dhd_sdio.c revision e2432b6787a15e0b3c255a017d16033ba30204c0
1/* 2 * Copyright (c) 2010 Broadcom Corporation 3 * 4 * Permission to use, copy, modify, and/or distribute this software for any 5 * purpose with or without fee is hereby granted, provided that the above 6 * copyright notice and this permission notice appear in all copies. 7 * 8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 11 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION 13 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN 14 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 */ 16 17#include <linux/types.h> 18#include <linux/kernel.h> 19#include <linux/kthread.h> 20#include <linux/printk.h> 21#include <linux/pci_ids.h> 22#include <linux/netdevice.h> 23#include <linux/interrupt.h> 24#include <linux/sched.h> 25#include <linux/mmc/sdio.h> 26#include <linux/mmc/sdio_func.h> 27#include <linux/mmc/card.h> 28#include <linux/semaphore.h> 29#include <linux/firmware.h> 30#include <linux/module.h> 31#include <linux/bcma/bcma.h> 32#include <linux/debugfs.h> 33#include <linux/vmalloc.h> 34#include <asm/unaligned.h> 35#include <defs.h> 36#include <brcmu_wifi.h> 37#include <brcmu_utils.h> 38#include <brcm_hw_ids.h> 39#include <soc.h> 40#include "sdio_host.h" 41#include "sdio_chip.h" 42 43#define DCMD_RESP_TIMEOUT 2000 /* In milli second */ 44 45#ifdef DEBUG 46 47#define BRCMF_TRAP_INFO_SIZE 80 48 49#define CBUF_LEN (128) 50 51/* Device console log buffer state */ 52#define CONSOLE_BUFFER_MAX 2024 53 54struct rte_log_le { 55 __le32 buf; /* Can't be pointer on (64-bit) hosts */ 56 __le32 buf_size; 57 __le32 idx; 58 char *_buf_compat; /* Redundant pointer for backward compat. */ 59}; 60 61struct rte_console { 62 /* Virtual UART 63 * When there is no UART (e.g. Quickturn), 64 * the host should write a complete 65 * input line directly into cbuf and then write 66 * the length into vcons_in. 67 * This may also be used when there is a real UART 68 * (at risk of conflicting with 69 * the real UART). vcons_out is currently unused. 70 */ 71 uint vcons_in; 72 uint vcons_out; 73 74 /* Output (logging) buffer 75 * Console output is written to a ring buffer log_buf at index log_idx. 76 * The host may read the output when it sees log_idx advance. 77 * Output will be lost if the output wraps around faster than the host 78 * polls. 79 */ 80 struct rte_log_le log_le; 81 82 /* Console input line buffer 83 * Characters are read one at a time into cbuf 84 * until <CR> is received, then 85 * the buffer is processed as a command line. 86 * Also used for virtual UART. 87 */ 88 uint cbuf_idx; 89 char cbuf[CBUF_LEN]; 90}; 91 92#endif /* DEBUG */ 93#include <chipcommon.h> 94 95#include "dhd_bus.h" 96#include "dhd_dbg.h" 97 98#define TXQLEN 2048 /* bulk tx queue length */ 99#define TXHI (TXQLEN - 256) /* turn on flow control above TXHI */ 100#define TXLOW (TXHI - 256) /* turn off flow control below TXLOW */ 101#define PRIOMASK 7 102 103#define TXRETRIES 2 /* # of retries for tx frames */ 104 105#define BRCMF_RXBOUND 50 /* Default for max rx frames in 106 one scheduling */ 107 108#define BRCMF_TXBOUND 20 /* Default for max tx frames in 109 one scheduling */ 110 111#define BRCMF_TXMINMAX 1 /* Max tx frames if rx still pending */ 112 113#define MEMBLOCK 2048 /* Block size used for downloading 114 of dongle image */ 115#define MAX_DATA_BUF (32 * 1024) /* Must be large enough to hold 116 biggest possible glom */ 117 118#define BRCMF_FIRSTREAD (1 << 6) 119 120 121/* SBSDIO_DEVICE_CTL */ 122 123/* 1: device will assert busy signal when receiving CMD53 */ 124#define SBSDIO_DEVCTL_SETBUSY 0x01 125/* 1: assertion of sdio interrupt is synchronous to the sdio clock */ 126#define SBSDIO_DEVCTL_SPI_INTR_SYNC 0x02 127/* 1: mask all interrupts to host except the chipActive (rev 8) */ 128#define SBSDIO_DEVCTL_CA_INT_ONLY 0x04 129/* 1: isolate internal sdio signals, put external pads in tri-state; requires 130 * sdio bus power cycle to clear (rev 9) */ 131#define SBSDIO_DEVCTL_PADS_ISO 0x08 132/* Force SD->SB reset mapping (rev 11) */ 133#define SBSDIO_DEVCTL_SB_RST_CTL 0x30 134/* Determined by CoreControl bit */ 135#define SBSDIO_DEVCTL_RST_CORECTL 0x00 136/* Force backplane reset */ 137#define SBSDIO_DEVCTL_RST_BPRESET 0x10 138/* Force no backplane reset */ 139#define SBSDIO_DEVCTL_RST_NOBPRESET 0x20 140 141/* direct(mapped) cis space */ 142 143/* MAPPED common CIS address */ 144#define SBSDIO_CIS_BASE_COMMON 0x1000 145/* maximum bytes in one CIS */ 146#define SBSDIO_CIS_SIZE_LIMIT 0x200 147/* cis offset addr is < 17 bits */ 148#define SBSDIO_CIS_OFT_ADDR_MASK 0x1FFFF 149 150/* manfid tuple length, include tuple, link bytes */ 151#define SBSDIO_CIS_MANFID_TUPLE_LEN 6 152 153/* intstatus */ 154#define I_SMB_SW0 (1 << 0) /* To SB Mail S/W interrupt 0 */ 155#define I_SMB_SW1 (1 << 1) /* To SB Mail S/W interrupt 1 */ 156#define I_SMB_SW2 (1 << 2) /* To SB Mail S/W interrupt 2 */ 157#define I_SMB_SW3 (1 << 3) /* To SB Mail S/W interrupt 3 */ 158#define I_SMB_SW_MASK 0x0000000f /* To SB Mail S/W interrupts mask */ 159#define I_SMB_SW_SHIFT 0 /* To SB Mail S/W interrupts shift */ 160#define I_HMB_SW0 (1 << 4) /* To Host Mail S/W interrupt 0 */ 161#define I_HMB_SW1 (1 << 5) /* To Host Mail S/W interrupt 1 */ 162#define I_HMB_SW2 (1 << 6) /* To Host Mail S/W interrupt 2 */ 163#define I_HMB_SW3 (1 << 7) /* To Host Mail S/W interrupt 3 */ 164#define I_HMB_SW_MASK 0x000000f0 /* To Host Mail S/W interrupts mask */ 165#define I_HMB_SW_SHIFT 4 /* To Host Mail S/W interrupts shift */ 166#define I_WR_OOSYNC (1 << 8) /* Write Frame Out Of Sync */ 167#define I_RD_OOSYNC (1 << 9) /* Read Frame Out Of Sync */ 168#define I_PC (1 << 10) /* descriptor error */ 169#define I_PD (1 << 11) /* data error */ 170#define I_DE (1 << 12) /* Descriptor protocol Error */ 171#define I_RU (1 << 13) /* Receive descriptor Underflow */ 172#define I_RO (1 << 14) /* Receive fifo Overflow */ 173#define I_XU (1 << 15) /* Transmit fifo Underflow */ 174#define I_RI (1 << 16) /* Receive Interrupt */ 175#define I_BUSPWR (1 << 17) /* SDIO Bus Power Change (rev 9) */ 176#define I_XMTDATA_AVAIL (1 << 23) /* bits in fifo */ 177#define I_XI (1 << 24) /* Transmit Interrupt */ 178#define I_RF_TERM (1 << 25) /* Read Frame Terminate */ 179#define I_WF_TERM (1 << 26) /* Write Frame Terminate */ 180#define I_PCMCIA_XU (1 << 27) /* PCMCIA Transmit FIFO Underflow */ 181#define I_SBINT (1 << 28) /* sbintstatus Interrupt */ 182#define I_CHIPACTIVE (1 << 29) /* chip from doze to active state */ 183#define I_SRESET (1 << 30) /* CCCR RES interrupt */ 184#define I_IOE2 (1U << 31) /* CCCR IOE2 Bit Changed */ 185#define I_ERRORS (I_PC | I_PD | I_DE | I_RU | I_RO | I_XU) 186#define I_DMA (I_RI | I_XI | I_ERRORS) 187 188/* corecontrol */ 189#define CC_CISRDY (1 << 0) /* CIS Ready */ 190#define CC_BPRESEN (1 << 1) /* CCCR RES signal */ 191#define CC_F2RDY (1 << 2) /* set CCCR IOR2 bit */ 192#define CC_CLRPADSISO (1 << 3) /* clear SDIO pads isolation */ 193#define CC_XMTDATAAVAIL_MODE (1 << 4) 194#define CC_XMTDATAAVAIL_CTRL (1 << 5) 195 196/* SDA_FRAMECTRL */ 197#define SFC_RF_TERM (1 << 0) /* Read Frame Terminate */ 198#define SFC_WF_TERM (1 << 1) /* Write Frame Terminate */ 199#define SFC_CRC4WOOS (1 << 2) /* CRC error for write out of sync */ 200#define SFC_ABORTALL (1 << 3) /* Abort all in-progress frames */ 201 202/* HW frame tag */ 203#define SDPCM_FRAMETAG_LEN 4 /* 2 bytes len, 2 bytes check val */ 204 205/* Total length of frame header for dongle protocol */ 206#define SDPCM_HDRLEN (SDPCM_FRAMETAG_LEN + SDPCM_SWHEADER_LEN) 207#define SDPCM_RESERVE (SDPCM_HDRLEN + BRCMF_SDALIGN) 208 209/* 210 * Software allocation of To SB Mailbox resources 211 */ 212 213/* tosbmailbox bits corresponding to intstatus bits */ 214#define SMB_NAK (1 << 0) /* Frame NAK */ 215#define SMB_INT_ACK (1 << 1) /* Host Interrupt ACK */ 216#define SMB_USE_OOB (1 << 2) /* Use OOB Wakeup */ 217#define SMB_DEV_INT (1 << 3) /* Miscellaneous Interrupt */ 218 219/* tosbmailboxdata */ 220#define SMB_DATA_VERSION_SHIFT 16 /* host protocol version */ 221 222/* 223 * Software allocation of To Host Mailbox resources 224 */ 225 226/* intstatus bits */ 227#define I_HMB_FC_STATE I_HMB_SW0 /* Flow Control State */ 228#define I_HMB_FC_CHANGE I_HMB_SW1 /* Flow Control State Changed */ 229#define I_HMB_FRAME_IND I_HMB_SW2 /* Frame Indication */ 230#define I_HMB_HOST_INT I_HMB_SW3 /* Miscellaneous Interrupt */ 231 232/* tohostmailboxdata */ 233#define HMB_DATA_NAKHANDLED 1 /* retransmit NAK'd frame */ 234#define HMB_DATA_DEVREADY 2 /* talk to host after enable */ 235#define HMB_DATA_FC 4 /* per prio flowcontrol update flag */ 236#define HMB_DATA_FWREADY 8 /* fw ready for protocol activity */ 237 238#define HMB_DATA_FCDATA_MASK 0xff000000 239#define HMB_DATA_FCDATA_SHIFT 24 240 241#define HMB_DATA_VERSION_MASK 0x00ff0000 242#define HMB_DATA_VERSION_SHIFT 16 243 244/* 245 * Software-defined protocol header 246 */ 247 248/* Current protocol version */ 249#define SDPCM_PROT_VERSION 4 250 251/* SW frame header */ 252#define SDPCM_PACKET_SEQUENCE(p) (((u8 *)p)[0] & 0xff) 253 254#define SDPCM_CHANNEL_MASK 0x00000f00 255#define SDPCM_CHANNEL_SHIFT 8 256#define SDPCM_PACKET_CHANNEL(p) (((u8 *)p)[1] & 0x0f) 257 258#define SDPCM_NEXTLEN_OFFSET 2 259 260/* Data Offset from SOF (HW Tag, SW Tag, Pad) */ 261#define SDPCM_DOFFSET_OFFSET 3 /* Data Offset */ 262#define SDPCM_DOFFSET_VALUE(p) (((u8 *)p)[SDPCM_DOFFSET_OFFSET] & 0xff) 263#define SDPCM_DOFFSET_MASK 0xff000000 264#define SDPCM_DOFFSET_SHIFT 24 265#define SDPCM_FCMASK_OFFSET 4 /* Flow control */ 266#define SDPCM_FCMASK_VALUE(p) (((u8 *)p)[SDPCM_FCMASK_OFFSET] & 0xff) 267#define SDPCM_WINDOW_OFFSET 5 /* Credit based fc */ 268#define SDPCM_WINDOW_VALUE(p) (((u8 *)p)[SDPCM_WINDOW_OFFSET] & 0xff) 269 270#define SDPCM_SWHEADER_LEN 8 /* SW header is 64 bits */ 271 272/* logical channel numbers */ 273#define SDPCM_CONTROL_CHANNEL 0 /* Control channel Id */ 274#define SDPCM_EVENT_CHANNEL 1 /* Asyc Event Indication Channel Id */ 275#define SDPCM_DATA_CHANNEL 2 /* Data Xmit/Recv Channel Id */ 276#define SDPCM_GLOM_CHANNEL 3 /* For coalesced packets */ 277#define SDPCM_TEST_CHANNEL 15 /* Reserved for test/debug packets */ 278 279#define SDPCM_SEQUENCE_WRAP 256 /* wrap-around val for 8bit frame seq */ 280 281#define SDPCM_GLOMDESC(p) (((u8 *)p)[1] & 0x80) 282 283/* 284 * Shared structure between dongle and the host. 285 * The structure contains pointers to trap or assert information. 286 */ 287#define SDPCM_SHARED_VERSION 0x0003 288#define SDPCM_SHARED_VERSION_MASK 0x00FF 289#define SDPCM_SHARED_ASSERT_BUILT 0x0100 290#define SDPCM_SHARED_ASSERT 0x0200 291#define SDPCM_SHARED_TRAP 0x0400 292 293/* Space for header read, limit for data packets */ 294#define MAX_HDR_READ (1 << 6) 295#define MAX_RX_DATASZ 2048 296 297/* Maximum milliseconds to wait for F2 to come up */ 298#define BRCMF_WAIT_F2RDY 3000 299 300/* Bump up limit on waiting for HT to account for first startup; 301 * if the image is doing a CRC calculation before programming the PMU 302 * for HT availability, it could take a couple hundred ms more, so 303 * max out at a 1 second (1000000us). 304 */ 305#undef PMU_MAX_TRANSITION_DLY 306#define PMU_MAX_TRANSITION_DLY 1000000 307 308/* Value for ChipClockCSR during initial setup */ 309#define BRCMF_INIT_CLKCTL1 (SBSDIO_FORCE_HW_CLKREQ_OFF | \ 310 SBSDIO_ALP_AVAIL_REQ) 311 312/* Flags for SDH calls */ 313#define F2SYNC (SDIO_REQ_4BYTE | SDIO_REQ_FIXED) 314 315#define BRCMF_SDIO_FW_NAME "brcm/brcmfmac-sdio.bin" 316#define BRCMF_SDIO_NV_NAME "brcm/brcmfmac-sdio.txt" 317MODULE_FIRMWARE(BRCMF_SDIO_FW_NAME); 318MODULE_FIRMWARE(BRCMF_SDIO_NV_NAME); 319 320#define BRCMF_IDLE_IMMEDIATE (-1) /* Enter idle immediately */ 321#define BRCMF_IDLE_ACTIVE 0 /* Do not request any SD clock change 322 * when idle 323 */ 324#define BRCMF_IDLE_INTERVAL 1 325 326/* 327 * Conversion of 802.1D priority to precedence level 328 */ 329static uint prio2prec(u32 prio) 330{ 331 return (prio == PRIO_8021D_NONE || prio == PRIO_8021D_BE) ? 332 (prio^2) : prio; 333} 334 335/* core registers */ 336struct sdpcmd_regs { 337 u32 corecontrol; /* 0x00, rev8 */ 338 u32 corestatus; /* rev8 */ 339 u32 PAD[1]; 340 u32 biststatus; /* rev8 */ 341 342 /* PCMCIA access */ 343 u16 pcmciamesportaladdr; /* 0x010, rev8 */ 344 u16 PAD[1]; 345 u16 pcmciamesportalmask; /* rev8 */ 346 u16 PAD[1]; 347 u16 pcmciawrframebc; /* rev8 */ 348 u16 PAD[1]; 349 u16 pcmciaunderflowtimer; /* rev8 */ 350 u16 PAD[1]; 351 352 /* interrupt */ 353 u32 intstatus; /* 0x020, rev8 */ 354 u32 hostintmask; /* rev8 */ 355 u32 intmask; /* rev8 */ 356 u32 sbintstatus; /* rev8 */ 357 u32 sbintmask; /* rev8 */ 358 u32 funcintmask; /* rev4 */ 359 u32 PAD[2]; 360 u32 tosbmailbox; /* 0x040, rev8 */ 361 u32 tohostmailbox; /* rev8 */ 362 u32 tosbmailboxdata; /* rev8 */ 363 u32 tohostmailboxdata; /* rev8 */ 364 365 /* synchronized access to registers in SDIO clock domain */ 366 u32 sdioaccess; /* 0x050, rev8 */ 367 u32 PAD[3]; 368 369 /* PCMCIA frame control */ 370 u8 pcmciaframectrl; /* 0x060, rev8 */ 371 u8 PAD[3]; 372 u8 pcmciawatermark; /* rev8 */ 373 u8 PAD[155]; 374 375 /* interrupt batching control */ 376 u32 intrcvlazy; /* 0x100, rev8 */ 377 u32 PAD[3]; 378 379 /* counters */ 380 u32 cmd52rd; /* 0x110, rev8 */ 381 u32 cmd52wr; /* rev8 */ 382 u32 cmd53rd; /* rev8 */ 383 u32 cmd53wr; /* rev8 */ 384 u32 abort; /* rev8 */ 385 u32 datacrcerror; /* rev8 */ 386 u32 rdoutofsync; /* rev8 */ 387 u32 wroutofsync; /* rev8 */ 388 u32 writebusy; /* rev8 */ 389 u32 readwait; /* rev8 */ 390 u32 readterm; /* rev8 */ 391 u32 writeterm; /* rev8 */ 392 u32 PAD[40]; 393 u32 clockctlstatus; /* rev8 */ 394 u32 PAD[7]; 395 396 u32 PAD[128]; /* DMA engines */ 397 398 /* SDIO/PCMCIA CIS region */ 399 char cis[512]; /* 0x400-0x5ff, rev6 */ 400 401 /* PCMCIA function control registers */ 402 char pcmciafcr[256]; /* 0x600-6ff, rev6 */ 403 u16 PAD[55]; 404 405 /* PCMCIA backplane access */ 406 u16 backplanecsr; /* 0x76E, rev6 */ 407 u16 backplaneaddr0; /* rev6 */ 408 u16 backplaneaddr1; /* rev6 */ 409 u16 backplaneaddr2; /* rev6 */ 410 u16 backplaneaddr3; /* rev6 */ 411 u16 backplanedata0; /* rev6 */ 412 u16 backplanedata1; /* rev6 */ 413 u16 backplanedata2; /* rev6 */ 414 u16 backplanedata3; /* rev6 */ 415 u16 PAD[31]; 416 417 /* sprom "size" & "blank" info */ 418 u16 spromstatus; /* 0x7BE, rev2 */ 419 u32 PAD[464]; 420 421 u16 PAD[0x80]; 422}; 423 424#ifdef DEBUG 425/* Device console log buffer state */ 426struct brcmf_console { 427 uint count; /* Poll interval msec counter */ 428 uint log_addr; /* Log struct address (fixed) */ 429 struct rte_log_le log_le; /* Log struct (host copy) */ 430 uint bufsize; /* Size of log buffer */ 431 u8 *buf; /* Log buffer (host copy) */ 432 uint last; /* Last buffer read index */ 433}; 434 435struct brcmf_trap_info { 436 __le32 type; 437 __le32 epc; 438 __le32 cpsr; 439 __le32 spsr; 440 __le32 r0; /* a1 */ 441 __le32 r1; /* a2 */ 442 __le32 r2; /* a3 */ 443 __le32 r3; /* a4 */ 444 __le32 r4; /* v1 */ 445 __le32 r5; /* v2 */ 446 __le32 r6; /* v3 */ 447 __le32 r7; /* v4 */ 448 __le32 r8; /* v5 */ 449 __le32 r9; /* sb/v6 */ 450 __le32 r10; /* sl/v7 */ 451 __le32 r11; /* fp/v8 */ 452 __le32 r12; /* ip */ 453 __le32 r13; /* sp */ 454 __le32 r14; /* lr */ 455 __le32 pc; /* r15 */ 456}; 457#endif /* DEBUG */ 458 459struct sdpcm_shared { 460 u32 flags; 461 u32 trap_addr; 462 u32 assert_exp_addr; 463 u32 assert_file_addr; 464 u32 assert_line; 465 u32 console_addr; /* Address of struct rte_console */ 466 u32 msgtrace_addr; 467 u8 tag[32]; 468 u32 brpt_addr; 469}; 470 471struct sdpcm_shared_le { 472 __le32 flags; 473 __le32 trap_addr; 474 __le32 assert_exp_addr; 475 __le32 assert_file_addr; 476 __le32 assert_line; 477 __le32 console_addr; /* Address of struct rte_console */ 478 __le32 msgtrace_addr; 479 u8 tag[32]; 480 __le32 brpt_addr; 481}; 482 483/* SDIO read frame info */ 484struct brcmf_sdio_read { 485 u8 seq_num; 486 u8 channel; 487 u16 len; 488 u16 len_left; 489 u16 len_nxtfrm; 490 u8 dat_offset; 491}; 492 493/* misc chip info needed by some of the routines */ 494/* Private data for SDIO bus interaction */ 495struct brcmf_sdio { 496 struct brcmf_sdio_dev *sdiodev; /* sdio device handler */ 497 struct chip_info *ci; /* Chip info struct */ 498 char *vars; /* Variables (from CIS and/or other) */ 499 uint varsz; /* Size of variables buffer */ 500 501 u32 ramsize; /* Size of RAM in SOCRAM (bytes) */ 502 503 u32 hostintmask; /* Copy of Host Interrupt Mask */ 504 atomic_t intstatus; /* Intstatus bits (events) pending */ 505 atomic_t fcstate; /* State of dongle flow-control */ 506 507 uint blocksize; /* Block size of SDIO transfers */ 508 uint roundup; /* Max roundup limit */ 509 510 struct pktq txq; /* Queue length used for flow-control */ 511 u8 flowcontrol; /* per prio flow control bitmask */ 512 u8 tx_seq; /* Transmit sequence number (next) */ 513 u8 tx_max; /* Maximum transmit sequence allowed */ 514 515 u8 hdrbuf[MAX_HDR_READ + BRCMF_SDALIGN]; 516 u8 *rxhdr; /* Header of current rx frame (in hdrbuf) */ 517 u8 rx_seq; /* Receive sequence number (expected) */ 518 struct brcmf_sdio_read cur_read; 519 /* info of current read frame */ 520 bool rxskip; /* Skip receive (awaiting NAK ACK) */ 521 bool rxpending; /* Data frame pending in dongle */ 522 523 uint rxbound; /* Rx frames to read before resched */ 524 uint txbound; /* Tx frames to send before resched */ 525 uint txminmax; 526 527 struct sk_buff *glomd; /* Packet containing glomming descriptor */ 528 struct sk_buff_head glom; /* Packet list for glommed superframe */ 529 uint glomerr; /* Glom packet read errors */ 530 531 u8 *rxbuf; /* Buffer for receiving control packets */ 532 uint rxblen; /* Allocated length of rxbuf */ 533 u8 *rxctl; /* Aligned pointer into rxbuf */ 534 u8 *rxctl_orig; /* pointer for freeing rxctl */ 535 u8 *databuf; /* Buffer for receiving big glom packet */ 536 u8 *dataptr; /* Aligned pointer into databuf */ 537 uint rxlen; /* Length of valid data in buffer */ 538 spinlock_t rxctl_lock; /* protection lock for ctrl frame resources */ 539 540 u8 sdpcm_ver; /* Bus protocol reported by dongle */ 541 542 bool intr; /* Use interrupts */ 543 bool poll; /* Use polling */ 544 atomic_t ipend; /* Device interrupt is pending */ 545 uint spurious; /* Count of spurious interrupts */ 546 uint pollrate; /* Ticks between device polls */ 547 uint polltick; /* Tick counter */ 548 549#ifdef DEBUG 550 uint console_interval; 551 struct brcmf_console console; /* Console output polling support */ 552 uint console_addr; /* Console address from shared struct */ 553#endif /* DEBUG */ 554 555 uint clkstate; /* State of sd and backplane clock(s) */ 556 bool activity; /* Activity flag for clock down */ 557 s32 idletime; /* Control for activity timeout */ 558 s32 idlecount; /* Activity timeout counter */ 559 s32 idleclock; /* How to set bus driver when idle */ 560 s32 sd_rxchain; 561 bool use_rxchain; /* If brcmf should use PKT chains */ 562 bool rxflow_mode; /* Rx flow control mode */ 563 bool rxflow; /* Is rx flow control on */ 564 bool alp_only; /* Don't use HT clock (ALP only) */ 565 566 u8 *ctrl_frame_buf; 567 u32 ctrl_frame_len; 568 bool ctrl_frame_stat; 569 570 spinlock_t txqlock; 571 wait_queue_head_t ctrl_wait; 572 wait_queue_head_t dcmd_resp_wait; 573 574 struct timer_list timer; 575 struct completion watchdog_wait; 576 struct task_struct *watchdog_tsk; 577 bool wd_timer_valid; 578 uint save_ms; 579 580 struct workqueue_struct *brcmf_wq; 581 struct work_struct datawork; 582 struct list_head dpc_tsklst; 583 spinlock_t dpc_tl_lock; 584 585 const struct firmware *firmware; 586 u32 fw_ptr; 587 588 bool txoff; /* Transmit flow-controlled */ 589 struct brcmf_sdio_count sdcnt; 590}; 591 592/* clkstate */ 593#define CLK_NONE 0 594#define CLK_SDONLY 1 595#define CLK_PENDING 2 /* Not used yet */ 596#define CLK_AVAIL 3 597 598#ifdef DEBUG 599static int qcount[NUMPRIO]; 600static int tx_packets[NUMPRIO]; 601#endif /* DEBUG */ 602 603#define SDIO_DRIVE_STRENGTH 6 /* in milliamps */ 604 605#define RETRYCHAN(chan) ((chan) == SDPCM_EVENT_CHANNEL) 606 607/* Retry count for register access failures */ 608static const uint retry_limit = 2; 609 610/* Limit on rounding up frames */ 611static const uint max_roundup = 512; 612 613#define ALIGNMENT 4 614 615enum brcmf_sdio_frmtype { 616 BRCMF_SDIO_FT_NORMAL, 617 BRCMF_SDIO_FT_SUPER, 618 BRCMF_SDIO_FT_SUB, 619}; 620 621static void pkt_align(struct sk_buff *p, int len, int align) 622{ 623 uint datalign; 624 datalign = (unsigned long)(p->data); 625 datalign = roundup(datalign, (align)) - datalign; 626 if (datalign) 627 skb_pull(p, datalign); 628 __skb_trim(p, len); 629} 630 631/* To check if there's window offered */ 632static bool data_ok(struct brcmf_sdio *bus) 633{ 634 return (u8)(bus->tx_max - bus->tx_seq) != 0 && 635 ((u8)(bus->tx_max - bus->tx_seq) & 0x80) == 0; 636} 637 638/* 639 * Reads a register in the SDIO hardware block. This block occupies a series of 640 * adresses on the 32 bit backplane bus. 641 */ 642static int 643r_sdreg32(struct brcmf_sdio *bus, u32 *regvar, u32 offset) 644{ 645 u8 idx = brcmf_sdio_chip_getinfidx(bus->ci, BCMA_CORE_SDIO_DEV); 646 int ret; 647 648 *regvar = brcmf_sdio_regrl(bus->sdiodev, 649 bus->ci->c_inf[idx].base + offset, &ret); 650 651 return ret; 652} 653 654static int 655w_sdreg32(struct brcmf_sdio *bus, u32 regval, u32 reg_offset) 656{ 657 u8 idx = brcmf_sdio_chip_getinfidx(bus->ci, BCMA_CORE_SDIO_DEV); 658 int ret; 659 660 brcmf_sdio_regwl(bus->sdiodev, 661 bus->ci->c_inf[idx].base + reg_offset, 662 regval, &ret); 663 664 return ret; 665} 666 667#define PKT_AVAILABLE() (intstatus & I_HMB_FRAME_IND) 668 669#define HOSTINTMASK (I_HMB_SW_MASK | I_CHIPACTIVE) 670 671/* Turn backplane clock on or off */ 672static int brcmf_sdbrcm_htclk(struct brcmf_sdio *bus, bool on, bool pendok) 673{ 674 int err; 675 u8 clkctl, clkreq, devctl; 676 unsigned long timeout; 677 678 brcmf_dbg(TRACE, "Enter\n"); 679 680 clkctl = 0; 681 682 if (on) { 683 /* Request HT Avail */ 684 clkreq = 685 bus->alp_only ? SBSDIO_ALP_AVAIL_REQ : SBSDIO_HT_AVAIL_REQ; 686 687 brcmf_sdio_regwb(bus->sdiodev, SBSDIO_FUNC1_CHIPCLKCSR, 688 clkreq, &err); 689 if (err) { 690 brcmf_err("HT Avail request error: %d\n", err); 691 return -EBADE; 692 } 693 694 /* Check current status */ 695 clkctl = brcmf_sdio_regrb(bus->sdiodev, 696 SBSDIO_FUNC1_CHIPCLKCSR, &err); 697 if (err) { 698 brcmf_err("HT Avail read error: %d\n", err); 699 return -EBADE; 700 } 701 702 /* Go to pending and await interrupt if appropriate */ 703 if (!SBSDIO_CLKAV(clkctl, bus->alp_only) && pendok) { 704 /* Allow only clock-available interrupt */ 705 devctl = brcmf_sdio_regrb(bus->sdiodev, 706 SBSDIO_DEVICE_CTL, &err); 707 if (err) { 708 brcmf_err("Devctl error setting CA: %d\n", 709 err); 710 return -EBADE; 711 } 712 713 devctl |= SBSDIO_DEVCTL_CA_INT_ONLY; 714 brcmf_sdio_regwb(bus->sdiodev, SBSDIO_DEVICE_CTL, 715 devctl, &err); 716 brcmf_dbg(INFO, "CLKCTL: set PENDING\n"); 717 bus->clkstate = CLK_PENDING; 718 719 return 0; 720 } else if (bus->clkstate == CLK_PENDING) { 721 /* Cancel CA-only interrupt filter */ 722 devctl = brcmf_sdio_regrb(bus->sdiodev, 723 SBSDIO_DEVICE_CTL, &err); 724 devctl &= ~SBSDIO_DEVCTL_CA_INT_ONLY; 725 brcmf_sdio_regwb(bus->sdiodev, SBSDIO_DEVICE_CTL, 726 devctl, &err); 727 } 728 729 /* Otherwise, wait here (polling) for HT Avail */ 730 timeout = jiffies + 731 msecs_to_jiffies(PMU_MAX_TRANSITION_DLY/1000); 732 while (!SBSDIO_CLKAV(clkctl, bus->alp_only)) { 733 clkctl = brcmf_sdio_regrb(bus->sdiodev, 734 SBSDIO_FUNC1_CHIPCLKCSR, 735 &err); 736 if (time_after(jiffies, timeout)) 737 break; 738 else 739 usleep_range(5000, 10000); 740 } 741 if (err) { 742 brcmf_err("HT Avail request error: %d\n", err); 743 return -EBADE; 744 } 745 if (!SBSDIO_CLKAV(clkctl, bus->alp_only)) { 746 brcmf_err("HT Avail timeout (%d): clkctl 0x%02x\n", 747 PMU_MAX_TRANSITION_DLY, clkctl); 748 return -EBADE; 749 } 750 751 /* Mark clock available */ 752 bus->clkstate = CLK_AVAIL; 753 brcmf_dbg(INFO, "CLKCTL: turned ON\n"); 754 755#if defined(DEBUG) 756 if (!bus->alp_only) { 757 if (SBSDIO_ALPONLY(clkctl)) 758 brcmf_err("HT Clock should be on\n"); 759 } 760#endif /* defined (DEBUG) */ 761 762 bus->activity = true; 763 } else { 764 clkreq = 0; 765 766 if (bus->clkstate == CLK_PENDING) { 767 /* Cancel CA-only interrupt filter */ 768 devctl = brcmf_sdio_regrb(bus->sdiodev, 769 SBSDIO_DEVICE_CTL, &err); 770 devctl &= ~SBSDIO_DEVCTL_CA_INT_ONLY; 771 brcmf_sdio_regwb(bus->sdiodev, SBSDIO_DEVICE_CTL, 772 devctl, &err); 773 } 774 775 bus->clkstate = CLK_SDONLY; 776 brcmf_sdio_regwb(bus->sdiodev, SBSDIO_FUNC1_CHIPCLKCSR, 777 clkreq, &err); 778 brcmf_dbg(INFO, "CLKCTL: turned OFF\n"); 779 if (err) { 780 brcmf_err("Failed access turning clock off: %d\n", 781 err); 782 return -EBADE; 783 } 784 } 785 return 0; 786} 787 788/* Change idle/active SD state */ 789static int brcmf_sdbrcm_sdclk(struct brcmf_sdio *bus, bool on) 790{ 791 brcmf_dbg(TRACE, "Enter\n"); 792 793 if (on) 794 bus->clkstate = CLK_SDONLY; 795 else 796 bus->clkstate = CLK_NONE; 797 798 return 0; 799} 800 801/* Transition SD and backplane clock readiness */ 802static int brcmf_sdbrcm_clkctl(struct brcmf_sdio *bus, uint target, bool pendok) 803{ 804#ifdef DEBUG 805 uint oldstate = bus->clkstate; 806#endif /* DEBUG */ 807 808 brcmf_dbg(TRACE, "Enter\n"); 809 810 /* Early exit if we're already there */ 811 if (bus->clkstate == target) { 812 if (target == CLK_AVAIL) { 813 brcmf_sdbrcm_wd_timer(bus, BRCMF_WD_POLL_MS); 814 bus->activity = true; 815 } 816 return 0; 817 } 818 819 switch (target) { 820 case CLK_AVAIL: 821 /* Make sure SD clock is available */ 822 if (bus->clkstate == CLK_NONE) 823 brcmf_sdbrcm_sdclk(bus, true); 824 /* Now request HT Avail on the backplane */ 825 brcmf_sdbrcm_htclk(bus, true, pendok); 826 brcmf_sdbrcm_wd_timer(bus, BRCMF_WD_POLL_MS); 827 bus->activity = true; 828 break; 829 830 case CLK_SDONLY: 831 /* Remove HT request, or bring up SD clock */ 832 if (bus->clkstate == CLK_NONE) 833 brcmf_sdbrcm_sdclk(bus, true); 834 else if (bus->clkstate == CLK_AVAIL) 835 brcmf_sdbrcm_htclk(bus, false, false); 836 else 837 brcmf_err("request for %d -> %d\n", 838 bus->clkstate, target); 839 brcmf_sdbrcm_wd_timer(bus, BRCMF_WD_POLL_MS); 840 break; 841 842 case CLK_NONE: 843 /* Make sure to remove HT request */ 844 if (bus->clkstate == CLK_AVAIL) 845 brcmf_sdbrcm_htclk(bus, false, false); 846 /* Now remove the SD clock */ 847 brcmf_sdbrcm_sdclk(bus, false); 848 brcmf_sdbrcm_wd_timer(bus, 0); 849 break; 850 } 851#ifdef DEBUG 852 brcmf_dbg(INFO, "%d -> %d\n", oldstate, bus->clkstate); 853#endif /* DEBUG */ 854 855 return 0; 856} 857 858static u32 brcmf_sdbrcm_hostmail(struct brcmf_sdio *bus) 859{ 860 u32 intstatus = 0; 861 u32 hmb_data; 862 u8 fcbits; 863 int ret; 864 865 brcmf_dbg(TRACE, "Enter\n"); 866 867 /* Read mailbox data and ack that we did so */ 868 ret = r_sdreg32(bus, &hmb_data, 869 offsetof(struct sdpcmd_regs, tohostmailboxdata)); 870 871 if (ret == 0) 872 w_sdreg32(bus, SMB_INT_ACK, 873 offsetof(struct sdpcmd_regs, tosbmailbox)); 874 bus->sdcnt.f1regdata += 2; 875 876 /* Dongle recomposed rx frames, accept them again */ 877 if (hmb_data & HMB_DATA_NAKHANDLED) { 878 brcmf_dbg(INFO, "Dongle reports NAK handled, expect rtx of %d\n", 879 bus->rx_seq); 880 if (!bus->rxskip) 881 brcmf_err("unexpected NAKHANDLED!\n"); 882 883 bus->rxskip = false; 884 intstatus |= I_HMB_FRAME_IND; 885 } 886 887 /* 888 * DEVREADY does not occur with gSPI. 889 */ 890 if (hmb_data & (HMB_DATA_DEVREADY | HMB_DATA_FWREADY)) { 891 bus->sdpcm_ver = 892 (hmb_data & HMB_DATA_VERSION_MASK) >> 893 HMB_DATA_VERSION_SHIFT; 894 if (bus->sdpcm_ver != SDPCM_PROT_VERSION) 895 brcmf_err("Version mismatch, dongle reports %d, " 896 "expecting %d\n", 897 bus->sdpcm_ver, SDPCM_PROT_VERSION); 898 else 899 brcmf_dbg(INFO, "Dongle ready, protocol version %d\n", 900 bus->sdpcm_ver); 901 } 902 903 /* 904 * Flow Control has been moved into the RX headers and this out of band 905 * method isn't used any more. 906 * remaining backward compatible with older dongles. 