr + offsetof(struct rte_console, log_le.idx); 2802 rv = brcmf_sdbrcm_membytes(bus, false, addr, 2803 (u8 *)&sh_val, sizeof(u32)); 2804 if (rv < 0) 2805 return rv; 2806 console_index = le32_to_cpu(sh_val); 2807 2808 /* allocate buffer for console data */ 2809 if (console_size <= CONSOLE_BUFFER_MAX) 2810 conbuf = vzalloc(console_size+1); 2811 2812 if (!conbuf) 2813 return -ENOMEM; 2814 2815 /* obtain the console data from device */ 2816 conbuf[console_size] = '\0'; 2817 rv = brcmf_sdbrcm_membytes(bus, false, console_ptr, (u8 *)conbuf, 2818 console_size); 2819 if (rv < 0) 2820 goto done; 2821 2822 rv = simple_read_from_buffer(data, count, &pos, 2823 conbuf + console_index, 2824 console_size - console_index); 2825 if (rv < 0) 2826 goto done; 2827 2828 nbytes = rv; 2829 if (console_index > 0) { 2830 pos = 0; 2831 rv = simple_read_from_buffer(data+nbytes, count, &pos, 2832 conbuf, console_index - 1); 2833 if (rv < 0) 2834 goto done; 2835 rv += nbytes; 2836 } 2837done: 2838 vfree(conbuf); 2839 return rv; 2840} 2841 2842static int brcmf_sdio_trap_info(struct brcmf_sdio *bus, struct sdpcm_shared *sh, 2843 char __user *data, size_t count) 2844{ 2845 int error, res; 2846 char buf[350]; 2847 struct brcmf_trap_info tr; 2848 int nbytes; 2849 loff_t pos = 0; 2850 2851 if ((sh->flags & SDPCM_SHARED_TRAP) == 0) 2852 return 0; 2853 2854 sdio_claim_host(bus->sdiodev->func[1]); 2855 error = brcmf_sdbrcm_membytes(bus, false, sh->trap_addr, (u8 *)&tr, 2856 sizeof(struct brcmf_trap_info)); 2857 if (error < 0) 2858 return error; 2859 2860 nbytes = brcmf_sdio_dump_console(bus, sh, data, count); 2861 sdio_release_host(bus->sdiodev->func[1]); 2862 if (nbytes < 0) 2863 return nbytes; 2864 2865 res = scnprintf(buf, sizeof(buf), 2866 "dongle trap info: type 0x%x @ epc 0x%08x\n" 2867 " cpsr 0x%08x spsr 0x%08x sp 0x%08x\n" 2868 " lr 0x%08x pc 0x%08x offset 0x%x\n" 2869 " r0 0x%08x r1 0x%08x r2 0x%08x r3 0x%08x\n" 2870 " r4 0x%08x r5 0x%08x r6 0x%08x r7 0x%08x\n", 2871 le32_to_cpu(tr.type), le32_to_cpu(tr.epc), 2872 le32_to_cpu(tr.cpsr), le32_to_cpu(tr.spsr), 2873 le32_to_cpu(tr.r13), le32_to_cpu(tr.r14), 2874 le32_to_cpu(tr.pc), sh->trap_addr, 2875 le32_to_cpu(tr.r0), le32_to_cpu(tr.r1), 2876 le32_to_cpu(tr.r2), le32_to_cpu(tr.r3), 2877 le32_to_cpu(tr.r4), le32_to_cpu(tr.r5), 2878 le32_to_cpu(tr.r6), le32_to_cpu(tr.r7)); 2879 2880 error = simple_read_from_buffer(data+nbytes, count, &pos, buf, res); 2881 if (error < 0) 2882 return error; 2883 2884 nbytes += error; 2885 return nbytes; 2886} 2887 2888static int brcmf_sdio_assert_info(struct brcmf_sdio *bus, 2889 struct sdpcm_shared *sh, char __user *data, 2890 size_t count) 2891{ 2892 int error = 0; 2893 char buf[200]; 2894 char file[80] = "?"; 2895 char expr[80] = "<???>"; 2896 int res; 2897 loff_t pos = 0; 2898 2899 if ((sh->flags & SDPCM_SHARED_ASSERT_BUILT) == 0) { 2900 brcmf_dbg(INFO, "firmware not built with -assert\n"); 2901 return 0; 2902 } else if ((sh->flags & SDPCM_SHARED_ASSERT) == 0) { 2903 brcmf_dbg(INFO, "no assert in dongle\n"); 2904 return 0; 2905 } 2906 2907 sdio_claim_host(bus->sdiodev->func[1]); 2908 if (sh->assert_file_addr != 0) { 2909 error = brcmf_sdbrcm_membytes(bus, false, sh->assert_file_addr, 2910 (u8 *)file, 80); 2911 if (error < 0) 2912 return error; 2913 } 2914 if (sh->assert_exp_addr != 0) { 2915 error = brcmf_sdbrcm_membytes(bus, false, sh->assert_exp_addr, 2916 (u8 *)expr, 80); 2917 if (error < 0) 2918 return error; 2919 } 2920 sdio_release_host(bus->sdiodev->func[1]); 2921 2922 res = scnprintf(buf, sizeof(buf), 2923 "dongle assert: %s:%d: assert(%s)\n", 2924 file, sh->assert_line, expr); 2925 return simple_read_from_buffer(data, count, &pos, buf, res); 2926} 2927 2928static int brcmf_sdbrcm_checkdied(struct brcmf_sdio *bus) 2929{ 2930 int error; 2931 struct sdpcm_shared sh; 2932 2933 error = brcmf_sdio_readshared(bus, &sh); 2934 2935 if (error < 0) 2936 return error; 2937 2938 if ((sh.flags & SDPCM_SHARED_ASSERT_BUILT) == 0) 2939 brcmf_dbg(INFO, "firmware not built with -assert\n"); 2940 else if (sh.flags & SDPCM_SHARED_ASSERT) 2941 brcmf_dbg(ERROR, "assertion in dongle\n"); 2942 2943 if (sh.flags & SDPCM_SHARED_TRAP) 2944 brcmf_dbg(ERROR, "firmware trap in dongle\n"); 2945 2946 return 0; 2947} 2948 2949static int brcmf_sdbrcm_died_dump(struct brcmf_sdio *bus, char __user *data, 2950 size_t count, loff_t *ppos) 2951{ 2952 int error = 0; 2953 struct sdpcm_shared sh; 2954 int nbytes = 0; 