dhd_sdio.c revision 99a0b8ff9105d9b78e7e4e6aaa077264707e4e1c
1/* 2 * Copyright (c) 2010 Broadcom Corporation 3 * 4 * Permission to use, copy, modify, and/or distribute this software for any 5 * purpose with or without fee is hereby granted, provided that the above 6 * copyright notice and this permission notice appear in all copies. 7 * 8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 11 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION 13 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN 14 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 */ 16 17#include <linux/types.h> 18#include <linux/kernel.h> 19#include <linux/kthread.h> 20#include <linux/printk.h> 21#include <linux/pci_ids.h> 22#include <linux/netdevice.h> 23#include <linux/interrupt.h> 24#include <linux/sched.h> 25#include <linux/mmc/sdio.h> 26#include <linux/mmc/sdio_func.h> 27#include <linux/mmc/card.h> 28#include <linux/semaphore.h> 29#include <linux/firmware.h> 30#include <linux/module.h> 31#include <linux/bcma/bcma.h> 32#include <asm/unaligned.h> 33#include <defs.h> 34#include <brcmu_wifi.h> 35#include <brcmu_utils.h> 36#include <brcm_hw_ids.h> 37#include <soc.h> 38#include "sdio_host.h" 39#include "sdio_chip.h" 40 41#define DCMD_RESP_TIMEOUT 2000 /* In milli second */ 42 43#ifdef BCMDBG 44 45#define BRCMF_TRAP_INFO_SIZE 80 46 47#define CBUF_LEN (128) 48 49struct rte_log_le { 50 __le32 buf; /* Can't be pointer on (64-bit) hosts */ 51 __le32 buf_size; 52 __le32 idx; 53 char *_buf_compat; /* Redundant pointer for backward compat. */ 54}; 55 56struct rte_console { 57 /* Virtual UART 58 * When there is no UART (e.g. Quickturn), 59 * the host should write a complete 60 * input line directly into cbuf and then write 61 * the length into vcons_in. 62 * This may also be used when there is a real UART 63 * (at risk of conflicting with 64 * the real UART). vcons_out is currently unused. 65 */ 66 uint vcons_in; 67 uint vcons_out; 68 69 /* Output (logging) buffer 70 * Console output is written to a ring buffer log_buf at index log_idx. 71 * The host may read the output when it sees log_idx advance. 72 * Output will be lost if the output wraps around faster than the host 73 * polls. 74 */ 75 struct rte_log_le log_le; 76 77 /* Console input line buffer 78 * Characters are read one at a time into cbuf 79 * until <CR> is received, then 80 * the buffer is processed as a command line. 81 * Also used for virtual UART. 82 */ 83 uint cbuf_idx; 84 char cbuf[CBUF_LEN]; 85}; 86 87#endif /* BCMDBG */ 88#include <chipcommon.h> 89 90#include "dhd.h" 91#include "dhd_bus.h" 92#include "dhd_proto.h" 93#include "dhd_dbg.h" 94 95#define TXQLEN 2048 /* bulk tx queue length */ 96#define TXHI (TXQLEN - 256) /* turn on flow control above TXHI */ 97#define TXLOW (TXHI - 256) /* turn off flow control below TXLOW */ 98#define PRIOMASK 7 99 100#define TXRETRIES 2 /* # of retries for tx frames */ 101 102#define BRCMF_RXBOUND 50 /* Default for max rx frames in 103 one scheduling */ 104 105#define BRCMF_TXBOUND 20 /* Default for max tx frames in 106 one scheduling */ 107 108#define BRCMF_TXMINMAX 1 /* Max tx frames if rx still pending */ 109 110#define MEMBLOCK 2048 /* Block size used for downloading 111 of dongle image */ 112#define MAX_DATA_BUF (32 * 1024) /* Must be large enough to hold 113 biggest possible glom */ 114 115#define BRCMF_FIRSTREAD (1 << 6) 116 117 118/* SBSDIO_DEVICE_CTL */ 119 120/* 1: device will assert busy signal when receiving CMD53 */ 121#define SBSDIO_DEVCTL_SETBUSY 0x01 122/* 1: assertion of sdio interrupt is synchronous to the sdio clock */ 123#define SBSDIO_DEVCTL_SPI_INTR_SYNC 0x02 124/* 1: mask all interrupts to host except the chipActive (rev 8) */ 125#define SBSDIO_DEVCTL_CA_INT_ONLY 0x04 126/* 1: isolate internal sdio signals, put external pads in tri-state; requires 127 * sdio bus power cycle to clear (rev 9) */ 128#define SBSDIO_DEVCTL_PADS_ISO 0x08 129/* Force SD->SB reset mapping (rev 11) */ 130#define SBSDIO_DEVCTL_SB_RST_CTL 0x30 131/* Determined by CoreControl bit */ 132#define SBSDIO_DEVCTL_RST_CORECTL 0x00 133/* Force backplane reset */ 134#define SBSDIO_DEVCTL_RST_BPRESET 0x10 135/* Force no backplane reset */ 136#define SBSDIO_DEVCTL_RST_NOBPRESET 0x20 137 138/* direct(mapped) cis space */ 139 140/* MAPPED common CIS address */ 141#define SBSDIO_CIS_BASE_COMMON 0x1000 142/* maximum bytes in one CIS */ 143#define SBSDIO_CIS_SIZE_LIMIT 0x200 144/* cis offset addr is < 17 bits */ 145#define SBSDIO_CIS_OFT_ADDR_MASK 0x1FFFF 146 147/* manfid tuple length, include tuple, link bytes */ 148#define SBSDIO_CIS_MANFID_TUPLE_LEN 6 149 150/* intstatus */ 151#define I_SMB_SW0 (1 << 0) /* To SB Mail S/W interrupt 0 */ 152#define I_SMB_SW1 (1 << 1) /* To SB Mail S/W interrupt 1 */ 153#define I_SMB_SW2 (1 << 2) /* To SB Mail S/W interrupt 2 */ 154#define I_SMB_SW3 (1 << 3) /* To SB Mail S/W interrupt 3 */ 155#define I_SMB_SW_MASK 0x0000000f /* To SB Mail S/W interrupts mask */ 156#define I_SMB_SW_SHIFT 0 /* To SB Mail S/W interrupts shift */ 157#define I_HMB_SW0 (1 << 4) /* To Host Mail S/W interrupt 0 */ 158#define I_HMB_SW1 (1 << 5) /* To Host Mail S/W interrupt 1 */ 159#define I_HMB_SW2 (1 << 6) /* To Host Mail S/W interrupt 2 */ 160#define I_HMB_SW3 (1 << 7) /* To Host Mail S/W interrupt 3 */ 161#define I_HMB_SW_MASK 0x000000f0 /* To Host Mail S/W interrupts mask */ 162#define I_HMB_SW_SHIFT 4 /* To Host Mail S/W interrupts shift */ 163#define I_WR_OOSYNC (1 << 8) /* Write Frame Out Of Sync */ 164#define I_RD_OOSYNC (1 << 9) /* Read Frame Out Of Sync */ 165#define I_PC (1 << 10) /* descriptor error */ 166#define I_PD (1 << 11) /* data error */ 167#define I_DE (1 << 12) /* Descriptor protocol Error */ 168#define I_RU (1 << 13) /* Receive descriptor Underflow */ 169#define I_RO (1 << 14) /* Receive fifo Overflow */ 170#define I_XU (1 << 15) /* Transmit fifo Underflow */ 171#define I_RI (1 << 16) /* Receive Interrupt */ 172#define I_BUSPWR (1 << 17) /* SDIO Bus Power Change (rev 9) */ 173#define I_XMTDATA_AVAIL (1 << 23) /* bits in fifo */ 174#define I_XI (1 << 24) /* Transmit Interrupt */ 175#define I_RF_TERM (1 << 25) /* Read Frame Terminate */ 176#define I_WF_TERM (1 << 26) /* Write Frame Terminate */ 177#define I_PCMCIA_XU (1 << 27) /* PCMCIA Transmit FIFO Underflow */ 178#define I_SBINT (1 << 28) /* sbintstatus Interrupt */ 179#define I_CHIPACTIVE (1 << 29) /* chip from doze to active state */ 180#define I_SRESET (1 << 30) /* CCCR RES interrupt */ 181#define I_IOE2 (1U << 31) /* CCCR IOE2 Bit Changed */ 182#define I_ERRORS (I_PC | I_PD | I_DE | I_RU | I_RO | I_XU) 183#define I_DMA (I_RI | I_XI | I_ERRORS) 184 185/* corecontrol */ 186#define CC_CISRDY (1 << 0) /* CIS Ready */ 187#define CC_BPRESEN (1 << 1) /* CCCR RES signal */ 188#define CC_F2RDY (1 << 2) /* set CCCR IOR2 bit */ 189#define CC_CLRPADSISO (1 << 3) /* clear SDIO pads isolation */ 190#define CC_XMTDATAAVAIL_MODE (1 << 4) 191#define CC_XMTDATAAVAIL_CTRL (1 << 5) 192 193/* SDA_FRAMECTRL */ 194#define SFC_RF_TERM (1 << 0) /* Read Frame Terminate */ 195#define SFC_WF_TERM (1 << 1) /* Write Frame Terminate */ 196#define SFC_CRC4WOOS (1 << 2) /* CRC error for write out of sync */ 197#define SFC_ABORTALL (1 << 3) /* Abort all in-progress frames */ 198 199/* HW frame tag */ 200#define SDPCM_FRAMETAG_LEN 4 /* 2 bytes len, 2 bytes check val */ 201 202/* Total length of frame header for dongle protocol */ 203#define SDPCM_HDRLEN (SDPCM_FRAMETAG_LEN + SDPCM_SWHEADER_LEN) 204#define SDPCM_RESERVE (SDPCM_HDRLEN + BRCMF_SDALIGN) 205 206/* 207 * Software allocation of To SB Mailbox resources 208 */ 209 210/* tosbmailbox bits corresponding to intstatus bits */ 211#define SMB_NAK (1 << 0) /* Frame NAK */ 212#define SMB_INT_ACK (1 << 1) /* Host Interrupt ACK */ 213#define SMB_USE_OOB (1 << 2) /* Use OOB Wakeup */ 214#define SMB_DEV_INT (1 << 3) /* Miscellaneous Interrupt */ 215 216/* tosbmailboxdata */ 217#define SMB_DATA_VERSION_SHIFT 16 /* host protocol version */ 218 219/* 220 * Software allocation of To Host Mailbox resources 221 */ 222 223/* intstatus bits */ 224#define I_HMB_FC_STATE I_HMB_SW0 /* Flow Control State */ 225#define I_HMB_FC_CHANGE I_HMB_SW1 /* Flow Control State Changed */ 226#define I_HMB_FRAME_IND I_HMB_SW2 /* Frame Indication */ 227#define I_HMB_HOST_INT I_HMB_SW3 /* Miscellaneous Interrupt */ 228 229/* tohostmailboxdata */ 230#define HMB_DATA_NAKHANDLED 1 /* retransmit NAK'd frame */ 231#define HMB_DATA_DEVREADY 2 /* talk to host after enable */ 232#define HMB_DATA_FC 4 /* per prio flowcontrol update flag */ 233#define HMB_DATA_FWREADY 8 /* fw ready for protocol activity */ 234 235#define HMB_DATA_FCDATA_MASK 0xff000000 236#define HMB_DATA_FCDATA_SHIFT 24 237 238#define HMB_DATA_VERSION_MASK 0x00ff0000 239#define HMB_DATA_VERSION_SHIFT 16 240 241/* 242 * Software-defined protocol header 243 */ 244 245/* Current protocol version */ 246#define SDPCM_PROT_VERSION 4 247 248/* SW frame header */ 249#define SDPCM_PACKET_SEQUENCE(p) (((u8 *)p)[0] & 0xff) 250 251#define SDPCM_CHANNEL_MASK 0x00000f00 252#define SDPCM_CHANNEL_SHIFT 8 253#define SDPCM_PACKET_CHANNEL(p) (((u8 *)p)[1] & 0x0f) 254 255#define SDPCM_NEXTLEN_OFFSET 2 256 257/* Data Offset from SOF (HW Tag, SW Tag, Pad) */ 258#define SDPCM_DOFFSET_OFFSET 3 /* Data Offset */ 259#define SDPCM_DOFFSET_VALUE(p) (((u8 *)p)[SDPCM_DOFFSET_OFFSET] & 0xff) 260#define SDPCM_DOFFSET_MASK 0xff000000 261#define SDPCM_DOFFSET_SHIFT 24 262#define SDPCM_FCMASK_OFFSET 4 /* Flow control */ 263#define SDPCM_FCMASK_VALUE(p) (((u8 *)p)[SDPCM_FCMASK_OFFSET] & 0xff) 264#define SDPCM_WINDOW_OFFSET 5 /* Credit based fc */ 265#define SDPCM_WINDOW_VALUE(p) (((u8 *)p)[SDPCM_WINDOW_OFFSET] & 0xff) 266 267#define SDPCM_SWHEADER_LEN 8 /* SW header is 64 bits */ 268 269/* logical channel numbers */ 270#define SDPCM_CONTROL_CHANNEL 0 /* Control channel Id */ 271#define SDPCM_EVENT_CHANNEL 1 /* Asyc Event Indication Channel Id */ 272#define SDPCM_DATA_CHANNEL 2 /* Data Xmit/Recv Channel Id */ 273#define SDPCM_GLOM_CHANNEL 3 /* For coalesced packets */ 274#define SDPCM_TEST_CHANNEL 15 /* Reserved for test/debug packets */ 275 276#define SDPCM_SEQUENCE_WRAP 256 /* wrap-around val for 8bit frame seq */ 277 278#define SDPCM_GLOMDESC(p) (((u8 *)p)[1] & 0x80) 279 280/* 281 * Shared structure between dongle and the host. 282 * The structure contains pointers to trap or assert information. 283 */ 284#define SDPCM_SHARED_VERSION 0x0002 285#define SDPCM_SHARED_VERSION_MASK 0x00FF 286#define SDPCM_SHARED_ASSERT_BUILT 0x0100 287#define SDPCM_SHARED_ASSERT 0x0200 288#define SDPCM_SHARED_TRAP 0x0400 289 290/* Space for header read, limit for data packets */ 291#define MAX_HDR_READ (1 << 6) 292#define MAX_RX_DATASZ 2048 293 294/* Maximum milliseconds to wait for F2 to come up */ 295#define BRCMF_WAIT_F2RDY 3000 296 297/* Bump up limit on waiting for HT to account for first startup; 298 * if the image is doing a CRC calculation before programming the PMU 299 * for HT availability, it could take a couple hundred ms more, so 300 * max out at a 1 second (1000000us). 301 */ 302#undef PMU_MAX_TRANSITION_DLY 303#define PMU_MAX_TRANSITION_DLY 1000000 304 305/* Value for ChipClockCSR during initial setup */ 306#define BRCMF_INIT_CLKCTL1 (SBSDIO_FORCE_HW_CLKREQ_OFF | \ 307 SBSDIO_ALP_AVAIL_REQ) 308 309/* Flags for SDH calls */ 310#define F2SYNC (SDIO_REQ_4BYTE | SDIO_REQ_FIXED) 311 312#define BRCMFMAC_FW_NAME "brcm/brcmfmac.bin" 313#define BRCMFMAC_NV_NAME "brcm/brcmfmac.txt" 314MODULE_FIRMWARE(BRCMFMAC_FW_NAME); 315MODULE_FIRMWARE(BRCMFMAC_NV_NAME); 316 317/* 318 * Conversion of 802.1D priority to precedence level 319 */ 320static uint prio2prec(u32 prio) 321{ 322 return (prio == PRIO_8021D_NONE || prio == PRIO_8021D_BE) ? 323 (prio^2) : prio; 324} 325 326/* core registers */ 327struct sdpcmd_regs { 328 u32 corecontrol; /* 0x00, rev8 */ 329 u32 corestatus; /* rev8 */ 330 u32 PAD[1]; 331 u32 biststatus; /* rev8 */ 332 333 /* PCMCIA access */ 334 u16 pcmciamesportaladdr; /* 0x010, rev8 */ 335 u16 PAD[1]; 336 u16 pcmciamesportalmask; /* rev8 */ 337 u16 PAD[1]; 338 u16 pcmciawrframebc; /* rev8 */ 339 u16 PAD[1]; 340 u16 pcmciaunderflowtimer; /* rev8 */ 341 u16 PAD[1]; 342 343 /* interrupt */ 344 u32 intstatus; /* 0x020, rev8 */ 345 u32 hostintmask; /* rev8 */ 346 u32 intmask; /* rev8 */ 347 u32 sbintstatus; /* rev8 */ 348 u32 sbintmask; /* rev8 */ 349 u32 funcintmask; /* rev4 */ 350 u32 PAD[2]; 351 u32 tosbmailbox; /* 0x040, rev8 */ 352 u32 tohostmailbox; /* rev8 */ 353 u32 tosbmailboxdata; /* rev8 */ 354 u32 tohostmailboxdata; /* rev8 */ 355 356 /* synchronized access to registers in SDIO clock domain */ 357 u32 sdioaccess; /* 0x050, rev8 */ 358 u32 PAD[3]; 359 360 /* PCMCIA frame control */ 361 u8 pcmciaframectrl; /* 0x060, rev8 */ 362 u8 PAD[3]; 363 u8 pcmciawatermark; /* rev8 */ 364 u8 PAD[155]; 365 366 /* interrupt batching control */ 367 u32 intrcvlazy; /* 0x100, rev8 */ 368 u32 PAD[3]; 369 370 /* counters */ 371 u32 cmd52rd; /* 0x110, rev8 */ 372 u32 cmd52wr; /* rev8 */ 373 u32 cmd53rd; /* rev8 */ 374 u32 cmd53wr; /* rev8 */ 375 u32 abort; /* rev8 */ 376 u32 datacrcerror; /* rev8 */ 377 u32 rdoutofsync; /* rev8 */ 378 u32 wroutofsync; /* rev8 */ 379 u32 writebusy; /* rev8 */ 380 u32 readwait; /* rev8 */ 381 u32 readterm; /* rev8 */ 382 u32 writeterm; /* rev8 */ 383 u32 PAD[40]; 384 u32 clockctlstatus; /* rev8 */ 385 u32 PAD[7]; 386 387 u32 PAD[128]; /* DMA engines */ 388 389 /* SDIO/PCMCIA CIS region */ 390 char cis[512]; /* 0x400-0x5ff, rev6 */ 391 392 /* PCMCIA function control registers */ 393 char pcmciafcr[256]; /* 0x600-6ff, rev6 */ 394 u16 PAD[55]; 395 396 /* PCMCIA backplane access */ 397 u16 backplanecsr; /* 0x76E, rev6 */ 398 u16 backplaneaddr0; /* rev6 */ 399 u16 backplaneaddr1; /* rev6 */ 400 u16 backplaneaddr2; /* rev6 */ 401 u16 backplaneaddr3; /* rev6 */ 402 u16 backplanedata0; /* rev6 */ 403 u16 backplanedata1; /* rev6 */ 404 u16 backplanedata2; /* rev6 */ 405 u16 backplanedata3; /* rev6 */ 406 u16 PAD[31]; 407 408 /* sprom "size" & "blank" info */ 409 u16 spromstatus; /* 0x7BE, rev2 */ 410 u32 PAD[464]; 411 412 u16 PAD[0x80]; 413}; 414 415#ifdef BCMDBG 416/* Device console log buffer state */ 417struct brcmf_console { 418 uint count; /* Poll interval msec counter */ 419 uint log_addr; /* Log struct address (fixed) */ 420 struct rte_log_le log_le; /* Log struct (host copy) */ 421 uint bufsize; /* Size of log buffer */ 422 u8 *buf; /* Log buffer (host copy) */ 423 uint last; /* Last buffer read index */ 424}; 425#endif /* BCMDBG */ 426 427struct sdpcm_shared { 428 u32 flags; 429 u32 trap_addr; 430 u32 assert_exp_addr; 431 u32 assert_file_addr; 432 u32 assert_line; 433 u32 console_addr; /* Address of struct rte_console */ 434 u32 msgtrace_addr; 435 u8 tag[32]; 436}; 437 438struct sdpcm_shared_le { 439 __le32 flags; 440 __le32 trap_addr; 441 __le32 assert_exp_addr; 442 __le32 assert_file_addr; 443 __le32 assert_line; 444 __le32 console_addr; /* Address of struct rte_console */ 445 __le32 msgtrace_addr; 446 u8 tag[32]; 447}; 448 449 450/* misc chip info needed by some of the routines */ 451/* Private data for SDIO bus interaction */ 452struct brcmf_sdio { 453 struct brcmf_sdio_dev *sdiodev; /* sdio device handler */ 454 struct chip_info *ci; /* Chip info struct */ 455 char *vars; /* Variables (from CIS and/or other) */ 456 uint varsz; /* Size of variables buffer */ 457 458 u32 ramsize; /* Size of RAM in SOCRAM (bytes) */ 459 460 u32 hostintmask; /* Copy of Host Interrupt Mask */ 461 u32 intstatus; /* Intstatus bits (events) pending */ 462 bool dpc_sched; /* Indicates DPC schedule (intrpt rcvd) */ 463 bool fcstate; /* State of dongle flow-control */ 464 465 uint blocksize; /* Block size of SDIO transfers */ 466 uint roundup; /* Max roundup limit */ 467 468 struct pktq txq; /* Queue length used for flow-control */ 469 u8 flowcontrol; /* per prio flow control bitmask */ 470 u8 tx_seq; /* Transmit sequence number (next) */ 471 u8 tx_max; /* Maximum transmit sequence allowed */ 472 473 u8 hdrbuf[MAX_HDR_READ + BRCMF_SDALIGN]; 474 u8 *rxhdr; /* Header of current rx frame (in hdrbuf) */ 475 u16 nextlen; /* Next Read Len from last header */ 476 u8 rx_seq; /* Receive sequence number (expected) */ 477 bool rxskip; /* Skip receive (awaiting NAK ACK) */ 478 479 uint rxbound; /* Rx frames to read before resched */ 480 uint txbound; /* Tx frames to send before resched */ 481 uint txminmax; 482 483 struct sk_buff *glomd; /* Packet containing glomming descriptor */ 484 struct sk_buff_head glom; /* Packet list for glommed superframe */ 485 uint glomerr; /* Glom packet read errors */ 486 487 u8 *rxbuf; /* Buffer for receiving control packets */ 488 uint rxblen; /* Allocated length of rxbuf */ 489 u8 *rxctl; /* Aligned pointer into rxbuf */ 490 u8 *databuf; /* Buffer for receiving big glom packet */ 491 u8 *dataptr; /* Aligned pointer into databuf */ 492 uint rxlen; /* Length of valid data in buffer */ 493 494 u8 sdpcm_ver; /* Bus protocol reported by dongle */ 495 496 bool intr; /* Use interrupts */ 497 bool poll; /* Use polling */ 498 bool ipend; /* Device interrupt is pending */ 499 uint intrcount; /* Count of device interrupt callbacks */ 500 uint lastintrs; /* Count as of last watchdog timer */ 501 uint spurious; /* Count of spurious interrupts */ 502 uint pollrate; /* Ticks between device polls */ 503 uint polltick; /* Tick counter */ 504 uint pollcnt; /* Count of active polls */ 505 506#ifdef BCMDBG 507 uint console_interval; 508 struct brcmf_console console; /* Console output polling support */ 509 uint console_addr; /* Console address from shared struct */ 510#endif /* BCMDBG */ 511 512 uint regfails; /* Count of R_REG failures */ 513 514 uint clkstate; /* State of sd and backplane clock(s) */ 515 bool activity; /* Activity flag for clock down */ 516 s32 idletime; /* Control for activity timeout */ 517 s32 idlecount; /* Activity timeout counter */ 518 s32 idleclock; /* How to set bus driver