907 */ 908 if (hmb_data & HMB_DATA_FC) { 909 fcbits = (hmb_data & HMB_DATA_FCDATA_MASK) >> 910 HMB_DATA_FCDATA_SHIFT; 911 912 if (fcbits & ~bus->flowcontrol) 913 bus->sdcnt.fc_xoff++; 914 915 if (bus->flowcontrol & ~fcbits) 916 bus->sdcnt.fc_xon++; 917 918 bus->sdcnt.fc_rcvd++; 919 bus->flowcontrol = fcbits; 920 } 921 922 /* Shouldn't be any others */ 923 if (hmb_data & ~(HMB_DATA_DEVREADY | 924 HMB_DATA_NAKHANDLED | 925 HMB_DATA_FC | 926 HMB_DATA_FWREADY | 927 HMB_DATA_FCDATA_MASK | HMB_DATA_VERSION_MASK)) 928 brcmf_err("Unknown mailbox data content: 0x%02x\n", 929 hmb_data); 930 931 return intstatus; 932} 933 934static void brcmf_sdbrcm_rxfail(struct brcmf_sdio *bus, bool abort, bool rtx) 935{ 936 uint retries = 0; 937 u16 lastrbc; 938 u8 hi, lo; 939 int err; 940 941 brcmf_err("%sterminate frame%s\n", 942 abort ? "abort command, " : "", 943 rtx ? ", send NAK" : ""); 944 945 if (abort) 946 brcmf_sdcard_abort(bus->sdiodev, SDIO_FUNC_2); 947 948 brcmf_sdio_regwb(bus->sdiodev, SBSDIO_FUNC1_FRAMECTRL, 949 SFC_RF_TERM, &err); 950 bus->sdcnt.f1regdata++; 951 952 /* Wait until the packet has been flushed (device/FIFO stable) */ 953 for (lastrbc = retries = 0xffff; retries > 0; retries--) { 954 hi = brcmf_sdio_regrb(bus->sdiodev, 955 SBSDIO_FUNC1_RFRAMEBCHI, &err); 956 lo = brcmf_sdio_regrb(bus->sdiodev, 957 SBSDIO_FUNC1_RFRAMEBCLO, &err); 958 bus->sdcnt.f1regdata += 2; 959 960 if ((hi == 0) && (lo == 0)) 961 break; 962 963 if ((hi > (lastrbc >> 8)) && (lo > (lastrbc & 0x00ff))) { 964 brcmf_err("count growing: last 0x%04x now 0x%04x\n", 965 lastrbc, (hi << 8) + lo); 966 } 967 lastrbc = (hi << 8) + lo; 968 } 969 970 if (!retries) 971 brcmf_err("count never zeroed: last 0x%04x\n", lastrbc); 972 else 973 brcmf_dbg(INFO, "flush took %d iterations\n", 0xffff - retries); 974 975 if (rtx) { 976 bus->sdcnt.rxrtx++; 977 err = w_sdreg32(bus, SMB_NAK, 978 offsetof(struct sdpcmd_regs, tosbmailbox)); 979 980 bus->sdcnt.f1regdata++; 981 if (err == 0) 982 bus->rxskip = true; 983 } 984 985 /* Clear partial in any case */ 986 bus->cur_read.len = 0; 987 988 /* If we can't reach the device, signal failure */ 989 if (err) 990 bus->sdiodev->bus_if->state = BRCMF_BUS_DOWN; 991} 992 993/* copy a buffer into a pkt buffer chain */ 994static uint brcmf_sdbrcm_glom_from_buf(struct brcmf_sdio *bus, uint len) 995{ 996 uint n, ret = 0; 997 struct sk_buff *p; 998 u8 *buf; 999 1000 buf = bus->dataptr; 1001 1002 /* copy the data */ 1003 skb_queue_walk(&bus->glom, p) { 1004 n = min_t(uint, p->len, len); 1005 memcpy(p->data, buf, n); 1006 buf += n; 1007 len -= n; 1008 ret += n; 1009 if (!len) 1010 break; 1011 } 1012 1013 return ret; 1014} 1015 1016/* return total length of buffer chain */ 1017static uint brcmf_sdbrcm_glom_len(struct brcmf_sdio *bus) 1018{ 1019 struct sk_buff *p; 1020 uint total; 1021 1022 total = 0; 1023 skb_queue_walk(&bus->glom, p) 1024 total += p->len; 1025 return total; 1026} 1027 1028static void brcmf_sdbrcm_free_glom(struct brcmf_sdio *bus) 1029{ 1030 struct sk_buff *cur, *next; 1031 1032 skb_queue_walk_safe(&bus->glom, cur, next) { 1033 skb_unlink(cur, &bus->glom); 1034 brcmu_pkt_buf_free_skb(cur); 1035 } 1036} 1037 1038static int brcmf_sdio_hdparser(struct brcmf_sdio *bus, u8 *header, 1039 struct brcmf_sdio_read *rd, 1040 enum brcmf_sdio_frmtype type) 1041{ 1042 u16 len, checksum; 1043 u8 rx_seq, fc, tx_seq_max; 1044 1045 /* 1046 * 4 bytes hardware header (frame tag) 1047 * Byte 0~1: Frame length 1048 * Byte 2~3: Checksum, bit-wise inverse of frame length 1049 */ 1050 len = get_unaligned_le16(header); 1051 checksum = get_unaligned_le16(header + sizeof(u16)); 1052 /* All zero means no more to read */ 1053 if (!(len | checksum)) { 1054 bus->rxpending = false; 1055 return -ENODATA; 1056 } 1057 if ((u16)(~(len ^ checksum))) { 1058 brcmf_err("HW header checksum error\n"); 1059 bus->sdcnt.rx_badhdr++; 1060 brcmf_sdbrcm_rxfail(bus, false, false); 1061 return -EIO; 1062 } 1063 if (len < SDPCM_HDRLEN) { 1064 brcmf_err("HW header length error\n"); 1065 return -EPROTO; 1066 } 1067 if (type == BRCMF_SDIO_FT_SUPER && 1068 (roundup(len, bus->blocksize) != rd->len)) { 1069 brcmf_err("HW superframe header length error\n"); 1070 return -EPROTO; 1071 } 1072 if (type == BRCMF_SDIO_FT_SUB && len > rd->len) { 1073 brcmf_err("HW subframe header length error\n"); 1074 return -EPROTO; 1075 } 1076 rd->len = len; 1077 1078 /* 1079 * 8 bytes hardware header 1080 * Byte 0: Rx sequence number 1081 * Byte 1: 4 MSB Channel number, 4 LSB arbitrary flag 1082 * Byte 2: Length of next data frame 1083 * Byte 3: Data offset 1084 * Byte 4: Flow control bits 1085 * Byte 5: Maximum Sequence number allow for Tx 1086 * Byte 6~7: Reserved 1087 */ 1088 if (type == BRCMF_SDIO_FT_SUPER && 1089 SDPCM_GLOMDESC(&header[SDPCM_FRAMETAG_LEN])) { 1090 brcmf_err("Glom descriptor found in superframe head\n"); 1091 rd->len = 0; 1092 return -EINVAL; 1093 } 1094 rx_seq = SDPCM_PACKET_SEQUENCE(&header[SDPCM_FRAMETAG_LEN]); 1095 rd->channel = SDPCM_PACKET_CHANNEL(&header[SDPCM_FRAMETAG_LEN]); 1096 if (len > MAX_RX_DATASZ && rd->channel != SDPCM_CONTROL_CHANNEL && 1097 type != BRCMF_SDIO_FT_SUPER) { 1098 brcmf_err("HW header length too long\n"); 1099 bus->sdcnt.rx_toolong++; 1100 brcmf_sdbrcm_rxfail(bus, false, false); 1101 rd->len = 0; 1102 return -EPROTO; 1103 } 1104 if (type == BRCMF_SDIO_FT_SUPER && rd->channel != SDPCM_GLOM_CHANNEL) { 1105 brcmf_err("Wrong channel for superframe\n"); 1106 rd->len = 0; 1107 return -EINVAL; 1108 } 1109 if (type == BRCMF_SDIO_FT_SUB && rd->channel != SDPCM_DATA_CHANNEL && 1110 rd->channel != SDPCM_EVENT_CHANNEL) { 1111 brcmf_err("Wrong channel for subframe\n"); 1112 rd->len = 0; 1113 return -EINVAL; 1114 } 1115 rd->dat_offset = SDPCM_DOFFSET_VALUE(&header[SDPCM_FRAMETAG_LEN]); 1116 if (rd->dat_offset < SDPCM_HDRLEN || rd->dat_offset > rd->len) { 1117 brcmf_err("seq %d: bad data offset\n", rx_seq); 1118 bus->sdcnt.rx_badhdr++; 1119 brcmf_sdbrcm_rxfail(bus, false, false); 1120 rd->len = 0; 1121 return -ENXIO; 1122 } 1123 if (rd->seq_num != rx_seq) { 1124 brcmf_err("seq %d: sequence number error, expect %d\n", 1125 rx_seq, rd->seq_num); 1126 bus->sdcnt.rx_badseq++; 1127 rd->seq_num = rx_seq; 1128 } 1129 /* no need to check the reset for subframe */ 1130 if (type == BRCMF_SDIO_FT_SUB) 1131 return 0; 1132 rd->len_nxtfrm = header[SDPCM_FRAMETAG_LEN + SDPCM_NEXTLEN_OFFSET]; 1133 if (rd->len_nxtfrm << 4 > MAX_RX_DATASZ) { 1134 /* only warm for NON glom packet */ 1135 if (rd->channel != SDPCM_GLOM_CHANNEL) 1136 brcmf_err("seq %d: next length error\n", rx_seq); 1137 rd->len_nxtfrm = 0; 1138 } 1139 fc = SDPCM_FCMASK_VALUE(&header[SDPCM_FRAMETAG_LEN]); 1140 if (bus->flowcontrol != fc) { 1141 if (~bus->flowcontrol & fc) 1142 bus->sdcnt.fc_xoff++; 1143 if (bus->flowcontrol & ~fc) 1144 bus->sdcnt.fc_xon++; 1145 bus->sdcnt.fc_rcvd++; 1146 bus->flowcontrol = fc; 1147 } 1148 tx_seq_max = SDPCM_WINDOW_VALUE(&header[SDPCM_FRAMETAG_LEN]); 1149 if ((u8)(tx_seq_max - bus->tx_seq) > 0x40) { 1150 brcmf_err("seq %d: max tx seq number error\n", rx_seq); 1151 tx_seq_max = bus->tx_seq + 2; 1152 } 1153 bus->tx_max = tx_seq_max; 1154 1155 return 0; 1156} 1157 1158static u8 brcmf_sdbrcm_rxglom(struct brcmf_sdio *bus, u8 rxseq) 1159{ 1160 u16 dlen, totlen; 1161 u8 *dptr, num = 0; 1162 1163 u16 sublen; 1164 struct sk_buff *pfirst, *pnext; 1165 1166 int errcode; 1167 u8 doff, sfdoff; 1168 1169 bool usechain = bus->use_rxchain; 1170 1171 struct brcmf_sdio_read rd_new; 1172 1173 /* If packets, issue read(s) and send up packet chain */ 1174 /* Return sequence numbers consumed? */ 1175 1176 brcmf_dbg(TRACE, "start: glomd %p glom %p\n", 1177 bus->glomd, skb_peek(&bus->glom)); 1178 1179 /* If there's a descriptor, generate the packet chain */ 1180 if (bus->glomd) { 1181 pfirst = pnext = NULL; 1182 dlen = (u16) (bus->glomd->len); 1183 dptr = bus->glomd->data; 1184 if (!dlen || (dlen & 1)) { 1185 brcmf_err("bad glomd len(%d), ignore descriptor\n", 1186 dlen); 1187 dlen = 0; 1188 } 1189 1190 for (totlen = num = 0; dlen; num++) { 1191 /* Get (and move past) next length */ 1192 sublen = get_unaligned_le16(dptr); 1193 dlen -= sizeof(u16); 1194 dptr += sizeof(u16); 1195 if ((sublen < SDPCM_HDRLEN) || 1196 ((num == 0) && (sublen < (2 * SDPCM_HDRLEN)))) { 1197 brcmf_err("descriptor len %d bad: %d\n", 1198 num, sublen); 1199 pnext = NULL; 1200 break; 1201 } 1202 if (sublen % BRCMF_SDALIGN) { 1203 brcmf_err("sublen %d not multiple of %d\n", 1204 sublen, BRCMF_SDALIGN); 1205 usechain = false; 1206 } 1207 totlen += sublen; 1208 1209 /* For last frame, adjust read len so total 1210 is a block multiple */ 1211 if (!dlen) { 1212 sublen += 1213 (roundup(totlen, bus->blocksize) - totlen); 1214 totlen = roundup(totlen, bus->blocksize); 1215 } 1216 1217 /* Allocate/chain packet for next subframe */ 1218 pnext = brcmu_pkt_buf_get_skb(sublen + BRCMF_SDALIGN); 1219 if (pnext == NULL) { 1220 brcmf_err("bcm_pkt_buf_get_skb failed, num %d len %d\n", 1221 num, sublen); 1222 break; 1223 } 1224 skb_queue_tail(&bus->glom, pnext); 1225 1226 /* Adhere to start alignment requirements */ 1227 pkt_align(pnext, sublen, BRCMF_SDALIGN); 1228 } 1229 1230 /* If all allocations succeeded, save packet chain 1231 in bus structure */ 1232 if (pnext) { 1233 brcmf_dbg(GLOM, "allocated %d-byte packet chain for %d subframes\n", 1234 totlen, num); 1235 if (BRCMF_GLOM_ON() && bus->cur_read.len && 1236 totlen != bus->cur_read.len) { 1237 brcmf_dbg(GLOM, "glomdesc mismatch: nextlen %d glomdesc %d rxseq %d\n", 1238 bus->cur_read.len, totlen, rxseq); 1239 } 1240 pfirst = pnext = NULL; 1241 } else { 1242 brcmf_sdbrcm_free_glom(bus); 1243 num = 0; 1244 } 1245 1246 /* Done with descriptor packet */ 1247 brcmu_pkt_buf_free_skb(bus->glomd); 1248 bus->glomd = NULL; 1249 bus->cur_read.len = 0; 1250 } 1251 1252 /* Ok -- either we just generated a packet chain, 1253 or had one from before */ 1254 if (!skb_queue_empty(&bus->glom)) { 1255 if (BRCMF_GLOM_ON()) { 1256 brcmf_dbg(GLOM, "try superframe read, packet chain:\n"); 1257 skb_queue_walk(&bus->glom, pnext) { 1258 brcmf_dbg(GLOM, " %p: %p len 0x%04x (%d)\n", 1259 pnext, (u8 *) (pnext->data), 1260 pnext->len, pnext->len); 1261 } 1262 } 1263 1264 pfirst = skb_peek(&bus->glom); 1265 dlen = (u16) brcmf_sdbrcm_glom_len(bus); 1266 1267 /* Do an SDIO read for the superframe. Configurable iovar to 1268 * read directly into the chained packet, or allocate a large 1269 * packet and and copy into the chain. 1270 */ 1271 sdio_claim_host(bus->sdiodev->func[1]); 1272 if (usechain) { 1273 errcode = brcmf_sdcard_recv_chain(bus->sdiodev, 1274 bus->sdiodev->sbwad, 1275 SDIO_FUNC_2, F2SYNC, &bus->glom); 1276 } else if (bus->dataptr) { 1277 errcode = brcmf_sdcard_recv_buf(bus->sdiodev, 1278 bus->sdiodev->sbwad, 1279 SDIO_FUNC_2, F2SYNC, 1280 bus->dataptr, dlen); 1281 sublen = (u16) brcmf_sdbrcm_glom_from_buf(bus, dlen); 1282 if (sublen != dlen) { 1283 brcmf_err("FAILED TO COPY, dlen %d sublen %d\n", 1284 dlen, sublen); 1285 errcode = -1; 1286 } 1287 pnext = NULL; 1288 } else { 1289 brcmf_err("COULDN'T ALLOC %d-BYTE GLOM, FORCE FAILURE\n", 1290 dlen); 1291 errcode = -1; 1292 } 1293 sdio_release_host(bus->sdiodev->func[1]); 1294 bus->sdcnt.f2rxdata++; 1295 1296 /* On failure, kill the superframe, allow a couple retries */ 1297 if (errcode < 0) { 1298 brcmf_err("glom read of %d bytes failed: %d\n", 1299 dlen, errcode); 1300 1301 sdio_claim_host(bus->sdiodev->func[1]); 1302 if (bus->glomerr++ < 3) { 1303 brcmf_sdbrcm_rxfail(bus, true, true); 1304 } else { 1305 bus->glomerr = 0; 1306 brcmf_sdbrcm_rxfail(bus, true, false); 1307 bus->sdcnt.rxglomfail++; 1308 brcmf_sdbrcm_free_glom(bus); 1309 } 1310 sdio_release_host(bus->sdiodev->func[1]); 1311 return 0; 1312 } 1313 1314 brcmf_dbg_hex_dump(BRCMF_GLOM_ON(), 1315 pfirst->data, min_t(int, pfirst->len, 48), 1316 "SUPERFRAME:\n"); 1317 1318 rd_new.seq_num = rxseq; 1319 rd_new.len = dlen; 1320 sdio_claim_host(bus->sdiodev->func[1]); 1321 errcode = brcmf_sdio_hdparser(bus, pfirst->data, &rd_new, 1322 BRCMF_SDIO_FT_SUPER); 1323 sdio_release_host(bus->sdiodev->func[1]); 1324 bus->cur_read.len = rd_new.len_nxtfrm << 4; 1325 1326 /* Remove superframe header, remember offset */ 1327 skb_pull(pfirst, rd_new.dat_offset); 1328 sfdoff = rd_new.dat_offset; 1329 num = 0; 1330 1331 /* Validate all the subframe headers */ 1332 skb_queue_walk(&bus->glom, pnext) { 1333 /* leave when invalid subframe is found */ 1334 if (errcode) 1335 break; 1336 1337 rd_new.len = pnext->len; 1338 rd_new.seq_num = rxseq++; 1339 sdio_claim_host(bus->sdiodev->func[1]); 1340 errcode = brcmf_sdio_hdparser(bus, pnext->data, &rd_new, 1341 BRCMF_SDIO_FT_SUB); 1342 sdio_release_host(bus->sdiodev->func[1]); 1343 brcmf_dbg_hex_dump(BRCMF_GLOM_ON(), 1344 pnext->data, 32, "subframe:\n"); 1345 1346 num++; 1347 } 1348 1349 if (errcode) { 1350 /* Terminate frame on error, request 1351 a couple retries */ 1352 sdio_claim_host(bus->sdiodev->func[1]); 1353 if (bus->glomerr++ < 3) { 1354 /* Restore superframe header space */ 1355 skb_push(pfirst, sfdoff); 1356 brcmf_sdbrcm_rxfail(bus, true, true); 1357 } else { 1358 bus->glomerr = 0; 1359 brcmf_sdbrcm_rxfail(bus, true, false); 1360 bus->sdcnt.rxglomfail++; 1361 brcmf_sdbrcm_free_glom(bus); 1362 } 1363 sdio_release_host(bus->sdiodev->func[1]); 1364 bus->cur_read.len = 0; 1365 return 0; 1366 } 1367 1368 /* Basic SD framing looks ok - process each packet (header) */ 1369 1370 skb_queue_walk_safe(&bus->glom, pfirst, pnext) { 1371 dptr = (u8 *) (pfirst->data); 1372 sublen = get_unaligned_le16(dptr); 1373 doff = SDPCM_DOFFSET_VALUE(&dptr[SDPCM_FRAMETAG_LEN]); 1374 1375 brcmf_dbg_hex_dump(BRCMF_BYTES_ON() && BRCMF_DATA_ON(), 1376 dptr, pfirst->len, 1377 "Rx Subframe Data:\n"); 1378 1379 __skb_trim(pfirst, sublen); 1380 skb_pull(pfirst, doff); 1381 1382 if (pfirst->len == 0) { 1383 skb_unlink(pfirst, &bus->glom); 1384 brcmu_pkt_buf_free_skb(pfirst); 1385 continue; 1386 } 1387 1388 brcmf_dbg_hex_dump(BRCMF_GLOM_ON(), 1389 pfirst->data, 1390 min_t(int, pfirst->len, 32), 1391 "subframe %d to stack, %p (%p/%d) nxt/lnk %p/%p\n", 1392 bus->glom.qlen, pfirst, pfirst->data, 1393 pfirst->len, pfirst->next, 1394 pfirst->prev); 1395 } 1396 /* sent any remaining packets up */ 1397 if (bus->glom.qlen) 1398 brcmf_rx_frames(bus->sdiodev->dev, &bus->glom); 1399 1400 bus->sdcnt.rxglomframes++; 1401 bus->sdcnt.rxglompkts += bus->glom.qlen; 1402 } 1403 return num; 1404} 1405 1406static int brcmf_sdbrcm_dcmd_resp_wait(struct brcmf_sdio *bus, uint *condition, 1407 bool *pending) 1408{ 1409 DECLARE_WAITQUEUE(wait, current); 1410 int timeout = msecs_to_jiffies(DCMD_RESP_TIMEOUT); 1411 1412 /* Wait until control frame is available */ 1413 add_wait_queue(&bus->dcmd_resp_wait, &wait); 1414 set_current_state(TASK_INTERRUPTIBLE); 1415 1416 while (!(*condition) && (!signal_pending(current) && timeout)) 1417 timeout = schedule_timeout(timeout); 1418 1419 if (signal_pending(current)) 1420 *pending = true; 1421 1422 set_current_state(TASK_RUNNING); 1423 remove_wait_queue(&bus->dcmd_resp_wait, &wait); 1424 1425 return timeout; 1426} 1427 1428static int brcmf_sdbrcm_dcmd_resp_wake(struct brcmf_sdio *bus) 1429{ 1430 if (waitqueue_active(&bus->dcmd_resp_wait)) 1431 wake_up_interruptible(&bus->dcmd_resp_wait); 1432 1433 return 0; 1434} 1435static void 1436brcmf_sdbrcm_read_control(struct brcmf_sdio *bus, u8 *hdr, uint len, uint doff) 1437{ 1438 uint rdlen, pad; 1439 u8 *buf = NULL, *rbuf; 1440 int sdret; 1441 1442 brcmf_dbg(TRACE, "Enter\n"); 1443 1444 if (bus->rxblen) 1445 buf = vzalloc(bus->rxblen); 1446 if (!buf) 1447 goto done; 1448 1449 rbuf = bus->rxbuf; 1450 pad = ((unsigned long)rbuf % BRCMF_SDALIGN); 1451 if (pad) 1452 rbuf += (BRCMF_SDALIGN - pad); 1453 1454 /* Copy the already-read portion over */ 1455 memcpy(buf, hdr, BRCMF_FIRSTREAD); 1456 if (len <= BRCMF_FIRSTREAD) 1457 goto gotpkt; 1458 1459 /* Raise rdlen to next SDIO block to avoid tail command */ 1460 rdlen = len - BRCMF_FIRSTREAD; 1461 if (bus->roundup && bus->blocksize && (rdlen > bus->blocksize)) { 1462 pad = bus->blocksize - (rdlen % bus->blocksize); 1463 if ((pad <= bus->roundup) && (pad < bus->blocksize) && 1464 ((len + pad) < bus->sdiodev->bus_if->maxctl)) 1465 rdlen += pad; 1466 } else if (rdlen % BRCMF_SDALIGN) { 1467 rdlen += BRCMF_SDALIGN - (rdlen % BRCMF_SDALIGN); 1468 } 1469 1470 /* Satisfy length-alignment requirements */ 1471 if (rdlen & (ALIGNMENT - 1)) 1472 rdlen = roundup(rdlen, ALIGNMENT); 1473 1474 /* Drop if the read is too big or it exceeds our maximum */ 1475 if ((rdlen + BRCMF_FIRSTREAD) > bus->sdiodev->bus_if->maxctl) { 1476 brcmf_err("%d-byte control read exceeds %d-byte buffer\n", 1477 rdlen, bus->sdiodev->bus_if->maxctl); 1478 brcmf_sdbrcm_rxfail(bus, false, false); 1479 goto done; 1480 } 1481 1482 if ((len - doff) > bus->sdiodev->bus_if->maxctl) { 1483 brcmf_err("%d-byte ctl frame (%d-byte ctl data) exceeds %d-byte limit\n", 1484 len, len - doff, bus->sdiodev->bus_if->maxctl); 1485 bus->sdcnt.rx_toolong++; 1486 brcmf_sdbrcm_rxfail(bus, false, false); 1487 goto done; 1488 } 1489 1490 /* Read remain of frame body */ 1491 sdret = brcmf_sdcard_recv_buf(bus->sdiodev, 1492 bus->sdiodev->sbwad, 1493 SDIO_FUNC_2, 1494 F2SYNC, rbuf, rdlen); 1495 bus->sdcnt.f2rxdata++; 1496 1497 /* Control frame failures need retransmission */ 1498 if (sdret < 0) { 1499 brcmf_err("read %d control bytes failed: %d\n", 1500 rdlen, sdret); 1501 bus->sdcnt.rxc_errors++; 1502 brcmf_sdbrcm_rxfail(bus, true, true); 1503 goto done; 1504 } else 1505 memcpy(buf + BRCMF_FIRSTREAD, rbuf, rdlen); 1506 1507gotpkt: 1508 1509 brcmf_dbg_hex_dump(BRCMF_BYTES_ON() && BRCMF_CTL_ON(), 1510 buf, len, "RxCtrl:\n"); 1511 1512 /* Point to valid data and indicate its length */ 1513 spin_lock_bh(&bus->rxctl_lock); 1514 if (bus->rxctl) { 1515 brcmf_err("last control frame is being processed.