dhd_sdio.c revision 228bb43d5d82549c43eee29e12d7632d4df4e4df
1/* 2 * Copyright (c) 2010 Broadcom Corporation 3 * 4 * Permission to use, copy, modify, and/or distribute this software for any 5 * purpose with or without fee is hereby granted, provided that the above 6 * copyright notice and this permission notice appear in all copies. 7 * 8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 11 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION 13 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN 14 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 */ 16 17#include <linux/types.h> 18#include <linux/kernel.h> 19#include <linux/kthread.h> 20#include <linux/printk.h> 21#include <linux/pci_ids.h> 22#include <linux/netdevice.h> 23#include <linux/interrupt.h> 24#include <linux/sched.h> 25#include <linux/mmc/sdio.h> 26#include <linux/mmc/sdio_func.h> 27#include <linux/mmc/card.h> 28#include <linux/semaphore.h> 29#include <linux/firmware.h> 30#include <linux/module.h> 31#include <linux/bcma/bcma.h> 32#include <asm/unaligned.h> 33#include <defs.h> 34#include <brcmu_wifi.h> 35#include <brcmu_utils.h> 36#include <brcm_hw_ids.h> 37#include <soc.h> 38#include "sdio_host.h" 39#include "sdio_chip.h" 40 41#define DCMD_RESP_TIMEOUT 2000 /* In milli second */ 42 43#ifdef BCMDBG 44 45#define BRCMF_TRAP_INFO_SIZE 80 46 47#define CBUF_LEN (128) 48 49struct rte_log_le { 50 __le32 buf; /* Can't be pointer on (64-bit) hosts */ 51 __le32 buf_size; 52 __le32 idx; 53 char *_buf_compat; /* Redundant pointer for backward compat. */ 54}; 55 56struct rte_console { 57 /* Virtual UART 58 * When there is no UART (e.g. Quickturn), 59 * the host should write a complete 60 * input line directly into cbuf and then write 61 * the length into vcons_in. 62 * This may also be used when there is a real UART 63 * (at risk of conflicting with 64 * the real UART). vcons_out is currently unused. 65 */ 66 uint vcons_in; 67 uint vcons_out; 68 69 /* Output (logging) buffer 70 * Console output is written to a ring buffer log_buf at index log_idx. 71 * The host may read the output when it sees log_idx advance. 72 * Output will be lost if the output wraps around faster than the host 73 * polls. 74 */ 75 struct rte_log_le log_le; 76 77 /* Console input line buffer 78 * Characters are read one at a time into cbuf 79 * until <CR> is received, then 80 * the buffer is processed as a command line. 81 * Also used for virtual UART. 82 */ 83 uint cbuf_idx; 84 char cbuf[CBUF_LEN]; 85}; 86 87#endif /* BCMDBG */ 88#include <chipcommon.h> 89 90#include "dhd.h" 91#include "dhd_bus.h" 92#include "dhd_proto.h" 93#include "dhd_dbg.h" 94 95#define TXQLEN 2048 /* bulk tx queue length */ 96#define TXHI (TXQLEN - 256) /* turn on flow control above TXHI */ 97#define TXLOW (TXHI - 256) /* turn off flow control below TXLOW */ 98#define PRIOMASK 7 99 100#define TXRETRIES 2 /* # of retries for tx frames */ 101 102#define BRCMF_RXBOUND 50 /* Default for max rx frames in 103 one scheduling */ 104 105#define BRCMF_TXBOUND 20 /* Default for max tx frames in 106 one scheduling */ 107 108#define BRCMF_TXMINMAX 1 /* Max tx frames if rx still pending */ 109 110#define MEMBLOCK 2048 /* Block size used for downloading 111 of dongle image */ 112#define MAX_DATA_BUF (32 * 1024) /* Must be large enough to hold 113 biggest possible glom */ 114 115#define BRCMF_FIRSTREAD (1 << 6) 116 117 118/* SBSDIO_DEVICE_CTL */ 119 120/* 1: device will assert busy signal when receiving CMD53 */ 121#define SBSDIO_DEVCTL_SETBUSY 0x01 122/* 1: assertion of sdio interrupt is synchronous to the sdio clock */ 123#define SBSDIO_DEVCTL_SPI_INTR_SYNC 0x02 124/* 1: mask all interrupts to host except the chipActive (rev 8) */ 125#define SBSDIO_DEVCTL_CA_INT_ONLY 0x04 126/* 1: isolate internal sdio signals, put external pads in tri-state; requires 127 * sdio bus power cycle to clear (rev 9) */ 128#define SBSDIO_DEVCTL_PADS_ISO 0x08 129/* Force SD->SB reset mapping (rev 11) */ 130#define SBSDIO_DEVCTL_SB_RST_CTL 0x30 131/* Determined by CoreControl bit */ 132#define SBSDIO_DEVCTL_RST_CORECTL 0x00 133/* Force backplane reset */ 134#define SBSDIO_DEVCTL_RST_BPRESET 0x10 135/* Force no backplane reset */ 136#define SBSDIO_DEVCTL_RST_NOBPRESET 0x20 137 138/* direct(mapped) cis space */ 139 140/* MAPPED common CIS address */ 141#define SBSDIO_CIS_BASE_COMMON 0x1000 142/* maximum bytes in one CIS */ 143#define SBSDIO_CIS_SIZE_LIMIT 0x200 144/* cis offset addr is < 17 bits */ 145#define SBSDIO_CIS_OFT_ADDR_MASK 0x1FFFF 146 147/* manfid tuple length, include tuple, link bytes */ 148#define SBSDIO_CIS_MANFID_TUPLE_LEN 6 149 150/* intstatus */ 151#define I_SMB_SW0 (1 << 0) /* To SB Mail S/W interrupt 0 */ 152#define I_SMB_SW1 (1 << 1) /* To SB Mail S/W interrupt 1 */ 153#define I_SMB_SW2 (1 << 2) /* To SB Mail S/W interrupt 2 */ 154#define I_SMB_SW3 (1 << 3) /* To SB Mail S/W interrupt 3 */ 155#define I_SMB_SW_MASK 0x0000000f /* To SB Mail S/W interrupts mask */ 156#define I_SMB_SW_SHIFT 0 /* To SB Mail S/W interrupts shift */ 157#define I_HMB_SW0 (1 << 4) /* To Host Mail S/W interrupt 0 */ 158#define I_HMB_SW1 (1 << 5) /* To Host Mail S/W interrupt 1 */ 159#define I_HMB_SW2 (1 << 6) /* To Host Mail S/W interrupt 2 */ 160#define I_HMB_SW3 (1 << 7) /* To Host Mail S/W interrupt 3 */ 161#define I_HMB_SW_MASK 0x000000f0 /* To Host Mail S/W interrupts mask */ 162#define I_HMB_SW_SHIFT 4 /* To Host Mail S/W interrupts shift */ 163#define I_WR_OOSYNC (1 << 8) /* Write Frame Out Of Sync */ 164#define I_RD_OOSYNC (1 << 9) /* Read Frame Out Of Sync */ 165#define I_PC (1 << 10) /* descriptor error */ 166#define I_PD (1 << 11) /* data error */ 167#define I_DE (1 << 12) /* Descriptor protocol Error */ 168#define I_RU (1 << 13) /* Receive descriptor Underflow */ 169#define I_RO (1 << 14) /* Receive fifo Overflow */ 170#define I_XU (1 << 15) /* Transmit fifo Underflow */ 171#define I_RI (1 << 16) /* Receive Interrupt */ 172#define I_BUSPWR (1 << 17) /* SDIO Bus Power Change (rev 9) */ 173#define I_XMTDATA_AVAIL (1 << 23) /* bits in fifo */ 174#define I_XI (1 << 24) /* Transmit Interrupt */ 175#define I_RF_TERM (1 << 25) /* Read Frame Terminate */ 176#define I_WF_TERM (1 << 26) /* Write Frame Terminate */ 177#define I_PCMCIA_XU (1 << 27) /* PCMCIA Transmit FIFO Underflow */ 178#define I_SBINT (1 << 28) /* sbintstatus Interrupt */ 179#define I_CHIPACTIVE (1 << 29) /* chip from doze to active state */ 180#define I_SRESET (1 << 30) /* CCCR RES interrupt */ 181#define I_IOE2 (1U << 31) /* CCCR IOE2 Bit Changed */ 182#define I_ERRORS (I_PC | I_PD | I_DE | I_RU | I_RO | I_XU) 183#define I_DMA (I_RI | I_XI | I_ERRORS) 184 185/* corecontrol */ 186#define CC_CISRDY (1 << 0) /* CIS Ready */ 187#define CC_BPRESEN (1 << 1) /* CCCR RES signal */ 188#define CC_F2RDY (1 << 2) /* set CCCR IOR2 bit */ 189#define CC_CLRPADSISO (1 << 3) /* clear SDIO pads isolation */ 190#define CC_XMTDATAAVAIL_MODE (1 << 4) 191#define CC_XMTDATAAVAIL_CTRL (1 << 5) 192 193/* SDA_FRAMECTRL */ 194#define SFC_RF_TERM (1 << 0) /* Read Frame Terminate */ 195#define SFC_WF_TERM (1 << 1) /* Write Frame Terminate */ 196#define SFC_CRC4WOOS (1 << 2) /* CRC error for write out of sync */ 197#define SFC_ABORTALL (1 << 3) /* Abort all in-progress frames */ 198 199/* HW frame tag */ 200#define SDPCM_FRAMETAG_LEN 4 /* 2 bytes len, 2 bytes check val */ 201 202/* Total length of frame header for dongle protocol */ 203#define SDPCM_HDRLEN (SDPCM_FRAMETAG_LEN + SDPCM_SWHEADER_LEN) 204#define SDPCM_RESERVE (SDPCM_HDRLEN + BRCMF_SDALIGN) 205 206/* 207 * Software allocation of To SB Mailbox resources 208 */ 209 210/* tosbmailbox bits corresponding to intstatus bits */ 211#define SMB_NAK (1 << 0) /* Frame NAK */ 212#define SMB_INT_ACK (1 << 1) /* Host Interrupt ACK */ 213#define SMB_USE_OOB (1 << 2) /* Use OOB Wakeup */ 214#define SMB_DEV_INT (1 << 3) /* Miscellaneous Interrupt */ 215 216/* tosbmailboxdata */ 217#define SMB_DATA_VERSION_SHIFT 16 /* host protocol version */ 218 219/* 220 * Software allocation of To Host Mailbox resources 221 */ 222 223/* intstatus bits */ 224#define I_HMB_FC_STATE I_HMB_SW0 /* Flow Control State */ 225#define I_HMB_FC_CHANGE I_HMB_SW1 /* Flow Control State Changed */ 226#define I_HMB_FRAME_IND I_HMB_SW2 /* Frame Indication */ 227#define I_HMB_HOST_INT I_HMB_SW3 /* Miscellaneous Interrupt */ 228 229/* tohostmailboxdata */ 230#define HMB_DATA_NAKHANDLED 1 /* retransmit NAK'd frame */ 231#define HMB_DATA_DEVREADY 2 /* talk to host after enable */ 232#define HMB_DATA_FC 4 /* per prio flowcontrol update flag */ 233#define HMB_DATA_FWREADY 8 /* fw ready for protocol activity */ 234 235#define HMB_DATA_FCDATA_MASK 0xff000000 236#define HMB_DATA_FCDATA_SHIFT 24 237 238#define HMB_DATA_VERSION_MASK 0x00ff0000 239#define HMB_DATA_VERSION_SHIFT 16 240 241/* 242 * Software-defined protocol header 243 */ 244 245/* Current protocol version */ 246#define SDPCM_PROT_VERSION 4 247 248/* SW frame header */ 249#define SDPCM_PACKET_SEQUENCE(p) (((u8 *)p)[0] & 0xff) 250 251#define SDPCM_CHANNEL_MASK 0x00000f00 252#define SDPCM_CHANNEL_SHIFT 8 253#define SDPCM_PACKET_CHANNEL(p) (((u8 *)p)[1] & 0x0f) 254 255#define SDPCM_NEXTLEN_OFFSET 2 256 257/* Data Offset from SOF (HW Tag, SW Tag, Pad) */ 258#define SDPCM_DOFFSET_OFFSET 3 /* Data Offset */ 259#define SDPCM_DOFFSET_VALUE(p) (((u8 *)p)[SDPCM_DOFFSET_OFFSET] & 0xff) 260#define SDPCM_DOFFSET_MASK 0xff000000 261#define SDPCM_DOFFSET_SHIFT 24 262#define SDPCM_FCMASK_OFFSET 4 /* Flow control */ 263#define SDPCM_FCMASK_VALUE(p) (((u8 *)p)[SDPCM_FCMASK_OFFSET] & 0xff) 264#define SDPCM_WINDOW_OFFSET 5 /* Credit based fc */ 265#define SDPCM_WINDOW_VALUE(p) (((u8 *)p)[SDPCM_WINDOW_OFFSET] & 0xff) 266 267#define SDPCM_SWHEADER_LEN 8 /* SW header is 64 bits */ 268 269/* logical channel numbers */ 270#define SDPCM_CONTROL_CHANNEL 0 /* Control channel Id */ 271#define SDPCM_EVENT_CHANNEL 1 /* Asyc Event Indication Channel Id */ 272#define SDPCM_DATA_CHANNEL 2 /* Data Xmit/Recv Channel Id */ 273#define SDPCM_GLOM_CHANNEL 3 /* For coalesced packets */ 274#define SDPCM_TEST_CHANNEL 15 /* Reserved for test/debug packets */ 275 276#define SDPCM_SEQUENCE_WRAP 256 /* wrap-around val for 8bit frame seq */ 277 278#define SDPCM_GLOMDESC(p) (((u8 *)p)[1] & 0x80) 279 280/* 281 * Shared structure between dongle and the host. 282 * The structure contains pointers to trap or assert information. 283 */ 284#define SDPCM_SHARED_VERSION 0x0002 285#define SDPCM_SHARED_VERSION_MASK 0x00FF 286#define SDPCM_SHARED_ASSERT_BUILT 0x0100 287#define SDPCM_SHARED_ASSERT 0x0200 288#define SDPCM_SHARED_TRAP 0x0400 289 290/* Space for header read, limit for data packets */ 291#define MAX_HDR_READ (1 << 6) 292#define MAX_RX_DATASZ 2048 293 294/* Maximum milliseconds to wait for F2 to come up */ 295#define BRCMF_WAIT_F2RDY 3000 296 297/* Bump up limit on waiting for HT to account for first startup; 298 * if the image is doing a CRC calculation before programming the PMU 299 * for HT availability, it could take a couple hundred ms more, so 300 * max out at a 1 second (1000000us). 301 */ 302#undef PMU_MAX_TRANSITION_DLY 303#define PMU_MAX_TRANSITION_DLY 1000000 304 305/* Value for ChipClockCSR during initial setup */ 306#define BRCMF_INIT_CLKCTL1 (SBSDIO_FORCE_HW_CLKREQ_OFF | \ 307 SBSDIO_ALP_AVAIL_REQ) 308 309/* Flags for SDH calls */ 310#define F2SYNC (SDIO_REQ_4BYTE | SDIO_REQ_FIXED) 311 312#define BRCMFMAC_FW_NAME "brcm/brcmfmac.bin" 313#define BRCMFMAC_NV_NAME "brcm/brcmfmac.txt" 314MODULE_FIRMWARE(BRCMFMAC_FW_NAME); 315MODULE_FIRMWARE(BRCMFMAC_NV_NAME); 316 317/* 318 * Conversion of 802.1D priority to precedence level 319 */ 320static uint prio2prec(u32 prio) 321{ 322 return (prio == PRIO_8021D_NONE || prio == PRIO_8021D_BE) ? 323 (prio^2) : prio; 324} 325 326/* core registers */ 327struct sdpcmd_regs { 328 u32 corecontrol; /* 0x00, rev8 */ 329 u32 corestatus; /* rev8 */ 330 u32 PAD[1]; 331 u32 biststatus; /* rev8 */ 332 333 /* PCMCIA access */ 334 u16 pcmciamesportaladdr; /* 0x010, rev8 */ 335 u16 PAD[1]; 336 u16 pcmciamesportalmask; /* rev8 */ 337 u16 PAD[1]; 338 u16 pcmciawrframebc; /* rev8 */ 339 u16 PAD[1]; 340 u16 pcmciaunderflowtimer; /* rev8 */ 341 u16 PAD[1]; 342 343 /* interrupt */ 344 u32 intstatus; /* 0x020, rev8 */ 345 u32 hostintmask; /* rev8 */ 346 u32 intmask; /* rev8 */ 347 u32 sbintstatus; /* rev8 */ 348 u32 sbintmask; /* rev8 */ 349 u32 funcintmask; /* rev4 */ 350 u32 PAD[2]; 351 u32 tosbmailbox; /* 0x040, rev8 */ 352 u32 tohostmailbox; /* rev8 */ 353 u32 tosbmailboxdata; /* rev8 */ 354 u32 tohostmailboxdata; /* rev8 */ 355 356 /* synchronized access to registers in SDIO clock domain */ 357 u32 sdioaccess; /* 0x050, rev8 */ 358 u32 PAD[3]; 359 360 /* PCMCIA frame control */ 361 u8 pcmciaframectrl; /* 0x060, rev8 */ 362 u8 PAD[3]; 363 u8 pcmciawatermark; /* rev8 */ 364 u8 PAD[155]; 365 366 /* interrupt batching control */ 367 u32 intrcvlazy; /* 0x100, rev8 */ 368 u32 PAD[3]; 369 370 /* counters */ 371 u32 cmd52rd; /* 0x110, rev8 */ 372 u32 cmd52wr; /* rev8 */ 373 u32 cmd53rd; /* rev8 */ 374 u32 cmd53wr; /* rev8 */ 375 u32 abort; /* rev8 */ 376 u32 datacrcerror; /* rev8 */ 377 u32 rdoutofsync; /* rev8 */ 378 u32 wroutofsync; /* rev8 */ 379 u32 writebusy; /* rev8 */ 380 u32 readwait; /* rev8 */ 381 u32 readterm; /* rev8 */ 382 u32 writeterm; /* rev8 */ 383 u32 PAD[40]; 384 u32 clockctlstatus; /* rev8 */ 385 u32 PAD[7]; 386 387 u32 PAD[128]; /* DMA engines */ 388 389 /* SDIO/PCMCIA CIS region */ 390 char cis[512]; /* 0x400-0x5ff, rev6 */ 391 392 /* PCMCIA function control registers */ 393 char pcmciafcr[256]; /* 0x600-6ff, rev6 */ 394 u16 PAD[55]; 395 396 /* PCMCIA backplane access */ 397 u16 backplanecsr; /* 0x76E, rev6 */ 398 u16 backplaneaddr0; /* rev6 */ 399 u16 backplaneaddr1; /* rev6 */ 400 u16 backplaneaddr2; /* rev6 */ 401 u16 backplaneaddr3; /* rev6 */ 402 u16 backplanedata0; /* rev6 */ 403 u16 backplanedata1; /* rev6 */ 404 u16 backplanedata2; /* rev6 */ 405 u16 backplanedata3; /* rev6 */ 406 u16 PAD[31]; 407 408 /* sprom "size" & "blank" info */ 409 u16 spromstatus; /* 0x7BE, rev2 */ 410 u32 PAD[464]; 411 412 u16 PAD[0x80]; 413}; 414 415#ifdef BCMDBG 416/* Device console log buffer state */ 417struct brcmf_console { 418 uint count; /* Poll interval msec counter */ 419 uint log_addr; /* Log struct address (fixed) */ 420 struct rte_log_le log_le; /* Log struct (host copy) */ 421 uint bufsize; /* Size of log buffer */ 422 u8 *buf; /* Log buffer (host copy) */ 423 uint last; /* Last buffer read index */ 424}; 425#endif /* BCMDBG */ 426 427struct sdpcm_shared { 428 u32 flags; 429 u32 trap_addr; 430 u32 assert_exp_addr; 431 u32 assert_file_addr; 432 u32 assert_line; 433 u32 console_addr; /* Address of struct rte_console */ 434 u32 msgtrace_addr; 435 u8 tag[32]; 436}; 437 438struct sdpcm_shared_le { 439 __le32 flags; 440 __le32 trap_addr; 441 __le32 assert_exp_addr; 442 __le32 assert_file_addr; 443 __le32 assert_line; 444 __le32 console_addr; /* Address of struct rte_console */ 445 __le32 msgtrace_addr; 446 u8 tag[32]; 447}; 