when idle */ 519 s32 sd_rxchain; 520 bool use_rxchain; /* If brcmf should use PKT chains */ 521 bool sleeping; /* Is SDIO bus sleeping? */ 522 bool rxflow_mode; /* Rx flow control mode */ 523 bool rxflow; /* Is rx flow control on */ 524 bool alp_only; /* Don't use HT clock (ALP only) */ 525/* Field to decide if rx of control frames happen in rxbuf or lb-pool */ 526 bool usebufpool; 527 528 /* Some additional counters */ 529 uint tx_sderrs; /* Count of tx attempts with sd errors */ 530 uint fcqueued; /* Tx packets that got queued */ 531 uint rxrtx; /* Count of rtx requests (NAK to dongle) */ 532 uint rx_toolong; /* Receive frames too long to receive */ 533 uint rxc_errors; /* SDIO errors when reading control frames */ 534 uint rx_hdrfail; /* SDIO errors on header reads */ 535 uint rx_badhdr; /* Bad received headers (roosync?) */ 536 uint rx_badseq; /* Mismatched rx sequence number */ 537 uint fc_rcvd; /* Number of flow-control events received */ 538 uint fc_xoff; /* Number which turned on flow-control */ 539 uint fc_xon; /* Number which turned off flow-control */ 540 uint rxglomfail; /* Failed deglom attempts */ 541 uint rxglomframes; /* Number of glom frames (superframes) */ 542 uint rxglompkts; /* Number of packets from glom frames */ 543 uint f2rxhdrs; /* Number of header reads */ 544 uint f2rxdata; /* Number of frame data reads */ 545 uint f2txdata; /* Number of f2 frame writes */ 546 uint f1regdata; /* Number of f1 register accesses */ 547 uint tickcnt; /* Number of watchdog been schedule */ 548 unsigned long tx_ctlerrs; /* Err of sending ctrl frames */ 549 unsigned long tx_ctlpkts; /* Ctrl frames sent to dongle */ 550 unsigned long rx_ctlerrs; /* Err of processing rx ctrl frames */ 551 unsigned long rx_ctlpkts; /* Ctrl frames processed from dongle */ 552 unsigned long rx_readahead_cnt; /* Number of packets where header 553 * read-ahead was used. */ 554 555 u8 *ctrl_frame_buf; 556 u32 ctrl_frame_len; 557 bool ctrl_frame_stat; 558 559 spinlock_t txqlock; 560 wait_queue_head_t ctrl_wait; 561 wait_queue_head_t dcmd_resp_wait; 562 563 struct timer_list timer; 564 struct completion watchdog_wait; 565 struct task_struct *watchdog_tsk; 566 bool wd_timer_valid; 567 uint save_ms; 568 569 struct task_struct *dpc_tsk; 570 struct completion dpc_wait; 571 572 struct semaphore sdsem; 573 574 const struct firmware *firmware; 575 u32 fw_ptr; 576 577 bool txoff; /* Transmit flow-controlled */ 578}; 579 580/* clkstate */ 581#define CLK_NONE 0 582#define CLK_SDONLY 1 583#define CLK_PENDING 2 /* Not used yet */ 584#define CLK_AVAIL 3 585 586#ifdef BCMDBG 587static int qcount[NUMPRIO]; 588static int tx_packets[NUMPRIO]; 589#endif /* BCMDBG */ 590 591#define SDIO_DRIVE_STRENGTH 6 /* in milliamps */ 592 593#define RETRYCHAN(chan) ((chan) == SDPCM_EVENT_CHANNEL) 594 595/* Retry count for register access failures */ 596static const uint retry_limit = 2; 597 598/* Limit on rounding up frames */ 599static const uint max_roundup = 512; 600 601#define ALIGNMENT 4 602 603static void pkt_align(struct sk_buff *p, int len, int align) 604{ 605 uint datalign; 606 datalign = (unsigned long)(p->data); 607 datalign = roundup(datalign, (align)) - datalign; 608 if (datalign) 609 skb_pull(p, datalign); 610 __skb_trim(p, len); 611} 612 613/* To check if there's window offered */ 614static bool data_ok(struct brcmf_sdio *bus) 615{ 616 return (u8)(bus->tx_max - bus->tx_seq) != 0 && 617 ((u8)(bus->tx_max - bus->tx_seq) & 0x80) == 0; 618} 619 620/* 621 * Reads a register in the SDIO hardware block. This block occupies a series of 622 * adresses on the 32 bit backplane bus. 623 */ 624static void 625r_sdreg32(struct brcmf_sdio *bus, u32 *regvar, u32 reg_offset, u32 *retryvar) 626{ 627 u8 idx = brcmf_sdio_chip_getinfidx(bus->ci, BCMA_CORE_SDIO_DEV); 628 *retryvar = 0; 629 do { 630 *regvar = brcmf_sdcard_reg_read(bus->sdiodev, 631 bus->ci->c_inf[idx].base + reg_offset, 632 sizeof(u32)); 633 } while (brcmf_sdcard_regfail(bus->sdiodev) && 634 (++(*retryvar) <= retry_limit)); 635 if (*retryvar) { 636 bus->regfails += (*retryvar-1); 637 if (*retryvar > retry_limit) { 638 brcmf_dbg(ERROR, "FAILED READ %Xh\n", reg_offset); 639 *regvar = 0; 640 } 641 } 642} 643 644static void 645w_sdreg32(struct brcmf_sdio *bus, u32 regval, u32 reg_offset, u32 *retryvar) 646{ 647 u8 idx = brcmf_sdio_chip_getinfidx(bus->ci, BCMA_CORE_SDIO_DEV); 648 *retryvar = 0; 649 do { 650 brcmf_sdcard_reg_write(bus->sdiodev, 651 bus->ci->c_inf[idx].base + reg_offset, 652 sizeof(u32), regval); 653 } while (brcmf_sdcard_regfail(bus->sdiodev) && 654 (++(*retryvar) <= retry_limit)); 655 if (*retryvar) { 656 bus->regfails += (*retryvar-1); 657 if (*retryvar > retry_limit) 658 brcmf_dbg(ERROR, "FAILED REGISTER WRITE %Xh\n", 659 reg_offset); 660 } 661} 662 663#define PKT_AVAILABLE() (intstatus & I_HMB_FRAME_IND) 664 665#define HOSTINTMASK (I_HMB_SW_MASK | I_CHIPACTIVE) 666 667/* Packet free applicable unconditionally for sdio and sdspi. 668 * Conditional if bufpool was present for gspi bus. 669 */ 670static void brcmf_sdbrcm_pktfree2(struct brcmf_sdio *bus, struct sk_buff *pkt) 671{ 672 if (bus->usebufpool) 673 brcmu_pkt_buf_free_skb(pkt); 674} 675 676/* Turn backplane clock on or off */ 677static int brcmf_sdbrcm_htclk(struct brcmf_sdio *bus, bool on, bool pendok) 678{ 679 int err; 680 u8 clkctl, clkreq, devctl; 681 unsigned long timeout; 682 683 brcmf_dbg(TRACE, "Enter\n"); 684 685 clkctl = 0; 686 687 if (on) { 688 /* Request HT Avail */ 689 clkreq = 690 bus->alp_only ? SBSDIO_ALP_AVAIL_REQ : SBSDIO_HT_AVAIL_REQ; 691 692 brcmf_sdcard_cfg_write(bus->sdiodev, SDIO_FUNC_1, 693 SBSDIO_FUNC1_CHIPCLKCSR, clkreq, &err); 694 if (err) { 695 brcmf_dbg(ERROR, "HT Avail request error: %d\n", err); 696 return -EBADE; 697 } 698 699 /* Check current status */ 700 clkctl = brcmf_sdcard_cfg_read(bus->sdiodev, SDIO_FUNC_1, 701 SBSDIO_FUNC1_CHIPCLKCSR, &err); 702 if (err) { 703 brcmf_dbg(ERROR, "HT Avail read error: %d\n", err); 704 return -EBADE; 705 } 706 707 /* Go to pending and await interrupt if appropriate */ 708 if (!SBSDIO_CLKAV(clkctl, bus->alp_only) && pendok) { 709 /* Allow only clock-available interrupt */ 710 devctl = brcmf_sdcard_cfg_read(bus->sdiodev, 711 SDIO_FUNC_1, 712 SBSDIO_DEVICE_CTL, &err); 713 if (err) { 714 brcmf_dbg(ERROR, "Devctl error setting CA: %d\n", 715 err); 716 return -EBADE; 717 } 718 719 devctl |= SBSDIO_DEVCTL_CA_INT_ONLY; 720 brcmf_sdcard_cfg_write(bus->sdiodev, SDIO_FUNC_1, 721 SBSDIO_DEVICE_CTL, devctl, &err); 722 brcmf_dbg(INFO, "CLKCTL: set PENDING\n"); 723 bus->clkstate = CLK_PENDING; 724 725 return 0; 726 } else if (bus->clkstate == CLK_PENDING) { 727 /* Cancel CA-only interrupt filter */ 728 devctl = 729 brcmf_sdcard_cfg_read(bus->sdiodev, SDIO_FUNC_1, 730 SBSDIO_DEVICE_CTL, &err); 731 devctl &= ~SBSDIO_DEVCTL_CA_INT_ONLY; 732 brcmf_sdcard_cfg_write(bus->sdiodev, SDIO_FUNC_1, 733 SBSDIO_DEVICE_CTL, devctl, &err); 734 } 735 736 /* Otherwise, wait here (polling) for HT Avail */ 737 timeout = jiffies + 738 msecs_to_jiffies(PMU_MAX_TRANSITION_DLY/1000); 739 while (!SBSDIO_CLKAV(clkctl, bus->alp_only)) { 740 clkctl = brcmf_sdcard_cfg_read(bus->sdiodev, 741 SDIO_FUNC_1, 742 SBSDIO_FUNC1_CHIPCLKCSR, 743 &err); 744 if (time_after(jiffies, timeout)) 745 break; 746 else 747 usleep_range(5000, 10000); 748 } 749 if (err) { 750 brcmf_dbg(ERROR, "HT Avail request error: %d\n", err); 751 return -EBADE; 752 } 753 if (!SBSDIO_CLKAV(clkctl, bus->alp_only)) { 754 brcmf_dbg(ERROR, "HT Avail timeout (%d): clkctl 0x%02x\n", 755 PMU_MAX_TRANSITION_DLY, clkctl); 756 return -EBADE; 757 } 758 759 /* Mark clock available */ 760 bus->clkstate = CLK_AVAIL; 761 brcmf_dbg(INFO, "CLKCTL: turned ON\n"); 762 763#if defined(BCMDBG) 764 if (bus->alp_only != true) { 765 if (SBSDIO_ALPONLY(clkctl)) 766 brcmf_dbg(ERROR, "HT Clock should be on\n"); 767 } 768#endif /* defined (BCMDBG) */ 769 770 bus->activity = true; 771 } else { 772 clkreq = 0; 773 774 if (bus->clkstate == CLK_PENDING) { 775 /* Cancel CA-only interrupt filter */ 776 devctl = brcmf_sdcard_cfg_read(bus->sdiodev, 777 SDIO_FUNC_1, 778 SBSDIO_DEVICE_CTL, &err); 779 devctl &= ~SBSDIO_DEVCTL_CA_INT_ONLY; 780 brcmf_sdcard_cfg_write(bus->sdiodev, SDIO_FUNC_1, 781 SBSDIO_DEVICE_CTL, devctl, &err); 782 } 783 784 bus->clkstate = CLK_SDONLY; 785 brcmf_sdcard_cfg_write(bus->sdiodev, SDIO_FUNC_1, 786 SBSDIO_FUNC1_CHIPCLKCSR, clkreq, &err); 787 brcmf_dbg(INFO, "CLKCTL: turned OFF\n"); 788 if (err) { 789 brcmf_dbg(ERROR, "Failed access turning clock off: %d\n", 790 err); 791 return -EBADE; 792 } 793 } 794 return 0; 795} 796 797/* Change idle/active SD state */ 798static int brcmf_sdbrcm_sdclk(struct brcmf_sdio *bus, bool on) 799{ 800 brcmf_dbg(TRACE, "Enter\n"); 801 802 if (on) 803 bus->clkstate = CLK_SDONLY; 804 else 805 bus->clkstate = CLK_NONE; 806 807 return 0; 808} 809 810/* Transition SD and backplane clock readiness */ 811static int brcmf_sdbrcm_clkctl(struct brcmf_sdio *bus, uint target, bool pendok) 812{ 813#ifdef