dhd_sdio.c revision c0e89f084b5089acdfdda1cb45c88896fa0f5139
1/* 2 * Copyright (c) 2010 Broadcom Corporation 3 * 4 * Permission to use, copy, modify, and/or distribute this software for any 5 * purpose with or without fee is hereby granted, provided that the above 6 * copyright notice and this permission notice appear in all copies. 7 * 8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 11 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION 13 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN 14 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 */ 16 17#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 18 19#include <linux/types.h> 20#include <linux/kernel.h> 21#include <linux/kthread.h> 22#include <linux/printk.h> 23#include <linux/pci_ids.h> 24#include <linux/netdevice.h> 25#include <linux/interrupt.h> 26#include <linux/sched.h> 27#include <linux/mmc/sdio.h> 28#include <linux/mmc/sdio_func.h> 29#include <linux/mmc/card.h> 30#include <linux/semaphore.h> 31#include <linux/firmware.h> 32#include <linux/module.h> 33#include <linux/bcma/bcma.h> 34#include <asm/unaligned.h> 35#include <defs.h> 36#include <brcmu_wifi.h> 37#include <brcmu_utils.h> 38#include <brcm_hw_ids.h> 39#include <soc.h> 40#include "sdio_host.h" 41#include "sdio_chip.h" 42 43#define DCMD_RESP_TIMEOUT 2000 /* In milli second */ 44 45#ifdef DEBUG 46 47#define BRCMF_TRAP_INFO_SIZE 80 48 49#define CBUF_LEN (128) 50 51struct rte_log_le { 52 __le32 buf; /* Can't be pointer on (64-bit) hosts */ 53 __le32 buf_size; 54 __le32 idx; 55 char *_buf_compat; /* Redundant pointer for backward compat. */ 56}; 57 58struct rte_console { 59 /* Virtual UART 60 * When there is no UART (e.g. Quickturn), 61 * the host should write a complete 62 * input line directly into cbuf and then write 63 * the length into vcons_in. 64 * This may also be used when there is a real UART 65 * (at risk of conflicting with 66 * the real UART). vcons_out is currently unused. 67 */ 68 uint vcons_in; 69 uint vcons_out; 70 71 /* Output (logging) buffer 72 * Console output is written to a ring buffer log_buf at index log_idx. 73 * The host may read the output when it sees log_idx advance. 74 * Output will be lost if the output wraps around faster than the host 75 * polls. 76 */ 77 struct rte_log_le log_le; 78 79 /* Console input line buffer 80 * Characters are read one at a time into cbuf 81 * until <CR> is received, then 82 * the buffer is processed as a command line. 83 * Also used for virtual UART. 84 */ 85 uint cbuf_idx; 86 char cbuf[CBUF_LEN]; 87}; 88 89#endif /* DEBUG */ 90#include <chipcommon.h> 91 92#include "dhd_bus.h" 93#include "dhd_dbg.h" 94 95#define TXQLEN 2048 /* bulk tx queue length */ 96#define TXHI (TXQLEN - 256) /* turn on flow control above TXHI */ 97#define TXLOW (TXHI - 256) /* turn off flow control below TXLOW */ 98#define PRIOMASK 7 99 100#define TXRETRIES 2 /* # of retries for tx frames */ 101 102#define BRCMF_RXBOUND 50 /* Default for max rx frames in 103 one scheduling */ 104 105#define BRCMF_TXBOUND 20 /* Default for max tx frames in 106 one scheduling */ 107 108#define BRCMF_TXMINMAX 1 /* Max tx frames if rx still pending */ 109 110#define MEMBLOCK 2048 /* Block size used for downloading 111 of dongle image */ 112#define MAX_DATA_BUF (32 * 1024) /* Must be large enough to hold 113 biggest possible glom */ 114 115#define BRCMF_FIRSTREAD (1 << 6) 116 117 118/* SBSDIO_DEVICE_CTL */ 119 120/* 1: device will assert busy signal when receiving CMD53 */ 121#define SBSDIO_DEVCTL_SETBUSY 0x01 122/* 1: assertion of sdio interrupt is synchronous to the sdio clock */ 123#define SBSDIO_DEVCTL_SPI_INTR_SYNC 0x02 124/* 1: mask all interrupts to host except the chipActive (rev 8) */ 125#define SBSDIO_DEVCTL_CA_INT_ONLY 0x04 126/* 1: isolate internal sdio signals, put external pads in tri-state; requires 127 * sdio bus power cycle to clear (rev 9) */ 128#define SBSDIO_DEVCTL_PADS_ISO 0x08 129/* Force SD->SB reset mapping (rev 11) */ 130#define SBSDIO_DEVCTL_SB_RST_CTL 0x30 131/* Determined by CoreControl bit */ 132#define SBSDIO_DEVCTL_RST_CORECTL 0x00 133/* Force backplane reset */ 134#define SBSDIO_DEVCTL_RST_BPRESET 0x10 135/* Force no backplane reset */ 136#define SBSDIO_DEVCTL_RST_NOBPRESET 0x20 137 138/* direct(mapped) cis space */ 139 140/* MAPPED common CIS address */ 141#define SBSDIO_CIS_BASE_COMMON 0x1000 142/* maximum bytes in one CIS */ 143#define SBSDIO_CIS_SIZE_LIMIT 0x200 144/* cis offset addr is < 17 bits */ 145#define SBSDIO_CIS_OFT_ADDR_MASK 0x1FFFF 146 147/* manfid tuple length, include tuple, link bytes */ 148#define SBSDIO_CIS_MANFID_TUPLE_LEN 6 149 150/* intstatus */ 151#define I_SMB_SW0 (1 << 0) /* To SB Mail S/W interrupt 0 */ 152#define I_SMB_SW1 (1 << 1) /* To SB Mail S/W interrupt 1 */ 153#define I_SMB_SW2 (1 << 2) /* To SB Mail S/W interrupt 2 */ 154#define I_SMB_SW3 (1 << 3) /* To SB Mail S/W interrupt 3 */ 155#define I_SMB_SW_MASK 0x0000000f /* To SB Mail S/W interrupts mask */ 156#define I_SMB_SW_SHIFT 0 /* To SB Mail S/W interrupts shift */ 157#define I_HMB_SW0 (1 << 4) /* To Host Mail S/W interrupt 0 */ 158#define I_HMB_SW1 (1 << 5) /* To Host Mail S/W interrupt 1 */ 159#define I_HMB_SW2 (1 << 6) /* To Host Mail S/W interrupt 2 */ 160#define I_HMB_SW3 (1 << 7) /* To Host Mail S/W interrupt 3 */ 161#define I_HMB_SW_MASK 0x000000f0 /* To Host Mail S/W interrupts mask */ 162#define I_HMB_SW_SHIFT 4 /* To Host Mail S/W interrupts shift */ 163#define I_WR_OOSYNC (1 << 8) /* Write Frame Out Of Sync */ 164#define I_RD_OOSYNC (1 << 9) /* Read Frame Out Of Sync */ 165#define I_PC (1 << 10) /* descriptor error */ 166#define I_PD (1 << 11) /* data error */ 167#define I_DE (1 << 12) /* Descriptor protocol Error */ 168#define I_RU (1 << 13) /* Receive descriptor Underflow */ 169#define I_RO (1 << 14) /* Receive fifo Overflow */ 170#define I_XU (1 << 15) /* Transmit fifo Underflow */ 171#define I_RI (1 << 16) /* Receive Interrupt */ 172#define I_BUSPWR (1 << 17) /* SDIO Bus Power Change (rev 9) */ 173#define I_XMTDATA_AVAIL (1 << 23) /* bits in fifo */ 174#define I_XI (1 << 24) /* Transmit Interrupt */ 175#define I_RF_TERM (1 << 25) /* Read Frame Terminate */ 176#define I_WF_TERM (1 << 26) /* Write Frame Terminate */ 177#define I_PCMCIA_XU (1 << 27) /* PCMCIA Transmit FIFO Underflow */ 178#define I_SBINT (1 << 28) /* sbintstatus Interrupt */ 179#define I_CHIPACTIVE (1 << 29) /* chip from doze to active state */ 180#define I_SRESET (1 << 30) /* CCCR RES interrupt */ 181#define I_IOE2 (1U << 31) /* CCCR IOE2 Bit Changed */ 182#define I_ERRORS (I_PC | I_PD | I_DE | I_RU | I_RO | I_XU) 183#define I_DMA (I_RI | I_XI | I_ERRORS) 184 185/* corecontrol */ 186#define CC_CISRDY (1 << 0) /* CIS Ready */ 187#define CC_BPRESEN (1 << 1) /* CCCR RES signal */ 188#define CC_F2RDY (1 << 2) /* set CCCR IOR2 bit */ 189#define CC_CLRPADSISO (1 << 3) /* clear SDIO pads isolation */ 190#define CC_XMTDATAAVAIL_MODE (1 << 4) 191#define CC_XMTDATAAVAIL_CTRL (1 << 5) 192 193/* SDA_FRAMECTRL */ 194#define SFC_RF_TERM (1 << 0) /* Read Frame Terminate */ 195#define SFC_WF_TERM (1 << 1) /* Write Frame Terminate */ 196#define SFC_CRC4WOOS (1 << 2) /* CRC error for write out of sync */ 197#define SFC_ABORTALL (1 << 3) /* Abort all in-progress frames */ 198 199/* HW frame tag */ 200#define SDPCM_FRAMETAG_LEN 4 /* 2 bytes len, 2 bytes check val */ 201 202/* Total length of frame header for dongle protocol */ 203#define SDPCM_HDRLEN (SDPCM_FRAMETAG_LEN + SDPCM_SWHEADER_LEN) 204#define SDPCM_RESERVE (SDPCM_HDRLEN + BRCMF_SDALIGN) 205 206/* 207 * Software allocation of To SB Mailbox resources 208 */ 209 210/* tosbmailbox bits corresponding to intstatus bits */ 211#define SMB_NAK (1 << 0) /* Frame NAK */ 212#define SMB_INT_ACK (1 << 1) /* Host Interrupt ACK */ 213#define SMB_USE_OOB (1 << 2) /* Use OOB Wakeup */ 214#define SMB_DEV_INT (1 << 3) /* Miscellaneous Interrupt */ 215 216/* tosbmailboxdata */ 217#define SMB_DATA_VERSION_SHIFT 16 /* host protocol version */ 218 219/* 220 * Software allocation of To Host Mailbox resources 221 */ 222 223/* intstatus bits */ 224#define I_HMB_FC_STATE I_HMB_SW0 /* Flow Control State */ 225#define I_HMB_FC_CHANGE I_HMB_SW1 /* Flow Control State Changed */ 226#define I_HMB_FRAME_IND I_HMB_SW2 /* Frame Indication */ 227#define I_HMB_HOST_INT I_HMB_SW3 /* Miscellaneous Interrupt */ 228 229/* tohostmailboxdata */ 230#define HMB_DATA_NAKHANDLED 1 /* retransmit NAK'd frame */ 231#define HMB_DATA_DEVREADY 2 /* talk to host after enable */ 232#define HMB_DATA_FC 4 /* per prio flowcontrol update flag */ 233#define HMB_DATA_FWREADY 8 /* fw ready for protocol activity */ 234 235#define HMB_DATA_FCDATA_MASK 0xff000000 236#define HMB_DATA_FCDATA_SHIFT 24 237 238#define HMB_DATA_VERSION_MASK 0x00ff0000 239#define HMB_DATA_VERSION_SHIFT 16 240 241/* 242 * Software-defined protocol header 243 */ 244 245/* Current protocol version */ 246#define SDPCM_PROT_VERSION 4 247 248/* SW frame header */ 249#define SDPCM_PACKET_SEQUENCE(p) (((u8 *)p)[0] & 0xff) 250 251#define SDPCM_CHANNEL_MASK 0x00000f00 252#define SDPCM_CHANNEL_SHIFT 8 253#define SDPCM_PACKET_CHANNEL(p) (((u8 *)p)[1] & 0x0f) 254 255#define SDPCM_NEXTLEN_OFFSET 2 256 257/* Data Offset from SOF (HW Tag, SW Tag, Pad) */ 258#define SDPCM_DOFFSET_OFFSET 3 /* Data Offset */ 259#define SDPCM_DOFFSET_VALUE(p) (((u8 *)p)[SDPCM_DOFFSET_OFFSET] & 0xff) 260#define SDPCM_DOFFSET_MASK 0xff000000 261#define SDPCM_DOFFSET_SHIFT 24 262#define SDPCM_FCMASK_OFFSET 4 /* Flow control */ 263#define SDPCM_FCMASK_VALUE(p) (((u8 *)p)[SDPCM_FCMASK_OFFSET] & 0xff) 264#define SDPCM_WINDOW_OFFSET 5 /* Credit based fc */ 265#define SDPCM_WINDOW_VALUE(p) (((u8 *)p)[SDPCM_WINDOW_OFFSET] & 0xff) 266 267#define SDPCM_SWHEADER_LEN 8 /* SW header is 64 bits */ 268 269/* logical channel numbers */ 270#define SDPCM_CONTROL_CHANNEL 0 /* Control channel Id */ 271#define SDPCM_EVENT_CHANNEL 1 /* Asyc Event Indication Channel Id */ 272#define SDPCM_DATA_CHANNEL 2 /* Data Xmit/Recv Channel Id */ 273#define SDPCM_GLOM_CHANNEL 3 /* For coalesced packets */ 274#define SDPCM_TEST_CHANNEL 15 /* Reserved for test/debug packets */ 275 276#define SDPCM_SEQUENCE_WRAP 256 /* wrap-around val for 8bit frame seq */ 277 278#define SDPCM_GLOMDESC(p) (((u8 *)p)[1] & 0x80) 279 280/* 281 * Shared structure between dongle and the host. 282 * The structure contains pointers to trap or assert information. 283 */ 284#define SDPCM_SHARED_VERSION 0x0002 285#define SDPCM_SHARED_VERSION_MASK 0x00FF 286#define SDPCM_SHARED_ASSERT_BUILT 0x0100 287#define SDPCM_SHARED_ASSERT 0x0200 288#define SDPCM_SHARED_TRAP 0x0400 289 290/* Space for header read, limit for data packets */ 291#define MAX_HDR_READ (1 << 6) 292#define MAX_RX_DATASZ 2048 293 294/* Maximum milliseconds to wait for F2 to come up */ 295#define BRCMF_WAIT_F2RDY 3000 296 297/* Bump up limit on waiting for HT to account for first startup; 298 * if the image is doing a CRC calculation before programming the PMU 299 * for HT availability, it could take a couple hundred ms more, so 300 * max out at a 1 second (1000000us). 301 */ 302#undef PMU_MAX_TRANSITION_DLY 303#define PMU_MAX_TRANSITION_DLY 1000000 304 305/* Value for ChipClockCSR during initial setup */ 306#define BRCMF_INIT_CLKCTL1 (SBSDIO_FORCE_HW_CLKREQ_OFF | \ 307 SBSDIO_ALP_AVAIL_REQ) 308 309/* Flags for SDH calls */ 310#define F2SYNC (SDIO_REQ_4BYTE | SDIO_REQ_FIXED) 311 312#define BRCMFMAC_FW_NAME "brcm/brcmfmac.bin" 313#define BRCMFMAC_NV_NAME "brcm/brcmfmac.txt" 314MODULE_FIRMWARE(BRCMFMAC_FW_NAME); 315MODULE_FIRMWARE(BRCMFMAC_NV_NAME); 316 317#define BRCMF_IDLE_IMMEDIATE (-1) /* Enter idle immediately */ 318#define BRCMF_IDLE_ACTIVE 0 /* Do not request any SD clock change 319 * when idle 320 */ 321#define BRCMF_IDLE_INTERVAL 1 322 323/* 324 * Conversion of 802.1D priority to precedence level 325 */ 326static uint prio2prec(u32 prio) 327{ 328 return (prio == PRIO_8021D_NONE || prio == PRIO_8021D_BE) ? 329 (prio^2) : prio; 330} 331 332/* core registers */ 333struct sdpcmd_regs { 334 u32 corecontrol; /* 0x00, rev8 */ 335 u32 corestatus; /* rev8 */ 336 u32 PAD[1]; 337 u32 biststatus; /* rev8 */ 338 339 /* PCMCIA access */ 340 u16 pcmciamesportaladdr; /* 0x010, rev8 */ 341 u16 PAD[1]; 342 u16 pcmciamesportalmask; /* rev8 */ 343 u16 PAD[1]; 344 u16 pcmciawrframebc; /* rev8 */ 345 u16 PAD[1]; 346 u16 pcmciaunderflowtimer; /* rev8 */ 347 u16 PAD[1]; 348 349 /* interrupt */ 350 u32 intstatus; /* 0x020, rev8 */ 351 u32 hostintmask; /* rev8 */ 352 u32 intmask; /* rev8 */ 353 u32 sbintstatus; /* rev8 */ 354 u32 sbintmask; /* rev8 */ 355 u32 funcintmask; /* rev4 */ 356 u32 PAD[2]; 357 u32 tosbmailbox; /* 0x040, rev8 */ 358 u32 tohostmailbox; /* rev8 */ 359 u32 tosbmailboxdata; /* rev8 */ 360 u32 tohostmailboxdata; /* rev8 */ 361 362 /* synchronized access to registers in SDIO clock domain */ 363 u32 sdioaccess; /* 0x050, rev8 */ 364 u32 PAD[3]; 365 366 /* PCMCIA frame control */ 367 u8 pcmciaframectrl; /* 0x060, rev8 */ 368 u8 PAD[3]; 369 u8 pcmciawatermark; /* rev8 */ 370 u8 PAD[155]; 371 372 /* interrupt batching control */ 373 u32 intrcvlazy; /* 0x100, rev8 */ 374 u32 PAD[3]; 375 376 /* counters */ 377 u32 cmd52rd; /* 0x110, rev8 */ 378 u32 cmd52wr; /* rev8 */ 379 u32 cmd53rd; /* rev8 */ 380 u32 cmd53wr; /* rev8 */ 381 u32 abort; /* rev8 */ 382 u32 datacrcerror; /* rev8 */ 383 u32 rdoutofsync; /* rev8 */ 384 u32 wroutofsync; /* rev8 */ 385 u32 writebusy; /* rev8 */ 386 u32 readwait; /* rev8 */ 387 u32 readterm; /* rev8 */ 388 u32 writeterm; /* rev8 */ 389 u32 PAD[40]; 390 u32 clockctlstatus; /* rev8 */ 391 u32 PAD[7]; 392 393 u32 PAD[128]; /* DMA engines */ 394 395 /* SDIO/PCMCIA CIS region */ 396 char cis[512]; /* 0x400-0x5ff, rev6 */ 397 398 /* PCMCIA function control registers */ 399 char pcmciafcr[256]; /* 0x600-6ff, rev6 */ 400 u16 PAD[55]; 401 402 /* PCMCIA backplane access */ 403 u16 backplanecsr; /* 0x76E, rev6 */ 404 u16 backplaneaddr0; /* rev6 */ 405 u16 backplaneaddr1; /* rev6 */ 406 u16 backplaneaddr2; /* rev6 */ 407 u16 backplaneaddr3; /* rev6 */ 408 u16 backplanedata0; /* rev6 */ 409 u16 backplanedata1; /* rev6 */ 410 u16 backplanedata2; /* rev6 */ 411 u16 backplanedata3; /* rev6 */ 412 u16 PAD[31]; 413 414 /* sprom "size" & "blank" info */ 415 u16 spromstatus; /* 0x7BE, rev2 */ 416 u32 PAD[464]; 417 418 u16 PAD[0x80]; 419}; 420 421#ifdef DEBUG 422/* Device console log buffer state */ 423struct brcmf_console { 424 uint count; /* Poll interval msec counter */ 425 uint log_addr; /* Log struct address (fixed) */ 426 struct rte_log_le log_le; /* Log struct (host copy) */ 427 uint bufsize; /* Size of log buffer */ 428 u8 *buf; /* Log buffer (host copy) */ 429 uint last; /* Last buffer read index */ 430}; 431#endif /* DEBUG */ 432 433struct sdpcm_shared { 434 u32 flags; 435 u32 trap_addr; 436 u32 assert_exp_addr; 437 u32 assert_file_addr; 438 u32 assert_line; 439 u32 console_addr; /* Address of struct rte_console */ 440 u32 msgtrace_addr; 441 u8 tag[32]; 442}; 443 444struct sdpcm_shared_le { 445 __le32 flags; 446 __le32 trap_addr; 447 __le32 assert_exp_addr; 