448 449 450/* misc chip info needed by some of the routines */ 451/* Private data for SDIO bus interaction */ 452struct brcmf_sdio { 453 struct brcmf_pub *drvr; 454 455 struct brcmf_sdio_dev *sdiodev; /* sdio device handler */ 456 struct chip_info *ci; /* Chip info struct */ 457 char *vars; /* Variables (from CIS and/or other) */ 458 uint varsz; /* Size of variables buffer */ 459 460 u32 ramsize; /* Size of RAM in SOCRAM (bytes) */ 461 462 u32 hostintmask; /* Copy of Host Interrupt Mask */ 463 u32 intstatus; /* Intstatus bits (events) pending */ 464 bool dpc_sched; /* Indicates DPC schedule (intrpt rcvd) */ 465 bool fcstate; /* State of dongle flow-control */ 466 467 uint blocksize; /* Block size of SDIO transfers */ 468 uint roundup; /* Max roundup limit */ 469 470 struct pktq txq; /* Queue length used for flow-control */ 471 u8 flowcontrol; /* per prio flow control bitmask */ 472 u8 tx_seq; /* Transmit sequence number (next) */ 473 u8 tx_max; /* Maximum transmit sequence allowed */ 474 475 u8 hdrbuf[MAX_HDR_READ + BRCMF_SDALIGN]; 476 u8 *rxhdr; /* Header of current rx frame (in hdrbuf) */ 477 u16 nextlen; /* Next Read Len from last header */ 478 u8 rx_seq; /* Receive sequence number (expected) */ 479 bool rxskip; /* Skip receive (awaiting NAK ACK) */ 480 481 uint rxbound; /* Rx frames to read before resched */ 482 uint txbound; /* Tx frames to send before resched */ 483 uint txminmax; 484 485 struct sk_buff *glomd; /* Packet containing glomming descriptor */ 486 struct sk_buff_head glom; /* Packet list for glommed superframe */ 487 uint glomerr; /* Glom packet read errors */ 488 489 u8 *rxbuf; /* Buffer for receiving control packets */ 490 uint rxblen; /* Allocated length of rxbuf */ 491 u8 *rxctl; /* Aligned pointer into rxbuf */ 492 u8 *databuf; /* Buffer for receiving big glom packet */ 493 u8 *dataptr; /* Aligned pointer into databuf */ 494 uint rxlen; /* Length of valid data in buffer */ 495 496 u8 sdpcm_ver; /* Bus protocol reported by dongle */ 497 498 bool intr; /* Use interrupts */ 499 bool poll; /* Use polling */ 500 bool ipend; /* Device interrupt is pending */ 501 uint intrcount; /* Count of device interrupt callbacks */ 502 uint lastintrs; /* Count as of last watchdog timer */ 503 uint spurious; /* Count of spurious interrupts */ 504 uint pollrate; /* Ticks between device polls */ 505 uint polltick; /* Tick counter */ 506 uint pollcnt; /* Count of active polls */ 507 508#ifdef BCMDBG 509 uint console_interval; 510 struct brcmf_console console; /* Console output polling support */ 511 uint console_addr; /* Console address from shared struct */ 512#endif /* BCMDBG */ 513 514 uint regfails; /* Count of R_REG failures */ 515 516 uint clkstate; /* State of sd and backplane clock(s) */ 517 bool activity; /* Activity flag for clock down */ 518 s32 idletime; /* Control for activity timeout */ 519 s32 idlecount; /* Activity timeout counter */ 520 s32 idleclock; /* How to set bus driver when idle */ 521 s32 sd_rxchain; 522 bool use_rxchain; /* If brcmf should use PKT chains */ 523 bool sleeping; /* Is SDIO bus sleeping? */ 524 bool rxflow_mode; /* Rx flow control mode */ 525 bool rxflow; /* Is rx flow control on */ 526 bool alp_only; /* Don't use HT clock (ALP only) */ 527/* Field to decide if rx of control frames happen in rxbuf or lb-pool */ 528 bool usebufpool; 529 530 /* Some additional counters */ 531 uint tx_sderrs; /* Count of tx attempts with sd errors */ 532 uint fcqueued; /* Tx packets that got queued */ 533 uint rxrtx; /* Count of rtx requests (NAK to dongle) */ 534 uint rx_toolong; /* Receive frames too long to receive */ 535 uint rxc_errors; /* SDIO errors when reading control frames */ 536 uint rx_hdrfail; /* SDIO errors on header reads */ 537 uint rx_badhdr; /* Bad received headers (roosync?) */ 538 uint rx_badseq; /* Mismatched rx sequence number */ 539 uint fc_rcvd; /* Number of flow-control events received */ 540 uint fc_xoff; /* Number which turned on flow-control */ 541 uint fc_xon; /* Number which turned off flow-control */ 542 uint rxglomfail; /* Failed deglom attempts */ 543 uint rxglomframes; /* Number of glom frames (superframes) */ 544 uint rxglompkts; /* Number of packets from glom frames */ 545 uint f2rxhdrs; /* Number of header reads */ 546 uint f2rxdata; /* Number of frame data reads */ 547 uint f2txdata; /* Number of f2 frame writes */ 548 uint f1regdata; /* Number of f1 register accesses */ 549 550 u8 *ctrl_frame_buf; 551 u32 ctrl_frame_len; 552 bool ctrl_frame_stat; 553 554 spinlock_t txqlock; 555 wait_queue_head_t ctrl_wait; 556 wait_queue_head_t dcmd_resp_wait; 557 558 struct timer_list timer; 559 struct completion watchdog_wait; 560 struct task_struct *watchdog_tsk; 561 bool wd_timer_valid; 562 uint save_ms; 563 564 struct task_struct *dpc_tsk; 565 struct completion dpc_wait; 566 567 struct semaphore sdsem; 568 569 const struct firmware *firmware; 570 u32 fw_ptr; 571}; 572 573/* clkstate */ 574#define CLK_NONE 0 575#define CLK_SDONLY 1 576#define CLK_PENDING 2 /* Not used yet */ 577#define CLK_AVAIL 3 578 579#ifdef BCMDBG 580static int qcount[NUMPRIO]; 581static int tx_packets[NUMPRIO]; 582#endif /* BCMDBG */ 583 584#define SDIO_DRIVE_STRENGTH 6 /* in milliamps */ 585 586#define RETRYCHAN(chan) ((chan) == SDPCM_EVENT_CHANNEL) 587 588/* Retry count for register access failures */ 589static const uint retry_limit = 2; 590 591/* Limit on rounding up frames */ 592static const uint max_roundup = 512; 593 594#define ALIGNMENT 4 595 596static void pkt_align(struct sk_buff *p, int len, int align) 597{ 598 uint datalign; 599 datalign = (unsigned long)(p->data); 600 datalign = roundup(datalign, (align)) - datalign; 601 if (datalign) 602 skb_pull(p, datalign); 603 __skb_trim(p, len); 604} 605 606/* To check if there's window offered */ 607static bool data_ok(struct brcmf_sdio *bus) 608{ 609 return (u8)(bus->tx_max - bus->tx_seq) != 0 && 610 ((u8)(bus->tx_max - bus->tx_seq) & 0x80) == 0; 611} 612 613/* 614 * Reads a register in the SDIO hardware block. This block occupies a series of 615 * adresses on the 32 bit backplane bus. 616 */ 617static void 618r_sdreg32(struct brcmf_sdio *bus, u32 *regvar, u32 reg_offset, u32 *retryvar) 619{ 620 u8 idx = brcmf_sdio_chip_getinfidx(bus->ci, BCMA_CORE_SDIO_DEV); 621 *retryvar = 0; 622 do { 623 *regvar = brcmf_sdcard_reg_read(bus->sdiodev, 624 bus->ci->c_inf[idx].base + reg_offset, 625 sizeof(u32)); 626 } while (brcmf_sdcard_regfail(bus->sdiodev) && 627 (++(*retryvar) <= retry_limit)); 628 if (*retryvar) { 629 bus->regfails += (*retryvar-1); 630 if (*retryvar > retry_limit) { 631 brcmf_dbg(ERROR, "FAILED READ %Xh\n", reg_offset); 632 *regvar = 0; 633 } 634 } 635} 636 637static void 638w_sdreg32(struct brcmf_sdio *bus, u32 regval, u32 reg_offset, u32 *retryvar) 639{ 640 u8 idx = brcmf_sdio_chip_getinfidx(bus->ci, BCMA_CORE_SDIO_DEV); 641 *retryvar = 0; 642 do { 643 brcmf_sdcard_reg_write(bus->sdiodev, 644 bus->ci->c_inf[idx].base + reg_offset, 645 sizeof(u32), regval); 646 } while (brcmf_sdcard_regfail(bus->sdiodev) && 647 (++(*retryvar) <= retry_limit)); 648 if (*retryvar) { 649 bus->regfails += (*retryvar-1); 650 if (*retryvar > retry_limit) 651 brcmf_dbg(ERROR, "FAILED REGISTER WRITE %Xh\n", 652 reg_offset); 653 } 654} 655 656#define PKT_AVAILABLE() (intstatus & I_HMB_FRAME_IND) 657 658#define HOSTINTMASK (I_HMB_SW_MASK | I_CHIPACTIVE) 659 660/* Packet free applicable unconditionally for sdio and sdspi. 661 * Conditional if bufpool was present for gspi bus. 662 */ 663static void brcmf_sdbrcm_pktfree2(struct brcmf_sdio *bus, struct sk_buff *pkt) 664{ 665 if (bus->usebufpool) 666 brcmu_pkt_buf_free_skb(pkt); 667} 668 669/* Turn backplane clock on or off */ 670static int brcmf_sdbrcm_htclk(struct brcmf_sdio *bus, bool on, bool pendok) 671{ 672 int err; 673 u8 clkctl, clkreq, devctl; 674 unsigned long timeout; 675 676 brcmf_dbg(TRACE, "Enter\n"); 677 678 clkctl = 0; 679 680 if (on) { 681 /* Request HT Avail */ 682 clkreq = 683 bus->alp_only ? SBSDIO_ALP_AVAIL_REQ : SBSDIO_HT_AVAIL_REQ; 684 685 brcmf_sdcard_cfg_write(bus->sdiodev, SDIO_FUNC_1, 686 SBSDIO_FUNC1_CHIPCLKCSR, clkreq, &err); 687 if (err) { 688 brcmf_dbg(ERROR, "HT Avail request error: %d\n", err); 689 return -EBADE; 690 } 691 692 /* Check current status */ 693 clkctl = brcmf_sdcard_cfg_read(bus->sdiodev, SDIO_FUNC_1, 694 SBSDIO_FUNC1_CHIPCLKCSR, &err); 695 if (err) { 696 brcmf_dbg(ERROR, "HT Avail read error: %d\n", err); 697 return -EBADE; 698 } 699 700 /* Go to pending and await interrupt if appropriate */ 701 if (!SBSDIO_CLKAV(clkctl, bus->alp_only) && pendok) { 702 /* Allow only clock-available interrupt */ 703 devctl = brcmf_sdcard_cfg_read(bus->sdiodev, 704 SDIO_FUNC_1, 705 SBSDIO_DEVICE_CTL, &err); 706 if (err) { 707 brcmf_dbg(ERROR, "Devctl error setting CA: %d\n", 708 err); 709 return -EBADE; 710 } 711 712 devctl |= SBSDIO_DEVCTL_CA_INT_ONLY; 713 brcmf_sdcard_cfg_write(bus->sdiodev, SDIO_FUNC_1, 714 SBSDIO_DEVICE_CTL, devctl, &err); 715 brcmf_dbg(INFO, "CLKCTL: set PENDING\n"); 716 bus->clkstate = CLK_PENDING; 717 718 return 0; 719 } else if (bus->clkstate == CLK_PENDING) { 720 /* Cancel CA-only interrupt filter */ 721 devctl = 722 brcmf_sdcard_cfg_read(bus->sdiodev, SDIO_FUNC_1, 723 SBSDIO_DEVICE_CTL, &err); 724 devctl &= ~SBSDIO_DEVCTL_CA_INT_ONLY; 725 brcmf_sdcard_cfg_write(bus->sdiodev, SDIO_FUNC_1, 726 SBSDIO_DEVICE_CTL, devctl, &err); 727 } 728 729 /* Otherwise, wait here (polling) for HT Avail */ 730 timeout = jiffies + 731 msecs_to_jiffies(PMU_MAX_TRANSITION_DLY/1000); 732 while (!SBSDIO_CLKAV(clkctl, bus->alp_only)) { 733 clkctl = brcmf_sdcard_cfg_read(bus->sdiodev, 734 SDIO_FUNC_1, 735 SBSDIO_FUNC1_CHIPCLKCSR, 736 &err); 737 if (time_after(jiffies, timeout)) 738 break; 739 else 740 usleep_range(5000, 10000); 741 } 742 if (err) { 743 brcmf_dbg(ERROR, "HT Avail request error: %d\n", err); 744 return -EBADE; 745 } 746 if (!SBSDIO_CLKAV(clkctl, bus->alp_only)) { 747 brcmf_dbg(ERROR, "HT Avail timeout (%d): clkctl 0x%02x\n", 748 PMU_MAX_TRANSITION_DLY, clkctl); 749 return -EBADE; 750 } 751 752 /* Mark clock available */ 753 bus->clkstate = CLK_AVAIL; 754 brcmf_dbg(INFO, "CLKCTL: turned ON\n"); 755 756#if defined(BCMDBG) 757 if (bus->alp_only != true) { 758 if (SBSDIO_ALPONLY(clkctl)) 759 brcmf_dbg(ERROR, "HT Clock should be on\n"); 760 } 761#endif /* defined (BCMDBG) */ 762 763 bus->activity = true; 764 } else { 765 clkreq = 0; 766 767 if (bus->clkstate == CLK_PENDING) { 768 /* Cancel CA-only interrupt filter */ 769 devctl = brcmf_sdcard_cfg_read(bus->sdiodev, 770 SDIO_FUNC_1, 771 SBSDIO_DEVICE_CTL, &err); 772 devctl &= ~SBSDIO_DEVCTL_CA_INT_ONLY; 773 brcmf_sdcard_cfg_write(bus->sdiodev, SDIO_FUNC_1, 774 SBSDIO_DEVICE_CTL, devctl, &err); 775 } 776 777 bus->clkstate = CLK_SDONLY; 778 brcmf_sdcard_cfg_write(bus->sdiodev, SDIO_FUNC_1, 779 SBSDIO_FUNC1_CHIPCLKCSR, clkreq, &err); 780 brcmf_dbg(INFO, "CLKCTL: turned OFF\n"); 781 if (err) { 782 brcmf_dbg(ERROR, "Failed access turning clock off: %d\n", 783 err); 784 return -EBADE; 785 } 786 } 787 return 0; 788} 789 790/* Change idle/active SD state */ 791static int brcmf_sdbrcm_sdclk(struct brcmf_sdio *bus, bool on) 792{ 793 brcmf_dbg(TRACE, "Enter\n"); 794 795 if (on) 796 bus->clkstate = CLK_SDONLY; 797 else 798 bus->clkstate = CLK_NONE; 799 800 return 0; 801} 802 803/* Transition SD and backplane clock readiness */ 804static int brcmf_sdbrcm_clkctl(struct brcmf_sdio *bus, uint target, bool pendok) 805{ 806#ifdef BCMDBG 807 uint oldstate = bus->clkstate; 808#endif /* BCMDBG */ 809 810 brcmf_dbg(TRACE, "Enter\n"); 811 812 /* Early exit if we're already there */ 813 if (bus->clkstate == target) { 814 if (target == CLK_AVAIL) { 815 brcmf_sdbrcm_wd_timer(bus, BRCMF_WD_POLL_MS); 816 bus->activity = true; 817 } 818 return 0; 819 } 820 821 switch (target) { 822 case CLK_AVAIL: 823 /* Make sure SD clock is available */ 824 if (bus->clkstate == CLK_NONE) 825 brcmf_sdbrcm_sdclk(bus, true); 826 /* Now request HT Avail on the backplane */ 827 brcmf_sdbrcm_htclk(bus, true, pendok); 828 brcmf_sdbrcm_wd_timer(bus, BRCMF_WD_POLL_MS); 829 bus->activity = true; 830 break; 831 832 case CLK_SDONLY: 833 /* Remove HT request, or bring up SD clock */ 834 if (bus->clkstate == CLK_NONE) 835 brcmf_sdbrcm_sdclk(bus, true); 836 else if (bus->clkstate == CLK_AVAIL) 837 brcmf_sdbrcm_htclk(bus, false, false); 838 else 839 brcmf_dbg(ERROR, "request for %d -> %d\n", 840 bus->clkstate, target); 841 brcmf_sdbrcm_wd_timer(bus, BRCMF_WD_POLL_MS); 842 break; 843 844 case CLK_NONE: 845 /* Make sure to remove HT request */ 846 if (bus->clkstate == CLK_AVAIL) 847 brcmf_sdbrcm_htclk(bus, false, false); 848 /* Now remove the SD clock */ 849 brcmf_sdbrcm_sdclk(bus, false); 850 brcmf_sdbrcm_wd_timer(bus, 0); 851 break; 852 } 853#ifdef BCMDBG 854 brcmf_dbg(INFO, "%d -> %d\n", oldstate, bus->clkstate); 855#endif /* BCMDBG */ 856 857 return 0; 858} 859 860static int brcmf_sdbrcm_bussleep(struct brcmf_sdio *bus, bool sleep) 861{ 862 uint retries = 0; 863 864 brcmf_dbg(INFO, "request %s (currently %s)\n", 865 sleep ? "SLEEP" : "WAKE", 866 bus->sleeping ? "SLEEP" : "WAKE"); 867 868 /* Done if we're already in the requested state */ 869 if (sleep == bus->sleeping) 870 return 0; 871 872 /* Going to sleep: set the alarm and turn off the lights... */ 873 if (sleep) { 874 /* Don't sleep if something is pending */ 875 if (bus->dpc_sched || bus->rxskip || pktq_len(&bus->txq)) 876 return -EBUSY; 877 878 /* Make sure the controller has the bus up */ 879 brcmf_sdbrcm_clkctl(bus, CLK_AVAIL, false); 880 881 /* Tell device to start using OOB wakeup */ 882 w_sdreg32(bus, SMB_USE_OOB, 883 offsetof(struct sdpcmd_regs, tosbmailbox), &retries); 884 if (retries > retry_limit) 885 brcmf_dbg(ERROR, "CANNOT SIGNAL CHIP, WILL NOT WAKE UP!!\n"); 886 887 /* Turn off our contribution to the HT clock request */ 888 brcmf_sdbrcm_clkctl(bus, CLK_SDONLY, false); 889 890 brcmf_sdcard_cfg_write(bus->sdiodev, SDIO_FUNC_1, 891 SBSDIO_FUNC1_CHIPCLKCSR, 892 SBSDIO_FORCE_HW_CLKREQ_OFF, NULL); 893 894 /* Isolate the bus */ 895 brcmf_sdcard_cfg_write(bus->sdiodev, SDIO_FUNC_1, 896 SBSDIO_DEVICE_CTL, 897 SBSDIO_DEVCTL_PADS_ISO, NULL); 898 899 /* Change state */ 900 bus->sleeping = true; 901 902 } else { 903 /* Waking up: bus power up is ok, set local state */ 904 905 brcmf_sdcard_cfg_write(bus->sdiodev, SDIO_FUNC_1, 906 SBSDIO_FUNC1_CHIPCLKCSR, 0, NULL); 907 908 /* Make sure the controller has the bus up */ 909 brcmf_sdbrcm_clkctl(bus, CLK_AVAIL, false); 910 911 /* Send misc interrupt to indicate OOB not needed */ 912 w_sdreg32(bus, 0, offsetof(struct sdpcmd_regs, tosbmailboxdata), 913 &retries); 914 if (retries <= retry_limit) 915 w_sdreg32(bus, SMB_DEV_INT, 916 offsetof(struct sdpcmd_regs, tosbmailbox), 917 &retries); 918 919 if (retries > retry_limit) 920 brcmf_dbg(ERROR, "CANNOT SIGNAL CHIP TO CLEAR OOB!!