BCMDBG 814 uint oldstate = bus->clkstate; 815#endif /* BCMDBG */ 816 817 brcmf_dbg(TRACE, "Enter\n"); 818 819 /* Early exit if we're already there */ 820 if (bus->clkstate == target) { 821 if (target == CLK_AVAIL) { 822 brcmf_sdbrcm_wd_timer(bus, BRCMF_WD_POLL_MS); 823 bus->activity = true; 824 } 825 return 0; 826 } 827 828 switch (target) { 829 case CLK_AVAIL: 830 /* Make sure SD clock is available */ 831 if (bus->clkstate == CLK_NONE) 832 brcmf_sdbrcm_sdclk(bus, true); 833 /* Now request HT Avail on the backplane */ 834 brcmf_sdbrcm_htclk(bus, true, pendok); 835 brcmf_sdbrcm_wd_timer(bus, BRCMF_WD_POLL_MS); 836 bus->activity = true; 837 break; 838 839 case CLK_SDONLY: 840 /* Remove HT request, or bring up SD clock */ 841 if (bus->clkstate == CLK_NONE) 842 brcmf_sdbrcm_sdclk(bus, true); 843 else if (bus->clkstate == CLK_AVAIL) 844 brcmf_sdbrcm_htclk(bus, false, false); 845 else 846 brcmf_dbg(ERROR, "request for %d -> %d\n", 847 bus->clkstate, target); 848 brcmf_sdbrcm_wd_timer(bus, BRCMF_WD_POLL_MS); 849 break; 850 851 case CLK_NONE: 852 /* Make sure to remove HT request */ 853 if (bus->clkstate == CLK_AVAIL) 854 brcmf_sdbrcm_htclk(bus, false, false); 855 /* Now remove the SD clock */ 856 brcmf_sdbrcm_sdclk(bus, false); 857 brcmf_sdbrcm_wd_timer(bus, 0); 858 break; 859 } 860#ifdef BCMDBG 861 brcmf_dbg(INFO, "%d -> %d\n", oldstate, bus->clkstate); 862#endif /* BCMDBG */ 863 864 return 0; 865} 866 867static int brcmf_sdbrcm_bussleep(struct brcmf_sdio *bus, bool sleep) 868{ 869 uint retries = 0; 870 871 brcmf_dbg(INFO, "request %s (currently %s)\n", 872 sleep ? "SLEEP" : "WAKE", 873 bus->sleeping ? "SLEEP" : "WAKE"); 874 875 /* Done if we're already in the requested state */ 876 if (sleep == bus->sleeping) 877 return 0; 878 879 /* Going to sleep: set the alarm and turn off the lights... */ 880 if (sleep) { 881 /* Don't sleep if something is pending */ 882 if (bus->dpc_sched || bus->rxskip || pktq_len(&bus->txq)) 883 return -EBUSY; 884 885 /* Make sure the controller has the bus up */ 886 brcmf_sdbrcm_clkctl(bus, CLK_AVAIL, false); 887 888 /* Tell device to start using OOB wakeup */ 889 w_sdreg32(bus, SMB_USE_OOB, 890 offsetof(struct sdpcmd_regs, tosbmailbox), &retries); 891 if (retries > retry_limit) 892 brcmf_dbg(ERROR, "CANNOT SIGNAL CHIP, WILL NOT WAKE UP!!\n"); 893 894 /* Turn off our contribution to the HT clock request */ 895 brcmf_sdbrcm_clkctl(bus, CLK_SDONLY, false); 896 897 brcmf_sdcard_cfg_write(bus->sdiodev, SDIO_FUNC_1, 898 SBSDIO_FUNC1_CHIPCLKCSR, 899 SBSDIO_FORCE_HW_CLKREQ_OFF, NULL); 900 901 /* Isolate the bus */ 902 brcmf_sdcard_cfg_write(bus->sdiodev, SDIO_FUNC_1, 903 SBSDIO_DEVICE_CTL, 904 SBSDIO_DEVCTL_PADS_ISO, NULL); 905 906 /* Change state */ 907 bus->sleeping = true; 908 909 } else { 910 /* Waking up: bus power up is ok, set local state */ 911 912 brcmf_sdcard_cfg_write(bus->sdiodev, SDIO_FUNC_1, 913 SBSDIO_FUNC1_CHIPCLKCSR, 0, NULL); 914 915 /* Make sure the controller has the bus up */ 916 brcmf_sdbrcm_clkctl(bus, CLK_AVAIL, false); 917 918 /* Send misc interrupt to indicate OOB not needed */ 919 w_sdreg32(bus, 0, offsetof(struct sdpcmd_regs, tosbmailboxdata), 920 &retries); 921 if (retries <= retry_limit) 922 w_sdreg32(bus, SMB_DEV_INT, 923 offsetof(struct sdpcmd_regs, tosbmailbox), 924 &retries); 925 926 if (retries > retry_limit) 927 brcmf_dbg(ERROR, "CANNOT SIGNAL CHIP TO CLEAR OOB!!\n"); 928 929 /* Make sure we have SD bus access */ 930 brcmf_sdbrcm_clkctl(bus, CLK_SDONLY, false); 931 932 /* Change state */ 933 bus->sleeping = false; 934 } 935 936 return 0; 937} 938 939static void bus_wake(struct brcmf_sdio *bus) 940{ 941 if (bus->sleeping) 942 brcmf_sdbrcm_bussleep(bus, false); 943} 944 945static u32 brcmf_sdbrcm_hostmail(struct brcmf_sdio *bus) 946{ 947 u32 intstatus = 0; 948 u32 hmb_data; 949 u8 fcbits; 950 uint retries = 0; 951 952 brcmf_dbg(TRACE, "Enter\n"); 953 954 /* Read mailbox data and ack that we did so */ 955 r_sdreg32(bus, &hmb_data, 956 offsetof(struct sdpcmd_regs, tohostmailboxdata), &retries); 957 958 if (retries <= retry_limit) 959 w_sdreg32(bus, SMB_INT_ACK, 960 offsetof(struct sdpcmd_regs, tosbmailbox), &retries); 961 bus->f1regdata += 2; 962 963 /* Dongle recomposed rx frames, accept them again */ 964 if (hmb_data & HMB_DATA_NAKHANDLED) { 965 brcmf_dbg(INFO, "Dongle reports NAK handled, expect rtx of %d\n", 966 bus->rx_seq); 967 if (!bus->rxskip) 968 brcmf_dbg(ERROR, "unexpected NAKHANDLED!\n"); 969 970 bus->rxskip = false; 971 intstatus |= I_HMB_FRAME_IND; 972 } 973 974 /* 975 * DEVREADY does not occur with gSPI. 976 */ 977 if (hmb_data & (HMB_DATA_DEVREADY | HMB_DATA_FWREADY)) { 978 bus->sdpcm_ver = 979 (hmb_data & HMB_DATA_VERSION_MASK) >> 980 HMB_DATA_VERSION_SHIFT; 981 if (bus->sdpcm_ver != SDPCM_PROT_VERSION) 982 brcmf_dbg(ERROR, "Version mismatch, dongle reports %d, " 983 "expecting %d\n", 984 bus->sdpcm_ver, SDPCM_PROT_VERSION); 985 else 986 brcmf_dbg(INFO, "Dongle ready, protocol version %d\n", 987 bus->sdpcm_ver); 988 } 989 990 /* 991 * Flow Control has been moved into the RX headers and this out of band 992 * method isn't used any more. 993 * remaining backward compatible with older dongles. 994 */ 995 if (hmb_data & HMB_DATA_FC) { 996 fcbits = (hmb_data & HMB_DATA_FCDATA_MASK) >> 997 HMB_DATA_FCDATA_SHIFT; 998 999 if (fcbits & ~bus->flowcontrol) 1000 bus->fc_xoff++; 1001 1002 if (bus->flowcontrol & ~fcbits) 1003 bus->fc_xon++; 1004 1005 bus->fc_rcvd++; 1006 bus->flowcontrol = fcbits; 1007 } 1008 1009 /* Shouldn't be any others */ 1010 if (hmb_data & ~(HMB_DATA_DEVREADY | 1011 HMB_DATA_NAKHANDLED | 1012 HMB_DATA_FC | 1013 HMB_DATA_FWREADY | 1014 HMB_DATA_FCDATA_MASK | HMB_DATA_VERSION_MASK)) 1015 brcmf_dbg(ERROR, "Unknown mailbox data content: 0x%02x\n", 1016 hmb_data); 1017 1018 return intstatus; 1019} 1020 1021static void brcmf_sdbrcm_rxfail(struct brcmf_sdio *bus, bool abort, bool rtx) 1022{ 1023 uint retries = 0; 1024 u16 lastrbc; 1025 u8 hi, lo; 1026 int err; 1027 1028 brcmf_dbg(ERROR, "%sterminate frame%s\n", 1029 abort ? "abort command, " : "", 1030 rtx ? ", send NAK" : ""); 1031 1032 if (abort) 1033 brcmf_sdcard_abort(bus->sdiodev, SDIO_FUNC_2); 1034 1035 brcmf_sdcard_cfg_write(bus->sdiodev, SDIO_FUNC_1, 1036 SBSDIO_FUNC1_FRAMECTRL, 1037 SFC_RF_TERM, &err); 1038 bus->f1regdata++; 1039 1040 /* Wait until the packet has been flushed (device/FIFO stable) */ 1041 for (lastrbc = retries = 0xffff; retries > 0; retries--) { 1042 hi = brcmf_sdcard_cfg_read(bus->sdiodev, SDIO_FUNC_1, 1043 SBSDIO_FUNC1_RFRAMEBCHI, NULL); 1044 lo = brcmf_sdcard_cfg_read(bus->sdiodev, SDIO_FUNC_1, 1045 SBSDIO_FUNC1_RFRAMEBCLO, NULL); 1046 bus->f1regdata += 2; 1047 1048 if ((hi == 0) && (lo == 0)) 1049 break; 1050 1051 if ((hi > (lastrbc >> 8)) && (lo > (lastrbc & 0x00ff))) { 1052 brcmf_dbg(ERROR, "count growing: last 0x%04x now 0x%04x\n", 1053 lastrbc, (hi << 8) + lo); 1054 } 1055 lastrbc = (hi << 8) + lo; 1056 } 1057 1058 if (!retries) 1059 brcmf_dbg(ERROR, "count never zeroed: last 0x%04x\n", lastrbc); 1060 else 1061 brcmf_dbg(INFO, "flush took %d iterations\n", 0xffff - retries); 1062 1063 if (rtx) { 1064 bus->rxrtx++; 1065 w_sdreg32(bus, SMB_NAK, 1066 offsetof(struct sdpcmd_regs, tosbmailbox), &retries); 1067 1068 bus->f1regdata++; 1069 if (retries <= retry_limit) 1070 bus->rxskip = true; 1071 } 1072 1073 /* Clear partial in any case */ 1074 bus->nextlen = 0; 1075 1076 /* If we can't reach the device, signal failure */ 1077 if (err || brcmf_sdcard_regfail(bus->sdiodev)) 1078 bus->sdiodev->bus_if->state = BRCMF_BUS_DOWN; 1079} 1080 1081/* copy a buffer into a pkt buffer chain */ 1082static uint brcmf_sdbrcm_glom_from_buf(struct brcmf_sdio *bus, uint len) 1083{ 1084 uint n, ret = 0; 1085 struct sk_buff *p; 1086 u8 *buf; 1087 1088 buf = bus->dataptr; 1089 1090 /* copy the data */ 1091 skb_queue_walk(&bus->glom, p) { 1092 n = min_t(uint, p->len, len); 1093 memcpy(p->data, buf, n); 1094 buf += n; 1095 len -= n; 1096 ret += n; 1097 if (!len) 1098 break; 1099 } 1100 1101 return ret; 1102} 1103 1104/* return total length of buffer chain */ 1105static uint brcmf_sdbrcm_glom_len(struct brcmf_sdio *bus) 1106{ 1107 struct sk_buff *p; 1108 uint total; 1109 1110 total = 0; 1111 skb_queue_walk(&bus->glom, p) 1112 total += p->len; 1113 return total; 1114} 1115 1116static void brcmf_sdbrcm_free_glom(struct brcmf_sdio *bus) 1117{ 1118 struct sk_buff *cur, *next; 1119 1120 skb_queue_walk_safe(&bus->glom, cur, next) { 1121 skb_unlink(cur, &bus->glom); 1122 brcmu_pkt_buf_free_skb(cur); 1123 } 1124} 1125 1126static u8 brcmf_sdbrcm_rxglom(struct brcmf_sdio *bus, u8 rxseq) 1127{ 1128 u16 dlen, totlen; 1129 u8 *dptr, num = 0; 1130 1131 u16 sublen, check; 1132 struct sk_buff *pfirst, *pnext; 1133 1134 int errcode; 1135 u8 chan, seq, doff, sfdoff; 1136 u8 txmax; 1137 1138 int ifidx = 0; 1139 bool usechain = bus->use_rxchain; 1140 1141 /* If packets, issue read(s) and send up packet chain */ 1142 /* Return sequence numbers consumed? */ 1143 1144 