448 __le32 assert_file_addr; 449 __le32 assert_line; 450 __le32 console_addr; /* Address of struct rte_console */ 451 __le32 msgtrace_addr; 452 u8 tag[32]; 453}; 454 455 456/* misc chip info needed by some of the routines */ 457/* Private data for SDIO bus interaction */ 458struct brcmf_sdio { 459 struct brcmf_sdio_dev *sdiodev; /* sdio device handler */ 460 struct chip_info *ci; /* Chip info struct */ 461 char *vars; /* Variables (from CIS and/or other) */ 462 uint varsz; /* Size of variables buffer */ 463 464 u32 ramsize; /* Size of RAM in SOCRAM (bytes) */ 465 466 u32 hostintmask; /* Copy of Host Interrupt Mask */ 467 u32 intstatus; /* Intstatus bits (events) pending */ 468 bool dpc_sched; /* Indicates DPC schedule (intrpt rcvd) */ 469 bool fcstate; /* State of dongle flow-control */ 470 471 uint blocksize; /* Block size of SDIO transfers */ 472 uint roundup; /* Max roundup limit */ 473 474 struct pktq txq; /* Queue length used for flow-control */ 475 u8 flowcontrol; /* per prio flow control bitmask */ 476 u8 tx_seq; /* Transmit sequence number (next) */ 477 u8 tx_max; /* Maximum transmit sequence allowed */ 478 479 u8 hdrbuf[MAX_HDR_READ + BRCMF_SDALIGN]; 480 u8 *rxhdr; /* Header of current rx frame (in hdrbuf) */ 481 u16 nextlen; /* Next Read Len from last header */ 482 u8 rx_seq; /* Receive sequence number (expected) */ 483 bool rxskip; /* Skip receive (awaiting NAK ACK) */ 484 485 uint rxbound; /* Rx frames to read before resched */ 486 uint txbound; /* Tx frames to send before resched */ 487 uint txminmax; 488 489 struct sk_buff *glomd; /* Packet containing glomming descriptor */ 490 struct sk_buff_head glom; /* Packet list for glommed superframe */ 491 uint glomerr; /* Glom packet read errors */ 492 493 u8 *rxbuf; /* Buffer for receiving control packets */ 494 uint rxblen; /* Allocated length of rxbuf */ 495 u8 *rxctl; /* Aligned pointer into rxbuf */ 496 u8 *databuf; /* Buffer for receiving big glom packet */ 497 u8 *dataptr; /* Aligned pointer into databuf */ 498 uint rxlen; /* Length of valid data in buffer */ 499 500 u8 sdpcm_ver; /* Bus protocol reported by dongle */ 501 502 bool intr; /* Use interrupts */ 503 bool poll; /* Use polling */ 504 bool ipend; /* Device interrupt is pending */ 505 uint intrcount; /* Count of device interrupt callbacks */ 506 uint lastintrs; /* Count as of last watchdog timer */ 507 uint spurious; /* Count of spurious interrupts */ 508 uint pollrate; /* Ticks between device polls */ 509 uint polltick; /* Tick counter */ 510 uint pollcnt; /* Count of active polls */ 511 512#ifdef DEBUG 513 uint console_interval; 514 struct brcmf_console console; /* Console output polling support */ 515 uint console_addr; /* Console address from shared struct */ 516#endif /* DEBUG */ 517 518 uint regfails; /* Count of R_REG failures */ 519 520 uint clkstate; /* State of sd and backplane clock(s) */ 521 bool activity; /* Activity flag for clock down */ 522 s32 idletime; /* Control for activity timeout */ 523 s32 idlecount; /* Activity timeout counter */ 524 s32 idleclock; /* How to set bus driver when idle */ 525 s32 sd_rxchain; 526 bool use_rxchain; /* If brcmf should use PKT chains */ 527 bool sleeping; /* Is SDIO bus sleeping? */ 528 bool rxflow_mode; /* Rx flow control mode */ 529 bool rxflow; /* Is rx flow control on */ 530 bool alp_only; /* Don't use HT clock (ALP only) */ 531/* Field to decide if rx of control frames happen in rxbuf or lb-pool */ 532 bool usebufpool; 533 534 /* Some additional counters */ 535 uint tx_sderrs; /* Count of tx attempts with sd errors */ 536 uint fcqueued; /* Tx packets that got queued */ 537 uint rxrtx; /* Count of rtx requests (NAK to dongle) */ 538 uint rx_toolong; /* Receive frames too long to receive */ 539 uint rxc_errors; /* SDIO errors when reading control frames */ 540 uint rx_hdrfail; /* SDIO errors on header reads */ 541 uint rx_badhdr; /* Bad received headers (roosync?) */ 542 uint rx_badseq; /* Mismatched rx sequence number */ 543 uint fc_rcvd; /* Number of flow-control events received */ 544 uint fc_xoff; /* Number which turned on flow-control */ 545 uint fc_xon; /* Number which turned off flow-control */ 546 uint rxglomfail; /* Failed deglom attempts */ 547 uint rxglomframes; /* Number of glom frames (superframes) */ 548 uint rxglompkts; /* Number of packets from glom frames */ 549 uint f2rxhdrs; /* Number of header reads */ 550 uint f2rxdata; /* Number of frame data reads */ 551 uint f2txdata; /* Number of f2 frame writes */ 552 uint f1regdata; /* Number of f1 register accesses */ 553 uint tickcnt; /* Number of watchdog been schedule */ 554 unsigned long tx_ctlerrs; /* Err of sending ctrl frames */ 555 unsigned long tx_ctlpkts; /* Ctrl frames sent to dongle */ 556 unsigned long rx_ctlerrs; /* Err of processing rx ctrl frames */ 557 unsigned long rx_ctlpkts; /* Ctrl frames processed from dongle */ 558 unsigned long rx_readahead_cnt; /* Number of packets where header 559 * read-ahead was used. */ 560 561 u8 *ctrl_frame_buf; 562 u32 ctrl_frame_len; 563 bool ctrl_frame_stat; 564 565 spinlock_t txqlock; 566 wait_queue_head_t ctrl_wait; 567 wait_queue_head_t dcmd_resp_wait; 568 569 struct timer_list timer; 570 struct completion watchdog_wait; 571 struct task_struct *watchdog_tsk; 572 bool wd_timer_valid; 573 uint save_ms; 574 575 struct task_struct *dpc_tsk; 576 struct completion dpc_wait; 577 578 struct semaphore sdsem; 579 580 const struct firmware *firmware; 581 u32 fw_ptr; 582 583 bool txoff; /* Transmit flow-controlled */ 584}; 585 586/* clkstate */ 587#define CLK_NONE 0 588#define CLK_SDONLY 1 589#define CLK_PENDING 2 /* Not used yet */ 590#define CLK_AVAIL 3 591 592#ifdef DEBUG 593static int qcount[NUMPRIO]; 594static int tx_packets[NUMPRIO]; 595#endif /* DEBUG */ 596 597#define SDIO_DRIVE_STRENGTH 6 /* in milliamps */ 598 599#define RETRYCHAN(chan) ((chan) == SDPCM_EVENT_CHANNEL) 600 601/* Retry count for register access failures */ 602static const uint retry_limit = 2; 603 604/* Limit on rounding up frames */ 605static const uint max_roundup = 512; 606 607#define ALIGNMENT 4 608 609static void pkt_align(struct sk_buff *p, int len, int align) 610{ 611 uint datalign; 612 datalign = (unsigned long)(p->data); 613 datalign = roundup(datalign, (align)) - datalign; 614 if (datalign) 615 skb_pull(p, datalign); 616 __skb_trim(p, len); 617} 618 619/* To check if there's window offered */ 620static bool data_ok(struct brcmf_sdio *bus) 621{ 622 return (u8)(bus->tx_max - bus->tx_seq) != 0 && 623 ((u8)(bus->tx_max - bus->tx_seq) & 0x80) == 0; 624} 625 626/* 627 * Reads a register in the SDIO hardware block. This block occupies a series of 628 * adresses on the 32 bit backplane bus. 629 */ 630static void 631r_sdreg32(struct brcmf_sdio *bus, u32 *regvar, u32 reg_offset, u32 *retryvar) 632{ 633 u8 idx = brcmf_sdio_chip_getinfidx(bus->ci, BCMA_CORE_SDIO_DEV); 634 *retryvar = 0; 635 do { 636 *regvar = brcmf_sdcard_reg_read(bus->sdiodev, 637 bus->ci->c_inf[idx].base + reg_offset, 638 sizeof(u32)); 639 } while (brcmf_sdcard_regfail(bus->sdiodev) && 640 (++(*retryvar) <= retry_limit)); 641 if (*retryvar) { 642 bus->regfails += (*retryvar-1); 643 if (*retryvar > retry_limit) { 644 brcmf_dbg(ERROR, "FAILED READ %Xh\n", reg_offset); 645 *regvar = 0; 646 } 647 } 648} 649 650static void 651w_sdreg32(struct brcmf_sdio *bus, u32 regval, u32 reg_offset, u32 *retryvar) 652{ 653 u8 idx = brcmf_sdio_chip_getinfidx(bus->ci, BCMA_CORE_SDIO_DEV); 654 *retryvar = 0; 655 do { 656 brcmf_sdcard_reg_write(bus->sdiodev, 657 bus->ci->c_inf[idx].base + reg_offset, 658 sizeof(u32), regval); 659 } while (brcmf_sdcard_regfail(bus->sdiodev) && 660 (++(*retryvar) <= retry_limit)); 661 if (*retryvar) { 662 bus->regfails += (*retryvar-1); 663 if (*retryvar > retry_limit) 664 brcmf_dbg(ERROR, "FAILED REGISTER WRITE %Xh\n", 665 reg_offset); 666 } 667} 668 669#define PKT_AVAILABLE() (intstatus & I_HMB_FRAME_IND) 670 671#define HOSTINTMASK (I_HMB_SW_MASK | I_CHIPACTIVE) 672 673/* Packet free applicable unconditionally for sdio and sdspi. 674 * Conditional if bufpool was present for gspi bus. 675 */ 676static void brcmf_sdbrcm_pktfree2(struct brcmf_sdio *bus, struct sk_buff *pkt) 677{ 678 if (bus->usebufpool) 679 brcmu_pkt_buf_free_skb(pkt); 680} 681 682/* Turn backplane clock on or off */ 683static int brcmf_sdbrcm_htclk(struct brcmf_sdio *bus, bool on, bool pendok) 684{ 685 int err; 686 u8 clkctl, clkreq, devctl; 687 unsigned long timeout; 688 689 brcmf_dbg(TRACE, "Enter\n"); 690 691 clkctl = 0; 692 693 if (on) { 694 /* Request HT Avail */ 695 clkreq = 696 bus->alp_only ? SBSDIO_ALP_AVAIL_REQ : SBSDIO_HT_AVAIL_REQ; 697 698 brcmf_sdcard_cfg_write(bus->sdiodev, SDIO_FUNC_1, 699 SBSDIO_FUNC1_CHIPCLKCSR, clkreq, &err); 700 if (err) { 701 brcmf_dbg(ERROR, "HT Avail request error: %d\n", err); 702 return -EBADE; 703 } 704 705 /* Check current status */ 706 clkctl = brcmf_sdcard_cfg_read(bus->sdiodev, SDIO_FUNC_1, 707 SBSDIO_FUNC1_CHIPCLKCSR, &err); 708 if (err) { 709 brcmf_dbg(ERROR, "HT Avail read error: %d\n", err); 710 return -EBADE; 711 } 712 713 /* Go to pending and await interrupt if appropriate */ 714 if (!SBSDIO_CLKAV(clkctl, bus->alp_only) && pendok) { 715 /* Allow only clock-available interrupt */ 716 devctl = brcmf_sdcard_cfg_read(bus->sdiodev, 717 SDIO_FUNC_1, 718 SBSDIO_DEVICE_CTL, &err); 719 if (err) { 720 brcmf_dbg(ERROR, "Devctl error setting CA: %d\n", 721 err); 722 return -EBADE; 723 } 724 725 devctl |= SBSDIO_DEVCTL_CA_INT_ONLY; 726 brcmf_sdcard_cfg_write(bus->sdiodev, SDIO_FUNC_1, 727 SBSDIO_DEVICE_CTL, devctl, &err); 728 brcmf_dbg(INFO, "CLKCTL: set PENDING\n"); 729 bus->clkstate = CLK_PENDING; 730 731 return 0; 732 } else if (bus->clkstate == CLK_PENDING) { 733 /* Cancel CA-only interrupt filter */ 734 devctl = 735 brcmf_sdcard_cfg_read(bus->sdiodev, SDIO_FUNC_1, 736 SBSDIO_DEVICE_CTL, &err); 737 devctl &= ~SBSDIO_DEVCTL_CA_INT_ONLY; 738 brcmf_sdcard_cfg_write(bus->sdiodev, SDIO_FUNC_1, 739 SBSDIO_DEVICE_CTL, devctl, &err); 740 } 741 742 /* Otherwise, wait here (polling) for HT Avail */ 743 timeout = jiffies + 744 msecs_to_jiffies(PMU_MAX_TRANSITION_DLY/1000); 745 while (!SBSDIO_CLKAV(clkctl, bus->alp_only)) { 746 clkctl = brcmf_sdcard_cfg_read(bus->sdiodev, 747 SDIO_FUNC_1, 748 SBSDIO_FUNC1_CHIPCLKCSR, 749 &err); 750 if (time_after(jiffies, timeout)) 751 break; 752 else 753 usleep_range(5000, 10000); 754 } 755 if (err) { 756 brcmf_dbg(ERROR, "HT Avail request error: %d\n", err); 757 return -EBADE; 758 } 759 if (!SBSDIO_CLKAV(clkctl, bus->alp_only)) { 760 brcmf_dbg(ERROR, "HT Avail timeout (%d): clkctl 0x%02x\n", 761 PMU_MAX_TRANSITION_DLY, clkctl); 762 return -EBADE; 763 } 764 765 /* Mark clock available */ 766 bus->clkstate = CLK_AVAIL; 767 brcmf_dbg(INFO, "CLKCTL: turned ON\n"); 768 769#if defined(DEBUG) 770 if (bus->alp_only != true) { 771 if (SBSDIO_ALPONLY(clkctl)) 772 brcmf_dbg(ERROR, "HT Clock should be on\n"); 773 } 774#endif /* defined (DEBUG) */ 775 776 bus->activity = true; 777 } else { 778 clkreq = 0; 779 780 if (bus->clkstate == CLK_PENDING) { 781 /* Cancel CA-only interrupt filter */ 782 devctl = brcmf_sdcard_cfg_read(bus->sdiodev, 783 SDIO_FUNC_1, 784 SBSDIO_DEVICE_CTL, &err); 785 devctl &= ~SBSDIO_DEVCTL_CA_INT_ONLY; 786 brcmf_sdcard_cfg_write(bus->sdiodev, SDIO_FUNC_1, 787 SBSDIO_DEVICE_CTL, devctl, &err); 788 } 789 790 bus->clkstate = CLK_SDONLY; 791 brcmf_sdcard_cfg_write(bus->sdiodev, SDIO_FUNC_1, 792 SBSDIO_FUNC1_CHIPCLKCSR, clkreq, &err); 793 brcmf_dbg(INFO, "CLKCTL: turned OFF\n"); 794 if (err) { 795 brcmf_dbg(ERROR, "Failed access turning clock off: %d\n", 796 err); 797 return -EBADE; 798 } 799 } 800 return 0; 801} 802 803/* Change idle/active SD state */ 804static int brcmf_sdbrcm_sdclk(struct brcmf_sdio *bus, bool on) 805{ 806 brcmf_dbg(TRACE, "Enter\n"); 807 808 if (on) 809 bus->clkstate = CLK_SDONLY; 810 else 811 bus->clkstate = CLK_NONE; 812 813 return 0; 814} 815 816/* Transition SD and backplane clock readiness */ 817static int brcmf_sdbrcm_clkctl(struct brcmf_sdio *bus, uint target, bool pendok) 818{ 819#ifdef DEBUG 820 uint oldstate = bus->clkstate; 821#endif /* DEBUG */ 822 823 brcmf_dbg(TRACE, "Enter\n"); 824 825 /* Early exit if we're already there */ 826 if (bus->clkstate == target) { 827 if (target == CLK_AVAIL) { 828 brcmf_sdbrcm_wd_timer(bus, BRCMF_WD_POLL_MS); 829 bus->activity = true; 830 } 831 return 0; 832 } 833 834 switch (target) { 835 case CLK_AVAIL: 836 /* Make sure SD clock is available */ 837 if (bus->clkstate == CLK_NONE) 838 brcmf_sdbrcm_sdclk(bus, true); 839 /* Now request HT Avail on the backplane */ 840 brcmf_sdbrcm_htclk(bus, true, pendok); 841 brcmf_sdbrcm_wd_timer(bus, BRCMF_WD_POLL_MS); 842 bus->activity = true; 843 break; 844 845 case CLK_SDONLY: 846 /* Remove HT request, or bring up SD clock */ 847 if (bus->clkstate == CLK_NONE) 848 brcmf_sdbrcm_sdclk(bus, true); 849 else if (bus->clkstate == CLK_AVAIL) 850 brcmf_sdbrcm_htclk(bus, false, false); 851 else 852 brcmf_dbg(ERROR, "request for %d -> %d\n", 853 bus->clkstate, target); 854 brcmf_sdbrcm_wd_timer(bus, BRCMF_WD_POLL_MS); 855 break; 856 857 case CLK_NONE: 858 /* Make sure to remove HT request */ 859 if (bus->clkstate == CLK_AVAIL) 860 brcmf_sdbrcm_htclk(bus, false, false); 861 /* Now remove the SD clock */ 862 brcmf_sdbrcm_sdclk(bus, false); 863 brcmf_sdbrcm_wd_timer(bus, 0); 864 break; 865 } 866#ifdef DEBUG 867 brcmf_dbg(INFO, "%d -> %d\n", oldstate, bus->clkstate); 868#endif /* DEBUG */ 869 870 return 0; 871} 872 873static int brcmf_sdbrcm_bussleep(struct brcmf_sdio *bus, bool sleep) 874{ 875 uint retries = 0; 876 877 brcmf_dbg(INFO, "request %s (currently %s)\n", 878 sleep ? "SLEEP" : "WAKE", 879 bus->sleeping ? "SLEEP" : "WAKE"); 880 881 /* Done if we're already in the requested state */ 882 if (sleep == bus->sleeping) 883 return 0; 884 885 /* Going to sleep: set the alarm and turn off the lights... */ 886 if (sleep) { 887 /* Don't sleep if something is pending */ 888 if (bus->dpc_sched || bus->rxskip || pktq_len(&bus->txq)) 889 return -EBUSY; 890 891 /* Make sure the controller has the bus up */ 892 brcmf_sdbrcm_clkctl(bus, CLK_AVAIL, false); 893 894 /* Tell device to start using OOB wakeup */ 895 w_sdreg32(bus, SMB_USE_OOB, 896 offsetof(struct sdpcmd_regs, tosbmailbox), &retries); 897 if (retries > retry_limit) 898 brcmf_dbg(ERROR, "CANNOT SIGNAL CHIP, WILL NOT WAKE UP!!\n"); 899 900 /* Turn off our contribution to the HT clock request */ 901 brcmf_sdbrcm_clkctl(bus, CLK_SDONLY, false); 902 903 brcmf_sdcard_cfg_write(bus->sdiodev, SDIO_FUNC_1, 904 SBSDIO_FUNC1_CHIPCLKCSR, 905 SBSDIO_FORCE_HW_CLKREQ_OFF, NULL); 906 907 /* Isolate the bus */ 908 brcmf_sdcard_cfg_write(bus->sdiodev, SDIO_FUNC_1, 909 SBSDIO_DEVICE_CTL, 910 SBSDIO_DEVCTL_PADS_ISO, NULL); 911 912 /* Change state */ 913 bus->sleeping = true; 914 915 } else { 916 /* Waking up: bus power up is ok, set local state */ 917 918 brcmf_sdcard_cfg_write(bus->sdiodev, SDIO_FUNC_1, 919 SBSDIO_FUNC1_CHIPCLKCSR, 0, NULL); 920 921 /* Make sure the controller has the bus up */ 922 brcmf_sdbrcm_clkctl(bus, CLK_AVAIL, false); 923 924 /* Send misc interrupt to indicate OOB not needed */ 925 w_sdreg32(bus, 0, offsetof(struct sdpcmd_regs, tosbmailboxdata), 926 &retries); 927 if (retries <= retry_limit) 928 w_sdreg32(bus, SMB_DEV_INT, 929 offsetof(struct sdpcmd_regs, tosbmailbox), 930 &retries); 931 932 if (retries > retry_limit) 933 brcmf_dbg(ERROR, "CANNOT SIGNAL CHIP TO CLEAR OOB!!