dhd_sdio.c revision 3bba829f63ad776be487005c3a106531a27806f5
1/* 2 * Copyright (c) 2010 Broadcom Corporation 3 * 4 * Permission to use, copy, modify, and/or distribute this software for any 5 * purpose with or without fee is hereby granted, provided that the above 6 * copyright notice and this permission notice appear in all copies. 7 * 8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 11 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION 13 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN 14 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 */ 16 17#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 18 19#include <linux/types.h> 20#include <linux/kernel.h> 21#include <linux/kthread.h> 22#include <linux/printk.h> 23#include <linux/pci_ids.h> 24#include <linux/netdevice.h> 25#include <linux/interrupt.h> 26#include <linux/sched.h> 27#include <linux/mmc/sdio.h> 28#include <linux/mmc/sdio_func.h> 29#include <linux/mmc/card.h> 30#include <linux/semaphore.h> 31#include <linux/firmware.h> 32#include <linux/module.h> 33#include <linux/bcma/bcma.h> 34#include <asm/unaligned.h> 35#include <defs.h> 36#include <brcmu_wifi.h> 37#include <brcmu_utils.h> 38#include <brcm_hw_ids.h> 39#include <soc.h> 40#include "sdio_host.h" 41#include "sdio_chip.h" 42 43#define DCMD_RESP_TIMEOUT 2000 /* In milli second */ 44 45#ifdef DEBUG 46 47#define BRCMF_TRAP_INFO_SIZE 80 48 49#define CBUF_LEN (128) 50 51struct rte_log_le { 52 __le32 buf; /* Can't be pointer on (64-bit) hosts */ 53 __le32 buf_size; 54 __le32 idx; 55 char *_buf_compat; /* Redundant pointer for backward compat. */ 56}; 57 58struct rte_console { 59 /* Virtual UART 60 * When there is no UART (e.g. Quickturn), 61 * the host should write a complete 62 * input line directly into cbuf and then write 63 * the length into vcons_in. 64 * This may also be used when there is a real UART 65 * (at risk of conflicting with 66 * the real UART). vcons_out is currently unused. 67 */ 68 uint vcons_in; 69 uint vcons_out; 70 71 /* Output (logging) buffer 72 * Console output is written to a ring buffer log_buf at index log_idx. 73 * The host may read the output when it sees log_idx advance. 74 * Output will be lost if the output wraps around faster than the host 75 * polls. 76 */ 77 struct rte_log_le log_le; 78 79 /* Console input line buffer 80 * Characters are read one at a time into cbuf 81 * until <CR> is received, then 82 * the buffer is processed as a command line. 83 * Also used for virtual UART. 84 */ 85 uint cbuf_idx; 86 char cbuf[CBUF_LEN]; 87}; 88 89#endif /* DEBUG */ 90#include <chipcommon.h> 91 92#include "dhd_bus.h" 93#include "dhd_dbg.h" 94 95#define TXQLEN 2048 /* bulk tx queue length */ 96#define TXHI (TXQLEN - 256) /* turn on flow control above TXHI */ 97#define TXLOW (TXHI - 256) /* turn off flow control below TXLOW */ 98#define PRIOMASK 7 99 100#define TXRETRIES 2 /* # of retries for tx frames */ 101 102#define BRCMF_RXBOUND 50 /* Default for max rx frames in 103 one scheduling */ 104 105#define BRCMF_TXBOUND 20 /* Default for max tx frames in 106 one scheduling */ 107 108#define BRCMF_TXMINMAX 1 /* Max tx frames if rx still pending */ 109 110#define MEMBLOCK 2048 /* Block size used for downloading 111 of dongle image */ 112#define MAX_DATA_BUF (32 * 1024) /* Must be large enough to hold 113 biggest possible glom */ 114 115#define BRCMF_FIRSTREAD (1 << 6) 116 117 118/* SBSDIO_DEVICE_CTL */ 119 120/* 1: device will assert busy signal when receiving CMD53 */ 121#define SBSDIO_DEVCTL_SETBUSY 0x01 122/* 1: assertion of sdio interrupt is synchronous to the sdio clock */ 123#define SBSDIO_DEVCTL_SPI_INTR_SYNC 0x02 124/* 1: mask all interrupts to host except the chipActive (rev 8) */ 125#define SBSDIO_DEVCTL_CA_INT_ONLY 0x04 126/* 1: isolate internal sdio signals, put external pads in tri-state; requires 127 * sdio bus power cycle to clear (rev 9) */ 128#define SBSDIO_DEVCTL_PADS_ISO 0x08 129/* Force SD->SB reset mapping (rev 11) */ 130#define SBSDIO_DEVCTL_SB_RST_CTL 0x30 131/* Determined by CoreControl bit */ 132#define SBSDIO_DEVCTL_RST_CORECTL 0x00 133/* Force backplane reset */ 134#define SBSDIO_DEVCTL_RST_BPRESET 0x10 135/* Force no backplane reset */ 136#define SBSDIO_DEVCTL_RST_NOBPRESET 0x20 137 138/* direct(mapped) cis space */ 139 140/* MAPPED common CIS address */ 141#define SBSDIO_CIS_BASE_COMMON 0x1000 142/* maximum bytes in one CIS */ 143#define SBSDIO_CIS_SIZE_LIMIT 0x200 144/* cis offset addr is < 17 bits */ 145#define SBSDIO_CIS_OFT_ADDR_MASK 0x1FFFF 146 147/* manfid tuple length, include tuple, link bytes */ 148#define SBSDIO_CIS_MANFID_TUPLE_LEN 6 149 150/* intstatus */ 151#define I_SMB_SW0 (1 << 0) /* To SB Mail S/W interrupt 0 */ 152#define I_SMB_SW1 (1 << 1) /* To SB Mail S/W interrupt 1 */ 153#define I_SMB_SW2 (1 << 2) /* To SB Mail S/W interrupt 2 */ 154#define I_SMB_SW3 (1 << 3) /* To SB Mail S/W interrupt 3 */ 155#define I_SMB_SW_MASK 0x0000000f /* To SB Mail S/W interrupts mask */ 156#define I_SMB_SW_SHIFT 0 /* To SB Mail S/W interrupts shift */ 157#define I_HMB_SW0 (1 << 4) /* To Host Mail S/W interrupt 0 */ 158#define I_HMB_SW1 (1 << 5) /* To Host Mail S/W interrupt 1 */ 159#define I_HMB_SW2 (1 << 6) /* To Host Mail S/W interrupt 2 */ 160#define I_HMB_SW3 (1 << 7) /* To Host Mail S/W interrupt 3 */ 161#define I_HMB_SW_MASK 0x000000f0 /* To Host Mail S/W interrupts mask */ 162#define I_HMB_SW_SHIFT 4 /* To Host Mail S/W interrupts shift */ 163#define I_WR_OOSYNC (1 << 8) /* Write Frame Out Of Sync */ 164#define I_RD_OOSYNC (1 << 9) /* Read Frame Out Of Sync */ 165#define I_PC (1 << 10) /* descriptor error */ 166#define I_PD (1 << 11) /* data error */ 167#define I_DE (1 << 12) /* Descriptor protocol Error */ 168#define I_RU (1 << 13) /* Receive descriptor Underflow */ 169#define I_RO (1 << 14) /* Receive fifo Overflow */ 170#define I_XU (1 << 15) /* Transmit fifo Underflow */ 171#define I_RI (1 << 16) /* Receive Interrupt */ 172#define I_BUSPWR (1 << 17) /* SDIO Bus Power Change (rev 9) */ 173#define I_XMTDATA_AVAIL (1 << 23) /* bits in fifo */ 174#define I_XI (1 << 24) /* Transmit Interrupt */ 175#define I_RF_TERM (1 << 25) /* Read Frame Terminate */ 176#define I_WF_TERM (1 << 26) /* Write Frame Terminate */ 177#define I_PCMCIA_XU (1 << 27) /* PCMCIA Transmit FIFO Underflow */ 178#define I_SBINT (1 << 28) /* sbintstatus Interrupt */ 179#define I_CHIPACTIVE (1 << 29) /* chip from doze to active state */ 180#define I_SRESET (1 << 30) /* CCCR RES interrupt */ 181#define I_IOE2 (1U << 31) /* CCCR IOE2 Bit Changed */ 182#define I_ERRORS (I_PC | I_PD | I_DE | I_RU | I_RO | I_XU) 183#define I_DMA (I_RI | I_XI | I_ERRORS) 184 185/* corecontrol */ 186#define CC_CISRDY (1 << 0) /* CIS Ready */ 187#define CC_BPRESEN (1 << 1) /* CCCR RES signal */ 188#define CC_F2RDY (1 << 2) /* set CCCR IOR2 bit */ 189#define CC_CLRPADSISO (1 << 3) /* clear SDIO pads isolation */ 190#define CC_XMTDATAAVAIL_MODE (1 << 4) 191#define CC_XMTDATAAVAIL_CTRL (1 << 5) 192 193/* SDA_FRAMECTRL */ 194#define SFC_RF_TERM (1 << 0) /* Read Frame Terminate */ 195#define SFC_WF_TERM (1 << 1) /* Write Frame Terminate */ 196#define SFC_CRC4WOOS (1 << 2) /* CRC error for write out of sync */ 197#define SFC_ABORTALL (1 << 3) /* Abort all in-progress frames */ 198 199/* HW frame tag */ 200#define SDPCM_FRAMETAG_LEN 4 /* 2 bytes len, 2 bytes check val */ 201 202/* Total length of frame header for dongle protocol */ 203#define SDPCM_HDRLEN (SDPCM_FRAMETAG_LEN + SDPCM_SWHEADER_LEN) 204#define SDPCM_RESERVE (SDPCM_HDRLEN + BRCMF_SDALIGN) 205 206/* 207 * Software allocation of To SB Mailbox resources 208 */ 209 210/* tosbmailbox bits corresponding to intstatus bits */ 211#define SMB_NAK (1 << 0) /* Frame NAK */ 212#define SMB_INT_ACK (1 << 1) /* Host Interrupt ACK */ 213#define SMB_USE_OOB (1 << 2) /* Use OOB Wakeup */ 214#define SMB_DEV_INT (1 << 3) /* Miscellaneous Interrupt */ 215 216/* tosbmailboxdata */ 217#define SMB_DATA_VERSION_SHIFT 16 /* host protocol version */ 218 219/* 220 * Software allocation of To Host Mailbox resources 221 */ 222 223/* intstatus bits */ 224#define I_HMB_FC_STATE I_HMB_SW0 /* Flow Control State */ 225#define I_HMB_FC_CHANGE I_HMB_SW1 /* Flow Control State Changed */ 226#define I_HMB_FRAME_IND I_HMB_SW2 /* Frame Indication */ 227#define I_HMB_HOST_INT I_HMB_SW3 /* Miscellaneous Interrupt */ 228 229/* tohostmailboxdata */ 230#define HMB_DATA_NAKHANDLED 1 /* retransmit NAK'd frame */ 231#define HMB_DATA_DEVREADY 2 /* talk to host after enable */ 232#define HMB_DATA_FC 4 /* per prio flowcontrol update flag */ 233#define HMB_DATA_FWREADY 8 /* fw ready for protocol activity */ 234 235#define HMB_DATA_FCDATA_MASK 0xff000000 236#define HMB_DATA_FCDATA_SHIFT 24 237 238#define HMB_DATA_VERSION_MASK 0x00ff0000 239#define HMB_DATA_VERSION_SHIFT 16 240 241/* 242 * Software-defined protocol header 243 */ 244 245/* Current protocol version */ 246#define SDPCM_PROT_VERSION 4 247 248/* SW frame header */ 249#define SDPCM_PACKET_SEQUENCE(p) (((u8 *)p)[0] & 0xff) 250 251#define SDPCM_CHANNEL_MASK 0x00000f00 252#define SDPCM_CHANNEL_SHIFT 8 253#define SDPCM_PACKET_CHANNEL(p) (((u8 *)p)[1] & 0x0f) 254 255#define SDPCM_NEXTLEN_OFFSET 2 256 257/* Data Offset from SOF (HW Tag, SW Tag, Pad) */ 258#define SDPCM_DOFFSET_OFFSET 3 /* Data Offset */ 259#define SDPCM_DOFFSET_VALUE(p) (((u8 *)p)[SDPCM_DOFFSET_OFFSET] & 0xff) 260#define SDPCM_DOFFSET_MASK 0xff000000 261#define SDPCM_DOFFSET_SHIFT 24 262#define SDPCM_FCMASK_OFFSET 4 /* Flow control */ 263#define SDPCM_FCMASK_VALUE(p) (((u8 *)p)[SDPCM_FCMASK_OFFSET] & 0xff) 264#define SDPCM_WINDOW_OFFSET 5 /* Credit based fc */ 265#define SDPCM_WINDOW_VALUE(p) (((u8 *)p)[SDPCM_WINDOW_OFFSET] & 0xff) 266 267#define SDPCM_SWHEADER_LEN 8 /* SW header is 64 bits */ 268 269/* logical channel numbers */ 270#define SDPCM_CONTROL_CHANNEL 0 /* Control channel Id */ 271#define SDPCM_EVENT_CHANNEL 1 /* Asyc Event Indication Channel Id */ 272#define SDPCM_DATA_CHANNEL 2 /* Data Xmit/Recv Channel Id */ 273#define SDPCM_GLOM_CHANNEL 3 /* For coalesced packets */ 274#define SDPCM_TEST_CHANNEL 15 /* Reserved for test/debug packets */ 275 276#define SDPCM_SEQUENCE_WRAP 256 /* wrap-around val for 8bit frame seq */ 277 278#define SDPCM_GLOMDESC(p) (((u8 *)p)[1] & 0x80) 279 280/* 281 * Shared structure between dongle and the host. 282 * The structure contains pointers to trap or assert information. 283 */ 284#define SDPCM_SHARED_VERSION 0x0002 285#define SDPCM_SHARED_VERSION_MASK 0x00FF 286#define SDPCM_SHARED_ASSERT_BUILT 0x0100 287#define SDPCM_SHARED_ASSERT 0x0200 288#define SDPCM_SHARED_TRAP 0x0400 289 290/* Space for header read, limit for data packets */ 291#define MAX_HDR_READ (1 << 6) 292#define MAX_RX_DATASZ 2048 293 294/* Maximum milliseconds to wait for F2 to come up */ 295#define BRCMF_WAIT_F2RDY 3000 296 297/* Bump up limit on waiting for HT to account for first startup; 298 * if the image is doing a CRC calculation before programming the PMU 299 * for HT availability, it could take a couple hundred ms more, so 300 * max out at a 1 second (1000000us). 301 */ 302#undef PMU_MAX_TRANSITION_DLY 303#define PMU_MAX_TRANSITION_DLY 1000000 304 305/* Value for ChipClockCSR during initial setup */ 306#define BRCMF_INIT_CLKCTL1 (SBSDIO_FORCE_HW_CLKREQ_OFF | \ 307 SBSDIO_ALP_AVAIL_REQ) 308 309/* Flags for SDH calls */ 310#define F2SYNC (SDIO_REQ_4BYTE | SDIO_REQ_FIXED) 311 312#define BRCMF_SDIO_FW_NAME "brcm/brcmfmac-sdio.bin" 313#define BRCMF_SDIO_NV_NAME "brcm/brcmfmac-sdio.txt" 314MODULE_FIRMWARE(BRCMF_SDIO_FW_NAME); 315MODULE_FIRMWARE(BRCMF_SDIO_NV_NAME); 316 317#define BRCMF_IDLE_IMMEDIATE (-1) /* Enter idle immediately */ 318#define BRCMF_IDLE_ACTIVE 0 /* Do not request any SD clock change 319 * when idle 320 */ 321#define BRCMF_IDLE_INTERVAL 1 322 323/* 324 * Conversion of 802.1D priority to precedence level 325 */ 326static uint prio2prec(u32 prio) 327{ 328 return (prio == PRIO_8021D_NONE || prio == PRIO_8021D_BE) ? 329 (prio^2) : prio; 330} 331 332/* core registers */ 333struct sdpcmd_regs { 334 u32 corecontrol; /* 0x00, rev8 */ 335 u32 corestatus; /* rev8 */ 336 u32 PAD[1]; 337 u32 biststatus; /* rev8 */ 338 339 /* PCMCIA access */ 340 u16 pcmciamesportaladdr; /* 0x010, rev8 */ 341 u16 PAD[1]; 342 u16 pcmciamesportalmask; /* rev8 */ 343 u16 PAD[1]; 344 u16 pcmciawrframebc; /* rev8 */ 345 u16 PAD[1]; 346 u16 pcmciaunderflowtimer; /* rev8 */ 347 u16 PAD[1]; 348 349 /* interrupt */ 350 u32 intstatus; /* 0x020, rev8 */ 351 u32 hostintmask; /* rev8 */ 352 u32 intmask; /* rev8 */ 353 u32 sbintstatus; /* rev8 */ 354 u32 sbintmask; /* rev8 */ 355 u32 funcintmask; /* rev4 */ 356 u32 PAD[2]; 357 u32 tosbmailbox; /* 0x040, rev8 */ 358 u32 tohostmailbox; /* rev8 */ 359 u32 tosbmailboxdata; /* rev8 */ 360 u32 tohostmailboxdata; /* rev8 */ 361 362 /* synchronized access to registers in SDIO clock domain */ 363 u32 sdioaccess; /* 0x050, rev8 */ 364 u32 PAD[3]; 365 366 /* PCMCIA frame control */ 367 u8 pcmciaframectrl; /* 0x060, rev8 */ 368 u8 PAD[3]; 369 u8 pcmciawatermark; /* rev8 */ 370 u8 PAD[155]; 371 372 /* interrupt batching control */ 373 u32 intrcvlazy; /* 0x100, rev8 */ 374 u32 PAD[3]; 375 376 /* counters */ 377 u32 cmd52rd; /* 0x110, rev8 */ 378 u32 cmd52wr; /* rev8 */ 379 u32 cmd53rd; /* rev8 */ 380 u32 cmd53wr; /* rev8 */ 381 u32 abort; /* rev8 */ 382 u32 datacrcerror; /* rev8 */ 383 u32 rdoutofsync; /* rev8 */ 384 u32 wroutofsync; /* rev8 */ 385 u32 writebusy; /* rev8 */ 386 u32 readwait; /* rev8 */ 387 u32 readterm; /* rev8 */ 388 u32 writeterm; /* rev8 */ 389 u32 PAD[40]; 390 u32 clockctlstatus; /* rev8 */ 391 u32 PAD[7]; 392 393 u32 PAD[128]; /* DMA engines */ 394 395 /* SDIO/PCMCIA CIS region */ 396 char cis[512]; /* 0x400-0x5ff, rev6 */ 397 398 /* PCMCIA function control registers */ 399 char pcmciafcr[256]; /* 0x600-6ff, rev6 */ 400 u16 PAD[55]; 401 402 /* PCMCIA backplane access */ 403 u16 backplanecsr; /* 0x76E, rev6 */ 404 u16 backplaneaddr0; /* rev6 */ 405 u16 backplaneaddr1; /* rev6 */ 406 u16 backplaneaddr2; /* rev6 */ 407 u16 backplaneaddr3; /* rev6 */ 408 u16 backplanedata0; /* rev6 */ 409 u16 backplanedata1; /* rev6 */ 410 u16 backplanedata2; /* rev6 */ 411 u16 backplanedata3; /* rev6 */ 412 u16 PAD[31]; 413 414 /* sprom "size" & "blank" info */ 415 u16 spromstatus; /* 0x7BE, rev2 */ 416 u32 PAD[464]; 417 418 u16 PAD[0x80]; 419}; 420 421#ifdef DEBUG 422/* Device console log buffer state */ 423struct brcmf_console { 424 uint count; /* Poll interval msec counter */ 425 uint log_addr; /* Log struct address (fixed) */ 426 struct rte_log_le log_le; /* Log struct (host copy) */ 427 uint bufsize; /* Size of log buffer */ 428 u8 *buf; /* Log buffer (host copy) */ 429 uint last; /* Last buffer read index */ 430}; 431#endif /* DEBUG */ 432 433struct sdpcm_shared { 434 u32 flags; 435 u32 trap_addr; 436 u32 assert_exp_addr; 437 u32 assert_file_addr; 438 u32 assert_line; 439 u32 console_addr; /* Address of struct rte_console */ 440 u32 msgtrace_addr; 441 u8 tag[32]; 442}; 443 444struct sdpcm_shared_le { 445 __le32 flags; 446 __le32 trap_addr; 447 __le32 assert_exp_addr; 448 __le32 assert_file_addr; 449 __le32 assert_line; 450 __le32 console_addr; /* Address of struct rte_console */ 451 __le32 msgtrace_addr; 452 u8 tag[32]; 453}; 454 455 456/* misc chip info needed by some of the routines */ 457/* Private data for SDIO bus interaction */ 458struct brcmf_sdio { 459 struct brcmf_sdio_dev *sdiodev; /* sdio device handler */ 460 struct chip_info *ci; /* Chip info struct */ 461 char *vars; /* Variables (from CIS and/or other) */ 462 uint varsz; /* Size of variables buffer */ 463 464 u32 ramsize; /* Size of RAM in SOCRAM (bytes) */ 465 466 u32 hostintmask; /* Copy of Host Interrupt Mask */ 467 u32 intstatus; /* Intstatus bits (events) pending */ 468 bool dpc_sched; /* Indicates DPC schedule (intrpt rcvd) */ 469 bool fcstate; /* State of dongle flow-control */ 470 471 uint blocksize; /* Block size of SDIO transfers */ 472 uint roundup; /* Max roundup limit */ 473 474 struct pktq txq; /* Queue length used for flow-control */ 475 u8 flowcontrol; /* per prio flow control bitmask */ 476 u8 tx_seq; /* Transmit sequence number (next) */ 477 u8 tx_max; /* Maximum transmit sequence allowed */ 478 479 u8 hdrbuf[MAX_HDR_READ + BRCMF_SDALIGN]; 480 u8 *rxhdr; /* Header of current rx frame (in hdrbuf) */ 481 u16 nextlen; /* Next Read Len from last header */ 482 u8 rx_seq; /* Receive sequence number (expected) */ 483 bool rxskip; /* Skip receive (awaiting NAK ACK) */ 484 485 uint rxbound; /* Rx frames to read before resched */ 486 uint txbound; /* Tx frames to send before resched */ 487 uint txminmax; 488 489 struct sk_buff *glomd; /* Packet containing glomming descriptor */ 490 struct sk_buff_head glom; /* Packet list for glommed superframe */ 491 uint glomerr; /* Glom packet read errors */ 492 493 u8 *rxbuf; /* Buffer for receiving control packets */ 494 uint rxblen; /* Allocated length of rxbuf */ 495 u8 *rxctl; /* Aligned pointer into rxbuf */ 496 u8 *databuf; /* Buffer for receiving big glom packet */ 497 u8 *dataptr; /* Aligned pointer into databuf */ 498 uint rxlen; /* Length of valid data in buffer */ 499 500 u8 sdpcm_ver; /* Bus protocol reported by dongle */ 501 502 bool intr; /* Use interrupts */ 503 bool poll; /* Use polling */ 504 bool ipend; /* Device interrupt is pending */ 505 uint intrcount; /* Count of device interrupt callbacks */ 506 uint lastintrs; /* Count as of last watchdog timer */ 507 uint spurious; /* Count of spurious interrupts */ 508 uint pollrate; /* Ticks between device polls */ 509 uint polltick; /* Tick counter */ 510 uint pollcnt; /* Count of active polls */ 511 512#ifdef DEBUG 513 uint console_interval; 514 struct brcmf_console console; /* Console output polling support */ 515 uint console_addr; /* Console address from shared struct */ 516#endif /* DEBUG */ 517 518 uint regfails; /* Count of R_REG failures */ 519 520 uint clkstate; /* State of sd and backplane clock(s) */ 521 bool activity; /* Activity flag for clock down */ 522 s32 idletime; /* Control for activity timeout */ 523 s32 idlecount; /* Activity timeout counter */ 524 s32 idleclock; /* How to set bus driver when idle */ 525 s32 sd_rxchain; 526 bool use_rxchain; /* If brcmf should use PKT chains */ 527 bool sleeping; /* Is SDIO bus sleeping? */ 528 bool rxflow_mode; /* Rx flow control mode */ 529 bool rxflow; /* Is rx flow control on */ 530 bool alp_only; /* Don't use HT clock (ALP only) */ 531/* Field to decide if rx of control frames happen in rxbuf or lb-pool */ 532 bool usebufpool; 533 534 /* Some additional counters */ 535 uint tx_sderrs; /* Count of tx attempts with sd errors */ 536 uint fcqueued; /* Tx packets that got queued */ 537 uint rxrtx; /* Count of rtx requests (NAK to dongle) */ 538 uint rx_toolong; /* Receive frames too long to receive */ 539 uint rxc_errors; /* SDIO errors when reading control frames */ 540 uint rx_hdrfail; /* SDIO errors on header reads */ 541 uint rx_badhdr; /* Bad received headers (roosync?) */ 542 uint rx_badseq; /* Mismatched rx sequence number */ 543 uint fc_rcvd; /* Number of flow-control events received */ 544 uint fc_xoff; /* Number which turned on flow-control */ 545 uint fc_xon; /* Number which turned off flow-control */ 546 uint rxglomfail; /* Failed deglom attempts */ 547 uint rxglomframes; /* Number of glom frames (superframes) */ 548 uint rxglompkts; /* Number of packets from glom frames */ 549 uint f2rxhdrs; /* Number of header reads */ 550 uint f2rxdata; /* Number of frame data reads */ 551 uint f2txdata; /* Number of f2 frame writes */ 552 uint f1regdata; /* Number of f1 register accesses */ 553 uint tickcnt; /* Number of watchdog been schedule */ 554 unsigned long tx_ctlerrs; /* Err of sending ctrl frames */ 555 unsigned long tx_ctlpkts; /* Ctrl frames sent to dongle */ 556 unsigned long rx_ctlerrs; /* Err of processing rx ctrl frames */ 557 unsigned long rx_ctlpkts; /* Ctrl frames processed from dongle */ 558 unsigned long rx_readahead_cnt; /* Number of packets where header 559 * read-ahead was used. */ 560 561 u8 *ctrl_frame_buf; 562 u32 ctrl_frame_len; 563 bool ctrl_frame_stat; 564 565 spinlock_t txqlock; 566 wait_queue_head_t ctrl_wait; 567 wait_queue_head_t dcmd_resp_wait; 568 569 struct timer_list timer; 570 struct completion watchdog_wait; 571 struct task_struct *watchdog_tsk; 572 bool wd_timer_valid; 573 uint save_ms; 574 575 struct task_struct *dpc_tsk; 576 struct completion dpc_wait; 577 struct list_head dpc_tsklst; 578 spinlock_t dpc_tl_lock; 579 580 struct semaphore sdsem; 581 582 const struct firmware *firmware; 583 u32 fw_ptr; 584 585 bool txoff; /* Transmit flow-controlled */ 586}; 587 588/* clkstate */ 589#define CLK_NONE 0 590#define CLK_SDONLY 1 591#define CLK_PENDING 2 /* Not used yet */ 592#define CLK_AVAIL 3 593 594#ifdef DEBUG 595static int qcount[NUMPRIO]; 596static int tx_packets[NUMPRIO]; 597#endif /* DEBUG */ 598 599#define SDIO_DRIVE_STRENGTH 6 /* in milliamps */ 600 601#define RETRYCHAN(chan) ((chan) == SDPCM_EVENT_CHANNEL) 602 603/* Retry count for register access failures */ 604static const uint retry_limit = 2; 605 606/* Limit on rounding up frames */ 607static const uint max_roundup = 512; 608 609#define ALIGNMENT 4 610 611static void pkt_align(struct sk_buff *p, int len, int align) 612{ 613 uint datalign; 614 datalign = (unsigned long)(p->data); 615 datalign = roundup(datalign, (align)) - datalign; 616 if (datalign) 617 skb_pull(p, datalign); 618 __skb_trim(p, len); 619} 620 621/* To check if there's window offered */ 622static bool data_ok(struct brcmf_sdio *bus) 623{ 624 return (u8)(bus->tx_max - bus->tx_seq) != 0 && 625 ((u8)(bus->tx_max - bus->tx_seq) & 0x80) == 0; 626} 627 628/* 629 * Reads a register in the SDIO hardware block. This block occupies a series of 630 * adresses on the 32 bit backplane bus. 631 */ 632static void 633r_sdreg32(struct brcmf_sdio *bus, u32 *regvar, u32 reg_offset, u32 *retryvar) 634{ 635 u8 idx = brcmf_sdio_chip_getinfidx(bus->ci, BCMA_CORE_SDIO_DEV); 636 *retryvar = 0; 637 do { 638 *regvar = brcmf_sdcard_reg_read(bus->sdiodev, 639 bus->ci->c_inf[idx].base + reg_offset); 640 } while (brcmf_sdcard_regfail(bus->sdiodev) && 641 (++(*retryvar) <= retry_limit)); 642 if (*retryvar) { 643 bus->regfails += (*retryvar-1); 644 if (*retryvar > retry_limit) { 645 brcmf_dbg(ERROR, "FAILED READ %Xh\n", reg_offset); 646 *regvar = 0; 647 } 648 } 649} 650 651static void 652w_sdreg32(struct brcmf_sdio *bus, u32 regval, u32 reg_offset, u32 *retryvar) 653{ 654 u8 idx = brcmf_sdio_chip_getinfidx(bus->ci, BCMA_CORE_SDIO_DEV); 655 *retryvar = 0; 656 do { 657 brcmf_sdcard_reg_write(bus->sdiodev, 658 bus->ci->c_inf[idx].base + reg_offset, 659 regval); 660 } while (brcmf_sdcard_regfail(bus->sdiodev) && 661 (++(*retryvar) <= retry_limit)); 662 if (*retryvar) { 663 bus->regfails += (*retryvar-1); 664 if (*retryvar > retry_limit) 665 brcmf_dbg(ERROR, "FAILED REGISTER WRITE %Xh\n", 666 reg_offset); 667 } 668} 669 670#define PKT_AVAILABLE() (intstatus & I_HMB_FRAME_IND) 671 672#define HOSTINTMASK (I_HMB_SW_MASK | I_CHIPACTIVE) 673 674/* Packet free applicable unconditionally for sdio and sdspi. 675 * Conditional if bufpool was present for gspi bus. 676 */ 677static void brcmf_sdbrcm_pktfree2(struct brcmf_sdio *bus, struct sk_buff *pkt) 678{ 679 if (bus->usebufpool) 680 brcmu_pkt_buf_free_skb(pkt); 681} 682 683/* Turn backplane clock on or off */ 684static int brcmf_sdbrcm_htclk(struct brcmf_sdio *bus, bool on, bool pendok) 685{ 686 int err; 687 u8 clkctl, clkreq, devctl; 688 unsigned long timeout; 689 690 brcmf_dbg(TRACE, "Enter\n"); 691 692 clkctl = 0; 693 694 if (on) { 695 /* Request HT Avail */ 696 clkreq = 697 bus->alp_only ? SBSDIO_ALP_AVAIL_REQ : SBSDIO_HT_AVAIL_REQ; 698 699 brcmf_sdio_regwb(bus->sdiodev, SBSDIO_FUNC1_CHIPCLKCSR, 700 clkreq, &err); 701 if (err) { 702 brcmf_dbg(ERROR, "HT Avail request error: %d\n", err); 703 return -EBADE; 704 } 705 706 /* Check current status */ 707 clkctl = brcmf_sdio_regrb(bus->sdiodev, 708 SBSDIO_FUNC1_CHIPCLKCSR, &err); 709 if (err) { 710 brcmf_dbg(ERROR, "HT Avail read error: %d\n", err); 711 return -EBADE; 712 } 713 714 /* Go to pending and await interrupt if appropriate */ 715 if (!SBSDIO_CLKAV(clkctl, bus->alp_only) && pendok) { 716 /* Allow only clock-available interrupt */ 717 devctl = brcmf_sdio_regrb(bus->sdiodev, 718 SBSDIO_DEVICE_CTL, &err); 719 if (err) { 720 brcmf_dbg(ERROR, "Devctl error setting CA: %d\n", 721 err); 722 return -EBADE; 723 } 724 725 devctl |= SBSDIO_DEVCTL_CA_INT_ONLY; 726 brcmf_sdio_regwb(bus->sdiodev, SBSDIO_DEVICE_CTL, 727 devctl, &err); 728 brcmf_dbg(INFO, "CLKCTL: set PENDING\n"); 729 bus->clkstate = CLK_PENDING; 730 731 return 0; 732 } else if (bus->clkstate == CLK_PENDING) { 733 /* Cancel CA-only interrupt filter */ 734 devctl = brcmf_sdio_regrb(bus->sdiodev, 735 SBSDIO_DEVICE_CTL, &err); 736 devctl &= ~SBSDIO_DEVCTL_CA_INT_ONLY; 737 brcmf_sdio_regwb(bus->sdiodev, SBSDIO_DEVICE_CTL, 738 devctl, &err); 739 } 740 741 /* Otherwise, wait here (polling) for HT Avail */ 742 timeout = jiffies + 743 msecs_to_jiffies(PMU_MAX_TRANSITION_DLY/1000); 744 while (!SBSDIO_CLKAV(clkctl, bus->alp_only)) { 745 clkctl = brcmf_sdio_regrb(bus->sdiodev, 746 SBSDIO_FUNC1_CHIPCLKCSR, 747 &err); 748 if (time_after(jiffies, timeout)) 749 break; 750 else 751 usleep_range(5000, 10000); 752 } 753 if (err) { 754 brcmf_dbg(ERROR, "HT Avail request error: %d\n", err); 755 return -EBADE; 756 } 757 if (!SBSDIO_CLKAV(clkctl, bus->alp_only)) { 758 brcmf_dbg(ERROR, "HT Avail timeout (%d): clkctl 0x%02x\n", 759 PMU_MAX_TRANSITION_DLY, clkctl); 760 return -EBADE; 761 } 762 763 /* Mark clock available */ 764 bus->clkstate = CLK_AVAIL; 765 brcmf_dbg(INFO, "CLKCTL: turned ON\n"); 766 767#if defined(DEBUG) 768 if (!bus->alp_only) { 769 if (SBSDIO_ALPONLY(clkctl)) 770 brcmf_dbg(ERROR, "HT Clock should be on\n"); 771 } 772#endif /* defined (DEBUG) */ 773 774 bus->activity = true; 775 } else { 776 clkreq = 0; 777 778 if (bus->clkstate == CLK_PENDING) { 779 /* Cancel CA-only interrupt filter */ 780 devctl = brcmf_sdio_regrb(bus->sdiodev, 781 SBSDIO_DEVICE_CTL, &err); 782 devctl &= ~SBSDIO_DEVCTL_CA_INT_ONLY; 783 brcmf_sdio_regwb(bus->sdiodev, SBSDIO_DEVICE_CTL, 784 devctl, &err); 785 } 786 787 bus->clkstate = CLK_SDONLY; 788 brcmf_sdio_regwb(bus->sdiodev, SBSDIO_FUNC1_CHIPCLKCSR, 789 clkreq, &err); 790 brcmf_dbg(INFO, "CLKCTL: turned OFF\n"); 791 if (err) { 792 brcmf_dbg(ERROR, "Failed access turning clock off: %d\n", 793 err); 794 return -EBADE; 795 } 796 } 797 return 0; 798} 799 800/* Change idle/active SD state */ 801static int brcmf_sdbrcm_sdclk(struct brcmf_sdio *bus, bool on) 802{ 803 brcmf_dbg(TRACE, "Enter\n"); 804 805 if (on) 806 bus->clkstate = CLK_SDONLY; 807 else 808 bus->clkstate = CLK_NONE; 809 810 return 0; 811} 812 813/* Transition SD and backplane clock readiness */ 814static int brcmf_sdbrcm_clkctl(struct brcmf_sdio *bus, uint target, bool pendok) 815{ 816#ifdef DEBUG 817 uint oldstate = bus->clkstate; 818#endif /* DEBUG */ 819 820 brcmf_dbg(TRACE, "Enter\n"); 821 822 /* Early exit if we're already there */ 823 if (bus->clkstate == target) { 824 if (target == CLK_AVAIL) { 825 brcmf_sdbrcm_wd_timer(bus, BRCMF_WD_POLL_MS); 826 bus->activity = true; 827 } 828 return 0; 829 } 830 831 switch (target) { 832 case CLK_AVAIL: 833 /* Make sure SD clock is available */ 834 if (bus->clkstate == CLK_NONE) 835 brcmf_sdbrcm_sdclk(bus, true); 836 /* Now request HT Avail on the backplane */ 837 brcmf_sdbrcm_htclk(bus, true, pendok); 838 brcmf_sdbrcm_wd_timer(bus, BRCMF_WD_POLL_MS); 839 bus->activity = true; 840 break; 841 842 case CLK_SDONLY: 843 /* Remove HT request, or bring up SD clock */ 844 if (bus->clkstate == CLK_NONE) 845 brcmf_sdbrcm_sdclk(bus, true); 846 else if (bus->clkstate == CLK_AVAIL) 847 brcmf_sdbrcm_htclk(bus, false, false); 848 else 849 brcmf_dbg(ERROR, "request for %d -> %d\n", 850 bus->clkstate, target); 851 brcmf_sdbrcm_wd_timer(bus, BRCMF_WD_POLL_MS); 852 break; 853 854 case CLK_NONE: 855 /* Make sure to remove HT request */ 856 if (bus->clkstate == CLK_AVAIL) 857 brcmf_sdbrcm_htclk(bus, false, false); 858 /* Now remove the SD clock */ 859 brcmf_sdbrcm_sdclk(bus, false); 860 brcmf_sdbrcm_wd_timer(bus, 0); 861 break; 862 } 863#ifdef DEBUG 864 brcmf_dbg(INFO, "%d -> %d\n", oldstate, bus->clkstate); 865#endif /* DEBUG */ 866 867 return 0; 868} 869 870static int brcmf_sdbrcm_bussleep(struct brcmf_sdio *bus, bool sleep) 871{ 872 uint retries = 0; 873 874 brcmf_dbg(INFO, "request %s (currently %s)\n", 875 sleep ? "SLEEP" : "WAKE", 876 bus->sleeping ? "SLEEP" : "WAKE"); 877 878 /* Done if we're already in the requested state */ 879 if (sleep == bus->sleeping) 880 return 0; 881 882 /* Going to sleep: set the alarm and turn off the lights... */ 883 if (sleep) { 884 /* Don't sleep if something is pending */ 885 if (bus->dpc_sched || bus->rxskip || pktq_len(&bus->txq)) 886 return -EBUSY; 887 888 /* Make sure the controller has the bus up */ 889 brcmf_sdbrcm_clkctl(bus, CLK_AVAIL, false); 890 891 /* Tell device to start using OOB wakeup */ 892 w_sdreg32(bus, SMB_USE_OOB, 893 offsetof(struct sdpcmd_regs, tosbmailbox), &retries); 894 if (retries > retry_limit) 895 brcmf_dbg(ERROR, "CANNOT SIGNAL CHIP, WILL NOT WAKE UP!!\n"); 896 897 /* Turn off our contribution to the HT clock request */ 898 brcmf_sdbrcm_clkctl(bus, CLK_SDONLY, false); 899 900 brcmf_sdio_regwb(bus->sdiodev, SBSDIO_FUNC1_CHIPCLKCSR, 901 SBSDIO_FORCE_HW_CLKREQ_OFF, NULL); 902 903 /* Isolate the bus */ 904 brcmf_sdio_regwb(bus->sdiodev, SBSDIO_DEVICE_CTL, 905 SBSDIO_DEVCTL_PADS_ISO, NULL); 906 907 /* Change state */ 908 bus->sleeping = true; 909 910 } else { 911 /* Waking up: bus power up is ok, set local state */ 912 913 brcmf_sdio_regwb(bus->sdiodev, SBSDIO_FUNC1_CHIPCLKCSR, 914 0, NULL); 915 916 /* Make sure the controller has the bus up */ 917 brcmf_sdbrcm_clkctl(bus, CLK_AVAIL, false); 918 919 /* Send misc interrupt to indicate OOB not needed */ 920 w_sdreg32(bus, 0, offsetof(struct sdpcmd_regs, tosbmailboxdata), 921 &retries); 922 if (retries <= retry_limit) 923 w_sdreg32(bus, SMB_DEV_INT, 924 offsetof(struct sdpcmd_regs, tosbmailbox), 925 &retries); 926 927 if (retries > retry_limit) 928 brcmf_dbg(ERROR, "CANNOT SIGNAL CHIP TO CLEAR OOB!!