\n"); 1516 spin_unlock_bh(&bus->rxctl_lock); 1517 vfree(buf); 1518 goto done; 1519 } 1520 bus->rxctl = buf + doff; 1521 bus->rxctl_orig = buf; 1522 bus->rxlen = len - doff; 1523 spin_unlock_bh(&bus->rxctl_lock); 1524 1525done: 1526 /* Awake any waiters */ 1527 brcmf_sdbrcm_dcmd_resp_wake(bus); 1528} 1529 1530/* Pad read to blocksize for efficiency */ 1531static void brcmf_pad(struct brcmf_sdio *bus, u16 *pad, u16 *rdlen) 1532{ 1533 if (bus->roundup && bus->blocksize && *rdlen > bus->blocksize) { 1534 *pad = bus->blocksize - (*rdlen % bus->blocksize); 1535 if (*pad <= bus->roundup && *pad < bus->blocksize && 1536 *rdlen + *pad + BRCMF_FIRSTREAD < MAX_RX_DATASZ) 1537 *rdlen += *pad; 1538 } else if (*rdlen % BRCMF_SDALIGN) { 1539 *rdlen += BRCMF_SDALIGN - (*rdlen % BRCMF_SDALIGN); 1540 } 1541} 1542 1543static uint brcmf_sdio_readframes(struct brcmf_sdio *bus, uint maxframes) 1544{ 1545 struct sk_buff *pkt; /* Packet for event or data frames */ 1546 struct sk_buff_head pktlist; /* needed for bus interface */ 1547 u16 pad; /* Number of pad bytes to read */ 1548 uint rxleft = 0; /* Remaining number of frames allowed */ 1549 int ret; /* Return code from calls */ 1550 uint rxcount = 0; /* Total frames read */ 1551 struct brcmf_sdio_read *rd = &bus->cur_read, rd_new; 1552 u8 head_read = 0; 1553 1554 brcmf_dbg(TRACE, "Enter\n"); 1555 1556 /* Not finished unless we encounter no more frames indication */ 1557 bus->rxpending = true; 1558 1559 for (rd->seq_num = bus->rx_seq, rxleft = maxframes; 1560 !bus->rxskip && rxleft && 1561 bus->sdiodev->bus_if->state != BRCMF_BUS_DOWN; 1562 rd->seq_num++, rxleft--) { 1563 1564 /* Handle glomming separately */ 1565 if (bus->glomd || !skb_queue_empty(&bus->glom)) { 1566 u8 cnt; 1567 brcmf_dbg(GLOM, "calling rxglom: glomd %p, glom %p\n", 1568 bus->glomd, skb_peek(&bus->glom)); 1569 cnt = brcmf_sdbrcm_rxglom(bus, rd->seq_num); 1570 brcmf_dbg(GLOM, "rxglom returned %d\n", cnt); 1571 rd->seq_num += cnt - 1; 1572 rxleft = (rxleft > cnt) ? (rxleft - cnt) : 1; 1573 continue; 1574 } 1575 1576 rd->len_left = rd->len; 1577 /* read header first for unknow frame length */ 1578 sdio_claim_host(bus->sdiodev->func[1]); 1579 if (!rd->len) { 1580 ret = brcmf_sdcard_recv_buf(bus->sdiodev, 1581 bus->sdiodev->sbwad, 1582 SDIO_FUNC_2, F2SYNC, 1583 bus->rxhdr, 1584 BRCMF_FIRSTREAD); 1585 bus->sdcnt.f2rxhdrs++; 1586 if (ret < 0) { 1587 brcmf_err("RXHEADER FAILED: %d\n", 1588 ret); 1589 bus->sdcnt.rx_hdrfail++; 1590 brcmf_sdbrcm_rxfail(bus, true, true); 1591 sdio_release_host(bus->sdiodev->func[1]); 1592 continue; 1593 } 1594 1595 brcmf_dbg_hex_dump(BRCMF_BYTES_ON() || BRCMF_HDRS_ON(), 1596 bus->rxhdr, SDPCM_HDRLEN, 1597 "RxHdr:\n"); 1598 1599 if (brcmf_sdio_hdparser(bus, bus->rxhdr, rd, 1600 BRCMF_SDIO_FT_NORMAL)) { 1601 sdio_release_host(bus->sdiodev->func[1]); 1602 if (!bus->rxpending) 1603 break; 1604 else 1605 continue; 1606 } 1607 1608 if (rd->channel == SDPCM_CONTROL_CHANNEL) { 1609 brcmf_sdbrcm_read_control(bus, bus->rxhdr, 1610 rd->len, 1611 rd->dat_offset); 1612 /* prepare the descriptor for the next read */ 1613 rd->len = rd->len_nxtfrm << 4; 1614 rd->len_nxtfrm = 0; 1615 /* treat all packet as event if we don't know */ 1616 rd->channel = SDPCM_EVENT_CHANNEL; 1617 sdio_release_host(bus->sdiodev->func[1]); 1618 continue; 1619 } 1620 rd->len_left = rd->len > BRCMF_FIRSTREAD ? 1621 rd->len - BRCMF_FIRSTREAD : 0; 1622 head_read = BRCMF_FIRSTREAD; 1623 } 1624 1625 brcmf_pad(bus, &pad, &rd->len_left); 1626 1627 pkt = brcmu_pkt_buf_get_skb(rd->len_left + head_read + 1628 BRCMF_SDALIGN); 1629 if (!pkt) { 1630 /* Give up on data, request rtx of events */ 1631 brcmf_err("brcmu_pkt_buf_get_skb failed\n"); 1632 brcmf_sdbrcm_rxfail(bus, false, 1633 RETRYCHAN(rd->channel)); 1634 sdio_release_host(bus->sdiodev->func[1]); 1635 continue; 1636 } 1637 skb_pull(pkt, head_read); 1638 pkt_align(pkt, rd->len_left, BRCMF_SDALIGN); 1639 1640 ret = brcmf_sdcard_recv_pkt(bus->sdiodev, bus->sdiodev->sbwad, 1641 SDIO_FUNC_2, F2SYNC, pkt); 1642 bus->sdcnt.f2rxdata++; 1643 sdio_release_host(bus->sdiodev->func[1]); 1644 1645 if (ret < 0) { 1646 brcmf_err("read %d bytes from channel %d failed: %d\n", 1647 rd->len, rd->channel, ret); 1648 brcmu_pkt_buf_free_skb(pkt); 1649 sdio_claim_host(bus->sdiodev->func[1]); 1650 brcmf_sdbrcm_rxfail(bus, true, 1651 RETRYCHAN(rd->channel)); 1652 sdio_release_host(bus->sdiodev->func[1]); 1653 continue; 1654 } 1655 1656 if (head_read) { 1657 skb_push(pkt, head_read); 1658 memcpy(pkt->data, bus->rxhdr, head_read); 1659 head_read = 0; 1660 } else { 1661 memcpy(bus->rxhdr, pkt->data, SDPCM_HDRLEN); 1662 rd_new.seq_num = rd->seq_num; 1663 sdio_claim_host(bus->sdiodev->func[1]); 1664 if (brcmf_sdio_hdparser(bus, bus->rxhdr, &rd_new, 1665 BRCMF_SDIO_FT_NORMAL)) { 1666 rd->len = 0; 1667 brcmu_pkt_buf_free_skb(pkt); 1668 } 1669 bus->sdcnt.rx_readahead_cnt++; 1670 if (rd->len != roundup(rd_new.len, 16)) { 1671 brcmf_err("frame length mismatch:read %d, should be %d\n", 1672 rd->len, 1673 roundup(rd_new.len, 16) >> 4); 1674 rd->len = 0; 1675 brcmf_sdbrcm_rxfail(bus, true, true); 1676 sdio_release_host(bus->sdiodev->func[1]); 1677 brcmu_pkt_buf_free_skb(pkt); 1678 continue; 1679 } 1680 sdio_release_host(bus->sdiodev->func[1]); 1681 rd->len_nxtfrm = rd_new.len_nxtfrm; 1682 rd->channel = rd_new.channel; 1683 rd->dat_offset = rd_new.dat_offset; 1684 1685 brcmf_dbg_hex_dump(!(BRCMF_BYTES_ON() && 1686 BRCMF_DATA_ON()) && 1687 BRCMF_HDRS_ON(), 1688 bus->rxhdr, SDPCM_HDRLEN, 1689 "RxHdr:\n"); 1690 1691 if (rd_new.channel == SDPCM_CONTROL_CHANNEL) { 1692 brcmf_err("readahead on control packet %d?\n", 1693 rd_new.seq_num); 1694 /* Force retry w/normal header read */ 1695 rd->len = 0; 1696 sdio_claim_host(bus->sdiodev->func[1]); 1697 brcmf_sdbrcm_rxfail(bus, false, true); 1698 sdio_release_host(bus->sdiodev->func[1]); 1699 brcmu_pkt_buf_free_skb(pkt); 1700 continue; 1701 } 1702 } 1703 1704 brcmf_dbg_hex_dump(BRCMF_BYTES_ON() && BRCMF_DATA_ON(), 1705 pkt->data, rd->len, "Rx Data:\n"); 1706 1707 /* Save superframe descriptor and allocate packet frame */ 1708 if (rd->channel == SDPCM_GLOM_CHANNEL) { 1709 if (SDPCM_GLOMDESC(&bus->rxhdr[SDPCM_FRAMETAG_LEN])) { 1710 brcmf_dbg(GLOM, "glom descriptor, %d bytes:\n", 1711 rd->len); 1712 brcmf_dbg_hex_dump(BRCMF_GLOM_ON(), 1713 pkt->data, rd->len, 1714 "Glom Data:\n"); 1715 __skb_trim(pkt, rd->len); 1716 skb_pull(pkt, SDPCM_HDRLEN); 1717 bus->glomd = pkt; 1718 } else { 1719 brcmf_err("%s: glom superframe w/o " 1720 "descriptor!\n", __func__); 1721 sdio_claim_host(bus->sdiodev->func[1]); 1722 brcmf_sdbrcm_rxfail(bus, false, false); 1723 sdio_release_host(bus->sdiodev->func[1]); 1724 } 1725 /* prepare the descriptor for the next read */ 1726 rd->len = rd->len_nxtfrm << 4; 1727 rd->len_nxtfrm = 0; 1728 /* treat all packet as event if we don't know */ 1729 rd->channel = SDPCM_EVENT_CHANNEL; 1730 continue; 1731 } 1732 1733 /* Fill in packet len and prio, deliver upward */ 1734 __skb_trim(pkt, rd->len); 1735 skb_pull(pkt, rd->dat_offset); 1736 1737 /* prepare the descriptor for the next read */ 1738 rd->len = rd->len_nxtfrm << 4; 1739 rd->len_nxtfrm = 0; 1740 /* treat all packet as event if we don't know */ 1741 rd->channel = SDPCM_EVENT_CHANNEL; 1742 1743 if (pkt->len == 0) { 1744 brcmu_pkt_buf_free_skb(pkt); 1745 continue; 1746 } 1747 1748 skb_queue_head_init(&pktlist); 1749 skb_queue_tail(&pktlist, pkt); 1750 brcmf_rx_frames(bus->sdiodev->dev, &pktlist); 1751 } 1752 1753 rxcount = maxframes - rxleft; 1754 /* Message if we hit the limit */ 1755 if (!rxleft) 1756 brcmf_dbg(DATA, "hit rx limit of %d frames\n", maxframes); 1757 else 1758 brcmf_dbg(DATA, "processed %d frames\n", rxcount); 1759 /* Back off rxseq if awaiting rtx, update rx_seq */ 1760 if (bus->rxskip) 1761 rd->seq_num--; 1762 bus->rx_seq = rd->seq_num; 1763 1764 return rxcount; 1765} 1766 1767static void 1768brcmf_sdbrcm_wait_event_wakeup(struct brcmf_sdio *bus) 1769{ 1770 if (waitqueue_active(&bus->ctrl_wait)) 1771 wake_up_interruptible(&bus->ctrl_wait); 1772 return; 1773} 1774 1775/* Writes a HW/SW header into the packet and sends it. */ 1776/* Assumes: (a) header space already there, (b) caller holds lock */ 1777static int brcmf_sdbrcm_txpkt(struct brcmf_sdio *bus, struct sk_buff *pkt, 1778 uint chan) 1779{ 1780 int ret; 1781 u8 *frame; 1782 u16 len, pad = 0; 1783 u32 swheader; 1784 int i; 1785 1786 brcmf_dbg(TRACE, "Enter\n"); 1787 1788 frame = (u8 *) (pkt->data); 1789 1790 /* Add alignment padding, allocate new packet if needed */ 1791 pad = ((unsigned long)frame % BRCMF_SDALIGN); 1792 if (pad) { 1793 if (skb_headroom(pkt) < pad) { 1794 brcmf_dbg(INFO, "insufficient headroom %d for %d pad\n", 1795 skb_headroom(pkt), pad); 1796 bus->sdiodev->bus_if->tx_realloc++; 1797 ret = skb_cow(pkt, BRCMF_SDALIGN); 1798 if (ret) 1799 goto done; 1800 pad = ((unsigned long)frame % BRCMF_SDALIGN); 1801 } 1802 skb_push(pkt, pad); 1803 frame = (u8 *) (pkt->data); 1804 memset(frame, 0, pad + SDPCM_HDRLEN); 1805 } 1806 /* precondition: pad < BRCMF_SDALIGN */ 1807 1808 /* Hardware tag: 2 byte len followed by 2 byte ~len check (all LE) */ 1809 len = (u16) (pkt->len); 1810 *(__le16 *) frame = cpu_to_le16(len); 1811 *(((__le16 *) frame) + 1) = cpu_to_le16(~len); 1812 1813 /* Software tag: channel, sequence number, data offset */ 1814 swheader = 1815 ((chan << SDPCM_CHANNEL_SHIFT) & SDPCM_CHANNEL_MASK) | bus->tx_seq | 1816 (((pad + 1817 SDPCM_HDRLEN) << SDPCM_DOFFSET_SHIFT) & SDPCM_DOFFSET_MASK); 1818 1819 *(((__le32 *) frame) + 1) = cpu_to_le32(swheader); 1820 *(((__le32 *) frame) + 2) = 0; 1821 1822#ifdef DEBUG 1823 tx_packets[pkt->priority]++; 1824#endif 1825 1826 brcmf_dbg_hex_dump(BRCMF_BYTES_ON() && 1827 ((BRCMF_CTL_ON() && chan == SDPCM_CONTROL_CHANNEL) || 1828 (BRCMF_DATA_ON() && chan != SDPCM_CONTROL_CHANNEL)), 1829 frame, len, "Tx Frame:\n"); 1830 brcmf_dbg_hex_dump(!(BRCMF_BYTES_ON() && 1831 ((BRCMF_CTL_ON() && 1832 chan == SDPCM_CONTROL_CHANNEL) || 1833 (BRCMF_DATA_ON() && 1834 chan != SDPCM_CONTROL_CHANNEL))) && 1835 BRCMF_HDRS_ON(), 1836 frame, min_t(u16, len, 16), "TxHdr:\n"); 1837 1838 /* Raise len to next SDIO block to eliminate tail command */ 1839 if (bus->roundup && bus->blocksize && (len > bus->blocksize)) { 1840 u16 pad = bus->blocksize - (len % bus->blocksize); 1841 if ((pad <= bus->roundup) && (pad < bus->blocksize)) 1842 len += pad; 1843 } else if (len % BRCMF_SDALIGN) { 1844 len += BRCMF_SDALIGN - (len % BRCMF_SDALIGN); 1845 } 1846 1847 /* Some controllers have trouble with odd bytes -- round to even */ 1848 if (len & (ALIGNMENT - 1)) 1849 len = roundup(len, ALIGNMENT); 1850 1851 sdio_claim_host(bus->sdiodev->func[1]); 1852 ret = brcmf_sdcard_send_pkt(bus->sdiodev, bus->sdiodev->sbwad, 1853 SDIO_FUNC_2, F2SYNC, pkt); 1854 bus->sdcnt.f2txdata++; 1855 1856 if (ret < 0) { 1857 /* On failure, abort the command and terminate the frame */ 1858 brcmf_dbg(INFO, "sdio error %d, abort command and terminate frame\n", 1859 ret); 1860 bus->sdcnt.tx_sderrs++; 1861 1862 brcmf_sdcard_abort(bus->sdiodev, SDIO_FUNC_2); 1863 brcmf_sdio_regwb(bus->sdiodev, SBSDIO_FUNC1_FRAMECTRL, 1864 SFC_WF_TERM, NULL); 1865 bus->sdcnt.f1regdata++; 1866 1867 for (i = 0; i < 3; i++) { 1868 u8 hi, lo; 1869 hi = brcmf_sdio_regrb(bus->sdiodev, 1870 SBSDIO_FUNC1_WFRAMEBCHI, NULL); 1871 lo = brcmf_sdio_regrb(bus->sdiodev, 1872 SBSDIO_FUNC1_WFRAMEBCLO, NULL); 1873 bus->sdcnt.f1regdata += 2; 1874 if ((hi == 0) && (lo == 0)) 1875 break; 1876 } 1877 1878 } 1879 sdio_release_host(bus->sdiodev->func[1]); 1880 if (ret == 0) 1881 bus->tx_seq = (bus->tx_seq + 1) % SDPCM_SEQUENCE_WRAP; 1882 1883done: 1884 /* restore pkt buffer pointer before calling tx complete routine */ 1885 skb_pull(pkt, SDPCM_HDRLEN + pad); 1886 brcmf_txcomplete(bus->sdiodev->dev, pkt, ret == 0); 1887 return ret; 1888} 1889 1890static uint brcmf_sdbrcm_sendfromq(struct brcmf_sdio *bus, uint maxframes) 1891{ 1892 struct sk_buff *pkt; 1893 u32 intstatus = 0; 1894 int ret = 0, prec_out; 1895 uint cnt = 0; 1896 uint datalen; 1897 u8 tx_prec_map; 1898 1899 brcmf_dbg(TRACE, "Enter\n"); 1900 1901 tx_prec_map = ~bus->flowcontrol; 1902 1903 /* Send frames until the limit or some other event */ 1904 for (cnt = 0; (cnt < maxframes) && data_ok(bus); cnt++) { 1905 spin_lock_bh(&bus->txqlock); 1906 pkt = brcmu_pktq_mdeq(&bus->txq, tx_prec_map, &prec_out); 1907 if (pkt == NULL) { 1908 spin_unlock_bh(&bus->txqlock); 1909 break; 1910 } 1911 spin_unlock_bh(&bus->txqlock); 1912 datalen = pkt->len - SDPCM_HDRLEN; 1913 1914 ret = brcmf_sdbrcm_txpkt(bus, pkt, SDPCM_DATA_CHANNEL); 1915 1916 /* In poll mode, need to check for other events */ 1917 if (!bus->intr && cnt) { 1918 /* Check device status, signal pending interrupt */ 1919 sdio_claim_host(bus->sdiodev->func[1]); 1920 ret = r_sdreg32(bus, &intstatus, 1921 offsetof(struct sdpcmd_regs, 1922 intstatus)); 1923 sdio_release_host(bus->sdiodev->func[1]); 1924 bus->sdcnt.f2txdata++; 1925 if (ret != 0) 1926 break; 1927 if (intstatus & bus->hostintmask) 1928 atomic_set(&bus->ipend, 1); 1929 } 1930 } 1931 1932 /* Deflow-control stack if needed */ 1933 if ((bus->sdiodev->bus_if->state == BRCMF_BUS_DATA) && 1934 bus->txoff && (pktq_len(&bus->txq) < TXLOW)) { 1935 bus->txoff = false; 1936 brcmf_txflowblock(bus->sdiodev->dev, false); 1937 } 1938 1939 return cnt; 1940} 1941 1942static void brcmf_sdbrcm_bus_stop(struct device *dev) 1943{ 1944 u32 local_hostintmask; 1945 u8 saveclk; 1946 int err; 1947 struct brcmf_bus *bus_if = dev_get_drvdata(dev); 1948 struct brcmf_sdio_dev *sdiodev = bus_if->bus_priv.sdio; 1949 struct brcmf_sdio *bus = sdiodev->bus; 1950 1951 