2955 loff_t pos = *ppos; 2956 2957 if (pos != 0) 2958 return 0; 2959 2960 error = brcmf_sdio_readshared(bus, &sh); 2961 if (error < 0) 2962 goto done; 2963 2964 error = brcmf_sdio_assert_info(bus, &sh, data, count); 2965 if (error < 0) 2966 goto done; 2967 2968 nbytes = error; 2969 error = brcmf_sdio_trap_info(bus, &sh, data, count); 2970 if (error < 0) 2971 goto done; 2972 2973 error += nbytes; 2974 *ppos += error; 2975done: 2976 return error; 2977} 2978 2979static ssize_t brcmf_sdio_forensic_read(struct file *f, char __user *data, 2980 size_t count, loff_t *ppos) 2981{ 2982 struct brcmf_sdio *bus = f->private_data; 2983 int res; 2984 2985 res = brcmf_sdbrcm_died_dump(bus, data, count, ppos); 2986 if (res > 0) 2987 *ppos += res; 2988 return (ssize_t)res; 2989} 2990 2991static const struct file_operations brcmf_sdio_forensic_ops = { 2992 .owner = THIS_MODULE, 2993 .open = simple_open, 2994 .read = brcmf_sdio_forensic_read 2995}; 2996 2997static void brcmf_sdio_debugfs_create(struct brcmf_sdio *bus) 2998{ 2999 struct brcmf_pub *drvr = bus->sdiodev->bus_if->drvr; 3000 struct dentry *dentry = brcmf_debugfs_get_devdir(drvr); 3001 3002 if (IS_ERR_OR_NULL(dentry)) 3003 return; 3004 3005 debugfs_create_file("forensics", S_IRUGO, dentry, bus, 3006 &brcmf_sdio_forensic_ops); 3007 brcmf_debugfs_create_sdio_count(drvr, &bus->sdcnt); 3008} 3009#else 3010static int brcmf_sdbrcm_checkdied(struct brcmf_sdio *bus) 3011{ 3012 return 0; 3013} 3014 3015static void brcmf_sdio_debugfs_create(struct brcmf_sdio *bus) 3016{ 3017} 3018#endif /* DEBUG */ 3019 3020static int 3021brcmf_sdbrcm_bus_rxctl(struct device *dev, unsigned char *msg, uint msglen) 3022{ 3023 int timeleft; 3024 uint rxlen = 0; 3025 bool pending; 3026 u8 *buf; 3027 struct brcmf_bus *bus_if = dev_get_drvdata(dev); 3028 struct brcmf_sdio_dev *sdiodev = bus_if->bus_priv.sdio; 3029 struct brcmf_sdio *bus = sdiodev->bus; 3030 3031 brcmf_dbg(TRACE, "Enter\n"); 3032 3033 /* Wait until control frame is available */ 3034 timeleft = brcmf_sdbrcm_dcmd_resp_wait(bus, &bus->rxlen, &pending); 3035 3036 spin_lock_bh(&bus->rxctl_lock); 3037 rxlen = bus->rxlen; 3038 memcpy(msg, bus->rxctl, min(msglen, rxlen)); 3039 bus->rxctl = NULL; 3040 buf = bus->rxctl_orig; 3041 bus->rxctl_orig = NULL; 3042 bus->rxlen = 0; 3043 spin_unlock_bh(&bus->rxctl_lock); 3044 vfree(buf); 3045 3046 if (rxlen) { 3047 brcmf_dbg(CTL, "resumed on rxctl frame, got %d expected %d\n", 3048 rxlen, msglen); 3049 } else if (timeleft == 0) { 3050 brcmf_dbg(ERROR, "resumed on timeout\n"); 3051 brcmf_sdbrcm_checkdied(bus); 3052 } else if (pending) { 3053 brcmf_dbg(CTL, "cancelled\n"); 3054 return -ERESTARTSYS; 3055 } else { 3056 brcmf_dbg(CTL, "resumed for unknown reason?\n"); 3057 brcmf_sdbrcm_checkdied(bus); 3058 } 3059 3060 if (rxlen) 3061 bus->sdcnt.rx_ctlpkts++; 3062 else 3063 bus->sdcnt.rx_ctlerrs++; 3064 3065 return rxlen ? (int)rxlen : -ETIMEDOUT; 3066} 3067 3068static int brcmf_sdbrcm_write_vars(struct brcmf_sdio *bus) 3069{ 3070 int bcmerror = 0; 3071 u32 varaddr; 3072 u32 varsizew; 3073 __le32 varsizew_le; 3074#ifdef DEBUG 3075 char *nvram_ularray; 3076#endif /* DEBUG */ 3077 3078 /* Even if there are no vars are to be written, we still 3079 need to set the ramsize. */ 3080 varaddr = (bus->ramsize - 4) - bus->varsz; 3081 3082 if (bus->vars) { 3083 /* Write the vars list */ 3084 bcmerror = brcmf_sdbrcm_membytes(bus, true, varaddr, 3085 bus->vars, bus->varsz); 3086#ifdef DEBUG 3087 /* Verify NVRAM bytes */ 3088 brcmf_dbg(INFO, "Compare NVRAM dl & ul; varsize=%d\n", 3089 bus->varsz); 3090 nvram_ularray = kmalloc(bus->varsz, GFP_ATOMIC); 3091 if (!nvram_ularray) 3092 return -ENOMEM; 3093 3094 /* Upload image to verify downloaded contents. */ 3095 memset(nvram_ularray, 0xaa, bus->varsz); 3096 3097 /* Read the vars list to temp buffer for comparison */ 3098 bcmerror = brcmf_sdbrcm_membytes(bus, false, varaddr, 3099 nvram_ularray, bus->varsz); 3100 if (bcmerror) { 3101 brcmf_dbg(ERROR, "error %d on reading %d nvram bytes at 0x%08x\n", 3102 bcmerror, bus->varsz, varaddr); 3103 } 3104 /* Compare the org NVRAM with the one read from RAM */ 3105 if (memcmp(bus->vars, nvram_ularray, bus->varsz)) 3106 brcmf_dbg(ERROR, "Downloaded NVRAM image is corrupted\n"); 3107 else 3108 brcmf_dbg(ERROR, "Download/Upload/Compare of NVRAM ok\n"); 3109 3110 kfree(nvram_ularray); 3111#endif /* DEBUG */ 3112 } 3113 3114 /* adjust to the user specified RAM */ 3115 