\n"); 929 930 /* Make sure we have SD bus access */ 931 brcmf_sdbrcm_clkctl(bus, CLK_SDONLY, false); 932 933 /* Change state */ 934 bus->sleeping = false; 935 } 936 937 return 0; 938} 939 940static void bus_wake(struct brcmf_sdio *bus) 941{ 942 if (bus->sleeping) 943 brcmf_sdbrcm_bussleep(bus, false); 944} 945 946static u32 brcmf_sdbrcm_hostmail(struct brcmf_sdio *bus) 947{ 948 u32 intstatus = 0; 949 u32 hmb_data; 950 u8 fcbits; 951 uint retries = 0; 952 953 brcmf_dbg(TRACE, "Enter\n"); 954 955 /* Read mailbox data and ack that we did so */ 956 r_sdreg32(bus, &hmb_data, 957 offsetof(struct sdpcmd_regs, tohostmailboxdata), &retries); 958 959 if (retries <= retry_limit) 960 w_sdreg32(bus, SMB_INT_ACK, 961 offsetof(struct sdpcmd_regs, tosbmailbox), &retries); 962 bus->f1regdata += 2; 963 964 /* Dongle recomposed rx frames, accept them again */ 965 if (hmb_data & HMB_DATA_NAKHANDLED) { 966 brcmf_dbg(INFO, "Dongle reports NAK handled, expect rtx of %d\n", 967 bus->rx_seq); 968 if (!bus->rxskip) 969 brcmf_dbg(ERROR, "unexpected NAKHANDLED!\n"); 970 971 bus->rxskip = false; 972 intstatus |= I_HMB_FRAME_IND; 973 } 974 975 /* 976 * DEVREADY does not occur with gSPI. 977 */ 978 if (hmb_data & (HMB_DATA_DEVREADY | HMB_DATA_FWREADY)) { 979 bus->sdpcm_ver = 980 (hmb_data & HMB_DATA_VERSION_MASK) >> 981 HMB_DATA_VERSION_SHIFT; 982 if (bus->sdpcm_ver != SDPCM_PROT_VERSION) 983 brcmf_dbg(ERROR, "Version mismatch, dongle reports %d, " 984 "expecting %d\n", 985 bus->sdpcm_ver, SDPCM_PROT_VERSION); 986 else 987 brcmf_dbg(INFO, "Dongle ready, protocol version %d\n", 988 bus->sdpcm_ver); 989 } 990 991 /* 992 * Flow Control has been moved into the RX headers and this out of band 993 * method isn't used any more. 994 * remaining backward compatible with older dongles. 995 */ 996 if (hmb_data & HMB_DATA_FC) { 997 fcbits = (hmb_data & HMB_DATA_FCDATA_MASK) >> 998 HMB_DATA_FCDATA_SHIFT; 999 1000 if (fcbits & ~bus->flowcontrol) 1001 bus->fc_xoff++; 1002 1003 if (bus->flowcontrol & ~fcbits) 1004 bus->fc_xon++; 1005 1006 bus->fc_rcvd++; 1007 bus->flowcontrol = fcbits; 1008 } 1009 1010 /* Shouldn't be any others */ 1011 if (hmb_data & ~(HMB_DATA_DEVREADY | 1012 HMB_DATA_NAKHANDLED | 1013 HMB_DATA_FC | 1014 HMB_DATA_FWREADY | 1015 HMB_DATA_FCDATA_MASK | HMB_DATA_VERSION_MASK)) 1016 brcmf_dbg(ERROR, "Unknown mailbox data content: 0x%02x\n", 1017 hmb_data); 1018 1019 return intstatus; 1020} 1021 1022static void brcmf_sdbrcm_rxfail(struct brcmf_sdio *bus, bool abort, bool rtx) 1023{ 1024 uint retries = 0; 1025 u16 lastrbc; 1026 u8 hi, lo; 1027 int err; 1028 1029 brcmf_dbg(ERROR, "%sterminate frame%s\n", 1030 abort ? "abort command, " : "", 1031 rtx ? ", send NAK" : ""); 1032 1033 if (abort) 1034 brcmf_sdcard_abort(bus->sdiodev, SDIO_FUNC_2); 1035 1036 brcmf_sdio_regwb(bus->sdiodev, SBSDIO_FUNC1_FRAMECTRL, 1037 SFC_RF_TERM, &err); 1038 bus->f1regdata++; 1039 1040 /* Wait until the packet has been flushed (device/FIFO stable) */ 1041 for (lastrbc = retries = 0xffff; retries > 0; retries--) { 1042 hi = brcmf_sdio_regrb(bus->sdiodev, 1043 SBSDIO_FUNC1_RFRAMEBCHI, NULL); 1044 lo = brcmf_sdio_regrb(bus->sdiodev, 1045 SBSDIO_FUNC1_RFRAMEBCLO, NULL); 1046 bus->f1regdata += 2; 1047 1048 if ((hi == 0) && (lo == 0)) 1049 break; 1050 1051 if ((hi > (lastrbc >> 8)) && (lo > (lastrbc & 0x00ff))) { 1052 brcmf_dbg(ERROR, "count growing: last 0x%04x now 0x%04x\n", 1053 lastrbc, (hi << 8) + lo); 1054 } 1055 lastrbc = (hi << 8) + lo; 1056 } 1057 1058 if (!retries) 1059 brcmf_dbg(ERROR, "count never zeroed: last 0x%04x\n", lastrbc); 1060 else 1061 brcmf_dbg(INFO, "flush took %d iterations\n", 0xffff - retries); 1062 1063 if (rtx) { 1064 bus->rxrtx++; 1065 w_sdreg32(bus, SMB_NAK, 1066 offsetof(struct sdpcmd_regs, tosbmailbox), &retries); 1067 1068 bus->f1regdata++; 1069 if (retries <= retry_limit) 1070 bus->rxskip = true; 1071 } 1072 1073 /* Clear partial in any case */ 1074 bus->nextlen = 0; 1075 1076 /* If we can't reach the device, signal failure */ 1077 if (err || brcmf_sdcard_regfail(bus->sdiodev)) 1078 bus->sdiodev->bus_if->state = BRCMF_BUS_DOWN; 1079} 1080 1081/* copy a buffer into a pkt buffer chain */ 1082static uint brcmf_sdbrcm_glom_from_buf(struct brcmf_sdio *bus, uint len) 1083{ 1084 uint n, ret = 0; 1085 struct sk_buff *p; 1086 u8 *buf; 1087 1088 buf = bus->dataptr; 1089 1090 /* copy the data */ 1091 skb_queue_walk(&bus->glom, p) { 1092 n = min_t(uint, p->len, len); 1093 memcpy(p->data, buf, n); 1094 buf += n; 1095 len -= n; 1096 ret += n; 1097 if (!len) 1098 break; 1099 } 1100 1101 return ret; 1102} 1103 1104/* return total length of buffer chain */ 1105static uint brcmf_sdbrcm_glom_len(struct brcmf_sdio *bus) 1106{ 1107 struct sk_buff *p; 1108 uint total; 1109 1110 total = 0; 1111 skb_queue_walk(&bus->glom, p) 1112 total += p->len; 1113 return total; 1114} 1115 1116static void brcmf_sdbrcm_free_glom(struct brcmf_sdio *bus) 1117{ 1118 struct sk_buff *cur, *next; 1119 1120 skb_queue_walk_safe(&bus->glom, cur, next) { 1121 skb_unlink(cur, &bus->glom); 1122 brcmu_pkt_buf_free_skb(cur); 1123 } 1124} 1125 1126static u8 brcmf_sdbrcm_rxglom(struct brcmf_sdio *bus, u8 rxseq) 1127{ 1128 u16 dlen, totlen; 1129 u8 *dptr, num = 0; 1130 1131 u16 sublen, check; 1132 struct sk_buff *pfirst, *pnext; 1133 1134 int errcode; 1135 u8 chan, seq, doff, sfdoff; 1136 u8 txmax; 1137 1138 int ifidx = 0; 1139 bool usechain = bus->use_rxchain; 1140 1141 /* If packets, issue read(s) and send up packet chain */ 1142 /* Return sequence numbers consumed? */ 1143 1144 brcmf_dbg(TRACE, "start: glomd %p glom %p\n", 1145 bus->glomd, skb_peek(&bus->glom)); 1146 1147 /* If there's a descriptor, generate the packet chain */ 1148 if (bus->glomd) { 1149 pfirst = pnext = NULL; 1150 dlen = (u16) (bus->glomd->len); 1151 dptr = bus->glomd->data; 1152 if (!dlen || (dlen & 1)) { 1153 brcmf_dbg(ERROR, "bad glomd len(%d), ignore descriptor\n", 1154 dlen); 1155 dlen = 0; 1156 } 1157 1158 for (totlen = num = 0; dlen; num++) { 1159 /* Get (and move past) next length */ 1160 sublen = get_unaligned_le16(dptr); 1161 dlen -= sizeof(u16); 1162 dptr += sizeof(u16); 1163 if ((sublen < SDPCM_HDRLEN) || 1164 ((num == 0) && (sublen < (2 * SDPCM_HDRLEN)))) { 1165 brcmf_dbg(ERROR, "descriptor len %d bad: %d\n", 1166 num, sublen); 1167 pnext = NULL; 1168 break; 1169 } 1170 if (sublen % BRCMF_SDALIGN) { 1171 brcmf_dbg(ERROR, "sublen %d not multiple of %d\n", 1172 sublen, BRCMF_SDALIGN); 1173 usechain = false; 1174 } 1175 totlen += sublen; 1176 1177 /* For last frame, adjust read len so total 1178 is a block multiple */ 1179 if (!dlen) { 1180 sublen += 1181 (roundup(totlen, bus->blocksize) - totlen); 1182 totlen = roundup(totlen, bus->blocksize); 1183 } 1184 1185 /* Allocate/chain packet for next subframe */ 1186 pnext = brcmu_pkt_buf_get_skb(sublen + BRCMF_SDALIGN); 1187 if (pnext == NULL) { 1188 brcmf_dbg(ERROR, "bcm_pkt_buf_get_skb failed, num %d len %d\n", 1189 num, sublen); 1190 break; 1191 } 1192 skb_queue_tail(&bus->glom, pnext); 1193 1194 /* Adhere to start alignment requirements */ 1195 pkt_align(pnext, sublen, BRCMF_SDALIGN); 1196 } 1197 1198 /* If all allocations succeeded, save packet chain 1199 in bus structure */ 1200 if (pnext) { 1201 brcmf_dbg(GLOM, "allocated %d-byte packet chain for %d subframes\n", 1202 totlen, num); 1203 if (BRCMF_GLOM_ON() && bus->nextlen && 1204 totlen != bus->nextlen) { 1205 brcmf_dbg(GLOM, "glomdesc mismatch: nextlen %d glomdesc %d rxseq %d\n", 1206 bus->nextlen, totlen, rxseq); 1207 } 1208 pfirst = pnext = NULL; 1209 } else { 1210 brcmf_sdbrcm_free_glom(bus); 1211 num = 0; 1212 } 1213 1214 /* Done with descriptor packet */ 1215 brcmu_pkt_buf_free_skb(bus->glomd); 1216 bus->glomd = NULL; 1217 bus->nextlen = 0; 1218 } 1219 1220 /* Ok -- either we just generated a packet chain, 1221 or had one from before */ 1222 if (!skb_queue_empty(&bus->glom)) { 1223 if (BRCMF_GLOM_ON()) { 1224 brcmf_dbg(GLOM, "try superframe read, packet chain:\n"); 1225 skb_queue_walk(&bus->glom, pnext) { 1226 brcmf_dbg(GLOM, " %p: %p len 0x%04x (%d)\n", 1227 pnext, (u8 *) (pnext->data), 1228 pnext->len, pnext->len); 1229 } 1230 } 1231 1232 pfirst = skb_peek(&bus->glom); 1233 dlen = (u16) brcmf_sdbrcm_glom_len(bus); 1234 1235 /* Do an SDIO read for the superframe. Configurable iovar to 1236 * read directly into the chained packet, or allocate a large 1237 * packet and and copy into the chain. 1238 */ 1239 if (usechain) { 1240 errcode = brcmf_sdcard_recv_chain(bus->sdiodev, 1241 bus->sdiodev->sbwad, 1242 SDIO_FUNC_2, F2SYNC, &bus->glom); 1243 } else if (bus->dataptr) { 1244 errcode = brcmf_sdcard_recv_buf(bus->sdiodev, 1245 bus->sdiodev->sbwad, 1246 SDIO_FUNC_2, F2SYNC, 1247 bus->dataptr, dlen); 1248 sublen = (u16) brcmf_sdbrcm_glom_from_buf(bus, dlen); 1249 if (sublen != dlen) { 1250 brcmf_dbg(ERROR, "FAILED TO COPY, dlen %d sublen %d\n", 1251 dlen, sublen); 1252 errcode = -1; 1253 } 1254 pnext = NULL; 1255 } else { 1256 brcmf_dbg(ERROR, "COULDN'T ALLOC %d-BYTE GLOM, FORCE FAILURE\n", 1257 dlen); 1258 errcode = -1; 1259 } 1260 bus->f2rxdata++; 1261 1262 /* On failure, kill the superframe, allow a couple retries */ 1263 if (errcode < 0) { 1264 brcmf_dbg(ERROR, "glom read of %d bytes failed: %d\n", 1265 dlen, errcode); 1266 bus->sdiodev->bus_if->dstats.rx_errors++; 1267 1268 if (bus->glomerr++ < 3) { 1269 brcmf_sdbrcm_rxfail(bus, true, true); 1270 } else { 1271 bus->glomerr = 0; 1272 brcmf_sdbrcm_rxfail(bus, true, false); 1273 bus->rxglomfail++; 1274 brcmf_sdbrcm_free_glom(bus); 1275 } 1276 return 0; 1277 } 1278 1279 brcmf_dbg_hex_dump(BRCMF_GLOM_ON(), 1280 pfirst->data, min_t(int, pfirst->len, 48), 1281 "SUPERFRAME:\n"); 1282 1283 /* Validate the superframe header */ 1284 dptr = (u8 *) (pfirst->data); 1285 sublen = get_unaligned_le16(dptr); 1286 check = get_unaligned_le16(dptr + sizeof(u16)); 1287 1288 chan = SDPCM_PACKET_CHANNEL(&dptr[SDPCM_FRAMETAG_LEN]); 1289 seq = SDPCM_PACKET_SEQUENCE(&dptr[SDPCM_FRAMETAG_LEN]); 1290 bus->nextlen = dptr[SDPCM_FRAMETAG_LEN + SDPCM_NEXTLEN_OFFSET]; 1291 if ((bus->nextlen << 4) > MAX_RX_DATASZ) { 1292 brcmf_dbg(INFO, "nextlen too large (%d) seq %d\n", 1293 bus->nextlen, seq); 1294 bus->nextlen = 0; 1295 } 1296 doff = SDPCM_DOFFSET_VALUE(&dptr[SDPCM_FRAMETAG_LEN]); 1297 txmax = SDPCM_WINDOW_VALUE(&dptr[SDPCM_FRAMETAG_LEN]); 1298 1299 errcode = 0; 1300 if ((u16)~(sublen ^ check)) { 1301 brcmf_dbg(ERROR, "(superframe): HW hdr error: len/check 0x%04x/0x%04x\n", 1302 sublen, check); 1303 errcode = -1; 1304 } else if (roundup(sublen, bus->blocksize) != dlen) { 1305 brcmf_dbg(ERROR, "(superframe): len 0x%04x, rounded 0x%04x, expect 0x%04x\n", 1306 sublen, roundup(sublen, bus->blocksize), 1307 dlen); 1308 errcode = -1; 1309 } else if (SDPCM_PACKET_CHANNEL(&dptr[SDPCM_FRAMETAG_LEN]) != 1310 SDPCM_GLOM_CHANNEL) { 1311 brcmf_dbg(ERROR, "(superframe): bad channel %d\n", 1312 SDPCM_PACKET_CHANNEL( 1313 &dptr[SDPCM_FRAMETAG_LEN])); 1314 errcode = -1; 1315 } else if (SDPCM_GLOMDESC(&dptr[SDPCM_FRAMETAG_LEN])) { 1316 brcmf_dbg(ERROR, "(superframe): got 2nd descriptor?\n"); 1317 errcode = -1; 1318 } else if ((doff < SDPCM_HDRLEN) || 1319 (doff > (pfirst->len - SDPCM_HDRLEN))) { 1320 brcmf_dbg(ERROR, "(superframe): Bad data offset %d: HW %d pkt %d min %d\n", 1321 doff, sublen, pfirst->len, SDPCM_HDRLEN); 1322 errcode = -1; 1323 } 1324 1325 /* Check sequence number of superframe SW header */ 1326 if (rxseq != seq) { 1327 brcmf_dbg(INFO, "(superframe) rx_seq %d, expected %d\n", 1328 seq, rxseq); 1329 bus->rx_badseq++; 1330 rxseq = seq; 1331 } 1332 1333 /* Check window for sanity */ 1334 if ((u8) (txmax - bus->tx_seq) > 0x40) { 1335 brcmf_dbg(ERROR, "unlikely tx max %d with tx_seq %d\n", 1336 txmax, bus->tx_seq); 1337 txmax = bus->tx_seq + 2; 1338 } 1339 bus->tx_max = txmax; 1340 1341 /* Remove superframe header, remember offset */ 1342 skb_pull(pfirst, doff); 1343 sfdoff = doff; 1344 num = 0; 1345 1346 /* Validate all the subframe headers */ 1347 skb_queue_walk(&bus->glom, pnext) { 1348 /* leave when invalid subframe is found */ 1349 if (errcode) 1350 break; 1351 1352 dptr = (u8 *) (pnext->data); 1353 dlen = (u16) (pnext->len); 1354 sublen = get_unaligned_le16(dptr); 1355 check = get_unaligned_le16(dptr + sizeof(u16)); 1356 chan = SDPCM_PACKET_CHANNEL(&dptr[SDPCM_FRAMETAG_LEN]); 1357 doff = SDPCM_DOFFSET_VALUE(&dptr[SDPCM_FRAMETAG_LEN]); 1358 brcmf_dbg_hex_dump(BRCMF_GLOM_ON(), 1359 dptr, 32, "subframe:\n"); 1360 1361 if ((u16)~(sublen ^ check)) { 1362 brcmf_dbg(ERROR, "(subframe %d): HW hdr error: len/check 0x%04x/0x%04x\n", 1363 num, sublen, check); 1364 errcode = -1; 1365 } else if ((sublen > dlen) || (sublen < SDPCM_HDRLEN)) { 1366 brcmf_dbg(ERROR, "(subframe %d): length mismatch: len 0x%04x, expect 0x%04x\n", 1367 num, sublen, dlen); 1368 errcode = -1; 1369 } else if ((chan != SDPCM_DATA_CHANNEL) && 1370 (chan != SDPCM_EVENT_CHANNEL)) { 1371 brcmf_dbg(ERROR, "(subframe %d): bad channel %d\n", 1372 num, chan); 1373 errcode = -1; 1374 } else if ((doff < SDPCM_HDRLEN) || (doff > sublen)) { 1375 brcmf_dbg(ERROR, "(subframe %d): Bad data offset %d: HW %d min %d\n", 1376 num, doff, sublen, SDPCM_HDRLEN); 1377 errcode = -1; 1378 } 1379 /* increase the subframe count */ 1380 num++; 1381 } 1382 1383 if (errcode) { 1384 /* Terminate frame on error, request 1385 a couple retries */ 1386 if (bus->glomerr++ < 3) { 1387 /* Restore superframe header space */ 1388 skb_push(pfirst, sfdoff); 1389 brcmf_sdbrcm_rxfail(bus, true, true); 1390 } else { 1391 bus->glomerr = 0; 1392 brcmf_sdbrcm_rxfail(bus, true, false); 1393 bus->rxglomfail++; 1394 brcmf_sdbrcm_free_glom(bus); 1395 } 1396 bus->nextlen = 0; 1397 return 0; 1398 } 1399 1400 /* Basic SD framing looks ok - process each packet (header) */ 1401 1402 skb_queue_walk_safe(&bus->glom, pfirst, pnext) { 1403 dptr = (u8 *) (pfirst->data); 1404 sublen = get_unaligned_le16(dptr); 1405 chan = SDPCM_PACKET_CHANNEL(&dptr[SDPCM_FRAMETAG_LEN]); 1406 seq = SDPCM_PACKET_SEQUENCE(&dptr[SDPCM_FRAMETAG_LEN]); 1407 doff = SDPCM_DOFFSET_VALUE(&dptr[SDPCM_FRAMETAG_LEN]); 1408 1409 brcmf_dbg(GLOM, "Get subframe %d, %p(%p/%d), sublen %d chan %d seq %d\n", 1410 num, pfirst, pfirst->data, 1411 pfirst->len, sublen, chan, seq); 1412 1413 /* precondition: chan == SDPCM_DATA_CHANNEL || 1414 chan == SDPCM_EVENT_CHANNEL */ 1415 1416 if (rxseq != seq) { 1417 brcmf_dbg(GLOM, "rx_seq %d, expected %d\n", 1418 seq, rxseq); 1419 bus->rx_badseq++; 1420 rxseq = seq; 1421 } 1422 rxseq++; 1423 1424 brcmf_dbg_hex_dump(BRCMF_BYTES_ON() && BRCMF_DATA_ON(), 1425 dptr, dlen, "Rx Subframe Data:\n"); 1426 1427 __skb_trim(pfirst, sublen); 1428 skb_pull(pfirst, doff); 1429 1430 if (pfirst->len == 0) { 1431 skb_unlink(pfirst, &bus->glom); 1432 brcmu_pkt_buf_free_skb(pfirst); 1433 continue; 1434 } else if (brcmf_proto_hdrpull(bus->sdiodev->dev, 1435 &ifidx, pfirst) != 0) { 1436 brcmf_dbg(ERROR, "rx protocol error\n"); 1437 bus->sdiodev->bus_if->dstats.rx_errors++; 1438 skb_unlink(pfirst, &bus->glom); 1439 brcmu_pkt_buf_free_skb(pfirst); 1440 continue; 1441 } 1442 1443 brcmf_dbg_hex_dump(BRCMF_GLOM_ON(), 1444 pfirst->data, 1445 min_t(int, pfirst->len, 32), 1446 "subframe %d to stack, %p (%p/%d) nxt/lnk %p/%p\n", 1447 bus->glom.qlen, pfirst, pfirst->data, 1448 pfirst->len, pfirst->next, 1449 pfirst->prev); 1450 } 1451 /* sent any remaining packets up */ 1452 if (bus->glom.qlen) { 1453 up(&bus->sdsem); 1454 brcmf_rx_frame(bus->sdiodev->dev, ifidx, &bus->glom); 1455 down(&bus->sdsem); 1456 } 1457 1458 bus->rxglomframes++; 1459 bus->rxglompkts += bus->glom.qlen; 1460 } 1461 return num; 1462} 1463 1464static int brcmf_sdbrcm_dcmd_resp_wait(struct brcmf_sdio *bus, uint *condition, 1465 bool *pending) 1466{ 1467 DECLARE_WAITQUEUE(wait, current); 1468 int timeout = msecs_to_jiffies(DCMD_RESP_TIMEOUT); 1469 1470 /* Wait until control frame is available */ 1471 add_wait_queue(&bus->dcmd_resp_wait, &wait); 1472 set_current_state(TASK_INTERRUPTIBLE); 1473 1474 while (!