brcmf_dbg(TRACE, "start: glomd %p glom %p\n", 1145 bus->glomd, skb_peek(&bus->glom)); 1146 1147 /* If there's a descriptor, generate the packet chain */ 1148 if (bus->glomd) { 1149 pfirst = pnext = NULL; 1150 dlen = (u16) (bus->glomd->len); 1151 dptr = bus->glomd->data; 1152 if (!dlen || (dlen & 1)) { 1153 brcmf_dbg(ERROR, "bad glomd len(%d), ignore descriptor\n", 1154 dlen); 1155 dlen = 0; 1156 } 1157 1158 for (totlen = num = 0; dlen; num++) { 1159 /* Get (and move past) next length */ 1160 sublen = get_unaligned_le16(dptr); 1161 dlen -= sizeof(u16); 1162 dptr += sizeof(u16); 1163 if ((sublen < SDPCM_HDRLEN) || 1164 ((num == 0) && (sublen < (2 * SDPCM_HDRLEN)))) { 1165 brcmf_dbg(ERROR, "descriptor len %d bad: %d\n", 1166 num, sublen); 1167 pnext = NULL; 1168 break; 1169 } 1170 if (sublen % BRCMF_SDALIGN) { 1171 brcmf_dbg(ERROR, "sublen %d not multiple of %d\n", 1172 sublen, BRCMF_SDALIGN); 1173 usechain = false; 1174 } 1175 totlen += sublen; 1176 1177 /* For last frame, adjust read len so total 1178 is a block multiple */ 1179 if (!dlen) { 1180 sublen += 1181 (roundup(totlen, bus->blocksize) - totlen); 1182 totlen = roundup(totlen, bus->blocksize); 1183 } 1184 1185 /* Allocate/chain packet for next subframe */ 1186 pnext = brcmu_pkt_buf_get_skb(sublen + BRCMF_SDALIGN); 1187 if (pnext == NULL) { 1188 brcmf_dbg(ERROR, "bcm_pkt_buf_get_skb failed, num %d len %d\n", 1189 num, sublen); 1190 break; 1191 } 1192 skb_queue_tail(&bus->glom, pnext); 1193 1194 /* Adhere to start alignment requirements */ 1195 pkt_align(pnext, sublen, BRCMF_SDALIGN); 1196 } 1197 1198 /* If all allocations succeeded, save packet chain 1199 in bus structure */ 1200 if (pnext) { 1201 brcmf_dbg(GLOM, "allocated %d-byte packet chain for %d subframes\n", 1202 totlen, num); 1203 if (BRCMF_GLOM_ON() && bus->nextlen && 1204 totlen != bus->nextlen) { 1205 brcmf_dbg(GLOM, "glomdesc mismatch: nextlen %d glomdesc %d rxseq %d\n", 1206 bus->nextlen, totlen, rxseq); 1207 } 1208 pfirst = pnext = NULL; 1209 } else { 1210 brcmf_sdbrcm_free_glom(bus); 1211 num = 0; 1212 } 1213 1214 /* Done with descriptor packet */ 1215 brcmu_pkt_buf_free_skb(bus->glomd); 1216 bus->glomd = NULL; 1217 bus->nextlen = 0; 1218 } 1219 1220 /* Ok -- either we just generated a packet chain, 1221 or had one from before */ 1222 if (!skb_queue_empty(&bus->glom)) { 1223 if (BRCMF_GLOM_ON()) { 1224 brcmf_dbg(GLOM, "try superframe read, packet chain:\n"); 1225 skb_queue_walk(&bus->glom, pnext) { 1226 brcmf_dbg(GLOM, " %p: %p len 0x%04x (%d)\n", 1227 pnext, (u8 *) (pnext->data), 1228 pnext->len, pnext->len); 1229 } 1230 } 1231 1232 pfirst = skb_peek(&bus->glom); 1233 dlen = (u16) brcmf_sdbrcm_glom_len(bus); 1234 1235 /* Do an SDIO read for the superframe. Configurable iovar to 1236 * read directly into the chained packet, or allocate a large 1237 * packet and and copy into the chain. 1238 */ 1239 if (usechain) { 1240 errcode = brcmf_sdcard_recv_chain(bus->sdiodev, 1241 bus->sdiodev->sbwad, 1242 SDIO_FUNC_2, F2SYNC, &bus->glom); 1243 } else if (bus->dataptr) { 1244 errcode = brcmf_sdcard_recv_buf(bus->sdiodev, 1245 bus->sdiodev->sbwad, 1246 SDIO_FUNC_2, F2SYNC, 1247 bus->dataptr, dlen); 1248 sublen = (u16) brcmf_sdbrcm_glom_from_buf(bus, dlen); 1249 if (sublen != dlen) { 1250 brcmf_dbg(ERROR, "FAILED TO COPY, dlen %d sublen %d\n", 1251 dlen, sublen); 1252 errcode = -1; 1253 } 1254 pnext = NULL; 1255 } else { 1256 brcmf_dbg(ERROR, "COULDN'T ALLOC %d-BYTE GLOM, FORCE FAILURE\n", 1257 dlen); 1258 errcode = -1; 1259 } 1260 bus->f2rxdata++; 1261 1262 /* On failure, kill the superframe, allow a couple retries */ 1263 if (errcode < 0) { 1264 brcmf_dbg(ERROR, "glom read of %d bytes failed: %d\n", 1265 dlen, errcode); 1266 bus->sdiodev->bus_if->dstats.rx_errors++; 1267 1268 if (bus->glomerr++ < 3) { 1269 brcmf_sdbrcm_rxfail(bus, true, true); 1270 } else { 1271 bus->glomerr = 0; 1272 brcmf_sdbrcm_rxfail(bus, true, false); 1273 bus->rxglomfail++; 1274 brcmf_sdbrcm_free_glom(bus); 1275 } 1276 return 0; 1277 } 1278#ifdef BCMDBG 1279 if (BRCMF_GLOM_ON()) { 1280 printk(KERN_DEBUG "SUPERFRAME:\n"); 1281 print_hex_dump_bytes("", DUMP_PREFIX_OFFSET, 1282 pfirst->data, min_t(int, pfirst->len, 48)); 1283 } 1284#endif 1285 1286 /* Validate the superframe header */ 1287 dptr = (u8 *) (pfirst->data); 1288 sublen = get_unaligned_le16(dptr); 1289 check = get_unaligned_le16(dptr + sizeof(u16)); 1290 1291 chan = SDPCM_PACKET_CHANNEL(&dptr[SDPCM_FRAMETAG_LEN]); 1292 seq = SDPCM_PACKET_SEQUENCE(&dptr[SDPCM_FRAMETAG_LEN]); 1293 bus->nextlen = dptr[SDPCM_FRAMETAG_LEN + SDPCM_NEXTLEN_OFFSET]; 1294 if ((bus->nextlen << 4) > MAX_RX_DATASZ) { 1295 brcmf_dbg(INFO, "nextlen too large (%d) seq %d\n", 1296 bus->nextlen, seq); 1297 bus->nextlen = 0; 1298 } 1299 doff = SDPCM_DOFFSET_VALUE(&dptr[SDPCM_FRAMETAG_LEN]); 1300 txmax = SDPCM_WINDOW_VALUE(&dptr[SDPCM_FRAMETAG_LEN]); 1301 1302 errcode = 0; 1303 if ((u16)~(sublen ^ check)) { 1304 brcmf_dbg(ERROR, "(superframe): HW hdr error: len/check 0x%04x/0x%04x\n", 1305 sublen, check); 1306 errcode = -1; 1307 } else if (roundup(sublen, bus->blocksize) != dlen) { 1308 brcmf_dbg(ERROR, "(superframe): len 0x%04x, rounded 0x%04x, expect 0x%04x\n", 1309 sublen, roundup(sublen, bus->blocksize), 1310 dlen); 1311 errcode = -1; 1312 } else if (SDPCM_PACKET_CHANNEL(&dptr[SDPCM_FRAMETAG_LEN]) != 1313 SDPCM_GLOM_CHANNEL) { 1314 brcmf_dbg(ERROR, "(superframe): bad channel %d\n", 1315 SDPCM_PACKET_CHANNEL( 1316 &dptr[SDPCM_FRAMETAG_LEN])); 1317 errcode = -1; 1318 } else if (SDPCM_GLOMDESC(&dptr[SDPCM_FRAMETAG_LEN])) { 1319 brcmf_dbg(ERROR, "(superframe): got 2nd descriptor?\n"); 1320 errcode = -1; 1321 } else if ((doff < SDPCM_HDRLEN) || 1322 (doff > (pfirst->len - SDPCM_HDRLEN))) { 1323 brcmf_dbg(ERROR, "(superframe): Bad data offset %d: HW %d pkt %d min %d\n", 1324 doff, sublen, pfirst->len, SDPCM_HDRLEN); 1325 errcode = -1; 1326 } 1327 1328 /* Check sequence number of superframe SW header */ 1329 if (rxseq != seq) { 1330 brcmf_dbg(INFO, "(superframe) rx_seq %d, expected %d\n", 1331 seq, rxseq); 1332 bus->rx_badseq++; 1333 rxseq = seq; 1334 } 1335 1336 /* Check window for sanity */ 1337 if ((u8) (txmax - bus->tx_seq) > 0x40) { 1338 brcmf_dbg(ERROR, "unlikely tx max %d with tx_seq %d\n", 1339 txmax, bus->tx_seq); 1340 txmax = bus->tx_seq + 2; 1341 } 1342 bus->tx_max = txmax; 1343 1344 /* Remove superframe header, remember offset */ 1345 skb_pull(pfirst, doff); 1346 sfdoff = doff; 1347 num = 0; 1348 1349 /* Validate all the subframe headers */ 1350 skb_queue_walk(&bus->glom, pnext) { 1351 /* leave when invalid subframe is found */ 1352 if (errcode) 1353 break; 1354 1355 dptr = (u8 *) (pnext->data); 1356 dlen = (u16) (pnext->len); 1357 sublen = get_unaligned_le16(dptr); 1358 check = get_unaligned_le16(dptr + sizeof(u16)); 1359 chan = SDPCM_PACKET_CHANNEL(&dptr[SDPCM_FRAMETAG_LEN]); 1360 doff = SDPCM_DOFFSET_VALUE(&dptr[SDPCM_FRAMETAG_LEN]); 1361#ifdef BCMDBG 1362 if (BRCMF_GLOM_ON()) { 1363 printk(KERN_DEBUG "subframe:\n"); 1364 print_hex_dump_bytes("", DUMP_PREFIX_OFFSET, 1365 dptr, 32); 1366 } 1367#endif 1368 1369 if ((u16)~(sublen ^ check)) { 1370 brcmf_dbg(ERROR, "(subframe %d): HW hdr error: len/check 0x%04x/0x%04x\n", 1371 num, sublen, check); 1372 errcode = -1; 1373 } else if ((sublen > dlen) || (sublen < SDPCM_HDRLEN)) { 1374 brcmf_dbg(ERROR, "(subframe %d): length mismatch: len 0x%04x, expect 0x%04x\n", 1375 num, sublen, dlen); 1376 errcode = -1; 1377 } else if ((chan != SDPCM_DATA_CHANNEL) && 1378 (chan != SDPCM_EVENT_CHANNEL)) { 1379 brcmf_dbg(ERROR, "(subframe %d): bad channel %d\n", 1380 num, chan); 1381 errcode = -1; 1382 } else if ((doff < SDPCM_HDRLEN) || (doff > sublen)) { 1383 brcmf_dbg(ERROR, "(subframe %d): Bad data offset %d: HW %d min %d\n", 1384 num, doff, sublen, SDPCM_HDRLEN); 1385 errcode = -1; 1386 } 1387 /* increase the subframe count */ 1388 num++; 1389 } 1390 1391 if (errcode) { 1392 /* Terminate frame on error, request 1393 a couple retries */ 1394 if (bus->glomerr++ < 3) { 1395 /* Restore superframe header space */ 1396 skb_push(pfirst, sfdoff); 1397 brcmf_sdbrcm_rxfail(bus, true, true); 1398 } else { 1399 bus->glomerr = 0; 1400 brcmf_sdbrcm_rxfail(bus, true, false); 1401 bus->rxglomfail++; 1402 brcmf_sdbrcm_free_glom(bus); 1403 } 1404 bus->nextlen = 0; 1405 return 0; 1406 } 1407 1408 /* Basic SD framing looks ok - process each packet (header) */ 1409 1410 skb_queue_walk_safe(&bus->glom, pfirst, pnext) { 1411 dptr = (u8 *) (pfirst->data); 1412 sublen = get_unaligned_le16(dptr); 1413 chan = SDPCM_PACKET_CHANNEL(&dptr[SDPCM_FRAMETAG_LEN]); 1414 seq = SDPCM_PACKET_SEQUENCE(&dptr[SDPCM_FRAMETAG_LEN]); 1415 doff = SDPCM_DOFFSET_VALUE(&dptr[SDPCM_FRAMETAG_LEN]); 1416 1417 brcmf_dbg(GLOM, "Get subframe %d, %p(%p/%d), sublen %d chan %d seq %d\n", 1418 num, pfirst, pfirst->data, 1419 pfirst->len, sublen, chan, seq); 1420 1421 /* precondition: chan == SDPCM_DATA_CHANNEL || 1422 chan == SDPCM_EVENT_CHANNEL */ 1423 1424 if (rxseq != seq) { 1425 