\n"); 921 922 /* Make sure we have SD bus access */ 923 brcmf_sdbrcm_clkctl(bus, CLK_SDONLY, false); 924 925 /* Change state */ 926 bus->sleeping = false; 927 } 928 929 return 0; 930} 931 932static void bus_wake(struct brcmf_sdio *bus) 933{ 934 if (bus->sleeping) 935 brcmf_sdbrcm_bussleep(bus, false); 936} 937 938static u32 brcmf_sdbrcm_hostmail(struct brcmf_sdio *bus) 939{ 940 u32 intstatus = 0; 941 u32 hmb_data; 942 u8 fcbits; 943 uint retries = 0; 944 945 brcmf_dbg(TRACE, "Enter\n"); 946 947 /* Read mailbox data and ack that we did so */ 948 r_sdreg32(bus, &hmb_data, 949 offsetof(struct sdpcmd_regs, tohostmailboxdata), &retries); 950 951 if (retries <= retry_limit) 952 w_sdreg32(bus, SMB_INT_ACK, 953 offsetof(struct sdpcmd_regs, tosbmailbox), &retries); 954 bus->f1regdata += 2; 955 956 /* Dongle recomposed rx frames, accept them again */ 957 if (hmb_data & HMB_DATA_NAKHANDLED) { 958 brcmf_dbg(INFO, "Dongle reports NAK handled, expect rtx of %d\n", 959 bus->rx_seq); 960 if (!bus->rxskip) 961 brcmf_dbg(ERROR, "unexpected NAKHANDLED!\n"); 962 963 bus->rxskip = false; 964 intstatus |= I_HMB_FRAME_IND; 965 } 966 967 /* 968 * DEVREADY does not occur with gSPI. 969 */ 970 if (hmb_data & (HMB_DATA_DEVREADY | HMB_DATA_FWREADY)) { 971 bus->sdpcm_ver = 972 (hmb_data & HMB_DATA_VERSION_MASK) >> 973 HMB_DATA_VERSION_SHIFT; 974 if (bus->sdpcm_ver != SDPCM_PROT_VERSION) 975 brcmf_dbg(ERROR, "Version mismatch, dongle reports %d, " 976 "expecting %d\n", 977 bus->sdpcm_ver, SDPCM_PROT_VERSION); 978 else 979 brcmf_dbg(INFO, "Dongle ready, protocol version %d\n", 980 bus->sdpcm_ver); 981 } 982 983 /* 984 * Flow Control has been moved into the RX headers and this out of band 985 * method isn't used any more. 986 * remaining backward compatible with older dongles. 987 */ 988 if (hmb_data & HMB_DATA_FC) { 989 fcbits = (hmb_data & HMB_DATA_FCDATA_MASK) >> 990 HMB_DATA_FCDATA_SHIFT; 991 992 if (fcbits & ~bus->flowcontrol) 993 bus->fc_xoff++; 994 995 if (bus->flowcontrol & ~fcbits) 996 bus->fc_xon++; 997 998 bus->fc_rcvd++; 999 bus->flowcontrol = fcbits; 1000 } 1001 1002 /* Shouldn't be any others */ 1003 if (hmb_data & ~(HMB_DATA_DEVREADY | 1004 HMB_DATA_NAKHANDLED | 1005 HMB_DATA_FC | 1006 HMB_DATA_FWREADY | 1007 HMB_DATA_FCDATA_MASK | HMB_DATA_VERSION_MASK)) 1008 brcmf_dbg(ERROR, "Unknown mailbox data content: 0x%02x\n", 1009 hmb_data); 1010 1011 return intstatus; 1012} 1013 1014static void brcmf_sdbrcm_rxfail(struct brcmf_sdio *bus, bool abort, bool rtx) 1015{ 1016 uint retries = 0; 1017 u16 lastrbc; 1018 u8 hi, lo; 1019 int err; 1020 1021 brcmf_dbg(ERROR, "%sterminate frame%s\n", 1022 abort ? "abort command, " : "", 1023 rtx ? ", send NAK" : ""); 1024 1025 if (abort) 1026 brcmf_sdcard_abort(bus->sdiodev, SDIO_FUNC_2); 1027 1028 brcmf_sdcard_cfg_write(bus->sdiodev, SDIO_FUNC_1, 1029 SBSDIO_FUNC1_FRAMECTRL, 1030 SFC_RF_TERM, &err); 1031 bus->f1regdata++; 1032 1033 /* Wait until the packet has been flushed (device/FIFO stable) */ 1034 for (lastrbc = retries = 0xffff; retries > 0; retries--) { 1035 hi = brcmf_sdcard_cfg_read(bus->sdiodev, SDIO_FUNC_1, 1036 SBSDIO_FUNC1_RFRAMEBCHI, NULL); 1037 lo = brcmf_sdcard_cfg_read(bus->sdiodev, SDIO_FUNC_1, 1038 SBSDIO_FUNC1_RFRAMEBCLO, NULL); 1039 bus->f1regdata += 2; 1040 1041 if ((hi == 0) && (lo == 0)) 1042 break; 1043 1044 if ((hi > (lastrbc >> 8)) && (lo > (lastrbc & 0x00ff))) { 1045 brcmf_dbg(ERROR, "count growing: last 0x%04x now 0x%04x\n", 1046 lastrbc, (hi << 8) + lo); 1047 } 1048 lastrbc = (hi << 8) + lo; 1049 } 1050 1051 if (!retries) 1052 brcmf_dbg(ERROR, "count never zeroed: last 0x%04x\n", lastrbc); 1053 else 1054 brcmf_dbg(INFO, "flush took %d iterations\n", 0xffff - retries); 1055 1056 if (rtx) { 1057 bus->rxrtx++; 1058 w_sdreg32(bus, SMB_NAK, 1059 offsetof(struct sdpcmd_regs, tosbmailbox), &retries); 1060 1061 bus->f1regdata++; 1062 if (retries <= retry_limit) 1063 bus->rxskip = true; 1064 } 1065 1066 /* Clear partial in any case */ 1067 bus->nextlen = 0; 1068 1069 /* If we can't reach the device, signal failure */ 1070 if (err || brcmf_sdcard_regfail(bus->sdiodev)) 1071 bus->drvr->bus_if->state = BRCMF_BUS_DOWN; 1072} 1073 1074/* copy a buffer into a pkt buffer chain */ 1075static uint brcmf_sdbrcm_glom_from_buf(struct brcmf_sdio *bus, uint len) 1076{ 1077 uint n, ret = 0; 1078 struct sk_buff *p; 1079 u8 *buf; 1080 1081 buf = bus->dataptr; 1082 1083 /* copy the data */ 1084 skb_queue_walk(&bus->glom, p) { 1085 n = min_t(uint, p->len, len); 1086 memcpy(p->data, buf, n); 1087 buf += n; 1088 len -= n; 1089 ret += n; 1090 if (!len) 1091 break; 1092 } 1093 1094 return ret; 1095} 1096 1097/* return total length of buffer chain */ 1098static uint brcmf_sdbrcm_glom_len(struct brcmf_sdio *bus) 1099{ 1100 struct sk_buff *p; 1101 uint total; 1102 1103 total = 0; 1104 skb_queue_walk(&bus->glom, p) 1105 total += p->len; 1106 return total; 1107} 1108 1109static void brcmf_sdbrcm_free_glom(struct brcmf_sdio *bus) 1110{ 1111 struct sk_buff *cur, *next; 1112 1113 skb_queue_walk_safe(&bus->glom, cur, next) { 1114 skb_unlink(cur, &bus->glom); 1115 brcmu_pkt_buf_free_skb(cur); 1116 } 1117} 1118 1119static u8 brcmf_sdbrcm_rxglom(struct brcmf_sdio *bus, u8 rxseq) 1120{ 1121 u16 dlen, totlen; 1122 u8 *dptr, num = 0; 1123 1124 u16 sublen, check; 1125 struct sk_buff *pfirst, *pnext; 1126 1127 int errcode; 1128 u8 chan, seq, doff, sfdoff; 1129 u8 txmax; 1130 1131 int ifidx = 0; 1132 bool usechain = bus->use_rxchain; 1133 1134 /* If packets, issue read(s) and send up packet chain */ 1135 /* Return sequence numbers consumed? */ 1136 1137 brcmf_dbg(TRACE, "start: glomd %p glom %p\n", 1138 bus->glomd, skb_peek(&bus->glom)); 1139 1140 /* If there's a descriptor, generate the packet chain */ 1141 if (bus->glomd) { 1142 pfirst = pnext = NULL; 1143 dlen = (u16) (bus->glomd->len); 1144 dptr = bus->glomd->data; 1145 if (!dlen || (dlen & 1)) { 1146 brcmf_dbg(ERROR, "bad glomd len(%d), ignore descriptor\n", 1147 dlen); 1148 dlen = 0; 1149 } 1150 1151 for (totlen = num = 0; dlen; num++) { 1152 /* Get (and move past) next length */ 1153 sublen = get_unaligned_le16(dptr); 1154 dlen -= sizeof(u16); 1155 dptr += sizeof(u16); 1156 if ((sublen < SDPCM_HDRLEN) || 1157 ((num == 0) && (sublen < (2 * SDPCM_HDRLEN)))) { 1158 brcmf_dbg(ERROR, "descriptor len %d bad: %d\n", 1159 num, sublen); 1160 pnext = NULL; 1161 break; 1162 } 1163 if (sublen % BRCMF_SDALIGN) { 1164 brcmf_dbg(ERROR, "sublen %d not multiple of %d\n", 1165 sublen, BRCMF_SDALIGN); 1166 usechain = false; 1167 } 1168 totlen += sublen; 1169 1170 /* For last frame, adjust read len so total 1171 is a block multiple */ 1172 if (!dlen) { 1173 sublen += 1174 (roundup(totlen, bus->blocksize) - totlen); 1175 totlen = roundup(totlen, bus->blocksize); 1176 } 1177 1178 /* Allocate/chain packet for next subframe */ 1179 pnext = brcmu_pkt_buf_get_skb(sublen + BRCMF_SDALIGN); 1180 if (pnext == NULL) { 1181 brcmf_dbg(ERROR, "bcm_pkt_buf_get_skb failed, num %d len %d\n", 1182 num, sublen); 1183 break; 1184 } 1185 skb_queue_tail(&bus->glom, pnext); 1186 1187 /* Adhere to start alignment requirements */ 1188 pkt_align(pnext, sublen, BRCMF_SDALIGN); 1189 } 1190 1191 /* If all allocations succeeded, save packet chain 1192 in bus structure */ 1193 if (pnext) { 1194 brcmf_dbg(GLOM, "allocated %d-byte packet chain for %d subframes\n", 1195 totlen, num); 1196 if (BRCMF_GLOM_ON() && bus->nextlen && 1197 totlen != bus->nextlen) { 1198 brcmf_dbg(GLOM, "glomdesc mismatch: nextlen %d glomdesc %d rxseq %d\n", 1199 bus->nextlen, totlen, rxseq); 1200 } 1201 pfirst = pnext = NULL; 1202 } else { 1203 brcmf_sdbrcm_free_glom(bus); 1204 num = 0; 1205 } 1206 1207 /* Done with descriptor packet */ 1208 brcmu_pkt_buf_free_skb(bus->glomd); 1209 bus->glomd = NULL; 1210 bus->nextlen = 0; 1211 } 1212 1213 /* Ok -- either we just generated a packet chain, 1214 or had one from before */ 1215 if (!skb_queue_empty(&bus->glom)) { 1216 if (BRCMF_GLOM_ON()) { 1217 brcmf_dbg(GLOM, "try superframe read, packet chain:\n"); 1218 skb_queue_walk(&bus->glom, pnext) { 1219 brcmf_dbg(GLOM, " %p: %p len 0x%04x (%d)\n", 1220 pnext, (u8 *) (pnext->data), 1221 pnext->len, pnext->len); 1222 } 1223 } 1224 1225 pfirst = skb_peek(&bus->glom); 1226 dlen = (u16) brcmf_sdbrcm_glom_len(bus); 1227 1228 /* Do an SDIO read for the superframe. Configurable iovar to 1229 * read directly into the chained packet, or allocate a large 1230 * packet and and copy into the chain. 1231 */ 1232 if (usechain) { 1233 errcode = brcmf_sdcard_recv_chain(bus->sdiodev, 1234 bus->sdiodev->sbwad, 1235 SDIO_FUNC_2, F2SYNC, &bus->glom); 1236 } else if (bus->dataptr) { 1237 errcode = brcmf_sdcard_recv_buf(bus->sdiodev, 1238 bus->sdiodev->sbwad, 1239 SDIO_FUNC_2, F2SYNC, 1240 bus->dataptr, dlen); 1241 sublen = (u16) brcmf_sdbrcm_glom_from_buf(bus, dlen); 1242 if (sublen != dlen) { 1243 brcmf_dbg(ERROR, "FAILED TO COPY, dlen %d sublen %d\n", 1244 dlen, sublen); 1245 errcode = -1; 1246 } 1247 pnext = NULL; 1248 } else { 1249 brcmf_dbg(ERROR, "COULDN'T ALLOC %d-BYTE GLOM, FORCE FAILURE\n", 1250 dlen); 1251 errcode = -1; 1252 } 1253 bus->f2rxdata++; 1254 1255 /* On failure, kill the superframe, allow a couple retries */ 1256 if (errcode < 0) { 1257 brcmf_dbg(ERROR, "glom read of %d bytes failed: %d\n", 1258 dlen, errcode); 1259 bus->drvr->rx_errors++; 1260 1261 if (bus->glomerr++ < 3) { 1262 brcmf_sdbrcm_rxfail(bus, true, true); 1263 } else { 1264 bus->glomerr = 0; 1265 brcmf_sdbrcm_rxfail(bus, true, false); 1266 bus->rxglomfail++; 1267 brcmf_sdbrcm_free_glom(bus); 1268 } 1269 return 0; 1270 } 1271#ifdef BCMDBG 1272 if (BRCMF_GLOM_ON()) { 1273 printk(KERN_DEBUG "SUPERFRAME:\n"); 1274 print_hex_dump_bytes("", DUMP_PREFIX_OFFSET, 1275 pfirst->data, min_t(int, pfirst->len, 48)); 1276 } 1277#endif 1278 1279 /* Validate the superframe header */ 1280 dptr = (u8 *) (pfirst->data); 1281 sublen = get_unaligned_le16(dptr); 1282 check = get_unaligned_le16(dptr + sizeof(u16)); 1283 1284 chan = SDPCM_PACKET_CHANNEL(&dptr[SDPCM_FRAMETAG_LEN]); 1285 seq = SDPCM_PACKET_SEQUENCE(&dptr[SDPCM_FRAMETAG_LEN]); 1286 bus->nextlen = dptr[SDPCM_FRAMETAG_LEN + SDPCM_NEXTLEN_OFFSET]; 1287 if ((bus->nextlen << 4) > MAX_RX_DATASZ) { 1288 brcmf_dbg(INFO, "nextlen too large (%d) seq %d\n", 1289 bus->nextlen, seq); 1290 bus->nextlen = 0; 1291 } 1292 doff = SDPCM_DOFFSET_VALUE(&dptr[SDPCM_FRAMETAG_LEN]); 1293 txmax = SDPCM_WINDOW_VALUE(&dptr[SDPCM_FRAMETAG_LEN]); 1294 1295 errcode = 0; 1296 if ((u16)~(sublen ^ check)) { 1297 brcmf_dbg(ERROR, "(superframe): HW hdr error: len/check 0x%04x/0x%04x\n", 1298 sublen, check); 1299 errcode = -1; 1300 } else if (roundup(sublen, bus->blocksize) != dlen) { 1301 brcmf_dbg(ERROR, "(superframe): len 0x%04x, rounded 0x%04x, expect 0x%04x\n", 1302 sublen, roundup(sublen, bus->blocksize), 1303 dlen); 1304 errcode = -1; 1305 } else if (SDPCM_PACKET_CHANNEL(&dptr[SDPCM_FRAMETAG_LEN]) != 1306 SDPCM_GLOM_CHANNEL) { 1307 brcmf_dbg(ERROR, "(superframe): bad channel %d\n", 1308 SDPCM_PACKET_CHANNEL( 1309 &dptr[SDPCM_FRAMETAG_LEN])); 1310 errcode = -1; 1311 } else if (SDPCM_GLOMDESC(&dptr[SDPCM_FRAMETAG_LEN])) { 1312 brcmf_dbg(ERROR, "(superframe): got 2nd descriptor?\n"); 1313 errcode = -1; 1314 } else if ((doff < SDPCM_HDRLEN) || 1315 (doff > (pfirst->len - SDPCM_HDRLEN))) { 1316 brcmf_dbg(ERROR, "(superframe): Bad data offset %d: HW %d pkt %d min %d\n", 1317 doff, sublen, pfirst->len, SDPCM_HDRLEN); 1318 errcode = -1; 1319 } 1320 1321 /* Check sequence number of superframe SW header */ 1322 if (rxseq != seq) { 1323 brcmf_dbg(INFO, "(superframe) rx_seq %d, expected %d\n", 1324 seq, rxseq); 1325 bus->rx_badseq++; 1326 rxseq = seq; 1327 } 1328 1329 /* Check window for sanity */ 1330 if ((u8) (txmax - bus->tx_seq) > 0x40) { 1331 brcmf_dbg(ERROR, "unlikely tx max %d with tx_seq %d\n", 1332 txmax, bus->tx_seq); 1333 txmax = bus->tx_seq + 2; 1334 } 1335 bus->tx_max = txmax; 1336 1337 /* Remove superframe header, remember offset */ 1338 skb_pull(pfirst, doff); 1339 sfdoff = doff; 1340 num = 0; 1341 1342 /* Validate all the subframe headers */ 1343 skb_queue_walk(&bus->glom, pnext) { 1344 /* leave when invalid subframe is found */ 1345 if (errcode) 1346 break; 1347 1348 dptr = (u8 *) (pnext->data); 1349 dlen = (u16) (pnext->len); 1350 sublen = get_unaligned_le16(dptr); 1351 check = get_unaligned_le16(dptr + sizeof(u16)); 1352 chan = SDPCM_PACKET_CHANNEL(&dptr[SDPCM_FRAMETAG_LEN]); 1353 doff = SDPCM_DOFFSET_VALUE(&dptr[SDPCM_FRAMETAG_LEN]); 1354#ifdef BCMDBG 1355 if (BRCMF_GLOM_ON()) { 1356 printk(KERN_DEBUG "subframe:\n"); 1357 print_hex_dump_bytes("", DUMP_PREFIX_OFFSET, 1358 dptr, 32); 1359 } 1360#endif 1361 1362 if ((u16)~(sublen ^ check)) { 1363 brcmf_dbg(ERROR, "(subframe %d): HW hdr error: len/check 0x%04x/0x%04x\n", 1364 num, sublen, check); 1365 errcode = -1; 1366 } else if ((sublen > dlen) || (sublen < SDPCM_HDRLEN)) { 1367 brcmf_dbg(ERROR, "(subframe %d): length mismatch: len 0x%04x, expect 0x%04x\n", 1368 num, sublen, dlen); 1369 errcode = -1; 1370 } else if ((chan != SDPCM_DATA_CHANNEL) && 1371 (chan != SDPCM_EVENT_CHANNEL)) { 1372 brcmf_dbg(ERROR, "(subframe %d): bad channel %d\n", 1373 num, chan); 1374 errcode = -1; 1375 } else if ((doff < SDPCM_HDRLEN) || (doff > sublen)) { 1376 brcmf_dbg(ERROR, "(subframe %d): Bad data offset %d: HW %d min %d\n", 1377 num, doff, sublen, SDPCM_HDRLEN); 1378 errcode = -1; 1379 } 1380 /* increase the subframe count */ 1381 num++; 1382 } 1383 1384 if (errcode) { 1385 /* Terminate frame on error, request 1386 a couple retries */ 1387 if (bus->glomerr++ < 3) { 1388 /* Restore superframe header space */ 1389 skb_push(pfirst, sfdoff); 1390 brcmf_sdbrcm_rxfail(bus, true, true); 1391 } else { 1392 bus->glomerr = 0; 1393 brcmf_sdbrcm_rxfail(bus, true, false); 1394 bus->rxglomfail++; 1395 brcmf_sdbrcm_free_glom(bus); 1396 } 1397 bus->nextlen = 0; 1398 return 0; 1399 } 1400 1401 /* Basic SD framing looks ok - process each packet (header) */ 1402 1403 skb_queue_walk_safe(&bus->glom, pfirst, pnext) { 1404 dptr = (u8 *) (pfirst->data); 1405 sublen = get_unaligned_le16(dptr); 1406 chan = SDPCM_PACKET_CHANNEL(&dptr[SDPCM_FRAMETAG_LEN]); 1407 seq = SDPCM_PACKET_SEQUENCE(&dptr[SDPCM_FRAMETAG_LEN]); 1408 doff = SDPCM_DOFFSET_VALUE(&dptr[SDPCM_FRAMETAG_LEN]); 1409 1410 brcmf_dbg(GLOM, "Get subframe %d, %p(%p/%d), sublen %d chan %d seq %d\n", 1411 num, pfirst, pfirst->data, 1412 pfirst->len, sublen, chan, seq); 1413 1414 /* precondition: chan == SDPCM_DATA_CHANNEL || 1415 chan == SDPCM_EVENT_CHANNEL */ 1416 1417 if (rxseq != seq) { 1418 brcmf_dbg(GLOM, "rx_seq %d, expected %d\n", 1419 seq, rxseq); 1420 bus->rx_badseq++; 1421 rxseq = seq; 1422 } 1423 rxseq++; 1424 1425#ifdef BCMDBG 1426 if (BRCMF_BYTES_ON() && BRCMF_DATA_ON()) { 1427 printk(KERN_DEBUG "Rx Subframe Data:\n"); 1428 print_hex_dump_bytes("", DUMP_PREFIX_OFFSET, 1429 dptr, dlen); 1430 } 1431#endif 1432 1433 __skb_trim(pfirst, sublen); 1434 skb_pull(pfirst, doff); 1435 1436 if (pfirst->len == 0) { 1437 skb_unlink(pfirst, &bus->glom); 1438 brcmu_pkt_buf_free_skb(pfirst); 1439 continue; 1440 } else if (brcmf_proto_hdrpull(bus->drvr, &ifidx, 1441 pfirst) != 0) { 1442 brcmf_dbg(ERROR, "rx protocol error\n"); 1443 bus->drvr->rx_errors++; 1444 skb_unlink(pfirst, &bus->glom); 1445 brcmu_pkt_buf_free_skb(pfirst); 1446 continue; 1447 } 1448 1449#ifdef BCMDBG 1450 if (BRCMF_GLOM_ON()) { 1451 brcmf_dbg(GLOM, "subframe %d to stack, %p (%p/%d) nxt/lnk %p/%p\n", 1452 bus->glom.qlen, pfirst, pfirst->data, 1453 pfirst->len, pfirst->next, 1454 pfirst->prev); 1455 print_hex_dump_bytes("", DUMP_PREFIX_OFFSET, 1456 pfirst->data, 1457 min_t(int, pfirst->len, 32)); 1458 } 1459#endif /* BCMDBG */ 1460 } 1461 /* sent any remaining packets up */ 1462 if (bus->glom.qlen) { 1463 up(&bus->sdsem); 1464 brcmf_rx_frame(bus->sdiodev->dev, ifidx, &bus->glom); 1465 down(&bus->sdsem); 1466 } 1467 1468 bus->rxglomframes++; 1469 bus->rxglompkts += bus->glom.qlen; 1470 } 1471 return num; 1472} 1473 1474static int brcmf_sdbrcm_dcmd_resp_wait(struct brcmf_sdio *bus, uint *condition, 1475 bool *pending) 1476{ 1477 DECLARE_WAITQUEUE(wait, current); 1478 int timeout = msecs_to_jiffies(DCMD_RESP_TIMEOUT); 1479 1480 /* Wait until control frame is available */ 1481 add_wait_queue(&bus->dcmd_resp_wait, &wait); 1482 set_current_state(TASK_INTERRUPTIBLE); 1483 1484 while (!