(*condition) && (!signal_pending(current) && timeout)) 1475 timeout = schedule_timeout(timeout); 1476 1477 if (signal_pending(current)) 1478 *pending = true; 1479 1480 set_current_state(TASK_RUNNING); 1481 remove_wait_queue(&bus->dcmd_resp_wait, &wait); 1482 1483 return timeout; 1484} 1485 1486static int brcmf_sdbrcm_dcmd_resp_wake(struct brcmf_sdio *bus) 1487{ 1488 if (waitqueue_active(&bus->dcmd_resp_wait)) 1489 wake_up_interruptible(&bus->dcmd_resp_wait); 1490 1491 return 0; 1492} 1493static void 1494brcmf_sdbrcm_read_control(struct brcmf_sdio *bus, u8 *hdr, uint len, uint doff) 1495{ 1496 uint rdlen, pad; 1497 1498 int sdret; 1499 1500 brcmf_dbg(TRACE, "Enter\n"); 1501 1502 /* Set rxctl for frame (w/optional alignment) */ 1503 bus->rxctl = bus->rxbuf; 1504 bus->rxctl += BRCMF_FIRSTREAD; 1505 pad = ((unsigned long)bus->rxctl % BRCMF_SDALIGN); 1506 if (pad) 1507 bus->rxctl += (BRCMF_SDALIGN - pad); 1508 bus->rxctl -= BRCMF_FIRSTREAD; 1509 1510 /* Copy the already-read portion over */ 1511 memcpy(bus->rxctl, hdr, BRCMF_FIRSTREAD); 1512 if (len <= BRCMF_FIRSTREAD) 1513 goto gotpkt; 1514 1515 /* Raise rdlen to next SDIO block to avoid tail command */ 1516 rdlen = len - BRCMF_FIRSTREAD; 1517 if (bus->roundup && bus->blocksize && (rdlen > bus->blocksize)) { 1518 pad = bus->blocksize - (rdlen % bus->blocksize); 1519 if ((pad <= bus->roundup) && (pad < bus->blocksize) && 1520 ((len + pad) < bus->sdiodev->bus_if->maxctl)) 1521 rdlen += pad; 1522 } else if (rdlen % BRCMF_SDALIGN) { 1523 rdlen += BRCMF_SDALIGN - (rdlen % BRCMF_SDALIGN); 1524 } 1525 1526 /* Satisfy length-alignment requirements */ 1527 if (rdlen & (ALIGNMENT - 1)) 1528 rdlen = roundup(rdlen, ALIGNMENT); 1529 1530 /* Drop if the read is too big or it exceeds our maximum */ 1531 if ((rdlen + BRCMF_FIRSTREAD) > bus->sdiodev->bus_if->maxctl) { 1532 brcmf_dbg(ERROR, "%d-byte control read exceeds %d-byte buffer\n", 1533 rdlen, bus->sdiodev->bus_if->maxctl); 1534 bus->sdiodev->bus_if->dstats.rx_errors++; 1535 brcmf_sdbrcm_rxfail(bus, false, false); 1536 goto done; 1537 } 1538 1539 if ((len - doff) > bus->sdiodev->bus_if->maxctl) { 1540 brcmf_dbg(ERROR, "%d-byte ctl frame (%d-byte ctl data) exceeds %d-byte limit\n", 1541 len, len - doff, bus->sdiodev->bus_if->maxctl); 1542 bus->sdiodev->bus_if->dstats.rx_errors++; 1543 bus->rx_toolong++; 1544 brcmf_sdbrcm_rxfail(bus, false, false); 1545 goto done; 1546 } 1547 1548 /* Read remainder of frame body into the rxctl buffer */ 1549 sdret = brcmf_sdcard_recv_buf(bus->sdiodev, 1550 bus->sdiodev->sbwad, 1551 SDIO_FUNC_2, 1552 F2SYNC, (bus->rxctl + BRCMF_FIRSTREAD), rdlen); 1553 bus->f2rxdata++; 1554 1555 /* Control frame failures need retransmission */ 1556 if (sdret < 0) { 1557 brcmf_dbg(ERROR, "read %d control bytes failed: %d\n", 1558 rdlen, sdret); 1559 bus->rxc_errors++; 1560 brcmf_sdbrcm_rxfail(bus, true, true); 1561 goto done; 1562 } 1563 1564gotpkt: 1565 1566 brcmf_dbg_hex_dump(BRCMF_BYTES_ON() && BRCMF_CTL_ON(), 1567 bus->rxctl, len, "RxCtrl:\n"); 1568 1569 /* Point to valid data and indicate its length */ 1570 bus->rxctl += doff; 1571 bus->rxlen = len - doff; 1572 1573done: 1574 /* Awake any waiters */ 1575 brcmf_sdbrcm_dcmd_resp_wake(bus); 1576} 1577 1578/* Pad read to blocksize for efficiency */ 1579static void brcmf_pad(struct brcmf_sdio *bus, u16 *pad, u16 *rdlen) 1580{ 1581 if (bus->roundup && bus->blocksize && *rdlen > bus->blocksize) { 1582 *pad = bus->blocksize - (*rdlen % bus->blocksize); 1583 if (*pad <= bus->roundup && *pad < bus->blocksize && 1584 *rdlen + *pad + BRCMF_FIRSTREAD < MAX_RX_DATASZ) 1585 *rdlen += *pad; 1586 } else if (*rdlen % BRCMF_SDALIGN) { 1587 *rdlen += BRCMF_SDALIGN - (*rdlen % BRCMF_SDALIGN); 1588 } 1589} 1590 1591static void 1592brcmf_alloc_pkt_and_read(struct brcmf_sdio *bus, u16 rdlen, 1593 struct sk_buff **pkt, u8 **rxbuf) 1594{ 1595 int sdret; /* Return code from calls */ 1596 1597 *pkt = brcmu_pkt_buf_get_skb(rdlen + BRCMF_SDALIGN); 1598 if (*pkt == NULL) 1599 return; 1600 1601 pkt_align(*pkt, rdlen, BRCMF_SDALIGN); 1602 *rxbuf = (u8 *) ((*pkt)->data); 1603 /* Read the entire frame */ 1604 sdret = brcmf_sdcard_recv_pkt(bus->sdiodev, bus->sdiodev->sbwad, 1605 SDIO_FUNC_2, F2SYNC, *pkt); 1606 bus->f2rxdata++; 1607 1608 if (sdret < 0) { 1609 brcmf_dbg(ERROR, "(nextlen): read %d bytes failed: %d\n", 1610 rdlen, sdret); 1611 brcmu_pkt_buf_free_skb(*pkt); 1612 bus->sdiodev->bus_if->dstats.rx_errors++; 1613 /* Force retry w/normal header read. 1614 * Don't attempt NAK for 1615 * gSPI 1616 */ 1617 brcmf_sdbrcm_rxfail(bus, true, true); 1618 *pkt = NULL; 1619 } 1620} 1621 1622/* Checks the header */ 1623static int 1624brcmf_check_rxbuf(struct brcmf_sdio *bus, struct sk_buff *pkt, u8 *rxbuf, 1625 u8 rxseq, u16 nextlen, u16 *len) 1626{ 1627 u16 check; 1628 bool len_consistent; /* Result of comparing readahead len and 1629 len from hw-hdr */ 1630 1631 memcpy(bus->rxhdr, rxbuf, SDPCM_HDRLEN); 1632 1633 /* Extract hardware header fields */ 1634 *len = get_unaligned_le16(bus->rxhdr); 1635 check = get_unaligned_le16(bus->rxhdr + sizeof(u16)); 1636 1637 /* All zeros means readahead info was bad */ 1638 if (!(*len | check)) { 1639 brcmf_dbg(INFO, "(nextlen): read zeros in HW header???\n"); 1640 goto fail; 1641 } 1642 1643 /* Validate check bytes */ 1644 if ((u16)~(*len ^ check)) { 1645 brcmf_dbg(ERROR, "(nextlen): HW hdr error: nextlen/len/check 0x%04x/0x%04x/0x%04x\n", 1646 nextlen, *len, check); 1647 bus->rx_badhdr++; 1648 brcmf_sdbrcm_rxfail(bus, false, false); 1649 goto fail; 1650 } 1651 1652 /* Validate frame length */ 1653 if (*len < SDPCM_HDRLEN) { 1654 brcmf_dbg(ERROR, "(nextlen): HW hdr length invalid: %d\n", 1655 *len); 1656 goto fail; 1657 } 1658 1659 /* Check for consistency with readahead info */ 1660 len_consistent = (nextlen != (roundup(*len, 16) >> 4)); 1661 if (len_consistent) { 1662 /* Mismatch, force retry w/normal 1663 header (may be >4K) */ 1664 brcmf_dbg(ERROR, "(nextlen): mismatch, nextlen %d len %d rnd %d; expected rxseq %d\n", 1665 nextlen, *len, roundup(*len, 16), 1666 rxseq); 1667 brcmf_sdbrcm_rxfail(bus, true, true); 1668 goto fail; 1669 } 1670 1671 return 0; 1672 1673fail: 1674 brcmf_sdbrcm_pktfree2(bus, pkt); 1675 return -EINVAL; 1676} 1677 1678/* Return true if there may be more frames to read */ 1679static uint 1680brcmf_sdbrcm_readframes(struct brcmf_sdio *bus, uint maxframes, bool *finished) 1681{ 1682 u16 len, check; /* Extracted hardware header fields */ 1683 u8 chan, seq, doff; /* Extracted software header fields */ 1684 u8 fcbits; /* Extracted fcbits from software header */ 1685 1686 struct sk_buff *pkt; /* Packet for event or data frames */ 1687 u16 pad; /* Number of pad bytes to read */ 1688 u16 rdlen; /* Total number of bytes to read */ 1689 u8 rxseq; /* Next sequence number to expect */ 1690 uint rxleft = 0; /* Remaining number of frames allowed */ 1691 int sdret; /* Return code from calls */ 1692 u8 txmax; /* Maximum tx sequence offered */ 1693 u8 *rxbuf; 1694 int ifidx = 0; 1695 uint rxcount = 0; /* Total frames read */ 1696 1697 brcmf_dbg(TRACE, "Enter\n"); 1698 1699 /* Not finished unless we encounter no more frames indication */ 1700 *finished = false; 1701 1702 for (rxseq = bus->rx_seq, rxleft = maxframes; 1703 !bus->rxskip && rxleft && 1704 bus->sdiodev->bus_if->state != BRCMF_BUS_DOWN; 1705 rxseq++, rxleft--) { 1706 1707 /* Handle glomming separately */ 1708 if (bus->glomd || !skb_queue_empty(&bus->glom)) { 1709 u8 cnt; 1710 brcmf_dbg(GLOM, "calling rxglom: glomd %p, glom %p\n", 1711 bus->glomd, skb_peek(&bus->glom)); 1712 cnt = brcmf_sdbrcm_rxglom(bus, rxseq); 1713 brcmf_dbg(GLOM, "rxglom returned %d\n", cnt); 1714 rxseq += cnt - 1; 1715 rxleft = (rxleft > cnt) ? (rxleft - cnt) : 1; 1716 continue; 1717 } 1718 1719 /* Try doing single read if we can */ 1720 if (bus->nextlen) { 1721 u16 nextlen = bus->nextlen; 1722 bus->nextlen = 0; 1723 1724 rdlen = len = nextlen << 4; 1725 brcmf_pad(bus, &pad, &rdlen); 1726 1727 /* 1728 * After the frame is received we have to 1729 * distinguish whether it is data 1730 * or non-data frame. 1731 */ 1732 brcmf_alloc_pkt_and_read(bus, rdlen, &pkt, &rxbuf); 1733 if (pkt == NULL) { 1734 /* Give up on data, request rtx of events */ 1735 brcmf_dbg(ERROR, "(nextlen): brcmf_alloc_pkt_and_read failed: len %d rdlen %d expected rxseq %d\n", 1736 len, rdlen, rxseq); 1737 continue; 1738 } 1739 1740 if (brcmf_check_rxbuf(bus, pkt, rxbuf, rxseq, nextlen, 1741 &len) < 0) 1742 continue; 1743 1744 /* Extract software header fields */ 1745 chan = SDPCM_PACKET_CHANNEL( 1746 &bus->rxhdr[SDPCM_FRAMETAG_LEN]); 1747 seq = SDPCM_PACKET_SEQUENCE( 1748 &bus->rxhdr[SDPCM_FRAMETAG_LEN]); 1749 doff = SDPCM_DOFFSET_VALUE( 1750 &bus->rxhdr[SDPCM_FRAMETAG_LEN]); 1751 txmax = SDPCM_WINDOW_VALUE( 1752 &bus->rxhdr[SDPCM_FRAMETAG_LEN]); 1753 1754 bus->nextlen = 1755 bus->rxhdr[SDPCM_FRAMETAG_LEN + 1756 SDPCM_NEXTLEN_OFFSET]; 1757 if ((bus->nextlen << 4) > MAX_RX_DATASZ) { 1758 brcmf_dbg(INFO, "(nextlen): got frame w/nextlen too large (%d), seq %d\n", 1759 bus->nextlen, seq); 1760 bus->nextlen = 0; 1761 } 1762 1763 bus->rx_readahead_cnt++; 1764 1765 /* Handle Flow Control */ 1766 fcbits = SDPCM_FCMASK_VALUE( 1767 &bus->rxhdr[SDPCM_FRAMETAG_LEN]); 1768 1769 if (bus->flowcontrol != fcbits) { 1770 if (~bus->flowcontrol & fcbits) 1771 bus->fc_xoff++; 1772 1773 if (bus->flowcontrol & ~fcbits) 1774 bus->fc_xon++; 1775 1776 bus->fc_rcvd++; 1777 bus->flowcontrol = fcbits; 1778 } 1779 1780 /* Check and update sequence number */ 1781 if (rxseq != seq) { 1782 brcmf_dbg(INFO, "(nextlen): rx_seq %d, expected %d\n", 1783 seq, rxseq); 1784 bus->rx_badseq++; 1785 rxseq = seq; 1786 } 1787 1788 /* Check window for sanity */ 1789 if ((u8) (txmax - bus->tx_seq) > 0x40) { 1790 brcmf_dbg(ERROR, "got unlikely tx max %d with tx_seq %d\n", 1791 txmax, bus->tx_seq); 1792 txmax = bus->tx_seq + 2; 1793 } 1794 bus->tx_max = txmax; 1795 1796 brcmf_dbg_hex_dump(BRCMF_BYTES_ON() && BRCMF_DATA_ON(), 1797 rxbuf, len, "Rx Data:\n"); 1798 brcmf_dbg_hex_dump(!(BRCMF_BYTES_ON() && 1799 BRCMF_DATA_ON()) && 1800 BRCMF_HDRS_ON(), 1801 bus->rxhdr, SDPCM_HDRLEN, 1802 "RxHdr:\n"); 1803 1804 if (chan == SDPCM_CONTROL_CHANNEL) { 1805 brcmf_dbg(ERROR, "(nextlen): readahead on control packet %d?\n", 1806 seq); 1807 /* Force retry w/normal header read */ 1808 bus->nextlen = 0; 1809 brcmf_sdbrcm_rxfail(bus, false, true); 1810 brcmf_sdbrcm_pktfree2(bus, pkt); 1811 continue; 1812 } 1813 1814 /* Validate data offset */ 1815 if ((doff < SDPCM_HDRLEN) || (doff > len)) { 1816 brcmf_dbg(ERROR, "(nextlen): bad data offset %d: HW len %d min %d\n", 1817 doff, len, SDPCM_HDRLEN); 1818 brcmf_sdbrcm_rxfail(bus, false, false); 1819 brcmf_sdbrcm_pktfree2(bus, pkt); 1820 continue; 1821 } 1822 1823 /* All done with this one -- now deliver the packet */ 1824 goto deliver; 1825 } 1826 1827 /* Read frame header (hardware and software) */ 1828 sdret = brcmf_sdcard_recv_buf(bus->sdiodev, bus->sdiodev->sbwad, 1829 SDIO_FUNC_2, F2SYNC, bus->rxhdr, 1830 BRCMF_FIRSTREAD); 1831 bus->f2rxhdrs++; 1832 1833 if (sdret < 0) { 1834 brcmf_dbg(ERROR, "RXHEADER FAILED: %d\n", sdret); 1835 bus->rx_hdrfail++; 1836 brcmf_sdbrcm_rxfail(bus, true, true); 1837 continue; 1838 } 1839 brcmf_dbg_hex_dump(BRCMF_BYTES_ON() || BRCMF_HDRS_ON(), 1840 bus->rxhdr, SDPCM_HDRLEN, "RxHdr:\n"); 1841 1842 1843 /* Extract hardware header fields */ 1844 len = get_unaligned_le16(bus->rxhdr); 1845 check = get_unaligned_le16(bus->rxhdr + sizeof(u16)); 1846 1847 /* All zeros means no more frames */ 1848 if (!(len | check)) { 1849 *finished = true; 1850 break; 1851 } 1852 1853 /* Validate check bytes */ 1854 if ((u16) ~(len ^ check)) { 1855 brcmf_dbg(ERROR, "HW hdr err: len/check 0x%04x/0x%04x\n", 1856 len, check); 1857 bus->rx_badhdr++; 1858 brcmf_sdbrcm_rxfail(bus, false, false); 1859 continue; 1860 } 1861 1862 /* Validate frame length */ 1863 if (len < SDPCM_HDRLEN) { 1864 brcmf_dbg(ERROR, "HW hdr length invalid: %d\n", len); 1865 continue; 1866 } 1867 1868 /* Extract software header fields */ 1869 chan = SDPCM_PACKET_CHANNEL(&bus->rxhdr[SDPCM_FRAMETAG_LEN]); 1870 seq = SDPCM_PACKET_SEQUENCE(&bus->rxhdr[SDPCM_FRAMETAG_LEN]); 1871 doff = SDPCM_DOFFSET_VALUE(&bus->rxhdr[SDPCM_FRAMETAG_LEN]); 1872 txmax = SDPCM_WINDOW_VALUE(&bus->rxhdr[SDPCM_FRAMETAG_LEN]); 1873 1874 /* Validate data offset */ 1875 if ((doff < SDPCM_HDRLEN) || (doff > len)) { 1876 brcmf_dbg(ERROR, "Bad data offset %d: HW len %d, min %d seq %d\n", 1877 doff, len, SDPCM_HDRLEN, seq); 1878 bus->rx_badhdr++; 1879 brcmf_sdbrcm_rxfail(bus, false, false); 1880 continue; 1881 } 1882 1883 /* Save the readahead length if there is one */ 1884 bus->nextlen = 1885 bus->rxhdr[SDPCM_FRAMETAG_LEN + SDPCM_NEXTLEN_OFFSET]; 1886 if ((bus->nextlen << 4) > MAX_RX_DATASZ) { 1887 brcmf_dbg(INFO, "(nextlen): got frame w/nextlen too large (%d), seq %d\n", 1888 bus->nextlen, seq); 1889 bus->nextlen = 0; 1890 } 1891 1892 /* Handle Flow Control */ 1893 fcbits = SDPCM_FCMASK_VALUE(&bus->rxhdr[SDPCM_FRAMETAG_LEN]); 1894 1895 if (bus->flowcontrol != fcbits) { 1896 if (~bus->flowcontrol & fcbits) 1897 bus->fc_xoff++; 1898 1899 if (bus->flowcontrol & ~fcbits) 1900 bus->fc_xon++; 1901 1902 bus->fc_rcvd++; 1903 bus->flowcontrol = fcbits; 1904 } 1905 1906 /* Check and update sequence number */ 1907 if (rxseq != seq) { 1908 brcmf_dbg(INFO, "rx_seq %d, expected %d\n", seq, rxseq); 1909 bus->rx_badseq++; 1910 rxseq = seq; 1911 } 1912 1913 /* Check window for sanity */ 1914 if ((u8) (txmax - bus->tx_seq) > 0x40) { 1915 brcmf_dbg(ERROR, "unlikely tx max %d with tx_seq %d\n", 1916 txmax, bus->tx_seq); 1917 txmax = bus->tx_seq + 2; 1918 } 1919 bus->tx_max = txmax; 1920 1921 /* Call a separate function for control frames */ 1922 if (chan == SDPCM_CONTROL_CHANNEL) { 1923 brcmf_sdbrcm_read_control(bus, bus->rxhdr, len, doff); 1924 continue; 1925 } 1926 1927 /* precondition: chan is either SDPCM_DATA_CHANNEL, 1928 SDPCM_EVENT_CHANNEL, SDPCM_TEST_CHANNEL or 1929 SDPCM_GLOM_CHANNEL */ 1930 1931 /* Length to read */ 1932 rdlen = (len > BRCMF_FIRSTREAD) ? (len - BRCMF_FIRSTREAD) : 0; 1933 1934 /* May pad read to blocksize for efficiency */ 1935 if (bus->roundup && bus->blocksize && 1936 (rdlen > bus->blocksize)) { 1937 pad = bus->blocksize - (rdlen % bus->blocksize); 1938 if ((pad <= bus->roundup) && (pad < bus->blocksize) && 1939 ((rdlen + pad + BRCMF_FIRSTREAD) < MAX_RX_DATASZ)) 1940 rdlen += pad; 1941 } else if (rdlen % BRCMF_SDALIGN) { 1942 rdlen += BRCMF_SDALIGN - (rdlen % BRCMF_SDALIGN); 1943 } 1944 1945 /* Satisfy length-alignment requirements */ 1946 if (rdlen & (ALIGNMENT - 1)) 1947 rdlen = roundup(rdlen, ALIGNMENT); 1948 1949 if ((rdlen + BRCMF_FIRSTREAD) > MAX_RX_DATASZ) { 1950 /* Too long -- skip this frame */ 1951 brcmf_dbg(ERROR, "too long: len %d rdlen %d\n", 1952 len, rdlen); 1953 bus->sdiodev->bus_if->dstats.rx_errors++; 1954 bus->rx_toolong++; 1955 brcmf_sdbrcm_rxfail(bus, false, false); 1956 continue; 1957 } 1958 1959 pkt = brcmu_pkt_buf_get_skb(rdlen + 1960 BRCMF_FIRSTREAD + BRCMF_SDALIGN); 1961 if (!pkt) { 1962 /* Give up on data, request rtx of events */ 1963 brcmf_dbg(ERROR, "brcmu_pkt_buf_get_skb failed: rdlen %d chan %d\n", 1964 rdlen, chan); 1965 bus->sdiodev->bus_if->dstats.rx_dropped++; 1966 brcmf_sdbrcm_rxfail(bus, false, RETRYCHAN(chan)); 1967 continue; 1968 } 1969 1970 /* Leave room for what we already read, and align remainder */ 1971 skb_pull(pkt, BRCMF_FIRSTREAD); 1972 pkt_align(pkt, rdlen, BRCMF_SDALIGN); 1973 1974 /* Read the remaining frame data */ 1975 sdret = brcmf_sdcard_recv_pkt(bus->sdiodev, bus->sdiodev->sbwad, 1976 SDIO_FUNC_2, F2SYNC, pkt); 1977 bus->f2rxdata++; 1978 1979 if (sdret < 0) { 1980 brcmf_dbg(ERROR, "read %d %s bytes failed: %d\n", rdlen, 1981 ((chan == SDPCM_EVENT_CHANNEL) ? "event" 1982 : ((chan == SDPCM_DATA_CHANNEL) ? "data" 1983 : "test")), sdret); 1984 brcmu_pkt_buf_free_skb(pkt); 1985 bus->sdiodev->bus_if->dstats.rx_errors++; 1986 brcmf_sdbrcm_rxfail(bus, true, RETRYCHAN(chan)); 1987 continue; 1988 } 1989 1990 /* Copy the already-read portion */ 1991 skb_push(pkt, BRCMF_FIRSTREAD); 1992 memcpy(pkt->data, bus->rxhdr, BRCMF_FIRSTREAD); 1993 1994 brcmf_dbg_hex_dump(BRCMF_BYTES_ON() && BRCMF_DATA_ON(), 1995 pkt->data, len, "Rx Data:\n"); 1996 1997deliver: 1998 /* Save superframe descriptor and allocate packet frame */ 1999 if (chan == SDPCM_GLOM_CHANNEL) { 2000 if (SDPCM_GLOMDESC(&bus->rxhdr[SDPCM_FRAMETAG_LEN])) { 2001 brcmf_dbg(GLOM, "glom descriptor, %d bytes:\n", 2002 len); 2003 brcmf_dbg_hex_dump(BRCMF_GLOM_ON(), 2004 pkt->data, len, 2005 "Glom Data:\n"); 2006 __skb_trim(pkt, len); 2007 skb_pull(pkt, SDPCM_HDRLEN); 2008 bus->glomd = pkt; 2009 } else { 2010 brcmf_dbg(ERROR, "%s: glom superframe w/o " 2011 "descriptor!\n", __func__); 2012 brcmf_sdbrcm_rxfail(bus, false, false); 2013 } 2014 continue; 2015 } 2016 2017 /* Fill in packet len and prio, deliver upward */ 2018 __skb_trim(pkt, len); 2019 skb_pull(pkt, doff); 2020 2021 if (pkt->len == 0) { 2022 brcmu_pkt_buf_free_skb(pkt); 2023 continue; 2024 } else if (brcmf_proto_hdrpull(bus->sdiodev->dev, &ifidx, 2025 pkt) != 0) { 2026 brcmf_dbg(ERROR, "rx protocol error\n"); 2027 brcmu_pkt_buf_free_skb(pkt); 2028 bus->sdiodev->bus_if->dstats.rx_errors++; 2029 continue; 2030 } 2031 2032 /* Unlock during rx call */ 2033 up(&bus->sdsem); 2034 brcmf_rx_packet(bus->sdiodev->dev, ifidx, pkt); 2035 down(&bus->sdsem); 2036 } 2037 rxcount = maxframes - rxleft; 2038 /* Message if we hit the limit */ 2039 if (!rxleft) 2040 brcmf_dbg(DATA, "hit rx limit of %d frames\n", 2041 maxframes); 2042 else 2043 brcmf_dbg(DATA, "processed %d frames\n", rxcount); 2044 /* Back off rxseq if awaiting rtx, update rx_seq */ 2045 if (bus->rxskip) 2046 rxseq--; 2047 bus->rx_seq = rxseq; 2048 2049 return rxcount; 2050} 2051 2052static void 2053brcmf_sdbrcm_wait_for_event(struct brcmf_sdio *bus, bool *lockvar) 2054{ 2055 up(&bus->sdsem); 2056 wait_event_interruptible_timeout(bus->ctrl_wait, !*lockvar, HZ * 2); 2057 down(&bus->sdsem); 2058 return; 2059} 2060 2061static void 2062brcmf_sdbrcm_wait_event_wakeup(struct brcmf_sdio *bus) 2063{ 2064 if (waitqueue_active(&bus->ctrl_wait)) 2065 wake_up_interruptible(&bus->ctrl_wait); 2066 return; 2067} 2068 2069/* Writes a HW/SW header into the packet and sends it. */ 2070/* Assumes: (a) header space already there, (b) caller holds lock */ 2071static int brcmf_sdbrcm_txpkt(struct brcmf_sdio *bus, struct sk_buff *pkt, 2072 uint chan, bool free_pkt) 2073{ 2074 int ret; 2075 u8 *frame; 2076 u16 len, pad = 0; 2077 u32 swheader; 2078 struct sk_buff *new; 2079 int i; 2080 2081 brcmf_dbg(TRACE, "Enter\n"); 2082 2083 frame = (u8 *) (pkt->data); 2084 2085 /* Add alignment padding, allocate new packet if needed */ 2086 pad = ((unsigned long)frame % BRCMF_SDALIGN); 2087 if (pad) { 2088 if (skb_headroom(pkt) < pad) { 2089 brcmf_dbg(INFO, "insufficient headroom %d for %d pad\n", 2090 skb_headroom(pkt), pad); 2091 bus->sdiodev->bus_if->tx_realloc++; 2092 new = brcmu_pkt_buf_get_skb(pkt->len + BRCMF_SDALIGN); 2093 if (!new) { 2094 brcmf_dbg(ERROR, "couldn't allocate new %d-byte packet\n", 2095 pkt->len + BRCMF_SDALIGN); 2096 ret = -ENOMEM; 2097 goto done; 2098 } 2099 2100 pkt_align(new, pkt->len, BRCMF_SDALIGN); 2101 memcpy(new->data, pkt->data, pkt->len); 2102 if (free_pkt) 2103 brcmu_pkt_buf_free_skb(pkt); 2104 /* free the pkt if canned one is not used */ 2105 free_pkt = true; 2106 pkt = new; 2107 frame = (u8 *) (pkt->data); 2108 /* precondition: (frame % BRCMF_SDALIGN) == 0) */ 2109 pad = 0; 2110 } else { 2111 skb_push(pkt, pad); 2112 frame = (u8 *) (pkt->data); 2113 /* precondition: pad + SDPCM_HDRLEN <= pkt->len */ 2114 memset(frame, 0, pad + SDPCM_HDRLEN); 2115 } 2116 } 2117 /* precondition: pad < BRCMF_SDALIGN */ 2118 2119 /* Hardware tag: 2 byte len followed by 2 byte ~len check (all LE) */ 2120 len = (u16) (pkt->len); 2121 *(__le16 *) frame = cpu_to_le16(len); 2122 *(((__le16 *) frame) + 1) = cpu_to_le16(~len); 2123 2124 /* Software tag: channel, sequence number, data offset */ 2125 swheader = 2126 ((chan << SDPCM_CHANNEL_SHIFT) & SDPCM_CHANNEL_MASK) | bus->tx_seq | 2127 (((pad + 2128 SDPCM_HDRLEN) << SDPCM_DOFFSET_SHIFT) & SDPCM_DOFFSET_MASK); 2129 2130 put_unaligned_le32(swheader, frame + SDPCM_FRAMETAG_LEN); 2131 put_unaligned_le32(0, frame + SDPCM_FRAMETAG_LEN + sizeof(swheader)); 2132 2133#ifdef DEBUG 2134 tx_packets[pkt->priority]++; 2135#endif 2136 2137 brcmf_dbg_hex_dump(BRCMF_BYTES_ON() && 2138 ((BRCMF_CTL_ON() && chan == SDPCM_CONTROL_CHANNEL) || 2139 (BRCMF_DATA_ON() && chan != SDPCM_CONTROL_CHANNEL)), 2140 frame, len, "Tx Frame:\n"); 2141 brcmf_dbg_hex_dump(!(BRCMF_BYTES_ON() && 2142 ((BRCMF_CTL_ON() && 2143 chan == SDPCM_CONTROL_CHANNEL) || 2144 (BRCMF_DATA_ON() && 2145 chan != SDPCM_CONTROL_CHANNEL))) && 2146 BRCMF_HDRS_ON(), 2147 frame, min_t(u16, len, 16), "TxHdr:\n"); 2148 2149 /* Raise len to next SDIO block to eliminate tail command */ 2150 if (bus->roundup && bus->blocksize && (len > bus->blocksize)) { 2151 u16 pad = bus->blocksize - (len % bus->blocksize); 2152 if ((pad <= bus->roundup) && (pad < bus->blocksize)) 2153 len += pad; 2154 } else if (len % BRCMF_SDALIGN) { 2155 len += BRCMF_SDALIGN - (len % BRCMF_SDALIGN); 2156 } 2157 2158 /* Some controllers have trouble with odd bytes -- round to even */ 2159 if (len & (ALIGNMENT - 1)) 2160 len = roundup(len, ALIGNMENT); 2161 2162 ret = brcmf_sdcard_send_pkt(bus->sdiodev, bus->sdiodev->sbwad, 2163 SDIO_FUNC_2, F2SYNC, pkt); 2164 bus->f2txdata++; 2165 2166 if (ret < 0) { 2167 /* On failure, abort the command and terminate the frame */ 2168 brcmf_dbg(INFO, "sdio error %d, abort command and terminate frame\n", 2169 ret); 2170 bus->tx_sderrs++; 2171 2172 brcmf_sdcard_abort(bus->sdiodev, SDIO_FUNC_2); 2173 brcmf_sdio_regwb(bus->sdiodev, SBSDIO_FUNC1_FRAMECTRL, 2174 SFC_WF_TERM, NULL); 2175 bus->f1regdata++; 2176 2177 for (i = 0; i < 3; i++) { 2178 u8 hi, lo; 2179 hi = brcmf_sdio_regrb(bus->sdiodev, 2180 SBSDIO_FUNC1_WFRAMEBCHI, NULL); 2181 lo = brcmf_sdio_regrb(bus->sdiodev, 2182 SBSDIO_FUNC1_WFRAMEBCLO, NULL); 2183 bus->f1regdata += 2; 2184 if ((hi == 0) && (lo == 0)) 2185 break; 2186 } 2187 2188 } 2189 if (ret == 0) 2190 bus->tx_seq = (bus->tx_seq + 1) % SDPCM_SEQUENCE_WRAP; 2191 2192done: 2193 /* restore pkt buffer pointer before calling tx complete routine */ 2194 skb_pull(pkt, SDPCM_HDRLEN + pad); 2195 up(&bus->sdsem); 2196 brcmf_txcomplete(bus->sdiodev->dev, pkt, ret != 0); 2197 down(&bus->sdsem); 2198 2199 if (free_pkt) 2200 brcmu_pkt_buf_free_skb(pkt); 2201 2202 return ret; 2203} 2204 2205static uint brcmf_sdbrcm_sendfromq(struct brcmf_sdio *bus, uint maxframes) 2206{ 2207 struct sk_buff *pkt; 2208 u32 intstatus = 0; 2209 uint retries = 0; 2210 int ret = 0, prec_out; 2211 uint cnt = 0; 2212 uint datalen; 2213 u8 tx_prec_map; 2214 2215 brcmf_dbg(TRACE, "Enter\n"); 2216 2217 tx_prec_map = ~bus->flowcontrol; 2218 2219 /* Send frames until the limit or some other event */ 2220 for (cnt = 0; (cnt < maxframes) && data_ok(bus); cnt++) { 2221 spin_lock_bh(&bus->txqlock); 2222 pkt = brcmu_pktq_mdeq(&bus->txq, tx_prec_map, &prec_out); 2223 if (pkt == NULL) { 2224 spin_unlock_bh(&bus->txqlock); 2225 break; 2226 } 2227 spin_unlock_bh(&bus->txqlock); 2228 datalen = pkt->len - SDPCM_HDRLEN; 2229 2230 ret = brcmf_sdbrcm_txpkt(bus, pkt, SDPCM_DATA_CHANNEL, true); 2231 if (ret) 2232 bus->sdiodev->bus_if->dstats.tx_errors++; 2233 else 2234 bus->sdiodev->bus_if->dstats.tx_bytes += datalen; 2235 2236 /* In poll mode, need to check for other events */ 2237 if (!bus->intr && cnt) { 2238 /* Check device status, signal pending interrupt */ 2239 r_sdreg32(bus, &intstatus, 2240 offsetof(struct sdpcmd_regs, intstatus), 2241 &retries); 2242 bus->f2txdata++; 2243 if (brcmf_sdcard_regfail(bus->sdiodev)) 2244 break; 2245 if (intstatus & bus->hostintmask) 2246 bus->ipend = true; 2247 } 2248 } 2249 2250 /* Deflow-control stack if needed */ 2251 if (bus->sdiodev->bus_if->drvr_up && 2252 (bus->sdiodev->bus_if->state == BRCMF_BUS_DATA) && 2253 bus->txoff && (pktq_len(&bus->txq) < TXLOW)) { 2254 bus->txoff = OFF; 2255 brcmf_txflowcontrol(bus->sdiodev->dev, 0, OFF); 2256 } 2257 2258 return cnt; 2259} 2260 2261static void brcmf_sdbrcm_bus_stop(struct device *dev) 2262{ 2263 u32 local_hostintmask; 2264 u8 saveclk; 2265 uint retries; 2266 int err; 2267 struct brcmf_bus *bus_if = dev_get_drvdata(dev); 2268 struct brcmf_sdio_dev *sdiodev = bus_if->bus_priv.sdio; 2269 struct brcmf_sdio *bus = sdiodev->bus; 2270 2271 brcmf_dbg(TRACE, "Enter\n"); 2272 2273 if (bus->watchdog_tsk) { 2274 send_sig(SIGTERM, bus->watchdog_tsk, 1); 2275 kthread_stop(bus->watchdog_tsk); 2276 bus->watchdog_tsk = NULL; 2277 } 2278 2279 if (bus->dpc_tsk && bus->dpc_tsk != current) { 2280 send_sig(SIGTERM, bus->dpc_tsk, 1); 2281 kthread_stop(bus->dpc_tsk); 2282 bus->dpc_tsk = NULL; 2283 } 2284 2285 down(&bus->sdsem); 2286 2287 bus_wake(bus); 2288 2289 /* Enable clock for device interrupts */ 2290 brcmf_sdbrcm_clkctl(bus, CLK_AVAIL, false); 2291 2292 /* Disable and clear interrupts at the chip level also */ 2293 w_sdreg32(bus, 0, offsetof(struct sdpcmd_regs, hostintmask), &retries); 2294 local_hostintmask = bus->hostintmask; 2295 bus->hostintmask = 0; 2296 2297 /* Change our idea of bus state */ 2298 bus->sdiodev->bus_if->state = BRCMF_BUS_DOWN; 2299 2300 /* Force clocks on backplane to be sure F2 interrupt propagates */ 2301 saveclk = brcmf_sdio_regrb(bus->sdiodev, 2302 SBSDIO_FUNC1_CHIPCLKCSR, &err); 2303 if (!err) { 2304 brcmf_sdio_regwb(bus->sdiodev, SBSDIO_FUNC1_CHIPCLKCSR, 2305 (saveclk | SBSDIO_FORCE_HT), &err); 2306 } 2307 if (err) 2308 brcmf_dbg(ERROR, "Failed to force clock for F2: err %d\n", err); 2309 2310 /* Turn off the bus (F2), free any pending packets */ 2311 brcmf_dbg(INTR, "disable SDIO interrupts\n"); 2312 brcmf_sdio_regwb(bus->sdiodev, SDIO_CCCR_IOEx, SDIO_FUNC_ENABLE_1, 2313 NULL); 2314 2315 /* Clear any pending interrupts now that F2 is disabled */ 2316 w_sdreg32(bus, local_hostintmask, 2317 offsetof(struct sdpcmd_regs, intstatus), &retries); 2318 2319 /* Turn off the backplane clock (only) */ 2320 brcmf_sdbrcm_clkctl(bus, CLK_SDONLY, false); 2321 2322 /* Clear the data packet queues */ 2323 brcmu_pktq_flush(&bus->txq, true, NULL, NULL); 2324 2325 /* Clear any held glomming stuff */ 2326 if (bus->glomd) 2327 brcmu_pkt_buf_free_skb(bus->glomd); 2328 brcmf_sdbrcm_free_glom(bus); 2329 2330 /* Clear rx control and wake any waiters */ 2331 bus->rxlen = 0; 2332 brcmf_sdbrcm_dcmd_resp_wake(bus); 2333 2334 /* Reset some F2 state stuff */ 2335 bus->rxskip = false; 2336 bus->tx_seq = bus->rx_seq = 0; 2337 2338 up(&bus->sdsem); 2339} 2340 2341#ifdef CONFIG_BRCMFMAC_SDIO_OOB 2342static inline void brcmf_sdbrcm_clrintr(struct brcmf_sdio *bus) 2343{ 2344 unsigned long flags; 2345 2346 spin_lock_irqsave(&bus->sdiodev->irq_en_lock, flags); 2347 if (!bus->sdiodev->irq_en && !bus->ipend) { 2348 enable_irq(bus->sdiodev->irq); 2349 bus->sdiodev->irq_en = true; 2350 } 2351 spin_unlock_irqrestore(&bus->sdiodev->irq_en_lock, flags); 2352} 2353#else 2354static inline void brcmf_sdbrcm_clrintr(struct brcmf_sdio *bus) 2355{ 2356} 2357#endif /* CONFIG_BRCMFMAC_SDIO_OOB */ 2358 2359static bool brcmf_sdbrcm_dpc(struct brcmf_sdio *bus) 2360{ 2361 u32 intstatus, newstatus = 0; 2362 uint retries = 0; 2363 uint rxlimit = bus->rxbound; /* Rx frames to read before resched */ 2364 uint txlimit = bus->txbound; /* Tx frames to send before resched */ 2365 uint framecnt = 0; /* Temporary counter of tx/rx frames */ 2366 bool rxdone = true; /* Flag for no more read data */ 2367 bool resched = false; /* Flag indicating resched wanted */ 2368 2369 brcmf_dbg(TRACE, "Enter\n"); 2370 2371 /* Start with leftover status bits */ 2372 intstatus = bus->intstatus; 2373 2374 down(&bus->sdsem); 2375 2376 /* If waiting for HTAVAIL, check status */ 2377 if (bus->clkstate == CLK_PENDING) { 2378 int err; 2379 u8 clkctl, devctl = 0; 2380 2381#ifdef DEBUG 2382 /* Check for inconsistent device control */ 2383 devctl = brcmf_sdio_regrb(bus->sdiodev, 2384 SBSDIO_DEVICE_CTL, &err); 2385 if (err) { 2386 brcmf_dbg(ERROR, "error reading DEVCTL: %d\n", err); 2387 bus->sdiodev->bus_if->state = BRCMF_BUS_DOWN; 2388 } 2389#endif /* DEBUG */ 2390 2391 /* Read CSR, if clock on switch to AVAIL, else ignore */ 2392 clkctl = brcmf_sdio_regrb(bus->sdiodev, 2393 SBSDIO_FUNC1_CHIPCLKCSR, &err); 2394 if (err) { 2395 brcmf_dbg(ERROR, "error reading CSR: %d\n", 2396 err); 2397 bus->sdiodev->bus_if->state = BRCMF_BUS_DOWN; 2398 } 2399 2400 brcmf_dbg(INFO, "DPC: PENDING, devctl 0x%02x clkctl 0x%02x\n", 2401 devctl, clkctl); 2402 2403 if (SBSDIO_HTAV(clkctl)) { 2404 devctl = brcmf_sdio_regrb(bus->sdiodev, 2405 SBSDIO_DEVICE_CTL, &err); 2406 if (err) { 2407 brcmf_dbg(ERROR, "error reading DEVCTL: %d\n", 2408 err); 2409 bus->sdiodev->bus_if->state = BRCMF_BUS_DOWN; 2410 } 2411 devctl &= ~SBSDIO_DEVCTL_CA_INT_ONLY; 2412 brcmf_sdio_regwb(bus->sdiodev, SBSDIO_DEVICE_CTL, 2413 devctl, &err); 2414 if (err) { 2415 brcmf_dbg(ERROR, "error writing DEVCTL: %d\n", 2416 err); 2417 bus->sdiodev->bus_if->state = BRCMF_BUS_DOWN; 2418 } 2419 bus->clkstate = CLK_AVAIL; 2420 } else { 2421 goto clkwait; 2422 } 2423 } 2424 2425 bus_wake(bus); 2426 2427 /* Make sure backplane clock is on */ 2428 brcmf_sdbrcm_clkctl(bus, CLK_AVAIL, true); 2429 if (bus->clkstate == CLK_PENDING) 2430 goto clkwait; 2431 2432 /* Pending interrupt indicates new device status */ 2433 if (bus->ipend) { 2434 bus->ipend = false; 2435 r_sdreg32(bus, &newstatus, 2436 offsetof(struct sdpcmd_regs, intstatus), &retries); 2437 bus->f1regdata++; 2438 if (brcmf_sdcard_regfail(bus->sdiodev)) 2439 newstatus = 0; 2440 newstatus &= bus->hostintmask; 2441 bus->fcstate = !!