\n"); 934 935 /* Make sure we have SD bus access */ 936 brcmf_sdbrcm_clkctl(bus, CLK_SDONLY, false); 937 938 /* Change state */ 939 bus->sleeping = false; 940 } 941 942 return 0; 943} 944 945static void bus_wake(struct brcmf_sdio *bus) 946{ 947 if (bus->sleeping) 948 brcmf_sdbrcm_bussleep(bus, false); 949} 950 951static u32 brcmf_sdbrcm_hostmail(struct brcmf_sdio *bus) 952{ 953 u32 intstatus = 0; 954 u32 hmb_data; 955 u8 fcbits; 956 uint retries = 0; 957 958 brcmf_dbg(TRACE, "Enter\n"); 959 960 /* Read mailbox data and ack that we did so */ 961 r_sdreg32(bus, &hmb_data, 962 offsetof(struct sdpcmd_regs, tohostmailboxdata), &retries); 963 964 if (retries <= retry_limit) 965 w_sdreg32(bus, SMB_INT_ACK, 966 offsetof(struct sdpcmd_regs, tosbmailbox), &retries); 967 bus->f1regdata += 2; 968 969 /* Dongle recomposed rx frames, accept them again */ 970 if (hmb_data & HMB_DATA_NAKHANDLED) { 971 brcmf_dbg(INFO, "Dongle reports NAK handled, expect rtx of %d\n", 972 bus->rx_seq); 973 if (!bus->rxskip) 974 brcmf_dbg(ERROR, "unexpected NAKHANDLED!\n"); 975 976 bus->rxskip = false; 977 intstatus |= I_HMB_FRAME_IND; 978 } 979 980 /* 981 * DEVREADY does not occur with gSPI. 982 */ 983 if (hmb_data & (HMB_DATA_DEVREADY | HMB_DATA_FWREADY)) { 984 bus->sdpcm_ver = 985 (hmb_data & HMB_DATA_VERSION_MASK) >> 986 HMB_DATA_VERSION_SHIFT; 987 if (bus->sdpcm_ver != SDPCM_PROT_VERSION) 988 brcmf_dbg(ERROR, "Version mismatch, dongle reports %d, " 989 "expecting %d\n", 990 bus->sdpcm_ver, SDPCM_PROT_VERSION); 991 else 992 brcmf_dbg(INFO, "Dongle ready, protocol version %d\n", 993 bus->sdpcm_ver); 994 } 995 996 /* 997 * Flow Control has been moved into the RX headers and this out of band 998 * method isn't used any more. 999 * remaining backward compatible with older dongles. 1000 */ 1001 if (hmb_data & HMB_DATA_FC) { 1002 fcbits = (hmb_data & HMB_DATA_FCDATA_MASK) >> 1003 HMB_DATA_FCDATA_SHIFT; 1004 1005 if (fcbits & ~bus->flowcontrol) 1006 bus->fc_xoff++; 1007 1008 if (bus->flowcontrol & ~fcbits) 1009 bus->fc_xon++; 1010 1011 bus->fc_rcvd++; 1012 bus->flowcontrol = fcbits; 1013 } 1014 1015 /* Shouldn't be any others */ 1016 if (hmb_data & ~(HMB_DATA_DEVREADY | 1017 HMB_DATA_NAKHANDLED | 1018 HMB_DATA_FC | 1019 HMB_DATA_FWREADY | 1020 HMB_DATA_FCDATA_MASK | HMB_DATA_VERSION_MASK)) 1021 brcmf_dbg(ERROR, "Unknown mailbox data content: 0x%02x\n", 1022 hmb_data); 1023 1024 return intstatus; 1025} 1026 1027static void brcmf_sdbrcm_rxfail(struct brcmf_sdio *bus, bool abort, bool rtx) 1028{ 1029 uint retries = 0; 1030 u16 lastrbc; 1031 u8 hi, lo; 1032 int err; 1033 1034 brcmf_dbg(ERROR, "%sterminate frame%s\n", 1035 abort ? "abort command, " : "", 1036 rtx ? ", send NAK" : ""); 1037 1038 if (abort) 1039 brcmf_sdcard_abort(bus->sdiodev, SDIO_FUNC_2); 1040 1041 brcmf_sdcard_cfg_write(bus->sdiodev, SDIO_FUNC_1, 1042 SBSDIO_FUNC1_FRAMECTRL, 1043 SFC_RF_TERM, &err); 1044 bus->f1regdata++; 1045 1046 /* Wait until the packet has been flushed (device/FIFO stable) */ 1047 for (lastrbc = retries = 0xffff; retries > 0; retries--) { 1048 hi = brcmf_sdcard_cfg_read(bus->sdiodev, SDIO_FUNC_1, 1049 SBSDIO_FUNC1_RFRAMEBCHI, NULL); 1050 lo = brcmf_sdcard_cfg_read(bus->sdiodev, SDIO_FUNC_1, 1051 SBSDIO_FUNC1_RFRAMEBCLO, NULL); 1052 bus->f1regdata += 2; 1053 1054 if ((hi == 0) && (lo == 0)) 1055 break; 1056 1057 if ((hi > (lastrbc >> 8)) && (lo > (lastrbc & 0x00ff))) { 1058 brcmf_dbg(ERROR, "count growing: last 0x%04x now 0x%04x\n", 1059 lastrbc, (hi << 8) + lo); 1060 } 1061 lastrbc = (hi << 8) + lo; 1062 } 1063 1064 if (!retries) 1065 brcmf_dbg(ERROR, "count never zeroed: last 0x%04x\n", lastrbc); 1066 else 1067 brcmf_dbg(INFO, "flush took %d iterations\n", 0xffff - retries); 1068 1069 if (rtx) { 1070 bus->rxrtx++; 1071 w_sdreg32(bus, SMB_NAK, 1072 offsetof(struct sdpcmd_regs, tosbmailbox), &retries); 1073 1074 bus->f1regdata++; 1075 if (retries <= retry_limit) 1076 bus->rxskip = true; 1077 } 1078 1079 /* Clear partial in any case */ 1080 bus->nextlen = 0; 1081 1082 /* If we can't reach the device, signal failure */ 1083 if (err || brcmf_sdcard_regfail(bus->sdiodev)) 1084 bus->sdiodev->bus_if->state = BRCMF_BUS_DOWN; 1085} 1086 1087/* copy a buffer into a pkt buffer chain */ 1088static uint brcmf_sdbrcm_glom_from_buf(struct brcmf_sdio *bus, uint len) 1089{ 1090 uint n, ret = 0; 1091 struct sk_buff *p; 1092 u8 *buf; 1093 1094 buf = bus->dataptr; 1095 1096 /* copy the data */ 1097 skb_queue_walk(&bus->glom, p) { 1098 n = min_t(uint, p->len, len); 1099 memcpy(p->data, buf, n); 1100 buf += n; 1101 len -= n; 1102 ret += n; 1103 if (!len) 1104 break; 1105 } 1106 1107 return ret; 1108} 1109 1110/* return total length of buffer chain */ 1111static uint brcmf_sdbrcm_glom_len(struct brcmf_sdio *bus) 1112{ 1113 struct sk_buff *p; 1114 uint total; 1115 1116 total = 0; 1117 skb_queue_walk(&bus->glom, p) 1118 total += p->len; 1119 return total; 1120} 1121 1122static void brcmf_sdbrcm_free_glom(struct brcmf_sdio *bus) 1123{ 1124 struct sk_buff *cur, *next; 1125 1126 skb_queue_walk_safe(&bus->glom, cur, next) { 1127 skb_unlink(cur, &bus->glom); 1128 brcmu_pkt_buf_free_skb(cur); 1129 } 1130} 1131 1132static u8 brcmf_sdbrcm_rxglom(struct brcmf_sdio *bus, u8 rxseq) 1133{ 1134 u16 dlen, totlen; 1135 u8 *dptr, num = 0; 1136 1137 u16 sublen, check; 1138 struct sk_buff *pfirst, *pnext; 1139 1140 int errcode; 1141 u8 chan, seq, doff, sfdoff; 1142 u8 txmax; 1143 1144 int ifidx = 0; 1145 bool usechain = bus->use_rxchain; 1146 1147 /* If packets, issue read(s) and send up packet chain */ 1148 /* Return sequence numbers consumed? */ 1149 1150 brcmf_dbg(TRACE, "start: glomd %p glom %p\n", 1151 bus->glomd, skb_peek(&bus->glom)); 1152 1153 /* If there's a descriptor, generate the packet chain */ 1154 if (bus->glomd) { 1155 pfirst = pnext = NULL; 1156 dlen = (u16) (bus->glomd->len); 1157 dptr = bus->glomd->data; 1158 if (!dlen || (dlen & 1)) { 1159 brcmf_dbg(ERROR, "bad glomd len(%d), ignore descriptor\n", 1160 dlen); 1161 dlen = 0; 1162 } 1163 1164 for (totlen = num = 0; dlen; num++) { 1165 /* Get (and move past) next length */ 1166 sublen = get_unaligned_le16(dptr); 1167 dlen -= sizeof(u16); 1168 dptr += sizeof(u16); 1169 if ((sublen < SDPCM_HDRLEN) || 1170 ((num == 0) && (sublen < (2 * SDPCM_HDRLEN)))) { 1171 brcmf_dbg(ERROR, "descriptor len %d bad: %d\n", 1172 num, sublen); 1173 pnext = NULL; 1174 break; 1175 } 1176 if (sublen % BRCMF_SDALIGN) { 1177 brcmf_dbg(ERROR, "sublen %d not multiple of %d\n", 1178 sublen, BRCMF_SDALIGN); 1179 usechain = false; 1180 } 1181 totlen += sublen; 1182 1183 /* For last frame, adjust read len so total 1184 is a block multiple */ 1185 if (!dlen) { 1186 sublen += 1187 (roundup(totlen, bus->blocksize) - totlen); 1188 totlen = roundup(totlen, bus->blocksize); 1189 } 1190 1191 /* Allocate/chain packet for next subframe */ 1192 pnext = brcmu_pkt_buf_get_skb(sublen + BRCMF_SDALIGN); 1193 if (pnext == NULL) { 1194 brcmf_dbg(ERROR, "bcm_pkt_buf_get_skb failed, num %d len %d\n", 1195 num, sublen); 1196 break; 1197 } 1198 skb_queue_tail(&bus->glom, pnext); 1199 1200 /* Adhere to start alignment requirements */ 1201 pkt_align(pnext, sublen, BRCMF_SDALIGN); 1202 } 1203 1204 /* If all allocations succeeded, save packet chain 1205 in bus structure */ 1206 if (pnext) { 1207 brcmf_dbg(GLOM, "allocated %d-byte packet chain for %d subframes\n", 1208 totlen, num); 1209 if (BRCMF_GLOM_ON() && bus->nextlen && 1210 totlen != bus->nextlen) { 1211 brcmf_dbg(GLOM, "glomdesc mismatch: nextlen %d glomdesc %d rxseq %d\n", 1212 bus->nextlen, totlen, rxseq); 1213 } 1214 pfirst = pnext = NULL; 1215 } else { 1216 brcmf_sdbrcm_free_glom(bus); 1217 num = 0; 1218 } 1219 1220 /* Done with descriptor packet */ 1221 brcmu_pkt_buf_free_skb(bus->glomd); 1222 bus->glomd = NULL; 1223 bus->nextlen = 0; 1224 } 1225 1226 /* Ok -- either we just generated a packet chain, 1227 or had one from before */ 1228 if (!skb_queue_empty(&bus->glom)) { 1229 if (BRCMF_GLOM_ON()) { 1230 brcmf_dbg(GLOM, "try superframe read, packet chain:\n"); 1231 skb_queue_walk(&bus->glom, pnext) { 1232 brcmf_dbg(GLOM, " %p: %p len 0x%04x (%d)\n", 1233 pnext, (u8 *) (pnext->data), 1234 pnext->len, pnext->len); 1235 } 1236 } 1237 1238 pfirst = skb_peek(&bus->glom); 1239 dlen = (u16) brcmf_sdbrcm_glom_len(bus); 1240 1241 /* Do an SDIO read for the superframe. Configurable iovar to 1242 * read directly into the chained packet, or allocate a large 1243 * packet and and copy into the chain. 1244 */ 1245 if (usechain) { 1246 errcode = brcmf_sdcard_recv_chain(bus->sdiodev, 1247 bus->sdiodev->sbwad, 1248 SDIO_FUNC_2, F2SYNC, &bus->glom); 1249 } else if (bus->dataptr) { 1250 errcode = brcmf_sdcard_recv_buf(bus->sdiodev, 1251 bus->sdiodev->sbwad, 1252 SDIO_FUNC_2, F2SYNC, 1253 bus->dataptr, dlen); 1254 sublen = (u16) brcmf_sdbrcm_glom_from_buf(bus, dlen); 1255 if (sublen != dlen) { 1256 brcmf_dbg(ERROR, "FAILED TO COPY, dlen %d sublen %d\n", 1257 dlen, sublen); 1258 errcode = -1; 1259 } 1260 pnext = NULL; 1261 } else { 1262 brcmf_dbg(ERROR, "COULDN'T ALLOC %d-BYTE GLOM, FORCE FAILURE\n", 1263 dlen); 1264 errcode = -1; 1265 } 1266 bus->f2rxdata++; 1267 1268 /* On failure, kill the superframe, allow a couple retries */ 1269 if (errcode < 0) { 1270 brcmf_dbg(ERROR, "glom read of %d bytes failed: %d\n", 1271 dlen, errcode); 1272 bus->sdiodev->bus_if->dstats.rx_errors++; 1273 1274 if (bus->glomerr++ < 3) { 1275 brcmf_sdbrcm_rxfail(bus, true, true); 1276 } else { 1277 bus->glomerr = 0; 1278 brcmf_sdbrcm_rxfail(bus, true, false); 1279 bus->rxglomfail++; 1280 brcmf_sdbrcm_free_glom(bus); 1281 } 1282 return 0; 1283 } 1284 1285 brcmf_dbg_hex_dump(BRCMF_GLOM_ON(), 1286 pfirst->data, min_t(int, pfirst->len, 48), 1287 "SUPERFRAME:\n"); 1288 1289 /* Validate the superframe header */ 1290 dptr = (u8 *) (pfirst->data); 1291 sublen = get_unaligned_le16(dptr); 1292 check = get_unaligned_le16(dptr + sizeof(u16)); 1293 1294 chan = SDPCM_PACKET_CHANNEL(&dptr[SDPCM_FRAMETAG_LEN]); 1295 seq = SDPCM_PACKET_SEQUENCE(&dptr[SDPCM_FRAMETAG_LEN]); 1296 bus->nextlen = dptr[SDPCM_FRAMETAG_LEN + SDPCM_NEXTLEN_OFFSET]; 1297 if ((bus->nextlen << 4) > MAX_RX_DATASZ) { 1298 brcmf_dbg(INFO, "nextlen too large (%d) seq %d\n", 1299 bus->nextlen, seq); 1300 bus->nextlen = 0; 1301 } 1302 doff = SDPCM_DOFFSET_VALUE(&dptr[SDPCM_FRAMETAG_LEN]); 1303 txmax = SDPCM_WINDOW_VALUE(&dptr[SDPCM_FRAMETAG_LEN]); 1304 1305 errcode = 0; 1306 if ((u16)~(sublen ^ check)) { 1307 brcmf_dbg(ERROR, "(superframe): HW hdr error: len/check 0x%04x/0x%04x\n", 1308 sublen, check); 1309 errcode = -1; 1310 } else if (roundup(sublen, bus->blocksize) != dlen) { 1311 brcmf_dbg(ERROR, "(superframe): len 0x%04x, rounded 0x%04x, expect 0x%04x\n", 1312 sublen, roundup(sublen, bus->blocksize), 1313 dlen); 1314 errcode = -1; 1315 } else if (SDPCM_PACKET_CHANNEL(&dptr[SDPCM_FRAMETAG_LEN]) != 1316 SDPCM_GLOM_CHANNEL) { 1317 brcmf_dbg(ERROR, "(superframe): bad channel %d\n", 1318 SDPCM_PACKET_CHANNEL( 1319 &dptr[SDPCM_FRAMETAG_LEN])); 1320 errcode = -1; 1321 } else if (SDPCM_GLOMDESC(&dptr[SDPCM_FRAMETAG_LEN])) { 1322 brcmf_dbg(ERROR, "(superframe): got 2nd descriptor?\n"); 1323 errcode = -1; 1324 } else if ((doff < SDPCM_HDRLEN) || 1325 (doff > (pfirst->len - SDPCM_HDRLEN))) { 1326 brcmf_dbg(ERROR, "(superframe): Bad data offset %d: HW %d pkt %d min %d\n", 1327 doff, sublen, pfirst->len, SDPCM_HDRLEN); 1328 errcode = -1; 1329 } 1330 1331 /* Check sequence number of superframe SW header */ 1332 if (rxseq != seq) { 1333 brcmf_dbg(INFO, "(superframe) rx_seq %d, expected %d\n", 1334 seq, rxseq); 1335 bus->rx_badseq++; 1336 rxseq = seq; 1337 } 1338 1339 /* Check window for sanity */ 1340 if ((u8) (txmax - bus->tx_seq) > 0x40) { 1341 brcmf_dbg(ERROR, "unlikely tx max %d with tx_seq %d\n", 1342 txmax, bus->tx_seq); 1343 txmax = bus->tx_seq + 2; 1344 } 1345 bus->tx_max = txmax; 1346 1347 /* Remove superframe header, remember offset */ 1348 skb_pull(pfirst, doff); 1349 sfdoff = doff; 1350 num = 0; 1351 1352 /* Validate all the subframe headers */ 1353 skb_queue_walk(&bus->glom, pnext) { 1354 /* leave when invalid subframe is found */ 1355 if (errcode) 1356 break; 1357 1358 dptr = (u8 *) (pnext->data); 1359 dlen = (u16) (pnext->len); 1360 sublen = get_unaligned_le16(dptr); 1361 check = get_unaligned_le16(dptr + sizeof(u16)); 1362 chan = SDPCM_PACKET_CHANNEL(&dptr[SDPCM_FRAMETAG_LEN]); 1363 doff = SDPCM_DOFFSET_VALUE(&dptr[SDPCM_FRAMETAG_LEN]); 1364 brcmf_dbg_hex_dump(BRCMF_GLOM_ON(), 1365 dptr, 32, "subframe:\n"); 1366 1367 if ((u16)~(sublen ^ check)) { 1368 brcmf_dbg(ERROR, "(subframe %d): HW hdr error: len/check 0x%04x/0x%04x\n", 1369 num, sublen, check); 1370 errcode = -1; 1371 } else if ((sublen > dlen) || (sublen < SDPCM_HDRLEN)) { 1372 brcmf_dbg(ERROR, "(subframe %d): length mismatch: len 0x%04x, expect 0x%04x\n", 1373 num, sublen, dlen); 1374 errcode = -1; 1375 } else if ((chan != SDPCM_DATA_CHANNEL) && 1376 (chan != SDPCM_EVENT_CHANNEL)) { 1377 brcmf_dbg(ERROR, "(subframe %d): bad channel %d\n", 1378 num, chan); 1379 errcode = -1; 1380 } else if ((doff < SDPCM_HDRLEN) || (doff > sublen)) { 1381 brcmf_dbg(ERROR, "(subframe %d): Bad data offset %d: HW %d min %d\n", 1382 num, doff, sublen, SDPCM_HDRLEN); 1383 errcode = -1; 1384 } 1385 /* increase the subframe count */ 1386 num++; 1387 } 1388 1389 if (errcode) { 1390 /* Terminate frame on error, request 1391 a couple retries */ 1392 if (bus->glomerr++ < 3) { 1393 /* Restore superframe header space */ 1394 skb_push(pfirst, sfdoff); 1395 brcmf_sdbrcm_rxfail(bus, true, true); 1396 } else { 1397 bus->glomerr = 0; 1398 brcmf_sdbrcm_rxfail(bus, true, false); 1399 bus->rxglomfail++; 1400 brcmf_sdbrcm_free_glom(bus); 1401 } 1402 bus->nextlen = 0; 1403 return 0; 1404 } 1405 1406 /* Basic SD framing looks ok - process each packet (header) */ 1407 1408 skb_queue_walk_safe(&bus->glom, pfirst, pnext) { 1409 dptr = (u8 *) (pfirst->data); 1410 sublen = get_unaligned_le16(dptr); 1411 chan = SDPCM_PACKET_CHANNEL(&dptr[SDPCM_FRAMETAG_LEN]); 1412 seq = SDPCM_PACKET_SEQUENCE(&dptr[SDPCM_FRAMETAG_LEN]); 1413 doff = SDPCM_DOFFSET_VALUE(&dptr[SDPCM_FRAMETAG_LEN]); 1414 1415 brcmf_dbg(GLOM, "Get subframe %d, %p(%p/%d), sublen %d chan %d seq %d\n", 1416 num, pfirst, pfirst->data, 1417 pfirst->len, sublen, chan, seq); 1418 1419 /* precondition: chan == SDPCM_DATA_CHANNEL || 1420 chan == SDPCM_EVENT_CHANNEL */ 1421 1422 if (rxseq != seq) { 1423 brcmf_dbg(GLOM, "rx_seq %d, expected %d\n", 1424 seq, rxseq); 1425 bus->rx_badseq++; 1426 rxseq = seq; 1427 } 1428 rxseq++; 1429 1430 brcmf_dbg_hex_dump(BRCMF_BYTES_ON() && BRCMF_DATA_ON(), 1431 dptr, dlen, "Rx Subframe Data:\n"); 1432 1433 __skb_trim(pfirst, sublen); 1434 skb_pull(pfirst, doff); 1435 1436 if (pfirst->len == 0) { 1437 skb_unlink(pfirst, &bus->glom); 1438 brcmu_pkt_buf_free_skb(pfirst); 1439 continue; 1440 } else if (brcmf_proto_hdrpull(bus->sdiodev->dev, 1441 &ifidx, pfirst) != 0) { 1442 brcmf_dbg(ERROR, "rx protocol error\n"); 1443 bus->sdiodev->bus_if->dstats.rx_errors++; 1444 skb_unlink(pfirst, &bus->glom); 1445 brcmu_pkt_buf_free_skb(pfirst); 1446 continue; 1447 } 1448 1449 brcmf_dbg_hex_dump(BRCMF_GLOM_ON(), 1450 pfirst->data, 1451 min_t(int, pfirst->len, 32), 1452 "subframe %d to stack, %p (%p/%d) nxt/lnk %p/%p\n", 1453 bus->glom.qlen, pfirst, pfirst->data, 1454 pfirst->len, pfirst->next, 1455 pfirst->prev); 1456 } 1457 /* sent any remaining packets up */ 1458 if (bus->glom.qlen) { 1459 up(&bus->sdsem); 1460 brcmf_rx_frame(bus->sdiodev->dev, ifidx, &bus->glom); 1461 down(&bus->sdsem); 1462 } 1463 1464 bus->rxglomframes++; 1465 bus->rxglompkts += bus->glom.qlen; 1466 } 1467 return num; 1468} 1469 1470static int brcmf_sdbrcm_dcmd_resp_wait(struct brcmf_sdio *bus, uint *condition, 1471 bool *pending) 1472{ 1473 DECLARE_WAITQUEUE(wait, current); 1474 int timeout = msecs_to_jiffies(DCMD_RESP_TIMEOUT); 1475 1476 /* Wait until control frame is available */ 1477 add_wait_queue(&bus->dcmd_resp_wait, &wait); 1478 set_current_state(TASK_INTERRUPTIBLE); 1479 1480 while (!