(*condition) && (!signal_pending(current) && timeout)) 1485 timeout = schedule_timeout(timeout); 1486 1487 if (signal_pending(current)) 1488 *pending = true; 1489 1490 set_current_state(TASK_RUNNING); 1491 remove_wait_queue(&bus->dcmd_resp_wait, &wait); 1492 1493 return timeout; 1494} 1495 1496static int brcmf_sdbrcm_dcmd_resp_wake(struct brcmf_sdio *bus) 1497{ 1498 if (waitqueue_active(&bus->dcmd_resp_wait)) 1499 wake_up_interruptible(&bus->dcmd_resp_wait); 1500 1501 return 0; 1502} 1503static void 1504brcmf_sdbrcm_read_control(struct brcmf_sdio *bus, u8 *hdr, uint len, uint doff) 1505{ 1506 uint rdlen, pad; 1507 1508 int sdret; 1509 1510 brcmf_dbg(TRACE, "Enter\n"); 1511 1512 /* Set rxctl for frame (w/optional alignment) */ 1513 bus->rxctl = bus->rxbuf; 1514 bus->rxctl += BRCMF_FIRSTREAD; 1515 pad = ((unsigned long)bus->rxctl % BRCMF_SDALIGN); 1516 if (pad) 1517 bus->rxctl += (BRCMF_SDALIGN - pad); 1518 bus->rxctl -= BRCMF_FIRSTREAD; 1519 1520 /* Copy the already-read portion over */ 1521 memcpy(bus->rxctl, hdr, BRCMF_FIRSTREAD); 1522 if (len <= BRCMF_FIRSTREAD) 1523 goto gotpkt; 1524 1525 /* Raise rdlen to next SDIO block to avoid tail command */ 1526 rdlen = len - BRCMF_FIRSTREAD; 1527 if (bus->roundup && bus->blocksize && (rdlen > bus->blocksize)) { 1528 pad = bus->blocksize - (rdlen % bus->blocksize); 1529 if ((pad <= bus->roundup) && (pad < bus->blocksize) && 1530 ((len + pad) < bus->drvr->maxctl)) 1531 rdlen += pad; 1532 } else if (rdlen % BRCMF_SDALIGN) { 1533 rdlen += BRCMF_SDALIGN - (rdlen % BRCMF_SDALIGN); 1534 } 1535 1536 /* Satisfy length-alignment requirements */ 1537 if (rdlen & (ALIGNMENT - 1)) 1538 rdlen = roundup(rdlen, ALIGNMENT); 1539 1540 /* Drop if the read is too big or it exceeds our maximum */ 1541 if ((rdlen + BRCMF_FIRSTREAD) > bus->drvr->maxctl) { 1542 brcmf_dbg(ERROR, "%d-byte control read exceeds %d-byte buffer\n", 1543 rdlen, bus->drvr->maxctl); 1544 bus->drvr->rx_errors++; 1545 brcmf_sdbrcm_rxfail(bus, false, false); 1546 goto done; 1547 } 1548 1549 if ((len - doff) > bus->drvr->maxctl) { 1550 brcmf_dbg(ERROR, "%d-byte ctl frame (%d-byte ctl data) exceeds %d-byte limit\n", 1551 len, len - doff, bus->drvr->maxctl); 1552 bus->drvr->rx_errors++; 1553 bus->rx_toolong++; 1554 brcmf_sdbrcm_rxfail(bus, false, false); 1555 goto done; 1556 } 1557 1558 /* Read remainder of frame body into the rxctl buffer */ 1559 sdret = brcmf_sdcard_recv_buf(bus->sdiodev, 1560 bus->sdiodev->sbwad, 1561 SDIO_FUNC_2, 1562 F2SYNC, (bus->rxctl + BRCMF_FIRSTREAD), rdlen); 1563 bus->f2rxdata++; 1564 1565 /* Control frame failures need retransmission */ 1566 if (sdret < 0) { 1567 brcmf_dbg(ERROR, "read %d control bytes failed: %d\n", 1568 rdlen, sdret); 1569 bus->rxc_errors++; 1570 brcmf_sdbrcm_rxfail(bus, true, true); 1571 goto done; 1572 } 1573 1574gotpkt: 1575 1576#ifdef BCMDBG 1577 if (BRCMF_BYTES_ON() && BRCMF_CTL_ON()) { 1578 printk(KERN_DEBUG "RxCtrl:\n"); 1579 print_hex_dump_bytes("", DUMP_PREFIX_OFFSET, bus->rxctl, len); 1580 } 1581#endif 1582 1583 /* Point to valid data and indicate its length */ 1584 bus->rxctl += doff; 1585 bus->rxlen = len - doff; 1586 1587done: 1588 /* Awake any waiters */ 1589 brcmf_sdbrcm_dcmd_resp_wake(bus); 1590} 1591 1592/* Pad read to blocksize for efficiency */ 1593static void brcmf_pad(struct brcmf_sdio *bus, u16 *pad, u16 *rdlen) 1594{ 1595 if (bus->roundup && bus->blocksize && *rdlen > bus->blocksize) { 1596 *pad = bus->blocksize - (*rdlen % bus->blocksize); 1597 if (*pad <= bus->roundup && *pad < bus->blocksize && 1598 *rdlen + *pad + BRCMF_FIRSTREAD < MAX_RX_DATASZ) 1599 *rdlen += *pad; 1600 } else if (*rdlen % BRCMF_SDALIGN) { 1601 *rdlen += BRCMF_SDALIGN - (*rdlen % BRCMF_SDALIGN); 1602 } 1603} 1604 1605static void 1606brcmf_alloc_pkt_and_read(struct brcmf_sdio *bus, u16 rdlen, 1607 struct sk_buff **pkt, u8 **rxbuf) 1608{ 1609 int sdret; /* Return code from calls */ 1610 1611 *pkt = brcmu_pkt_buf_get_skb(rdlen + BRCMF_SDALIGN); 1612 if (*pkt == NULL) 1613 return; 1614 1615 pkt_align(*pkt, rdlen, BRCMF_SDALIGN); 1616 *rxbuf = (u8 *) ((*pkt)->data); 1617 /* Read the entire frame */ 1618 sdret = brcmf_sdcard_recv_pkt(bus->sdiodev, bus->sdiodev->sbwad, 1619 SDIO_FUNC_2, F2SYNC, *pkt); 1620 bus->f2rxdata++; 1621 1622 if (sdret < 0) { 1623 brcmf_dbg(ERROR, "(nextlen): read %d bytes failed: %d\n", 1624 rdlen, sdret); 1625 brcmu_pkt_buf_free_skb(*pkt); 1626 bus->drvr->rx_errors++; 1627 /* Force retry w/normal header read. 1628 * Don't attempt NAK for 1629 * gSPI 1630 */ 1631 brcmf_sdbrcm_rxfail(bus, true, true); 1632 *pkt = NULL; 1633 } 1634} 1635 1636/* Checks the header */ 1637static int 1638brcmf_check_rxbuf(struct brcmf_sdio *bus, struct sk_buff *pkt, u8 *rxbuf, 1639 u8 rxseq, u16 nextlen, u16 *len) 1640{ 1641 u16 check; 1642 bool len_consistent; /* Result of comparing readahead len and 1643 len from hw-hdr */ 1644 1645 memcpy(bus->rxhdr, rxbuf, SDPCM_HDRLEN); 1646 1647 /* Extract hardware header fields */ 1648 *len = get_unaligned_le16(bus->rxhdr); 1649 check = get_unaligned_le16(bus->rxhdr + sizeof(u16)); 1650 1651 /* All zeros means readahead info was bad */ 1652 if (!(*len | check)) { 1653 brcmf_dbg(INFO, "(nextlen): read zeros in HW header???\n"); 1654 goto fail; 1655 } 1656 1657 /* Validate check bytes */ 1658 if ((u16)~(*len ^ check)) { 1659 brcmf_dbg(ERROR, "(nextlen): HW hdr error: nextlen/len/check 0x%04x/0x%04x/0x%04x\n", 1660 nextlen, *len, check); 1661 bus->rx_badhdr++; 1662 brcmf_sdbrcm_rxfail(bus, false, false); 1663 goto fail; 1664 } 1665 1666 /* Validate frame length */ 1667 if (*len < SDPCM_HDRLEN) { 1668 brcmf_dbg(ERROR, "(nextlen): HW hdr length invalid: %d\n", 1669 *len); 1670 goto fail; 1671 } 1672 1673 /* Check for consistency with readahead info */ 1674 len_consistent = (nextlen != (roundup(*len, 16) >> 4)); 1675 if (len_consistent) { 1676 /* Mismatch, force retry w/normal 1677 header (may be >4K) */ 1678 brcmf_dbg(ERROR, "(nextlen): mismatch, nextlen %d len %d rnd %d; expected rxseq %d\n", 1679 nextlen, *len, roundup(*len, 16), 1680 rxseq); 1681 brcmf_sdbrcm_rxfail(bus, true, true); 1682 goto fail; 1683 } 1684 1685 return 0; 1686 1687fail: 1688 brcmf_sdbrcm_pktfree2(bus, pkt); 1689 return -EINVAL; 1690} 1691 1692/* Return true if there may be more frames to read */ 1693static uint 1694brcmf_sdbrcm_readframes(struct brcmf_sdio *bus, uint maxframes, bool *finished) 1695{ 1696 u16 len, check; /* Extracted hardware header fields */ 1697 u8 chan, seq, doff; /* Extracted software header fields */ 1698 u8 fcbits; /* Extracted fcbits from software header */ 1699 1700 struct sk_buff *pkt; /* Packet for event or data frames */ 1701 u16 pad; /* Number of pad bytes to read */ 1702 u16 rdlen; /* Total number of bytes to read */ 1703 u8 rxseq; /* Next sequence number to expect */ 1704 uint rxleft = 0; /* Remaining number of frames allowed */ 1705 int sdret; /* Return code from calls */ 1706 u8 txmax; /* Maximum tx sequence offered */ 1707 u8 *rxbuf; 1708 int ifidx = 0; 1709 uint rxcount = 0; /* Total frames read */ 1710 1711 brcmf_dbg(TRACE, "Enter\n"); 1712 1713 /* Not finished unless we encounter no more frames indication */ 1714 *finished = false; 1715 1716 for (rxseq = bus->rx_seq, rxleft = maxframes; 1717 !bus->rxskip && rxleft && 1718 bus->drvr->bus_if->state != BRCMF_BUS_DOWN; 1719 rxseq++, rxleft--) { 1720 1721 /* Handle glomming separately */ 1722 if (bus->glomd || !skb_queue_empty(&bus->glom)) { 1723 u8 cnt; 1724 brcmf_dbg(GLOM, "calling rxglom: glomd %p, glom %p\n", 1725 bus->glomd, skb_peek(&bus->glom)); 1726 cnt = brcmf_sdbrcm_rxglom(bus, rxseq); 1727 brcmf_dbg(GLOM, "rxglom returned %d\n", cnt); 1728 rxseq += cnt - 1; 1729 rxleft = (rxleft > cnt) ? (rxleft - cnt) : 1; 1730 continue; 1731 } 1732 1733 /* Try doing single read if we can */ 1734 if (bus->nextlen) { 1735 u16 nextlen = bus->nextlen; 1736 bus->nextlen = 0; 1737 1738 rdlen = len = nextlen << 4; 1739 brcmf_pad(bus, &pad, &rdlen); 1740 1741 /* 1742 * After the frame is received we have to 1743 * distinguish whether it is data 1744 * or non-data frame. 1745 */ 1746 brcmf_alloc_pkt_and_read(bus, rdlen, &pkt, &rxbuf); 1747 if (pkt == NULL) { 1748 /* Give up on data, request rtx of events */ 1749 brcmf_dbg(ERROR, "(nextlen): brcmf_alloc_pkt_and_read failed: len %d rdlen %d expected rxseq %d\n", 1750 len, rdlen, rxseq); 1751 continue; 1752 } 1753 1754 if (brcmf_check_rxbuf(bus, pkt, rxbuf, rxseq, nextlen, 1755 &len) < 0) 1756 continue; 1757 1758 /* Extract software header fields */ 1759 chan = SDPCM_PACKET_CHANNEL( 1760 &bus->rxhdr[SDPCM_FRAMETAG_LEN]); 1761 seq = SDPCM_PACKET_SEQUENCE( 1762 &bus->rxhdr[SDPCM_FRAMETAG_LEN]); 1763 doff = SDPCM_DOFFSET_VALUE( 1764 &bus->rxhdr[SDPCM_FRAMETAG_LEN]); 1765 txmax = SDPCM_WINDOW_VALUE( 1766 &bus->rxhdr[SDPCM_FRAMETAG_LEN]); 1767 1768 bus->nextlen = 1769 bus->rxhdr[SDPCM_FRAMETAG_LEN + 1770 SDPCM_NEXTLEN_OFFSET]; 1771 if ((bus->nextlen << 4) > MAX_RX_DATASZ) { 1772 brcmf_dbg(INFO, "(nextlen): got frame w/nextlen too large (%d), seq %d\n", 1773 bus->nextlen, seq); 1774 bus->nextlen = 0; 1775 } 1776 1777 bus->drvr->rx_readahead_cnt++; 1778 1779 /* Handle Flow Control */ 1780 fcbits = SDPCM_FCMASK_VALUE( 1781 &bus->rxhdr[SDPCM_FRAMETAG_LEN]); 1782 1783 if (bus->flowcontrol != fcbits) { 1784 if (~bus->flowcontrol & fcbits) 1785 bus->fc_xoff++; 1786 1787 if (bus->flowcontrol & ~fcbits) 1788 bus->fc_xon++; 1789 1790 bus->fc_rcvd++; 1791 bus->flowcontrol = fcbits; 1792 } 1793 1794 /* Check and update sequence number */ 1795 if (rxseq != seq) { 1796 brcmf_dbg(INFO, "(nextlen): rx_seq %d, expected %d\n", 1797 seq, rxseq); 1798 bus->rx_badseq++; 1799 rxseq = seq; 1800 } 1801 1802 /* Check window for sanity */ 1803 if ((u8) (txmax - bus->tx_seq) > 0x40) { 1804 brcmf_dbg(ERROR, "got unlikely tx max %d with tx_seq %d\n", 1805 txmax, bus->tx_seq); 1806 txmax = bus->tx_seq + 2; 1807 } 1808 bus->tx_max = txmax; 1809 1810#ifdef BCMDBG 1811 if (BRCMF_BYTES_ON() && BRCMF_DATA_ON()) { 1812 printk(KERN_DEBUG "Rx Data:\n"); 1813 print_hex_dump_bytes("", DUMP_PREFIX_OFFSET, 1814 rxbuf, len); 1815 } else if (BRCMF_HDRS_ON()) { 1816 printk(KERN_DEBUG "RxHdr:\n"); 1817 print_hex_dump_bytes("", DUMP_PREFIX_OFFSET, 1818 bus->rxhdr, SDPCM_HDRLEN); 1819 } 1820#endif 1821 1822 if (chan == SDPCM_CONTROL_CHANNEL) { 1823 brcmf_dbg(ERROR, "(nextlen): readahead on control packet %d?\n", 1824 seq); 1825 /* Force retry w/normal header read */ 1826 bus->nextlen = 0; 1827 brcmf_sdbrcm_rxfail(bus, false, true); 1828 brcmf_sdbrcm_pktfree2(bus, pkt); 1829 continue; 1830 } 1831 1832 /* Validate data offset */ 1833 if ((doff < SDPCM_HDRLEN) || (doff > len)) { 1834 brcmf_dbg(ERROR, "(nextlen): bad data offset %d: HW len %d min %d\n", 1835 doff, len, SDPCM_HDRLEN); 1836 brcmf_sdbrcm_rxfail(bus, false, false); 1837 brcmf_sdbrcm_pktfree2(bus, pkt); 1838 continue; 1839 } 1840 1841 /* All done with this one -- now deliver the packet */ 1842 goto deliver; 1843 } 1844 1845 /* Read frame header (hardware and software) */ 1846 sdret = brcmf_sdcard_recv_buf(bus->sdiodev, bus->sdiodev->sbwad, 1847 SDIO_FUNC_2, F2SYNC, bus->rxhdr, 1848 BRCMF_FIRSTREAD); 1849 bus->f2rxhdrs++; 1850 1851 if (sdret < 0) { 1852 brcmf_dbg(ERROR, "RXHEADER FAILED: %d\n", sdret); 1853 bus->rx_hdrfail++; 1854 brcmf_sdbrcm_rxfail(bus, true, true); 1855 continue; 1856 } 1857#ifdef BCMDBG 1858 if (BRCMF_BYTES_ON() || BRCMF_HDRS_ON()) { 1859 printk(KERN_DEBUG "RxHdr:\n"); 1860 print_hex_dump_bytes("", DUMP_PREFIX_OFFSET, 1861 bus->rxhdr, SDPCM_HDRLEN); 1862 } 1863#endif 1864 1865 /* Extract hardware header fields */ 1866 len = get_unaligned_le16(bus->rxhdr); 1867 check = get_unaligned_le16(bus->rxhdr + sizeof(u16)); 1868 1869 /* All zeros means no more frames */ 1870 if (!