(newstatus & I_HMB_FC_STATE); 2442 if (newstatus) { 2443 w_sdreg32(bus, newstatus, 2444 offsetof(struct sdpcmd_regs, intstatus), 2445 &retries); 2446 bus->f1regdata++; 2447 } 2448 } 2449 2450 /* Merge new bits with previous */ 2451 intstatus |= newstatus; 2452 bus->intstatus = 0; 2453 2454 /* Handle flow-control change: read new state in case our ack 2455 * crossed another change interrupt. If change still set, assume 2456 * FC ON for safety, let next loop through do the debounce. 2457 */ 2458 if (intstatus & I_HMB_FC_CHANGE) { 2459 intstatus &= ~I_HMB_FC_CHANGE; 2460 w_sdreg32(bus, I_HMB_FC_CHANGE, 2461 offsetof(struct sdpcmd_regs, intstatus), &retries); 2462 2463 r_sdreg32(bus, &newstatus, 2464 offsetof(struct sdpcmd_regs, intstatus), &retries); 2465 bus->f1regdata += 2; 2466 bus->fcstate = 2467 !!(newstatus & (I_HMB_FC_STATE | I_HMB_FC_CHANGE)); 2468 intstatus |= (newstatus & bus->hostintmask); 2469 } 2470 2471 /* Handle host mailbox indication */ 2472 if (intstatus & I_HMB_HOST_INT) { 2473 intstatus &= ~I_HMB_HOST_INT; 2474 intstatus |= brcmf_sdbrcm_hostmail(bus); 2475 } 2476 2477 /* Generally don't ask for these, can get CRC errors... */ 2478 if (intstatus & I_WR_OOSYNC) { 2479 brcmf_dbg(ERROR, "Dongle reports WR_OOSYNC\n"); 2480 intstatus &= ~I_WR_OOSYNC; 2481 } 2482 2483 if (intstatus & I_RD_OOSYNC) { 2484 brcmf_dbg(ERROR, "Dongle reports RD_OOSYNC\n"); 2485 intstatus &= ~I_RD_OOSYNC; 2486 } 2487 2488 if (intstatus & I_SBINT) { 2489 brcmf_dbg(ERROR, "Dongle reports SBINT\n"); 2490 intstatus &= ~I_SBINT; 2491 } 2492 2493 /* Would be active due to wake-wlan in gSPI */ 2494 if (intstatus & I_CHIPACTIVE) { 2495 brcmf_dbg(INFO, "Dongle reports CHIPACTIVE\n"); 2496 intstatus &= ~I_CHIPACTIVE; 2497 } 2498 2499 /* Ignore frame indications if rxskip is set */ 2500 if (bus->rxskip) 2501 intstatus &= ~I_HMB_FRAME_IND; 2502 2503 /* On frame indication, read available frames */ 2504 if (PKT_AVAILABLE()) { 2505 framecnt = brcmf_sdbrcm_readframes(bus, rxlimit, &rxdone); 2506 if (rxdone || bus->rxskip) 2507 intstatus &= ~I_HMB_FRAME_IND; 2508 rxlimit -= min(framecnt, rxlimit); 2509 } 2510 2511 /* Keep still-pending events for next scheduling */ 2512 bus->intstatus = intstatus; 2513 2514clkwait: 2515 brcmf_sdbrcm_clrintr(bus); 2516 2517 if (data_ok(bus) && bus->ctrl_frame_stat && 2518 (bus->clkstate == CLK_AVAIL)) { 2519 int ret, i; 2520 2521 ret = brcmf_sdcard_send_buf(bus->sdiodev, bus->sdiodev->sbwad, 2522 SDIO_FUNC_2, F2SYNC, (u8 *) bus->ctrl_frame_buf, 2523 (u32) bus->ctrl_frame_len); 2524 2525 if (ret < 0) { 2526 /* On failure, abort the command and 2527 terminate the frame */ 2528 brcmf_dbg(INFO, "sdio error %d, abort command and terminate frame\n", 2529 ret); 2530 bus->tx_sderrs++; 2531 2532 brcmf_sdcard_abort(bus->sdiodev, SDIO_FUNC_2); 2533 2534 brcmf_sdio_regwb(bus->sdiodev, SBSDIO_FUNC1_FRAMECTRL, 2535 SFC_WF_TERM, NULL); 2536 bus->f1regdata++; 2537 2538 for (i = 0; i < 3; i++) { 2539 u8 hi, lo; 2540 hi = brcmf_sdio_regrb(bus->sdiodev, 2541 SBSDIO_FUNC1_WFRAMEBCHI, 2542 NULL); 2543 lo = brcmf_sdio_regrb(bus->sdiodev, 2544 SBSDIO_FUNC1_WFRAMEBCLO, 2545 NULL); 2546 bus->f1regdata += 2; 2547 if ((hi == 0) && (lo == 0)) 2548 break; 2549 } 2550 2551 } 2552 if (ret == 0) 2553 bus->tx_seq = (bus->tx_seq + 1) % SDPCM_SEQUENCE_WRAP; 2554 2555 brcmf_dbg(INFO, "Return_dpc value is : %d\n", ret); 2556 bus->ctrl_frame_stat = false; 2557 brcmf_sdbrcm_wait_event_wakeup(bus); 2558 } 2559 /* Send queued frames (limit 1 if rx may still be pending) */ 2560 else if ((bus->clkstate == CLK_AVAIL) && !bus->fcstate && 2561 brcmu_pktq_mlen(&bus->txq, ~bus->flowcontrol) && txlimit 2562 && data_ok(bus)) { 2563 framecnt = rxdone ? txlimit : min(txlimit, bus->txminmax); 2564 framecnt = brcmf_sdbrcm_sendfromq(bus, framecnt); 2565 txlimit -= framecnt; 2566 } 2567 2568 /* Resched if events or tx frames are pending, 2569 else await next interrupt */ 2570 /* On failed register access, all bets are off: 2571 no resched or interrupts */ 2572 if ((bus->sdiodev->bus_if->state == BRCMF_BUS_DOWN) || 2573 brcmf_sdcard_regfail(bus->sdiodev)) { 2574 brcmf_dbg(ERROR, "failed backplane access over SDIO, halting operation %d\n", 2575 brcmf_sdcard_regfail(bus->sdiodev)); 2576 bus->sdiodev->bus_if->state = BRCMF_BUS_DOWN; 2577 bus->intstatus = 0; 2578 } else if (bus->clkstate == CLK_PENDING) { 2579 brcmf_dbg(INFO, "rescheduled due to CLK_PENDING awaiting I_CHIPACTIVE interrupt\n"); 2580 resched = true; 2581 } else if (bus->intstatus || bus->ipend || 2582 (!bus->fcstate && brcmu_pktq_mlen(&bus->txq, ~bus->flowcontrol) 2583 && data_ok(bus)) || PKT_AVAILABLE()) { 2584 resched = true; 2585 } 2586 2587 bus->dpc_sched = resched; 2588 2589 /* If we're done for now, turn off clock request. */ 2590 if ((bus->clkstate != CLK_PENDING) 2591 && bus->idletime == BRCMF_IDLE_IMMEDIATE) { 2592 bus->activity = false; 2593 brcmf_sdbrcm_clkctl(bus, CLK_NONE, false); 2594 } 2595 2596 up(&bus->sdsem); 2597 2598 return resched; 2599} 2600 2601static inline void brcmf_sdbrcm_adddpctsk(struct brcmf_sdio *bus) 2602{ 2603 struct list_head *new_hd; 2604 unsigned long flags; 2605 2606 if (in_interrupt()) 2607 new_hd = kzalloc(sizeof(struct list_head), GFP_ATOMIC); 2608 else 2609 new_hd = kzalloc(sizeof(struct list_head), GFP_KERNEL); 2610 if (new_hd == NULL) 2611 return; 2612 2613 spin_lock_irqsave(&bus->dpc_tl_lock, flags); 2614 list_add_tail(new_hd, &bus->dpc_tsklst); 2615 spin_unlock_irqrestore(&bus->dpc_tl_lock, flags); 2616} 2617 2618static int brcmf_sdbrcm_dpc_thread(void *data) 2619{ 2620 struct brcmf_sdio *bus = (struct brcmf_sdio *) data; 2621 struct list_head *cur_hd, *tmp_hd; 2622 unsigned long flags; 2623 2624 allow_signal(SIGTERM); 2625 /* Run until signal received */ 2626 while (1) { 2627 if (kthread_should_stop()) 2628 break; 2629 2630 if (list_empty(&bus->dpc_tsklst)) 2631 if (wait_for_completion_interruptible(&bus->dpc_wait)) 2632 break; 2633 2634 spin_lock_irqsave(&bus->dpc_tl_lock, flags); 2635 list_for_each_safe(cur_hd, tmp_hd, &bus->dpc_tsklst) { 2636 spin_unlock_irqrestore(&bus->dpc_tl_lock, flags); 2637 2638 if (bus->sdiodev->bus_if->state == BRCMF_BUS_DOWN) { 2639 /* after stopping the bus, exit thread */ 2640 brcmf_sdbrcm_bus_stop(bus->sdiodev->dev); 2641 bus->dpc_tsk = NULL; 2642 spin_lock_irqsave(&bus->dpc_tl_lock, flags); 2643 break; 2644 } 2645 2646 if (brcmf_sdbrcm_dpc(bus)) 2647 brcmf_sdbrcm_adddpctsk(bus); 2648 2649 spin_lock_irqsave(&bus->dpc_tl_lock, flags); 2650 list_del(cur_hd); 2651 kfree(cur_hd); 2652 } 2653 spin_unlock_irqrestore(&bus->dpc_tl_lock, flags); 2654 } 2655 return 0; 2656} 2657 2658static int brcmf_sdbrcm_bus_txdata(struct device *dev, struct sk_buff *pkt) 2659{ 2660 int ret = -EBADE; 2661 uint datalen, prec; 2662 struct brcmf_bus *bus_if = dev_get_drvdata(dev); 2663 struct brcmf_sdio_dev *sdiodev = bus_if->bus_priv.sdio; 2664 struct brcmf_sdio *bus = sdiodev->bus; 2665 2666 brcmf_dbg(TRACE, "Enter\n"); 2667 2668 datalen = pkt->len; 2669 2670 /* Add space for the header */ 2671 skb_push(pkt, SDPCM_HDRLEN); 2672 /* precondition: IS_ALIGNED((unsigned long)(pkt->data), 2) */ 2673 2674 prec = prio2prec((pkt->priority & PRIOMASK)); 2675 2676 /* Check for existing queue, current flow-control, 2677 pending event, or pending clock */ 2678 brcmf_dbg(TRACE, "deferring pktq len %d\n", pktq_len(&bus->txq)); 2679 bus->fcqueued++; 2680 2681 /* Priority based enq */ 2682 spin_lock_bh(&bus->txqlock); 2683 if (!brcmf_c_prec_enq(bus->sdiodev->dev, &bus->txq, pkt, prec)) { 2684 skb_pull(pkt, SDPCM_HDRLEN); 2685 brcmf_txcomplete(bus->sdiodev->dev, pkt, false); 2686 brcmu_pkt_buf_free_skb(pkt); 2687 brcmf_dbg(ERROR, "out of bus->txq !!!\n"); 2688 ret = -ENOSR; 2689 } else { 2690 ret = 0; 2691 } 2692 spin_unlock_bh(&bus->txqlock); 2693 2694 if (pktq_len(&bus->txq) >= TXHI) { 2695 bus->txoff = ON; 2696 brcmf_txflowcontrol(bus->sdiodev->dev, 0, ON); 2697 } 2698 2699#ifdef DEBUG 2700 if (pktq_plen(&bus->txq, prec) > qcount[prec]) 2701 qcount[prec] = pktq_plen(&bus->txq, prec); 2702#endif 2703 /* Schedule DPC if needed to send queued packet(s) */ 2704 if (!bus->dpc_sched) { 2705 bus->dpc_sched = true; 2706 if (bus->dpc_tsk) { 2707 brcmf_sdbrcm_adddpctsk(bus); 2708 complete(&bus->dpc_wait); 2709 } 2710 } 2711 2712 return ret; 2713} 2714 2715static int 2716brcmf_sdbrcm_membytes(struct brcmf_sdio *bus, bool write, u32 address, u8 *data, 2717 uint size) 2718{ 2719 int bcmerror = 0; 2720 u32 sdaddr; 2721 uint dsize; 2722 2723 /* Determine initial transfer parameters */ 2724 sdaddr = address & SBSDIO_SB_OFT_ADDR_MASK; 2725 if ((sdaddr + size) & SBSDIO_SBWINDOW_MASK) 2726 dsize = (SBSDIO_SB_OFT_ADDR_LIMIT - sdaddr); 2727 else 2728 dsize = size; 2729 2730 /* Set the backplane window to include the start address */ 2731 bcmerror = brcmf_sdcard_set_sbaddr_window(bus->sdiodev, address); 2732 if (bcmerror) { 2733 brcmf_dbg(ERROR, "window change failed\n"); 2734 goto xfer_done; 2735 } 2736 2737 /* Do the transfer(s) */ 2738 while (size) { 2739 brcmf_dbg(INFO, "%s %d bytes at offset 0x%08x in window 0x%08x\n", 2740 write ? "write" : "read", dsize, 2741 sdaddr, address & SBSDIO_SBWINDOW_MASK); 2742 bcmerror = brcmf_sdcard_rwdata(bus->sdiodev, write, 2743 sdaddr, data, dsize); 2744 if (bcmerror) { 2745 brcmf_dbg(ERROR, "membytes transfer failed\n"); 2746 break; 2747 } 2748 2749 /* Adjust for next transfer (if any) */ 2750 size -= dsize; 2751 if (size) { 2752 data += dsize; 2753 address += dsize; 2754 bcmerror = brcmf_sdcard_set_sbaddr_window(bus->sdiodev, 2755 address); 2756 if (bcmerror) { 2757 brcmf_dbg(ERROR, "window change failed\n"); 2758 break; 2759 } 2760 sdaddr = 0; 2761 dsize = min_t(uint, SBSDIO_SB_OFT_ADDR_LIMIT, size); 2762 } 2763 } 2764 2765xfer_done: 2766 /* Return the window to backplane enumeration space for core access */ 2767 if (brcmf_sdcard_set_sbaddr_window(bus->sdiodev, bus->sdiodev->sbwad)) 2768 brcmf_dbg(ERROR, "FAILED to set window back to 0x%x\n", 2769 bus->sdiodev->sbwad); 2770 2771 return bcmerror; 2772} 2773 2774#ifdef DEBUG 2775#define CONSOLE_LINE_MAX 192 2776 2777static int brcmf_sdbrcm_readconsole(struct brcmf_sdio *bus) 2778{ 2779 struct brcmf_console *c = &bus->console; 2780 u8 line[CONSOLE_LINE_MAX], ch; 2781 u32 n, idx, addr; 2782 int rv; 2783 2784 /* Don't do anything until FWREADY updates console address */ 2785 if (bus->console_addr == 0) 2786 return 0; 2787 2788 /* Read console log struct */ 2789 addr = bus->console_addr + offsetof(struct rte_console, log_le); 2790 rv = brcmf_sdbrcm_membytes(bus, false, addr, (u8 *)&c->log_le, 2791 sizeof(c->log_le)); 2792 if (rv < 0) 2793 return rv; 2794 2795 /* Allocate console buffer (one time only) */ 2796 if (c->buf == NULL) { 2797 c->bufsize = le32_to_cpu(c->log_le.buf_size); 2798 c->buf = kmalloc(c->bufsize, GFP_ATOMIC); 2799 if (c->buf == NULL) 2800 return -ENOMEM; 2801 } 2802 2803 idx = le32_to_cpu(c->log_le.idx); 2804 2805 /* Protect against corrupt value */ 2806 if (idx > c->bufsize) 2807 return -EBADE; 2808 2809 /* Skip reading the console buffer if the index pointer 2810 has not moved */ 2811 if (idx == c->last) 2812 return 0; 2813 2814 /* Read the console buffer */ 2815 addr = le32_to_cpu(c->log_le.buf); 2816 rv = brcmf_sdbrcm_membytes(bus, false, addr, c->buf, c->bufsize); 2817 if (rv < 0) 2818 return rv; 2819 2820 while (c->last != idx) { 2821 for (n = 0; n < CONSOLE_LINE_MAX - 2; n++) { 2822 if (c->last == idx) { 2823 /* This would output a partial line. 2824 * Instead, back up 2825 * the buffer pointer and output this 2826 * line next time around. 2827 */ 2828 if (c->last >= n) 2829 c->last -= n; 2830 else 2831 c->last = c->bufsize - n; 2832 goto break2; 2833 } 2834 ch = c->buf[c->last]; 2835 c->last = (c->last + 1) % c->bufsize; 2836 if (ch == '\n') 2837 break; 2838 line[n] = ch; 2839 } 2840 2841 if (n > 0) { 2842 if (line[n - 1] == '\r') 2843 n--; 2844 line[n] = 0; 2845 pr_debug("CONSOLE: %s\n", line); 2846 } 2847 } 2848break2: 2849 2850 return 0; 2851} 2852#endif /* DEBUG */ 2853 2854static int brcmf_tx_frame(struct brcmf_sdio *bus, u8 *frame, u16 len) 2855{ 2856 int i; 2857 int ret; 2858 2859 bus->ctrl_frame_stat = false; 2860 ret = brcmf_sdcard_send_buf(bus->sdiodev, bus->sdiodev->sbwad, 2861 SDIO_FUNC_2, F2SYNC, frame, len); 2862 2863 if (ret < 0) { 2864 /* On failure, abort the command and terminate the frame */ 2865 brcmf_dbg(INFO, "sdio error %d, abort command and terminate frame\n", 2866 ret); 2867 bus->tx_sderrs++; 2868 2869 brcmf_sdcard_abort(bus->sdiodev, SDIO_FUNC_2); 2870 2871 brcmf_sdio_regwb(bus->sdiodev, SBSDIO_FUNC1_FRAMECTRL, 2872 SFC_WF_TERM, NULL); 2873 bus->f1regdata++; 2874 2875 for (i = 0; i < 3; i++) { 2876 u8 hi, lo; 2877 hi = brcmf_sdio_regrb(bus->sdiodev, 2878 SBSDIO_FUNC1_WFRAMEBCHI, NULL); 2879 lo = brcmf_sdio_regrb(bus->sdiodev, 2880 SBSDIO_FUNC1_WFRAMEBCLO, NULL); 2881 bus->f1regdata += 2; 2882 if (hi == 0 && lo == 0) 2883 break; 2884 } 2885 return ret; 2886 } 2887 2888 bus->tx_seq = (bus->tx_seq + 1) % SDPCM_SEQUENCE_WRAP; 2889 2890 return ret; 2891} 2892 2893static int 2894brcmf_sdbrcm_bus_txctl(struct device *dev, unsigned char *msg, uint msglen) 2895{ 2896 u8 *frame; 2897 u16 len; 2898 u32 swheader; 2899 uint retries = 0; 2900 u8 doff = 0; 2901 int ret = -1; 2902 struct brcmf_bus *bus_if = dev_get_drvdata(dev); 2903 struct brcmf_sdio_dev *sdiodev = bus_if->bus_priv.sdio; 2904 struct brcmf_sdio *bus = sdiodev->bus; 2905 2906 brcmf_dbg(TRACE, "Enter\n"); 2907 2908 /* Back the pointer to make a room for bus header */ 2909 frame = msg - SDPCM_HDRLEN; 2910 len = (msglen += SDPCM_HDRLEN); 2911 2912 /* Add alignment padding (optional for ctl frames) */ 2913 doff = ((unsigned long)frame % BRCMF_SDALIGN); 2914 if (doff) { 2915 frame -= doff; 2916 len += doff; 2917 msglen += doff; 2918 memset(frame, 0, doff + SDPCM_HDRLEN); 2919 } 2920 /* precondition: doff < BRCMF_SDALIGN */ 2921 doff += SDPCM_HDRLEN; 2922 2923 /* Round send length to next SDIO block */ 2924 if (bus->roundup && bus->blocksize && (len > bus->blocksize)) { 2925 u16 pad = bus->blocksize - (len % bus->blocksize); 2926 if ((pad <= bus->roundup) && (pad < bus->blocksize)) 2927 len += pad; 2928 } else if (len % BRCMF_SDALIGN) { 2929 len += BRCMF_SDALIGN - (len % BRCMF_SDALIGN); 2930 } 2931 2932 /* Satisfy length-alignment requirements */ 2933 if (len & (ALIGNMENT - 1)) 2934 len = roundup(len, ALIGNMENT); 2935 2936 /* precondition: IS_ALIGNED((unsigned long)frame, 2) */ 2937 2938 /* Need to lock here to protect txseq and SDIO tx calls */ 2939 down(&bus->sdsem); 2940 2941 bus_wake(bus); 2942 2943 /* Make sure backplane clock is on */ 2944 brcmf_sdbrcm_clkctl(bus, CLK_AVAIL, false); 2945 2946 /* Hardware tag: 2 byte len followed by 2 byte ~len check (all LE) */ 2947 *(__le16 *) frame = cpu_to_le16((u16) msglen); 2948 *(((__le16 *) frame) + 1) = cpu_to_le16(~msglen); 2949 2950 /* Software tag: channel, sequence number, data offset */ 2951 swheader = 2952 ((SDPCM_CONTROL_CHANNEL << SDPCM_CHANNEL_SHIFT) & 2953 SDPCM_CHANNEL_MASK) 2954 | bus->tx_seq | ((doff << SDPCM_DOFFSET_SHIFT) & 2955 SDPCM_DOFFSET_MASK); 2956 put_unaligned_le32(swheader, frame + SDPCM_FRAMETAG_LEN); 2957 put_unaligned_le32(0, frame + SDPCM_FRAMETAG_LEN + sizeof(swheader)); 2958 2959 if (!data_ok(bus)) { 2960 brcmf_dbg(INFO, "No bus credit bus->tx_max %d, bus->tx_seq %d\n", 2961 bus->tx_max, bus->tx_seq); 2962 bus->ctrl_frame_stat = true; 2963 /* Send from dpc */ 2964 bus->ctrl_frame_buf = frame; 2965 bus->ctrl_frame_len = len; 2966 2967 brcmf_sdbrcm_wait_for_event(bus, &bus->ctrl_frame_stat); 2968 2969 if (!bus->ctrl_frame_stat) { 2970 brcmf_dbg(INFO, "ctrl_frame_stat == false\n"); 2971 ret = 0; 2972 } else { 2973 brcmf_dbg(INFO, "ctrl_frame_stat == true\n"); 2974 ret = -1; 2975 } 2976 } 2977 2978 if (ret == -1) { 2979 brcmf_dbg_hex_dump(BRCMF_BYTES_ON() && BRCMF_CTL_ON(), 2980 frame, len, "Tx Frame:\n"); 2981 brcmf_dbg_hex_dump(!