brcmf_dbg(GLOM, "rx_seq %d, expected %d\n", 1426 seq, rxseq); 1427 bus->rx_badseq++; 1428 rxseq = seq; 1429 } 1430 rxseq++; 1431 1432#ifdef BCMDBG 1433 if (BRCMF_BYTES_ON() && BRCMF_DATA_ON()) { 1434 printk(KERN_DEBUG "Rx Subframe Data:\n"); 1435 print_hex_dump_bytes("", DUMP_PREFIX_OFFSET, 1436 dptr, dlen); 1437 } 1438#endif 1439 1440 __skb_trim(pfirst, sublen); 1441 skb_pull(pfirst, doff); 1442 1443 if (pfirst->len == 0) { 1444 skb_unlink(pfirst, &bus->glom); 1445 brcmu_pkt_buf_free_skb(pfirst); 1446 continue; 1447 } else if (brcmf_proto_hdrpull(bus->sdiodev->dev, 1448 &ifidx, pfirst) != 0) { 1449 brcmf_dbg(ERROR, "rx protocol error\n"); 1450 bus->sdiodev->bus_if->dstats.rx_errors++; 1451 skb_unlink(pfirst, &bus->glom); 1452 brcmu_pkt_buf_free_skb(pfirst); 1453 continue; 1454 } 1455 1456#ifdef BCMDBG 1457 if (BRCMF_GLOM_ON()) { 1458 brcmf_dbg(GLOM, "subframe %d to stack, %p (%p/%d) nxt/lnk %p/%p\n", 1459 bus->glom.qlen, pfirst, pfirst->data, 1460 pfirst->len, pfirst->next, 1461 pfirst->prev); 1462 print_hex_dump_bytes("", DUMP_PREFIX_OFFSET, 1463 pfirst->data, 1464 min_t(int, pfirst->len, 32)); 1465 } 1466#endif /* BCMDBG */ 1467 } 1468 /* sent any remaining packets up */ 1469 if (bus->glom.qlen) { 1470 up(&bus->sdsem); 1471 brcmf_rx_frame(bus->sdiodev->dev, ifidx, &bus->glom); 1472 down(&bus->sdsem); 1473 } 1474 1475 bus->rxglomframes++; 1476 bus->rxglompkts += bus->glom.qlen; 1477 } 1478 return num; 1479} 1480 1481static int brcmf_sdbrcm_dcmd_resp_wait(struct brcmf_sdio *bus, uint *condition, 1482 bool *pending) 1483{ 1484 DECLARE_WAITQUEUE(wait, current); 1485 int timeout = msecs_to_jiffies(DCMD_RESP_TIMEOUT); 1486 1487 /* Wait until control frame is available */ 1488 add_wait_queue(&bus->dcmd_resp_wait, &wait); 1489 set_current_state(TASK_INTERRUPTIBLE); 1490 1491 while (!(*condition) && (!signal_pending(current) && timeout)) 1492 timeout = schedule_timeout(timeout); 1493 1494 if (signal_pending(current)) 1495 *pending = true; 1496 1497 set_current_state(TASK_RUNNING); 1498 remove_wait_queue(&bus->dcmd_resp_wait, &wait); 1499 1500 return timeout; 1501} 1502 1503static int brcmf_sdbrcm_dcmd_resp_wake(struct brcmf_sdio *bus) 1504{ 1505 if (waitqueue_active(&bus->dcmd_resp_wait)) 1506 wake_up_interruptible(&bus->dcmd_resp_wait); 1507 1508 return 0; 1509} 1510static void 1511brcmf_sdbrcm_read_control(struct brcmf_sdio *bus, u8 *hdr, uint len, uint doff) 1512{ 1513 uint rdlen, pad; 1514 1515 int sdret; 1516 1517 brcmf_dbg(TRACE, "Enter\n"); 1518 1519 /* Set rxctl for frame (w/optional alignment) */ 1520 bus->rxctl = bus->rxbuf; 1521 bus->rxctl += BRCMF_FIRSTREAD; 1522 pad = ((unsigned long)bus->rxctl % BRCMF_SDALIGN); 1523 if (pad) 1524 bus->rxctl += (BRCMF_SDALIGN - pad); 1525 bus->rxctl -= BRCMF_FIRSTREAD; 1526 1527 /* Copy the already-read portion over */ 1528 memcpy(bus->rxctl, hdr, BRCMF_FIRSTREAD); 1529 if (len <= BRCMF_FIRSTREAD) 1530 goto gotpkt; 1531 1532 /* Raise rdlen to next SDIO block to avoid tail command */ 1533 rdlen = len - BRCMF_FIRSTREAD; 1534 if (bus->roundup && bus->blocksize && (rdlen > bus->blocksize)) { 1535 pad = bus->blocksize - (rdlen % bus->blocksize); 1536 if ((pad <= bus->roundup) && (pad < bus->blocksize) && 1537 ((len + pad) < bus->sdiodev->bus_if->maxctl)) 1538 rdlen += pad; 1539 } else if (rdlen % BRCMF_SDALIGN) { 1540 rdlen += BRCMF_SDALIGN - (rdlen % BRCMF_SDALIGN); 1541 } 1542 1543 /* Satisfy length-alignment requirements */ 1544 if (rdlen & (ALIGNMENT - 1)) 1545 rdlen = roundup(rdlen, ALIGNMENT); 1546 1547 /* Drop if the read is too big or it exceeds our maximum */ 1548 if ((rdlen + BRCMF_FIRSTREAD) > bus->sdiodev->bus_if->maxctl) { 1549 brcmf_dbg(ERROR, "%d-byte control read exceeds %d-byte buffer\n", 1550 rdlen, bus->sdiodev->bus_if->maxctl); 1551 bus->sdiodev->bus_if->dstats.rx_errors++; 1552 brcmf_sdbrcm_rxfail(bus, false, false); 1553 goto done; 1554 } 1555 1556 if ((len - doff) > bus->sdiodev->bus_if->maxctl) { 1557 brcmf_dbg(ERROR, "%d-byte ctl frame (%d-byte ctl data) exceeds %d-byte limit\n", 1558 len, len - doff, bus->sdiodev->bus_if->maxctl); 1559 bus->sdiodev->bus_if->dstats.rx_errors++; 1560 bus->rx_toolong++; 1561 brcmf_sdbrcm_rxfail(bus, false, false); 1562 goto done; 1563 } 1564 1565 /* Read remainder of frame body into the rxctl buffer */ 1566 sdret = brcmf_sdcard_recv_buf(bus->sdiodev, 1567 bus->sdiodev->sbwad, 1568 SDIO_FUNC_2, 1569 F2SYNC, (bus->rxctl + BRCMF_FIRSTREAD), rdlen); 1570 bus->f2rxdata++; 1571 1572 /* Control frame failures need retransmission */ 1573 if (sdret < 0) { 1574 brcmf_dbg(ERROR, "read %d control bytes failed: %d\n", 1575 rdlen, sdret); 1576 bus->rxc_errors++; 1577 brcmf_sdbrcm_rxfail(bus, true, true); 1578 goto done; 1579 } 1580 1581gotpkt: 1582 1583#ifdef BCMDBG 1584 if (BRCMF_BYTES_ON() && BRCMF_CTL_ON()) { 1585 printk(KERN_DEBUG "RxCtrl:\n"); 1586 print_hex_dump_bytes("", DUMP_PREFIX_OFFSET, bus->rxctl, len); 1587 } 1588#endif 1589 1590 /* Point to valid data and indicate its length */ 1591 bus->rxctl += doff; 1592 bus->rxlen = len - doff; 1593 1594done: 1595 /* Awake any waiters */ 1596 brcmf_sdbrcm_dcmd_resp_wake(bus); 1597} 1598 1599/* Pad read to blocksize for efficiency */ 1600static void brcmf_pad(struct brcmf_sdio *bus, u16 *pad, u16 *rdlen) 1601{ 1602 if (bus->roundup && bus->blocksize && *rdlen > bus->blocksize) { 1603 *pad = bus->blocksize - (*rdlen % bus->blocksize); 1604 if (*pad <= bus->roundup && *pad < bus->blocksize && 1605 *rdlen + *pad + BRCMF_FIRSTREAD < MAX_RX_DATASZ) 1606 *rdlen += *pad; 1607 } else if (*rdlen % BRCMF_SDALIGN) { 1608 *rdlen += BRCMF_SDALIGN - (*rdlen % BRCMF_SDALIGN); 1609 } 1610} 1611 1612static void 1613brcmf_alloc_pkt_and_read(struct brcmf_sdio *bus, u16 rdlen, 1614 struct sk_buff **pkt, u8 **rxbuf) 1615{ 1616 int sdret; /* Return code from calls */ 1617 1618 *pkt = brcmu_pkt_buf_get_skb(rdlen + BRCMF_SDALIGN); 1619 if (*pkt == NULL) 1620 return; 1621 1622 pkt_align(*pkt, rdlen, BRCMF_SDALIGN); 1623 *rxbuf = (u8 *) ((*pkt)->data); 1624 /* Read the entire frame */ 1625 sdret = brcmf_sdcard_recv_pkt(bus->sdiodev, bus->sdiodev->sbwad, 1626 SDIO_FUNC_2, F2SYNC, *pkt); 1627 bus->f2rxdata++; 1628 1629 if (sdret < 0) { 1630 brcmf_dbg(ERROR, "(nextlen): read %d bytes failed: %d\n", 1631 rdlen, sdret); 1632 brcmu_pkt_buf_free_skb(*pkt); 1633 bus->sdiodev->bus_if->dstats.rx_errors++; 1634 /* Force retry w/normal header read. 1635 * Don't attempt NAK for 1636 * gSPI 1637 */ 1638 brcmf_sdbrcm_rxfail(bus, true, true); 1639 *pkt = NULL; 1640 } 1641} 1642 1643/* Checks the header */ 1644static int 1645brcmf_check_rxbuf(struct brcmf_sdio *bus, struct sk_buff *pkt, u8 *rxbuf, 1646 u8 rxseq, u16 nextlen, u16 *len) 1647{ 1648 u16 check; 1649 bool len_consistent; /* Result of comparing readahead len and 1650 len from hw-hdr */ 1651 1652 memcpy(bus->rxhdr, rxbuf, SDPCM_HDRLEN); 1653 1654 /* Extract hardware header fields */ 1655 *len = get_unaligned_le16(bus->rxhdr); 1656 check = get_unaligned_le16(bus->rxhdr + sizeof(u16)); 1657 1658 /* All zeros means readahead info was bad */ 1659 if (!(*len | check)) { 1660 brcmf_dbg(INFO, "(nextlen): read zeros in HW header???\n"); 1661 goto fail; 1662 } 1663 1664 /* Validate check bytes */ 1665 if ((u16)~(*len ^ check)) { 1666 brcmf_dbg(ERROR, "(nextlen): HW hdr error: nextlen/len/check 0x%04x/0x%04x/0x%04x\n", 1667 nextlen, *len, check); 1668 bus->rx_badhdr++; 1669 brcmf_sdbrcm_rxfail(bus, false, false); 1670 goto fail; 1671 } 1672 1673 /* Validate frame length */ 1674 if (*len < SDPCM_HDRLEN) { 1675 brcmf_dbg(ERROR, "(nextlen): HW hdr length invalid: %d\n", 1676 *len); 1677 goto fail; 1678 } 1679 1680 /* Check for consistency with readahead info */ 1681 len_consistent = (nextlen != (roundup(*len, 16) >> 4)); 1682 if (len_consistent) { 1683 /* Mismatch, force retry w/normal 1684 header (may be >4K) */ 1685 brcmf_dbg(ERROR, "(nextlen): mismatch, nextlen %d len %d rnd %d; expected rxseq %d\n", 1686 nextlen, *len, roundup(*len, 16), 1687 rxseq); 1688 brcmf_sdbrcm_rxfail(bus, true, true); 1689 goto fail; 1690 } 1691 1692 return 0; 1693 1694fail: 1695 brcmf_sdbrcm_pktfree2(bus, pkt); 1696 return -EINVAL; 1697} 1698 1699/* Return true if there may be more frames to read */ 1700static uint 1701brcmf_sdbrcm_readframes(struct brcmf_sdio *bus, uint maxframes, bool *finished) 1702{ 1703 u16 len, check; /* Extracted hardware header fields */ 1704 u8 chan, seq, doff; /* Extracted software header fields */ 1705 u8 fcbits; /* Extracted fcbits from software header */ 1706 1707 struct sk_buff *pkt; /* Packet for event or data frames */ 1708 u16 pad; /* Number of pad bytes to read */ 1709 u16 rdlen; /* Total number of bytes to read */ 1710 u8 rxseq; /* Next sequence number to expect */ 1711 uint rxleft = 0; /* Remaining number of frames allowed */ 1712 int sdret; /* Return code from calls */ 1713 u8 txmax; /* Maximum tx sequence offered */ 1714 u8 *rxbuf; 1715 int ifidx = 0; 1716 uint rxcount = 0; /* Total frames read */ 1717 1718 brcmf_dbg(TRACE, "Enter\n"); 1719 1720 /* Not finished unless we encounter no more frames indication */ 1721 *finished = false; 1722 1723 for (rxseq = bus->rx_seq, rxleft = maxframes; 1724 !bus->rxskip && rxleft && 1725 bus->sdiodev->bus_if->state != BRCMF_BUS_DOWN; 1726 rxseq++, rxleft--) { 1727 1728 /* Handle glomming separately */ 1729 if (bus->glomd || !skb_queue_empty(&bus->glom)) { 1730 u8 cnt; 1731 brcmf_dbg(GLOM, "calling rxglom: glomd %p, glom %p\n", 1732 bus->glomd, skb_peek(&bus->glom)); 1733 cnt = brcmf_sdbrcm_rxglom(bus, rxseq); 1734 brcmf_dbg(GLOM, "rxglom returned %d\n", cnt); 1735 rxseq += cnt - 1; 1736 rxleft = (rxleft > cnt) ? (rxleft - cnt) : 1; 1737 continue; 1738 } 1739 1740 /* Try doing single read if we can */ 1741 if (bus->nextlen) { 1742 u16 nextlen = bus->nextlen; 1743 bus->nextlen = 0; 1744 1745 rdlen = len = nextlen << 4; 1746 brcmf_pad(bus, &pad, &rdlen); 1747 1748 /* 1749 * After the frame is received we have to 1750 * distinguish whether it is data 1751 * or non-data frame. 