(*condition) && (!signal_pending(current) && timeout)) 1481 timeout = schedule_timeout(timeout); 1482 1483 if (signal_pending(current)) 1484 *pending = true; 1485 1486 set_current_state(TASK_RUNNING); 1487 remove_wait_queue(&bus->dcmd_resp_wait, &wait); 1488 1489 return timeout; 1490} 1491 1492static int brcmf_sdbrcm_dcmd_resp_wake(struct brcmf_sdio *bus) 1493{ 1494 if (waitqueue_active(&bus->dcmd_resp_wait)) 1495 wake_up_interruptible(&bus->dcmd_resp_wait); 1496 1497 return 0; 1498} 1499static void 1500brcmf_sdbrcm_read_control(struct brcmf_sdio *bus, u8 *hdr, uint len, uint doff) 1501{ 1502 uint rdlen, pad; 1503 1504 int sdret; 1505 1506 brcmf_dbg(TRACE, "Enter\n"); 1507 1508 /* Set rxctl for frame (w/optional alignment) */ 1509 bus->rxctl = bus->rxbuf; 1510 bus->rxctl += BRCMF_FIRSTREAD; 1511 pad = ((unsigned long)bus->rxctl % BRCMF_SDALIGN); 1512 if (pad) 1513 bus->rxctl += (BRCMF_SDALIGN - pad); 1514 bus->rxctl -= BRCMF_FIRSTREAD; 1515 1516 /* Copy the already-read portion over */ 1517 memcpy(bus->rxctl, hdr, BRCMF_FIRSTREAD); 1518 if (len <= BRCMF_FIRSTREAD) 1519 goto gotpkt; 1520 1521 /* Raise rdlen to next SDIO block to avoid tail command */ 1522 rdlen = len - BRCMF_FIRSTREAD; 1523 if (bus->roundup && bus->blocksize && (rdlen > bus->blocksize)) { 1524 pad = bus->blocksize - (rdlen % bus->blocksize); 1525 if ((pad <= bus->roundup) && (pad < bus->blocksize) && 1526 ((len + pad) < bus->sdiodev->bus_if->maxctl)) 1527 rdlen += pad; 1528 } else if (rdlen % BRCMF_SDALIGN) { 1529 rdlen += BRCMF_SDALIGN - (rdlen % BRCMF_SDALIGN); 1530 } 1531 1532 /* Satisfy length-alignment requirements */ 1533 if (rdlen & (ALIGNMENT - 1)) 1534 rdlen = roundup(rdlen, ALIGNMENT); 1535 1536 /* Drop if the read is too big or it exceeds our maximum */ 1537 if ((rdlen + BRCMF_FIRSTREAD) > bus->sdiodev->bus_if->maxctl) { 1538 brcmf_dbg(ERROR, "%d-byte control read exceeds %d-byte buffer\n", 1539 rdlen, bus->sdiodev->bus_if->maxctl); 1540 bus->sdiodev->bus_if->dstats.rx_errors++; 1541 brcmf_sdbrcm_rxfail(bus, false, false); 1542 goto done; 1543 } 1544 1545 if ((len - doff) > bus->sdiodev->bus_if->maxctl) { 1546 brcmf_dbg(ERROR, "%d-byte ctl frame (%d-byte ctl data) exceeds %d-byte limit\n", 1547 len, len - doff, bus->sdiodev->bus_if->maxctl); 1548 bus->sdiodev->bus_if->dstats.rx_errors++; 1549 bus->rx_toolong++; 1550 brcmf_sdbrcm_rxfail(bus, false, false); 1551 goto done; 1552 } 1553 1554 /* Read remainder of frame body into the rxctl buffer */ 1555 sdret = brcmf_sdcard_recv_buf(bus->sdiodev, 1556 bus->sdiodev->sbwad, 1557 SDIO_FUNC_2, 1558 F2SYNC, (bus->rxctl + BRCMF_FIRSTREAD), rdlen); 1559 bus->f2rxdata++; 1560 1561 /* Control frame failures need retransmission */ 1562 if (sdret < 0) { 1563 brcmf_dbg(ERROR, "read %d control bytes failed: %d\n", 1564 rdlen, sdret); 1565 bus->rxc_errors++; 1566 brcmf_sdbrcm_rxfail(bus, true, true); 1567 goto done; 1568 } 1569 1570gotpkt: 1571 1572 brcmf_dbg_hex_dump(BRCMF_BYTES_ON() && BRCMF_CTL_ON(), 1573 bus->rxctl, len, "RxCtrl:\n"); 1574 1575 /* Point to valid data and indicate its length */ 1576 bus->rxctl += doff; 1577 bus->rxlen = len - doff; 1578 1579done: 1580 /* Awake any waiters */ 1581 brcmf_sdbrcm_dcmd_resp_wake(bus); 1582} 1583 1584/* Pad read to blocksize for efficiency */ 1585static void brcmf_pad(struct brcmf_sdio *bus, u16 *pad, u16 *rdlen) 1586{ 1587 if (bus->roundup && bus->blocksize && *rdlen > bus->blocksize) { 1588 *pad = bus->blocksize - (*rdlen % bus->blocksize); 1589 if (*pad <= bus->roundup && *pad < bus->blocksize && 1590 *rdlen + *pad + BRCMF_FIRSTREAD < MAX_RX_DATASZ) 1591 *rdlen += *pad; 1592 } else if (*rdlen % BRCMF_SDALIGN) { 1593 *rdlen += BRCMF_SDALIGN - (*rdlen % BRCMF_SDALIGN); 1594 } 1595} 1596 1597static void 1598brcmf_alloc_pkt_and_read(struct brcmf_sdio *bus, u16 rdlen, 1599 struct sk_buff **pkt, u8 **rxbuf) 1600{ 1601 int sdret; /* Return code from calls */ 1602 1603 *pkt = brcmu_pkt_buf_get_skb(rdlen + BRCMF_SDALIGN); 1604 if (*pkt == NULL) 1605 return; 1606 1607 pkt_align(*pkt, rdlen, BRCMF_SDALIGN); 1608 *rxbuf = (u8 *) ((*pkt)->data); 1609 /* Read the entire frame */ 1610 sdret = brcmf_sdcard_recv_pkt(bus->sdiodev, bus->sdiodev->sbwad, 1611 SDIO_FUNC_2, F2SYNC, *pkt); 1612 bus->f2rxdata++; 1613 1614 if (sdret < 0) { 1615 brcmf_dbg(ERROR, "(nextlen): read %d bytes failed: %d\n", 1616 rdlen, sdret); 1617 brcmu_pkt_buf_free_skb(*pkt); 1618 bus->sdiodev->bus_if->dstats.rx_errors++; 1619 /* Force retry w/normal header read. 1620 * Don't attempt NAK for 1621 * gSPI 1622 */ 1623 brcmf_sdbrcm_rxfail(bus, true, true); 1624 *pkt = NULL; 1625 } 1626} 1627 1628/* Checks the header */ 1629static int 1630brcmf_check_rxbuf(struct brcmf_sdio *bus, struct sk_buff *pkt, u8 *rxbuf, 1631 u8 rxseq, u16 nextlen, u16 *len) 1632{ 1633 u16 check; 1634 bool len_consistent; /* Result of comparing readahead len and 1635 len from hw-hdr */ 1636 1637 memcpy(bus->rxhdr, rxbuf, SDPCM_HDRLEN); 1638 1639 /* Extract hardware header fields */ 1640 *len = get_unaligned_le16(bus->rxhdr); 1641 check = get_unaligned_le16(bus->rxhdr + sizeof(u16)); 1642 1643 /* All zeros means readahead info was bad */ 1644 if (!(*len | check)) { 1645 brcmf_dbg(INFO, "(nextlen): read zeros in HW header???\n"); 1646 goto fail; 1647 } 1648 1649 /* Validate check bytes */ 1650 if ((u16)~(*len ^ check)) { 1651 brcmf_dbg(ERROR, "(nextlen): HW hdr error: nextlen/len/check 0x%04x/0x%04x/0x%04x\n", 1652 nextlen, *len, check); 1653 bus->rx_badhdr++; 1654 brcmf_sdbrcm_rxfail(bus, false, false); 1655 goto fail; 1656 } 1657 1658 /* Validate frame length */ 1659 if (*len < SDPCM_HDRLEN) { 1660 brcmf_dbg(ERROR, "(nextlen): HW hdr length invalid: %d\n", 1661 *len); 1662 goto fail; 1663 } 1664 1665 /* Check for consistency with readahead info */ 1666 len_consistent = (nextlen != (roundup(*len, 16) >> 4)); 1667 if (len_consistent) { 1668 /* Mismatch, force retry w/normal 1669 header (may be >4K) */ 1670 brcmf_dbg(ERROR, "(nextlen): mismatch, nextlen %d len %d rnd %d; expected rxseq %d\n", 1671 nextlen, *len, roundup(*len, 16), 1672 rxseq); 1673 brcmf_sdbrcm_rxfail(bus, true, true); 1674 goto fail; 1675 } 1676 1677 return 0; 1678 1679fail: 1680 brcmf_sdbrcm_pktfree2(bus, pkt); 1681 return -EINVAL; 1682} 1683 1684/* Return true if there may be more frames to read */ 1685static uint 1686brcmf_sdbrcm_readframes(struct brcmf_sdio *bus, uint maxframes, bool *finished) 1687{ 1688 u16 len, check; /* Extracted hardware header fields */ 1689 u8 chan, seq, doff; /* Extracted software header fields */ 1690 u8 fcbits; /* Extracted fcbits from software header */ 1691 1692 struct sk_buff *pkt; /* Packet for event or data frames */ 1693 u16 pad; /* Number of pad bytes to read */ 1694 u16 rdlen; /* Total number of bytes to read */ 1695 u8 rxseq; /* Next sequence number to expect */ 1696 uint rxleft = 0; /* Remaining number of frames allowed */ 1697 int sdret; /* Return code from calls */ 1698 u8 txmax; /* Maximum tx sequence offered */ 1699 u8 *rxbuf; 1700 int ifidx = 0; 1701 uint rxcount = 0; /* Total frames read */ 1702 1703 brcmf_dbg(TRACE, "Enter\n"); 1704 1705 /* Not finished unless we encounter no more frames indication */ 1706 *finished = false; 1707 1708 for (rxseq = bus->rx_seq, rxleft = maxframes; 1709 !bus->rxskip && rxleft && 1710 bus->sdiodev->bus_if->state != BRCMF_BUS_DOWN; 1711 rxseq++, rxleft--) { 1712 1713 /* Handle glomming separately */ 1714 if (bus->glomd || !skb_queue_empty(&bus->glom)) { 1715 u8 cnt; 1716 brcmf_dbg(GLOM, "calling rxglom: glomd %p, glom %p\n", 1717 bus->glomd, skb_peek(&bus->glom)); 1718 cnt = brcmf_sdbrcm_rxglom(bus, rxseq); 1719 brcmf_dbg(GLOM, "rxglom returned %d\n", cnt); 1720 rxseq += cnt - 1; 1721 rxleft = (rxleft > cnt) ? (rxleft - cnt) : 1; 1722 continue; 1723 } 1724 1725 /* Try doing single read if we can */ 1726 if (bus->nextlen) { 1727 u16 nextlen = bus->nextlen; 1728 bus->nextlen = 0; 1729 1730 rdlen = len = nextlen << 4; 1731 brcmf_pad(bus, &pad, &rdlen); 1732 1733 /* 1734 * After the frame is received we have to 1735 * distinguish whether it is data 1736 * or non-data frame. 1737 */ 1738 brcmf_alloc_pkt_and_read(bus, rdlen, &pkt, &rxbuf); 1739 if (pkt == NULL) { 1740 /* Give up on data, request rtx of events */ 1741 brcmf_dbg(ERROR, "(nextlen): brcmf_alloc_pkt_and_read failed: len %d rdlen %d expected rxseq %d\n", 1742 len, rdlen, rxseq); 1743 continue; 1744 } 1745 1746 if (brcmf_check_rxbuf(bus, pkt, rxbuf, rxseq, nextlen, 1747 &len) < 0) 1748 continue; 1749 1750 /* Extract software header fields */ 1751 chan = SDPCM_PACKET_CHANNEL( 1752 &bus->rxhdr[SDPCM_FRAMETAG_LEN]); 1753 seq = SDPCM_PACKET_SEQUENCE( 1754 &bus->rxhdr[SDPCM_FRAMETAG_LEN]); 1755 doff = SDPCM_DOFFSET_VALUE( 1756 &bus->rxhdr[SDPCM_FRAMETAG_LEN]); 1757 txmax = SDPCM_WINDOW_VALUE( 1758 &bus->rxhdr[SDPCM_FRAMETAG_LEN]); 1759 1760 bus->nextlen = 1761 bus->rxhdr[SDPCM_FRAMETAG_LEN + 1762 SDPCM_NEXTLEN_OFFSET]; 1763 if ((bus->nextlen << 4) > MAX_RX_DATASZ) { 1764 brcmf_dbg(INFO, "(nextlen): got frame w/nextlen too large (%d), seq %d\n", 1765 bus->nextlen, seq); 1766 bus->nextlen = 0; 1767 } 1768 1769 bus->rx_readahead_cnt++; 1770 1771 /* Handle Flow Control */ 1772 fcbits = SDPCM_FCMASK_VALUE( 1773 &bus->rxhdr[SDPCM_FRAMETAG_LEN]); 1774 1775 if (bus->flowcontrol != fcbits) { 1776 if (~bus->flowcontrol & fcbits) 1777 bus->fc_xoff++; 1778 1779 if (bus->flowcontrol & ~fcbits) 1780 bus->fc_xon++; 1781 1782 bus->fc_rcvd++; 1783 bus->flowcontrol = fcbits; 1784 } 1785 1786 /* Check and update sequence number */ 1787 if (rxseq != seq) { 1788 brcmf_dbg(INFO, "(nextlen): rx_seq %d, expected %d\n", 1789 seq, rxseq); 1790 bus->rx_badseq++; 1791 rxseq = seq; 1792 } 1793 1794 /* Check window for sanity */ 1795 if ((u8) (txmax - bus->tx_seq) > 0x40) { 1796 brcmf_dbg(ERROR, "got unlikely tx max %d with tx_seq %d\n", 1797 txmax, bus->tx_seq); 1798 txmax = bus->tx_seq + 2; 1799 } 1800 bus->tx_max = txmax; 1801 1802 brcmf_dbg_hex_dump(BRCMF_BYTES_ON() && BRCMF_DATA_ON(), 1803 rxbuf, len, "Rx Data:\n"); 1804 brcmf_dbg_hex_dump(!(BRCMF_BYTES_ON() && 1805 BRCMF_DATA_ON()) && 1806 BRCMF_HDRS_ON(), 1807 bus->rxhdr, SDPCM_HDRLEN, 1808 "RxHdr:\n"); 1809 1810 if (chan == SDPCM_CONTROL_CHANNEL) { 1811 brcmf_dbg(ERROR, "(nextlen): readahead on control packet %d?\n", 1812 seq); 1813 /* Force retry w/normal header read */ 1814 bus->nextlen = 0; 1815 brcmf_sdbrcm_rxfail(bus, false, true); 1816 brcmf_sdbrcm_pktfree2(bus, pkt); 1817 continue; 1818 } 1819 1820 /* Validate data offset */ 1821 if ((doff < SDPCM_HDRLEN) || (doff > len)) { 1822 brcmf_dbg(ERROR, "(nextlen): bad data offset %d: HW len %d min %d\n", 1823 doff, len, SDPCM_HDRLEN); 1824 brcmf_sdbrcm_rxfail(bus, false, false); 1825 brcmf_sdbrcm_pktfree2(bus, pkt); 1826 continue; 1827 } 1828 1829 /* All done with this one -- now deliver the packet */ 1830 goto deliver; 1831 } 1832 1833 /* Read frame header (hardware and software) */ 1834 sdret = brcmf_sdcard_recv_buf(bus->sdiodev, bus->sdiodev->sbwad, 1835 SDIO_FUNC_2, F2SYNC, bus->rxhdr, 1836 BRCMF_FIRSTREAD); 1837 bus->f2rxhdrs++; 1838 1839 if (sdret < 0) { 1840 brcmf_dbg(ERROR, "RXHEADER FAILED: %d\n", sdret); 1841 bus->rx_hdrfail++; 1842 brcmf_sdbrcm_rxfail(bus, true, true); 1843 continue; 1844 } 1845 brcmf_dbg_hex_dump(BRCMF_BYTES_ON() || BRCMF_HDRS_ON(), 1846 bus->rxhdr, SDPCM_HDRLEN, "RxHdr:\n"); 1847 1848 1849 /* Extract hardware header fields */ 1850 len = get_unaligned_le16(bus->rxhdr); 1851 check = get_unaligned_le16(bus->rxhdr + sizeof(u16)); 1852 1853 /* All zeros means no more frames */ 1854 if (!