(len | check)) { 1871 *finished = true; 1872 break; 1873 } 1874 1875 /* Validate check bytes */ 1876 if ((u16) ~(len ^ check)) { 1877 brcmf_dbg(ERROR, "HW hdr err: len/check 0x%04x/0x%04x\n", 1878 len, check); 1879 bus->rx_badhdr++; 1880 brcmf_sdbrcm_rxfail(bus, false, false); 1881 continue; 1882 } 1883 1884 /* Validate frame length */ 1885 if (len < SDPCM_HDRLEN) { 1886 brcmf_dbg(ERROR, "HW hdr length invalid: %d\n", len); 1887 continue; 1888 } 1889 1890 /* Extract software header fields */ 1891 chan = SDPCM_PACKET_CHANNEL(&bus->rxhdr[SDPCM_FRAMETAG_LEN]); 1892 seq = SDPCM_PACKET_SEQUENCE(&bus->rxhdr[SDPCM_FRAMETAG_LEN]); 1893 doff = SDPCM_DOFFSET_VALUE(&bus->rxhdr[SDPCM_FRAMETAG_LEN]); 1894 txmax = SDPCM_WINDOW_VALUE(&bus->rxhdr[SDPCM_FRAMETAG_LEN]); 1895 1896 /* Validate data offset */ 1897 if ((doff < SDPCM_HDRLEN) || (doff > len)) { 1898 brcmf_dbg(ERROR, "Bad data offset %d: HW len %d, min %d seq %d\n", 1899 doff, len, SDPCM_HDRLEN, seq); 1900 bus->rx_badhdr++; 1901 brcmf_sdbrcm_rxfail(bus, false, false); 1902 continue; 1903 } 1904 1905 /* Save the readahead length if there is one */ 1906 bus->nextlen = 1907 bus->rxhdr[SDPCM_FRAMETAG_LEN + SDPCM_NEXTLEN_OFFSET]; 1908 if ((bus->nextlen << 4) > MAX_RX_DATASZ) { 1909 brcmf_dbg(INFO, "(nextlen): got frame w/nextlen too large (%d), seq %d\n", 1910 bus->nextlen, seq); 1911 bus->nextlen = 0; 1912 } 1913 1914 /* Handle Flow Control */ 1915 fcbits = SDPCM_FCMASK_VALUE(&bus->rxhdr[SDPCM_FRAMETAG_LEN]); 1916 1917 if (bus->flowcontrol != fcbits) { 1918 if (~bus->flowcontrol & fcbits) 1919 bus->fc_xoff++; 1920 1921 if (bus->flowcontrol & ~fcbits) 1922 bus->fc_xon++; 1923 1924 bus->fc_rcvd++; 1925 bus->flowcontrol = fcbits; 1926 } 1927 1928 /* Check and update sequence number */ 1929 if (rxseq != seq) { 1930 brcmf_dbg(INFO, "rx_seq %d, expected %d\n", seq, rxseq); 1931 bus->rx_badseq++; 1932 rxseq = seq; 1933 } 1934 1935 /* Check window for sanity */ 1936 if ((u8) (txmax - bus->tx_seq) > 0x40) { 1937 brcmf_dbg(ERROR, "unlikely tx max %d with tx_seq %d\n", 1938 txmax, bus->tx_seq); 1939 txmax = bus->tx_seq + 2; 1940 } 1941 bus->tx_max = txmax; 1942 1943 /* Call a separate function for control frames */ 1944 if (chan == SDPCM_CONTROL_CHANNEL) { 1945 brcmf_sdbrcm_read_control(bus, bus->rxhdr, len, doff); 1946 continue; 1947 } 1948 1949 /* precondition: chan is either SDPCM_DATA_CHANNEL, 1950 SDPCM_EVENT_CHANNEL, SDPCM_TEST_CHANNEL or 1951 SDPCM_GLOM_CHANNEL */ 1952 1953 /* Length to read */ 1954 rdlen = (len > BRCMF_FIRSTREAD) ? (len - BRCMF_FIRSTREAD) : 0; 1955 1956 /* May pad read to blocksize for efficiency */ 1957 if (bus->roundup && bus->blocksize && 1958 (rdlen > bus->blocksize)) { 1959 pad = bus->blocksize - (rdlen % bus->blocksize); 1960 if ((pad <= bus->roundup) && (pad < bus->blocksize) && 1961 ((rdlen + pad + BRCMF_FIRSTREAD) < MAX_RX_DATASZ)) 1962 rdlen += pad; 1963 } else if (rdlen % BRCMF_SDALIGN) { 1964 rdlen += BRCMF_SDALIGN - (rdlen % BRCMF_SDALIGN); 1965 } 1966 1967 /* Satisfy length-alignment requirements */ 1968 if (rdlen & (ALIGNMENT - 1)) 1969 rdlen = roundup(rdlen, ALIGNMENT); 1970 1971 if ((rdlen + BRCMF_FIRSTREAD) > MAX_RX_DATASZ) { 1972 /* Too long -- skip this frame */ 1973 brcmf_dbg(ERROR, "too long: len %d rdlen %d\n", 1974 len, rdlen); 1975 bus->drvr->rx_errors++; 1976 bus->rx_toolong++; 1977 brcmf_sdbrcm_rxfail(bus, false, false); 1978 continue; 1979 } 1980 1981 pkt = brcmu_pkt_buf_get_skb(rdlen + 1982 BRCMF_FIRSTREAD + BRCMF_SDALIGN); 1983 if (!pkt) { 1984 /* Give up on data, request rtx of events */ 1985 brcmf_dbg(ERROR, "brcmu_pkt_buf_get_skb failed: rdlen %d chan %d\n", 1986 rdlen, chan); 1987 bus->drvr->rx_dropped++; 1988 brcmf_sdbrcm_rxfail(bus, false, RETRYCHAN(chan)); 1989 continue; 1990 } 1991 1992 /* Leave room for what we already read, and align remainder */ 1993 skb_pull(pkt, BRCMF_FIRSTREAD); 1994 pkt_align(pkt, rdlen, BRCMF_SDALIGN); 1995 1996 /* Read the remaining frame data */ 1997 sdret = brcmf_sdcard_recv_pkt(bus->sdiodev, bus->sdiodev->sbwad, 1998 SDIO_FUNC_2, F2SYNC, pkt); 1999 bus->f2rxdata++; 2000 2001 if (sdret < 0) { 2002 brcmf_dbg(ERROR, "read %d %s bytes failed: %d\n", rdlen, 2003 ((chan == SDPCM_EVENT_CHANNEL) ? "event" 2004 : ((chan == SDPCM_DATA_CHANNEL) ? "data" 2005 : "test")), sdret); 2006 brcmu_pkt_buf_free_skb(pkt); 2007 bus->drvr->rx_errors++; 2008 brcmf_sdbrcm_rxfail(bus, true, RETRYCHAN(chan)); 2009 continue; 2010 } 2011 2012 /* Copy the already-read portion */ 2013 skb_push(pkt, BRCMF_FIRSTREAD); 2014 memcpy(pkt->data, bus->rxhdr, BRCMF_FIRSTREAD); 2015 2016#ifdef BCMDBG 2017 if (BRCMF_BYTES_ON() && BRCMF_DATA_ON()) { 2018 printk(KERN_DEBUG "Rx Data:\n"); 2019 print_hex_dump_bytes("", DUMP_PREFIX_OFFSET, 2020 pkt->data, len); 2021 } 2022#endif 2023 2024deliver: 2025 /* Save superframe descriptor and allocate packet frame */ 2026 if (chan == SDPCM_GLOM_CHANNEL) { 2027 if (SDPCM_GLOMDESC(&bus->rxhdr[SDPCM_FRAMETAG_LEN])) { 2028 brcmf_dbg(GLOM, "glom descriptor, %d bytes:\n", 2029 len); 2030#ifdef BCMDBG 2031 if (BRCMF_GLOM_ON()) { 2032 printk(KERN_DEBUG "Glom Data:\n"); 2033 print_hex_dump_bytes("", 2034 DUMP_PREFIX_OFFSET, 2035 pkt->data, len); 2036 } 2037#endif 2038 __skb_trim(pkt, len); 2039 skb_pull(pkt, SDPCM_HDRLEN); 2040 bus->glomd = pkt; 2041 } else { 2042 brcmf_dbg(ERROR, "%s: glom superframe w/o " 2043 "descriptor!\n", __func__); 2044 brcmf_sdbrcm_rxfail(bus, false, false); 2045 } 2046 continue; 2047 } 2048 2049 /* Fill in packet len and prio, deliver upward */ 2050 __skb_trim(pkt, len); 2051 skb_pull(pkt, doff); 2052 2053 if (pkt->len == 0) { 2054 brcmu_pkt_buf_free_skb(pkt); 2055 continue; 2056 } else if (brcmf_proto_hdrpull(bus->drvr, &ifidx, pkt) != 0) { 2057 brcmf_dbg(ERROR, "rx protocol error\n"); 2058 brcmu_pkt_buf_free_skb(pkt); 2059 bus->drvr->rx_errors++; 2060 continue; 2061 } 2062 2063 /* Unlock during rx call */ 2064 up(&bus->sdsem); 2065 brcmf_rx_packet(bus->sdiodev->dev, ifidx, pkt); 2066 down(&bus->sdsem); 2067 } 2068 rxcount = maxframes - rxleft; 2069#ifdef BCMDBG 2070 /* Message if we hit the limit */ 2071 if (!rxleft) 2072 brcmf_dbg(DATA, "hit rx limit of %d frames\n", 2073 maxframes); 2074 else 2075#endif /* BCMDBG */ 2076 brcmf_dbg(DATA, "processed %d frames\n", rxcount); 2077 /* Back off rxseq if awaiting rtx, update rx_seq */ 2078 if (bus->rxskip) 2079 rxseq--; 2080 bus->rx_seq = rxseq; 2081 2082 return rxcount; 2083} 2084 2085static void 2086brcmf_sdbrcm_wait_for_event(struct brcmf_sdio *bus, bool *lockvar) 2087{ 2088 up(&bus->sdsem); 2089 wait_event_interruptible_timeout(bus->ctrl_wait, 2090 (*lockvar == false), HZ * 2); 2091 down(&bus->sdsem); 2092 return; 2093} 2094 2095static void 2096brcmf_sdbrcm_wait_event_wakeup(struct brcmf_sdio *bus) 2097{ 2098 if (waitqueue_active(&bus->ctrl_wait)) 2099 wake_up_interruptible(&bus->ctrl_wait); 2100 return; 2101} 2102 2103/* Writes a HW/SW header into the packet and sends it. */ 2104/* Assumes: (a) header space already there, (b) caller holds lock */ 2105static int brcmf_sdbrcm_txpkt(struct brcmf_sdio *bus, struct sk_buff *pkt, 2106 uint chan, bool free_pkt) 2107{ 2108 int ret; 2109 u8 *frame; 2110 u16 len, pad = 0; 2111 u32 swheader; 2112 struct sk_buff *new; 2113 int i; 2114 2115 brcmf_dbg(TRACE, "Enter\n"); 2116 2117 frame = (u8 *) (pkt->data); 2118 2119 /* Add alignment padding, allocate new packet if needed */ 2120 pad = ((unsigned long)frame % BRCMF_SDALIGN); 2121 if (pad) { 2122 if (skb_headroom(pkt) < pad) { 2123 brcmf_dbg(INFO, "insufficient headroom %d for %d pad\n", 2124 skb_headroom(pkt), pad); 2125 bus->drvr->tx_realloc++; 2126 new = brcmu_pkt_buf_get_skb(pkt->len + BRCMF_SDALIGN); 2127 if (!new) { 2128 brcmf_dbg(ERROR, "couldn't allocate new %d-byte packet\n", 2129 pkt->len + BRCMF_SDALIGN); 2130 ret = -ENOMEM; 2131 goto done; 2132 } 2133 2134 pkt_align(new, pkt->len, BRCMF_SDALIGN); 2135 memcpy(new->data, pkt->data, pkt->len); 2136 if (free_pkt) 2137 brcmu_pkt_buf_free_skb(pkt); 2138 /* free the pkt if canned one is not used */ 2139 free_pkt = true; 2140 pkt = new; 2141 frame = (u8 *) (pkt->data); 2142 /* precondition: (frame % BRCMF_SDALIGN) == 0) */ 2143 pad = 0; 2144 } else { 2145 skb_push(pkt, pad); 2146 frame = (u8 *) (pkt->data); 2147 /* precondition: pad + SDPCM_HDRLEN <= pkt->len */ 2148 memset(frame, 0, pad + SDPCM_HDRLEN); 2149 } 2150 } 2151 /* precondition: pad < BRCMF_SDALIGN */ 2152 2153 /* Hardware tag: 2 byte len followed by 2 byte ~len check (all LE) */ 2154 len = (u16) (pkt->len); 2155 *(__le16 *) frame = cpu_to_le16(len); 2156 *(((__le16 *) frame) + 1) = cpu_to_le16(~len); 2157 2158 /* Software tag: channel, sequence number, data offset */ 2159 swheader = 2160 ((chan << SDPCM_CHANNEL_SHIFT) & SDPCM_CHANNEL_MASK) | bus->tx_seq | 2161 (((pad + 2162 SDPCM_HDRLEN) << SDPCM_DOFFSET_SHIFT) & SDPCM_DOFFSET_MASK); 2163 2164 put_unaligned_le32(swheader, frame + SDPCM_FRAMETAG_LEN); 2165 put_unaligned_le32(0, frame + SDPCM_FRAMETAG_LEN + sizeof(swheader)); 2166 2167#ifdef BCMDBG 2168 tx_packets[pkt->priority]++; 2169 if (BRCMF_BYTES_ON() && 2170 (((BRCMF_CTL_ON() && (chan == SDPCM_CONTROL_CHANNEL)) || 2171 (BRCMF_DATA_ON() && (chan != SDPCM_CONTROL_CHANNEL))))) { 2172 printk(KERN_DEBUG "Tx Frame:\n"); 2173 print_hex_dump_bytes("", DUMP_PREFIX_OFFSET, frame, len); 2174 } else if (BRCMF_HDRS_ON()) { 2175 printk(KERN_DEBUG "TxHdr:\n"); 2176 print_hex_dump_bytes("", DUMP_PREFIX_OFFSET, 2177 frame, min_t(u16, len, 16)); 2178 } 2179#endif 2180 2181 /* Raise len to next SDIO block to eliminate tail command */ 2182 if (bus->roundup && bus->blocksize && (len > bus->blocksize)) { 2183 u16 pad = bus->blocksize - (len % bus->blocksize); 2184 if ((pad <= bus->roundup) && (pad < bus->blocksize)) 2185 len += pad; 2186 } else if (len % BRCMF_SDALIGN) { 2187 len += BRCMF_SDALIGN - (len % BRCMF_SDALIGN); 2188 } 2189 2190 /* Some controllers have trouble with odd bytes -- round to even */ 2191 if (len & (ALIGNMENT - 1)) 2192 len = roundup(len, ALIGNMENT); 2193 2194 ret = brcmf_sdcard_send_pkt(bus->sdiodev, bus->sdiodev->sbwad, 2195 SDIO_FUNC_2, F2SYNC, pkt); 2196 bus->f2txdata++; 2197 2198 if (ret < 0) { 2199 /* On failure, abort the command and terminate the frame */ 2200 brcmf_dbg(INFO, "sdio error %d, abort command and terminate frame\n", 2201 ret); 2202 bus->tx_sderrs++; 2203 2204 brcmf_sdcard_abort(bus->sdiodev, SDIO_FUNC_2); 2205 brcmf_sdcard_cfg_write(bus->sdiodev, SDIO_FUNC_1, 2206 SBSDIO_FUNC1_FRAMECTRL, SFC_WF_TERM, 2207 NULL); 2208 bus->f1regdata++; 2209 2210 for (i = 0; i < 3; i++) { 2211 u8 hi, lo; 2212 hi = brcmf_sdcard_cfg_read(bus->sdiodev, 2213 SDIO_FUNC_1, 2214 SBSDIO_FUNC1_WFRAMEBCHI, 2215 NULL); 2216 lo = brcmf_sdcard_cfg_read(bus->sdiodev, 2217 SDIO_FUNC_1, 2218 SBSDIO_FUNC1_WFRAMEBCLO, 2219 NULL); 2220 bus->f1regdata += 2; 2221 if ((hi == 0) && (lo == 0)) 2222 break; 2223 } 2224 2225 } 2226 if (ret == 0) 2227 bus->tx_seq = (bus->tx_seq + 1) % SDPCM_SEQUENCE_WRAP; 2228 2229done: 2230 /* restore pkt buffer pointer before calling tx complete routine */ 2231 skb_pull(pkt, SDPCM_HDRLEN + pad); 2232 up(&bus->sdsem); 2233 brcmf_txcomplete(bus->sdiodev->dev, pkt, ret != 0); 2234 down(&bus->sdsem); 2235 2236 if (free_pkt) 2237 brcmu_pkt_buf_free_skb(pkt); 2238 2239 return ret; 2240} 2241 2242static uint brcmf_sdbrcm_sendfromq(struct brcmf_sdio *bus, uint maxframes) 2243{ 2244 struct sk_buff *pkt; 2245 u32 intstatus = 0; 2246 uint retries = 0; 2247 int ret = 0, prec_out; 2248 uint cnt = 0; 2249 uint datalen; 2250 u8 tx_prec_map; 2251 2252 struct brcmf_pub *drvr = bus->drvr; 2253 2254 brcmf_dbg(TRACE, "Enter\n"); 2255 2256 tx_prec_map = ~bus->flowcontrol; 2257 2258 /* Send frames until the limit or some other event */ 2259 for (cnt = 0; (cnt < maxframes) && data_ok(bus); cnt++) { 2260 spin_lock_bh(&bus->txqlock); 2261 pkt = brcmu_pktq_mdeq(&bus->txq, tx_prec_map, &prec_out); 2262 if (pkt == NULL) { 2263 spin_unlock_bh(&bus->txqlock); 2264 break; 2265 } 2266 spin_unlock_bh(&bus->txqlock); 2267 datalen = pkt->len - SDPCM_HDRLEN; 2268 2269 ret = brcmf_sdbrcm_txpkt(bus, pkt, SDPCM_DATA_CHANNEL, true); 2270 if (ret) 2271 bus->drvr->tx_errors++; 2272 else 2273 bus->drvr->dstats.tx_bytes += datalen; 2274 2275 /* In poll mode, need to check for other events */ 2276 if (!bus->intr && cnt) { 2277 /* Check device status, signal pending interrupt */ 2278 r_sdreg32(bus, &intstatus, 2279 offsetof(struct sdpcmd_regs, intstatus), 2280 &retries); 2281 bus->f2txdata++; 2282 if (brcmf_sdcard_regfail(bus->sdiodev)) 2283 break; 2284 if (intstatus & bus->hostintmask) 2285 bus->ipend = true; 2286 } 2287 } 2288 2289 /* Deflow-control stack if needed */ 2290 if (drvr->up && (drvr->bus_if->state == BRCMF_BUS_DATA) && 2291 drvr->txoff && (pktq_len(&bus->txq) < TXLOW)) 2292 brcmf_txflowcontrol(bus->sdiodev->dev, 0, OFF); 2293 2294 return cnt; 2295} 2296 2297static bool brcmf_sdbrcm_dpc(struct brcmf_sdio *bus) 2298{ 2299 u32 intstatus, newstatus = 0; 2300 uint retries = 0; 2301 uint rxlimit = bus->rxbound; /* Rx frames to read before resched */ 2302 uint txlimit = bus->txbound; /* Tx frames to send before resched */ 2303 uint framecnt = 0; /* Temporary counter of tx/rx frames */ 2304 bool rxdone = true; /* Flag for no more read data */ 2305 bool resched = false; /* Flag indicating resched wanted */ 2306 2307 brcmf_dbg(TRACE, "Enter\n"); 2308 2309 /* Start with leftover status bits */ 2310 intstatus = bus->intstatus; 2311 2312 down(&bus->sdsem); 2313 2314 /* If waiting for HTAVAIL, check status */ 2315 if (bus->clkstate == CLK_PENDING) { 2316 int err; 2317 u8 clkctl, devctl = 0; 2318 2319#ifdef BCMDBG 2320 /* Check for inconsistent device control */ 2321 devctl = brcmf_sdcard_cfg_read(bus->sdiodev, SDIO_FUNC_1, 2322 SBSDIO_DEVICE_CTL, &err); 2323 if (err) { 2324 brcmf_dbg(ERROR, "error reading DEVCTL: %d\n", err); 2325 bus->drvr->bus_if->state = BRCMF_BUS_DOWN; 2326 } 2327#endif /* BCMDBG */ 2328 2329 /* Read CSR, if clock on switch to AVAIL, else ignore */ 2330 clkctl = brcmf_sdcard_cfg_read(bus->sdiodev, SDIO_FUNC_1, 2331 SBSDIO_FUNC1_CHIPCLKCSR, &err); 2332 if (err) { 2333 brcmf_dbg(ERROR, "error reading CSR: %d\n", 2334 err); 2335 bus->drvr->bus_if->state = BRCMF_BUS_DOWN; 2336 } 2337 2338 brcmf_dbg(INFO, "DPC: PENDING, devctl 0x%02x clkctl 0x%02x\n", 2339 devctl, clkctl); 2340 2341 if (SBSDIO_HTAV(clkctl)) { 2342 devctl = brcmf_sdcard_cfg_read(bus->sdiodev, 2343 SDIO_FUNC_1, 2344 SBSDIO_DEVICE_CTL, &err); 2345 if (err) { 2346 brcmf_dbg(ERROR, "error reading DEVCTL: %d\n", 2347 err); 2348 bus->drvr->bus_if->state = BRCMF_BUS_DOWN; 2349 } 2350 devctl &= ~SBSDIO_DEVCTL_CA_INT_ONLY; 2351 brcmf_sdcard_cfg_write(bus->sdiodev, SDIO_FUNC_1, 2352 SBSDIO_DEVICE_CTL, devctl, &err); 2353 if (err) { 2354 brcmf_dbg(ERROR, "error writing DEVCTL: %d\n", 2355 err); 2356 bus->drvr->bus_if->state = BRCMF_BUS_DOWN; 2357 } 2358 bus->clkstate = CLK_AVAIL; 2359 } else { 2360 goto clkwait; 2361 } 2362 } 2363 2364 bus_wake(bus); 2365 2366 /* Make sure backplane clock is on */ 2367 brcmf_sdbrcm_clkctl(bus, CLK_AVAIL, true); 2368 if (bus->clkstate == CLK_PENDING) 2369 goto clkwait; 2370 2371 /* Pending interrupt indicates new device status */ 2372 if (bus->ipend) { 2373 bus->ipend = false; 2374 r_sdreg32(bus, &newstatus, 2375 offsetof(struct sdpcmd_regs, intstatus), &retries); 2376 bus->f1regdata++; 2377 if (brcmf_sdcard_regfail(bus->sdiodev)) 2378 newstatus = 0; 2379 newstatus &= bus->hostintmask; 2380 bus->fcstate = !!(newstatus & I_HMB_FC_STATE); 2381 if (newstatus) { 2382 w_sdreg32(bus, newstatus, 2383 offsetof(struct sdpcmd_regs, intstatus), 2384 &retries); 2385 bus->f1regdata++; 2386 } 2387 } 2388 2389 /* Merge new bits with previous */ 2390 intstatus |= newstatus; 2391 bus->intstatus = 0; 2392 2393 /* Handle flow-control change: read new state in case our ack 2394 * crossed another change interrupt. If change still set, assume 2395 * FC ON for safety, let next loop through do the debounce. 2396 */ 2397 if (intstatus & I_HMB_FC_CHANGE) { 2398 intstatus &= ~I_HMB_FC_CHANGE; 2399 w_sdreg32(bus, I_HMB_FC_CHANGE, 2400 offsetof(struct sdpcmd_regs, intstatus), &retries); 2401 2402 r_sdreg32(bus, &newstatus, 2403 offsetof(struct sdpcmd_regs, intstatus), &retries); 2404 bus->f1regdata += 2; 2405 bus->fcstate = 2406 !!