brcmf_dbg(TRACE, "Enter\n"); 1952 1953 if (bus->watchdog_tsk) { 1954 send_sig(SIGTERM, bus->watchdog_tsk, 1); 1955 kthread_stop(bus->watchdog_tsk); 1956 bus->watchdog_tsk = NULL; 1957 } 1958 1959 sdio_claim_host(bus->sdiodev->func[1]); 1960 1961 /* Enable clock for device interrupts */ 1962 brcmf_sdbrcm_clkctl(bus, CLK_AVAIL, false); 1963 1964 /* Disable and clear interrupts at the chip level also */ 1965 w_sdreg32(bus, 0, offsetof(struct sdpcmd_regs, hostintmask)); 1966 local_hostintmask = bus->hostintmask; 1967 bus->hostintmask = 0; 1968 1969 /* Change our idea of bus state */ 1970 bus->sdiodev->bus_if->state = BRCMF_BUS_DOWN; 1971 1972 /* Force clocks on backplane to be sure F2 interrupt propagates */ 1973 saveclk = brcmf_sdio_regrb(bus->sdiodev, 1974 SBSDIO_FUNC1_CHIPCLKCSR, &err); 1975 if (!err) { 1976 brcmf_sdio_regwb(bus->sdiodev, SBSDIO_FUNC1_CHIPCLKCSR, 1977 (saveclk | SBSDIO_FORCE_HT), &err); 1978 } 1979 if (err) 1980 brcmf_err("Failed to force clock for F2: err %d\n", err); 1981 1982 /* Turn off the bus (F2), free any pending packets */ 1983 brcmf_dbg(INTR, "disable SDIO interrupts\n"); 1984 brcmf_sdio_regwb(bus->sdiodev, SDIO_CCCR_IOEx, SDIO_FUNC_ENABLE_1, 1985 NULL); 1986 1987 /* Clear any pending interrupts now that F2 is disabled */ 1988 w_sdreg32(bus, local_hostintmask, 1989 offsetof(struct sdpcmd_regs, intstatus)); 1990 1991 /* Turn off the backplane clock (only) */ 1992 brcmf_sdbrcm_clkctl(bus, CLK_SDONLY, false); 1993 sdio_release_host(bus->sdiodev->func[1]); 1994 1995 /* Clear the data packet queues */ 1996 brcmu_pktq_flush(&bus->txq, true, NULL, NULL); 1997 1998 /* Clear any held glomming stuff */ 1999 if (bus->glomd) 2000 brcmu_pkt_buf_free_skb(bus->glomd); 2001 brcmf_sdbrcm_free_glom(bus); 2002 2003 /* Clear rx control and wake any waiters */ 2004 spin_lock_bh(&bus->rxctl_lock); 2005 bus->rxlen = 0; 2006 spin_unlock_bh(&bus->rxctl_lock); 2007 brcmf_sdbrcm_dcmd_resp_wake(bus); 2008 2009 /* Reset some F2 state stuff */ 2010 bus->rxskip = false; 2011 bus->tx_seq = bus->rx_seq = 0; 2012} 2013 2014#ifdef CONFIG_BRCMFMAC_SDIO_OOB 2015static inline void brcmf_sdbrcm_clrintr(struct brcmf_sdio *bus) 2016{ 2017 unsigned long flags; 2018 2019 spin_lock_irqsave(&bus->sdiodev->irq_en_lock, flags); 2020 if (!bus->sdiodev->irq_en && !atomic_read(&bus->ipend)) { 2021 enable_irq(bus->sdiodev->irq); 2022 bus->sdiodev->irq_en = true; 2023 } 2024 spin_unlock_irqrestore(&bus->sdiodev->irq_en_lock, flags); 2025} 2026#else 2027static inline void brcmf_sdbrcm_clrintr(struct brcmf_sdio *bus) 2028{ 2029} 2030#endif /* CONFIG_BRCMFMAC_SDIO_OOB */ 2031 2032static inline void brcmf_sdbrcm_adddpctsk(struct brcmf_sdio *bus) 2033{ 2034 struct list_head *new_hd; 2035 unsigned long flags; 2036 2037 if (in_interrupt()) 2038 new_hd = kzalloc(sizeof(struct list_head), GFP_ATOMIC); 2039 else 2040 new_hd = kzalloc(sizeof(struct list_head), GFP_KERNEL); 2041 if (new_hd == NULL) 2042 return; 2043 2044 spin_lock_irqsave(&bus->dpc_tl_lock, flags); 2045 list_add_tail(new_hd, &bus->dpc_tsklst); 2046 spin_unlock_irqrestore(&bus->dpc_tl_lock, flags); 2047} 2048 2049static int brcmf_sdio_intr_rstatus(struct brcmf_sdio *bus) 2050{ 2051 u8 idx; 2052 u32 addr; 2053 unsigned long val; 2054 int n, ret; 2055 2056 idx = brcmf_sdio_chip_getinfidx(bus->ci, BCMA_CORE_SDIO_DEV); 2057 addr = bus->ci->c_inf[idx].base + 2058 offsetof(struct sdpcmd_regs, intstatus); 2059 2060 ret = brcmf_sdio_regrw_helper(bus->sdiodev, addr, &val, false); 2061 bus->sdcnt.f1regdata++; 2062 if (ret != 0) 2063 val = 0; 2064 2065 val &= bus->hostintmask; 2066 atomic_set(&bus->fcstate, !!(val & I_HMB_FC_STATE)); 2067 2068 /* Clear interrupts */ 2069 if (val) { 2070 ret = brcmf_sdio_regrw_helper(bus->sdiodev, addr, &val, true); 2071 bus->sdcnt.f1regdata++; 2072 } 2073 2074 if (ret) { 2075 atomic_set(&bus->intstatus, 0); 2076 } else if (val) { 2077 for_each_set_bit(n, &val, 32) 2078 set_bit(n, (unsigned long *)&bus->intstatus.counter); 2079 } 2080 2081 return ret; 2082} 2083 2084static void brcmf_sdbrcm_dpc(struct brcmf_sdio *bus) 2085{ 2086 u32 newstatus = 0; 2087 unsigned long intstatus; 2088 uint rxlimit = bus->rxbound; /* Rx frames to read before resched */ 2089 uint txlimit = bus->txbound; /* Tx frames to send before resched */ 2090 uint framecnt = 0; /* Temporary counter of tx/rx frames */ 2091 int err = 0, n; 2092 2093 brcmf_dbg(TRACE, "Enter\n"); 2094 2095 sdio_claim_host(bus->sdiodev->func[1]); 2096 2097 /* If waiting for HTAVAIL, check status */ 2098 if (bus->clkstate == CLK_PENDING) { 2099 u8 clkctl, devctl = 0; 2100 2101#ifdef DEBUG 2102 /* Check for inconsistent device control */ 2103 devctl = brcmf_sdio_regrb(bus->sdiodev, 2104 SBSDIO_DEVICE_CTL, &err); 2105 if (err) { 2106 brcmf_err("error reading DEVCTL: %d\n", err); 2107 bus->sdiodev->bus_if->state = BRCMF_BUS_DOWN; 2108 } 2109#endif /* DEBUG */ 2110 2111 /* Read CSR, if clock on switch to AVAIL, else ignore */ 2112 clkctl = brcmf_sdio_regrb(bus->sdiodev, 2113 SBSDIO_FUNC1_CHIPCLKCSR, &err); 2114 if (err) { 2115 brcmf_err("error reading CSR: %d\n", 2116 err); 2117 bus->sdiodev->bus_if->state = BRCMF_BUS_DOWN; 2118 } 2119 2120 brcmf_dbg(INFO, "DPC: PENDING, devctl 0x%02x clkctl 0x%02x\n", 2121 devctl, clkctl); 2122 2123 if (SBSDIO_HTAV(clkctl)) { 2124 devctl = brcmf_sdio_regrb(bus->sdiodev, 2125 SBSDIO_DEVICE_CTL, &err); 2126 if (err) { 2127 brcmf_err("error reading DEVCTL: %d\n", 2128 err); 2129 bus->sdiodev->bus_if->state = BRCMF_BUS_DOWN; 2130 } 2131 devctl &= ~SBSDIO_DEVCTL_CA_INT_ONLY; 2132 brcmf_sdio_regwb(bus->sdiodev, SBSDIO_DEVICE_CTL, 2133 devctl, &err); 2134 if (err) { 2135 brcmf_err("error writing DEVCTL: %d\n", 2136 err); 2137 bus->sdiodev->bus_if->state = BRCMF_BUS_DOWN; 2138 } 2139 bus->clkstate = CLK_AVAIL; 2140 } 2141 } 2142 2143 /* Make sure backplane clock is on */ 2144 brcmf_sdbrcm_clkctl(bus, CLK_AVAIL, true); 2145 2146 /* Pending interrupt indicates new device status */ 2147 if (atomic_read(&bus->ipend) > 0) { 2148 atomic_set(&bus->ipend, 0); 2149 err = brcmf_sdio_intr_rstatus(bus); 2150 } 2151 2152 /* Start with leftover status bits */ 2153 intstatus = atomic_xchg(&bus->intstatus, 0); 2154 2155 /* Handle flow-control change: read new state in case our ack 2156 * crossed another change interrupt. If change still set, assume 2157 * FC ON for safety, let next loop through do the debounce. 2158 */ 2159 if (intstatus & I_HMB_FC_CHANGE) { 2160 intstatus &= ~I_HMB_FC_CHANGE; 2161 err = w_sdreg32(bus, I_HMB_FC_CHANGE, 2162 offsetof(struct sdpcmd_regs, intstatus)); 2163 2164 err = r_sdreg32(bus, &newstatus, 2165 offsetof(struct sdpcmd_regs, intstatus)); 2166 bus->sdcnt.f1regdata += 2; 2167 atomic_set(&bus->fcstate, 2168 !!(newstatus & (I_HMB_FC_STATE | I_HMB_FC_CHANGE))); 2169 intstatus |= (newstatus & bus->hostintmask); 2170 } 2171 2172 /* Handle host mailbox indication */ 2173 if (intstatus & I_HMB_HOST_INT) { 2174 intstatus &= ~I_HMB_HOST_INT; 2175 intstatus |= brcmf_sdbrcm_hostmail(bus); 2176 } 2177 2178 sdio_release_host(bus->sdiodev->func[1]); 2179 2180 /* Generally don't ask for these, can get CRC errors... */ 2181 if (intstatus & I_WR_OOSYNC) { 2182 brcmf_err("Dongle reports WR_OOSYNC\n"); 2183 intstatus &= ~I_WR_OOSYNC; 2184 } 2185 2186 if (intstatus & I_RD_OOSYNC) { 2187 brcmf_err("Dongle reports RD_OOSYNC\n"); 2188 intstatus &= ~I_RD_OOSYNC; 2189 } 2190 2191 if (intstatus & I_SBINT) { 2192 brcmf_err("Dongle reports SBINT\n"); 2193 intstatus &= ~I_SBINT; 2194 } 2195 2196 /* Would be active due to wake-wlan in gSPI */ 2197 if (intstatus & I_CHIPACTIVE) { 2198 brcmf_dbg(INFO, "Dongle reports CHIPACTIVE\n"); 2199 intstatus &= ~I_CHIPACTIVE; 2200 } 2201 2202 /* Ignore frame indications if rxskip is set */ 2203 if (bus->rxskip) 2204 intstatus &= ~I_HMB_FRAME_IND; 2205 2206 /* On frame indication, read available frames */ 2207 if (PKT_AVAILABLE() && bus->clkstate == CLK_AVAIL) { 2208 framecnt = brcmf_sdio_readframes(bus, rxlimit); 2209 if (!bus->rxpending) 2210 intstatus &= ~I_HMB_FRAME_IND; 2211 rxlimit -= min(framecnt, rxlimit); 2212 } 2213 2214 /* Keep still-pending events for next scheduling */ 2215 if (intstatus) { 2216 for_each_set_bit(n, &intstatus, 32) 2217 set_bit(n, (unsigned long *)&bus->intstatus.counter); 2218 } 2219 2220 brcmf_sdbrcm_clrintr(bus); 2221 2222 if (data_ok(bus) && bus->ctrl_frame_stat && 2223 (bus->clkstate == CLK_AVAIL)) { 2224 int i; 2225 2226 sdio_claim_host(bus->sdiodev->func[1]); 2227 err = brcmf_sdcard_send_buf(bus->sdiodev, bus->sdiodev->sbwad, 2228 SDIO_FUNC_2, F2SYNC, bus->ctrl_frame_buf, 2229 (u32) bus->ctrl_frame_len); 2230 2231 if (err < 0) { 2232 /* On failure, abort the command and 2233 terminate the frame */ 2234 brcmf_dbg(INFO, "sdio error %d, abort command and terminate frame\n", 2235 err); 2236 bus->sdcnt.tx_sderrs++; 2237 2238 brcmf_sdcard_abort(bus->sdiodev, SDIO_FUNC_2); 2239 2240 brcmf_sdio_regwb(bus->sdiodev, SBSDIO_FUNC1_FRAMECTRL, 2241 SFC_WF_TERM, &err); 2242 bus->sdcnt.f1regdata++; 2243 2244 for (i = 0; i < 3; i++) { 2245 u8 hi, lo; 2246 hi = brcmf_sdio_regrb(bus->sdiodev, 2247 SBSDIO_FUNC1_WFRAMEBCHI, 2248 &err); 2249 lo = brcmf_sdio_regrb(bus->sdiodev, 2250 SBSDIO_FUNC1_WFRAMEBCLO, 2251 &err); 2252 bus->sdcnt.f1regdata += 2; 2253 if ((hi == 0) && (lo == 0)) 2254 break; 2255 } 2256 2257 } else { 2258 bus->tx_seq = (bus->tx_seq + 1) % SDPCM_SEQUENCE_WRAP; 2259 } 2260 sdio_release_host(bus->sdiodev->func[1]); 2261 bus->ctrl_frame_stat = false; 2262 brcmf_sdbrcm_wait_event_wakeup(bus); 2263 } 2264 /* Send queued frames (limit 1 if rx may still be pending) */ 2265 else if ((bus->clkstate == CLK_AVAIL) && !atomic_read(&bus->fcstate) && 2266 brcmu_pktq_mlen(&bus->txq, ~bus->flowcontrol) && txlimit 2267 && data_ok(bus)) { 2268 framecnt = bus->rxpending ? min(txlimit, bus->txminmax) : 2269 txlimit; 2270 framecnt = brcmf_sdbrcm_sendfromq(bus, framecnt); 2271 txlimit -= framecnt; 2272 } 2273 2274 if ((bus->sdiodev->bus_if->state == BRCMF_BUS_DOWN) || (err != 0)) { 2275 brcmf_err("failed backplane access over SDIO, halting operation\n"); 2276 bus->sdiodev->bus_if->state = BRCMF_BUS_DOWN; 2277 atomic_set(&bus->intstatus, 0); 2278 } else if (atomic_read(&bus->intstatus) || 2279 atomic_read(&bus->ipend) > 0 || 2280 (!atomic_read(&bus->fcstate) && 2281 brcmu_pktq_mlen(&bus->txq, ~bus->flowcontrol) && 2282 data_ok(bus)) || PKT_AVAILABLE()) { 2283 brcmf_sdbrcm_adddpctsk(bus); 2284 } 2285 2286 /* If we're done for now, turn off clock request. */ 2287 if ((bus->clkstate != CLK_PENDING) 2288 && bus->idletime == BRCMF_IDLE_IMMEDIATE) { 2289 bus->activity = false; 2290 sdio_claim_host(bus->sdiodev->func[1]); 2291 brcmf_sdbrcm_clkctl(bus, CLK_NONE, false); 2292 sdio_release_host(bus->sdiodev->func[1]); 2293 } 2294} 2295 2296static struct pktq *brcmf_sdbrcm_bus_gettxq(struct device *dev) 2297{ 2298 struct brcmf_bus *bus_if = dev_get_drvdata(dev); 2299 struct brcmf_sdio_dev *sdiodev = bus_if->bus_priv.sdio; 2300 struct brcmf_sdio *bus = sdiodev->bus; 2301 2302 return &bus->txq; 2303} 2304 2305static int brcmf_sdbrcm_bus_txdata(struct device *dev, struct sk_buff *pkt) 2306{ 2307 int ret = -EBADE; 2308 uint datalen, prec; 2309 struct brcmf_bus *bus_if = dev_get_drvdata(dev); 2310 struct brcmf_sdio_dev *sdiodev = bus_if->bus_priv.sdio; 2311 struct brcmf_sdio *bus = sdiodev->bus; 2312 unsigned long flags; 2313 2314 brcmf_dbg(TRACE, "Enter\n"); 2315 2316 datalen = pkt->len; 2317 2318 /* Add space for the header */ 2319 skb_push(pkt, SDPCM_HDRLEN); 2320 /* precondition: IS_ALIGNED((unsigned long)(pkt->data), 2) */ 2321 2322 prec = prio2prec((pkt->priority & PRIOMASK)); 2323 2324 /* Check for existing queue, current flow-control, 2325 pending event, or pending clock */ 2326 brcmf_dbg(TRACE, "deferring pktq len %d\n", pktq_len(&bus->txq)); 2327 bus->sdcnt.fcqueued++; 2328 2329 /* Priority based enq */ 2330 spin_lock_bh(&bus->txqlock); 2331 if (!brcmf_c_prec_enq(bus->sdiodev->dev, &bus->txq, pkt, prec)) { 2332 skb_pull(pkt, SDPCM_HDRLEN); 2333 brcmf_txcomplete(bus->sdiodev->dev, pkt, false); 2334 brcmf_err("out of bus->txq !!!\n"); 2335 ret = -ENOSR; 2336 } else { 2337 ret = 0; 2338 } 2339 spin_unlock_bh(&bus->txqlock); 2340 2341 if (pktq_len(&bus->txq) >= TXHI) { 2342 bus->txoff = true; 2343 brcmf_txflowblock(bus->sdiodev->dev, true); 2344 } 2345 2346#ifdef DEBUG 2347 if (pktq_plen(&bus->txq, prec) > qcount[prec]) 2348 qcount[prec] = pktq_plen(&bus->txq, prec); 2349#endif 2350 2351 spin_lock_irqsave(&bus->dpc_tl_lock, flags); 2352 if (list_empty(&bus->dpc_tsklst)) { 2353 spin_unlock_irqrestore(&bus->dpc_tl_lock, flags); 2354 2355 brcmf_sdbrcm_adddpctsk(bus); 2356 queue_work(bus->brcmf_wq, &bus->datawork); 2357 } else { 2358 spin_unlock_irqrestore(&bus->dpc_tl_lock, flags); 2359 } 2360 2361 return ret; 2362} 2363 2364static int 2365brcmf_sdbrcm_membytes(struct brcmf_sdio *bus, bool write, u32 address, u8 *data, 2366 uint size) 2367{ 2368 int bcmerror = 0; 2369 u32 sdaddr; 2370 uint dsize; 2371 2372 /* Determine initial transfer parameters */ 2373 sdaddr = address & SBSDIO_SB_OFT_ADDR_MASK; 2374 if ((sdaddr + size) & SBSDIO_SBWINDOW_MASK) 2375 dsize = (SBSDIO_SB_OFT_ADDR_LIMIT - sdaddr); 2376 else 2377 dsize = size; 2378 2379 sdio_claim_host(bus->sdiodev->func[1]); 2380 2381 /* Set the backplane window to include the start address */ 2382 bcmerror = brcmf_sdcard_set_sbaddr_window(bus->sdiodev, address); 2383 if (bcmerror) { 2384 brcmf_err("window change failed\n"); 2385 goto xfer_done; 2386 } 2387 2388 /* Do the transfer(s) */ 2389 while (size) { 2390 brcmf_dbg(INFO, "%s %d bytes at offset 0x%08x in window 0x%08x\n", 2391 write ? "write" : "read", dsize, 2392 sdaddr, address & SBSDIO_SBWINDOW_MASK); 2393 bcmerror = brcmf_sdcard_rwdata(bus->sdiodev, write, 2394 sdaddr, data, dsize); 2395 if (bcmerror) { 2396 brcmf_err("membytes transfer failed\n"); 2397 break; 2398 } 2399 2400 /* Adjust for next transfer (if any) */ 2401 size -= dsize; 2402 if (size) { 2403 data += dsize; 2404 address += dsize; 2405 bcmerror = brcmf_sdcard_set_sbaddr_window(bus->sdiodev, 2406 address); 2407 if (bcmerror) { 2408 brcmf_err("window change failed\n"); 2409 break; 2410 } 2411 sdaddr = 0; 2412 dsize = min_t(uint, SBSDIO_SB_OFT_ADDR_LIMIT, size); 2413 } 2414 } 2415 2416xfer_done: 2417 /* Return the window to backplane enumeration space for core access */ 2418 if (brcmf_sdcard_set_sbaddr_window(bus->sdiodev, bus->sdiodev->sbwad)) 2419 brcmf_err("FAILED to set window back to 0x%x\n", 2420 bus->sdiodev->sbwad); 2421 2422 sdio_release_host(bus->sdiodev->func[1]); 2423 2424 return bcmerror; 2425} 2426 2427#ifdef DEBUG 2428#define CONSOLE_LINE_MAX 192 2429 2430static int brcmf_sdbrcm_readconsole(struct brcmf_sdio *bus) 2431{ 2432 struct brcmf_console *c = &bus->console; 2433 u8 line[CONSOLE_LINE_MAX], ch; 2434 u32 n, idx, addr; 2435 int rv; 2436 2437 /* Don't do anything until FWREADY updates console address */ 2438 if (bus->console_addr == 0) 2439 return 0; 2440 2441 /* Read console log struct */ 2442 addr = bus->console_addr + offsetof(struct rte_console, log_le); 2443 rv = brcmf_sdbrcm_membytes(bus, false, addr, (u8 *)&c->log_le, 2444 sizeof(c->log_le)); 2445 if (rv < 0) 2446 return rv; 2447 2448 /* Allocate console buffer (one time only) */ 2449 if (c->buf == NULL) { 2450 c->bufsize = le32_to_cpu(c->log_le.buf_size); 2451 c->buf = kmalloc(c->bufsize, GFP_ATOMIC); 2452 if (c->buf == NULL) 2453 return -ENOMEM; 2454 } 2455 2456 idx = le32_to_cpu(c->log_le.idx); 2457 2458 /* Protect against corrupt value */ 2459 if (idx > c->bufsize) 2460 return -EBADE; 2461 2462 /* Skip reading the console buffer if the index pointer 2463 has not moved */ 2464 if (idx == c->last) 2465 return 0; 2466 2467 /* Read the console buffer */ 2468 addr = le32_to_cpu(c->log_le.buf); 2469 rv = brcmf_sdbrcm_membytes(bus, false, addr, c->buf, c->bufsize); 2470 if (rv < 0) 2471 return rv; 2472 2473 while (c->last != idx) { 2474 for (n = 0; n < CONSOLE_LINE_MAX - 2; n++) { 2475 if (c->last == idx) { 2476 /* This would output a partial line. 2477 * Instead, back up 2478 * the buffer pointer and output this 2479 * line next time around. 