(len | check)) { 1855 *finished = true; 1856 break; 1857 } 1858 1859 /* Validate check bytes */ 1860 if ((u16) ~(len ^ check)) { 1861 brcmf_dbg(ERROR, "HW hdr err: len/check 0x%04x/0x%04x\n", 1862 len, check); 1863 bus->rx_badhdr++; 1864 brcmf_sdbrcm_rxfail(bus, false, false); 1865 continue; 1866 } 1867 1868 /* Validate frame length */ 1869 if (len < SDPCM_HDRLEN) { 1870 brcmf_dbg(ERROR, "HW hdr length invalid: %d\n", len); 1871 continue; 1872 } 1873 1874 /* Extract software header fields */ 1875 chan = SDPCM_PACKET_CHANNEL(&bus->rxhdr[SDPCM_FRAMETAG_LEN]); 1876 seq = SDPCM_PACKET_SEQUENCE(&bus->rxhdr[SDPCM_FRAMETAG_LEN]); 1877 doff = SDPCM_DOFFSET_VALUE(&bus->rxhdr[SDPCM_FRAMETAG_LEN]); 1878 txmax = SDPCM_WINDOW_VALUE(&bus->rxhdr[SDPCM_FRAMETAG_LEN]); 1879 1880 /* Validate data offset */ 1881 if ((doff < SDPCM_HDRLEN) || (doff > len)) { 1882 brcmf_dbg(ERROR, "Bad data offset %d: HW len %d, min %d seq %d\n", 1883 doff, len, SDPCM_HDRLEN, seq); 1884 bus->rx_badhdr++; 1885 brcmf_sdbrcm_rxfail(bus, false, false); 1886 continue; 1887 } 1888 1889 /* Save the readahead length if there is one */ 1890 bus->nextlen = 1891 bus->rxhdr[SDPCM_FRAMETAG_LEN + SDPCM_NEXTLEN_OFFSET]; 1892 if ((bus->nextlen << 4) > MAX_RX_DATASZ) { 1893 brcmf_dbg(INFO, "(nextlen): got frame w/nextlen too large (%d), seq %d\n", 1894 bus->nextlen, seq); 1895 bus->nextlen = 0; 1896 } 1897 1898 /* Handle Flow Control */ 1899 fcbits = SDPCM_FCMASK_VALUE(&bus->rxhdr[SDPCM_FRAMETAG_LEN]); 1900 1901 if (bus->flowcontrol != fcbits) { 1902 if (~bus->flowcontrol & fcbits) 1903 bus->fc_xoff++; 1904 1905 if (bus->flowcontrol & ~fcbits) 1906 bus->fc_xon++; 1907 1908 bus->fc_rcvd++; 1909 bus->flowcontrol = fcbits; 1910 } 1911 1912 /* Check and update sequence number */ 1913 if (rxseq != seq) { 1914 brcmf_dbg(INFO, "rx_seq %d, expected %d\n", seq, rxseq); 1915 bus->rx_badseq++; 1916 rxseq = seq; 1917 } 1918 1919 /* Check window for sanity */ 1920 if ((u8) (txmax - bus->tx_seq) > 0x40) { 1921 brcmf_dbg(ERROR, "unlikely tx max %d with tx_seq %d\n", 1922 txmax, bus->tx_seq); 1923 txmax = bus->tx_seq + 2; 1924 } 1925 bus->tx_max = txmax; 1926 1927 /* Call a separate function for control frames */ 1928 if (chan == SDPCM_CONTROL_CHANNEL) { 1929 brcmf_sdbrcm_read_control(bus, bus->rxhdr, len, doff); 1930 continue; 1931 } 1932 1933 /* precondition: chan is either SDPCM_DATA_CHANNEL, 1934 SDPCM_EVENT_CHANNEL, SDPCM_TEST_CHANNEL or 1935 SDPCM_GLOM_CHANNEL */ 1936 1937 /* Length to read */ 1938 rdlen = (len > BRCMF_FIRSTREAD) ? (len - BRCMF_FIRSTREAD) : 0; 1939 1940 /* May pad read to blocksize for efficiency */ 1941 if (bus->roundup && bus->blocksize && 1942 (rdlen > bus->blocksize)) { 1943 pad = bus->blocksize - (rdlen % bus->blocksize); 1944 if ((pad <= bus->roundup) && (pad < bus->blocksize) && 1945 ((rdlen + pad + BRCMF_FIRSTREAD) < MAX_RX_DATASZ)) 1946 rdlen += pad; 1947 } else if (rdlen % BRCMF_SDALIGN) { 1948 rdlen += BRCMF_SDALIGN - (rdlen % BRCMF_SDALIGN); 1949 } 1950 1951 /* Satisfy length-alignment requirements */ 1952 if (rdlen & (ALIGNMENT - 1)) 1953 rdlen = roundup(rdlen, ALIGNMENT); 1954 1955 if ((rdlen + BRCMF_FIRSTREAD) > MAX_RX_DATASZ) { 1956 /* Too long -- skip this frame */ 1957 brcmf_dbg(ERROR, "too long: len %d rdlen %d\n", 1958 len, rdlen); 1959 bus->sdiodev->bus_if->dstats.rx_errors++; 1960 bus->rx_toolong++; 1961 brcmf_sdbrcm_rxfail(bus, false, false); 1962 continue; 1963 } 1964 1965 pkt = brcmu_pkt_buf_get_skb(rdlen + 1966 BRCMF_FIRSTREAD + BRCMF_SDALIGN); 1967 if (!pkt) { 1968 /* Give up on data, request rtx of events */ 1969 brcmf_dbg(ERROR, "brcmu_pkt_buf_get_skb failed: rdlen %d chan %d\n", 1970 rdlen, chan); 1971 bus->sdiodev->bus_if->dstats.rx_dropped++; 1972 brcmf_sdbrcm_rxfail(bus, false, RETRYCHAN(chan)); 1973 continue; 1974 } 1975 1976 /* Leave room for what we already read, and align remainder */ 1977 skb_pull(pkt, BRCMF_FIRSTREAD); 1978 pkt_align(pkt, rdlen, BRCMF_SDALIGN); 1979 1980 /* Read the remaining frame data */ 1981 sdret = brcmf_sdcard_recv_pkt(bus->sdiodev, bus->sdiodev->sbwad, 1982 SDIO_FUNC_2, F2SYNC, pkt); 1983 bus->f2rxdata++; 1984 1985 if (sdret < 0) { 1986 brcmf_dbg(ERROR, "read %d %s bytes failed: %d\n", rdlen, 1987 ((chan == SDPCM_EVENT_CHANNEL) ? "event" 1988 : ((chan == SDPCM_DATA_CHANNEL) ? "data" 1989 : "test")), sdret); 1990 brcmu_pkt_buf_free_skb(pkt); 1991 bus->sdiodev->bus_if->dstats.rx_errors++; 1992 brcmf_sdbrcm_rxfail(bus, true, RETRYCHAN(chan)); 1993 continue; 1994 } 1995 1996 /* Copy the already-read portion */ 1997 skb_push(pkt, BRCMF_FIRSTREAD); 1998 memcpy(pkt->data, bus->rxhdr, BRCMF_FIRSTREAD); 1999 2000 brcmf_dbg_hex_dump(BRCMF_BYTES_ON() && BRCMF_DATA_ON(), 2001 pkt->data, len, "Rx Data:\n"); 2002 2003deliver: 2004 /* Save superframe descriptor and allocate packet frame */ 2005 if (chan == SDPCM_GLOM_CHANNEL) { 2006 if (SDPCM_GLOMDESC(&bus->rxhdr[SDPCM_FRAMETAG_LEN])) { 2007 brcmf_dbg(GLOM, "glom descriptor, %d bytes:\n", 2008 len); 2009 brcmf_dbg_hex_dump(BRCMF_GLOM_ON(), 2010 pkt->data, len, 2011 "Glom Data:\n"); 2012 __skb_trim(pkt, len); 2013 skb_pull(pkt, SDPCM_HDRLEN); 2014 bus->glomd = pkt; 2015 } else { 2016 brcmf_dbg(ERROR, "%s: glom superframe w/o " 2017 "descriptor!\n", __func__); 2018 brcmf_sdbrcm_rxfail(bus, false, false); 2019 } 2020 continue; 2021 } 2022 2023 /* Fill in packet len and prio, deliver upward */ 2024 __skb_trim(pkt, len); 2025 skb_pull(pkt, doff); 2026 2027 if (pkt->len == 0) { 2028 brcmu_pkt_buf_free_skb(pkt); 2029 continue; 2030 } else if (brcmf_proto_hdrpull(bus->sdiodev->dev, &ifidx, 2031 pkt) != 0) { 2032 brcmf_dbg(ERROR, "rx protocol error\n"); 2033 brcmu_pkt_buf_free_skb(pkt); 2034 bus->sdiodev->bus_if->dstats.rx_errors++; 2035 continue; 2036 } 2037 2038 /* Unlock during rx call */ 2039 up(&bus->sdsem); 2040 brcmf_rx_packet(bus->sdiodev->dev, ifidx, pkt); 2041 down(&bus->sdsem); 2042 } 2043 rxcount = maxframes - rxleft; 2044 /* Message if we hit the limit */ 2045 if (!rxleft) 2046 brcmf_dbg(DATA, "hit rx limit of %d frames\n", 2047 maxframes); 2048 else 2049 brcmf_dbg(DATA, "processed %d frames\n", rxcount); 2050 /* Back off rxseq if awaiting rtx, update rx_seq */ 2051 if (bus->rxskip) 2052 rxseq--; 2053 bus->rx_seq = rxseq; 2054 2055 return rxcount; 2056} 2057 2058static void 2059brcmf_sdbrcm_wait_for_event(struct brcmf_sdio *bus, bool *lockvar) 2060{ 2061 up(&bus->sdsem); 2062 wait_event_interruptible_timeout(bus->ctrl_wait, 2063 (*lockvar == false), HZ * 2); 2064 down(&bus->sdsem); 2065 return; 2066} 2067 2068static void 2069brcmf_sdbrcm_wait_event_wakeup(struct brcmf_sdio *bus) 2070{ 2071 if (waitqueue_active(&bus->ctrl_wait)) 2072 wake_up_interruptible(&bus->ctrl_wait); 2073 return; 2074} 2075 2076/* Writes a HW/SW header into the packet and sends it. */ 2077/* Assumes: (a) header space already there, (b) caller holds lock */ 2078static int brcmf_sdbrcm_txpkt(struct brcmf_sdio *bus, struct sk_buff *pkt, 2079 uint chan, bool free_pkt) 2080{ 2081 int ret; 2082 u8 *frame; 2083 u16 len, pad = 0; 2084 u32 swheader; 2085 struct sk_buff *new; 2086 int i; 2087 2088 brcmf_dbg(TRACE, "Enter\n"); 2089 2090 frame = (u8 *) (pkt->data); 2091 2092 /* Add alignment padding, allocate new packet if needed */ 2093 pad = ((unsigned long)frame % BRCMF_SDALIGN); 2094 if (pad) { 2095 if (skb_headroom(pkt) < pad) { 2096 brcmf_dbg(INFO, "insufficient headroom %d for %d pad\n", 2097 skb_headroom(pkt), pad); 2098 bus->sdiodev->bus_if->tx_realloc++; 2099 new = brcmu_pkt_buf_get_skb(pkt->len + BRCMF_SDALIGN); 2100 if (!new) { 2101 brcmf_dbg(ERROR, "couldn't allocate new %d-byte packet\n", 2102 pkt->len + BRCMF_SDALIGN); 2103 ret = -ENOMEM; 2104 goto done; 2105 } 2106 2107 pkt_align(new, pkt->len, BRCMF_SDALIGN); 2108 memcpy(new->data, pkt->data, pkt->len); 2109 if (free_pkt) 2110 brcmu_pkt_buf_free_skb(pkt); 2111 /* free the pkt if canned one is not used */ 2112 free_pkt = true; 2113 pkt = new; 2114 frame = (u8 *) (pkt->data); 2115 /* precondition: (frame % BRCMF_SDALIGN) == 0) */ 2116 pad = 0; 2117 } else { 2118 skb_push(pkt, pad); 2119 frame = (u8 *) (pkt->data); 2120 /* precondition: pad + SDPCM_HDRLEN <= pkt->len */ 2121 memset(frame, 0, pad + SDPCM_HDRLEN); 2122 } 2123 } 2124 /* precondition: pad < BRCMF_SDALIGN */ 2125 2126 /* Hardware tag: 2 byte len followed by 2 byte ~len check (all LE) */ 2127 len = (u16) (pkt->len); 2128 *(__le16 *) frame = cpu_to_le16(len); 2129 *(((__le16 *) frame) + 1) = cpu_to_le16(~len); 2130 2131 /* Software tag: channel, sequence number, data offset */ 2132 swheader = 2133 ((chan << SDPCM_CHANNEL_SHIFT) & SDPCM_CHANNEL_MASK) | bus->tx_seq | 2134 (((pad + 2135 SDPCM_HDRLEN) << SDPCM_DOFFSET_SHIFT) & SDPCM_DOFFSET_MASK); 2136 2137 put_unaligned_le32(swheader, frame + SDPCM_FRAMETAG_LEN); 2138 put_unaligned_le32(0, frame + SDPCM_FRAMETAG_LEN + sizeof(swheader)); 2139 2140#ifdef DEBUG 2141 tx_packets[pkt->priority]++; 2142#endif 2143 2144 brcmf_dbg_hex_dump(BRCMF_BYTES_ON() && 2145 ((BRCMF_CTL_ON() && chan == SDPCM_CONTROL_CHANNEL) || 2146 (BRCMF_DATA_ON() && chan != SDPCM_CONTROL_CHANNEL)), 2147 frame, len, "Tx Frame:\n"); 2148 brcmf_dbg_hex_dump(!(BRCMF_BYTES_ON() && 2149 ((BRCMF_CTL_ON() && 2150 chan == SDPCM_CONTROL_CHANNEL) || 2151 (BRCMF_DATA_ON() && 2152 chan != SDPCM_CONTROL_CHANNEL))) && 2153 BRCMF_HDRS_ON(), 2154 frame, min_t(u16, len, 16), "TxHdr:\n"); 2155 2156 /* Raise len to next SDIO block to eliminate tail command */ 2157 if (bus->roundup && bus->blocksize && (len > bus->blocksize)) { 2158 u16 pad = bus->blocksize - (len % bus->blocksize); 2159 if ((pad <= bus->roundup) && (pad < bus->blocksize)) 2160 len += pad; 2161 } else if (len % BRCMF_SDALIGN) { 2162 len += BRCMF_SDALIGN - (len % BRCMF_SDALIGN); 2163 } 2164 2165 /* Some controllers have trouble with odd bytes -- round to even */ 2166 if (len & (ALIGNMENT - 1)) 2167 len = roundup(len, ALIGNMENT); 2168 2169 ret = brcmf_sdcard_send_pkt(bus->sdiodev, bus->sdiodev->sbwad, 2170 SDIO_FUNC_2, F2SYNC, pkt); 2171 bus->f2txdata++; 2172 2173 if (ret < 0) { 2174 /* On failure, abort the command and terminate the frame */ 2175 brcmf_dbg(INFO, "sdio error %d, abort command and terminate frame\n", 2176 ret); 2177 bus->tx_sderrs++; 2178 2179 brcmf_sdcard_abort(bus->sdiodev, SDIO_FUNC_2); 2180 brcmf_sdcard_cfg_write(bus->sdiodev, SDIO_FUNC_1, 2181 SBSDIO_FUNC1_FRAMECTRL, SFC_WF_TERM, 2182 NULL); 2183 bus->f1regdata++; 2184 2185 for (i = 0; i < 3; i++) { 2186 u8 hi, lo; 2187 hi = brcmf_sdcard_cfg_read(bus->sdiodev, 2188 SDIO_FUNC_1, 2189 SBSDIO_FUNC1_WFRAMEBCHI, 2190 NULL); 2191 lo = brcmf_sdcard_cfg_read(bus->sdiodev, 2192 SDIO_FUNC_1, 2193 SBSDIO_FUNC1_WFRAMEBCLO, 2194 NULL); 2195 bus->f1regdata += 2; 2196 if ((hi == 0) && (lo == 0)) 2197 break; 2198 } 2199 2200 } 2201 if (ret == 0) 2202 bus->tx_seq = (bus->tx_seq + 1) % SDPCM_SEQUENCE_WRAP; 2203 2204done: 2205 /* restore pkt buffer pointer before calling tx complete routine */ 2206 skb_pull(pkt, SDPCM_HDRLEN + pad); 2207 up(&bus->sdsem); 2208 brcmf_txcomplete(bus->sdiodev->dev, pkt, ret != 0); 2209 down(&bus->sdsem); 2210 2211 if (free_pkt) 2212 brcmu_pkt_buf_free_skb(pkt); 2213 2214 return ret; 2215} 2216 2217static uint brcmf_sdbrcm_sendfromq(struct brcmf_sdio *bus, uint maxframes) 2218{ 2219 struct sk_buff *pkt; 2220 u32 intstatus = 0; 2221 uint retries = 0; 2222 int ret = 0, prec_out; 2223 uint cnt = 0; 2224 uint datalen; 2225 u8 tx_prec_map; 2226 2227 brcmf_dbg(TRACE, "Enter\n"); 2228 2229 tx_prec_map = ~bus->flowcontrol; 2230 2231 /* Send frames until the limit or some other event */ 2232 for (cnt = 0; (cnt < maxframes) && data_ok(bus); cnt++) { 2233 spin_lock_bh(&bus->txqlock); 2234 pkt = brcmu_pktq_mdeq(&bus->txq, tx_prec_map, &prec_out); 2235 if (pkt == NULL) { 2236 spin_unlock_bh(&bus->txqlock); 2237 break; 2238 } 2239 spin_unlock_bh(&bus->txqlock); 2240 datalen = pkt->len - SDPCM_HDRLEN; 2241 2242 ret = brcmf_sdbrcm_txpkt(bus, pkt, SDPCM_DATA_CHANNEL, true); 2243 if (ret) 2244 bus->sdiodev->bus_if->dstats.tx_errors++; 2245 else 2246 bus->sdiodev->bus_if->dstats.tx_bytes += datalen; 2247 2248 /* In poll mode, need to check for other events */ 2249 if (!bus->intr && cnt) { 2250 /* Check device status, signal pending interrupt */ 2251 r_sdreg32(bus, &intstatus, 2252 offsetof(struct sdpcmd_regs, intstatus), 2253 &retries); 2254 bus->f2txdata++; 2255 if (brcmf_sdcard_regfail(bus->sdiodev)) 2256 break; 2257 if (intstatus & bus->hostintmask) 2258 bus->ipend = true; 2259 } 2260 } 2261 2262 /* Deflow-control stack if needed */ 2263 if (bus->sdiodev->bus_if->drvr_up && 2264 (bus->sdiodev->bus_if->state == BRCMF_BUS_DATA) && 2265 bus->txoff && (pktq_len(&bus->txq) < TXLOW)) { 2266 bus->txoff = OFF; 2267 brcmf_txflowcontrol(bus->sdiodev->dev, 0, OFF); 2268 } 2269 2270 return cnt; 2271} 2272 2273static void brcmf_sdbrcm_bus_stop(struct device *dev) 2274{ 2275 u32 local_hostintmask; 2276 u8 saveclk; 2277 uint retries; 2278 int err; 2279 struct brcmf_bus *bus_if = dev_get_drvdata(dev); 2280 struct brcmf_sdio_dev *sdiodev = bus_if->bus_priv.sdio; 2281 struct brcmf_sdio *bus = sdiodev->bus; 2282 2283 brcmf_dbg(TRACE, "Enter\n"); 2284 2285 if (bus->watchdog_tsk) { 2286 send_sig(SIGTERM, bus->watchdog_tsk, 1); 2287 kthread_stop(bus->watchdog_tsk); 2288 bus->watchdog_tsk = NULL; 2289 } 2290 2291 if (bus->dpc_tsk && bus->dpc_tsk != current) { 2292 send_sig(SIGTERM, bus->dpc_tsk, 1); 2293 kthread_stop(bus->dpc_tsk); 2294 bus->dpc_tsk = NULL; 2295 } 2296 2297 down(&bus->sdsem); 2298 2299 bus_wake(bus); 2300 2301 /* Enable clock for device interrupts */ 2302 brcmf_sdbrcm_clkctl(bus, CLK_AVAIL, false); 2303 2304 /* Disable and clear interrupts at the chip level also */ 2305 w_sdreg32(bus, 0, offsetof(struct sdpcmd_regs, hostintmask), &retries); 2306 local_hostintmask = bus->hostintmask; 2307 bus->hostintmask = 0; 2308 2309 /* Change our idea of bus state */ 2310 bus->sdiodev->bus_if->state = BRCMF_BUS_DOWN; 2311 2312 /* Force clocks on backplane to be sure F2 interrupt propagates */ 2313 saveclk = brcmf_sdcard_cfg_read(bus->sdiodev, SDIO_FUNC_1, 2314 SBSDIO_FUNC1_CHIPCLKCSR, &err); 2315 if (!err) { 2316 brcmf_sdcard_cfg_write(bus->sdiodev, SDIO_FUNC_1, 2317 SBSDIO_FUNC1_CHIPCLKCSR, 2318 (saveclk | SBSDIO_FORCE_HT), &err); 2319 } 2320 if (err) 2321 brcmf_dbg(ERROR, "Failed to force clock for F2: err %d\n", err); 2322 2323 /* Turn off the bus (F2), free any pending packets */ 2324 brcmf_dbg(INTR, "disable SDIO interrupts\n"); 2325 brcmf_sdcard_cfg_write(bus->sdiodev, SDIO_FUNC_0, SDIO_CCCR_IOEx, 2326 SDIO_FUNC_ENABLE_1, NULL); 2327 2328 /* Clear any pending interrupts now that F2 is disabled */ 2329 w_sdreg32(bus, local_hostintmask, 2330 offsetof(struct sdpcmd_regs, intstatus), &retries); 2331 2332 /* Turn off the backplane clock (only) */ 2333 brcmf_sdbrcm_clkctl(bus, CLK_SDONLY, false); 2334 2335 /* Clear the data packet queues */ 2336 brcmu_pktq_flush(&bus->txq, true, NULL, NULL); 2337 2338 /* Clear any held glomming stuff */ 2339 if (bus->glomd) 2340 brcmu_pkt_buf_free_skb(bus->glomd); 2341 brcmf_sdbrcm_free_glom(bus); 2342 2343 /* Clear rx control and wake any waiters */ 2344 bus->rxlen = 0; 2345 brcmf_sdbrcm_dcmd_resp_wake(bus); 2346 2347 /* Reset some F2 state stuff */ 2348 bus->rxskip = false; 2349 bus->tx_seq = bus->rx_seq = 0; 2350 2351 up(&bus->sdsem); 2352} 2353 2354static bool brcmf_sdbrcm_dpc(struct brcmf_sdio *bus) 2355{ 2356 u32 intstatus, newstatus = 0; 2357 uint retries = 0; 2358 uint rxlimit = bus->rxbound; /* Rx frames to read before resched */ 2359 uint txlimit = bus->txbound; /* Tx frames to send before resched */ 2360 uint framecnt = 0; /* Temporary counter of tx/rx frames */ 2361 bool rxdone = true; /* Flag for no more read data */ 2362 bool resched = false; /* Flag indicating resched wanted */ 2363 2364 brcmf_dbg(TRACE, "Enter\n"); 2365 2366 /* Start with leftover status bits */ 2367 intstatus = bus->intstatus; 2368 2369 down(&bus->sdsem); 2370 2371 /* If waiting for HTAVAIL, check status */ 2372 if (bus->clkstate == CLK_PENDING) { 2373 int err; 2374 u8 clkctl, devctl = 0; 2375 2376#ifdef DEBUG 2377 /* Check for inconsistent device control */ 2378 devctl = brcmf_sdcard_cfg_read(bus->sdiodev, SDIO_FUNC_1, 2379 SBSDIO_DEVICE_CTL, &err); 2380 if (err) { 2381 brcmf_dbg(ERROR, "error reading DEVCTL: %d\n", err); 2382 bus->sdiodev->bus_if->state = BRCMF_BUS_DOWN; 2383 } 2384#endif /* DEBUG */ 2385 2386 /* Read CSR, if clock on switch to AVAIL, else ignore */ 2387 clkctl = brcmf_sdcard_cfg_read(bus->sdiodev, SDIO_FUNC_1, 2388 SBSDIO_FUNC1_CHIPCLKCSR, &err); 2389 if (err) { 2390 brcmf_dbg(ERROR, "error reading CSR: %d\n", 2391 err); 2392 bus->sdiodev->bus_if->state = BRCMF_BUS_DOWN; 2393 } 2394 2395 brcmf_dbg(INFO, "DPC: PENDING, devctl 0x%02x clkctl 0x%02x\n", 2396 devctl, clkctl); 2397 2398 if (SBSDIO_HTAV(clkctl)) { 2399 devctl = brcmf_sdcard_cfg_read(bus->sdiodev, 2400 SDIO_FUNC_1, 2401 SBSDIO_DEVICE_CTL, &err); 2402 if (err) { 2403 brcmf_dbg(ERROR, "error reading DEVCTL: %d\n", 2404 err); 2405 bus->sdiodev->bus_if->state = BRCMF_BUS_DOWN; 2406 } 2407 devctl &= ~SBSDIO_DEVCTL_CA_INT_ONLY; 2408 brcmf_sdcard_cfg_write(bus->sdiodev, SDIO_FUNC_1, 2409 SBSDIO_DEVICE_CTL, devctl, &err); 2410 if (err) { 2411 brcmf_dbg(ERROR, "error writing DEVCTL: %d\n", 2412 err); 2413 bus->sdiodev->bus_if->state = BRCMF_BUS_DOWN; 2414 } 2415 bus->clkstate = CLK_AVAIL; 2416 } else { 2417 goto clkwait; 2418 } 2419 } 2420 2421 bus_wake(bus); 2422 2423 /* Make sure backplane clock is on */ 2424 brcmf_sdbrcm_clkctl(bus, CLK_AVAIL, true); 2425 if (bus->clkstate == CLK_PENDING) 2426 goto clkwait; 2427 2428 /* Pending interrupt indicates new device status */ 2429 if (bus->ipend) { 2430 bus->ipend = false; 2431 r_sdreg32(bus, &newstatus, 2432 offsetof(struct sdpcmd_regs, intstatus), &retries); 2433 bus->f1regdata++; 2434 if (brcmf_sdcard_regfail(bus->sdiodev)) 2435 newstatus = 0; 2436 newstatus &= bus->hostintmask; 2437 bus->fcstate = !!