brcmf_dbg(INFO, "Physical memory size: %d\n", bus->ramsize); 3116 brcmf_dbg(INFO, "Vars are at %d, orig varsize is %d\n", 3117 varaddr, bus->varsz); 3118 3119 /* 3120 * Determine the length token: 3121 * Varsize, converted to words, in lower 16-bits, checksum 3122 * in upper 16-bits. 3123 */ 3124 if (bcmerror) { 3125 varsizew = 0; 3126 varsizew_le = cpu_to_le32(0); 3127 } else { 3128 varsizew = bus->varsz / 4; 3129 varsizew = (~varsizew << 16) | (varsizew & 0x0000FFFF); 3130 varsizew_le = cpu_to_le32(varsizew); 3131 } 3132 3133 brcmf_dbg(INFO, "New varsize is %d, length token=0x%08x\n", 3134 bus->varsz, varsizew); 3135 3136 /* Write the length token to the last word */ 3137 bcmerror = brcmf_sdbrcm_membytes(bus, true, (bus->ramsize - 4), 3138 (u8 *)&varsizew_le, 4); 3139 3140 return bcmerror; 3141} 3142 3143static int brcmf_sdbrcm_download_state(struct brcmf_sdio *bus, bool enter) 3144{ 3145 int bcmerror = 0; 3146 struct chip_info *ci = bus->ci; 3147 3148 /* To enter download state, disable ARM and reset SOCRAM. 3149 * To exit download state, simply reset ARM (default is RAM boot). 3150 */ 3151 if (enter) { 3152 bus->alp_only = true; 3153 3154 ci->coredisable(bus->sdiodev, ci, BCMA_CORE_ARM_CM3); 3155 3156 ci->resetcore(bus->sdiodev, ci, BCMA_CORE_INTERNAL_MEM); 3157 3158 /* Clear the top bit of memory */ 3159 if (bus->ramsize) { 3160 u32 zeros = 0; 3161 brcmf_sdbrcm_membytes(bus, true, bus->ramsize - 4, 3162 (u8 *)&zeros, 4); 3163 } 3164 } else { 3165 if (!ci->iscoreup(bus->sdiodev, ci, BCMA_CORE_INTERNAL_MEM)) { 3166 brcmf_dbg(ERROR, "SOCRAM core is down after reset?\n"); 3167 bcmerror = -EBADE; 3168 goto fail; 3169 } 3170 3171 bcmerror = brcmf_sdbrcm_write_vars(bus); 3172 if (bcmerror) { 3173 brcmf_dbg(ERROR, "no vars written to RAM\n"); 3174 bcmerror = 0; 3175 } 3176 3177 w_sdreg32(bus, 0xFFFFFFFF, 3178 offsetof(struct sdpcmd_regs, intstatus)); 3179 3180 ci->resetcore(bus->sdiodev, ci, BCMA_CORE_ARM_CM3); 3181 3182 /* Allow HT Clock now that the ARM is running. */ 3183 bus->alp_only = false; 3184 3185 bus->sdiodev->bus_if->state = BRCMF_BUS_LOAD; 3186 } 3187fail: 3188 return bcmerror; 3189} 3190 3191static int brcmf_sdbrcm_get_image(char *buf, int len, struct brcmf_sdio *bus) 3192{ 3193 if (bus->firmware->size < bus->fw_ptr + len) 3194 len = bus->firmware->size - bus->fw_ptr; 3195 3196 memcpy(buf, &bus->firmware->data[bus->fw_ptr], len); 3197 bus->fw_ptr += len; 3198 return len; 3199} 3200 3201static int brcmf_sdbrcm_download_code_file(struct brcmf_sdio *bus) 3202{ 3203 int offset = 0; 3204 uint len; 3205 u8 *memblock = NULL, *memptr; 3206 int ret; 3207 3208 brcmf_dbg(INFO, "Enter\n"); 3209 3210 ret = request_firmware(&bus->firmware, BRCMF_SDIO_FW_NAME, 3211 &bus->sdiodev->func[2]->dev); 3212 if (ret) { 3213 brcmf_dbg(ERROR, "Fail to request firmware %d\n", ret); 3214 return ret; 3215 } 3216 bus->fw_ptr = 0; 3217 3218 memptr = memblock = kmalloc(MEMBLOCK + BRCMF_SDALIGN, GFP_ATOMIC); 3219 if (memblock == NULL) { 3220 ret = -ENOMEM; 3221 goto err; 3222 } 3223 if ((u32)(unsigned long)memblock % BRCMF_SDALIGN) 3224 memptr += (BRCMF_SDALIGN - 3225 ((u32)(unsigned long)memblock % BRCMF_SDALIGN)); 3226 3227 /* Download image */ 3228 while ((len = 3229 brcmf_sdbrcm_get_image((char *)memptr, MEMBLOCK, bus))) { 3230 ret = brcmf_sdbrcm_membytes(bus, true, offset, memptr, len); 3231 if (ret) { 3232 brcmf_dbg(ERROR, "error %d on writing %d membytes at 0x%08x\n", 3233 ret, MEMBLOCK, offset); 3234 goto err; 3235 } 3236 3237 offset += MEMBLOCK; 3238 } 3239 3240err: 3241 kfree(memblock); 3242 3243 release_firmware(bus->firmware); 3244 bus->fw_ptr = 0; 3245 3246 return ret; 3247} 3248 3249/* 3250 * ProcessVars:Takes a buffer of "<var>=<value>\n" lines read from a file 3251 * and ending in a NUL. 3252 * Removes carriage returns, empty lines, comment lines, and converts 3253 * newlines to NULs. 3254 * Shortens buffer as needed and pads with NULs. End of buffer is marked 3255 * by two NULs. 3256*/ 3257 3258static int brcmf_process_nvram_vars(struct brcmf_sdio *bus) 3259{ 3260 char *varbuf; 3261 char *dp; 3262 bool findNewline; 3263 int column; 3264 int ret = 0; 3265 uint buf_len, n, len; 3266 3267 len = bus->firmware->size; 3268 varbuf = vmalloc(len); 3269 if (!varbuf) 3270 return -ENOMEM; 3271 3272 memcpy(varbuf, bus->firmware->data, len); 3273 dp = varbuf; 3274 3275 findNewline = false; 3276 column = 0; 3277 3278 for (n = 0; n < len; n++) { 3279 if (varbuf[n] == 0) 3280 break; 3281 if (varbuf[n] == '\r') 3282 continue; 3283 if (findNewline && varbuf[n] != '\n') 3284 continue; 3285 findNewline = false; 3286 if (varbuf[n] == '#') { 3287 findNewline = true; 3288 continue; 3289 } 3290 if (varbuf[n] == '\n') { 3291 if (column == 0) 3292 continue; 3293 *dp++ = 0; 3294 column = 0; 3295 continue; 3296 } 3297 *dp++ = varbuf[n]; 3298 column++; 3299 } 3300 buf_len = dp - varbuf; 3301 while (dp < varbuf + n) 3302 *dp++ = 0; 3303 3304 kfree(bus->vars); 3305 /* roundup needed for download to device */ 3306 bus->varsz = roundup(buf_len + 1, 4); 3307 bus->vars = kmalloc(bus->varsz, GFP_KERNEL); 3308 if (bus->vars == NULL) { 3309 bus->varsz = 0; 3310 ret = -ENOMEM; 3311 goto err; 3312 } 3313 3314 /* copy the processed variables and add null termination */ 3315 memcpy(bus->vars, varbuf, buf_len); 3316 bus->vars[buf_len] = 0; 3317err: 3318 vfree(varbuf); 3319 return ret; 3320} 3321 3322static int brcmf_sdbrcm_download_nvram(struct brcmf_sdio *bus) 3323{ 3324 int ret; 3325 3326 if (bus->sdiodev->bus_if->drvr_up) 3327 return -EISCONN; 3328 3329 ret = request_firmware(&bus->firmware, BRCMF_SDIO_NV_NAME, 3330 &bus->sdiodev->func[2]->dev); 3331 if (ret) { 3332 brcmf_dbg(ERROR, "Fail to request nvram %d\n", ret); 3333 return ret; 3334 } 3335 3336 ret = brcmf_process_nvram_vars(bus); 3337 3338 release_firmware(bus->firmware); 3339 3340 return ret; 3341} 3342 3343static int _brcmf_sdbrcm_download_firmware(struct brcmf_sdio *bus) 3344{ 3345 int bcmerror = -1; 3346 3347 /* Keep arm in reset */ 3348 if (brcmf_sdbrcm_download_state(bus, true)) { 3349 brcmf_dbg(ERROR, "error placing ARM core in reset\n"); 3350 goto err; 3351 } 3352 3353 /* External image takes precedence if specified */ 3354 if (brcmf_sdbrcm_download_code_file(bus)) { 3355 brcmf_dbg(ERROR, "dongle image file download failed\n"); 3356 goto err; 3357 } 3358 3359 /* External nvram takes precedence if specified */ 3360 if (brcmf_sdbrcm_download_nvram(bus)) 3361 brcmf_dbg(ERROR, "dongle nvram file download failed\n"); 3362 3363 /* Take arm out of reset */ 3364 if (brcmf_sdbrcm_download_state(bus, false)) { 3365 brcmf_dbg(ERROR, "error getting out of ARM core reset\n"); 3366 goto err; 3367 } 3368 3369 bcmerror = 0; 3370 3371err: 3372 return bcmerror; 3373} 3374 3375static bool 3376brcmf_sdbrcm_download_firmware(struct brcmf_sdio *bus) 3377{ 3378 bool ret; 3379 3380 sdio_claim_host(bus->sdiodev->func[1]); 3381 3382 brcmf_sdbrcm_clkctl(bus, CLK_AVAIL, false); 3383 3384 ret = _brcmf_sdbrcm_download_firmware(bus) == 0; 3385 3386 brcmf_sdbrcm_clkctl(bus, CLK_SDONLY, false); 3387 3388 sdio_release_host(bus->sdiodev->func[1]); 3389 3390 return ret; 3391} 3392 3393static int brcmf_sdbrcm_bus_init(struct device *dev) 3394{ 3395 struct brcmf_bus *bus_if = dev_get_drvdata(dev); 3396 struct brcmf_sdio_dev *sdiodev = bus_if->bus_priv.sdio; 3397 struct brcmf_sdio *bus = sdiodev->bus; 3398 unsigned long timeout; 3399 u8 ready, enable; 3400 int err, ret = 0; 3401 u8 saveclk; 3402 3403 brcmf_dbg(TRACE, "Enter\n"); 3404 3405 /* try to download image and nvram to the dongle */ 3406 if (bus_if->state == BRCMF_BUS_DOWN) { 3407 if (!(brcmf_sdbrcm_download_firmware(bus))) 3408 return -1; 3409 } 3410 3411 if (!bus->sdiodev->bus_if->drvr) 3412 return 0; 3413 3414 /* Start the watchdog timer */ 3415 bus->sdcnt.tickcnt = 0; 3416 brcmf_sdbrcm_wd_timer(bus, BRCMF_WD_POLL_MS); 3417 3418 sdio_claim_host(bus->sdiodev->func[1]); 3419 3420 /* Make sure backplane clock is on, needed to generate F2 interrupt */ 3421 brcmf_sdbrcm_clkctl(bus, CLK_AVAIL, false); 3422 if (bus->clkstate != CLK_AVAIL) 3423 goto exit; 3424 3425 /* Force clocks on backplane to be sure F2 interrupt propagates */ 3426 saveclk = brcmf_sdio_regrb(bus->sdiodev, 3427 SBSDIO_FUNC1_CHIPCLKCSR, &err); 3428 if (!err) { 3429 brcmf_sdio_regwb(bus->sdiodev, SBSDIO_FUNC1_CHIPCLKCSR, 3430 (saveclk | SBSDIO_FORCE_HT), &err); 3431 } 3432 if (err) { 3433 brcmf_dbg(ERROR, "Failed to force clock for F2: err %d\n", err); 3434 goto exit; 3435 } 3436 3437 /* Enable function 2 (frame transfers) */ 3438 w_sdreg32(bus, SDPCM_PROT_VERSION << SMB_DATA_VERSION_SHIFT, 3439 offsetof(struct sdpcmd_regs, tosbmailboxdata)); 3440 enable = (SDIO_FUNC_ENABLE_1 | SDIO_FUNC_ENABLE_2); 3441 3442 brcmf_sdio_regwb(bus->sdiodev, SDIO_CCCR_IOEx, enable, NULL); 3443 3444 timeout = jiffies + msecs_to_jiffies(BRCMF_WAIT_F2RDY); 3445 ready = 0; 3446 while (enable != ready) { 3447 ready = brcmf_sdio_regrb(bus->sdiodev, 3448 SDIO_CCCR_IORx, NULL); 3449 if (time_after(jiffies, timeout)) 3450 break; 3451 else if (time_after(jiffies, timeout - BRCMF_WAIT_F2RDY + 50)) 3452 /* prevent busy waiting if it takes too long */ 3453 msleep_interruptible(20); 3454 } 3455 3456 brcmf_dbg(INFO, "enable 0x%02x, ready 0x%02x\n", enable, ready); 3457 3458 /* If F2 successfully enabled, set core and enable interrupts */ 3459 if (ready == enable) { 3460 /* Set up the interrupt mask and enable interrupts */ 3461 bus->hostintmask = HOSTINTMASK; 3462 w_sdreg32(bus, bus->hostintmask, 3463 offsetof(struct sdpcmd_regs, hostintmask)); 3464 3465 brcmf_sdio_regwb(bus->sdiodev, SBSDIO_WATERMARK, 8, &err); 3466 } else { 3467 /* Disable F2 again */ 3468 enable = SDIO_FUNC_ENABLE_1; 3469 brcmf_sdio_regwb(bus->sdiodev, SDIO_CCCR_IOEx, enable, NULL); 3470 ret = -ENODEV; 3471 } 3472 3473 /* Restore previous clock setting */ 3474 brcmf_sdio_regwb(bus->sdiodev, SBSDIO_FUNC1_CHIPCLKCSR, saveclk, &err); 3475 3476 if (ret == 0) { 3477 ret = brcmf_sdio_intr_register(bus->sdiodev); 3478 if (ret != 0) 3479 brcmf_dbg(ERROR, "intr register failed:%d\n", ret); 3480 } 3481 3482 /* If we didn't come up, turn off backplane clock */ 3483 if (bus_if->state != BRCMF_BUS_DATA) 3484 brcmf_sdbrcm_clkctl(bus, CLK_NONE, false); 3485 3486exit: 3487 sdio_release_host(bus->sdiodev->func[1]); 3488 3489 return ret; 3490} 3491 3492void brcmf_sdbrcm_isr(void *arg) 3493{ 3494 struct brcmf_sdio *bus = (struct brcmf_sdio *) arg; 3495 3496 brcmf_dbg(TRACE, "Enter\n"); 3497 3498 if (!bus) { 3499 brcmf_dbg(ERROR, "bus is null pointer, exiting\n"); 3500 return; 3501 } 3502 3503 if (bus->sdiodev->bus_if->state == BRCMF_BUS_DOWN) { 3504 brcmf_dbg(ERROR, "bus is down. we have nothing to do\n"); 3505 return; 3506 } 3507 /* Count the interrupt call */ 3508 bus->sdcnt.intrcount++; 3509 if (in_interrupt()) 3510 atomic_set(&bus->ipend, 1); 3511 else 3512 if (brcmf_sdio_intr_rstatus(bus)) { 3513 brcmf_dbg(ERROR, "failed backplane access\n"); 3514 bus->sdiodev->bus_if->state = BRCMF_BUS_DOWN; 3515 } 3516 3517 /* Disable additional interrupts (is this needed now)? */ 3518 if (!bus->intr) 3519 brcmf_dbg(ERROR, "isr w/o interrupt configured!\n"); 3520 3521 brcmf_sdbrcm_adddpctsk(bus); 3522 queue_work(bus->brcmf_wq, &bus->datawork); 3523} 3524 3525static bool brcmf_sdbrcm_bus_watchdog(struct brcmf_sdio *bus) 3526{ 3527#ifdef DEBUG 3528 struct brcmf_bus *bus_if = dev_get_drvdata(bus->sdiodev->dev); 3529#endif /* DEBUG */ 3530 unsigned long flags; 3531 3532 brcmf_dbg(TIMER, "Enter\n"); 3533 3534 /* Poll period: check device if appropriate. */ 3535 if (bus->poll && (++bus->polltick >= bus->pollrate)) { 3536 u32 intstatus = 0; 3537 3538 /* Reset poll tick */ 3539 bus->polltick = 0; 3540 3541 /* Check device if no interrupts */ 3542 if (!bus->intr || 3543 (bus->sdcnt.intrcount == bus->sdcnt.lastintrs)) { 3544 3545 spin_lock_irqsave(&bus->dpc_tl_lock, flags); 3546 if (list_empty(&bus->dpc_tsklst)) { 3547 u8 devpend; 3548 spin_unlock_irqrestore(&bus->dpc_tl_lock, 3549 flags); 3550 sdio_claim_host(bus->sdiodev->func[1]); 3551 devpend = brcmf_sdio_regrb(bus->sdiodev, 3552 SDIO_CCCR_INTx, 3553 NULL); 3554 sdio_release_host(bus->sdiodev->func[1]); 3555 intstatus = 3556 devpend & (INTR_STATUS_FUNC1 | 3557 INTR_STATUS_FUNC2); 3558 } else { 3559 spin_unlock_irqrestore(&bus->dpc_tl_lock, 3560 flags); 3561 } 3562 3563 /* If there is something, make like the ISR and 3564 schedule the DPC */ 3565 if (intstatus) { 3566 bus->sdcnt.pollcnt++; 3567 atomic_set(&bus->ipend, 1); 3568 3569 brcmf_sdbrcm_adddpctsk(bus); 3570 queue_work(bus->brcmf_wq, &bus->datawork); 3571 } 3572 } 3573 3574 /* Update interrupt tracking */ 3575 bus->sdcnt.lastintrs = bus->sdcnt.intrcount; 3576 } 3577#ifdef DEBUG 3578 /* Poll for console output periodically */ 3579 if (bus_if->state == BRCMF_BUS_DATA && 3580 bus->console_interval != 0) { 3581 bus->console.count += BRCMF_WD_POLL_MS; 3582 if (bus->console.count >= bus->console_interval) { 3583 bus->console.count -= bus->console_interval; 3584 sdio_claim_host(bus->sdiodev->func[1]); 3585 /* Make sure backplane clock is on */ 3586 brcmf_sdbrcm_clkctl(bus, CLK_AVAIL, false); 3587 if (brcmf_sdbrcm_readconsole(bus) < 0) 3588 /* stop on error */ 3589 bus->console_interval = 0; 3590 sdio_release_host(bus->sdiodev->func[1]); 3591 } 3592 } 3593#endif /* DEBUG */ 3594 3595 /* On idle