2480 */ 2481 if (c->last >= n) 2482 c->last -= n; 2483 else 2484 c->last = c->bufsize - n; 2485 goto break2; 2486 } 2487 ch = c->buf[c->last]; 2488 c->last = (c->last + 1) % c->bufsize; 2489 if (ch == '\n') 2490 break; 2491 line[n] = ch; 2492 } 2493 2494 if (n > 0) { 2495 if (line[n - 1] == '\r') 2496 n--; 2497 line[n] = 0; 2498 pr_debug("CONSOLE: %s\n", line); 2499 } 2500 } 2501break2: 2502 2503 return 0; 2504} 2505#endif /* DEBUG */ 2506 2507static int brcmf_tx_frame(struct brcmf_sdio *bus, u8 *frame, u16 len) 2508{ 2509 int i; 2510 int ret; 2511 2512 bus->ctrl_frame_stat = false; 2513 ret = brcmf_sdcard_send_buf(bus->sdiodev, bus->sdiodev->sbwad, 2514 SDIO_FUNC_2, F2SYNC, frame, len); 2515 2516 if (ret < 0) { 2517 /* On failure, abort the command and terminate the frame */ 2518 brcmf_dbg(INFO, "sdio error %d, abort command and terminate frame\n", 2519 ret); 2520 bus->sdcnt.tx_sderrs++; 2521 2522 brcmf_sdcard_abort(bus->sdiodev, SDIO_FUNC_2); 2523 2524 brcmf_sdio_regwb(bus->sdiodev, SBSDIO_FUNC1_FRAMECTRL, 2525 SFC_WF_TERM, NULL); 2526 bus->sdcnt.f1regdata++; 2527 2528 for (i = 0; i < 3; i++) { 2529 u8 hi, lo; 2530 hi = brcmf_sdio_regrb(bus->sdiodev, 2531 SBSDIO_FUNC1_WFRAMEBCHI, NULL); 2532 lo = brcmf_sdio_regrb(bus->sdiodev, 2533 SBSDIO_FUNC1_WFRAMEBCLO, NULL); 2534 bus->sdcnt.f1regdata += 2; 2535 if (hi == 0 && lo == 0) 2536 break; 2537 } 2538 return ret; 2539 } 2540 2541 bus->tx_seq = (bus->tx_seq + 1) % SDPCM_SEQUENCE_WRAP; 2542 2543 return ret; 2544} 2545 2546static int 2547brcmf_sdbrcm_bus_txctl(struct device *dev, unsigned char *msg, uint msglen) 2548{ 2549 u8 *frame; 2550 u16 len; 2551 u32 swheader; 2552 uint retries = 0; 2553 u8 doff = 0; 2554 int ret = -1; 2555 struct brcmf_bus *bus_if = dev_get_drvdata(dev); 2556 struct brcmf_sdio_dev *sdiodev = bus_if->bus_priv.sdio; 2557 struct brcmf_sdio *bus = sdiodev->bus; 2558 unsigned long flags; 2559 2560 brcmf_dbg(TRACE, "Enter\n"); 2561 2562 /* Back the pointer to make a room for bus header */ 2563 frame = msg - SDPCM_HDRLEN; 2564 len = (msglen += SDPCM_HDRLEN); 2565 2566 /* Add alignment padding (optional for ctl frames) */ 2567 doff = ((unsigned long)frame % BRCMF_SDALIGN); 2568 if (doff) { 2569 frame -= doff; 2570 len += doff; 2571 msglen += doff; 2572 memset(frame, 0, doff + SDPCM_HDRLEN); 2573 } 2574 /* precondition: doff < BRCMF_SDALIGN */ 2575 doff += SDPCM_HDRLEN; 2576 2577 /* Round send length to next SDIO block */ 2578 if (bus->roundup && bus->blocksize && (len > bus->blocksize)) { 2579 u16 pad = bus->blocksize - (len % bus->blocksize); 2580 if ((pad <= bus->roundup) && (pad < bus->blocksize)) 2581 len += pad; 2582 } else if (len % BRCMF_SDALIGN) { 2583 len += BRCMF_SDALIGN - (len % BRCMF_SDALIGN); 2584 } 2585 2586 /* Satisfy length-alignment requirements */ 2587 if (len & (ALIGNMENT - 1)) 2588 len = roundup(len, ALIGNMENT); 2589 2590 /* precondition: IS_ALIGNED((unsigned long)frame, 2) */ 2591 2592 /* Make sure backplane clock is on */ 2593 sdio_claim_host(bus->sdiodev->func[1]); 2594 brcmf_sdbrcm_clkctl(bus, CLK_AVAIL, false); 2595 sdio_release_host(bus->sdiodev->func[1]); 2596 2597 /* Hardware tag: 2 byte len followed by 2 byte ~len check (all LE) */ 2598 *(__le16 *) frame = cpu_to_le16((u16) msglen); 2599 *(((__le16 *) frame) + 1) = cpu_to_le16(~msglen); 2600 2601 /* Software tag: channel, sequence number, data offset */ 2602 swheader = 2603 ((SDPCM_CONTROL_CHANNEL << SDPCM_CHANNEL_SHIFT) & 2604 SDPCM_CHANNEL_MASK) 2605 | bus->tx_seq | ((doff << SDPCM_DOFFSET_SHIFT) & 2606 SDPCM_DOFFSET_MASK); 2607 put_unaligned_le32(swheader, frame + SDPCM_FRAMETAG_LEN); 2608 put_unaligned_le32(0, frame + SDPCM_FRAMETAG_LEN + sizeof(swheader)); 2609 2610 if (!data_ok(bus)) { 2611 brcmf_dbg(INFO, "No bus credit bus->tx_max %d, bus->tx_seq %d\n", 2612 bus->tx_max, bus->tx_seq); 2613 bus->ctrl_frame_stat = true; 2614 /* Send from dpc */ 2615 bus->ctrl_frame_buf = frame; 2616 bus->ctrl_frame_len = len; 2617 2618 wait_event_interruptible_timeout(bus->ctrl_wait, 2619 !bus->ctrl_frame_stat, 2620 msecs_to_jiffies(2000)); 2621 2622 if (!bus->ctrl_frame_stat) { 2623 brcmf_dbg(INFO, "ctrl_frame_stat == false\n"); 2624 ret = 0; 2625 } else { 2626 brcmf_dbg(INFO, "ctrl_frame_stat == true\n"); 2627 ret = -1; 2628 } 2629 } 2630 2631 if (ret == -1) { 2632 brcmf_dbg_hex_dump(BRCMF_BYTES_ON() && BRCMF_CTL_ON(), 2633 frame, len, "Tx Frame:\n"); 2634 brcmf_dbg_hex_dump(!(BRCMF_BYTES_ON() && BRCMF_CTL_ON()) && 2635 BRCMF_HDRS_ON(), 2636 frame, min_t(u16, len, 16), "TxHdr:\n"); 2637 2638 do { 2639 sdio_claim_host(bus->sdiodev->func[1]); 2640 ret = brcmf_tx_frame(bus, frame, len); 2641 sdio_release_host(bus->sdiodev->func[1]); 2642 } while (ret < 0 && retries++ < TXRETRIES); 2643 } 2644 2645 spin_lock_irqsave(&bus->dpc_tl_lock, flags); 2646 if ((bus->idletime == BRCMF_IDLE_IMMEDIATE) && 2647 list_empty(&bus->dpc_tsklst)) { 2648 spin_unlock_irqrestore(&bus->dpc_tl_lock, flags); 2649 2650 bus->activity = false; 2651 sdio_claim_host(bus->sdiodev->func[1]); 2652 brcmf_sdbrcm_clkctl(bus, CLK_NONE, true); 2653 sdio_release_host(bus->sdiodev->func[1]); 2654 } else { 2655 spin_unlock_irqrestore(&bus->dpc_tl_lock, flags); 2656 } 2657 2658 if (ret) 2659 bus->sdcnt.tx_ctlerrs++; 2660 else 2661 bus->sdcnt.tx_ctlpkts++; 2662 2663 return ret ? -EIO : 0; 2664} 2665 2666#ifdef DEBUG 2667static inline bool brcmf_sdio_valid_shared_address(u32 addr) 2668{ 2669 return !(addr == 0 || ((~addr >> 16) & 0xffff) == (addr & 0xffff)); 2670} 2671 2672static int brcmf_sdio_readshared(struct brcmf_sdio *bus, 2673 struct sdpcm_shared *sh) 2674{ 2675 u32 addr; 2676 int rv; 2677 u32 shaddr = 0; 2678 struct sdpcm_shared_le sh_le; 2679 __le32 addr_le; 2680 2681 shaddr = bus->ramsize - 4; 2682 2683 /* 2684 * Read last word in socram to determine 2685 * address of sdpcm_shared structure 2686 */ 2687 sdio_claim_host(bus->sdiodev->func[1]); 2688 brcmf_sdbrcm_clkctl(bus, CLK_AVAIL, false); 2689 rv = brcmf_sdbrcm_membytes(bus, false, shaddr, 2690 (u8 *)&addr_le, 4); 2691 sdio_release_host(bus->sdiodev->func[1]); 2692 if (rv < 0) 2693 return rv; 2694 2695 addr = le32_to_cpu(addr_le); 2696 2697 brcmf_dbg(INFO, "sdpcm_shared address 0x%08X\n", addr); 2698 2699 /* 2700 * Check if addr is valid. 2701 * NVRAM length at the end of memory should have been overwritten. 2702 */ 2703 if (!brcmf_sdio_valid_shared_address(addr)) { 2704 brcmf_err("invalid sdpcm_shared address 0x%08X\n", 2705 addr); 2706 return -EINVAL; 2707 } 2708 2709 /* Read hndrte_shared structure */ 2710 rv = brcmf_sdbrcm_membytes(bus, false, addr, (u8 *)&sh_le, 2711 sizeof(struct sdpcm_shared_le)); 2712 if (rv < 0) 2713 return rv; 2714 2715 /* Endianness */ 2716 sh->flags = le32_to_cpu(sh_le.flags); 2717 sh->trap_addr = le32_to_cpu(sh_le.trap_addr); 2718 sh->assert_exp_addr = le32_to_cpu(sh_le.assert_exp_addr); 2719 sh->assert_file_addr = le32_to_cpu(sh_le.assert_file_addr); 2720 sh->assert_line = le32_to_cpu(sh_le.assert_line); 2721 sh->console_addr = le32_to_cpu(sh_le.console_addr); 2722 sh->msgtrace_addr = le32_to_cpu(sh_le.msgtrace_addr); 2723 2724 if ((sh->flags & SDPCM_SHARED_VERSION_MASK) != SDPCM_SHARED_VERSION) { 2725 brcmf_err("sdpcm_shared version mismatch: dhd %d dongle %d\n", 2726 SDPCM_SHARED_VERSION, 2727 sh->flags & SDPCM_SHARED_VERSION_MASK); 2728 return -EPROTO; 2729 } 2730 2731 return 0; 2732} 2733 2734static int brcmf_sdio_dump_console(struct brcmf_sdio *bus, 2735 struct sdpcm_shared *sh, char __user *data, 2736 size_t count) 2737{ 2738 u32 addr, console_ptr, console_size, console_index; 2739 char *conbuf = NULL; 2740 __le32 sh_val; 2741 int rv; 2742 loff_t pos = 0; 2743 int nbytes = 0; 2744 2745 /* obtain console information from device memory */ 2746 addr = sh->console_addr + offsetof(struct rte_console, log_le); 2747 rv = brcmf_sdbrcm_membytes(bus, false, addr, 2748 (u8 *)&sh_val, sizeof(u32)); 2749 if (rv < 0) 2750 return rv; 2751 console_ptr = le32_to_cpu(sh_val); 2752 2753 addr = sh->console_addr + offsetof(struct rte_console, log_le.buf_size); 2754 rv = brcmf_sdbrcm_membytes(bus, false, addr, 2755 (u8 *)&sh_val, sizeof(u32)); 2756 if (rv < 0) 2757 return rv; 2758 console_size = le32_to_cpu(sh_val); 2759 2760 addr = sh->console_addr + offsetof(struct rte_console, log_le.idx); 2761 rv = brcmf_sdbrcm_membytes(bus, false, addr, 2762 (u8 *)&sh_val, sizeof(u32)); 2763 if (rv < 0) 2764 return rv; 2765 console_index = le32_to_cpu(sh_val); 2766 2767 /* allocate buffer for console data */ 2768 if (console_size <= CONSOLE_BUFFER_MAX) 2769 conbuf = vzalloc(console_size+1); 2770 2771 if (!conbuf) 2772 return -ENOMEM; 2773 2774 /* obtain the console data from device */ 2775 conbuf[console_size] = '\0'; 2776 rv = brcmf_sdbrcm_membytes(bus, false, console_ptr, (u8 *)conbuf, 2777 console_size); 2778 if (rv < 0) 2779 goto done; 2780 2781 rv = simple_read_from_buffer(data, count, &pos, 2782 conbuf + console_index, 2783 console_size - console_index); 2784 if (rv < 0) 2785 goto done; 2786 2787 nbytes = rv; 2788 if (console_index > 0) { 2789 pos = 0; 2790 rv = simple_read_from_buffer(data+nbytes, count, &pos, 2791 conbuf, console_index - 1); 2792 if (rv < 0) 2793 goto done; 2794 rv += nbytes; 2795 } 2796done: 2797 vfree(conbuf); 2798 return rv; 2799} 2800 2801static int brcmf_sdio_trap_info(struct brcmf_sdio *bus, struct sdpcm_shared *sh, 2802 char __user *data, size_t count) 2803{ 2804 int error, res; 2805 char buf[350]; 2806 struct brcmf_trap_info tr; 2807 int nbytes; 2808 loff_t pos = 0; 2809 2810 if ((sh->flags & SDPCM_SHARED_TRAP) == 0) 2811 return 0; 2812 2813 error = brcmf_sdbrcm_membytes(bus, false, sh->trap_addr, (u8 *)&tr, 2814 sizeof(struct brcmf_trap_info)); 2815 if (error < 0) 2816 return error; 2817 2818 nbytes = brcmf_sdio_dump_console(bus, sh, data, count); 2819 if (nbytes < 0) 2820 return nbytes; 2821 2822 res = scnprintf(buf, sizeof(buf), 2823 "dongle trap info: type 0x%x @ epc 0x%08x\n" 2824 " cpsr 0x%08x spsr 0x%08x sp 0x%08x\n" 2825 " lr 0x%08x pc 0x%08x offset 0x%x\n" 2826 " r0 0x%08x r1 0x%08x r2 0x%08x r3 0x%08x\n" 2827 " r4 0x%08x r5 0x%08x r6 0x%08x r7 0x%08x\n", 2828 le32_to_cpu(tr.type), le32_to_cpu(tr.epc), 2829 le32_to_cpu(tr.cpsr), le32_to_cpu(tr.spsr), 2830 le32_to_cpu(tr.r13), le32_to_cpu(tr.r14), 2831 le32_to_cpu(tr.pc), sh->trap_addr, 2832 le32_to_cpu(tr.r0), le32_to_cpu(tr.r1), 2833 le32_to_cpu(tr.r2), le32_to_cpu(tr.r3), 2834 le32_to_cpu(tr.r4), le32_to_cpu(tr.r5), 2835 le32_to_cpu(tr.r6), le32_to_cpu(tr.r7)); 2836 2837 error = simple_read_from_buffer(data+nbytes, count, &pos, buf, res); 2838 if (error < 0) 2839 return error; 2840 2841 nbytes += error; 2842 return nbytes; 2843} 2844 2845static int brcmf_sdio_assert_info(struct brcmf_sdio *bus, 2846 struct sdpcm_shared *sh, char __user *data, 2847 size_t count) 2848{ 2849 int error = 0; 2850 char buf[200]; 2851 char file[80] = "?"; 2852 char expr[80] = "<???>"; 2853 int res; 2854 loff_t pos = 0; 2855 2856 if ((sh->flags & SDPCM_SHARED_ASSERT_BUILT) == 0) { 2857 brcmf_dbg(INFO, "firmware not built with -assert\n"); 2858 return 0; 2859 } else if ((sh->flags & SDPCM_SHARED_ASSERT) == 0) { 2860 brcmf_dbg(INFO, "no assert in dongle\n"); 2861 return 0; 2862 } 2863 2864 sdio_claim_host(bus->sdiodev->func[1]); 2865 if (sh->assert_file_addr != 0) { 2866 error = brcmf_sdbrcm_membytes(bus, false, sh->assert_file_addr, 2867 (u8 *)file, 80); 2868 if (error < 0) 2869 return error; 2870 } 2871 if (sh->assert_exp_addr != 0) { 2872 error = brcmf_sdbrcm_membytes(bus, false, sh->assert_exp_addr, 2873 (u8 *)expr, 80); 2874 if (error < 0) 2875 return error; 2876 } 2877 sdio_release_host(bus->sdiodev->func[1]); 2878 2879 res = scnprintf(buf, sizeof(buf), 2880 "dongle assert: %s:%d: assert(%s)\n", 2881 file, sh->assert_line, expr); 2882 return simple_read_from_buffer(data, count, &pos, buf, res); 2883} 2884 2885static int brcmf_sdbrcm_checkdied(struct brcmf_sdio *bus) 2886{ 2887 int error; 2888 struct sdpcm_shared sh; 2889 2890 error = brcmf_sdio_readshared(bus, &sh); 2891 2892 if (error < 0) 2893 return error; 2894 2895 if ((sh.flags & SDPCM_SHARED_ASSERT_BUILT) == 0) 2896 brcmf_dbg(INFO, "firmware not built with -assert\n"); 2897 else if (sh.flags & SDPCM_SHARED_ASSERT) 2898 brcmf_err("assertion in dongle\n"); 2899 2900 if (sh.flags & SDPCM_SHARED_TRAP) 2901 brcmf_err("firmware trap in dongle\n"); 2902 2903 return 0; 2904} 2905 2906static int brcmf_sdbrcm_died_dump(struct brcmf_sdio *bus, char __user *data, 2907 size_t count, loff_t *ppos) 2908{ 2909 int error = 0; 2910 struct sdpcm_shared sh; 2911 int nbytes = 0; 2912 loff_t pos = *ppos; 2913 2914 if (pos != 0) 2915 return 0; 2916 2917 error = brcmf_sdio_readshared(bus, &sh); 2918 if (error < 0) 2919 goto done; 2920 2921 error = brcmf_sdio_assert_info(bus, &sh, data, count); 2922 if (error < 0) 2923 goto done; 2924 2925 nbytes = error; 2926 error = brcmf_sdio_trap_info(bus, &sh, data, count); 2927 if (error < 0) 2928 goto done; 2929 2930 error += nbytes; 2931 *ppos += error; 2932done: 2933 return error; 2934} 2935 2936static ssize_t brcmf_sdio_forensic_read(struct file *f, char __user *data, 2937 size_t count, loff_t *ppos) 2938{ 2939 struct brcmf_sdio *bus = f->private_data; 2940 int res; 2941 2942 res = brcmf_sdbrcm_died_dump(bus, data, count, ppos); 2943 if (res > 0) 2944 *ppos += res; 2945 return (ssize_t)res; 2946} 2947 2948static const struct file_operations brcmf_sdio_forensic_ops = { 2949 .owner = THIS_MODULE, 2950 .open = simple_open, 2951 .read = brcmf_sdio_forensic_read 2952}; 2953 2954static void brcmf_sdio_debugfs_create(struct brcmf_sdio *bus) 2955{ 2956 struct brcmf_pub *drvr = bus->sdiodev->bus_if->drvr; 2957 struct dentry *dentry = brcmf_debugfs_get_devdir(drvr); 2958 2959 if (IS_ERR_OR_NULL(dentry)) 2960 return; 2961 2962 debugfs_create_file("forensics", S_IRUGO, dentry, bus, 2963 &brcmf_sdio_forensic_ops); 2964 brcmf_debugfs_create_sdio_count(drvr, &bus->sdcnt); 2965} 2966#else 2967static int brcmf_sdbrcm_checkdied(struct brcmf_sdio *bus) 2968{ 2969 return 0; 2970} 2971 2972static void brcmf_sdio_debugfs_create(struct brcmf_sdio *bus) 2973{ 2974} 2975#endif /* DEBUG */ 2976 2977static int 2978brcmf_sdbrcm_bus_rxctl(struct device *dev, unsigned char *msg, uint msglen) 2979{ 2980 int timeleft; 2981 uint rxlen = 0; 2982 bool pending; 2983 u8 *buf; 2984 struct brcmf_bus *bus_if = dev_get_drvdata(dev); 2985 struct brcmf_sdio_dev *sdiodev = bus_if->bus_priv.sdio; 2986 struct brcmf_sdio *bus = sdiodev->bus; 2987 2988 brcmf_dbg(TRACE, "Enter\n"); 2989 2990 /* Wait until control frame is available */ 2991 timeleft = brcmf_sdbrcm_dcmd_resp_wait(bus, &bus->rxlen, &pending); 2992 2993 spin_lock_bh(&bus->rxctl_lock); 2994 rxlen = bus->rxlen; 2995 memcpy(msg, bus->rxctl, min(msglen, rxlen)); 2996 bus->rxctl = NULL; 2997 buf = bus->rxctl_orig; 2998 bus->rxctl_orig = NULL; 2999 bus->rxlen = 0; 3000 spin_unlock_bh(&bus->rxctl_lock); 3001 vfree(buf); 3002 3003 if (rxlen) { 3004 brcmf_dbg(CTL, "resumed on rxctl frame, got %d expected %d\n", 3005 rxlen, msglen); 3006 } else if (timeleft == 0) { 3007 brcmf_err("resumed on timeout\n"); 3008 brcmf_sdbrcm_checkdied(bus); 3009 } else if (pending) { 3010 brcmf_dbg(CTL, "cancelled\n"); 3011 return -ERESTARTSYS; 3012 } else { 3013 brcmf_dbg(CTL, "resumed for unknown reason?