(newstatus & I_HMB_FC_STATE); 2438 if (newstatus) { 2439 w_sdreg32(bus, newstatus, 2440 offsetof(struct sdpcmd_regs, intstatus), 2441 &retries); 2442 bus->f1regdata++; 2443 } 2444 } 2445 2446 /* Merge new bits with previous */ 2447 intstatus |= newstatus; 2448 bus->intstatus = 0; 2449 2450 /* Handle flow-control change: read new state in case our ack 2451 * crossed another change interrupt. If change still set, assume 2452 * FC ON for safety, let next loop through do the debounce. 2453 */ 2454 if (intstatus & I_HMB_FC_CHANGE) { 2455 intstatus &= ~I_HMB_FC_CHANGE; 2456 w_sdreg32(bus, I_HMB_FC_CHANGE, 2457 offsetof(struct sdpcmd_regs, intstatus), &retries); 2458 2459 r_sdreg32(bus, &newstatus, 2460 offsetof(struct sdpcmd_regs, intstatus), &retries); 2461 bus->f1regdata += 2; 2462 bus->fcstate = 2463 !!(newstatus & (I_HMB_FC_STATE | I_HMB_FC_CHANGE)); 2464 intstatus |= (newstatus & bus->hostintmask); 2465 } 2466 2467 /* Handle host mailbox indication */ 2468 if (intstatus & I_HMB_HOST_INT) { 2469 intstatus &= ~I_HMB_HOST_INT; 2470 intstatus |= brcmf_sdbrcm_hostmail(bus); 2471 } 2472 2473 /* Generally don't ask for these, can get CRC errors... */ 2474 if (intstatus & I_WR_OOSYNC) { 2475 brcmf_dbg(ERROR, "Dongle reports WR_OOSYNC\n"); 2476 intstatus &= ~I_WR_OOSYNC; 2477 } 2478 2479 if (intstatus & I_RD_OOSYNC) { 2480 brcmf_dbg(ERROR, "Dongle reports RD_OOSYNC\n"); 2481 intstatus &= ~I_RD_OOSYNC; 2482 } 2483 2484 if (intstatus & I_SBINT) { 2485 brcmf_dbg(ERROR, "Dongle reports SBINT\n"); 2486 intstatus &= ~I_SBINT; 2487 } 2488 2489 /* Would be active due to wake-wlan in gSPI */ 2490 if (intstatus & I_CHIPACTIVE) { 2491 brcmf_dbg(INFO, "Dongle reports CHIPACTIVE\n"); 2492 intstatus &= ~I_CHIPACTIVE; 2493 } 2494 2495 /* Ignore frame indications if rxskip is set */ 2496 if (bus->rxskip) 2497 intstatus &= ~I_HMB_FRAME_IND; 2498 2499 /* On frame indication, read available frames */ 2500 if (PKT_AVAILABLE()) { 2501 framecnt = brcmf_sdbrcm_readframes(bus, rxlimit, &rxdone); 2502 if (rxdone || bus->rxskip) 2503 intstatus &= ~I_HMB_FRAME_IND; 2504 rxlimit -= min(framecnt, rxlimit); 2505 } 2506 2507 /* Keep still-pending events for next scheduling */ 2508 bus->intstatus = intstatus; 2509 2510clkwait: 2511 if (data_ok(bus) && bus->ctrl_frame_stat && 2512 (bus->clkstate == CLK_AVAIL)) { 2513 int ret, i; 2514 2515 ret = brcmf_sdcard_send_buf(bus->sdiodev, bus->sdiodev->sbwad, 2516 SDIO_FUNC_2, F2SYNC, (u8 *) bus->ctrl_frame_buf, 2517 (u32) bus->ctrl_frame_len); 2518 2519 if (ret < 0) { 2520 /* On failure, abort the command and 2521 terminate the frame */ 2522 brcmf_dbg(INFO, "sdio error %d, abort command and terminate frame\n", 2523 ret); 2524 bus->tx_sderrs++; 2525 2526 brcmf_sdcard_abort(bus->sdiodev, SDIO_FUNC_2); 2527 2528 brcmf_sdcard_cfg_write(bus->sdiodev, SDIO_FUNC_1, 2529 SBSDIO_FUNC1_FRAMECTRL, SFC_WF_TERM, 2530 NULL); 2531 bus->f1regdata++; 2532 2533 for (i = 0; i < 3; i++) { 2534 u8 hi, lo; 2535 hi = brcmf_sdcard_cfg_read(bus->sdiodev, 2536 SDIO_FUNC_1, 2537 SBSDIO_FUNC1_WFRAMEBCHI, 2538 NULL); 2539 lo = brcmf_sdcard_cfg_read(bus->sdiodev, 2540 SDIO_FUNC_1, 2541 SBSDIO_FUNC1_WFRAMEBCLO, 2542 NULL); 2543 bus->f1regdata += 2; 2544 if ((hi == 0) && (lo == 0)) 2545 break; 2546 } 2547 2548 } 2549 if (ret == 0) 2550 bus->tx_seq = (bus->tx_seq + 1) % SDPCM_SEQUENCE_WRAP; 2551 2552 brcmf_dbg(INFO, "Return_dpc value is : %d\n", ret); 2553 bus->ctrl_frame_stat = false; 2554 brcmf_sdbrcm_wait_event_wakeup(bus); 2555 } 2556 /* Send queued frames (limit 1 if rx may still be pending) */ 2557 else if ((bus->clkstate == CLK_AVAIL) && !bus->fcstate && 2558 brcmu_pktq_mlen(&bus->txq, ~bus->flowcontrol) && txlimit 2559 && data_ok(bus)) { 2560 framecnt = rxdone ? txlimit : min(txlimit, bus->txminmax); 2561 framecnt = brcmf_sdbrcm_sendfromq(bus, framecnt); 2562 txlimit -= framecnt; 2563 } 2564 2565 /* Resched if events or tx frames are pending, 2566 else await next interrupt */ 2567 /* On failed register access, all bets are off: 2568 no resched or interrupts */ 2569 if ((bus->sdiodev->bus_if->state == BRCMF_BUS_DOWN) || 2570 brcmf_sdcard_regfail(bus->sdiodev)) { 2571 brcmf_dbg(ERROR, "failed backplane access over SDIO, halting operation %d\n", 2572 brcmf_sdcard_regfail(bus->sdiodev)); 2573 bus->sdiodev->bus_if->state = BRCMF_BUS_DOWN; 2574 bus->intstatus = 0; 2575 } else if (bus->clkstate == CLK_PENDING) { 2576 brcmf_dbg(INFO, "rescheduled due to CLK_PENDING awaiting I_CHIPACTIVE interrupt\n"); 2577 resched = true; 2578 } else if (bus->intstatus || bus->ipend || 2579 (!bus->fcstate && brcmu_pktq_mlen(&bus->txq, ~bus->flowcontrol) 2580 && data_ok(bus)) || PKT_AVAILABLE()) { 2581 resched = true; 2582 } 2583 2584 bus->dpc_sched = resched; 2585 2586 /* If we're done for now, turn off clock request. */ 2587 if ((bus->clkstate != CLK_PENDING) 2588 && bus->idletime == BRCMF_IDLE_IMMEDIATE) { 2589 bus->activity = false; 2590 brcmf_sdbrcm_clkctl(bus, CLK_NONE, false); 2591 } 2592 2593 up(&bus->sdsem); 2594 2595 return resched; 2596} 2597 2598static int brcmf_sdbrcm_dpc_thread(void *data) 2599{ 2600 struct brcmf_sdio *bus = (struct brcmf_sdio *) data; 2601 2602 allow_signal(SIGTERM); 2603 /* Run until signal received */ 2604 while (1) { 2605 if (kthread_should_stop()) 2606 break; 2607 if (!wait_for_completion_interruptible(&bus->dpc_wait)) { 2608 /* Call bus dpc unless it indicated down 2609 (then clean stop) */ 2610 if (bus->sdiodev->bus_if->state != BRCMF_BUS_DOWN) { 2611 if (brcmf_sdbrcm_dpc(bus)) 2612 complete(&bus->dpc_wait); 2613 } else { 2614 /* after stopping the bus, exit thread */ 2615 brcmf_sdbrcm_bus_stop(bus->sdiodev->dev); 2616 bus->dpc_tsk = NULL; 2617 break; 2618 } 2619 } else 2620 break; 2621 } 2622 return 0; 2623} 2624 2625static int brcmf_sdbrcm_bus_txdata(struct device *dev, struct sk_buff *pkt) 2626{ 2627 int ret = -EBADE; 2628 uint datalen, prec; 2629 struct brcmf_bus *bus_if = dev_get_drvdata(dev); 2630 struct brcmf_sdio_dev *sdiodev = bus_if->bus_priv.sdio; 2631 struct brcmf_sdio *bus = sdiodev->bus; 2632 2633 brcmf_dbg(TRACE, "Enter\n"); 2634 2635 datalen = pkt->len; 2636 2637 /* Add space for the header */ 2638 skb_push(pkt, SDPCM_HDRLEN); 2639 /* precondition: IS_ALIGNED((unsigned long)(pkt->data), 2) */ 2640 2641 prec = prio2prec((pkt->priority & PRIOMASK)); 2642 2643 /* Check for existing queue, current flow-control, 2644 pending event, or pending clock */ 2645 brcmf_dbg(TRACE, "deferring pktq len %d\n", pktq_len(&bus->txq)); 2646 bus->fcqueued++; 2647 2648 /* Priority based enq */ 2649 spin_lock_bh(&bus->txqlock); 2650 if (brcmf_c_prec_enq(bus->sdiodev->dev, &bus->txq, pkt, prec) == 2651 false) { 2652 skb_pull(pkt, SDPCM_HDRLEN); 2653 brcmf_txcomplete(bus->sdiodev->dev, pkt, false); 2654 brcmu_pkt_buf_free_skb(pkt); 2655 brcmf_dbg(ERROR, "out of bus->txq !!!\n"); 2656 ret = -ENOSR; 2657 } else { 2658 ret = 0; 2659 } 2660 spin_unlock_bh(&bus->txqlock); 2661 2662 if (pktq_len(&bus->txq) >= TXHI) { 2663 bus->txoff = ON; 2664 brcmf_txflowcontrol(bus->sdiodev->dev, 0, ON); 2665 } 2666 2667#ifdef DEBUG 2668 if (pktq_plen(&bus->txq, prec) > qcount[prec]) 2669 qcount[prec] = pktq_plen(&bus->txq, prec); 2670#endif 2671 /* Schedule DPC if needed to send queued packet(s) */ 2672 if (!bus->dpc_sched) { 2673 bus->dpc_sched = true; 2674 if (bus->dpc_tsk) 2675 complete(&bus->dpc_wait); 2676 } 2677 2678 return ret; 2679} 2680 2681static int 2682brcmf_sdbrcm_membytes(struct brcmf_sdio *bus, bool write, u32 address, u8 *data, 2683 uint size) 2684{ 2685 int bcmerror = 0; 2686 u32 sdaddr; 2687 uint dsize; 2688 2689 /* Determine initial transfer parameters */ 2690 sdaddr = address & SBSDIO_SB_OFT_ADDR_MASK; 2691 if ((sdaddr + size) & SBSDIO_SBWINDOW_MASK) 2692 dsize = (SBSDIO_SB_OFT_ADDR_LIMIT - sdaddr); 2693 else 2694 dsize = size; 2695 2696 /* Set the backplane window to include the start address */ 2697 bcmerror = brcmf_sdcard_set_sbaddr_window(bus->sdiodev, address); 2698 if (bcmerror) { 2699 brcmf_dbg(ERROR, "window change failed\n"); 2700 goto xfer_done; 2701 } 2702 2703 /* Do the transfer(s) */ 2704 while (size) { 2705 brcmf_dbg(INFO, "%s %d bytes at offset 0x%08x in window 0x%08x\n", 2706 write ? "write" : "read", dsize, 2707 sdaddr, address & SBSDIO_SBWINDOW_MASK); 2708 bcmerror = brcmf_sdcard_rwdata(bus->sdiodev, write, 2709 sdaddr, data, dsize); 2710 if (bcmerror) { 2711 brcmf_dbg(ERROR, "membytes transfer failed\n"); 2712 break; 2713 } 2714 2715 /* Adjust for next transfer (if any) */ 2716 size -= dsize; 2717 if (size) { 2718 data += dsize; 2719 address += dsize; 2720 bcmerror = brcmf_sdcard_set_sbaddr_window(bus->sdiodev, 2721 address); 2722 if (bcmerror) { 2723 brcmf_dbg(ERROR, "window change failed\n"); 2724 break; 2725 } 2726 sdaddr = 0; 2727 dsize = min_t(uint, SBSDIO_SB_OFT_ADDR_LIMIT, size); 2728 } 2729 } 2730 2731xfer_done: 2732 /* Return the window to backplane enumeration space for core access */ 2733 if (brcmf_sdcard_set_sbaddr_window(bus->sdiodev, bus->sdiodev->sbwad)) 2734 brcmf_dbg(ERROR, "FAILED to set window back to 0x%x\n", 2735 bus->sdiodev->sbwad); 2736 2737 return bcmerror; 2738} 2739 2740#ifdef DEBUG 2741#define CONSOLE_LINE_MAX 192 2742 2743static int brcmf_sdbrcm_readconsole(struct brcmf_sdio *bus) 2744{ 2745 struct brcmf_console *c = &bus->console; 2746 u8 line[CONSOLE_LINE_MAX], ch; 2747 u32 n, idx, addr; 2748 int rv; 2749 2750 /* Don't do anything until FWREADY updates console address */ 2751 if (bus->console_addr == 0) 2752 return 0; 2753 2754 /* Read console log struct */ 2755 addr = bus->console_addr + offsetof(struct rte_console, log_le); 2756 rv = brcmf_sdbrcm_membytes(bus, false, addr, (u8 *)&c->log_le, 2757 sizeof(c->log_le)); 2758 if (rv < 0) 2759 return rv; 2760 2761 /* Allocate console buffer (one time only) */ 2762 if (c->buf == NULL) { 2763 c->bufsize = le32_to_cpu(c->log_le.buf_size); 2764 c->buf = kmalloc(c->bufsize, GFP_ATOMIC); 2765 if (c->buf == NULL) 2766 return -ENOMEM; 2767 } 2768 2769 idx = le32_to_cpu(c->log_le.idx); 2770 2771 /* Protect against corrupt value */ 2772 if (idx > c->bufsize) 2773 return -EBADE; 2774 2775 /* Skip reading the console buffer if the index pointer 2776 has not moved */ 2777 if (idx == c->last) 2778 return 0; 2779 2780 /* Read the console buffer */ 2781 addr = le32_to_cpu(c->log_le.buf); 2782 rv = brcmf_sdbrcm_membytes(bus, false, addr, c->buf, c->bufsize); 2783 if (rv < 0) 2784 return rv; 2785 2786 while (c->last != idx) { 2787 for (n = 0; n < CONSOLE_LINE_MAX - 2; n++) { 2788 if (c->last == idx) { 2789 /* This would output a partial line. 2790 * Instead, back up 2791 * the buffer pointer and output this 2792 * line next time around. 2793 */ 2794 if (c->last >= n) 2795 c->last -= n; 2796 else 2797 c->last = c->bufsize - n; 2798 goto break2; 2799 } 2800 ch = c->buf[c->last]; 2801 c->last = (c->last + 1) % c->bufsize; 2802 if (ch == '\n') 2803 break; 2804 line[n] = ch; 2805 } 2806 2807 if (n > 0) { 2808 if (line[n - 1] == '\r') 2809 n--; 2810 line[n] = 0; 2811 pr_debug("CONSOLE: %s\n", line); 2812 } 2813 } 2814break2: 2815 2816 return 0; 2817} 2818#endif /* DEBUG */ 2819 2820static int brcmf_tx_frame(struct brcmf_sdio *bus, u8 *frame, u16 len) 2821{ 2822 int i; 2823 int ret; 2824 2825 bus->ctrl_frame_stat = false; 2826 ret = brcmf_sdcard_send_buf(bus->sdiodev, bus->sdiodev->sbwad, 2827 SDIO_FUNC_2, F2SYNC, frame, len); 2828 2829 if (ret < 0) { 2830 /* On failure, abort the command and terminate the frame */ 2831 brcmf_dbg(INFO, "sdio error %d, abort command and terminate frame\n", 2832 ret); 2833 bus->tx_sderrs++; 2834 2835 brcmf_sdcard_abort(bus->sdiodev, SDIO_FUNC_2); 2836 2837 brcmf_sdcard_cfg_write(bus->sdiodev, SDIO_FUNC_1, 2838 SBSDIO_FUNC1_FRAMECTRL, 2839 SFC_WF_TERM, NULL); 2840 bus->f1regdata++; 2841 2842 for (i = 0; i < 3; i++) { 2843 u8 hi, lo; 2844 hi = brcmf_sdcard_cfg_read(bus->sdiodev, SDIO_FUNC_1, 2845 SBSDIO_FUNC1_WFRAMEBCHI, 2846 NULL); 2847 lo = brcmf_sdcard_cfg_read(bus->sdiodev, SDIO_FUNC_1, 2848 SBSDIO_FUNC1_WFRAMEBCLO, 2849 NULL); 2850 bus->f1regdata += 2; 2851 if (hi == 0 && lo == 0) 2852 break; 2853 } 2854 return ret; 2855 } 2856 2857 bus->tx_seq = (bus->tx_seq + 1) % SDPCM_SEQUENCE_WRAP; 2858 2859 return ret; 2860} 2861 2862static int 2863brcmf_sdbrcm_bus_txctl(struct device *dev, unsigned char *msg, uint msglen) 2864{ 2865 u8 *frame; 2866 u16 len; 2867 u32 swheader; 2868 uint retries = 0; 2869 u8 doff = 0; 2870 int ret = -1; 2871 struct brcmf_bus *bus_if = dev_get_drvdata(dev); 2872 struct brcmf_sdio_dev *sdiodev = bus_if->bus_priv.sdio; 2873 struct brcmf_sdio *bus = sdiodev->bus; 2874 2875 brcmf_dbg(TRACE, "Enter\n"); 2876 2877 /* Back the pointer to make a room for bus header */ 2878 frame = msg - SDPCM_HDRLEN; 2879 len = (msglen += SDPCM_HDRLEN); 2880 2881 /* Add alignment padding (optional for ctl frames) */ 2882 doff = ((unsigned long)frame % BRCMF_SDALIGN); 2883 if (doff) { 2884 frame -= doff; 2885 len += doff; 2886 msglen += doff; 2887 memset(frame, 0, doff + SDPCM_HDRLEN); 2888 } 2889 /* precondition: doff < BRCMF_SDALIGN */ 2890 doff += SDPCM_HDRLEN; 2891 2892 /* Round send length to next SDIO block */ 2893 if (bus->roundup && bus->blocksize && (len > bus->blocksize)) { 2894 u16 pad = bus->blocksize - (len % bus->blocksize); 2895 if ((pad <= bus->roundup) && (pad < bus->blocksize)) 2896 len += pad; 2897 } else if (len % BRCMF_SDALIGN) { 2898 len += BRCMF_SDALIGN - (len % BRCMF_SDALIGN); 2899 } 2900 2901 /* Satisfy length-alignment requirements */ 2902 if (len & (ALIGNMENT - 1)) 2903 len = roundup(len, ALIGNMENT); 2904 2905 /* precondition: IS_ALIGNED((unsigned long)frame, 2) */ 2906 2907 /* Need to lock here to protect txseq and SDIO tx calls */ 2908 down(&bus->sdsem); 2909 2910 bus_wake(bus); 2911 2912 /* Make sure backplane clock is on */ 2913 brcmf_sdbrcm_clkctl(bus, CLK_AVAIL, false); 2914 2915 /* Hardware tag: 2 byte len followed by 2 byte ~len check (all LE) */ 2916 *(__le16 *) frame = cpu_to_le16((u16) msglen); 2917 *(((__le16 *) frame) + 1) = cpu_to_le16(~msglen); 2918 2919 /* Software tag: channel, sequence number, data offset */ 2920 swheader = 2921 ((SDPCM_CONTROL_CHANNEL << SDPCM_CHANNEL_SHIFT) & 2922 SDPCM_CHANNEL_MASK) 2923 | bus->tx_seq | ((doff << SDPCM_DOFFSET_SHIFT) & 2924 SDPCM_DOFFSET_MASK); 2925 put_unaligned_le32(swheader, frame + SDPCM_FRAMETAG_LEN); 2926 put_unaligned_le32(0, frame + SDPCM_FRAMETAG_LEN + sizeof(swheader)); 2927 2928 if (!data_ok(bus)) { 2929 brcmf_dbg(INFO, "No bus credit bus->tx_max %d, bus->tx_seq %d\n", 2930 bus->tx_max, bus->tx_seq); 2931 bus->ctrl_frame_stat = true; 2932 /* Send from dpc */ 2933 bus->ctrl_frame_buf = frame; 2934 bus->ctrl_frame_len = len; 2935 2936 brcmf_sdbrcm_wait_for_event(bus, &bus->ctrl_frame_stat); 2937 2938 if (bus->ctrl_frame_stat == false) { 2939 brcmf_dbg(INFO, "ctrl_frame_stat == false\n"); 2940 ret = 0; 2941 } else { 2942 brcmf_dbg(INFO, "ctrl_frame_stat == true\n"); 2943 ret = -1; 2944 } 2945 } 2946 2947 if (ret == -1) { 2948 brcmf_dbg_hex_dump(BRCMF_BYTES_ON() && BRCMF_CTL_ON(), 2949 frame, len, "Tx Frame:\n"); 2950 brcmf_dbg_hex_dump(!