timeout clear activity flag and/or turn off clock */ 3596 if ((bus->idletime > 0) && (bus->clkstate == CLK_AVAIL)) { 3597 if (++bus->idlecount >= bus->idletime) { 3598 bus->idlecount = 0; 3599 if (bus->activity) { 3600 bus->activity = false; 3601 brcmf_sdbrcm_wd_timer(bus, BRCMF_WD_POLL_MS); 3602 } else { 3603 sdio_claim_host(bus->sdiodev->func[1]); 3604 brcmf_sdbrcm_clkctl(bus, CLK_NONE, false); 3605 sdio_release_host(bus->sdiodev->func[1]); 3606 } 3607 } 3608 } 3609 3610 return (atomic_read(&bus->ipend) > 0); 3611} 3612 3613static bool brcmf_sdbrcm_chipmatch(u16 chipid) 3614{ 3615 if (chipid == BCM43241_CHIP_ID) 3616 return true; 3617 if (chipid == BCM4329_CHIP_ID) 3618 return true; 3619 if (chipid == BCM4330_CHIP_ID) 3620 return true; 3621 if (chipid == BCM4334_CHIP_ID) 3622 return true; 3623 return false; 3624} 3625 3626static void brcmf_sdio_dataworker(struct work_struct *work) 3627{ 3628 struct brcmf_sdio *bus = container_of(work, struct brcmf_sdio, 3629 datawork); 3630 struct list_head *cur_hd, *tmp_hd; 3631 unsigned long flags; 3632 3633 spin_lock_irqsave(&bus->dpc_tl_lock, flags); 3634 list_for_each_safe(cur_hd, tmp_hd, &bus->dpc_tsklst) { 3635 spin_unlock_irqrestore(&bus->dpc_tl_lock, flags); 3636 3637 brcmf_sdbrcm_dpc(bus); 3638 3639 spin_lock_irqsave(&bus->dpc_tl_lock, flags); 3640 list_del(cur_hd); 3641 kfree(cur_hd); 3642 } 3643 spin_unlock_irqrestore(&bus->dpc_tl_lock, flags); 3644} 3645 3646static void brcmf_sdbrcm_release_malloc(struct brcmf_sdio *bus) 3647{ 3648 brcmf_dbg(TRACE, "Enter\n"); 3649 3650 kfree(bus->rxbuf); 3651 bus->rxctl = bus->rxbuf = NULL; 3652 bus->rxlen = 0; 3653 3654 kfree(bus->databuf); 3655 bus->databuf = NULL; 3656} 3657 3658static bool brcmf_sdbrcm_probe_malloc(struct brcmf_sdio *bus) 3659{ 3660 brcmf_dbg(TRACE, "Enter\n"); 3661 3662 if (bus->sdiodev->bus_if->maxctl) { 3663 bus->rxblen = 3664 roundup((bus->sdiodev->bus_if->maxctl + SDPCM_HDRLEN), 3665 ALIGNMENT) + BRCMF_SDALIGN; 3666 bus->rxbuf = kmalloc(bus->rxblen, GFP_ATOMIC); 3667 if (!(bus->rxbuf)) 3668 goto fail; 3669 } 3670 3671 /* Allocate buffer to receive glomed packet */ 3672 bus->databuf = kmalloc(MAX_DATA_BUF, GFP_ATOMIC); 3673 if (!(bus->databuf)) { 3674 /* release rxbuf which was already located as above */ 3675 if (!bus->rxblen) 3676 kfree(bus->rxbuf); 3677 goto fail; 3678 } 3679 3680 /* Align the buffer */ 3681 if ((unsigned long)bus->databuf % BRCMF_SDALIGN) 3682 bus->dataptr = bus->databuf + (BRCMF_SDALIGN - 3683 ((unsigned long)bus->databuf % BRCMF_SDALIGN)); 3684 else 3685 bus->dataptr = bus->databuf; 3686 3687 return true; 3688 3689fail: 3690 return false; 3691} 3692 3693static bool 3694brcmf_sdbrcm_probe_attach(struct brcmf_sdio *bus, u32 regsva) 3695{ 3696 u8 clkctl = 0; 3697 int err = 0; 3698 int reg_addr; 3699 u32 reg_val; 3700 u8 idx; 3701 3702 bus->alp_only = true; 3703 3704 sdio_claim_host(bus->sdiodev->func[1]); 3705 3706 pr_debug("F1 signature read @0x18000000=0x%4x\n", 3707 brcmf_sdio_regrl(bus->sdiodev, SI_ENUM_BASE, NULL)); 3708 3709 /* 3710 * Force PLL off until brcmf_sdio_chip_attach() 3711 * programs PLL control regs 3712 */ 3713 3714 brcmf_sdio_regwb(bus->sdiodev, SBSDIO_FUNC1_CHIPCLKCSR, 3715 BRCMF_INIT_CLKCTL1, &err); 3716 if (!err) 3717 clkctl = brcmf_sdio_regrb(bus->sdiodev, 3718 SBSDIO_FUNC1_CHIPCLKCSR, &err); 3719 3720 if (err || ((clkctl & ~SBSDIO_AVBITS) != BRCMF_INIT_CLKCTL1)) { 3721 brcmf_dbg(ERROR, "ChipClkCSR access: err %d wrote 0x%02x read 0x%02x\n", 3722 err, BRCMF_INIT_CLKCTL1, clkctl); 3723 goto fail; 3724 } 3725 3726 if (brcmf_sdio_chip_attach(bus->sdiodev, &bus->ci, regsva)) { 3727 brcmf_dbg(ERROR, "brcmf_sdio_chip_attach failed!\n"); 3728 goto fail; 3729 } 3730 3731 if (!brcmf_sdbrcm_chipmatch((u16) bus->ci->chip)) { 3732 brcmf_dbg(ERROR, "unsupported chip: 0x%04x\n", bus->ci->chip); 3733 goto fail; 3734 } 3735 3736 brcmf_sdio_chip_drivestrengthinit(bus->sdiodev, bus->ci, 3737 SDIO_DRIVE_STRENGTH); 3738 3739 /* Get info on the SOCRAM cores... */ 3740 bus->ramsize = bus->ci->ramsize; 3741 if (!(bus->ramsize)) { 3742 brcmf_dbg(ERROR, "failed to find SOCRAM memory!