\n"); 3014 brcmf_sdbrcm_checkdied(bus); 3015 } 3016 3017 if (rxlen) 3018 bus->sdcnt.rx_ctlpkts++; 3019 else 3020 bus->sdcnt.rx_ctlerrs++; 3021 3022 return rxlen ? (int)rxlen : -ETIMEDOUT; 3023} 3024 3025static int brcmf_sdbrcm_write_vars(struct brcmf_sdio *bus) 3026{ 3027 int bcmerror = 0; 3028 u32 varaddr; 3029 u32 varsizew; 3030 __le32 varsizew_le; 3031#ifdef DEBUG 3032 char *nvram_ularray; 3033#endif /* DEBUG */ 3034 3035 /* Even if there are no vars are to be written, we still 3036 need to set the ramsize. */ 3037 varaddr = (bus->ramsize - 4) - bus->varsz; 3038 3039 if (bus->vars) { 3040 /* Write the vars list */ 3041 bcmerror = brcmf_sdbrcm_membytes(bus, true, varaddr, 3042 bus->vars, bus->varsz); 3043#ifdef DEBUG 3044 /* Verify NVRAM bytes */ 3045 brcmf_dbg(INFO, "Compare NVRAM dl & ul; varsize=%d\n", 3046 bus->varsz); 3047 nvram_ularray = kmalloc(bus->varsz, GFP_ATOMIC); 3048 if (!nvram_ularray) 3049 return -ENOMEM; 3050 3051 /* Upload image to verify downloaded contents. */ 3052 memset(nvram_ularray, 0xaa, bus->varsz); 3053 3054 /* Read the vars list to temp buffer for comparison */ 3055 bcmerror = brcmf_sdbrcm_membytes(bus, false, varaddr, 3056 nvram_ularray, bus->varsz); 3057 if (bcmerror) { 3058 brcmf_err("error %d on reading %d nvram bytes at 0x%08x\n", 3059 bcmerror, bus->varsz, varaddr); 3060 } 3061 /* Compare the org NVRAM with the one read from RAM */ 3062 if (memcmp(bus->vars, nvram_ularray, bus->varsz)) 3063 brcmf_err("Downloaded NVRAM image is corrupted\n"); 3064 else 3065 brcmf_err("Download/Upload/Compare of NVRAM ok\n"); 3066 3067 kfree(nvram_ularray); 3068#endif /* DEBUG */ 3069 } 3070 3071 /* adjust to the user specified RAM */ 3072 brcmf_dbg(INFO, "Physical memory size: %d\n", bus->ramsize); 3073 brcmf_dbg(INFO, "Vars are at %d, orig varsize is %d\n", 3074 varaddr, bus->varsz); 3075 3076 /* 3077 * Determine the length token: 3078 * Varsize, converted to words, in lower 16-bits, checksum 3079 * in upper 16-bits. 3080 */ 3081 if (bcmerror) { 3082 varsizew = 0; 3083 varsizew_le = cpu_to_le32(0); 3084 } else { 3085 varsizew = bus->varsz / 4; 3086 varsizew = (~varsizew << 16) | (varsizew & 0x0000FFFF); 3087 varsizew_le = cpu_to_le32(varsizew); 3088 } 3089 3090 brcmf_dbg(INFO, "New varsize is %d, length token=0x%08x\n", 3091 bus->varsz, varsizew); 3092 3093 /* Write the length token to the last word */ 3094 bcmerror = brcmf_sdbrcm_membytes(bus, true, (bus->ramsize - 4), 3095 (u8 *)&varsizew_le, 4); 3096 3097 return bcmerror; 3098} 3099 3100static int brcmf_sdbrcm_download_state(struct brcmf_sdio *bus, bool enter) 3101{ 3102 int bcmerror = 0; 3103 struct chip_info *ci = bus->ci; 3104 3105 /* To enter download state, disable ARM and reset SOCRAM. 3106 * To exit download state, simply reset ARM (default is RAM boot). 3107 */ 3108 if (enter) { 3109 bus->alp_only = true; 3110 3111 ci->coredisable(bus->sdiodev, ci, BCMA_CORE_ARM_CM3); 3112 3113 ci->resetcore(bus->sdiodev, ci, BCMA_CORE_INTERNAL_MEM); 3114 3115 /* Clear the top bit of memory */ 3116 if (bus->ramsize) { 3117 u32 zeros = 0; 3118 brcmf_sdbrcm_membytes(bus, true, bus->ramsize - 4, 3119 (u8 *)&zeros, 4); 3120 } 3121 } else { 3122 if (!ci->iscoreup(bus->sdiodev, ci, BCMA_CORE_INTERNAL_MEM)) { 3123 brcmf_err("SOCRAM core is down after reset?\n"); 3124 bcmerror = -EBADE; 3125 goto fail; 3126 } 3127 3128 bcmerror = brcmf_sdbrcm_write_vars(bus); 3129 if (bcmerror) { 3130 brcmf_err("no vars written to RAM\n"); 3131 bcmerror = 0; 3132 } 3133 3134 w_sdreg32(bus, 0xFFFFFFFF, 3135 offsetof(struct sdpcmd_regs, intstatus)); 3136 3137 ci->resetcore(bus->sdiodev, ci, BCMA_CORE_ARM_CM3); 3138 3139 /* Allow HT Clock now that the ARM is running. */ 3140 bus->alp_only = false; 3141 3142 bus->sdiodev->bus_if->state = BRCMF_BUS_LOAD; 3143 } 3144fail: 3145 return bcmerror; 3146} 3147 3148static int brcmf_sdbrcm_get_image(char *buf, int len, struct brcmf_sdio *bus) 3149{ 3150 if (bus->firmware->size < bus->fw_ptr + len) 3151 len = bus->firmware->size - bus->fw_ptr; 3152 3153 memcpy(buf, &bus->firmware->data[bus->fw_ptr], len); 3154 bus->fw_ptr += len; 3155 return len; 3156} 3157 3158static int brcmf_sdbrcm_download_code_file(struct brcmf_sdio *bus) 3159{ 3160 int offset = 0; 3161 uint len; 3162 u8 *memblock = NULL, *memptr; 3163 int ret; 3164 3165 brcmf_dbg(INFO, "Enter\n"); 3166 3167 ret = request_firmware(&bus->firmware, BRCMF_SDIO_FW_NAME, 3168 &bus->sdiodev->func[2]->dev); 3169 if (ret) { 3170 brcmf_err("Fail to request firmware %d\n", ret); 3171 return ret; 3172 } 3173 bus->fw_ptr = 0; 3174 3175 memptr = memblock = kmalloc(MEMBLOCK + BRCMF_SDALIGN, GFP_ATOMIC); 3176 if (memblock == NULL) { 3177 ret = -ENOMEM; 3178 goto err; 3179 } 3180 if ((u32)(unsigned long)memblock % BRCMF_SDALIGN) 3181 memptr += (BRCMF_SDALIGN - 3182 ((u32)(unsigned long)memblock % BRCMF_SDALIGN)); 3183 3184 /* Download image */ 3185 while ((len = 3186 brcmf_sdbrcm_get_image((char *)memptr, MEMBLOCK, bus))) { 3187 ret = brcmf_sdbrcm_membytes(bus, true, offset, memptr, len); 3188 if (ret) { 3189 brcmf_err("error %d on writing %d membytes at 0x%08x\n", 3190 ret, MEMBLOCK, offset); 3191 goto err; 3192 } 3193 3194 offset += MEMBLOCK; 3195 } 3196 3197err: 3198 kfree(memblock); 3199 3200 release_firmware(bus->firmware); 3201 bus->fw_ptr = 0; 3202 3203 return ret; 3204} 3205 3206/* 3207 * ProcessVars:Takes a buffer of "<var>=<value>\n" lines read from a file 3208 * and ending in a NUL. 3209 * Removes carriage returns, empty lines, comment lines, and converts 3210 * newlines to NULs. 3211 * Shortens buffer as needed and pads with NULs. End of buffer is marked 3212 * by two NULs. 3213*/ 3214 3215static int brcmf_process_nvram_vars(struct brcmf_sdio *bus) 3216{ 3217 char *varbuf; 3218 char *dp; 3219 bool findNewline; 3220 int column; 3221 int ret = 0; 3222 uint buf_len, n, len; 3223 3224 len = bus->firmware->size; 3225 varbuf = vmalloc(len); 3226 if (!varbuf) 3227 return -ENOMEM; 3228 3229 memcpy(varbuf, bus->firmware->data, len); 3230 dp = varbuf; 3231 3232 findNewline = false; 3233 column = 0; 3234 3235 for (n = 0; n < len; n++) { 3236 if (varbuf[n] == 0) 3237 break; 3238 if (varbuf[n] == '\r') 3239 continue; 3240 if (findNewline && varbuf[n] != '\n') 3241 continue; 3242 findNewline = false; 3243 if (varbuf[n] == '#') { 3244 findNewline = true; 3245 continue; 3246 } 3247 if (varbuf[n] == '\n') { 3248 if (column == 0) 3249 continue; 3250 *dp++ = 0; 3251 column = 0; 3252 continue; 3253 } 3254 *dp++ = varbuf[n]; 3255 column++; 3256 } 3257 buf_len = dp - varbuf; 3258 while (dp < varbuf + n) 3259 *dp++ = 0; 3260 3261 kfree(bus->vars); 3262 /* roundup needed for download to device */ 3263 bus->varsz = roundup(buf_len + 1, 4); 3264 bus->vars = kmalloc(bus->varsz, GFP_KERNEL); 3265 if (bus->vars == NULL) { 3266 bus->varsz = 0; 3267 ret = -ENOMEM; 3268 goto err; 3269 } 3270 3271 /* copy the processed variables and add null termination */ 3272 memcpy(bus->vars, varbuf, buf_len); 3273 bus->vars[buf_len] = 0; 3274err: 3275 vfree(varbuf); 3276 return ret; 3277} 3278 3279static int brcmf_sdbrcm_download_nvram(struct brcmf_sdio *bus) 3280{ 3281 int ret; 3282 3283 ret = request_firmware(&bus->firmware, BRCMF_SDIO_NV_NAME, 3284 &bus->sdiodev->func[2]->dev); 3285 if (ret) { 3286 brcmf_err("Fail to request nvram %d\n", ret); 3287 return ret; 3288 } 3289 3290 ret = brcmf_process_nvram_vars(bus); 3291 3292 release_firmware(bus->firmware); 3293 3294 return ret; 3295} 3296 3297static int _brcmf_sdbrcm_download_firmware(struct brcmf_sdio *bus) 3298{ 3299 int bcmerror = -1; 3300 3301 /* Keep arm in reset */ 3302 if (brcmf_sdbrcm_download_state(bus, true)) { 3303 brcmf_err("error placing ARM core in reset\n"); 3304 goto err; 3305 } 3306 3307 /* External image takes precedence if specified */ 3308 if (brcmf_sdbrcm_download_code_file(bus)) { 3309 brcmf_err("dongle image file download failed\n"); 3310 goto err; 3311 } 3312 3313 /* External nvram takes precedence if specified */ 3314 if (brcmf_sdbrcm_download_nvram(bus)) 3315 brcmf_err("dongle nvram file download failed\n"); 3316 3317 /* Take arm out of reset */ 3318 if (brcmf_sdbrcm_download_state(bus, false)) { 3319 brcmf_err("error getting out of ARM core reset\n"); 3320 goto err; 3321 } 3322 3323 bcmerror = 0; 3324 3325err: 3326 return bcmerror; 3327} 3328 3329static bool 3330brcmf_sdbrcm_download_firmware(struct brcmf_sdio *bus) 3331{ 3332 bool ret; 3333 3334 sdio_claim_host(bus->sdiodev->func[1]); 3335 3336 brcmf_sdbrcm_clkctl(bus, CLK_AVAIL, false); 3337 3338 ret = _brcmf_sdbrcm_download_firmware(bus) == 0; 3339 3340 brcmf_sdbrcm_clkctl(bus, CLK_SDONLY, false); 3341 3342 sdio_release_host(bus->sdiodev->func[1]); 3343 3344 return ret; 3345} 3346 3347static int brcmf_sdbrcm_bus_init(struct device *dev) 3348{ 3349 struct brcmf_bus *bus_if = dev_get_drvdata(dev); 3350 struct brcmf_sdio_dev *sdiodev = bus_if->bus_priv.sdio; 3351 struct brcmf_sdio *bus = sdiodev->bus; 3352 unsigned long timeout; 3353 u8 ready, enable; 3354 int err, ret = 0; 3355 u8 saveclk; 3356 3357 brcmf_dbg(TRACE, "Enter\n"); 3358 3359 /* try to download image and nvram to the dongle */ 3360 if (bus_if->state == BRCMF_BUS_DOWN) { 3361 if (!(brcmf_sdbrcm_download_firmware(bus))) 3362 return -1; 3363 } 3364 3365 if (!bus->sdiodev->bus_if->drvr) 3366 return 0; 3367 3368 /* Start the watchdog timer */ 3369 bus->sdcnt.tickcnt = 0; 3370 brcmf_sdbrcm_wd_timer(bus, BRCMF_WD_POLL_MS); 3371 3372 sdio_claim_host(bus->sdiodev->func[1]); 3373 3374 /* Make sure backplane clock is on, needed to generate F2 interrupt */ 3375 brcmf_sdbrcm_clkctl(bus, CLK_AVAIL, false); 3376 if (bus->clkstate != CLK_AVAIL) 3377 goto exit; 3378 3379 /* Force clocks on backplane to be sure F2 interrupt propagates */ 3380 saveclk = brcmf_sdio_regrb(bus->sdiodev, 3381 SBSDIO_FUNC1_CHIPCLKCSR, &err); 3382 if (!err) { 3383 brcmf_sdio_regwb(bus->sdiodev, SBSDIO_FUNC1_CHIPCLKCSR, 3384 (saveclk | SBSDIO_FORCE_HT), &err); 3385 } 3386 if (err) { 3387 brcmf_err("Failed to force clock for F2: err %d\n", err); 3388 goto exit; 3389 } 3390 3391 /* Enable function 2 (frame transfers) */ 3392 w_sdreg32(bus, SDPCM_PROT_VERSION << SMB_DATA_VERSION_SHIFT, 3393 offsetof(struct sdpcmd_regs, tosbmailboxdata)); 3394 enable = (SDIO_FUNC_ENABLE_1 | SDIO_FUNC_ENABLE_2); 3395 3396 brcmf_sdio_regwb(bus->sdiodev, SDIO_CCCR_IOEx, enable, NULL); 3397 3398 timeout = jiffies + msecs_to_jiffies(BRCMF_WAIT_F2RDY); 3399 ready = 0; 3400 while (enable != ready) { 3401 ready = brcmf_sdio_regrb(bus->sdiodev, 3402 SDIO_CCCR_IORx, NULL); 3403 if (time_after(jiffies, timeout)) 3404 break; 3405 else if (time_after(jiffies, timeout - BRCMF_WAIT_F2RDY + 50)) 3406 /* prevent busy waiting if it takes too long */ 3407 msleep_interruptible(20); 3408 } 3409 3410 brcmf_dbg(INFO, "enable 0x%02x, ready 0x%02x\n", enable, ready); 3411 3412 /* If F2 successfully enabled, set core and enable interrupts */ 3413 if (ready == enable) { 3414 /* Set up the interrupt mask and enable interrupts */ 3415 bus->hostintmask = HOSTINTMASK; 3416 w_sdreg32(bus, bus->hostintmask, 3417 offsetof(struct sdpcmd_regs, hostintmask)); 3418 3419 brcmf_sdio_regwb(bus->sdiodev, SBSDIO_WATERMARK, 8, &err); 3420 } else { 3421 /* Disable F2 again */ 3422 enable = SDIO_FUNC_ENABLE_1; 3423 brcmf_sdio_regwb(bus->sdiodev, SDIO_CCCR_IOEx, enable, NULL); 3424 ret = -ENODEV; 3425 } 3426 3427 /* Restore previous clock setting */ 3428 brcmf_sdio_regwb(bus->sdiodev, SBSDIO_FUNC1_CHIPCLKCSR, saveclk, &err); 3429 3430 if (ret == 0) { 3431 ret = brcmf_sdio_intr_register(bus->sdiodev); 3432 if (ret != 0) 3433 brcmf_err("intr register failed:%d\n", ret); 3434 } 3435 3436 /* If we didn't come up, turn off backplane clock */ 3437 if (bus_if->state != BRCMF_BUS_DATA) 3438 brcmf_sdbrcm_clkctl(bus, CLK_NONE, false); 3439 3440exit: 3441 sdio_release_host(bus->sdiodev->func[1]); 3442 3443 return ret; 3444} 3445 3446void brcmf_sdbrcm_isr(void *arg) 3447{ 3448 struct brcmf_sdio *bus = (struct brcmf_sdio *) arg; 3449 3450 brcmf_dbg(TRACE, "Enter\n"); 3451 3452 if (!bus) { 3453 brcmf_err("bus is null pointer, exiting\n"); 3454 return; 3455 } 3456 3457 if (bus->sdiodev->bus_if->state == BRCMF_BUS_DOWN) { 3458 brcmf_err("bus is down. we have nothing to do\n"); 3459 return; 3460 } 3461 /* Count the interrupt call */ 3462 bus->sdcnt.intrcount++; 3463 if (in_interrupt()) 3464 atomic_set(&bus->ipend, 1); 3465 else 3466 if (brcmf_sdio_intr_rstatus(bus)) { 3467 brcmf_err("failed backplane access\n"); 3468 bus->sdiodev->bus_if->state = BRCMF_BUS_DOWN; 3469 } 3470 3471 /* Disable additional interrupts (is this needed now)? */ 3472 if (!bus->intr) 3473 brcmf_err("isr w/o interrupt configured!