1752 */ 1753 brcmf_alloc_pkt_and_read(bus, rdlen, &pkt, &rxbuf); 1754 if (pkt == NULL) { 1755 /* Give up on data, request rtx of events */ 1756 brcmf_dbg(ERROR, "(nextlen): brcmf_alloc_pkt_and_read failed: len %d rdlen %d expected rxseq %d\n", 1757 len, rdlen, rxseq); 1758 continue; 1759 } 1760 1761 if (brcmf_check_rxbuf(bus, pkt, rxbuf, rxseq, nextlen, 1762 &len) < 0) 1763 continue; 1764 1765 /* Extract software header fields */ 1766 chan = SDPCM_PACKET_CHANNEL( 1767 &bus->rxhdr[SDPCM_FRAMETAG_LEN]); 1768 seq = SDPCM_PACKET_SEQUENCE( 1769 &bus->rxhdr[SDPCM_FRAMETAG_LEN]); 1770 doff = SDPCM_DOFFSET_VALUE( 1771 &bus->rxhdr[SDPCM_FRAMETAG_LEN]); 1772 txmax = SDPCM_WINDOW_VALUE( 1773 &bus->rxhdr[SDPCM_FRAMETAG_LEN]); 1774 1775 bus->nextlen = 1776 bus->rxhdr[SDPCM_FRAMETAG_LEN + 1777 SDPCM_NEXTLEN_OFFSET]; 1778 if ((bus->nextlen << 4) > MAX_RX_DATASZ) { 1779 brcmf_dbg(INFO, "(nextlen): got frame w/nextlen too large (%d), seq %d\n", 1780 bus->nextlen, seq); 1781 bus->nextlen = 0; 1782 } 1783 1784 bus->rx_readahead_cnt++; 1785 1786 /* Handle Flow Control */ 1787 fcbits = SDPCM_FCMASK_VALUE( 1788 &bus->rxhdr[SDPCM_FRAMETAG_LEN]); 1789 1790 if (bus->flowcontrol != fcbits) { 1791 if (~bus->flowcontrol & fcbits) 1792 bus->fc_xoff++; 1793 1794 if (bus->flowcontrol & ~fcbits) 1795 bus->fc_xon++; 1796 1797 bus->fc_rcvd++; 1798 bus->flowcontrol = fcbits; 1799 } 1800 1801 /* Check and update sequence number */ 1802 if (rxseq != seq) { 1803 brcmf_dbg(INFO, "(nextlen): rx_seq %d, expected %d\n", 1804 seq, rxseq); 1805 bus->rx_badseq++; 1806 rxseq = seq; 1807 } 1808 1809 /* Check window for sanity */ 1810 if ((u8) (txmax - bus->tx_seq) > 0x40) { 1811 brcmf_dbg(ERROR, "got unlikely tx max %d with tx_seq %d\n", 1812 txmax, bus->tx_seq); 1813 txmax = bus->tx_seq + 2; 1814 } 1815 bus->tx_max = txmax; 1816 1817#ifdef BCMDBG 1818 if (BRCMF_BYTES_ON() && BRCMF_DATA_ON()) { 1819 printk(KERN_DEBUG "Rx Data:\n"); 1820 print_hex_dump_bytes("", DUMP_PREFIX_OFFSET, 1821 rxbuf, len); 1822 } else if (BRCMF_HDRS_ON()) { 1823 printk(KERN_DEBUG "RxHdr:\n"); 1824 print_hex_dump_bytes("", DUMP_PREFIX_OFFSET, 1825 bus->rxhdr, SDPCM_HDRLEN); 1826 } 1827#endif 1828 1829 if (chan == SDPCM_CONTROL_CHANNEL) { 1830 brcmf_dbg(ERROR, "(nextlen): readahead on control packet %d?\n", 1831 seq); 1832 /* Force retry w/normal header read */ 1833 bus->nextlen = 0; 1834 brcmf_sdbrcm_rxfail(bus, false, true); 1835 brcmf_sdbrcm_pktfree2(bus, pkt); 1836 continue; 1837 } 1838 1839 /* Validate data offset */ 1840 if ((doff < SDPCM_HDRLEN) || (doff > len)) { 1841 brcmf_dbg(ERROR, "(nextlen): bad data offset %d: HW len %d min %d\n", 1842 doff, len, SDPCM_HDRLEN); 1843 brcmf_sdbrcm_rxfail(bus, false, false); 1844 brcmf_sdbrcm_pktfree2(bus, pkt); 1845 continue; 1846 } 1847 1848 /* All done with this one -- now deliver the packet */ 1849 goto deliver; 1850 } 1851 1852 /* Read frame header (hardware and software) */ 1853 sdret = brcmf_sdcard_recv_buf(bus->sdiodev, bus->sdiodev->sbwad, 1854 SDIO_FUNC_2, F2SYNC, bus->rxhdr, 1855 BRCMF_FIRSTREAD); 1856 bus->f2rxhdrs++; 1857 1858 if (sdret < 0) { 1859 brcmf_dbg(ERROR, "RXHEADER FAILED: %d\n", sdret); 1860 bus->rx_hdrfail++; 1861 brcmf_sdbrcm_rxfail(bus, true, true); 1862 continue; 1863 } 1864#ifdef BCMDBG 1865 if (BRCMF_BYTES_ON() || BRCMF_HDRS_ON()) { 1866 printk(KERN_DEBUG "RxHdr:\n"); 1867 print_hex_dump_bytes("", DUMP_PREFIX_OFFSET, 1868 bus->rxhdr, SDPCM_HDRLEN); 1869 } 1870#endif 1871 1872 /* Extract hardware header fields */ 1873 len = get_unaligned_le16(bus->rxhdr); 1874 check = get_unaligned_le16(bus->rxhdr + sizeof(u16)); 1875 1876 /* All zeros means no more frames */ 1877 if (!(len | check)) { 1878 *finished = true; 1879 break; 1880 } 1881 1882 /* Validate check bytes */ 1883 if ((u16) ~(len ^ check)) { 1884 brcmf_dbg(ERROR, "HW hdr err: len/check 0x%04x/0x%04x\n", 1885 len, check); 1886 bus->rx_badhdr++; 1887 brcmf_sdbrcm_rxfail(bus, false, false); 1888 continue; 1889 } 1890 1891 /* Validate frame length */ 1892 if (len < SDPCM_HDRLEN) { 1893 brcmf_dbg(ERROR, "HW hdr length invalid: %d\n", len); 1894 continue; 1895 } 1896 1897 /* Extract software header fields */ 1898 chan = SDPCM_PACKET_CHANNEL(&bus->rxhdr[SDPCM_FRAMETAG_LEN]); 1899 seq = SDPCM_PACKET_SEQUENCE(&bus->rxhdr[SDPCM_FRAMETAG_LEN]); 1900 doff = SDPCM_DOFFSET_VALUE(&bus->rxhdr[SDPCM_FRAMETAG_LEN]); 1901 txmax = SDPCM_WINDOW_VALUE(&bus->rxhdr[SDPCM_FRAMETAG_LEN]); 1902 1903 /* Validate data offset */ 1904 if ((doff < SDPCM_HDRLEN) || (doff > len)) { 1905 brcmf_dbg(ERROR, "Bad data offset %d: HW len %d, min %d seq %d\n", 1906 doff, len, SDPCM_HDRLEN, seq); 1907 bus->rx_badhdr++; 1908 brcmf_sdbrcm_rxfail(bus, false, false); 1909 continue; 1910 } 1911 1912 /* Save the readahead length if there is one */ 1913 bus->nextlen = 1914 bus->rxhdr[SDPCM_FRAMETAG_LEN + SDPCM_NEXTLEN_OFFSET]; 1915 if ((bus->nextlen << 4) > MAX_RX_DATASZ) { 1916 brcmf_dbg(INFO, "(nextlen): got frame w/nextlen too large (%d), seq %d\n", 1917 bus->nextlen, seq); 1918 bus->nextlen = 0; 1919 } 1920 1921 /* Handle Flow Control */ 1922 fcbits = SDPCM_FCMASK_VALUE(&bus->rxhdr[SDPCM_FRAMETAG_LEN]); 1923 1924 if (bus->flowcontrol != fcbits) { 1925 if (~bus->flowcontrol & fcbits) 1926 bus->fc_xoff++; 1927 1928 if (bus->flowcontrol & ~fcbits) 1929 bus->fc_xon++; 1930 1931 bus->fc_rcvd++; 1932 bus->flowcontrol = fcbits; 1933 } 1934 1935 /* Check and update sequence number */ 1936 if (rxseq != seq) { 1937 brcmf_dbg(INFO, "rx_seq %d, expected %d\n", seq, rxseq); 1938 bus->rx_badseq++; 1939 rxseq = seq; 1940 } 1941 1942 /* Check window for sanity */ 1943 if ((u8) (txmax - bus->tx_seq) > 0x40) { 1944 brcmf_dbg(ERROR, "unlikely tx max %d with tx_seq %d\n", 1945 txmax, bus->tx_seq); 1946 txmax = bus->tx_seq + 2; 1947 } 1948 bus->tx_max = txmax; 1949 1950 /* Call a separate function for control frames */ 1951 if (chan == SDPCM_CONTROL_CHANNEL) { 1952 brcmf_sdbrcm_read_control(bus, bus->rxhdr, len, doff); 1953 continue; 1954 } 1955 1956 /* precondition: chan is either SDPCM_DATA_CHANNEL, 1957 SDPCM_EVENT_CHANNEL, SDPCM_TEST_CHANNEL or 1958 SDPCM_GLOM_CHANNEL */ 1959 1960 /* Length to read */ 1961 rdlen = (len > BRCMF_FIRSTREAD) ? (len - BRCMF_FIRSTREAD) : 0; 1962 1963 /* May pad read to blocksize for efficiency */ 1964 if (bus->roundup && bus->blocksize && 1965 (rdlen > bus->blocksize)) { 1966 pad = bus->blocksize - (rdlen % bus->blocksize); 1967 if ((pad <= bus->roundup) && (pad < bus->blocksize) && 1968 ((rdlen + pad + BRCMF_FIRSTREAD) < MAX_RX_DATASZ)) 1969 rdlen += pad; 1970 } else if (rdlen % BRCMF_SDALIGN) { 1971 rdlen += BRCMF_SDALIGN - (rdlen % BRCMF_SDALIGN); 1972 } 1973 1974 /* Satisfy length-alignment requirements */ 1975 if (rdlen & (ALIGNMENT - 1)) 1976 rdlen = roundup(rdlen, ALIGNMENT); 1977 1978 if ((rdlen + BRCMF_FIRSTREAD) > MAX_RX_DATASZ) { 1979 /* Too long -- skip this frame */ 1980 brcmf_dbg(ERROR, "too long: len %d rdlen %d\n", 1981 len, rdlen); 1982 bus->sdiodev->bus_if->dstats.rx_errors++; 1983 bus->rx_toolong++; 1984 brcmf_sdbrcm_rxfail(bus, false, false); 1985 continue; 1986 } 1987 1988 pkt = brcmu_pkt_buf_get_skb(rdlen + 1989 BRCMF_FIRSTREAD + BRCMF_SDALIGN); 1990 if (!pkt) { 1991 /* Give up on data, request rtx of events */ 1992 brcmf_dbg(ERROR, "brcmu_pkt_buf_get_skb failed: rdlen %d chan %d\n", 1993 rdlen, chan); 1994 bus->sdiodev->bus_if->dstats.rx_dropped++; 1995 brcmf_sdbrcm_rxfail(bus, false, RETRYCHAN(chan)); 1996 continue; 1997 } 1998 1999 /* Leave room for what we already read, and align remainder */ 2000 skb_pull(pkt, BRCMF_FIRSTREAD); 2001 pkt_align(pkt, rdlen, BRCMF_SDALIGN); 2002 2003 /* Read the remaining frame data */ 2004 sdret = brcmf_sdcard_recv_pkt(bus->sdiodev, bus->sdiodev->sbwad, 2005 SDIO_FUNC_2, F2SYNC, pkt); 2006 bus->f2rxdata++; 2007 2008 if (sdret < 0) { 2009 brcmf_dbg(ERROR, "read %d %s bytes failed: %d\n", rdlen, 2010 ((chan == SDPCM_EVENT_CHANNEL) ? "event" 2011 : ((chan == SDPCM_DATA_CHANNEL) ? "data" 2012 : "test")), sdret); 2013 brcmu_pkt_buf_free_skb(pkt); 2014 bus->sdiodev->bus_if->dstats.rx_errors++; 2015 brcmf_sdbrcm_rxfail(bus, true, RETRYCHAN(chan)); 2016 continue; 2017 } 2018 2019 /* Copy the already-read portion */ 2020 skb_push(pkt, BRCMF_FIRSTREAD); 2021 memcpy(pkt->data, bus->rxhdr, BRCMF_FIRSTREAD); 2022 2023#ifdef BCMDBG 2024 if (BRCMF_BYTES_ON() && BRCMF_DATA_ON()) { 2025 printk(KERN_DEBUG "Rx Data:\n"); 2026 print_hex_dump_bytes("", DUMP_PREFIX_OFFSET, 2027 pkt->data, len); 2028 } 2029#endif 2030 2031deliver: 2032 /* Save superframe descriptor and allocate packet frame */ 2033 if (chan == SDPCM_GLOM_CHANNEL) { 2034 if (SDPCM_GLOMDESC(&bus->rxhdr[SDPCM_FRAMETAG_LEN])) { 2035 brcmf_dbg(GLOM, "glom descriptor, %d bytes:\n", 2036 len); 2037#ifdef BCMDBG 2038 if (BRCMF_GLOM_ON()) { 2039 printk(KERN_DEBUG "Glom Data:\n"); 2040 print_hex_dump_bytes("", 2041 DUMP_PREFIX_OFFSET, 2042 pkt->data, len); 2043 } 2044#endif 2045 __skb_trim(pkt, len); 2046 skb_pull(pkt, SDPCM_HDRLEN); 2047 bus->glomd = pkt; 2048 } else { 2049 brcmf_dbg(ERROR, "%s: glom superframe w/o " 2050 "descriptor!