\n"); 3743 goto fail; 3744 } 3745 3746 /* Set core control so an SDIO reset does a backplane reset */ 3747 idx = brcmf_sdio_chip_getinfidx(bus->ci, BCMA_CORE_SDIO_DEV); 3748 reg_addr = bus->ci->c_inf[idx].base + 3749 offsetof(struct sdpcmd_regs, corecontrol); 3750 reg_val = brcmf_sdio_regrl(bus->sdiodev, reg_addr, NULL); 3751 brcmf_sdio_regwl(bus->sdiodev, reg_addr, reg_val | CC_BPRESEN, NULL); 3752 3753 sdio_release_host(bus->sdiodev->func[1]); 3754 3755 brcmu_pktq_init(&bus->txq, (PRIOMASK + 1), TXQLEN); 3756 3757 /* Locate an appropriately-aligned portion of hdrbuf */ 3758 bus->rxhdr = (u8 *) roundup((unsigned long)&bus->hdrbuf[0], 3759 BRCMF_SDALIGN); 3760 3761 /* Set the poll and/or interrupt flags */ 3762 bus->intr = true; 3763 bus->poll = false; 3764 if (bus->poll) 3765 bus->pollrate = 1; 3766 3767 return true; 3768 3769fail: 3770 sdio_release_host(bus->sdiodev->func[1]); 3771 return false; 3772} 3773 3774static bool brcmf_sdbrcm_probe_init(struct brcmf_sdio *bus) 3775{ 3776 brcmf_dbg(TRACE, "Enter\n"); 3777 3778 sdio_claim_host(bus->sdiodev->func[1]); 3779 3780 /* Disable F2 to clear any intermediate frame state on the dongle */ 3781 brcmf_sdio_regwb(bus->sdiodev, SDIO_CCCR_IOEx, 3782 SDIO_FUNC_ENABLE_1, NULL); 3783 3784 bus->sdiodev->bus_if->state = BRCMF_BUS_DOWN; 3785 bus->rxflow = false; 3786 3787 /* Done with backplane-dependent accesses, can drop clock... */ 3788 brcmf_sdio_regwb(bus->sdiodev, SBSDIO_FUNC1_CHIPCLKCSR, 0, NULL); 3789 3790 sdio_release_host(bus->sdiodev->func[1]); 3791 3792 /* ...and initialize clock/power states */ 3793 bus->clkstate = CLK_SDONLY; 3794 bus->idletime = BRCMF_IDLE_INTERVAL; 3795 bus->idleclock = BRCMF_IDLE_ACTIVE; 3796 3797 /* Query the F2 block size, set roundup accordingly */ 3798 bus->blocksize = bus->sdiodev->func[2]->cur_blksize; 3799 bus->roundup = min(max_roundup, bus->blocksize); 3800 3801 /* bus module does not support packet chaining */ 3802 bus->use_rxchain = false; 3803 bus->sd_rxchain = false; 3804 3805 return true; 3806} 3807 3808static int 3809brcmf_sdbrcm_watchdog_thread(void *data) 3810{ 3811 struct brcmf_sdio *bus = (struct brcmf_sdio *)data; 3812 3813 allow_signal(SIGTERM); 3814 /* Run until signal received */ 3815 while (1) { 3816 if (kthread_should_stop()) 3817 break; 3818 if (!wait_for_completion_interruptible(&bus->watchdog_wait)) { 3819 brcmf_sdbrcm_bus_watchdog(bus); 3820 /* Count the tick for reference */ 3821 bus->sdcnt.tickcnt++; 3822 } else 3823 break; 3824 } 3825 return 0; 3826} 3827 3828static void 3829brcmf_sdbrcm_watchdog(unsigned long data) 3830{ 3831 struct brcmf_sdio *bus = (struct brcmf_sdio *)data; 3832 3833 if (bus->watchdog_tsk) { 3834 complete(&bus->watchdog_wait); 3835 /* Reschedule the watchdog */ 3836 if (bus->wd_timer_valid) 3837 mod_timer(&bus->timer, 3838 jiffies + BRCMF_WD_POLL_MS * HZ / 1000); 3839 } 3840} 3841 3842static void brcmf_sdbrcm_release_dongle(struct brcmf_sdio *bus) 3843{ 3844 brcmf_dbg(TRACE, "Enter\n"); 3845 3846 if (bus->ci) { 3847 sdio_claim_host(bus->sdiodev->func[1]); 3848 brcmf_sdbrcm_clkctl(bus, CLK_AVAIL, false); 3849 brcmf_sdbrcm_clkctl(bus, CLK_NONE, false); 3850 sdio_release_host(bus->sdiodev->func[1]); 3851 brcmf_sdio_chip_detach(&bus->ci); 3852 if (bus->vars && bus->varsz) 3853 kfree(bus->vars); 3854 bus->vars = NULL; 3855 } 3856 3857 brcmf_dbg(TRACE, "Disconnected\n"); 3858} 3859 3860/* Detach and free everything */ 3861static void brcmf_sdbrcm_release(struct brcmf_sdio *bus) 3862{ 3863 brcmf_dbg(TRACE, "Enter\n"); 3864 3865 if (bus) { 3866 /* De-register interrupt handler */ 3867 brcmf_sdio_intr_unregister(bus->sdiodev); 3868 3869 cancel_work_sync(&bus->datawork); 3870 destroy_workqueue(bus->brcmf_wq); 3871 3872 if (bus->sdiodev->bus_if->drvr) { 3873 brcmf_detach(bus->sdiodev->dev); 3874 brcmf_sdbrcm_release_dongle(bus); 3875 } 3876 3877 brcmf_sdbrcm_release_malloc(bus); 3878 3879 kfree(bus); 3880 } 3881 3882 brcmf_dbg(TRACE, "Disconnected\n"); 3883} 3884 3885void *brcmf_sdbrcm_probe(u32 regsva, struct brcmf_sdio_dev *sdiodev) 3886{ 3887 int ret; 3888 struct brcmf_sdio *bus; 3889 struct brcmf_bus_dcmd *dlst; 3890 u32 dngl_txglom; 3891 u32 dngl_txglomalign; 3892 u8 idx; 3893 3894 brcmf_dbg(TRACE, "Enter\n"); 3895 3896 /* We make an assumption about address window mappings: 3897 * regsva == SI_ENUM_BASE*/ 3898 3899 /* Allocate private bus interface state */ 3900 bus = kzalloc(sizeof(struct brcmf_sdio), GFP_ATOMIC); 3901 if (!bus) 3902 goto fail; 3903 3904 bus->sdiodev = sdiodev; 3905 sdiodev->bus = bus; 3906 skb_queue_head_init(&bus->glom); 3907 bus->txbound = BRCMF_TXBOUND; 3908 bus->rxbound = BRCMF_RXBOUND; 3909 bus->txminmax = BRCMF_TXMINMAX; 3910 bus->tx_seq = SDPCM_SEQUENCE_WRAP - 1; 3911 3912 /* attempt to attach to the dongle */ 3913 if (!