\n"); 3474 3475 brcmf_sdbrcm_adddpctsk(bus); 3476 queue_work(bus->brcmf_wq, &bus->datawork); 3477} 3478 3479static bool brcmf_sdbrcm_bus_watchdog(struct brcmf_sdio *bus) 3480{ 3481#ifdef DEBUG 3482 struct brcmf_bus *bus_if = dev_get_drvdata(bus->sdiodev->dev); 3483#endif /* DEBUG */ 3484 unsigned long flags; 3485 3486 brcmf_dbg(TIMER, "Enter\n"); 3487 3488 /* Poll period: check device if appropriate. */ 3489 if (bus->poll && (++bus->polltick >= bus->pollrate)) { 3490 u32 intstatus = 0; 3491 3492 /* Reset poll tick */ 3493 bus->polltick = 0; 3494 3495 /* Check device if no interrupts */ 3496 if (!bus->intr || 3497 (bus->sdcnt.intrcount == bus->sdcnt.lastintrs)) { 3498 3499 spin_lock_irqsave(&bus->dpc_tl_lock, flags); 3500 if (list_empty(&bus->dpc_tsklst)) { 3501 u8 devpend; 3502 spin_unlock_irqrestore(&bus->dpc_tl_lock, 3503 flags); 3504 sdio_claim_host(bus->sdiodev->func[1]); 3505 devpend = brcmf_sdio_regrb(bus->sdiodev, 3506 SDIO_CCCR_INTx, 3507 NULL); 3508 sdio_release_host(bus->sdiodev->func[1]); 3509 intstatus = 3510 devpend & (INTR_STATUS_FUNC1 | 3511 INTR_STATUS_FUNC2); 3512 } else { 3513 spin_unlock_irqrestore(&bus->dpc_tl_lock, 3514 flags); 3515 } 3516 3517 /* If there is something, make like the ISR and 3518 schedule the DPC */ 3519 if (intstatus) { 3520 bus->sdcnt.pollcnt++; 3521 atomic_set(&bus->ipend, 1); 3522 3523 brcmf_sdbrcm_adddpctsk(bus); 3524 queue_work(bus->brcmf_wq, &bus->datawork); 3525 } 3526 } 3527 3528 /* Update interrupt tracking */ 3529 bus->sdcnt.lastintrs = bus->sdcnt.intrcount; 3530 } 3531#ifdef DEBUG 3532 /* Poll for console output periodically */ 3533 if (bus_if && bus_if->state == BRCMF_BUS_DATA && 3534 bus->console_interval != 0) { 3535 bus->console.count += BRCMF_WD_POLL_MS; 3536 if (bus->console.count >= bus->console_interval) { 3537 bus->console.count -= bus->console_interval; 3538 sdio_claim_host(bus->sdiodev->func[1]); 3539 /* Make sure backplane clock is on */ 3540 brcmf_sdbrcm_clkctl(bus, CLK_AVAIL, false); 3541 if (brcmf_sdbrcm_readconsole(bus) < 0) 3542 /* stop on error */ 3543 bus->console_interval = 0; 3544 sdio_release_host(bus->sdiodev->func[1]); 3545 } 3546 } 3547#endif /* DEBUG */ 3548 3549 /* On idle timeout clear activity flag and/or turn off clock */ 3550 if ((bus->idletime > 0) && (bus->clkstate == CLK_AVAIL)) { 3551 if (++bus->idlecount >= bus->idletime) { 3552 bus->idlecount = 0; 3553 if (bus->activity) { 3554 bus->activity = false; 3555 brcmf_sdbrcm_wd_timer(bus, BRCMF_WD_POLL_MS); 3556 } else { 3557 sdio_claim_host(bus->sdiodev->func[1]); 3558 brcmf_sdbrcm_clkctl(bus, CLK_NONE, false); 3559 sdio_release_host(bus->sdiodev->func[1]); 3560 } 3561 } 3562 } 3563 3564 return (atomic_read(&bus->ipend) > 0); 3565} 3566 3567static bool brcmf_sdbrcm_chipmatch(u16 chipid) 3568{ 3569 if (chipid == BCM43241_CHIP_ID) 3570 return true; 3571 if (chipid == BCM4329_CHIP_ID) 3572 return true; 3573 if (chipid == BCM4330_CHIP_ID) 3574 return true; 3575 if (chipid == BCM4334_CHIP_ID) 3576 return true; 3577 return false; 3578} 3579 3580static void brcmf_sdio_dataworker(struct work_struct *work) 3581{ 3582 struct brcmf_sdio *bus = container_of(work, struct brcmf_sdio, 3583 datawork); 3584 struct list_head *cur_hd, *tmp_hd; 3585 unsigned long flags; 3586 3587 spin_lock_irqsave(&bus->dpc_tl_lock, flags); 3588 list_for_each_safe(cur_hd, tmp_hd, &bus->dpc_tsklst) { 3589 spin_unlock_irqrestore(&bus->dpc_tl_lock, flags); 3590 3591 brcmf_sdbrcm_dpc(bus); 3592 3593 spin_lock_irqsave(&bus->dpc_tl_lock, flags); 3594 list_del(cur_hd); 3595 kfree(cur_hd); 3596 } 3597 spin_unlock_irqrestore(&bus->dpc_tl_lock, flags); 3598} 3599 3600static void brcmf_sdbrcm_release_malloc(struct brcmf_sdio *bus) 3601{ 3602 brcmf_dbg(TRACE, "Enter\n"); 3603 3604 kfree(bus->rxbuf); 3605 bus->rxctl = bus->rxbuf = NULL; 3606 bus->rxlen = 0; 3607 3608 kfree(bus->databuf); 3609 bus->databuf = NULL; 3610} 3611 3612static bool brcmf_sdbrcm_probe_malloc(struct brcmf_sdio *bus) 3613{ 3614 brcmf_dbg(TRACE, "Enter\n"); 3615 3616 if (bus->sdiodev->bus_if->maxctl) { 3617 bus->rxblen = 3618 roundup((bus->sdiodev->bus_if->maxctl + SDPCM_HDRLEN), 3619 ALIGNMENT) + BRCMF_SDALIGN; 3620 bus->rxbuf = kmalloc(bus->rxblen, GFP_ATOMIC); 3621 if (!(bus->rxbuf)) 3622 goto fail; 3623 } 3624 3625 /* Allocate buffer to receive glomed packet */ 3626 bus->databuf = kmalloc(MAX_DATA_BUF, GFP_ATOMIC); 3627 if (!(bus->databuf)) { 3628 /* release rxbuf which was already located as above */ 3629 if (!bus->rxblen) 3630 kfree(bus->rxbuf); 3631 goto fail; 3632 } 3633 3634 /* Align the buffer */ 3635 if ((unsigned long)bus->databuf % BRCMF_SDALIGN) 3636 bus->dataptr = bus->databuf + (BRCMF_SDALIGN - 3637 ((unsigned long)bus->databuf % BRCMF_SDALIGN)); 3638 else 3639 bus->dataptr = bus->databuf; 3640 3641 return true; 3642 3643fail: 3644 return false; 3645} 3646 3647static bool 3648brcmf_sdbrcm_probe_attach(struct brcmf_sdio *bus, u32 regsva) 3649{ 3650 u8 clkctl = 0; 3651 int err = 0; 3652 int reg_addr; 3653 u32 reg_val; 3654 u8 idx; 3655 3656 bus->alp_only = true; 3657 3658 sdio_claim_host(bus->sdiodev->func[1]); 3659 3660 pr_debug("F1 signature read @0x18000000=0x%4x\n", 3661 brcmf_sdio_regrl(bus->sdiodev, SI_ENUM_BASE, NULL)); 3662 3663 /* 3664 * Force PLL off until brcmf_sdio_chip_attach() 3665 * programs PLL control regs 3666 */ 3667 3668 brcmf_sdio_regwb(bus->sdiodev, SBSDIO_FUNC1_CHIPCLKCSR, 3669 BRCMF_INIT_CLKCTL1, &err); 3670 if (!err) 3671 clkctl = brcmf_sdio_regrb(bus->sdiodev, 3672 SBSDIO_FUNC1_CHIPCLKCSR, &err); 3673 3674 if (err || ((clkctl & ~SBSDIO_AVBITS) != BRCMF_INIT_CLKCTL1)) { 3675 brcmf_err("ChipClkCSR access: err %d wrote 0x%02x read 0x%02x\n", 3676 err, BRCMF_INIT_CLKCTL1, clkctl); 3677 goto fail; 3678 } 3679 3680 if (brcmf_sdio_chip_attach(bus->sdiodev, &bus->ci, regsva)) { 3681 brcmf_err("brcmf_sdio_chip_attach failed!\n"); 3682 goto fail; 3683 } 3684 3685 if (!brcmf_sdbrcm_chipmatch((u16) bus->ci->chip)) { 3686 brcmf_err("unsupported chip: 0x%04x\n", bus->ci->chip); 3687 goto fail; 3688 } 3689 3690 brcmf_sdio_chip_drivestrengthinit(bus->sdiodev, bus->ci, 3691 SDIO_DRIVE_STRENGTH); 3692 3693 /* Get info on the SOCRAM cores... */ 3694 bus->ramsize = bus->ci->ramsize; 3695 if (!(bus->ramsize)) { 3696 brcmf_err("failed to find SOCRAM memory!\n"); 3697 goto fail; 3698 } 3699 3700 /* Set core control so an SDIO reset does a backplane reset */ 3701 idx = brcmf_sdio_chip_getinfidx(bus->ci, BCMA_CORE_SDIO_DEV); 3702 reg_addr = bus->ci->c_inf[idx].base + 3703 offsetof(struct sdpcmd_regs, corecontrol); 3704 reg_val = brcmf_sdio_regrl(bus->sdiodev, reg_addr, NULL); 3705 brcmf_sdio_regwl(bus->sdiodev, reg_addr, reg_val | CC_BPRESEN, NULL); 3706 3707 sdio_release_host(bus->sdiodev->func[1]); 3708 3709 brcmu_pktq_init(&bus->txq, (PRIOMASK + 1), TXQLEN); 3710 3711 /* Locate an appropriately-aligned portion of hdrbuf */ 3712 bus->rxhdr = (u8 *) roundup((unsigned long)&bus->hdrbuf[0], 3713 BRCMF_SDALIGN); 3714 3715 /* Set the poll and/or interrupt flags */ 3716 bus->intr = true; 3717 bus->poll = false; 3718 if (bus->poll) 3719 bus->pollrate = 1; 3720 3721 return true; 3722 3723fail: 3724 sdio_release_host(bus->sdiodev->func[1]); 3725 return false; 3726} 3727 3728static bool brcmf_sdbrcm_probe_init(struct brcmf_sdio *bus) 3729{ 3730 brcmf_dbg(TRACE, "Enter\n"); 3731 3732 sdio_claim_host(bus->sdiodev->func[1]); 3733 3734 /* Disable F2 to clear any intermediate frame state on the dongle */ 3735 brcmf_sdio_regwb(bus->sdiodev, SDIO_CCCR_IOEx, 3736 SDIO_FUNC_ENABLE_1, NULL); 3737 3738 bus->sdiodev->bus_if->state = BRCMF_BUS_DOWN; 3739 bus->rxflow = false; 3740 3741 /* Done with backplane-dependent accesses, can drop clock... */ 3742 brcmf_sdio_regwb(bus->sdiodev, SBSDIO_FUNC1_CHIPCLKCSR, 0, NULL); 3743 3744 sdio_release_host(bus->sdiodev->func[1]); 3745 3746 /* ...and initialize clock/power states */ 3747 bus->clkstate = CLK_SDONLY; 3748 bus->idletime = BRCMF_IDLE_INTERVAL; 3749 bus->idleclock = BRCMF_IDLE_ACTIVE; 3750 3751 /* Query the F2 block size, set roundup accordingly */ 3752 bus->blocksize = bus->sdiodev->func[2]->cur_blksize; 3753 bus->roundup = min(max_roundup, bus->blocksize); 3754 3755 /* bus module does not support packet chaining */ 3756 bus->use_rxchain = false; 3757 bus->sd_rxchain = false; 3758 3759 return true; 3760} 3761 3762static int 3763brcmf_sdbrcm_watchdog_thread(void *data) 3764{ 3765 struct brcmf_sdio *bus = (struct brcmf_sdio *)data; 3766 3767 allow_signal(SIGTERM); 3768 /* Run until signal received */ 3769 while (1) { 3770 if (kthread_should_stop()) 3771 break; 3772 if (!wait_for_completion_interruptible(&bus->watchdog_wait)) { 3773 brcmf_sdbrcm_bus_watchdog(bus); 3774 /* Count the tick for reference */ 3775 bus->sdcnt.tickcnt++; 3776 } else 3777 break; 3778 } 3779 return 0; 3780} 3781 3782static void 3783brcmf_sdbrcm_watchdog(unsigned long data) 3784{ 3785 struct brcmf_sdio *bus = (struct brcmf_sdio *)data; 3786 3787 if (bus->watchdog_tsk) { 3788 complete(&bus->watchdog_wait); 3789 /* Reschedule the watchdog */ 3790 if (bus->wd_timer_valid) 3791 mod_timer(&bus->timer, 3792 jiffies + BRCMF_WD_POLL_MS * HZ / 1000); 3793 } 3794} 3795 3796static void brcmf_sdbrcm_release_dongle(struct brcmf_sdio *bus) 3797{ 3798 brcmf_dbg(TRACE, "Enter\n"); 3799 3800 if (bus->ci) { 3801 sdio_claim_host(bus->sdiodev->func[1]); 3802 brcmf_sdbrcm_clkctl(bus, CLK_AVAIL, false); 3803 brcmf_sdbrcm_clkctl(bus, CLK_NONE, false); 3804 sdio_release_host(bus->sdiodev->func[1]); 3805 brcmf_sdio_chip_detach(&bus->ci); 3806 if (bus->vars && bus->varsz) 3807 kfree(bus->vars); 3808 bus->vars = NULL; 3809 } 3810 3811 brcmf_dbg(TRACE, "Disconnected\n"); 3812} 3813 3814/* Detach and free everything */ 3815static void brcmf_sdbrcm_release(struct brcmf_sdio *bus) 3816{ 3817 brcmf_dbg(TRACE, "Enter\n"); 3818 3819 if (bus) { 3820 /* De-register interrupt handler */ 3821 brcmf_sdio_intr_unregister(bus->sdiodev); 3822 3823 cancel_work_sync(&bus->datawork); 3824 if (bus->brcmf_wq) 3825 destroy_workqueue(bus->brcmf_wq); 3826 3827 if (bus->sdiodev->bus_if->drvr) { 3828 brcmf_detach(bus->sdiodev->dev); 3829 brcmf_sdbrcm_release_dongle(bus); 3830 } 3831 3832 brcmf_sdbrcm_release_malloc(bus); 3833 3834 kfree(bus); 3835 } 3836 3837 brcmf_dbg(TRACE, "Disconnected\n"); 3838} 3839 3840static struct brcmf_bus_ops brcmf_sdio_bus_ops = { 3841 .stop = brcmf_sdbrcm_bus_stop, 3842 .init = brcmf_sdbrcm_bus_init, 3843 .txdata = brcmf_sdbrcm_bus_txdata, 3844 .txctl = brcmf_sdbrcm_bus_txctl, 3845 .rxctl = brcmf_sdbrcm_bus_rxctl, 3846 .gettxq = brcmf_sdbrcm_bus_gettxq, 3847}; 3848 3849void *brcmf_sdbrcm_probe(u32 regsva, struct brcmf_sdio_dev *sdiodev) 3850{ 3851 int ret; 3852 struct brcmf_sdio *bus; 3853 struct brcmf_bus_dcmd *dlst; 3854 u32 dngl_txglom; 3855 u32 dngl_txglomalign; 3856 u8 idx; 3857 3858 brcmf_dbg(TRACE, "Enter\n"); 3859 3860 /* We make an assumption about address window mappings: 3861 * regsva == SI_ENUM_BASE*/ 3862 3863 /* Allocate private bus interface state */ 3864 bus = kzalloc(sizeof(struct brcmf_sdio), GFP_ATOMIC); 3865 if (!bus) 3866 goto fail; 3867 3868 bus->sdiodev = sdiodev; 3869 sdiodev->bus = bus; 3870 skb_queue_head_init(&bus->glom); 3871 bus->txbound = BRCMF_TXBOUND; 3872 bus->rxbound = BRCMF_RXBOUND; 3873 bus->txminmax = BRCMF_TXMINMAX; 3874 bus->tx_seq = SDPCM_SEQUENCE_WRAP - 1; 3875 3876 INIT_WORK(&bus->datawork, brcmf_sdio_dataworker); 3877 bus->brcmf_wq = create_singlethread_workqueue("brcmf_wq"); 3878 if (bus->brcmf_wq == NULL) { 3879 brcmf_err("insufficient memory to create txworkqueue\n"); 3880 goto fail; 3881 } 3882 3883 /* attempt to attach to the dongle */ 3884 if (!(brcmf_sdbrcm_probe_attach(bus, regsva))) { 3885 brcmf_err("brcmf_sdbrcm_probe_attach failed\n"); 3886 goto fail; 3887 } 3888 3889 spin_lock_init(&bus->rxctl_lock); 3890 spin_lock_init(&bus->txqlock); 3891 init_waitqueue_head(&bus->ctrl_wait); 3892 init_waitqueue_head(&bus->dcmd_resp_wait); 3893 3894 /* Set up the watchdog timer */ 3895 init_timer(&bus->timer); 3896 bus->timer.data = (unsigned long)bus; 3897 bus->timer.function = brcmf_sdbrcm_watchdog; 3898 3899 /* Initialize watchdog thread */ 3900 init_completion(&bus->watchdog_wait); 3901 bus->watchdog_tsk = kthread_run(brcmf_sdbrcm_watchdog_thread, 3902 bus, "brcmf_watchdog"); 3903 if (IS_ERR(bus->watchdog_tsk)) { 3904 pr_warn("brcmf_watchdog thread failed to start\n"); 3905 bus->watchdog_tsk = NULL; 3906 } 3907 /* Initialize DPC thread */ 3908 INIT_LIST_HEAD(&bus->dpc_tsklst); 3909 spin_lock_init(&bus->dpc_tl_lock); 3910 3911 /* Assign bus interface call back */ 3912 bus->sdiodev->bus_if->dev = bus->sdiodev->dev; 3913 bus->sdiodev->bus_if->ops = &brcmf_sdio_bus_ops; 3914 bus->sdiodev->bus_if->chip = bus->ci->chip; 3915 bus->sdiodev->bus_if->chiprev = bus->ci->chiprev; 3916 3917 /* Attach to the brcmf/OS/network interface */ 3918 ret = brcmf_attach(SDPCM_RESERVE, bus->sdiodev->dev); 3919 if (ret != 0) { 3920 brcmf_err("brcmf_attach failed\n"); 3921 goto fail; 3922 } 3923 3924 /* Allocate buffers */ 3925 if (!(brcmf_sdbrcm_probe_malloc(bus))) { 3926 brcmf_err("brcmf_sdbrcm_probe_malloc failed\n"); 3927 goto fail; 3928 } 3929 3930 if (!(brcmf_sdbrcm_probe_init(bus))) { 3931 brcmf_err("brcmf_sdbrcm_probe_init failed\n"); 3932 goto fail; 3933 } 3934 3935 brcmf_sdio_debugfs_create(bus); 3936 brcmf_dbg(INFO, "completed!!\n"); 3937 3938 /* sdio bus core specific dcmd */ 3939 idx = brcmf_sdio_chip_getinfidx(bus->ci, BCMA_CORE_SDIO_DEV); 3940 dlst = kzalloc(sizeof(struct brcmf_bus_dcmd), GFP_KERNEL); 3941 if (dlst) { 3942 if (bus->ci->c_inf[idx].rev < 12) { 3943 /* for sdio core rev < 12, disable txgloming */ 3944 dngl_txglom = 0; 3945 dlst->name = "bus:txglom"; 3946 dlst->param = (char *)&dngl_txglom; 3947 dlst->param_len = sizeof(u32); 3948 } else { 3949 /* otherwise, set txglomalign */ 3950 dngl_txglomalign = bus->sdiodev->bus_if->align; 3951 dlst->name = "bus:txglomalign"; 3952 dlst->param = (char *)&dngl_txglomalign; 3953 dlst->param_len = sizeof(u32); 3954 } 3955 list_add(&dlst->list, &bus->sdiodev->bus_if->dcmd_list); 3956 } 3957 3958 /* if firmware path present try to download and bring up bus */ 3959 ret = brcmf_bus_start(bus->sdiodev->dev); 3960 if (ret != 0) { 3961 brcmf_err("dongle is not responding\n"); 3962 goto fail; 3963 } 3964 3965 return bus; 3966 3967fail: 3968 brcmf_sdbrcm_release(bus); 3969 return NULL; 3970} 3971 3972void brcmf_sdbrcm_disconnect(void *ptr) 3973{ 3974 struct brcmf_sdio *bus = (struct brcmf_sdio *)ptr; 3975 3976 brcmf_dbg(TRACE, "Enter\n"); 3977 3978 if (bus) 3979 brcmf_sdbrcm_release(bus); 3980 3981 brcmf_dbg(TRACE, "Disconnected\n"); 3982} 3983 3984void 3985brcmf_sdbrcm_wd_timer(struct brcmf_sdio *bus, uint wdtick) 3986{ 3987 /* Totally stop the timer */ 3988 if (!wdtick && bus->wd_timer_valid) { 3989 del_timer_sync(&bus->timer); 3990 bus->wd_timer_valid = false; 3991 bus->save_ms = wdtick; 3992 return; 3993 } 3994 3995 /* don't start the wd until fw is loaded */ 3996 if (bus->sdiodev->bus_if->state == BRCMF_BUS_DOWN) 3997 return; 3998 3999 if (wdtick) { 4000 if (bus->save_ms != BRCMF_WD_POLL_MS) { 4001 if (bus->wd_timer_valid) 4002 /* Stop timer and restart at new value */ 4003 del_timer_sync(&bus->timer); 4004 4005 /* Create timer again when watchdog period is 4006 dynamically changed or in the first instance 4007 */ 4008 bus->timer.expires = 4009 jiffies + BRCMF_WD_POLL_MS * HZ / 1000; 4010 add_timer(&bus->timer); 4011 4012 } else { 4013 /* Re arm the timer, at last watchdog period */ 4014 mod_timer(&bus->timer, 4015 jiffies + BRCMF_WD_POLL_MS * HZ / 1000); 4016 } 4017 4018 bus->wd_timer_valid = true; 4019 bus->save_ms = wdtick; 4020 } 4021} 4022