(BRCMF_BYTES_ON() && BRCMF_CTL_ON()) && 2982 BRCMF_HDRS_ON(), 2983 frame, min_t(u16, len, 16), "TxHdr:\n"); 2984 2985 do { 2986 ret = brcmf_tx_frame(bus, frame, len); 2987 } while (ret < 0 && retries++ < TXRETRIES); 2988 } 2989 2990 if ((bus->idletime == BRCMF_IDLE_IMMEDIATE) && !bus->dpc_sched) { 2991 bus->activity = false; 2992 brcmf_sdbrcm_clkctl(bus, CLK_NONE, true); 2993 } 2994 2995 up(&bus->sdsem); 2996 2997 if (ret) 2998 bus->tx_ctlerrs++; 2999 else 3000 bus->tx_ctlpkts++; 3001 3002 return ret ? -EIO : 0; 3003} 3004 3005static int 3006brcmf_sdbrcm_bus_rxctl(struct device *dev, unsigned char *msg, uint msglen) 3007{ 3008 int timeleft; 3009 uint rxlen = 0; 3010 bool pending; 3011 struct brcmf_bus *bus_if = dev_get_drvdata(dev); 3012 struct brcmf_sdio_dev *sdiodev = bus_if->bus_priv.sdio; 3013 struct brcmf_sdio *bus = sdiodev->bus; 3014 3015 brcmf_dbg(TRACE, "Enter\n"); 3016 3017 /* Wait until control frame is available */ 3018 timeleft = brcmf_sdbrcm_dcmd_resp_wait(bus, &bus->rxlen, &pending); 3019 3020 down(&bus->sdsem); 3021 rxlen = bus->rxlen; 3022 memcpy(msg, bus->rxctl, min(msglen, rxlen)); 3023 bus->rxlen = 0; 3024 up(&bus->sdsem); 3025 3026 if (rxlen) { 3027 brcmf_dbg(CTL, "resumed on rxctl frame, got %d expected %d\n", 3028 rxlen, msglen); 3029 } else if (timeleft == 0) { 3030 brcmf_dbg(ERROR, "resumed on timeout\n"); 3031 } else if (pending) { 3032 brcmf_dbg(CTL, "cancelled\n"); 3033 return -ERESTARTSYS; 3034 } else { 3035 brcmf_dbg(CTL, "resumed for unknown reason?\n"); 3036 } 3037 3038 if (rxlen) 3039 bus->rx_ctlpkts++; 3040 else 3041 bus->rx_ctlerrs++; 3042 3043 return rxlen ? (int)rxlen : -ETIMEDOUT; 3044} 3045 3046static int brcmf_sdbrcm_downloadvars(struct brcmf_sdio *bus, void *arg, int len) 3047{ 3048 int bcmerror = 0; 3049 3050 brcmf_dbg(TRACE, "Enter\n"); 3051 3052 /* Basic sanity checks */ 3053 if (bus->sdiodev->bus_if->drvr_up) { 3054 bcmerror = -EISCONN; 3055 goto err; 3056 } 3057 if (!len) { 3058 bcmerror = -EOVERFLOW; 3059 goto err; 3060 } 3061 3062 /* Free the old ones and replace with passed variables */ 3063 kfree(bus->vars); 3064 3065 bus->vars = kmalloc(len, GFP_ATOMIC); 3066 bus->varsz = bus->vars ? len : 0; 3067 if (bus->vars == NULL) { 3068 bcmerror = -ENOMEM; 3069 goto err; 3070 } 3071 3072 /* Copy the passed variables, which should include the 3073 terminating double-null */ 3074 memcpy(bus->vars, arg, bus->varsz); 3075err: 3076 return bcmerror; 3077} 3078 3079static int brcmf_sdbrcm_write_vars(struct brcmf_sdio *bus) 3080{ 3081 int bcmerror = 0; 3082 u32 varsize; 3083 u32 varaddr; 3084 u8 *vbuffer; 3085 u32 varsizew; 3086 __le32 varsizew_le; 3087#ifdef DEBUG 3088 char *nvram_ularray; 3089#endif /* DEBUG */ 3090 3091 /* Even if there are no vars are to be written, we still 3092 need to set the ramsize. */ 3093 varsize = bus->varsz ? roundup(bus->varsz, 4) : 0; 3094 varaddr = (bus->ramsize - 4) - varsize; 3095 3096 if (bus->vars) { 3097 vbuffer = kzalloc(varsize, GFP_ATOMIC); 3098 if (!vbuffer) 3099 return -ENOMEM; 3100 3101 memcpy(vbuffer, bus->vars, bus->varsz); 3102 3103 /* Write the vars list */ 3104 bcmerror = 3105 brcmf_sdbrcm_membytes(bus, true, varaddr, vbuffer, varsize); 3106#ifdef DEBUG 3107 /* Verify NVRAM bytes */ 3108 brcmf_dbg(INFO, "Compare NVRAM dl & ul; varsize=%d\n", varsize); 3109 nvram_ularray = kmalloc(varsize, GFP_ATOMIC); 3110 if (!nvram_ularray) { 3111 kfree(vbuffer); 3112 return -ENOMEM; 3113 } 3114 3115 /* Upload image to verify downloaded contents. */ 3116 memset(nvram_ularray, 0xaa, varsize); 3117 3118 /* Read the vars list to temp buffer for comparison */ 3119 bcmerror = 3120 brcmf_sdbrcm_membytes(bus, false, varaddr, nvram_ularray, 3121 varsize); 3122 if (bcmerror) { 3123 brcmf_dbg(ERROR, "error %d on reading %d nvram bytes at 0x%08x\n", 3124 bcmerror, varsize, varaddr); 3125 } 3126 /* Compare the org NVRAM with the one read from RAM */ 3127 if (memcmp(vbuffer, nvram_ularray, varsize)) 3128 brcmf_dbg(ERROR, "Downloaded NVRAM image is corrupted\n"); 3129 else 3130 brcmf_dbg(ERROR, "Download/Upload/Compare of NVRAM ok\n"); 3131 3132 kfree(nvram_ularray); 3133#endif /* DEBUG */ 3134 3135 kfree(vbuffer); 3136 } 3137 3138 /* adjust to the user specified RAM */ 3139 brcmf_dbg(INFO, "Physical memory size: %d\n", bus->ramsize); 3140 brcmf_dbg(INFO, "Vars are at %d, orig varsize is %d\n", 3141 varaddr, varsize); 3142 varsize = ((bus->ramsize - 4) - varaddr); 3143 3144 /* 3145 * Determine the length token: 3146 * Varsize, converted to words, in lower 16-bits, checksum 3147 * in upper 16-bits. 3148 */ 3149 if (bcmerror) { 3150 varsizew = 0; 3151 varsizew_le = cpu_to_le32(0); 3152 } else { 3153 varsizew = varsize / 4; 3154 varsizew = (~varsizew << 16) | (varsizew & 0x0000FFFF); 3155 varsizew_le = cpu_to_le32(varsizew); 3156 } 3157 3158 brcmf_dbg(INFO, "New varsize is %d, length token=0x%08x\n", 3159 varsize, varsizew); 3160 3161 /* Write the length token to the last word */ 3162 bcmerror = brcmf_sdbrcm_membytes(bus, true, (bus->ramsize - 4), 3163 (u8 *)&varsizew_le, 4); 3164 3165 return bcmerror; 3166} 3167 3168static int brcmf_sdbrcm_download_state(struct brcmf_sdio *bus, bool enter) 3169{ 3170 uint retries; 3171 int bcmerror = 0; 3172 struct chip_info *ci = bus->ci; 3173 3174 /* To enter download state, disable ARM and reset SOCRAM. 3175 * To exit download state, simply reset ARM (default is RAM boot). 3176 */ 3177 if (enter) { 3178 bus->alp_only = true; 3179 3180 ci->coredisable(bus->sdiodev, ci, BCMA_CORE_ARM_CM3); 3181 3182 ci->resetcore(bus->sdiodev, ci, BCMA_CORE_INTERNAL_MEM); 3183 3184 /* Clear the top bit of memory */ 3185 if (bus->ramsize) { 3186 u32 zeros = 0; 3187 brcmf_sdbrcm_membytes(bus, true, bus->ramsize - 4, 3188 (u8 *)&zeros, 4); 3189 } 3190 } else { 3191 if (!ci->iscoreup(bus->sdiodev, ci, BCMA_CORE_INTERNAL_MEM)) { 3192 brcmf_dbg(ERROR, "SOCRAM core is down after reset?\n"); 3193 bcmerror = -EBADE; 3194 goto fail; 3195 } 3196 3197 bcmerror = brcmf_sdbrcm_write_vars(bus); 3198 if (bcmerror) { 3199 brcmf_dbg(ERROR, "no vars written to RAM\n"); 3200 bcmerror = 0; 3201 } 3202 3203 w_sdreg32(bus, 0xFFFFFFFF, 3204 offsetof(struct sdpcmd_regs, intstatus), &retries); 3205 3206 ci->resetcore(bus->sdiodev, ci, BCMA_CORE_ARM_CM3); 3207 3208 /* Allow HT Clock now that the ARM is running. */ 3209 bus->alp_only = false; 3210 3211 bus->sdiodev->bus_if->state = BRCMF_BUS_LOAD; 3212 } 3213fail: 3214 return bcmerror; 3215} 3216 3217static int brcmf_sdbrcm_get_image(char *buf, int len, struct brcmf_sdio *bus) 3218{ 3219 if (bus->firmware->size < bus->fw_ptr + len) 3220 len = bus->firmware->size - bus->fw_ptr; 3221 3222 memcpy(buf, &bus->firmware->data[bus->fw_ptr], len); 3223 bus->fw_ptr += len; 3224 return len; 3225} 3226 3227static int brcmf_sdbrcm_download_code_file(struct brcmf_sdio *bus) 3228{ 3229 int offset = 0; 3230 uint len; 3231 u8 *memblock = NULL, *memptr; 3232 int ret; 3233 3234 brcmf_dbg(INFO, "Enter\n"); 3235 3236 ret = request_firmware(&bus->firmware, BRCMF_SDIO_FW_NAME, 3237 &bus->sdiodev->func[2]->dev); 3238 if (ret) { 3239 brcmf_dbg(ERROR, "Fail to request firmware %d\n", ret); 3240 return ret; 3241 } 3242 bus->fw_ptr = 0; 3243 3244 memptr = memblock = kmalloc(MEMBLOCK + BRCMF_SDALIGN, GFP_ATOMIC); 3245 if (memblock == NULL) { 3246 ret = -ENOMEM; 3247 goto err; 3248 } 3249 if ((u32)(unsigned long)memblock % BRCMF_SDALIGN) 3250 memptr += (BRCMF_SDALIGN - 3251 ((u32)(unsigned long)memblock % BRCMF_SDALIGN)); 3252 3253 /* Download image */ 3254 while ((len = 3255 brcmf_sdbrcm_get_image((char *)memptr, MEMBLOCK, bus))) { 3256 ret = brcmf_sdbrcm_membytes(bus, true, offset, memptr, len); 3257 if (ret) { 3258 brcmf_dbg(ERROR, "error %d on writing %d membytes at 0x%08x\n", 3259 ret, MEMBLOCK, offset); 3260 goto err; 3261 } 3262 3263 offset += MEMBLOCK; 3264 } 3265 3266err: 3267 kfree(memblock); 3268 3269 release_firmware(bus->firmware); 3270 bus->fw_ptr = 0; 3271 3272 return ret; 3273} 3274 3275/* 3276 * ProcessVars:Takes a buffer of "<var>=<value>\n" lines read from a file 3277 * and ending in a NUL. 3278 * Removes carriage returns, empty lines, comment lines, and converts 3279 * newlines to NULs. 3280 * Shortens buffer as needed and pads with NULs. End of buffer is marked 3281 * by two NULs. 3282*/ 3283 3284static uint brcmf_process_nvram_vars(char *varbuf, uint len) 3285{ 3286 char *dp; 3287 bool findNewline; 3288 int column; 3289 uint buf_len, n; 3290 3291 dp = varbuf; 3292 3293 findNewline = false; 3294 column = 0; 3295 3296 for (n = 0; n < len; n++) { 3297 if (varbuf[n] == 0) 3298 break; 3299 if (varbuf[n] == '\r') 3300 continue; 3301 if (findNewline && varbuf[n] != '\n') 3302 continue; 3303 findNewline = false; 3304 if (varbuf[n] == '#') { 3305 findNewline = true; 3306 continue; 3307 } 3308 if (varbuf[n] == '\n') { 3309 if (column == 0) 3310 continue; 3311 *dp++ = 0; 3312 column = 0; 3313 continue; 3314 } 3315 *dp++ = varbuf[n]; 3316 column++; 3317 } 3318 buf_len = dp - varbuf; 3319 3320 while (dp < varbuf + n) 3321 *dp++ = 0; 3322 3323 return buf_len; 3324} 3325 3326static int brcmf_sdbrcm_download_nvram(struct brcmf_sdio *bus) 3327{ 3328 uint len; 3329 char *memblock = NULL; 3330 char *bufp; 3331 int ret; 3332 3333 ret = request_firmware(&bus->firmware, BRCMF_SDIO_NV_NAME, 3334 &bus->sdiodev->func[2]->dev); 3335 if (ret) { 3336 brcmf_dbg(ERROR, "Fail to request nvram %d\n", ret); 3337 return ret; 3338 } 3339 bus->fw_ptr = 0; 3340 3341 memblock = kmalloc(MEMBLOCK, GFP_ATOMIC); 3342 if (memblock == NULL) { 3343 ret = -ENOMEM; 3344 goto err; 3345 } 3346 3347 len = brcmf_sdbrcm_get_image(memblock, MEMBLOCK, bus); 3348 3349 if (len > 0 && len < MEMBLOCK) { 3350 bufp = (char *)memblock; 3351 bufp[len] = 0; 3352 len = brcmf_process_nvram_vars(bufp, len); 3353 bufp += len; 3354 *bufp++ = 0; 3355 if (len) 3356 ret = brcmf_sdbrcm_downloadvars(bus, memblock, len + 1); 3357 if (ret) 3358 brcmf_dbg(ERROR, "error downloading vars: %d\n", ret); 3359 } else { 3360 brcmf_dbg(ERROR, "error reading nvram file: %d\n", len); 3361 ret = -EIO; 3362 } 3363 3364err: 3365 kfree(memblock); 3366 3367 release_firmware(bus->firmware); 3368 bus->fw_ptr = 0; 3369 3370 return ret; 3371} 3372 3373static int _brcmf_sdbrcm_download_firmware(struct brcmf_sdio *bus) 3374{ 3375 int bcmerror = -1; 3376 3377 /* Keep arm in reset */ 3378 if (brcmf_sdbrcm_download_state(bus, true)) { 3379 brcmf_dbg(ERROR, "error placing ARM core in reset\n"); 3380 goto err; 3381 } 3382 3383 /* External image takes precedence if specified */ 3384 if (brcmf_sdbrcm_download_code_file(bus)) { 3385 brcmf_dbg(ERROR, "dongle image file download failed\n"); 3386 goto err; 3387 } 3388 3389 /* External nvram takes precedence if specified */ 3390 if (brcmf_sdbrcm_download_nvram(bus)) 3391 brcmf_dbg(ERROR, "dongle nvram file download failed\n"); 3392 3393 /* Take arm out of reset */ 3394 if (brcmf_sdbrcm_download_state(bus, false)) { 3395 brcmf_dbg(ERROR, "error getting out of ARM core reset\n"); 3396 goto err; 3397 } 3398 3399 bcmerror = 0; 3400 3401err: 3402 return bcmerror; 3403} 3404 3405static bool 3406brcmf_sdbrcm_download_firmware(struct brcmf_sdio *bus) 3407{ 3408 bool ret; 3409 3410 /* Download the firmware */ 3411 brcmf_sdbrcm_clkctl(bus, CLK_AVAIL, false); 3412 3413 ret = _brcmf_sdbrcm_download_firmware(bus) == 0; 3414 3415 brcmf_sdbrcm_clkctl(bus, CLK_SDONLY, false); 3416 3417 return ret; 3418} 3419 3420static int brcmf_sdbrcm_bus_init(struct device *dev) 3421{ 3422 struct brcmf_bus *bus_if = dev_get_drvdata(dev); 3423 struct brcmf_sdio_dev *sdiodev = bus_if->bus_priv.sdio; 3424 struct brcmf_sdio *bus = sdiodev->bus; 3425 unsigned long timeout; 3426 uint retries = 0; 3427 u8 ready, enable; 3428 int err, ret = 0; 3429 u8 saveclk; 3430 3431 brcmf_dbg(TRACE, "Enter\n"); 3432 3433 /* try to download image and nvram to the dongle */ 3434 if (bus_if->state == BRCMF_BUS_DOWN) { 3435 if (!(brcmf_sdbrcm_download_firmware(bus))) 3436 return -1; 3437 } 3438 3439 if (!bus->sdiodev->bus_if->drvr) 3440 return 0; 3441 3442 /* Start the watchdog timer */ 3443 bus->tickcnt = 0; 3444 brcmf_sdbrcm_wd_timer(bus, BRCMF_WD_POLL_MS); 3445 3446 down(&bus->sdsem); 3447 3448 /* Make sure backplane clock is on, needed to generate F2 interrupt */ 3449 brcmf_sdbrcm_clkctl(bus, CLK_AVAIL, false); 3450 if (bus->clkstate != CLK_AVAIL) 3451 goto exit; 3452 3453 /* Force clocks on backplane to be sure F2 interrupt propagates */ 3454 saveclk = brcmf_sdio_regrb(bus->sdiodev, 3455 SBSDIO_FUNC1_CHIPCLKCSR, &err); 3456 if (!err) { 3457 brcmf_sdio_regwb(bus->sdiodev, SBSDIO_FUNC1_CHIPCLKCSR, 3458 (saveclk | SBSDIO_FORCE_HT), &err); 3459 } 3460 if (err) { 3461 brcmf_dbg(ERROR, "Failed to force clock for F2: err %d\n", err); 3462 goto exit; 3463 } 3464 3465 /* Enable function 2 (frame transfers) */ 3466 w_sdreg32(bus, SDPCM_PROT_VERSION << SMB_DATA_VERSION_SHIFT, 3467 offsetof(struct sdpcmd_regs, tosbmailboxdata), &retries); 3468 enable = (SDIO_FUNC_ENABLE_1 | SDIO_FUNC_ENABLE_2); 3469 3470 brcmf_sdio_regwb(bus->sdiodev, SDIO_CCCR_IOEx, enable, NULL); 3471 3472 timeout = jiffies + msecs_to_jiffies(BRCMF_WAIT_F2RDY); 3473 ready = 0; 3474 while (enable != ready) { 3475 ready = brcmf_sdio_regrb(bus->sdiodev, 3476 SDIO_CCCR_IORx, NULL); 3477 if (time_after(jiffies, timeout)) 3478 break; 3479 else if (time_after(jiffies, timeout - BRCMF_WAIT_F2RDY + 50)) 3480 /* prevent busy waiting if it takes too long */ 3481 msleep_interruptible(20); 3482 } 3483 3484 brcmf_dbg(INFO, "enable 0x%02x, ready 0x%02x\n", enable, ready); 3485 3486 /* If F2 successfully enabled, set core and enable interrupts */ 3487 if (ready == enable) { 3488 /* Set up the interrupt mask and enable interrupts */ 3489 bus->hostintmask = HOSTINTMASK; 3490 w_sdreg32(bus, bus->hostintmask, 3491 offsetof(struct sdpcmd_regs, hostintmask), &retries); 3492 3493 brcmf_sdio_regwb(bus->sdiodev, SBSDIO_WATERMARK, 8, &err); 3494 } else { 3495 /* Disable F2 again */ 3496 enable = SDIO_FUNC_ENABLE_1; 3497 brcmf_sdio_regwb(bus->sdiodev, SDIO_CCCR_IOEx, enable, NULL); 3498 ret = -ENODEV; 3499 } 3500 3501 /* Restore previous clock setting */ 3502 brcmf_sdio_regwb(bus->sdiodev, SBSDIO_FUNC1_CHIPCLKCSR, saveclk, &err); 3503 3504 if (ret == 0) { 3505 ret = brcmf_sdio_intr_register(bus->sdiodev); 3506 if (ret != 0) 3507 brcmf_dbg(ERROR, "intr register failed:%d\n", ret); 3508 } 3509 3510 /* If we didn't come up, turn off backplane clock */ 3511 if (bus_if->state != BRCMF_BUS_DATA) 3512 brcmf_sdbrcm_clkctl(bus, CLK_NONE, false); 3513 3514exit: 3515 up(&bus->sdsem); 3516 3517 return ret; 3518} 3519 3520void brcmf_sdbrcm_isr(void *arg) 3521{ 3522 struct brcmf_sdio *bus = (struct brcmf_sdio *) arg; 3523 3524 brcmf_dbg(TRACE, "Enter\n"); 3525 3526 if (!bus) { 3527 brcmf_dbg(ERROR, "bus is null pointer, exiting\n"); 3528 return; 3529 } 3530 3531 if (bus->sdiodev->bus_if->state == BRCMF_BUS_DOWN) { 3532 brcmf_dbg(ERROR, "bus is down. we have nothing to do\n"); 3533 return; 3534 } 3535 /* Count the interrupt call */ 3536 bus->intrcount++; 3537 bus->ipend = true; 3538 3539 /* Shouldn't get this interrupt if we're sleeping? */ 3540 if (bus->sleeping) { 3541 brcmf_dbg(ERROR, "INTERRUPT WHILE SLEEPING??