(newstatus & (I_HMB_FC_STATE | I_HMB_FC_CHANGE)); 2407 intstatus |= (newstatus & bus->hostintmask); 2408 } 2409 2410 /* Handle host mailbox indication */ 2411 if (intstatus & I_HMB_HOST_INT) { 2412 intstatus &= ~I_HMB_HOST_INT; 2413 intstatus |= brcmf_sdbrcm_hostmail(bus); 2414 } 2415 2416 /* Generally don't ask for these, can get CRC errors... */ 2417 if (intstatus & I_WR_OOSYNC) { 2418 brcmf_dbg(ERROR, "Dongle reports WR_OOSYNC\n"); 2419 intstatus &= ~I_WR_OOSYNC; 2420 } 2421 2422 if (intstatus & I_RD_OOSYNC) { 2423 brcmf_dbg(ERROR, "Dongle reports RD_OOSYNC\n"); 2424 intstatus &= ~I_RD_OOSYNC; 2425 } 2426 2427 if (intstatus & I_SBINT) { 2428 brcmf_dbg(ERROR, "Dongle reports SBINT\n"); 2429 intstatus &= ~I_SBINT; 2430 } 2431 2432 /* Would be active due to wake-wlan in gSPI */ 2433 if (intstatus & I_CHIPACTIVE) { 2434 brcmf_dbg(INFO, "Dongle reports CHIPACTIVE\n"); 2435 intstatus &= ~I_CHIPACTIVE; 2436 } 2437 2438 /* Ignore frame indications if rxskip is set */ 2439 if (bus->rxskip) 2440 intstatus &= ~I_HMB_FRAME_IND; 2441 2442 /* On frame indication, read available frames */ 2443 if (PKT_AVAILABLE()) { 2444 framecnt = brcmf_sdbrcm_readframes(bus, rxlimit, &rxdone); 2445 if (rxdone || bus->rxskip) 2446 intstatus &= ~I_HMB_FRAME_IND; 2447 rxlimit -= min(framecnt, rxlimit); 2448 } 2449 2450 /* Keep still-pending events for next scheduling */ 2451 bus->intstatus = intstatus; 2452 2453clkwait: 2454 if (data_ok(bus) && bus->ctrl_frame_stat && 2455 (bus->clkstate == CLK_AVAIL)) { 2456 int ret, i; 2457 2458 ret = brcmf_sdcard_send_buf(bus->sdiodev, bus->sdiodev->sbwad, 2459 SDIO_FUNC_2, F2SYNC, (u8 *) bus->ctrl_frame_buf, 2460 (u32) bus->ctrl_frame_len); 2461 2462 if (ret < 0) { 2463 /* On failure, abort the command and 2464 terminate the frame */ 2465 brcmf_dbg(INFO, "sdio error %d, abort command and terminate frame\n", 2466 ret); 2467 bus->tx_sderrs++; 2468 2469 brcmf_sdcard_abort(bus->sdiodev, SDIO_FUNC_2); 2470 2471 brcmf_sdcard_cfg_write(bus->sdiodev, SDIO_FUNC_1, 2472 SBSDIO_FUNC1_FRAMECTRL, SFC_WF_TERM, 2473 NULL); 2474 bus->f1regdata++; 2475 2476 for (i = 0; i < 3; i++) { 2477 u8 hi, lo; 2478 hi = brcmf_sdcard_cfg_read(bus->sdiodev, 2479 SDIO_FUNC_1, 2480 SBSDIO_FUNC1_WFRAMEBCHI, 2481 NULL); 2482 lo = brcmf_sdcard_cfg_read(bus->sdiodev, 2483 SDIO_FUNC_1, 2484 SBSDIO_FUNC1_WFRAMEBCLO, 2485 NULL); 2486 bus->f1regdata += 2; 2487 if ((hi == 0) && (lo == 0)) 2488 break; 2489 } 2490 2491 } 2492 if (ret == 0) 2493 bus->tx_seq = (bus->tx_seq + 1) % SDPCM_SEQUENCE_WRAP; 2494 2495 brcmf_dbg(INFO, "Return_dpc value is : %d\n", ret); 2496 bus->ctrl_frame_stat = false; 2497 brcmf_sdbrcm_wait_event_wakeup(bus); 2498 } 2499 /* Send queued frames (limit 1 if rx may still be pending) */ 2500 else if ((bus->clkstate == CLK_AVAIL) && !bus->fcstate && 2501 brcmu_pktq_mlen(&bus->txq, ~bus->flowcontrol) && txlimit 2502 && data_ok(bus)) { 2503 framecnt = rxdone ? txlimit : min(txlimit, bus->txminmax); 2504 framecnt = brcmf_sdbrcm_sendfromq(bus, framecnt); 2505 txlimit -= framecnt; 2506 } 2507 2508 /* Resched if events or tx frames are pending, 2509 else await next interrupt */ 2510 /* On failed register access, all bets are off: 2511 no resched or interrupts */ 2512 if ((bus->drvr->bus_if->state == BRCMF_BUS_DOWN) || 2513 brcmf_sdcard_regfail(bus->sdiodev)) { 2514 brcmf_dbg(ERROR, "failed backplane access over SDIO, halting operation %d\n", 2515 brcmf_sdcard_regfail(bus->sdiodev)); 2516 bus->drvr->bus_if->state = BRCMF_BUS_DOWN; 2517 bus->intstatus = 0; 2518 } else if (bus->clkstate == CLK_PENDING) { 2519 brcmf_dbg(INFO, "rescheduled due to CLK_PENDING awaiting I_CHIPACTIVE interrupt\n"); 2520 resched = true; 2521 } else if (bus->intstatus || bus->ipend || 2522 (!bus->fcstate && brcmu_pktq_mlen(&bus->txq, ~bus->flowcontrol) 2523 && data_ok(bus)) || PKT_AVAILABLE()) { 2524 resched = true; 2525 } 2526 2527 bus->dpc_sched = resched; 2528 2529 /* If we're done for now, turn off clock request. */ 2530 if ((bus->clkstate != CLK_PENDING) 2531 && bus->idletime == BRCMF_IDLE_IMMEDIATE) { 2532 bus->activity = false; 2533 brcmf_sdbrcm_clkctl(bus, CLK_NONE, false); 2534 } 2535 2536 up(&bus->sdsem); 2537 2538 return resched; 2539} 2540 2541static int brcmf_sdbrcm_dpc_thread(void *data) 2542{ 2543 struct brcmf_sdio *bus = (struct brcmf_sdio *) data; 2544 2545 allow_signal(SIGTERM); 2546 /* Run until signal received */ 2547 while (1) { 2548 if (kthread_should_stop()) 2549 break; 2550 if (!wait_for_completion_interruptible(&bus->dpc_wait)) { 2551 /* Call bus dpc unless it indicated down 2552 (then clean stop) */ 2553 if (bus->drvr->bus_if->state != BRCMF_BUS_DOWN) { 2554 if (brcmf_sdbrcm_dpc(bus)) 2555 complete(&bus->dpc_wait); 2556 } else { 2557 /* after stopping the bus, exit thread */ 2558 brcmf_sdbrcm_bus_stop(bus->sdiodev->dev); 2559 bus->dpc_tsk = NULL; 2560 break; 2561 } 2562 } else 2563 break; 2564 } 2565 return 0; 2566} 2567 2568int brcmf_sdbrcm_bus_txdata(struct device *dev, struct sk_buff *pkt) 2569{ 2570 int ret = -EBADE; 2571 uint datalen, prec; 2572 struct brcmf_bus *bus_if = dev_get_drvdata(dev); 2573 struct brcmf_sdio_dev *sdiodev = bus_if->bus_priv; 2574 struct brcmf_sdio *bus = sdiodev->bus; 2575 2576 brcmf_dbg(TRACE, "Enter\n"); 2577 2578 datalen = pkt->len; 2579 2580 /* Add space for the header */ 2581 skb_push(pkt, SDPCM_HDRLEN); 2582 /* precondition: IS_ALIGNED((unsigned long)(pkt->data), 2) */ 2583 2584 prec = prio2prec((pkt->priority & PRIOMASK)); 2585 2586 /* Check for existing queue, current flow-control, 2587 pending event, or pending clock */ 2588 brcmf_dbg(TRACE, "deferring pktq len %d\n", pktq_len(&bus->txq)); 2589 bus->fcqueued++; 2590 2591 /* Priority based enq */ 2592 spin_lock_bh(&bus->txqlock); 2593 if (brcmf_c_prec_enq(bus->sdiodev->dev, &bus->txq, pkt, prec) == 2594 false) { 2595 skb_pull(pkt, SDPCM_HDRLEN); 2596 brcmf_txcomplete(bus->sdiodev->dev, pkt, false); 2597 brcmu_pkt_buf_free_skb(pkt); 2598 brcmf_dbg(ERROR, "out of bus->txq !!!\n"); 2599 ret = -ENOSR; 2600 } else { 2601 ret = 0; 2602 } 2603 spin_unlock_bh(&bus->txqlock); 2604 2605 if (pktq_len(&bus->txq) >= TXHI) 2606 brcmf_txflowcontrol(bus->sdiodev->dev, 0, ON); 2607 2608#ifdef BCMDBG 2609 if (pktq_plen(&bus->txq, prec) > qcount[prec]) 2610 qcount[prec] = pktq_plen(&bus->txq, prec); 2611#endif 2612 /* Schedule DPC if needed to send queued packet(s) */ 2613 if (!bus->dpc_sched) { 2614 bus->dpc_sched = true; 2615 if (bus->dpc_tsk) 2616 complete(&bus->dpc_wait); 2617 } 2618 2619 return ret; 2620} 2621 2622static int 2623brcmf_sdbrcm_membytes(struct brcmf_sdio *bus, bool write, u32 address, u8 *data, 2624 uint size) 2625{ 2626 int bcmerror = 0; 2627 u32 sdaddr; 2628 uint dsize; 2629 2630 /* Determine initial transfer parameters */ 2631 sdaddr = address & SBSDIO_SB_OFT_ADDR_MASK; 2632 if ((sdaddr + size) & SBSDIO_SBWINDOW_MASK) 2633 dsize = (SBSDIO_SB_OFT_ADDR_LIMIT - sdaddr); 2634 else 2635 dsize = size; 2636 2637 /* Set the backplane window to include the start address */ 2638 bcmerror = brcmf_sdcard_set_sbaddr_window(bus->sdiodev, address); 2639 if (bcmerror) { 2640 brcmf_dbg(ERROR, "window change failed\n"); 2641 goto xfer_done; 2642 } 2643 2644 /* Do the transfer(s) */ 2645 while (size) { 2646 brcmf_dbg(INFO, "%s %d bytes at offset 0x%08x in window 0x%08x\n", 2647 write ? "write" : "read", dsize, 2648 sdaddr, address & SBSDIO_SBWINDOW_MASK); 2649 bcmerror = brcmf_sdcard_rwdata(bus->sdiodev, write, 2650 sdaddr, data, dsize); 2651 if (bcmerror) { 2652 brcmf_dbg(ERROR, "membytes transfer failed\n"); 2653 break; 2654 } 2655 2656 /* Adjust for next transfer (if any) */ 2657 size -= dsize; 2658 if (size) { 2659 data += dsize; 2660 address += dsize; 2661 bcmerror = brcmf_sdcard_set_sbaddr_window(bus->sdiodev, 2662 address); 2663 if (bcmerror) { 2664 brcmf_dbg(ERROR, "window change failed\n"); 2665 break; 2666 } 2667 sdaddr = 0; 2668 dsize = min_t(uint, SBSDIO_SB_OFT_ADDR_LIMIT, size); 2669 } 2670 } 2671 2672xfer_done: 2673 /* Return the window to backplane enumeration space for core access */ 2674 if (brcmf_sdcard_set_sbaddr_window(bus->sdiodev, bus->sdiodev->sbwad)) 2675 brcmf_dbg(ERROR, "FAILED to set window back to 0x%x\n", 2676 bus->sdiodev->sbwad); 2677 2678 return bcmerror; 2679} 2680 2681#ifdef BCMDBG 2682#define CONSOLE_LINE_MAX 192 2683 2684static int brcmf_sdbrcm_readconsole(struct brcmf_sdio *bus) 2685{ 2686 struct brcmf_console *c = &bus->console; 2687 u8 line[CONSOLE_LINE_MAX], ch; 2688 u32 n, idx, addr; 2689 int rv; 2690 2691 /* Don't do anything until FWREADY updates console address */ 2692 if (bus->console_addr == 0) 2693 return 0; 2694 2695 /* Read console log struct */ 2696 addr = bus->console_addr + offsetof(struct rte_console, log_le); 2697 rv = brcmf_sdbrcm_membytes(bus, false, addr, (u8 *)&c->log_le, 2698 sizeof(c->log_le)); 2699 if (rv < 0) 2700 return rv; 2701 2702 /* Allocate console buffer (one time only) */ 2703 if (c->buf == NULL) { 2704 c->bufsize = le32_to_cpu(c->log_le.buf_size); 2705 c->buf = kmalloc(c->bufsize, GFP_ATOMIC); 2706 if (c->buf == NULL) 2707 return -ENOMEM; 2708 } 2709 2710 idx = le32_to_cpu(c->log_le.idx); 2711 2712 /* Protect against corrupt value */ 2713 if (idx > c->bufsize) 2714 return -EBADE; 2715 2716 /* Skip reading the console buffer if the index pointer 2717 has not moved */ 2718 if (idx == c->last) 2719 return 0; 2720 2721 /* Read the console buffer */ 2722 addr = le32_to_cpu(c->log_le.buf); 2723 rv = brcmf_sdbrcm_membytes(bus, false, addr, c->buf, c->bufsize); 2724 if (rv < 0) 2725 return rv; 2726 2727 while (c->last != idx) { 2728 for (n = 0; n < CONSOLE_LINE_MAX - 2; n++) { 2729 if (c->last == idx) { 2730 /* This would output a partial line. 2731 * Instead, back up 2732 * the buffer pointer and output this 2733 * line next time around. 2734 */ 2735 if (c->last >= n) 2736 c->last -= n; 2737 else 2738 c->last = c->bufsize - n; 2739 goto break2; 2740 } 2741 ch = c->buf[c->last]; 2742 c->last = (c->last + 1) % c->bufsize; 2743 if (ch == '\n') 2744 break; 2745 line[n] = ch; 2746 } 2747 2748 if (n > 0) { 2749 if (line[n - 1] == '\r') 2750 n--; 2751 line[n] = 0; 2752 printk(KERN_DEBUG "CONSOLE: %s\n", line); 2753 } 2754 } 2755break2: 2756 2757 return 0; 2758} 2759#endif /* BCMDBG */ 2760 2761static int brcmf_tx_frame(struct brcmf_sdio *bus, u8 *frame, u16 len) 2762{ 2763 int i; 2764 int ret; 2765 2766 bus->ctrl_frame_stat = false; 2767 ret = brcmf_sdcard_send_buf(bus->sdiodev, bus->sdiodev->sbwad, 2768 SDIO_FUNC_2, F2SYNC, frame, len); 2769 2770 if (ret < 0) { 2771 /* On failure, abort the command and terminate the frame */ 2772 brcmf_dbg(INFO, "sdio error %d, abort command and terminate frame\n", 2773 ret); 2774 bus->tx_sderrs++; 2775 2776 brcmf_sdcard_abort(bus->sdiodev, SDIO_FUNC_2); 2777 2778 brcmf_sdcard_cfg_write(bus->sdiodev, SDIO_FUNC_1, 2779 SBSDIO_FUNC1_FRAMECTRL, 2780 SFC_WF_TERM, NULL); 2781 bus->f1regdata++; 2782 2783 for (i = 0; i < 3; i++) { 2784 u8 hi, lo; 2785 hi = brcmf_sdcard_cfg_read(bus->sdiodev, SDIO_FUNC_1, 2786 SBSDIO_FUNC1_WFRAMEBCHI, 2787 NULL); 2788 lo = brcmf_sdcard_cfg_read(bus->sdiodev, SDIO_FUNC_1, 2789 SBSDIO_FUNC1_WFRAMEBCLO, 2790 NULL); 2791 bus->f1regdata += 2; 2792 if (hi == 0 && lo == 0) 2793 break; 2794 } 2795 return ret; 2796 } 2797 2798 bus->tx_seq = (bus->tx_seq + 1) % SDPCM_SEQUENCE_WRAP; 2799 2800 return ret; 2801} 2802 2803int 2804brcmf_sdbrcm_bus_txctl(struct device *dev, unsigned char *msg, uint msglen) 2805{ 2806 u8 *frame; 2807 u16 len; 2808 u32 swheader; 2809 uint retries = 0; 2810 u8 doff = 0; 2811 int ret = -1; 2812 struct brcmf_bus *bus_if = dev_get_drvdata(dev); 2813 struct brcmf_sdio_dev *sdiodev = bus_if->bus_priv; 2814 struct brcmf_sdio *bus = sdiodev->bus; 2815 2816 brcmf_dbg(TRACE, "Enter\n"); 2817 2818 /* Back the pointer to make a room for bus header */ 2819 frame = msg - SDPCM_HDRLEN; 2820 len = (msglen += SDPCM_HDRLEN); 2821 2822 /* Add alignment padding (optional for ctl frames) */ 2823 doff = ((unsigned long)frame % BRCMF_SDALIGN); 2824 if (doff) { 2825 frame -= doff; 2826 len += doff; 2827 msglen += doff; 2828 memset(frame, 0, doff + SDPCM_HDRLEN); 2829 } 2830 /* precondition: doff < BRCMF_SDALIGN */ 2831 doff += SDPCM_HDRLEN; 2832 2833 /* Round send length to next SDIO block */ 2834 if (bus->roundup && bus->blocksize && (len > bus->blocksize)) { 2835 u16 pad = bus->blocksize - (len % bus->blocksize); 2836 if ((pad <= bus->roundup) && (pad < bus->blocksize)) 2837 len += pad; 2838 } else if (len % BRCMF_SDALIGN) { 2839 len += BRCMF_SDALIGN - (len % BRCMF_SDALIGN); 2840 } 2841 2842 /* Satisfy length-alignment requirements */ 2843 if (len & (ALIGNMENT - 1)) 2844 len = roundup(len, ALIGNMENT); 2845 2846 /* precondition: IS_ALIGNED((unsigned long)frame, 2) */ 2847 2848 /* Need to lock here to protect txseq and SDIO tx calls */ 2849 down(&bus->sdsem); 2850 2851 bus_wake(bus); 2852 2853 /* Make sure backplane clock is on */ 2854 brcmf_sdbrcm_clkctl(bus, CLK_AVAIL, false); 2855 2856 /* Hardware tag: 2 byte len followed by 2 byte ~len check (all LE) */ 2857 *(__le16 *) frame = cpu_to_le16((u16) msglen); 2858 *(((__le16 *) frame) + 1) = cpu_to_le16(~msglen); 2859 2860 /* Software tag: channel, sequence number, data offset */ 2861 swheader = 2862 ((SDPCM_CONTROL_CHANNEL << SDPCM_CHANNEL_SHIFT) & 2863 SDPCM_CHANNEL_MASK) 2864 | bus->tx_seq | ((doff << SDPCM_DOFFSET_SHIFT) & 2865 SDPCM_DOFFSET_MASK); 2866 put_unaligned_le32(swheader, frame + SDPCM_FRAMETAG_LEN); 2867 put_unaligned_le32(0, frame + SDPCM_FRAMETAG_LEN + sizeof(swheader)); 2868 2869 if (!data_ok(bus)) { 2870 brcmf_dbg(INFO, "No bus credit bus->tx_max %d, bus->tx_seq %d\n", 2871 bus->tx_max, bus->tx_seq); 2872 bus->ctrl_frame_stat = true; 2873 /* Send from dpc */ 2874 bus->ctrl_frame_buf = frame; 2875 bus->ctrl_frame_len = len; 2876 2877 brcmf_sdbrcm_wait_for_event(bus, &bus->ctrl_frame_stat); 2878 2879 if (bus->ctrl_frame_stat == false) { 2880 brcmf_dbg(INFO, "ctrl_frame_stat == false\n"); 2881 ret = 0; 2882 } else { 2883 brcmf_dbg(INFO, "ctrl_frame_stat == true\n"); 2884 ret = -1; 2885 } 2886 } 2887 2888 if (ret == -1) { 2889#ifdef BCMDBG 2890 if (BRCMF_BYTES_ON() && BRCMF_CTL_ON()) { 2891 printk(KERN_DEBUG "Tx Frame:\n"); 2892 print_hex_dump_bytes("", DUMP_PREFIX_OFFSET, 2893 frame, len); 2894 } else if (BRCMF_HDRS_ON()) { 2895 printk(KERN_DEBUG "TxHdr:\n"); 2896 print_hex_dump_bytes("", DUMP_PREFIX_OFFSET, 2897 frame, min_t(u16, len, 16)); 2898 } 2899#endif 2900 2901 do { 2902 ret = brcmf_tx_frame(bus, frame, len); 2903 } while (ret < 0 && retries++ < TXRETRIES); 2904 } 2905 2906 if ((bus->idletime == BRCMF_IDLE_IMMEDIATE) && !bus->dpc_sched) { 2907 bus->activity = false; 2908 brcmf_sdbrcm_clkctl(bus, CLK_NONE, true); 2909 } 2910 2911 up(&bus->sdsem); 2912 2913 if (ret) 2914 bus->drvr->tx_ctlerrs++; 2915 else 2916 bus->drvr->tx_ctlpkts++; 2917 2918 return ret ? -EIO : 0; 2919} 2920 2921int 2922brcmf_sdbrcm_bus_rxctl(struct device *dev, unsigned char *msg, uint msglen) 2923{ 2924 int timeleft; 2925 uint rxlen = 0; 2926 bool pending; 2927 struct brcmf_bus *bus_if = dev_get_drvdata(dev); 2928 struct brcmf_sdio_dev *sdiodev = bus_if->bus_priv; 2929 struct brcmf_sdio *bus = sdiodev->bus; 2930 2931 brcmf_dbg(TRACE, "Enter\n"); 2932 2933 /* Wait until control frame is available */ 2934 timeleft = brcmf_sdbrcm_dcmd_resp_wait(bus, &bus->rxlen, &pending); 2935 2936 down(&bus->sdsem); 2937 rxlen = bus->rxlen; 2938 memcpy(msg, bus->rxctl, min(msglen, rxlen)); 2939 bus->rxlen = 0; 2940 up(&bus->sdsem); 2941 2942 if (rxlen) { 2943 brcmf_dbg(CTL, "resumed on rxctl frame, got %d expected %d\n", 2944 rxlen, msglen); 2945 } else if (timeleft == 0) { 2946 brcmf_dbg(ERROR, "resumed on timeout\n"); 2947 } else if (pending == true) { 2948 brcmf_dbg(CTL, "cancelled\n"); 2949 return -ERESTARTSYS; 2950 } else { 2951 brcmf_dbg(CTL, "resumed for unknown reason?