(BRCMF_BYTES_ON() && BRCMF_CTL_ON()) && 2951 BRCMF_HDRS_ON(), 2952 frame, min_t(u16, len, 16), "TxHdr:\n"); 2953 2954 do { 2955 ret = brcmf_tx_frame(bus, frame, len); 2956 } while (ret < 0 && retries++ < TXRETRIES); 2957 } 2958 2959 if ((bus->idletime == BRCMF_IDLE_IMMEDIATE) && !bus->dpc_sched) { 2960 bus->activity = false; 2961 brcmf_sdbrcm_clkctl(bus, CLK_NONE, true); 2962 } 2963 2964 up(&bus->sdsem); 2965 2966 if (ret) 2967 bus->tx_ctlerrs++; 2968 else 2969 bus->tx_ctlpkts++; 2970 2971 return ret ? -EIO : 0; 2972} 2973 2974static int 2975brcmf_sdbrcm_bus_rxctl(struct device *dev, unsigned char *msg, uint msglen) 2976{ 2977 int timeleft; 2978 uint rxlen = 0; 2979 bool pending; 2980 struct brcmf_bus *bus_if = dev_get_drvdata(dev); 2981 struct brcmf_sdio_dev *sdiodev = bus_if->bus_priv.sdio; 2982 struct brcmf_sdio *bus = sdiodev->bus; 2983 2984 brcmf_dbg(TRACE, "Enter\n"); 2985 2986 /* Wait until control frame is available */ 2987 timeleft = brcmf_sdbrcm_dcmd_resp_wait(bus, &bus->rxlen, &pending); 2988 2989 down(&bus->sdsem); 2990 rxlen = bus->rxlen; 2991 memcpy(msg, bus->rxctl, min(msglen, rxlen)); 2992 bus->rxlen = 0; 2993 up(&bus->sdsem); 2994 2995 if (rxlen) { 2996 brcmf_dbg(CTL, "resumed on rxctl frame, got %d expected %d\n", 2997 rxlen, msglen); 2998 } else if (timeleft == 0) { 2999 brcmf_dbg(ERROR, "resumed on timeout\n"); 3000 } else if (pending == true) { 3001 brcmf_dbg(CTL, "cancelled\n"); 3002 return -ERESTARTSYS; 3003 } else { 3004 brcmf_dbg(CTL, "resumed for unknown reason?\n"); 3005 } 3006 3007 if (rxlen) 3008 bus->rx_ctlpkts++; 3009 else 3010 bus->rx_ctlerrs++; 3011 3012 return rxlen ? (int)rxlen : -ETIMEDOUT; 3013} 3014 3015static int brcmf_sdbrcm_downloadvars(struct brcmf_sdio *bus, void *arg, int len) 3016{ 3017 int bcmerror = 0; 3018 3019 brcmf_dbg(TRACE, "Enter\n"); 3020 3021 /* Basic sanity checks */ 3022 if (bus->sdiodev->bus_if->drvr_up) { 3023 bcmerror = -EISCONN; 3024 goto err; 3025 } 3026 if (!len) { 3027 bcmerror = -EOVERFLOW; 3028 goto err; 3029 } 3030 3031 /* Free the old ones and replace with passed variables */ 3032 kfree(bus->vars); 3033 3034 bus->vars = kmalloc(len, GFP_ATOMIC); 3035 bus->varsz = bus->vars ? len : 0; 3036 if (bus->vars == NULL) { 3037 bcmerror = -ENOMEM; 3038 goto err; 3039 } 3040 3041 /* Copy the passed variables, which should include the 3042 terminating double-null */ 3043 memcpy(bus->vars, arg, bus->varsz); 3044err: 3045 return bcmerror; 3046} 3047 3048static int brcmf_sdbrcm_write_vars(struct brcmf_sdio *bus) 3049{ 3050 int bcmerror = 0; 3051 u32 varsize; 3052 u32 varaddr; 3053 u8 *vbuffer; 3054 u32 varsizew; 3055 __le32 varsizew_le; 3056#ifdef DEBUG 3057 char *nvram_ularray; 3058#endif /* DEBUG */ 3059 3060 /* Even if there are no vars are to be written, we still 3061 need to set the ramsize. */ 3062 varsize = bus->varsz ? roundup(bus->varsz, 4) : 0; 3063 varaddr = (bus->ramsize - 4) - varsize; 3064 3065 if (bus->vars) { 3066 vbuffer = kzalloc(varsize, GFP_ATOMIC); 3067 if (!vbuffer) 3068 return -ENOMEM; 3069 3070 memcpy(vbuffer, bus->vars, bus->varsz); 3071 3072 /* Write the vars list */ 3073 bcmerror = 3074 brcmf_sdbrcm_membytes(bus, true, varaddr, vbuffer, varsize); 3075#ifdef DEBUG 3076 /* Verify NVRAM bytes */ 3077 brcmf_dbg(INFO, "Compare NVRAM dl & ul; varsize=%d\n", varsize); 3078 nvram_ularray = kmalloc(varsize, GFP_ATOMIC); 3079 if (!nvram_ularray) { 3080 kfree(vbuffer); 3081 return -ENOMEM; 3082 } 3083 3084 /* Upload image to verify downloaded contents. */ 3085 memset(nvram_ularray, 0xaa, varsize); 3086 3087 /* Read the vars list to temp buffer for comparison */ 3088 bcmerror = 3089 brcmf_sdbrcm_membytes(bus, false, varaddr, nvram_ularray, 3090 varsize); 3091 if (bcmerror) { 3092 brcmf_dbg(ERROR, "error %d on reading %d nvram bytes at 0x%08x\n", 3093 bcmerror, varsize, varaddr); 3094 } 3095 /* Compare the org NVRAM with the one read from RAM */ 3096 if (memcmp(vbuffer, nvram_ularray, varsize)) 3097 brcmf_dbg(ERROR, "Downloaded NVRAM image is corrupted\n"); 3098 else 3099 brcmf_dbg(ERROR, "Download/Upload/Compare of NVRAM ok\n"); 3100 3101 kfree(nvram_ularray); 3102#endif /* DEBUG */ 3103 3104 kfree(vbuffer); 3105 } 3106 3107 /* adjust to the user specified RAM */ 3108 brcmf_dbg(INFO, "Physical memory size: %d\n", bus->ramsize); 3109 brcmf_dbg(INFO, "Vars are at %d, orig varsize is %d\n", 3110 varaddr, varsize); 3111 varsize = ((bus->ramsize - 4) - varaddr); 3112 3113 /* 3114 * Determine the length token: 3115 * Varsize, converted to words, in lower 16-bits, checksum 3116 * in upper 16-bits. 3117 */ 3118 if (bcmerror) { 3119 varsizew = 0; 3120 varsizew_le = cpu_to_le32(0); 3121 } else { 3122 varsizew = varsize / 4; 3123 varsizew = (~varsizew << 16) | (varsizew & 0x0000FFFF); 3124 varsizew_le = cpu_to_le32(varsizew); 3125 } 3126 3127 brcmf_dbg(INFO, "New varsize is %d, length token=0x%08x\n", 3128 varsize, varsizew); 3129 3130 /* Write the length token to the last word */ 3131 bcmerror = brcmf_sdbrcm_membytes(bus, true, (bus->ramsize - 4), 3132 (u8 *)&varsizew_le, 4); 3133 3134 return bcmerror; 3135} 3136 3137static int brcmf_sdbrcm_download_state(struct brcmf_sdio *bus, bool enter) 3138{ 3139 uint retries; 3140 int bcmerror = 0; 3141 struct chip_info *ci = bus->ci; 3142 3143 /* To enter download state, disable ARM and reset SOCRAM. 3144 * To exit download state, simply reset ARM (default is RAM boot). 3145 */ 3146 if (enter) { 3147 bus->alp_only = true; 3148 3149 ci->coredisable(bus->sdiodev, ci, BCMA_CORE_ARM_CM3); 3150 3151 ci->resetcore(bus->sdiodev, ci, BCMA_CORE_INTERNAL_MEM); 3152 3153 /* Clear the top bit of memory */ 3154 if (bus->ramsize) { 3155 u32 zeros = 0; 3156 brcmf_sdbrcm_membytes(bus, true, bus->ramsize - 4, 3157 (u8 *)&zeros, 4); 3158 } 3159 } else { 3160 if (!ci->iscoreup(bus->sdiodev, ci, BCMA_CORE_INTERNAL_MEM)) { 3161 brcmf_dbg(ERROR, "SOCRAM core is down after reset?\n"); 3162 bcmerror = -EBADE; 3163 goto fail; 3164 } 3165 3166 bcmerror = brcmf_sdbrcm_write_vars(bus); 3167 if (bcmerror) { 3168 brcmf_dbg(ERROR, "no vars written to RAM\n"); 3169 bcmerror = 0; 3170 } 3171 3172 w_sdreg32(bus, 0xFFFFFFFF, 3173 offsetof(struct sdpcmd_regs, intstatus), &retries); 3174 3175 ci->resetcore(bus->sdiodev, ci, BCMA_CORE_ARM_CM3); 3176 3177 /* Allow HT Clock now that the ARM is running. */ 3178 bus->alp_only = false; 3179 3180 bus->sdiodev->bus_if->state = BRCMF_BUS_LOAD; 3181 } 3182fail: 3183 return bcmerror; 3184} 3185 3186static int brcmf_sdbrcm_get_image(char *buf, int len, struct brcmf_sdio *bus) 3187{ 3188 if (bus->firmware->size < bus->fw_ptr + len) 3189 len = bus->firmware->size - bus->fw_ptr; 3190 3191 memcpy(buf, &bus->firmware->data[bus->fw_ptr], len); 3192 bus->fw_ptr += len; 3193 return len; 3194} 3195 3196static int brcmf_sdbrcm_download_code_file(struct brcmf_sdio *bus) 3197{ 3198 int offset = 0; 3199 uint len; 3200 u8 *memblock = NULL, *memptr; 3201 int ret; 3202 3203 brcmf_dbg(INFO, "Enter\n"); 3204 3205 ret = request_firmware(&bus->firmware, BRCMFMAC_FW_NAME, 3206 &bus->sdiodev->func[2]->dev); 3207 if (ret) { 3208 brcmf_dbg(ERROR, "Fail to request firmware %d\n", ret); 3209 return ret; 3210 } 3211 bus->fw_ptr = 0; 3212 3213 memptr = memblock = kmalloc(MEMBLOCK + BRCMF_SDALIGN, GFP_ATOMIC); 3214 if (memblock == NULL) { 3215 ret = -ENOMEM; 3216 goto err; 3217 } 3218 if ((u32)(unsigned long)memblock % BRCMF_SDALIGN) 3219 memptr += (BRCMF_SDALIGN - 3220 ((u32)(unsigned long)memblock % BRCMF_SDALIGN)); 3221 3222 /* Download image */ 3223 while ((len = 3224 brcmf_sdbrcm_get_image((char *)memptr, MEMBLOCK, bus))) { 3225 ret = brcmf_sdbrcm_membytes(bus, true, offset, memptr, len); 3226 if (ret) { 3227 brcmf_dbg(ERROR, "error %d on writing %d membytes at 0x%08x\n", 3228 ret, MEMBLOCK, offset); 3229 goto err; 3230 } 3231 3232 offset += MEMBLOCK; 3233 } 3234 3235err: 3236 kfree(memblock); 3237 3238 release_firmware(bus->firmware); 3239 bus->fw_ptr = 0; 3240 3241 return ret; 3242} 3243 3244/* 3245 * ProcessVars:Takes a buffer of "<var>=<value>\n" lines read from a file 3246 * and ending in a NUL. 3247 * Removes carriage returns, empty lines, comment lines, and converts 3248 * newlines to NULs. 3249 * Shortens buffer as needed and pads with NULs. End of buffer is marked 3250 * by two NULs. 3251*/ 3252 3253static uint brcmf_process_nvram_vars(char *varbuf, uint len) 3254{ 3255 char *dp; 3256 bool findNewline; 3257 int column; 3258 uint buf_len, n; 3259 3260 dp = varbuf; 3261 3262 findNewline = false; 3263 column = 0; 3264 3265 for (n = 0; n < len; n++) { 3266 if (varbuf[n] == 0) 3267 break; 3268 if (varbuf[n] == '\r') 3269 continue; 3270 if (findNewline && varbuf[n] != '\n') 3271 continue; 3272 findNewline = false; 3273 if (varbuf[n] == '#') { 3274 findNewline = true; 3275 continue; 3276 } 3277 if (varbuf[n] == '\n') { 3278 if (column == 0) 3279 continue; 3280 *dp++ = 0; 3281 column = 0; 3282 continue; 3283 } 3284 *dp++ = varbuf[n]; 3285 column++; 3286 } 3287 buf_len = dp - varbuf; 3288 3289 while (dp < varbuf + n) 3290 *dp++ = 0; 3291 3292 return buf_len; 3293} 3294 3295static int brcmf_sdbrcm_download_nvram(struct brcmf_sdio *bus) 3296{ 3297 uint len; 3298 char *memblock = NULL; 3299 char *bufp; 3300 int ret; 3301 3302 ret = request_firmware(&bus->firmware, BRCMFMAC_NV_NAME, 3303 &bus->sdiodev->func[2]->dev); 3304 if (ret) { 3305 brcmf_dbg(ERROR, "Fail to request nvram %d\n", ret); 3306 return ret; 3307 } 3308 bus->fw_ptr = 0; 3309 3310 memblock = kmalloc(MEMBLOCK, GFP_ATOMIC); 3311 if (memblock == NULL) { 3312 ret = -ENOMEM; 3313 goto err; 3314 } 3315 3316 len = brcmf_sdbrcm_get_image(memblock, MEMBLOCK, bus); 3317 3318 if (len > 0 && len < MEMBLOCK) { 3319 bufp = (char *)memblock; 3320 bufp[len] = 0; 3321 len = brcmf_process_nvram_vars(bufp, len); 3322 bufp += len; 3323 *bufp++ = 0; 3324 if (len) 3325 ret = brcmf_sdbrcm_downloadvars(bus, memblock, len + 1); 3326 if (ret) 3327 brcmf_dbg(ERROR, "error downloading vars: %d\n", ret); 3328 } else { 3329 brcmf_dbg(ERROR, "error reading nvram file: %d\n", len); 3330 ret = -EIO; 3331 } 3332 3333err: 3334 kfree(memblock); 3335 3336 release_firmware(bus->firmware); 3337 bus->fw_ptr = 0; 3338 3339 return ret; 3340} 3341 3342static int _brcmf_sdbrcm_download_firmware(struct brcmf_sdio *bus) 3343{ 3344 int bcmerror = -1; 3345 3346 /* Keep arm in reset */ 3347 if (brcmf_sdbrcm_download_state(bus, true)) { 3348 brcmf_dbg(ERROR, "error placing ARM core in reset\n"); 3349 goto err; 3350 } 3351 3352 /* External image takes precedence if specified */ 3353 if (brcmf_sdbrcm_download_code_file(bus)) { 3354 brcmf_dbg(ERROR, "dongle image file download failed\n"); 3355 goto err; 3356 } 3357 3358 /* External nvram takes precedence if specified */ 3359 if (brcmf_sdbrcm_download_nvram(bus)) 3360 brcmf_dbg(ERROR, "dongle nvram file download failed\n"); 3361 3362 /* Take arm out of reset */ 3363 if (brcmf_sdbrcm_download_state(bus, false)) { 3364 brcmf_dbg(ERROR, "error getting out of ARM core reset\n"); 3365 goto err; 3366 } 3367 3368 bcmerror = 0; 3369 3370err: 3371 return bcmerror; 3372} 3373 3374static bool 3375brcmf_sdbrcm_download_firmware(struct brcmf_sdio *bus) 3376{ 3377 bool ret; 3378 3379 /* Download the firmware */ 3380 brcmf_sdbrcm_clkctl(bus, CLK_AVAIL, false); 3381 3382 ret = _brcmf_sdbrcm_download_firmware(bus) == 0; 3383 3384 brcmf_sdbrcm_clkctl(bus, CLK_SDONLY, false); 3385 3386 return ret; 3387} 3388 3389static int brcmf_sdbrcm_bus_init(struct device *dev) 3390{ 3391 struct brcmf_bus *bus_if = dev_get_drvdata(dev); 3392 struct brcmf_sdio_dev *sdiodev = bus_if->bus_priv.sdio; 3393 struct brcmf_sdio *bus = sdiodev->bus; 3394 unsigned long timeout; 3395 uint retries = 0; 3396 u8 ready, enable; 3397 int err, ret = 0; 3398 u8 saveclk; 3399 3400 brcmf_dbg(TRACE, "Enter\n"); 3401 3402 /* try to download image and nvram to the dongle */ 3403 if (bus_if->state == BRCMF_BUS_DOWN) { 3404 if (!(brcmf_sdbrcm_download_firmware(bus))) 3405 return -1; 3406 } 3407 3408 if (!bus->sdiodev->bus_if->drvr) 3409 return 0; 3410 3411 /* Start the watchdog timer */ 3412 bus->tickcnt = 0; 3413 brcmf_sdbrcm_wd_timer(bus, BRCMF_WD_POLL_MS); 3414 3415 down(&bus->sdsem); 3416 3417 /* Make sure backplane clock is on, needed to generate F2 interrupt */ 3418 brcmf_sdbrcm_clkctl(bus, CLK_AVAIL, false); 3419 if (bus->clkstate != CLK_AVAIL) 3420 goto exit; 3421 3422 /* Force clocks on backplane to be sure F2 interrupt propagates */ 3423 saveclk = 3424 brcmf_sdcard_cfg_read(bus->sdiodev, SDIO_FUNC_1, 3425 SBSDIO_FUNC1_CHIPCLKCSR, &err); 3426 if (!err) { 3427 brcmf_sdcard_cfg_write(bus->sdiodev, SDIO_FUNC_1, 3428 SBSDIO_FUNC1_CHIPCLKCSR, 3429 (saveclk | SBSDIO_FORCE_HT), &err); 3430 } 3431 if (err) { 3432 brcmf_dbg(ERROR, "Failed to force clock for F2: err %d\n", err); 3433 goto exit; 3434 } 3435 3436 /* Enable function 2 (frame transfers) */ 3437 w_sdreg32(bus, SDPCM_PROT_VERSION << SMB_DATA_VERSION_SHIFT, 3438 offsetof(struct sdpcmd_regs, tosbmailboxdata), &retries); 3439 enable = (SDIO_FUNC_ENABLE_1 | SDIO_FUNC_ENABLE_2); 3440 3441 brcmf_sdcard_cfg_write(bus->sdiodev, SDIO_FUNC_0, SDIO_CCCR_IOEx, 3442 enable, NULL); 3443 3444 timeout = jiffies + msecs_to_jiffies(BRCMF_WAIT_F2RDY); 3445 ready = 0; 3446 while (enable != ready) { 3447 ready = brcmf_sdcard_cfg_read(bus->sdiodev, SDIO_FUNC_0, 3448 SDIO_CCCR_IORx, NULL); 3449 if (time_after(jiffies, timeout)) 3450 break; 3451 else if (time_after(jiffies, timeout - BRCMF_WAIT_F2RDY + 50)) 3452 /* prevent busy waiting if it takes too long */ 3453 msleep_interruptible(20); 3454 } 3455 3456 brcmf_dbg(INFO, "enable 0x%02x, ready 0x%02x\n", enable, ready); 3457 3458 /* If F2 successfully enabled, set core and enable interrupts */ 3459 if (ready == enable) { 3460 /* Set up the interrupt mask and enable interrupts */ 3461 bus->hostintmask = HOSTINTMASK; 3462 w_sdreg32(bus, bus->hostintmask, 3463 offsetof(struct sdpcmd_regs, hostintmask), &retries); 3464 3465 brcmf_sdcard_cfg_write(bus->sdiodev, SDIO_FUNC_1, 3466 SBSDIO_WATERMARK, 8, &err); 3467 3468 /* Set bus state according to enable result */ 3469 bus_if->state = BRCMF_BUS_DATA; 3470 } else { 3471 /* Disable F2 again */ 3472 enable = SDIO_FUNC_ENABLE_1; 3473 brcmf_sdcard_cfg_write(bus->sdiodev, SDIO_FUNC_0, 3474 SDIO_CCCR_IOEx, enable, NULL); 3475 ret = -ENODEV; 3476 } 3477 3478 /* Restore previous clock setting */ 3479 brcmf_sdcard_cfg_write(bus->sdiodev, SDIO_FUNC_1, 3480 SBSDIO_FUNC1_CHIPCLKCSR, saveclk, &err); 3481 3482 /* If we didn't come up, turn off backplane clock */ 3483 if (!ret) 3484 brcmf_sdbrcm_clkctl(bus, CLK_NONE, false); 3485 3486exit: 3487 up(&bus->sdsem); 3488 3489 return ret; 3490} 3491 3492void brcmf_sdbrcm_isr(void *arg) 3493{ 3494 struct brcmf_sdio *bus = (struct brcmf_sdio *) arg; 3495 3496 brcmf_dbg(TRACE, "Enter\n"); 3497 3498 if (!bus) { 3499 brcmf_dbg(ERROR, "bus is null pointer, exiting\n"); 3500 return; 3501 } 3502 3503 if (bus->sdiodev->bus_if->state == BRCMF_BUS_DOWN) { 3504 brcmf_dbg(ERROR, "bus is down. we have nothing to do\n"); 3505 return; 3506 } 3507 /* Count the interrupt call */ 3508 bus->intrcount++; 3509 bus->ipend = true; 3510 3511 /* Shouldn't get this interrupt if we're sleeping? */ 3512 if (bus->sleeping) { 3513 brcmf_dbg(ERROR, "INTERRUPT WHILE SLEEPING??