\n"); 3542 return; 3543 } 3544 3545 /* Disable additional interrupts (is this needed now)? */ 3546 if (!bus->intr) 3547 brcmf_dbg(ERROR, "isr w/o interrupt configured!\n"); 3548 3549 bus->dpc_sched = true; 3550 if (bus->dpc_tsk) { 3551 brcmf_sdbrcm_adddpctsk(bus); 3552 complete(&bus->dpc_wait); 3553 } 3554} 3555 3556static bool brcmf_sdbrcm_bus_watchdog(struct brcmf_sdio *bus) 3557{ 3558#ifdef DEBUG 3559 struct brcmf_bus *bus_if = dev_get_drvdata(bus->sdiodev->dev); 3560#endif /* DEBUG */ 3561 3562 brcmf_dbg(TIMER, "Enter\n"); 3563 3564 /* Ignore the timer if simulating bus down */ 3565 if (bus->sleeping) 3566 return false; 3567 3568 down(&bus->sdsem); 3569 3570 /* Poll period: check device if appropriate. */ 3571 if (bus->poll && (++bus->polltick >= bus->pollrate)) { 3572 u32 intstatus = 0; 3573 3574 /* Reset poll tick */ 3575 bus->polltick = 0; 3576 3577 /* Check device if no interrupts */ 3578 if (!bus->intr || (bus->intrcount == bus->lastintrs)) { 3579 3580 if (!bus->dpc_sched) { 3581 u8 devpend; 3582 devpend = brcmf_sdio_regrb(bus->sdiodev, 3583 SDIO_CCCR_INTx, 3584 NULL); 3585 intstatus = 3586 devpend & (INTR_STATUS_FUNC1 | 3587 INTR_STATUS_FUNC2); 3588 } 3589 3590 /* If there is something, make like the ISR and 3591 schedule the DPC */ 3592 if (intstatus) { 3593 bus->pollcnt++; 3594 bus->ipend = true; 3595 3596 bus->dpc_sched = true; 3597 if (bus->dpc_tsk) { 3598 brcmf_sdbrcm_adddpctsk(bus); 3599 complete(&bus->dpc_wait); 3600 } 3601 } 3602 } 3603 3604 /* Update interrupt tracking */ 3605 bus->lastintrs = bus->intrcount; 3606 } 3607#ifdef DEBUG 3608 /* Poll for console output periodically */ 3609 if (bus_if->state == BRCMF_BUS_DATA && 3610 bus->console_interval != 0) { 3611 bus->console.count += BRCMF_WD_POLL_MS; 3612 if (bus->console.count >= bus->console_interval) { 3613 bus->console.count -= bus->console_interval; 3614 /* Make sure backplane clock is on */ 3615 brcmf_sdbrcm_clkctl(bus, CLK_AVAIL, false); 3616 if (brcmf_sdbrcm_readconsole(bus) < 0) 3617 /* stop on error */ 3618 bus->console_interval = 0; 3619 } 3620 } 3621#endif /* DEBUG */ 3622 3623 /* On idle timeout clear activity flag and/or turn off clock */ 3624 if ((bus->idletime > 0) && (bus->clkstate == CLK_AVAIL)) { 3625 if (++bus->idlecount >= bus->idletime) { 3626 bus->idlecount = 0; 3627 if (bus->activity) { 3628 bus->activity = false; 3629 brcmf_sdbrcm_wd_timer(bus, BRCMF_WD_POLL_MS); 3630 } else { 3631 brcmf_sdbrcm_clkctl(bus, CLK_NONE, false); 3632 } 3633 } 3634 } 3635 3636 up(&bus->sdsem); 3637 3638 return bus->ipend; 3639} 3640 3641static bool brcmf_sdbrcm_chipmatch(u16 chipid) 3642{ 3643 if (chipid == BCM4329_CHIP_ID) 3644 return true; 3645 if (chipid == BCM4330_CHIP_ID) 3646 return true; 3647 return false; 3648} 3649 3650static void brcmf_sdbrcm_release_malloc(struct brcmf_sdio *bus) 3651{ 3652 brcmf_dbg(TRACE, "Enter\n"); 3653 3654 kfree(bus->rxbuf); 3655 bus->rxctl = bus->rxbuf = NULL; 3656 bus->rxlen = 0; 3657 3658 kfree(bus->databuf); 3659 bus->databuf = NULL; 3660} 3661 3662static bool brcmf_sdbrcm_probe_malloc(struct brcmf_sdio *bus) 3663{ 3664 brcmf_dbg(TRACE, "Enter\n"); 3665 3666 if (bus->sdiodev->bus_if->maxctl) { 3667 bus->rxblen = 3668 roundup((bus->sdiodev->bus_if->maxctl + SDPCM_HDRLEN), 3669 ALIGNMENT) + BRCMF_SDALIGN; 3670 bus->rxbuf = kmalloc(bus->rxblen, GFP_ATOMIC); 3671 if (!(bus->rxbuf)) 3672 goto fail; 3673 } 3674 3675 /* Allocate buffer to receive glomed packet */ 3676 bus->databuf = kmalloc(MAX_DATA_BUF, GFP_ATOMIC); 3677 if (!(bus->databuf)) { 3678 /* release rxbuf which was already located as above */ 3679 if (!bus->rxblen) 3680 kfree(bus->rxbuf); 3681 goto fail; 3682 } 3683 3684 /* Align the buffer */ 3685 if ((unsigned long)bus->databuf % BRCMF_SDALIGN) 3686 bus->dataptr = bus->databuf + (BRCMF_SDALIGN - 3687 ((unsigned long)bus->databuf % BRCMF_SDALIGN)); 3688 else 3689 bus->dataptr = bus->databuf; 3690 3691 return true; 3692 3693fail: 3694 return false; 3695} 3696 3697static bool 3698brcmf_sdbrcm_probe_attach(struct brcmf_sdio *bus, u32 regsva) 3699{ 3700 u8 clkctl = 0; 3701 int err = 0; 3702 int reg_addr; 3703 u32 reg_val; 3704 u8 idx; 3705 3706 bus->alp_only = true; 3707 3708 /* Return the window to backplane enumeration space for core access */ 3709 if (brcmf_sdcard_set_sbaddr_window(bus->sdiodev, SI_ENUM_BASE)) 3710 brcmf_dbg(ERROR, "FAILED to return to SI_ENUM_BASE\n"); 3711 3712 pr_debug("F1 signature read @0x18000000=0x%4x\n", 3713 brcmf_sdcard_reg_read(bus->sdiodev, SI_ENUM_BASE)); 3714 3715 /* 3716 * Force PLL off until brcmf_sdio_chip_attach() 3717 * programs PLL control regs 3718 */ 3719 3720 brcmf_sdio_regwb(bus->sdiodev, SBSDIO_FUNC1_CHIPCLKCSR, 3721 BRCMF_INIT_CLKCTL1, &err); 3722 if (!err) 3723 clkctl = brcmf_sdio_regrb(bus->sdiodev, 3724 SBSDIO_FUNC1_CHIPCLKCSR, &err); 3725 3726 if (err || ((clkctl & ~SBSDIO_AVBITS) != BRCMF_INIT_CLKCTL1)) { 3727 brcmf_dbg(ERROR, "ChipClkCSR access: err %d wrote 0x%02x read 0x%02x\n", 3728 err, BRCMF_INIT_CLKCTL1, clkctl); 3729 goto fail; 3730 } 3731 3732 if (brcmf_sdio_chip_attach(bus->sdiodev, &bus->ci, regsva)) { 3733 brcmf_dbg(ERROR, "brcmf_sdio_chip_attach failed!\n"); 3734 goto fail; 3735 } 3736 3737 if (!brcmf_sdbrcm_chipmatch((u16) bus->ci->chip)) { 3738 brcmf_dbg(ERROR, "unsupported chip: 0x%04x\n", bus->ci->chip); 3739 goto fail; 3740 } 3741 3742 brcmf_sdio_chip_drivestrengthinit(bus->sdiodev, bus->ci, 3743 SDIO_DRIVE_STRENGTH); 3744 3745 /* Get info on the SOCRAM cores... */ 3746 bus->ramsize = bus->ci->ramsize; 3747 if (!(bus->ramsize)) { 3748 brcmf_dbg(ERROR, "failed to find SOCRAM memory!\n"); 3749 goto fail; 3750 } 3751 3752 /* Set core control so an SDIO reset does a backplane reset */ 3753 idx = brcmf_sdio_chip_getinfidx(bus->ci, BCMA_CORE_SDIO_DEV); 3754 reg_addr = bus->ci->c_inf[idx].base + 3755 offsetof(struct sdpcmd_regs, corecontrol); 3756 reg_val = brcmf_sdcard_reg_read(bus->sdiodev, reg_addr); 3757 brcmf_sdcard_reg_write(bus->sdiodev, reg_addr, reg_val | CC_BPRESEN); 3758 3759 brcmu_pktq_init(&bus->txq, (PRIOMASK + 1), TXQLEN); 3760 3761 /* Locate an appropriately-aligned portion of hdrbuf */ 3762 bus->rxhdr = (u8 *) roundup((unsigned long)&bus->hdrbuf[0], 3763 BRCMF_SDALIGN); 3764 3765 /* Set the poll and/or interrupt flags */ 3766 bus->intr = true; 3767 bus->poll = false; 3768 if (bus->poll) 3769 bus->pollrate = 1; 3770 3771 return true; 3772 3773fail: 3774 return false; 3775} 3776 3777static bool brcmf_sdbrcm_probe_init(struct brcmf_sdio *bus) 3778{ 3779 brcmf_dbg(TRACE, "Enter\n"); 3780 3781 /* Disable F2 to clear any intermediate frame state on the dongle */ 3782 brcmf_sdio_regwb(bus->sdiodev, SDIO_CCCR_IOEx, 3783 SDIO_FUNC_ENABLE_1, NULL); 3784 3785 bus->sdiodev->bus_if->state = BRCMF_BUS_DOWN; 3786 bus->sleeping = false; 3787 bus->rxflow = false; 3788 3789 /* Done with backplane-dependent accesses, can drop clock... */ 3790 brcmf_sdio_regwb(bus->sdiodev, SBSDIO_FUNC1_CHIPCLKCSR, 0, NULL); 3791 3792 /* ...and initialize clock/power states */ 3793 bus->clkstate = CLK_SDONLY; 3794 bus->idletime = BRCMF_IDLE_INTERVAL; 3795 bus->idleclock = BRCMF_IDLE_ACTIVE; 3796 3797 /* Query the F2 block size, set roundup accordingly */ 3798 bus->blocksize = bus->sdiodev->func[2]->cur_blksize; 3799 bus->roundup = min(max_roundup, bus->blocksize); 3800 3801 /* bus module does not support packet chaining */ 3802 bus->use_rxchain = false; 3803 bus->sd_rxchain = false; 3804 3805 return true; 3806} 3807 3808static int 3809brcmf_sdbrcm_watchdog_thread(void *data) 3810{ 3811 struct brcmf_sdio *bus = (struct brcmf_sdio *)data; 3812 3813 allow_signal(SIGTERM); 3814 /* Run until signal received */ 3815 while (1) { 3816 if (kthread_should_stop()) 3817 break; 3818 if (!wait_for_completion_interruptible(&bus->watchdog_wait)) { 3819 brcmf_sdbrcm_bus_watchdog(bus); 3820 /* Count the tick for reference */ 3821 bus->tickcnt++; 3822 } else 3823 break; 3824 } 3825 return 0; 3826} 3827 3828static void 3829brcmf_sdbrcm_watchdog(unsigned long data) 3830{ 3831 struct brcmf_sdio *bus = (struct brcmf_sdio *)data; 3832 3833 if (bus->watchdog_tsk) { 3834 complete(&bus->watchdog_wait); 3835 /* Reschedule the watchdog */ 3836 if (bus->wd_timer_valid) 3837 mod_timer(&bus->timer, 3838 jiffies + BRCMF_WD_POLL_MS * HZ / 1000); 3839 } 3840} 3841 3842static void brcmf_sdbrcm_release_dongle(struct brcmf_sdio *bus) 3843{ 3844 brcmf_dbg(TRACE, "Enter\n"); 3845 3846 if (bus->ci) { 3847 brcmf_sdbrcm_clkctl(bus, CLK_AVAIL, false); 3848 brcmf_sdbrcm_clkctl(bus, CLK_NONE, false); 3849 brcmf_sdio_chip_detach(&bus->ci); 3850 if (bus->vars && bus->varsz) 3851 kfree(bus->vars); 3852 bus->vars = NULL; 3853 } 3854 3855 brcmf_dbg(TRACE, "Disconnected\n"); 3856} 3857 3858/* Detach and free everything */ 3859static void brcmf_sdbrcm_release(struct brcmf_sdio *bus) 3860{ 3861 brcmf_dbg(TRACE, "Enter\n"); 3862 3863 if (bus) { 3864 /* De-register interrupt handler */ 3865 brcmf_sdio_intr_unregister(bus->sdiodev); 3866 3867 if (bus->sdiodev->bus_if->drvr) { 3868 brcmf_detach(bus->sdiodev->dev); 3869 brcmf_sdbrcm_release_dongle(bus); 3870 } 3871 3872 brcmf_sdbrcm_release_malloc(bus); 3873 3874 kfree(bus); 3875 } 3876 3877 brcmf_dbg(TRACE, "Disconnected\n"); 3878} 3879 3880void *brcmf_sdbrcm_probe(u32 regsva, struct brcmf_sdio_dev *sdiodev) 3881{ 3882 int ret; 3883 struct brcmf_sdio *bus; 3884 3885 brcmf_dbg(TRACE, "Enter\n"); 3886 3887 /* We make an assumption about address window mappings: 3888 * regsva == SI_ENUM_BASE*/ 3889 3890 /* Allocate private bus interface state */ 3891 bus = kzalloc(sizeof(struct brcmf_sdio), GFP_ATOMIC); 3892 if (!bus) 3893 goto fail; 3894 3895 bus->sdiodev = sdiodev; 3896 sdiodev->bus = bus; 3897 skb_queue_head_init(&bus->glom); 3898 bus->txbound = BRCMF_TXBOUND; 3899 bus->rxbound = BRCMF_RXBOUND; 3900 bus->txminmax = BRCMF_TXMINMAX; 3901 bus->tx_seq = SDPCM_SEQUENCE_WRAP - 1; 3902 bus->usebufpool = false; /* Use bufpool if allocated, 3903 else use locally malloced rxbuf */ 3904 3905 /* attempt to attach to the dongle */ 3906 if (!(brcmf_sdbrcm_probe_attach(bus, regsva))) { 3907 brcmf_dbg(ERROR, "brcmf_sdbrcm_probe_attach failed\n"); 3908 goto fail; 3909 } 3910 3911 spin_lock_init(&bus->txqlock); 3912 init_waitqueue_head(&bus->ctrl_wait); 3913 init_waitqueue_head(&bus->dcmd_resp_wait); 3914 3915 /* Set up the watchdog timer */ 3916 init_timer(&bus->timer); 3917 bus->timer.data = (unsigned long)bus; 3918 bus->timer.function = brcmf_sdbrcm_watchdog; 3919 3920 /* Initialize thread based operation and lock */ 3921 sema_init(&bus->sdsem, 1); 3922 3923 /* Initialize watchdog thread */ 3924 init_completion(&bus->watchdog_wait); 3925 bus->watchdog_tsk = kthread_run(brcmf_sdbrcm_watchdog_thread, 3926 bus, "brcmf_watchdog"); 3927 if (IS_ERR(bus->watchdog_tsk)) { 3928 pr_warn("brcmf_watchdog thread failed to start\n"); 3929 bus->watchdog_tsk = NULL; 3930 } 3931 /* Initialize DPC thread */ 3932 init_completion(&bus->dpc_wait); 3933 INIT_LIST_HEAD(&bus->dpc_tsklst); 3934 spin_lock_init(&bus->dpc_tl_lock); 3935 bus->dpc_tsk = kthread_run(brcmf_sdbrcm_dpc_thread, 3936 bus, "brcmf_dpc"); 3937 if (IS_ERR(bus->dpc_tsk)) { 3938 pr_warn("brcmf_dpc thread failed to start\n"); 3939 bus->dpc_tsk = NULL; 3940 } 3941 3942 /* Assign bus interface call back */ 3943 bus->sdiodev->bus_if->brcmf_bus_stop = brcmf_sdbrcm_bus_stop; 3944 bus->sdiodev->bus_if->brcmf_bus_init = brcmf_sdbrcm_bus_init; 3945 bus->sdiodev->bus_if->brcmf_bus_txdata = brcmf_sdbrcm_bus_txdata; 3946 bus->sdiodev->bus_if->brcmf_bus_txctl = brcmf_sdbrcm_bus_txctl; 3947 bus->sdiodev->bus_if->brcmf_bus_rxctl = brcmf_sdbrcm_bus_rxctl; 3948 /* Attach to the brcmf/OS/network interface */ 3949 ret = brcmf_attach(SDPCM_RESERVE, bus->sdiodev->dev); 3950 if (ret != 0) { 3951 brcmf_dbg(ERROR, "brcmf_attach failed\n"); 3952 goto fail; 3953 } 3954 3955 /* Allocate buffers */ 3956 if (!(brcmf_sdbrcm_probe_malloc(bus))) { 3957 brcmf_dbg(ERROR, "brcmf_sdbrcm_probe_malloc failed\n"); 3958 goto fail; 3959 } 3960 3961 if (!(brcmf_sdbrcm_probe_init(bus))) { 3962 brcmf_dbg(ERROR, "brcmf_sdbrcm_probe_init failed\n"); 3963 goto fail; 3964 } 3965 3966 brcmf_dbg(INFO, "completed!!\n"); 3967 3968 /* if firmware path present try to download and bring up bus */ 3969 ret = brcmf_bus_start(bus->sdiodev->dev); 3970 if (ret != 0) { 3971 if (ret == -ENOLINK) { 3972 brcmf_dbg(ERROR, "dongle is not responding\n"); 3973 goto fail; 3974 } 3975 } 3976 3977 return bus; 3978 3979fail: 3980 brcmf_sdbrcm_release(bus); 3981 return NULL; 3982} 3983 3984void brcmf_sdbrcm_disconnect(void *ptr) 3985{ 3986 struct brcmf_sdio *bus = (struct brcmf_sdio *)ptr; 3987 3988 brcmf_dbg(TRACE, "Enter\n"); 3989 3990 if (bus) 3991 brcmf_sdbrcm_release(bus); 3992 3993 brcmf_dbg(TRACE, "Disconnected\n"); 3994} 3995 3996void 3997brcmf_sdbrcm_wd_timer(struct brcmf_sdio *bus, uint wdtick) 3998{ 3999 /* Totally stop the timer */ 4000 if (!wdtick && bus->wd_timer_valid) { 4001 del_timer_sync(&bus->timer); 4002 bus->wd_timer_valid = false; 4003 bus->save_ms = wdtick; 4004 return; 4005 } 4006 4007 /* don't start the wd until fw is loaded */ 4008 if (bus->sdiodev->bus_if->state == BRCMF_BUS_DOWN) 4009 return; 4010 4011 if (wdtick) { 4012 if (bus->save_ms != BRCMF_WD_POLL_MS) { 4013 if (bus->wd_timer_valid) 4014 /* Stop timer and restart at new value */ 4015 del_timer_sync(&bus->timer); 4016 4017 /* Create timer again when watchdog period is 4018 dynamically changed or in the first instance 4019 */ 4020 bus->timer.expires = 4021 jiffies + BRCMF_WD_POLL_MS * HZ / 1000; 4022 add_timer(&bus->timer); 4023 4024 } else { 4025 /* Re arm the timer, at last watchdog period */ 4026 mod_timer(&bus->timer, 4027 jiffies + BRCMF_WD_POLL_MS * HZ / 1000); 4028 } 4029 4030 bus->wd_timer_valid = true; 4031 bus->save_ms = wdtick; 4032 } 4033} 4034