\n"); 2952 } 2953 2954 if (rxlen) 2955 bus->drvr->rx_ctlpkts++; 2956 else 2957 bus->drvr->rx_ctlerrs++; 2958 2959 return rxlen ? (int)rxlen : -ETIMEDOUT; 2960} 2961 2962static int brcmf_sdbrcm_downloadvars(struct brcmf_sdio *bus, void *arg, int len) 2963{ 2964 int bcmerror = 0; 2965 2966 brcmf_dbg(TRACE, "Enter\n"); 2967 2968 /* Basic sanity checks */ 2969 if (bus->drvr->up) { 2970 bcmerror = -EISCONN; 2971 goto err; 2972 } 2973 if (!len) { 2974 bcmerror = -EOVERFLOW; 2975 goto err; 2976 } 2977 2978 /* Free the old ones and replace with passed variables */ 2979 kfree(bus->vars); 2980 2981 bus->vars = kmalloc(len, GFP_ATOMIC); 2982 bus->varsz = bus->vars ? len : 0; 2983 if (bus->vars == NULL) { 2984 bcmerror = -ENOMEM; 2985 goto err; 2986 } 2987 2988 /* Copy the passed variables, which should include the 2989 terminating double-null */ 2990 memcpy(bus->vars, arg, bus->varsz); 2991err: 2992 return bcmerror; 2993} 2994 2995static int brcmf_sdbrcm_write_vars(struct brcmf_sdio *bus) 2996{ 2997 int bcmerror = 0; 2998 u32 varsize; 2999 u32 varaddr; 3000 u8 *vbuffer; 3001 u32 varsizew; 3002 __le32 varsizew_le; 3003#ifdef BCMDBG 3004 char *nvram_ularray; 3005#endif /* BCMDBG */ 3006 3007 /* Even if there are no vars are to be written, we still 3008 need to set the ramsize. */ 3009 varsize = bus->varsz ? roundup(bus->varsz, 4) : 0; 3010 varaddr = (bus->ramsize - 4) - varsize; 3011 3012 if (bus->vars) { 3013 vbuffer = kzalloc(varsize, GFP_ATOMIC); 3014 if (!vbuffer) 3015 return -ENOMEM; 3016 3017 memcpy(vbuffer, bus->vars, bus->varsz); 3018 3019 /* Write the vars list */ 3020 bcmerror = 3021 brcmf_sdbrcm_membytes(bus, true, varaddr, vbuffer, varsize); 3022#ifdef BCMDBG 3023 /* Verify NVRAM bytes */ 3024 brcmf_dbg(INFO, "Compare NVRAM dl & ul; varsize=%d\n", varsize); 3025 nvram_ularray = kmalloc(varsize, GFP_ATOMIC); 3026 if (!nvram_ularray) 3027 return -ENOMEM; 3028 3029 /* Upload image to verify downloaded contents. */ 3030 memset(nvram_ularray, 0xaa, varsize); 3031 3032 /* Read the vars list to temp buffer for comparison */ 3033 bcmerror = 3034 brcmf_sdbrcm_membytes(bus, false, varaddr, nvram_ularray, 3035 varsize); 3036 if (bcmerror) { 3037 brcmf_dbg(ERROR, "error %d on reading %d nvram bytes at 0x%08x\n", 3038 bcmerror, varsize, varaddr); 3039 } 3040 /* Compare the org NVRAM with the one read from RAM */ 3041 if (memcmp(vbuffer, nvram_ularray, varsize)) 3042 brcmf_dbg(ERROR, "Downloaded NVRAM image is corrupted\n"); 3043 else 3044 brcmf_dbg(ERROR, "Download/Upload/Compare of NVRAM ok\n"); 3045 3046 kfree(nvram_ularray); 3047#endif /* BCMDBG */ 3048 3049 kfree(vbuffer); 3050 } 3051 3052 /* adjust to the user specified RAM */ 3053 brcmf_dbg(INFO, "Physical memory size: %d\n", bus->ramsize); 3054 brcmf_dbg(INFO, "Vars are at %d, orig varsize is %d\n", 3055 varaddr, varsize); 3056 varsize = ((bus->ramsize - 4) - varaddr); 3057 3058 /* 3059 * Determine the length token: 3060 * Varsize, converted to words, in lower 16-bits, checksum 3061 * in upper 16-bits. 3062 */ 3063 if (bcmerror) { 3064 varsizew = 0; 3065 varsizew_le = cpu_to_le32(0); 3066 } else { 3067 varsizew = varsize / 4; 3068 varsizew = (~varsizew << 16) | (varsizew & 0x0000FFFF); 3069 varsizew_le = cpu_to_le32(varsizew); 3070 } 3071 3072 brcmf_dbg(INFO, "New varsize is %d, length token=0x%08x\n", 3073 varsize, varsizew); 3074 3075 /* Write the length token to the last word */ 3076 bcmerror = brcmf_sdbrcm_membytes(bus, true, (bus->ramsize - 4), 3077 (u8 *)&varsizew_le, 4); 3078 3079 return bcmerror; 3080} 3081 3082static int brcmf_sdbrcm_download_state(struct brcmf_sdio *bus, bool enter) 3083{ 3084 uint retries; 3085 int bcmerror = 0; 3086 struct chip_info *ci = bus->ci; 3087 3088 /* To enter download state, disable ARM and reset SOCRAM. 3089 * To exit download state, simply reset ARM (default is RAM boot). 3090 */ 3091 if (enter) { 3092 bus->alp_only = true; 3093 3094 ci->coredisable(bus->sdiodev, ci, BCMA_CORE_ARM_CM3); 3095 3096 ci->resetcore(bus->sdiodev, ci, BCMA_CORE_INTERNAL_MEM); 3097 3098 /* Clear the top bit of memory */ 3099 if (bus->ramsize) { 3100 u32 zeros = 0; 3101 brcmf_sdbrcm_membytes(bus, true, bus->ramsize - 4, 3102 (u8 *)&zeros, 4); 3103 } 3104 } else { 3105 if (!ci->iscoreup(bus->sdiodev, ci, BCMA_CORE_INTERNAL_MEM)) { 3106 brcmf_dbg(ERROR, "SOCRAM core is down after reset?\n"); 3107 bcmerror = -EBADE; 3108 goto fail; 3109 } 3110 3111 bcmerror = brcmf_sdbrcm_write_vars(bus); 3112 if (bcmerror) { 3113 brcmf_dbg(ERROR, "no vars written to RAM\n"); 3114 bcmerror = 0; 3115 } 3116 3117 w_sdreg32(bus, 0xFFFFFFFF, 3118 offsetof(struct sdpcmd_regs, intstatus), &retries); 3119 3120 ci->resetcore(bus->sdiodev, ci, BCMA_CORE_ARM_CM3); 3121 3122 /* Allow HT Clock now that the ARM is running. */ 3123 bus->alp_only = false; 3124 3125 bus->drvr->bus_if->state = BRCMF_BUS_LOAD; 3126 } 3127fail: 3128 return bcmerror; 3129} 3130 3131static int brcmf_sdbrcm_get_image(char *buf, int len, struct brcmf_sdio *bus) 3132{ 3133 if (bus->firmware->size < bus->fw_ptr + len) 3134 len = bus->firmware->size - bus->fw_ptr; 3135 3136 memcpy(buf, &bus->firmware->data[bus->fw_ptr], len); 3137 bus->fw_ptr += len; 3138 return len; 3139} 3140 3141static int brcmf_sdbrcm_download_code_file(struct brcmf_sdio *bus) 3142{ 3143 int offset = 0; 3144 uint len; 3145 u8 *memblock = NULL, *memptr; 3146 int ret; 3147 3148 brcmf_dbg(INFO, "Enter\n"); 3149 3150 ret = request_firmware(&bus->firmware, BRCMFMAC_FW_NAME, 3151 &bus->sdiodev->func[2]->dev); 3152 if (ret) { 3153 brcmf_dbg(ERROR, "Fail to request firmware %d\n", ret); 3154 return ret; 3155 } 3156 bus->fw_ptr = 0; 3157 3158 memptr = memblock = kmalloc(MEMBLOCK + BRCMF_SDALIGN, GFP_ATOMIC); 3159 if (memblock == NULL) { 3160 ret = -ENOMEM; 3161 goto err; 3162 } 3163 if ((u32)(unsigned long)memblock % BRCMF_SDALIGN) 3164 memptr += (BRCMF_SDALIGN - 3165 ((u32)(unsigned long)memblock % BRCMF_SDALIGN)); 3166 3167 /* Download image */ 3168 while ((len = 3169 brcmf_sdbrcm_get_image((char *)memptr, MEMBLOCK, bus))) { 3170 ret = brcmf_sdbrcm_membytes(bus, true, offset, memptr, len); 3171 if (ret) { 3172 brcmf_dbg(ERROR, "error %d on writing %d membytes at 0x%08x\n", 3173 ret, MEMBLOCK, offset); 3174 goto err; 3175 } 3176 3177 offset += MEMBLOCK; 3178 } 3179 3180err: 3181 kfree(memblock); 3182 3183 release_firmware(bus->firmware); 3184 bus->fw_ptr = 0; 3185 3186 return ret; 3187} 3188 3189/* 3190 * ProcessVars:Takes a buffer of "<var>=<value>\n" lines read from a file 3191 * and ending in a NUL. 3192 * Removes carriage returns, empty lines, comment lines, and converts 3193 * newlines to NULs. 3194 * Shortens buffer as needed and pads with NULs. End of buffer is marked 3195 * by two NULs. 3196*/ 3197 3198static uint brcmf_process_nvram_vars(char *varbuf, uint len) 3199{ 3200 char *dp; 3201 bool findNewline; 3202 int column; 3203 uint buf_len, n; 3204 3205 dp = varbuf; 3206 3207 findNewline = false; 3208 column = 0; 3209 3210 for (n = 0; n < len; n++) { 3211 if (varbuf[n] == 0) 3212 break; 3213 if (varbuf[n] == '\r') 3214 continue; 3215 if (findNewline && varbuf[n] != '\n') 3216 continue; 3217 findNewline = false; 3218 if (varbuf[n] == '#') { 3219 findNewline = true; 3220 continue; 3221 } 3222 if (varbuf[n] == '\n') { 3223 if (column == 0) 3224 continue; 3225 *dp++ = 0; 3226 column = 0; 3227 continue; 3228 } 3229 *dp++ = varbuf[n]; 3230 column++; 3231 } 3232 buf_len = dp - varbuf; 3233 3234 while (dp < varbuf + n) 3235 *dp++ = 0; 3236 3237 return buf_len; 3238} 3239 3240static int brcmf_sdbrcm_download_nvram(struct brcmf_sdio *bus) 3241{ 3242 uint len; 3243 char *memblock = NULL; 3244 char *bufp; 3245 int ret; 3246 3247 ret = request_firmware(&bus->firmware, BRCMFMAC_NV_NAME, 3248 &bus->sdiodev->func[2]->dev); 3249 if (ret) { 3250 brcmf_dbg(ERROR, "Fail to request nvram %d\n", ret); 3251 return ret; 3252 } 3253 bus->fw_ptr = 0; 3254 3255 memblock = kmalloc(MEMBLOCK, GFP_ATOMIC); 3256 if (memblock == NULL) { 3257 ret = -ENOMEM; 3258 goto err; 3259 } 3260 3261 len = brcmf_sdbrcm_get_image(memblock, MEMBLOCK, bus); 3262 3263 if (len > 0 && len < MEMBLOCK) { 3264 bufp = (char *)memblock; 3265 bufp[len] = 0; 3266 len = brcmf_process_nvram_vars(bufp, len); 3267 bufp += len; 3268 *bufp++ = 0; 3269 if (len) 3270 ret = brcmf_sdbrcm_downloadvars(bus, memblock, len + 1); 3271 if (ret) 3272 brcmf_dbg(ERROR, "error downloading vars: %d\n", ret); 3273 } else { 3274 brcmf_dbg(ERROR, "error reading nvram file: %d\n", len); 3275 ret = -EIO; 3276 } 3277 3278err: 3279 kfree(memblock); 3280 3281 release_firmware(bus->firmware); 3282 bus->fw_ptr = 0; 3283 3284 return ret; 3285} 3286 3287static int _brcmf_sdbrcm_download_firmware(struct brcmf_sdio *bus) 3288{ 3289 int bcmerror = -1; 3290 3291 /* Keep arm in reset */ 3292 if (brcmf_sdbrcm_download_state(bus, true)) { 3293 brcmf_dbg(ERROR, "error placing ARM core in reset\n"); 3294 goto err; 3295 } 3296 3297 /* External image takes precedence if specified */ 3298 if (brcmf_sdbrcm_download_code_file(bus)) { 3299 brcmf_dbg(ERROR, "dongle image file download failed\n"); 3300 goto err; 3301 } 3302 3303 /* External nvram takes precedence if specified */ 3304 if (brcmf_sdbrcm_download_nvram(bus)) 3305 brcmf_dbg(ERROR, "dongle nvram file download failed\n"); 3306 3307 /* Take arm out of reset */ 3308 if (brcmf_sdbrcm_download_state(bus, false)) { 3309 brcmf_dbg(ERROR, "error getting out of ARM core reset\n"); 3310 goto err; 3311 } 3312 3313 bcmerror = 0; 3314 3315err: 3316 return bcmerror; 3317} 3318 3319static bool 3320brcmf_sdbrcm_download_firmware(struct brcmf_sdio *bus) 3321{ 3322 bool ret; 3323 3324 /* Download the firmware */ 3325 brcmf_sdbrcm_clkctl(bus, CLK_AVAIL, false); 3326 3327 ret = _brcmf_sdbrcm_download_firmware(bus) == 0; 3328 3329 brcmf_sdbrcm_clkctl(bus, CLK_SDONLY, false); 3330 3331 return ret; 3332} 3333 3334void brcmf_sdbrcm_bus_stop(struct device *dev) 3335{ 3336 u32 local_hostintmask; 3337 u8 saveclk; 3338 uint retries; 3339 int err; 3340 struct brcmf_bus *bus_if = dev_get_drvdata(dev); 3341 struct brcmf_sdio_dev *sdiodev = bus_if->bus_priv; 3342 struct brcmf_sdio *bus = sdiodev->bus; 3343 3344 brcmf_dbg(TRACE, "Enter\n"); 3345 3346 if (bus->watchdog_tsk) { 3347 send_sig(SIGTERM, bus->watchdog_tsk, 1); 3348 kthread_stop(bus->watchdog_tsk); 3349 bus->watchdog_tsk = NULL; 3350 } 3351 3352 if (bus->dpc_tsk && bus->dpc_tsk != current) { 3353 send_sig(SIGTERM, bus->dpc_tsk, 1); 3354 kthread_stop(bus->dpc_tsk); 3355 bus->dpc_tsk = NULL; 3356 } 3357 3358 down(&bus->sdsem); 3359 3360 bus_wake(bus); 3361 3362 /* Enable clock for device interrupts */ 3363 brcmf_sdbrcm_clkctl(bus, CLK_AVAIL, false); 3364 3365 /* Disable and clear interrupts at the chip level also */ 3366 w_sdreg32(bus, 0, offsetof(struct sdpcmd_regs, hostintmask), &retries); 3367 local_hostintmask = bus->hostintmask; 3368 bus->hostintmask = 0; 3369 3370 /* Change our idea of bus state */ 3371 bus->drvr->bus_if->state = BRCMF_BUS_DOWN; 3372 3373 /* Force clocks on backplane to be sure F2 interrupt propagates */ 3374 saveclk = brcmf_sdcard_cfg_read(bus->sdiodev, SDIO_FUNC_1, 3375 SBSDIO_FUNC1_CHIPCLKCSR, &err); 3376 if (!err) { 3377 brcmf_sdcard_cfg_write(bus->sdiodev, SDIO_FUNC_1, 3378 SBSDIO_FUNC1_CHIPCLKCSR, 3379 (saveclk | SBSDIO_FORCE_HT), &err); 3380 } 3381 if (err) 3382 brcmf_dbg(ERROR, "Failed to force clock for F2: err %d\n", err); 3383 3384 /* Turn off the bus (F2), free any pending packets */ 3385 brcmf_dbg(INTR, "disable SDIO interrupts\n"); 3386 brcmf_sdcard_cfg_write(bus->sdiodev, SDIO_FUNC_0, SDIO_CCCR_IOEx, 3387 SDIO_FUNC_ENABLE_1, NULL); 3388 3389 /* Clear any pending interrupts now that F2 is disabled */ 3390 w_sdreg32(bus, local_hostintmask, 3391 offsetof(struct sdpcmd_regs, intstatus), &retries); 3392 3393 /* Turn off the backplane clock (only) */ 3394 brcmf_sdbrcm_clkctl(bus, CLK_SDONLY, false); 3395 3396 /* Clear the data packet queues */ 3397 brcmu_pktq_flush(&bus->txq, true, NULL, NULL); 3398 3399 /* Clear any held glomming stuff */ 3400 if (bus->glomd) 3401 brcmu_pkt_buf_free_skb(bus->glomd); 3402 brcmf_sdbrcm_free_glom(bus); 3403 3404 /* Clear rx control and wake any waiters */ 3405 bus->rxlen = 0; 3406 brcmf_sdbrcm_dcmd_resp_wake(bus); 3407 3408 /* Reset some F2 state stuff */ 3409 bus->rxskip = false; 3410 bus->tx_seq = bus->rx_seq = 0; 3411 3412 up(&bus->sdsem); 3413} 3414 3415int brcmf_sdbrcm_bus_init(struct device *dev) 3416{ 3417 struct brcmf_bus *bus_if = dev_get_drvdata(dev); 3418 struct brcmf_sdio_dev *sdiodev = bus_if->bus_priv; 3419 struct brcmf_sdio *bus = sdiodev->bus; 3420 unsigned long timeout; 3421 uint retries = 0; 3422 u8 ready, enable; 3423 int err, ret = 0; 3424 u8 saveclk; 3425 3426 brcmf_dbg(TRACE, "Enter\n"); 3427 3428 /* try to download image and nvram to the dongle */ 3429 if (bus_if->state == BRCMF_BUS_DOWN) { 3430 if (!(brcmf_sdbrcm_download_firmware(bus))) 3431 return -1; 3432 } 3433 3434 if (!bus->drvr) 3435 return 0; 3436 3437 /* Start the watchdog timer */ 3438 bus->drvr->tickcnt = 0; 3439 brcmf_sdbrcm_wd_timer(bus, BRCMF_WD_POLL_MS); 3440 3441 down(&bus->sdsem); 3442 3443 /* Make sure backplane clock is on, needed to generate F2 interrupt */ 3444 brcmf_sdbrcm_clkctl(bus, CLK_AVAIL, false); 3445 if (bus->clkstate != CLK_AVAIL) 3446 goto exit; 3447 3448 /* Force clocks on backplane to be sure F2 interrupt propagates */ 3449 saveclk = 3450 brcmf_sdcard_cfg_read(bus->sdiodev, SDIO_FUNC_1, 3451 SBSDIO_FUNC1_CHIPCLKCSR, &err); 3452 if (!err) { 3453 brcmf_sdcard_cfg_write(bus->sdiodev, SDIO_FUNC_1, 3454 SBSDIO_FUNC1_CHIPCLKCSR, 3455 (saveclk | SBSDIO_FORCE_HT), &err); 3456 } 3457 if (err) { 3458 brcmf_dbg(ERROR, "Failed to force clock for F2: err %d\n", err); 3459 goto exit; 3460 } 3461 3462 /* Enable function 2 (frame transfers) */ 3463 w_sdreg32(bus, SDPCM_PROT_VERSION << SMB_DATA_VERSION_SHIFT, 3464 offsetof(struct sdpcmd_regs, tosbmailboxdata), &retries); 3465 enable = (SDIO_FUNC_ENABLE_1 | SDIO_FUNC_ENABLE_2); 3466 3467 brcmf_sdcard_cfg_write(bus->sdiodev, SDIO_FUNC_0, SDIO_CCCR_IOEx, 3468 enable, NULL); 3469 3470 timeout = jiffies + msecs_to_jiffies(BRCMF_WAIT_F2RDY); 3471 ready = 0; 3472 while (enable != ready) { 3473 ready = brcmf_sdcard_cfg_read(bus->sdiodev, SDIO_FUNC_0, 3474 SDIO_CCCR_IORx, NULL); 3475 if (time_after(jiffies, timeout)) 3476 break; 3477 else if (time_after(jiffies, timeout - BRCMF_WAIT_F2RDY + 50)) 3478 /* prevent busy waiting if it takes too long */ 3479 msleep_interruptible(20); 3480 } 3481 3482 brcmf_dbg(INFO, "enable 0x%02x, ready 0x%02x\n", enable, ready); 3483 3484 /* If F2 successfully enabled, set core and enable interrupts */ 3485 if (ready == enable) { 3486 /* Set up the interrupt mask and enable interrupts */ 3487 bus->hostintmask = HOSTINTMASK; 3488 w_sdreg32(bus, bus->hostintmask, 3489 offsetof(struct sdpcmd_regs, hostintmask), &retries); 3490 3491 brcmf_sdcard_cfg_write(bus->sdiodev, SDIO_FUNC_1, 3492 SBSDIO_WATERMARK, 8, &err); 3493 3494 /* Set bus state according to enable result */ 3495 bus_if->state = BRCMF_BUS_DATA; 3496 } 3497 3498 else { 3499 /* Disable F2 again */ 3500 enable = SDIO_FUNC_ENABLE_1; 3501 brcmf_sdcard_cfg_write(bus->sdiodev, SDIO_FUNC_0, 3502 SDIO_CCCR_IOEx, enable, NULL); 3503 } 3504 3505 /* Restore previous clock setting */ 3506 brcmf_sdcard_cfg_write(bus->sdiodev, SDIO_FUNC_1, 3507 SBSDIO_FUNC1_CHIPCLKCSR, saveclk, &err); 3508 3509 /* If we didn't come up, turn off backplane clock */ 3510 if (bus_if->state != BRCMF_BUS_DATA) 3511 brcmf_sdbrcm_clkctl(bus, CLK_NONE, false); 3512 3513exit: 3514 up(&bus->sdsem); 3515 3516 return ret; 3517} 3518 3519void brcmf_sdbrcm_isr(void *arg) 3520{ 3521 struct brcmf_sdio *bus = (struct brcmf_sdio *) arg; 3522 3523 brcmf_dbg(TRACE, "Enter\n"); 3524 3525 if (!bus) { 3526 brcmf_dbg(ERROR, "bus is null pointer, exiting\n"); 3527 return; 3528 } 3529 3530 if (bus->drvr->bus_if->state == BRCMF_BUS_DOWN) { 3531 brcmf_dbg(ERROR, "bus is down. we have nothing to do\n"); 3532 return; 3533 } 3534 /* Count the interrupt call */ 3535 bus->intrcount++; 3536 bus->ipend = true; 3537 3538 /* Shouldn't get this interrupt if we're sleeping? */ 3539 if (bus->sleeping) { 3540 brcmf_dbg(ERROR, "INTERRUPT WHILE SLEEPING??