\n"); 3514 return; 3515 } 3516 3517 /* Disable additional interrupts (is this needed now)? */ 3518 if (!bus->intr) 3519 brcmf_dbg(ERROR, "isr w/o interrupt configured!\n"); 3520 3521 bus->dpc_sched = true; 3522 if (bus->dpc_tsk) 3523 complete(&bus->dpc_wait); 3524} 3525 3526static bool brcmf_sdbrcm_bus_watchdog(struct brcmf_sdio *bus) 3527{ 3528#ifdef DEBUG 3529 struct brcmf_bus *bus_if = dev_get_drvdata(bus->sdiodev->dev); 3530#endif /* DEBUG */ 3531 3532 brcmf_dbg(TIMER, "Enter\n"); 3533 3534 /* Ignore the timer if simulating bus down */ 3535 if (bus->sleeping) 3536 return false; 3537 3538 down(&bus->sdsem); 3539 3540 /* Poll period: check device if appropriate. */ 3541 if (bus->poll && (++bus->polltick >= bus->pollrate)) { 3542 u32 intstatus = 0; 3543 3544 /* Reset poll tick */ 3545 bus->polltick = 0; 3546 3547 /* Check device if no interrupts */ 3548 if (!bus->intr || (bus->intrcount == bus->lastintrs)) { 3549 3550 if (!bus->dpc_sched) { 3551 u8 devpend; 3552 devpend = brcmf_sdcard_cfg_read(bus->sdiodev, 3553 SDIO_FUNC_0, SDIO_CCCR_INTx, 3554 NULL); 3555 intstatus = 3556 devpend & (INTR_STATUS_FUNC1 | 3557 INTR_STATUS_FUNC2); 3558 } 3559 3560 /* If there is something, make like the ISR and 3561 schedule the DPC */ 3562 if (intstatus) { 3563 bus->pollcnt++; 3564 bus->ipend = true; 3565 3566 bus->dpc_sched = true; 3567 if (bus->dpc_tsk) 3568 complete(&bus->dpc_wait); 3569 } 3570 } 3571 3572 /* Update interrupt tracking */ 3573 bus->lastintrs = bus->intrcount; 3574 } 3575#ifdef DEBUG 3576 /* Poll for console output periodically */ 3577 if (bus_if->state == BRCMF_BUS_DATA && 3578 bus->console_interval != 0) { 3579 bus->console.count += BRCMF_WD_POLL_MS; 3580 if (bus->console.count >= bus->console_interval) { 3581 bus->console.count -= bus->console_interval; 3582 /* Make sure backplane clock is on */ 3583 brcmf_sdbrcm_clkctl(bus, CLK_AVAIL, false); 3584 if (brcmf_sdbrcm_readconsole(bus) < 0) 3585 /* stop on error */ 3586 bus->console_interval = 0; 3587 } 3588 } 3589#endif /* DEBUG */ 3590 3591 /* On idle timeout clear activity flag and/or turn off clock */ 3592 if ((bus->idletime > 0) && (bus->clkstate == CLK_AVAIL)) { 3593 if (++bus->idlecount >= bus->idletime) { 3594 bus->idlecount = 0; 3595 if (bus->activity) { 3596 bus->activity = false; 3597 brcmf_sdbrcm_wd_timer(bus, BRCMF_WD_POLL_MS); 3598 } else { 3599 brcmf_sdbrcm_clkctl(bus, CLK_NONE, false); 3600 } 3601 } 3602 } 3603 3604 up(&bus->sdsem); 3605 3606 return bus->ipend; 3607} 3608 3609static bool brcmf_sdbrcm_chipmatch(u16 chipid) 3610{ 3611 if (chipid == BCM4329_CHIP_ID) 3612 return true; 3613 if (chipid == BCM4330_CHIP_ID) 3614 return true; 3615 return false; 3616} 3617 3618static void brcmf_sdbrcm_release_malloc(struct brcmf_sdio *bus) 3619{ 3620 brcmf_dbg(TRACE, "Enter\n"); 3621 3622 kfree(bus->rxbuf); 3623 bus->rxctl = bus->rxbuf = NULL; 3624 bus->rxlen = 0; 3625 3626 kfree(bus->databuf); 3627 bus->databuf = NULL; 3628} 3629 3630static bool brcmf_sdbrcm_probe_malloc(struct brcmf_sdio *bus) 3631{ 3632 brcmf_dbg(TRACE, "Enter\n"); 3633 3634 if (bus->sdiodev->bus_if->maxctl) { 3635 bus->rxblen = 3636 roundup((bus->sdiodev->bus_if->maxctl + SDPCM_HDRLEN), 3637 ALIGNMENT) + BRCMF_SDALIGN; 3638 bus->rxbuf = kmalloc(bus->rxblen, GFP_ATOMIC); 3639 if (!(bus->rxbuf)) 3640 goto fail; 3641 } 3642 3643 /* Allocate buffer to receive glomed packet */ 3644 bus->databuf = kmalloc(MAX_DATA_BUF, GFP_ATOMIC); 3645 if (!(bus->databuf)) { 3646 /* release rxbuf which was already located as above */ 3647 if (!bus->rxblen) 3648 kfree(bus->rxbuf); 3649 goto fail; 3650 } 3651 3652 /* Align the buffer */ 3653 if ((unsigned long)bus->databuf % BRCMF_SDALIGN) 3654 bus->dataptr = bus->databuf + (BRCMF_SDALIGN - 3655 ((unsigned long)bus->databuf % BRCMF_SDALIGN)); 3656 else 3657 bus->dataptr = bus->databuf; 3658 3659 return true; 3660 3661fail: 3662 return false; 3663} 3664 3665static bool 3666brcmf_sdbrcm_probe_attach(struct brcmf_sdio *bus, u32 regsva) 3667{ 3668 u8 clkctl = 0; 3669 int err = 0; 3670 int reg_addr; 3671 u32 reg_val; 3672 u8 idx; 3673 3674 bus->alp_only = true; 3675 3676 /* Return the window to backplane enumeration space for core access */ 3677 if (brcmf_sdcard_set_sbaddr_window(bus->sdiodev, SI_ENUM_BASE)) 3678 brcmf_dbg(ERROR, "FAILED to return to SI_ENUM_BASE\n"); 3679 3680 pr_debug("F1 signature read @0x18000000=0x%4x\n", 3681 brcmf_sdcard_reg_read(bus->sdiodev, SI_ENUM_BASE, 4)); 3682 3683 /* 3684 * Force PLL off until brcmf_sdio_chip_attach() 3685 * programs PLL control regs 3686 */ 3687 3688 brcmf_sdcard_cfg_write(bus->sdiodev, SDIO_FUNC_1, 3689 SBSDIO_FUNC1_CHIPCLKCSR, 3690 BRCMF_INIT_CLKCTL1, &err); 3691 if (!err) 3692 clkctl = 3693 brcmf_sdcard_cfg_read(bus->sdiodev, SDIO_FUNC_1, 3694 SBSDIO_FUNC1_CHIPCLKCSR, &err); 3695 3696 if (err || ((clkctl & ~SBSDIO_AVBITS) != BRCMF_INIT_CLKCTL1)) { 3697 brcmf_dbg(ERROR, "ChipClkCSR access: err %d wrote 0x%02x read 0x%02x\n", 3698 err, BRCMF_INIT_CLKCTL1, clkctl); 3699 goto fail; 3700 } 3701 3702 if (brcmf_sdio_chip_attach(bus->sdiodev, &bus->ci, regsva)) { 3703 brcmf_dbg(ERROR, "brcmf_sdio_chip_attach failed!\n"); 3704 goto fail; 3705 } 3706 3707 if (!brcmf_sdbrcm_chipmatch((u16) bus->ci->chip)) { 3708 brcmf_dbg(ERROR, "unsupported chip: 0x%04x\n", bus->ci->chip); 3709 goto fail; 3710 } 3711 3712 brcmf_sdio_chip_drivestrengthinit(bus->sdiodev, bus->ci, 3713 SDIO_DRIVE_STRENGTH); 3714 3715 /* Get info on the SOCRAM cores... */ 3716 bus->ramsize = bus->ci->ramsize; 3717 if (!(bus->ramsize)) { 3718 brcmf_dbg(ERROR, "failed to find SOCRAM memory!\n"); 3719 goto fail; 3720 } 3721 3722 /* Set core control so an SDIO reset does a backplane reset */ 3723 idx = brcmf_sdio_chip_getinfidx(bus->ci, BCMA_CORE_SDIO_DEV); 3724 reg_addr = bus->ci->c_inf[idx].base + 3725 offsetof(struct sdpcmd_regs, corecontrol); 3726 reg_val = brcmf_sdcard_reg_read(bus->sdiodev, reg_addr, sizeof(u32)); 3727 brcmf_sdcard_reg_write(bus->sdiodev, reg_addr, sizeof(u32), 3728 reg_val | CC_BPRESEN); 3729 3730 brcmu_pktq_init(&bus->txq, (PRIOMASK + 1), TXQLEN); 3731 3732 /* Locate an appropriately-aligned portion of hdrbuf */ 3733 bus->rxhdr = (u8 *) roundup((unsigned long)&bus->hdrbuf[0], 3734 BRCMF_SDALIGN); 3735 3736 /* Set the poll and/or interrupt flags */ 3737 bus->intr = true; 3738 bus->poll = false; 3739 if (bus->poll) 3740 bus->pollrate = 1; 3741 3742 return true; 3743 3744fail: 3745 return false; 3746} 3747 3748static bool brcmf_sdbrcm_probe_init(struct brcmf_sdio *bus) 3749{ 3750 brcmf_dbg(TRACE, "Enter\n"); 3751 3752 /* Disable F2 to clear any intermediate frame state on the dongle */ 3753 brcmf_sdcard_cfg_write(bus->sdiodev, SDIO_FUNC_0, SDIO_CCCR_IOEx, 3754 SDIO_FUNC_ENABLE_1, NULL); 3755 3756 bus->sdiodev->bus_if->state = BRCMF_BUS_DOWN; 3757 bus->sleeping = false; 3758 bus->rxflow = false; 3759 3760 /* Done with backplane-dependent accesses, can drop clock... */ 3761 brcmf_sdcard_cfg_write(bus->sdiodev, SDIO_FUNC_1, 3762 SBSDIO_FUNC1_CHIPCLKCSR, 0, NULL); 3763 3764 /* ...and initialize clock/power states */ 3765 bus->clkstate = CLK_SDONLY; 3766 bus->idletime = BRCMF_IDLE_INTERVAL; 3767 bus->idleclock = BRCMF_IDLE_ACTIVE; 3768 3769 /* Query the F2 block size, set roundup accordingly */ 3770 bus->blocksize = bus->sdiodev->func[2]->cur_blksize; 3771 bus->roundup = min(max_roundup, bus->blocksize); 3772 3773 /* bus module does not support packet chaining */ 3774 bus->use_rxchain = false; 3775 bus->sd_rxchain = false; 3776 3777 return true; 3778} 3779 3780static int 3781brcmf_sdbrcm_watchdog_thread(void *data) 3782{ 3783 struct brcmf_sdio *bus = (struct brcmf_sdio *)data; 3784 3785 allow_signal(SIGTERM); 3786 /* Run until signal received */ 3787 while (1) { 3788 if (kthread_should_stop()) 3789 break; 3790 if (!wait_for_completion_interruptible(&bus->watchdog_wait)) { 3791 brcmf_sdbrcm_bus_watchdog(bus); 3792 /* Count the tick for reference */ 3793 bus->tickcnt++; 3794 } else 3795 break; 3796 } 3797 return 0; 3798} 3799 3800static void 3801brcmf_sdbrcm_watchdog(unsigned long data) 3802{ 3803 struct brcmf_sdio *bus = (struct brcmf_sdio *)data; 3804 3805 if (bus->watchdog_tsk) { 3806 complete(&bus->watchdog_wait); 3807 /* Reschedule the watchdog */ 3808 if (bus->wd_timer_valid) 3809 mod_timer(&bus->timer, 3810 jiffies + BRCMF_WD_POLL_MS * HZ / 1000); 3811 } 3812} 3813 3814static void brcmf_sdbrcm_release_dongle(struct brcmf_sdio *bus) 3815{ 3816 brcmf_dbg(TRACE, "Enter\n"); 3817 3818 if (bus->ci) { 3819 brcmf_sdbrcm_clkctl(bus, CLK_AVAIL, false); 3820 brcmf_sdbrcm_clkctl(bus, CLK_NONE, false); 3821 brcmf_sdio_chip_detach(&bus->ci); 3822 if (bus->vars && bus->varsz) 3823 kfree(bus->vars); 3824 bus->vars = NULL; 3825 } 3826 3827 brcmf_dbg(TRACE, "Disconnected\n"); 3828} 3829 3830/* Detach and free everything */ 3831static void brcmf_sdbrcm_release(struct brcmf_sdio *bus) 3832{ 3833 brcmf_dbg(TRACE, "Enter\n"); 3834 3835 if (bus) { 3836 /* De-register interrupt handler */ 3837 brcmf_sdcard_intr_dereg(bus->sdiodev); 3838 3839 if (bus->sdiodev->bus_if->drvr) { 3840 brcmf_detach(bus->sdiodev->dev); 3841 brcmf_sdbrcm_release_dongle(bus); 3842 } 3843 3844 brcmf_sdbrcm_release_malloc(bus); 3845 3846 kfree(bus); 3847 } 3848 3849 brcmf_dbg(TRACE, "Disconnected\n"); 3850} 3851 3852void *brcmf_sdbrcm_probe(u32 regsva, struct brcmf_sdio_dev *sdiodev) 3853{ 3854 int ret; 3855 struct brcmf_sdio *bus; 3856 3857 brcmf_dbg(TRACE, "Enter\n"); 3858 3859 /* We make an assumption about address window mappings: 3860 * regsva == SI_ENUM_BASE*/ 3861 3862 /* Allocate private bus interface state */ 3863 bus = kzalloc(sizeof(struct brcmf_sdio), GFP_ATOMIC); 3864 if (!bus) 3865 goto fail; 3866 3867 bus->sdiodev = sdiodev; 3868 sdiodev->bus = bus; 3869 skb_queue_head_init(&bus->glom); 3870 bus->txbound = BRCMF_TXBOUND; 3871 bus->rxbound = BRCMF_RXBOUND; 3872 bus->txminmax = BRCMF_TXMINMAX; 3873 bus->tx_seq = SDPCM_SEQUENCE_WRAP - 1; 3874 bus->usebufpool = false; /* Use bufpool if allocated, 3875 else use locally malloced rxbuf */ 3876 3877 /* attempt to attach to the dongle */ 3878 if (!(brcmf_sdbrcm_probe_attach(bus, regsva))) { 3879 brcmf_dbg(ERROR, "brcmf_sdbrcm_probe_attach failed\n"); 3880 goto fail; 3881 } 3882 3883 spin_lock_init(&bus->txqlock); 3884 init_waitqueue_head(&bus->ctrl_wait); 3885 init_waitqueue_head(&bus->dcmd_resp_wait); 3886 3887 /* Set up the watchdog timer */ 3888 init_timer(&bus->timer); 3889 bus->timer.data = (unsigned long)bus; 3890 bus->timer.function = brcmf_sdbrcm_watchdog; 3891 3892 /* Initialize thread based operation and lock */ 3893 sema_init(&bus->sdsem, 1); 3894 3895 /* Initialize watchdog thread */ 3896 init_completion(&bus->watchdog_wait); 3897 bus->watchdog_tsk = kthread_run(brcmf_sdbrcm_watchdog_thread, 3898 bus, "brcmf_watchdog"); 3899 if (IS_ERR(bus->watchdog_tsk)) { 3900 pr_warn("brcmf_watchdog thread failed to start\n"); 3901 bus->watchdog_tsk = NULL; 3902 } 3903 /* Initialize DPC thread */ 3904 init_completion(&bus->dpc_wait); 3905 bus->dpc_tsk = kthread_run(brcmf_sdbrcm_dpc_thread, 3906 bus, "brcmf_dpc"); 3907 if (IS_ERR(bus->dpc_tsk)) { 3908 pr_warn("brcmf_dpc thread failed to start\n"); 3909 bus->dpc_tsk = NULL; 3910 } 3911 3912 /* Assign bus interface call back */ 3913 bus->sdiodev->bus_if->brcmf_bus_stop = brcmf_sdbrcm_bus_stop; 3914 bus->sdiodev->bus_if->brcmf_bus_init = brcmf_sdbrcm_bus_init; 3915 bus->sdiodev->bus_if->brcmf_bus_txdata = brcmf_sdbrcm_bus_txdata; 3916 bus->sdiodev->bus_if->brcmf_bus_txctl = brcmf_sdbrcm_bus_txctl; 3917 bus->sdiodev->bus_if->brcmf_bus_rxctl = brcmf_sdbrcm_bus_rxctl; 3918 /* Attach to the brcmf/OS/network interface */ 3919 ret = brcmf_attach(SDPCM_RESERVE, bus->sdiodev->dev); 3920 if (ret != 0) { 3921 brcmf_dbg(ERROR, "brcmf_attach failed\n"); 3922 goto fail; 3923 } 3924 3925 /* Allocate buffers */ 3926 if (!(brcmf_sdbrcm_probe_malloc(bus))) { 3927 brcmf_dbg(ERROR, "brcmf_sdbrcm_probe_malloc failed\n"); 3928 goto fail; 3929 } 3930 3931 if (!(brcmf_sdbrcm_probe_init(bus))) { 3932 brcmf_dbg(ERROR, "brcmf_sdbrcm_probe_init failed\n"); 3933 goto fail; 3934 } 3935 3936 /* Register interrupt callback, but mask it (not operational yet). */ 3937 brcmf_dbg(INTR, "disable SDIO interrupts (not interested yet)\n"); 3938 ret = brcmf_sdcard_intr_reg(bus->sdiodev); 3939 if (ret != 0) { 3940 brcmf_dbg(ERROR, "FAILED: sdcard_intr_reg returned %d\n", ret); 3941 goto fail; 3942 } 3943 brcmf_dbg(INTR, "registered SDIO interrupt function ok\n"); 3944 3945 brcmf_dbg(INFO, "completed!!\n"); 3946 3947 /* if firmware path present try to download and bring up bus */ 3948 ret = brcmf_bus_start(bus->sdiodev->dev); 3949 if (ret != 0) { 3950 if (ret == -ENOLINK) { 3951 brcmf_dbg(ERROR, "dongle is not responding\n"); 3952 goto fail; 3953 } 3954 } 3955 3956 /* add interface and open for business */ 3957 if (brcmf_add_if(bus->sdiodev->dev, 0, "wlan%d", NULL)) { 3958 brcmf_dbg(ERROR, "Add primary net device interface failed!!\n"); 3959 goto fail; 3960 } 3961 3962 return bus; 3963 3964fail: 3965 brcmf_sdbrcm_release(bus); 3966 return NULL; 3967} 3968 3969void brcmf_sdbrcm_disconnect(void *ptr) 3970{ 3971 struct brcmf_sdio *bus = (struct brcmf_sdio *)ptr; 3972 3973 brcmf_dbg(TRACE, "Enter\n"); 3974 3975 if (bus) 3976 brcmf_sdbrcm_release(bus); 3977 3978 brcmf_dbg(TRACE, "Disconnected\n"); 3979} 3980 3981void 3982brcmf_sdbrcm_wd_timer(struct brcmf_sdio *bus, uint wdtick) 3983{ 3984 /* Totally stop the timer */ 3985 if (!wdtick && bus->wd_timer_valid == true) { 3986 del_timer_sync(&bus->timer); 3987 bus->wd_timer_valid = false; 3988 bus->save_ms = wdtick; 3989 return; 3990 } 3991 3992 /* don't start the wd until fw is loaded */ 3993 if (bus->sdiodev->bus_if->state == BRCMF_BUS_DOWN) 3994 return; 3995 3996 if (wdtick) { 3997 if (bus->save_ms != BRCMF_WD_POLL_MS) { 3998 if (bus->wd_timer_valid == true) 3999 /* Stop timer and restart at new value */ 4000 del_timer_sync(&bus->timer); 4001 4002 /* Create timer again when watchdog period is 4003 dynamically changed or in the first instance 4004 */ 4005 bus->timer.expires = 4006 jiffies + BRCMF_WD_POLL_MS * HZ / 1000; 4007 add_timer(&bus->timer); 4008 4009 } else { 4010 /* Re arm the timer, at last watchdog period */ 4011 mod_timer(&bus->timer, 4012 jiffies + BRCMF_WD_POLL_MS * HZ / 1000); 4013 } 4014 4015 bus->wd_timer_valid = true; 4016 bus->save_ms = wdtick; 4017 } 4018} 4019