(brcmf_sdbrcm_probe_attach(bus, regsva))) { 3914 brcmf_dbg(ERROR, "brcmf_sdbrcm_probe_attach failed\n"); 3915 goto fail; 3916 } 3917 3918 spin_lock_init(&bus->rxctl_lock); 3919 spin_lock_init(&bus->txqlock); 3920 init_waitqueue_head(&bus->ctrl_wait); 3921 init_waitqueue_head(&bus->dcmd_resp_wait); 3922 3923 bus->brcmf_wq = create_singlethread_workqueue("brcmf_wq"); 3924 if (bus->brcmf_wq == NULL) { 3925 brcmf_dbg(ERROR, "insufficient memory to create txworkqueue\n"); 3926 goto fail; 3927 } 3928 INIT_WORK(&bus->datawork, brcmf_sdio_dataworker); 3929 3930 /* Set up the watchdog timer */ 3931 init_timer(&bus->timer); 3932 bus->timer.data = (unsigned long)bus; 3933 bus->timer.function = brcmf_sdbrcm_watchdog; 3934 3935 /* Initialize watchdog thread */ 3936 init_completion(&bus->watchdog_wait); 3937 bus->watchdog_tsk = kthread_run(brcmf_sdbrcm_watchdog_thread, 3938 bus, "brcmf_watchdog"); 3939 if (IS_ERR(bus->watchdog_tsk)) { 3940 pr_warn("brcmf_watchdog thread failed to start\n"); 3941 bus->watchdog_tsk = NULL; 3942 } 3943 /* Initialize DPC thread */ 3944 INIT_LIST_HEAD(&bus->dpc_tsklst); 3945 spin_lock_init(&bus->dpc_tl_lock); 3946 3947 /* Assign bus interface call back */ 3948 bus->sdiodev->bus_if->brcmf_bus_stop = brcmf_sdbrcm_bus_stop; 3949 bus->sdiodev->bus_if->brcmf_bus_init = brcmf_sdbrcm_bus_init; 3950 bus->sdiodev->bus_if->brcmf_bus_txdata = brcmf_sdbrcm_bus_txdata; 3951 bus->sdiodev->bus_if->brcmf_bus_txctl = brcmf_sdbrcm_bus_txctl; 3952 bus->sdiodev->bus_if->brcmf_bus_rxctl = brcmf_sdbrcm_bus_rxctl; 3953 /* Attach to the brcmf/OS/network interface */ 3954 ret = brcmf_attach(SDPCM_RESERVE, bus->sdiodev->dev); 3955 if (ret != 0) { 3956 brcmf_dbg(ERROR, "brcmf_attach failed\n"); 3957 goto fail; 3958 } 3959 3960 /* Allocate buffers */ 3961 if (!(brcmf_sdbrcm_probe_malloc(bus))) { 3962 brcmf_dbg(ERROR, "brcmf_sdbrcm_probe_malloc failed\n"); 3963 goto fail; 3964 } 3965 3966 if (!(brcmf_sdbrcm_probe_init(bus))) { 3967 brcmf_dbg(ERROR, "brcmf_sdbrcm_probe_init failed\n"); 3968 goto fail; 3969 } 3970 3971 brcmf_sdio_debugfs_create(bus); 3972 brcmf_dbg(INFO, "completed!!\n"); 3973 3974 /* sdio bus core specific dcmd */ 3975 idx = brcmf_sdio_chip_getinfidx(bus->ci, BCMA_CORE_SDIO_DEV); 3976 dlst = kzalloc(sizeof(struct brcmf_bus_dcmd), GFP_KERNEL); 3977 if (dlst) { 3978 if (bus->ci->c_inf[idx].rev < 12) { 3979 /* for sdio core rev < 12, disable txgloming */ 3980 dngl_txglom = 0; 3981 dlst->name = "bus:txglom"; 3982 dlst->param = (char *)&dngl_txglom; 3983 dlst->param_len = sizeof(u32); 3984 } else { 3985 /* otherwise, set txglomalign */ 3986 dngl_txglomalign = bus->sdiodev->bus_if->align; 3987 dlst->name = "bus:txglomalign"; 3988 dlst->param = (char *)&dngl_txglomalign; 3989 dlst->param_len = sizeof(u32); 3990 } 3991 list_add(&dlst->list, &bus->sdiodev->bus_if->dcmd_list); 3992 } 3993 3994 /* if firmware path present try to download and bring up bus */ 3995 ret = brcmf_bus_start(bus->sdiodev->dev); 3996 if (ret != 0) { 3997 brcmf_dbg(ERROR, "dongle is not responding\n"); 3998 goto fail; 3999 } 4000 4001 return bus; 4002 4003fail: 4004 brcmf_sdbrcm_release(bus); 4005 return NULL; 4006} 4007 4008void brcmf_sdbrcm_disconnect(void *ptr) 4009{ 4010 struct brcmf_sdio *bus = (struct brcmf_sdio *)ptr; 4011 4012 brcmf_dbg(TRACE, "Enter\n"); 4013 4014 if (bus) 4015 brcmf_sdbrcm_release(bus); 4016 4017 brcmf_dbg(TRACE, "Disconnected\n"); 4018} 4019 4020void 4021brcmf_sdbrcm_wd_timer(struct brcmf_sdio *bus, uint wdtick) 4022{ 4023 /* Totally stop the timer */ 4024 if (!wdtick && bus->wd_timer_valid) { 4025 del_timer_sync(&bus->timer); 4026 bus->wd_timer_valid = false; 4027 bus->save_ms = wdtick; 4028 return; 4029 } 4030 4031 /* don't start the wd until fw is loaded */ 4032 if (bus->sdiodev->bus_if->state == BRCMF_BUS_DOWN) 4033 return; 4034 4035 if (wdtick) { 4036 if (bus->save_ms != BRCMF_WD_POLL_MS) { 4037 if (bus->wd_timer_valid) 4038 /* Stop timer and restart at new value */ 4039 del_timer_sync(&bus->timer); 4040 4041 /* Create timer again when watchdog period is 4042 dynamically changed or in the first instance 4043 */ 4044 bus->timer.expires = 4045 jiffies + BRCMF_WD_POLL_MS * HZ / 1000; 4046 add_timer(&bus->timer); 4047 4048 } else { 4049 /* Re arm the timer, at last watchdog period */ 4050 mod_timer(&bus->timer, 4051 jiffies + BRCMF_WD_POLL_MS * HZ / 1000); 4052 } 4053 4054 bus->wd_timer_valid = true; 4055 bus->save_ms = wdtick; 4056 } 4057} 4058