\n"); 3541 return; 3542 } 3543 3544 /* Disable additional interrupts (is this needed now)? */ 3545 if (!bus->intr) 3546 brcmf_dbg(ERROR, "isr w/o interrupt configured!\n"); 3547 3548 bus->dpc_sched = true; 3549 if (bus->dpc_tsk) 3550 complete(&bus->dpc_wait); 3551} 3552 3553static bool brcmf_sdbrcm_bus_watchdog(struct brcmf_sdio *bus) 3554{ 3555#ifdef BCMDBG 3556 struct brcmf_bus *bus_if = dev_get_drvdata(bus->sdiodev->dev); 3557#endif /* BCMDBG */ 3558 3559 brcmf_dbg(TIMER, "Enter\n"); 3560 3561 /* Ignore the timer if simulating bus down */ 3562 if (bus->sleeping) 3563 return false; 3564 3565 down(&bus->sdsem); 3566 3567 /* Poll period: check device if appropriate. */ 3568 if (bus->poll && (++bus->polltick >= bus->pollrate)) { 3569 u32 intstatus = 0; 3570 3571 /* Reset poll tick */ 3572 bus->polltick = 0; 3573 3574 /* Check device if no interrupts */ 3575 if (!bus->intr || (bus->intrcount == bus->lastintrs)) { 3576 3577 if (!bus->dpc_sched) { 3578 u8 devpend; 3579 devpend = brcmf_sdcard_cfg_read(bus->sdiodev, 3580 SDIO_FUNC_0, SDIO_CCCR_INTx, 3581 NULL); 3582 intstatus = 3583 devpend & (INTR_STATUS_FUNC1 | 3584 INTR_STATUS_FUNC2); 3585 } 3586 3587 /* If there is something, make like the ISR and 3588 schedule the DPC */ 3589 if (intstatus) { 3590 bus->pollcnt++; 3591 bus->ipend = true; 3592 3593 bus->dpc_sched = true; 3594 if (bus->dpc_tsk) 3595 complete(&bus->dpc_wait); 3596 } 3597 } 3598 3599 /* Update interrupt tracking */ 3600 bus->lastintrs = bus->intrcount; 3601 } 3602#ifdef BCMDBG 3603 /* Poll for console output periodically */ 3604 if (bus_if->state == BRCMF_BUS_DATA && 3605 bus->console_interval != 0) { 3606 bus->console.count += BRCMF_WD_POLL_MS; 3607 if (bus->console.count >= bus->console_interval) { 3608 bus->console.count -= bus->console_interval; 3609 /* Make sure backplane clock is on */ 3610 brcmf_sdbrcm_clkctl(bus, CLK_AVAIL, false); 3611 if (brcmf_sdbrcm_readconsole(bus) < 0) 3612 /* stop on error */ 3613 bus->console_interval = 0; 3614 } 3615 } 3616#endif /* BCMDBG */ 3617 3618 /* On idle timeout clear activity flag and/or turn off clock */ 3619 if ((bus->idletime > 0) && (bus->clkstate == CLK_AVAIL)) { 3620 if (++bus->idlecount >= bus->idletime) { 3621 bus->idlecount = 0; 3622 if (bus->activity) { 3623 bus->activity = false; 3624 brcmf_sdbrcm_wd_timer(bus, BRCMF_WD_POLL_MS); 3625 } else { 3626 brcmf_sdbrcm_clkctl(bus, CLK_NONE, false); 3627 } 3628 } 3629 } 3630 3631 up(&bus->sdsem); 3632 3633 return bus->ipend; 3634} 3635 3636static bool brcmf_sdbrcm_chipmatch(u16 chipid) 3637{ 3638 if (chipid == BCM4329_CHIP_ID) 3639 return true; 3640 if (chipid == BCM4330_CHIP_ID) 3641 return true; 3642 return false; 3643} 3644 3645static void brcmf_sdbrcm_release_malloc(struct brcmf_sdio *bus) 3646{ 3647 brcmf_dbg(TRACE, "Enter\n"); 3648 3649 kfree(bus->rxbuf); 3650 bus->rxctl = bus->rxbuf = NULL; 3651 bus->rxlen = 0; 3652 3653 kfree(bus->databuf); 3654 bus->databuf = NULL; 3655} 3656 3657static bool brcmf_sdbrcm_probe_malloc(struct brcmf_sdio *bus) 3658{ 3659 brcmf_dbg(TRACE, "Enter\n"); 3660 3661 if (bus->drvr->maxctl) { 3662 bus->rxblen = 3663 roundup((bus->drvr->maxctl + SDPCM_HDRLEN), 3664 ALIGNMENT) + BRCMF_SDALIGN; 3665 bus->rxbuf = kmalloc(bus->rxblen, GFP_ATOMIC); 3666 if (!(bus->rxbuf)) 3667 goto fail; 3668 } 3669 3670 /* Allocate buffer to receive glomed packet */ 3671 bus->databuf = kmalloc(MAX_DATA_BUF, GFP_ATOMIC); 3672 if (!(bus->databuf)) { 3673 /* release rxbuf which was already located as above */ 3674 if (!bus->rxblen) 3675 kfree(bus->rxbuf); 3676 goto fail; 3677 } 3678 3679 /* Align the buffer */ 3680 if ((unsigned long)bus->databuf % BRCMF_SDALIGN) 3681 bus->dataptr = bus->databuf + (BRCMF_SDALIGN - 3682 ((unsigned long)bus->databuf % BRCMF_SDALIGN)); 3683 else 3684 bus->dataptr = bus->databuf; 3685 3686 return true; 3687 3688fail: 3689 return false; 3690} 3691 3692static bool 3693brcmf_sdbrcm_probe_attach(struct brcmf_sdio *bus, u32 regsva) 3694{ 3695 u8 clkctl = 0; 3696 int err = 0; 3697 int reg_addr; 3698 u32 reg_val; 3699 u8 idx; 3700 3701 bus->alp_only = true; 3702 3703 /* Return the window to backplane enumeration space for core access */ 3704 if (brcmf_sdcard_set_sbaddr_window(bus->sdiodev, SI_ENUM_BASE)) 3705 brcmf_dbg(ERROR, "FAILED to return to SI_ENUM_BASE\n"); 3706 3707#ifdef BCMDBG 3708 printk(KERN_DEBUG "F1 signature read @0x18000000=0x%4x\n", 3709 brcmf_sdcard_reg_read(bus->sdiodev, SI_ENUM_BASE, 4)); 3710 3711#endif /* BCMDBG */ 3712 3713 /* 3714 * Force PLL off until brcmf_sdio_chip_attach() 3715 * programs PLL control regs 3716 */ 3717 3718 brcmf_sdcard_cfg_write(bus->sdiodev, SDIO_FUNC_1, 3719 SBSDIO_FUNC1_CHIPCLKCSR, 3720 BRCMF_INIT_CLKCTL1, &err); 3721 if (!err) 3722 clkctl = 3723 brcmf_sdcard_cfg_read(bus->sdiodev, SDIO_FUNC_1, 3724 SBSDIO_FUNC1_CHIPCLKCSR, &err); 3725 3726 if (err || ((clkctl & ~SBSDIO_AVBITS) != BRCMF_INIT_CLKCTL1)) { 3727 brcmf_dbg(ERROR, "ChipClkCSR access: err %d wrote 0x%02x read 0x%02x\n", 3728 err, BRCMF_INIT_CLKCTL1, clkctl); 3729 goto fail; 3730 } 3731 3732 if (brcmf_sdio_chip_attach(bus->sdiodev, &bus->ci, regsva)) { 3733 brcmf_dbg(ERROR, "brcmf_sdio_chip_attach failed!\n"); 3734 goto fail; 3735 } 3736 3737 if (!brcmf_sdbrcm_chipmatch((u16) bus->ci->chip)) { 3738 brcmf_dbg(ERROR, "unsupported chip: 0x%04x\n", bus->ci->chip); 3739 goto fail; 3740 } 3741 3742 brcmf_sdio_chip_drivestrengthinit(bus->sdiodev, bus->ci, 3743 SDIO_DRIVE_STRENGTH); 3744 3745 /* Get info on the SOCRAM cores... */ 3746 bus->ramsize = bus->ci->ramsize; 3747 if (!(bus->ramsize)) { 3748 brcmf_dbg(ERROR, "failed to find SOCRAM memory!\n"); 3749 goto fail; 3750 } 3751 3752 /* Set core control so an SDIO reset does a backplane reset */ 3753 idx = brcmf_sdio_chip_getinfidx(bus->ci, BCMA_CORE_SDIO_DEV); 3754 reg_addr = bus->ci->c_inf[idx].base + 3755 offsetof(struct sdpcmd_regs, corecontrol); 3756 reg_val = brcmf_sdcard_reg_read(bus->sdiodev, reg_addr, sizeof(u32)); 3757 brcmf_sdcard_reg_write(bus->sdiodev, reg_addr, sizeof(u32), 3758 reg_val | CC_BPRESEN); 3759 3760 brcmu_pktq_init(&bus->txq, (PRIOMASK + 1), TXQLEN); 3761 3762 /* Locate an appropriately-aligned portion of hdrbuf */ 3763 bus->rxhdr = (u8 *) roundup((unsigned long)&bus->hdrbuf[0], 3764 BRCMF_SDALIGN); 3765 3766 /* Set the poll and/or interrupt flags */ 3767 bus->intr = true; 3768 bus->poll = false; 3769 if (bus->poll) 3770 bus->pollrate = 1; 3771 3772 return true; 3773 3774fail: 3775 return false; 3776} 3777 3778static bool brcmf_sdbrcm_probe_init(struct brcmf_sdio *bus) 3779{ 3780 brcmf_dbg(TRACE, "Enter\n"); 3781 3782 /* Disable F2 to clear any intermediate frame state on the dongle */ 3783 brcmf_sdcard_cfg_write(bus->sdiodev, SDIO_FUNC_0, SDIO_CCCR_IOEx, 3784 SDIO_FUNC_ENABLE_1, NULL); 3785 3786 bus->drvr->bus_if->state = BRCMF_BUS_DOWN; 3787 bus->sleeping = false; 3788 bus->rxflow = false; 3789 3790 /* Done with backplane-dependent accesses, can drop clock... */ 3791 brcmf_sdcard_cfg_write(bus->sdiodev, SDIO_FUNC_1, 3792 SBSDIO_FUNC1_CHIPCLKCSR, 0, NULL); 3793 3794 /* ...and initialize clock/power states */ 3795 bus->clkstate = CLK_SDONLY; 3796 bus->idletime = BRCMF_IDLE_INTERVAL; 3797 bus->idleclock = BRCMF_IDLE_ACTIVE; 3798 3799 /* Query the F2 block size, set roundup accordingly */ 3800 bus->blocksize = bus->sdiodev->func[2]->cur_blksize; 3801 bus->roundup = min(max_roundup, bus->blocksize); 3802 3803 /* bus module does not support packet chaining */ 3804 bus->use_rxchain = false; 3805 bus->sd_rxchain = false; 3806 3807 return true; 3808} 3809 3810static int 3811brcmf_sdbrcm_watchdog_thread(void *data) 3812{ 3813 struct brcmf_sdio *bus = (struct brcmf_sdio *)data; 3814 3815 allow_signal(SIGTERM); 3816 /* Run until signal received */ 3817 while (1) { 3818 if (kthread_should_stop()) 3819 break; 3820 if (!wait_for_completion_interruptible(&bus->watchdog_wait)) { 3821 brcmf_sdbrcm_bus_watchdog(bus); 3822 /* Count the tick for reference */ 3823 bus->drvr->tickcnt++; 3824 } else 3825 break; 3826 } 3827 return 0; 3828} 3829 3830static void 3831brcmf_sdbrcm_watchdog(unsigned long data) 3832{ 3833 struct brcmf_sdio *bus = (struct brcmf_sdio *)data; 3834 3835 if (bus->watchdog_tsk) { 3836 complete(&bus->watchdog_wait); 3837 /* Reschedule the watchdog */ 3838 if (bus->wd_timer_valid) 3839 mod_timer(&bus->timer, 3840 jiffies + BRCMF_WD_POLL_MS * HZ / 1000); 3841 } 3842} 3843 3844static void brcmf_sdbrcm_release_dongle(struct brcmf_sdio *bus) 3845{ 3846 brcmf_dbg(TRACE, "Enter\n"); 3847 3848 if (bus->ci) { 3849 brcmf_sdbrcm_clkctl(bus, CLK_AVAIL, false); 3850 brcmf_sdbrcm_clkctl(bus, CLK_NONE, false); 3851 brcmf_sdio_chip_detach(&bus->ci); 3852 if (bus->vars && bus->varsz) 3853 kfree(bus->vars); 3854 bus->vars = NULL; 3855 } 3856 3857 brcmf_dbg(TRACE, "Disconnected\n"); 3858} 3859 3860/* Detach and free everything */ 3861static void brcmf_sdbrcm_release(struct brcmf_sdio *bus) 3862{ 3863 brcmf_dbg(TRACE, "Enter\n"); 3864 3865 if (bus) { 3866 /* De-register interrupt handler */ 3867 brcmf_sdcard_intr_dereg(bus->sdiodev); 3868 3869 if (bus->sdiodev->bus_if->drvr) { 3870 brcmf_detach(bus->sdiodev->dev); 3871 brcmf_sdbrcm_release_dongle(bus); 3872 bus->drvr = NULL; 3873 } 3874 3875 brcmf_sdbrcm_release_malloc(bus); 3876 3877 kfree(bus); 3878 } 3879 3880 brcmf_dbg(TRACE, "Disconnected\n"); 3881} 3882 3883void *brcmf_sdbrcm_probe(u32 regsva, struct brcmf_sdio_dev *sdiodev) 3884{ 3885 int ret; 3886 struct brcmf_sdio *bus; 3887 3888 brcmf_dbg(TRACE, "Enter\n"); 3889 3890 /* We make an assumption about address window mappings: 3891 * regsva == SI_ENUM_BASE*/ 3892 3893 /* Allocate private bus interface state */ 3894 bus = kzalloc(sizeof(struct brcmf_sdio), GFP_ATOMIC); 3895 if (!bus) 3896 goto fail; 3897 3898 bus->sdiodev = sdiodev; 3899 sdiodev->bus = bus; 3900 skb_queue_head_init(&bus->glom); 3901 bus->txbound = BRCMF_TXBOUND; 3902 bus->rxbound = BRCMF_RXBOUND; 3903 bus->txminmax = BRCMF_TXMINMAX; 3904 bus->tx_seq = SDPCM_SEQUENCE_WRAP - 1; 3905 bus->usebufpool = false; /* Use bufpool if allocated, 3906 else use locally malloced rxbuf */ 3907 3908 /* attempt to attach to the dongle */ 3909 if (!(brcmf_sdbrcm_probe_attach(bus, regsva))) { 3910 brcmf_dbg(ERROR, "brcmf_sdbrcm_probe_attach failed\n"); 3911 goto fail; 3912 } 3913 3914 spin_lock_init(&bus->txqlock); 3915 init_waitqueue_head(&bus->ctrl_wait); 3916 init_waitqueue_head(&bus->dcmd_resp_wait); 3917 3918 /* Set up the watchdog timer */ 3919 init_timer(&bus->timer); 3920 bus->timer.data = (unsigned long)bus; 3921 bus->timer.function = brcmf_sdbrcm_watchdog; 3922 3923 /* Initialize thread based operation and lock */ 3924 sema_init(&bus->sdsem, 1); 3925 3926 /* Initialize watchdog thread */ 3927 init_completion(&bus->watchdog_wait); 3928 bus->watchdog_tsk = kthread_run(brcmf_sdbrcm_watchdog_thread, 3929 bus, "brcmf_watchdog"); 3930 if (IS_ERR(bus->watchdog_tsk)) { 3931 printk(KERN_WARNING 3932 "brcmf_watchdog thread failed to start\n"); 3933 bus->watchdog_tsk = NULL; 3934 } 3935 /* Initialize DPC thread */ 3936 init_completion(&bus->dpc_wait); 3937 bus->dpc_tsk = kthread_run(brcmf_sdbrcm_dpc_thread, 3938 bus, "brcmf_dpc"); 3939 if (IS_ERR(bus->dpc_tsk)) { 3940 printk(KERN_WARNING 3941 "brcmf_dpc thread failed to start\n"); 3942 bus->dpc_tsk = NULL; 3943 } 3944 3945 /* Attach to the brcmf/OS/network interface */ 3946 bus->drvr = brcmf_attach(bus, SDPCM_RESERVE, bus->sdiodev->dev); 3947 if (!bus->drvr) { 3948 brcmf_dbg(ERROR, "brcmf_attach failed\n"); 3949 goto fail; 3950 } 3951 3952 /* Allocate buffers */ 3953 if (!(brcmf_sdbrcm_probe_malloc(bus))) { 3954 brcmf_dbg(ERROR, "brcmf_sdbrcm_probe_malloc failed\n"); 3955 goto fail; 3956 } 3957 3958 if (!(brcmf_sdbrcm_probe_init(bus))) { 3959 brcmf_dbg(ERROR, "brcmf_sdbrcm_probe_init failed\n"); 3960 goto fail; 3961 } 3962 3963 /* Register interrupt callback, but mask it (not operational yet). */ 3964 brcmf_dbg(INTR, "disable SDIO interrupts (not interested yet)\n"); 3965 ret = brcmf_sdcard_intr_reg(bus->sdiodev); 3966 if (ret != 0) { 3967 brcmf_dbg(ERROR, "FAILED: sdcard_intr_reg returned %d\n", ret); 3968 goto fail; 3969 } 3970 brcmf_dbg(INTR, "registered SDIO interrupt function ok\n"); 3971 3972 brcmf_dbg(INFO, "completed!!\n"); 3973 3974 /* if firmware path present try to download and bring up bus */ 3975 ret = brcmf_bus_start(bus->sdiodev->dev); 3976 if (ret != 0) { 3977 if (ret == -ENOLINK) { 3978 brcmf_dbg(ERROR, "dongle is not responding\n"); 3979 goto fail; 3980 } 3981 } 3982 3983 /* add interface and open for business */ 3984 if (brcmf_add_if(bus->sdiodev->dev, 0, "wlan%d", NULL)) { 3985 brcmf_dbg(ERROR, "Add primary net device interface failed!!\n"); 3986 goto fail; 3987 } 3988 3989 return bus; 3990 3991fail: 3992 brcmf_sdbrcm_release(bus); 3993 return NULL; 3994} 3995 3996void brcmf_sdbrcm_disconnect(void *ptr) 3997{ 3998 struct brcmf_sdio *bus = (struct brcmf_sdio *)ptr; 3999 4000 brcmf_dbg(TRACE, "Enter\n"); 4001 4002 if (bus) 4003 brcmf_sdbrcm_release(bus); 4004 4005 brcmf_dbg(TRACE, "Disconnected\n"); 4006} 4007 4008void 4009brcmf_sdbrcm_wd_timer(struct brcmf_sdio *bus, uint wdtick) 4010{ 4011 /* Totally stop the timer */ 4012 if (!wdtick && bus->wd_timer_valid == true) { 4013 del_timer_sync(&bus->timer); 4014 bus->wd_timer_valid = false; 4015 bus->save_ms = wdtick; 4016 return; 4017 } 4018 4019 /* don't start the wd until fw is loaded */ 4020 if (bus->drvr->bus_if->state == BRCMF_BUS_DOWN) 4021 return; 4022 4023 if (wdtick) { 4024 if (bus->save_ms != BRCMF_WD_POLL_MS) { 4025 if (bus->wd_timer_valid == true) 4026 /* Stop timer and restart at new value */ 4027 del_timer_sync(&bus->timer); 4028 4029 /* Create timer again when watchdog period is 4030 dynamically changed or in the first instance 4031 */ 4032 bus->timer.expires = 4033 jiffies + BRCMF_WD_POLL_MS * HZ / 1000; 4034 add_timer(&bus->timer); 4035 4036 } else { 4037 /* Re arm the timer, at last watchdog period */ 4038 mod_timer(&bus->timer, 4039 jiffies + BRCMF_WD_POLL_MS * HZ / 1000); 4040 } 4041 4042 bus->wd_timer_valid = true; 4043 bus->save_ms = wdtick; 4044 } 4045} 4046