\n", __func__); 2051 brcmf_sdbrcm_rxfail(bus, false, false); 2052 } 2053 continue; 2054 } 2055 2056 /* Fill in packet len and prio, deliver upward */ 2057 __skb_trim(pkt, len); 2058 skb_pull(pkt, doff); 2059 2060 if (pkt->len == 0) { 2061 brcmu_pkt_buf_free_skb(pkt); 2062 continue; 2063 } else if (brcmf_proto_hdrpull(bus->sdiodev->dev, &ifidx, 2064 pkt) != 0) { 2065 brcmf_dbg(ERROR, "rx protocol error\n"); 2066 brcmu_pkt_buf_free_skb(pkt); 2067 bus->sdiodev->bus_if->dstats.rx_errors++; 2068 continue; 2069 } 2070 2071 /* Unlock during rx call */ 2072 up(&bus->sdsem); 2073 brcmf_rx_packet(bus->sdiodev->dev, ifidx, pkt); 2074 down(&bus->sdsem); 2075 } 2076 rxcount = maxframes - rxleft; 2077#ifdef BCMDBG 2078 /* Message if we hit the limit */ 2079 if (!rxleft) 2080 brcmf_dbg(DATA, "hit rx limit of %d frames\n", 2081 maxframes); 2082 else 2083#endif /* BCMDBG */ 2084 brcmf_dbg(DATA, "processed %d frames\n", rxcount); 2085 /* Back off rxseq if awaiting rtx, update rx_seq */ 2086 if (bus->rxskip) 2087 rxseq--; 2088 bus->rx_seq = rxseq; 2089 2090 return rxcount; 2091} 2092 2093static void 2094brcmf_sdbrcm_wait_for_event(struct brcmf_sdio *bus, bool *lockvar) 2095{ 2096 up(&bus->sdsem); 2097 wait_event_interruptible_timeout(bus->ctrl_wait, 2098 (*lockvar == false), HZ * 2); 2099 down(&bus->sdsem); 2100 return; 2101} 2102 2103static void 2104brcmf_sdbrcm_wait_event_wakeup(struct brcmf_sdio *bus) 2105{ 2106 if (waitqueue_active(&bus->ctrl_wait)) 2107 wake_up_interruptible(&bus->ctrl_wait); 2108 return; 2109} 2110 2111/* Writes a HW/SW header into the packet and sends it. */ 2112/* Assumes: (a) header space already there, (b) caller holds lock */ 2113static int brcmf_sdbrcm_txpkt(struct brcmf_sdio *bus, struct sk_buff *pkt, 2114 uint chan, bool free_pkt) 2115{ 2116 int ret; 2117 u8 *frame; 2118 u16 len, pad = 0; 2119 u32 swheader; 2120 struct sk_buff *new; 2121 int i; 2122 2123 brcmf_dbg(TRACE, "Enter\n"); 2124 2125 frame = (u8 *) (pkt->data); 2126 2127 /* Add alignment padding, allocate new packet if needed */ 2128 pad = ((unsigned long)frame % BRCMF_SDALIGN); 2129 if (pad) { 2130 if (skb_headroom(pkt) < pad) { 2131 brcmf_dbg(INFO, "insufficient headroom %d for %d pad\n", 2132 skb_headroom(pkt), pad); 2133 bus->sdiodev->bus_if->tx_realloc++; 2134 new = brcmu_pkt_buf_get_skb(pkt->len + BRCMF_SDALIGN); 2135 if (!new) { 2136 brcmf_dbg(ERROR, "couldn't allocate new %d-byte packet\n", 2137 pkt->len + BRCMF_SDALIGN); 2138 ret = -ENOMEM; 2139 goto done; 2140 } 2141 2142 pkt_align(new, pkt->len, BRCMF_SDALIGN); 2143 memcpy(new->data, pkt->data, pkt->len); 2144 if (free_pkt) 2145 brcmu_pkt_buf_free_skb(pkt); 2146 /* free the pkt if canned one is not used */ 2147 free_pkt = true; 2148 pkt = new; 2149 frame = (u8 *) (pkt->data); 2150 /* precondition: (frame % BRCMF_SDALIGN) == 0) */ 2151 pad = 0; 2152 } else { 2153 skb_push(pkt, pad); 2154 frame = (u8 *) (pkt->data); 2155 /* precondition: pad + SDPCM_HDRLEN <= pkt->len */ 2156 memset(frame, 0, pad + SDPCM_HDRLEN); 2157 } 2158 } 2159 /* precondition: pad < BRCMF_SDALIGN */ 2160 2161 /* Hardware tag: 2 byte len followed by 2 byte ~len check (all LE) */ 2162 len = (u16) (pkt->len); 2163 *(__le16 *) frame = cpu_to_le16(len); 2164 *(((__le16 *) frame) + 1) = cpu_to_le16(~len); 2165 2166 /* Software tag: channel, sequence number, data offset */ 2167 swheader = 2168 ((chan << SDPCM_CHANNEL_SHIFT) & SDPCM_CHANNEL_MASK) | bus->tx_seq | 2169 (((pad + 2170 SDPCM_HDRLEN) << SDPCM_DOFFSET_SHIFT) & SDPCM_DOFFSET_MASK); 2171 2172 put_unaligned_le32(swheader, frame + SDPCM_FRAMETAG_LEN); 2173 put_unaligned_le32(0, frame + SDPCM_FRAMETAG_LEN + sizeof(swheader)); 2174 2175#ifdef BCMDBG 2176 tx_packets[pkt->priority]++; 2177 if (BRCMF_BYTES_ON() && 2178 (((BRCMF_CTL_ON() && (chan == SDPCM_CONTROL_CHANNEL)) || 2179 (BRCMF_DATA_ON() && (chan != SDPCM_CONTROL_CHANNEL))))) { 2180 printk(KERN_DEBUG "Tx Frame:\n"); 2181 print_hex_dump_bytes("", DUMP_PREFIX_OFFSET, frame, len); 2182 } else if (BRCMF_HDRS_ON()) { 2183 printk(KERN_DEBUG "TxHdr:\n"); 2184 print_hex_dump_bytes("", DUMP_PREFIX_OFFSET, 2185 frame, min_t(u16, len, 16)); 2186 } 2187#endif 2188 2189 /* Raise len to next SDIO block to eliminate tail command */ 2190 if (bus->roundup && bus->blocksize && (len > bus->blocksize)) { 2191 u16 pad = bus->blocksize - (len % bus->blocksize); 2192 if ((pad <= bus->roundup) && (pad < bus->blocksize)) 2193 len += pad; 2194 } else if (len % BRCMF_SDALIGN) { 2195 len += BRCMF_SDALIGN - (len % BRCMF_SDALIGN); 2196 } 2197 2198 /* Some controllers have trouble with odd bytes -- round to even */ 2199 if (len & (ALIGNMENT - 1)) 2200 len = roundup(len, ALIGNMENT); 2201 2202 ret = brcmf_sdcard_send_pkt(bus->sdiodev, bus->sdiodev->sbwad, 2203 SDIO_FUNC_2, F2SYNC, pkt); 2204 bus->f2txdata++; 2205 2206 if (ret < 0) { 2207 /* On failure, abort the command and terminate the frame */ 2208 brcmf_dbg(INFO, "sdio error %d, abort command and terminate frame\n", 2209 ret); 2210 bus->tx_sderrs++; 2211 2212 brcmf_sdcard_abort(bus->sdiodev, SDIO_FUNC_2); 2213 brcmf_sdcard_cfg_write(bus->sdiodev, SDIO_FUNC_1, 2214 SBSDIO_FUNC1_FRAMECTRL, SFC_WF_TERM, 2215 NULL); 2216 bus->f1regdata++; 2217 2218 for (i = 0; i < 3; i++) { 2219 u8 hi, lo; 2220 hi = brcmf_sdcard_cfg_read(bus->sdiodev, 2221 SDIO_FUNC_1, 2222 SBSDIO_FUNC1_WFRAMEBCHI, 2223 NULL); 2224 lo = brcmf_sdcard_cfg_read(bus->sdiodev, 2225 SDIO_FUNC_1, 2226 SBSDIO_FUNC1_WFRAMEBCLO, 2227 NULL); 2228 bus->f1regdata += 2; 2229 if ((hi == 0) && (lo == 0)) 2230 break; 2231 } 2232 2233 } 2234 if (ret == 0) 2235 bus->tx_seq = (bus->tx_seq + 1) % SDPCM_SEQUENCE_WRAP; 2236 2237done: 2238 /* restore pkt buffer pointer before calling tx complete routine */ 2239 skb_pull(pkt, SDPCM_HDRLEN + pad); 2240 up(&bus->sdsem); 2241 brcmf_txcomplete(bus->sdiodev->dev, pkt, ret != 0); 2242 down(&bus->sdsem); 2243 2244 if (free_pkt) 2245 brcmu_pkt_buf_free_skb(pkt); 2246 2247 return ret; 2248} 2249 2250static uint brcmf_sdbrcm_sendfromq(struct brcmf_sdio *bus, uint maxframes) 2251{ 2252 struct sk_buff *pkt; 2253 u32 intstatus = 0; 2254 uint retries = 0; 2255 int ret = 0, prec_out; 2256 uint cnt = 0; 2257 uint datalen; 2258 u8 tx_prec_map; 2259 2260 brcmf_dbg(TRACE, "Enter\n"); 2261 2262 tx_prec_map = ~bus->flowcontrol; 2263 2264 /* Send frames until the limit or some other event */ 2265 for (cnt = 0; (cnt < maxframes) && data_ok(bus); cnt++) { 2266 spin_lock_bh(&bus->txqlock); 2267 pkt = brcmu_pktq_mdeq(&bus->txq, tx_prec_map, &prec_out); 2268 if (pkt == NULL) { 2269 spin_unlock_bh(&bus->txqlock); 2270 break; 2271 } 2272 spin_unlock_bh(&bus->txqlock); 2273 datalen = pkt->len - SDPCM_HDRLEN; 2274 2275 ret = brcmf_sdbrcm_txpkt(bus, pkt, SDPCM_DATA_CHANNEL, true); 2276 if (ret) 2277 bus->sdiodev->bus_if->dstats.tx_errors++; 2278 else 2279 bus->sdiodev->bus_if->dstats.tx_bytes += datalen; 2280 2281 /* In poll mode, need to check for other events */ 2282 if (!bus->intr && cnt) { 2283 /* Check device status, signal pending interrupt */ 2284 r_sdreg32(bus, &intstatus, 2285 offsetof(struct sdpcmd_regs, intstatus), 2286 &retries); 2287 bus->f2txdata++; 2288 if (brcmf_sdcard_regfail(bus->sdiodev)) 2289 break; 2290 if (intstatus & bus->hostintmask) 2291 bus->ipend = true; 2292 } 2293 } 2294 2295 /* Deflow-control stack if needed */ 2296 if (bus->sdiodev->bus_if->drvr_up && 2297 (bus->sdiodev->bus_if->state == BRCMF_BUS_DATA) && 2298 bus->txoff && (pktq_len(&bus->txq) < TXLOW)) { 2299 bus->txoff = OFF; 2300 brcmf_txflowcontrol(bus->sdiodev->dev, 0, OFF); 2301 } 2302 2303 return cnt; 2304} 2305 2306static void brcmf_sdbrcm_bus_stop(struct device *dev) 2307{ 2308 u32 local_hostintmask; 2309 u8 saveclk; 2310 uint retries; 2311 int err; 2312 struct brcmf_bus *bus_if = dev_get_drvdata(dev); 2313 struct brcmf_sdio_dev *sdiodev = bus_if->bus_priv; 2314 struct brcmf_sdio *bus = sdiodev->bus; 2315 2316 brcmf_dbg(TRACE, "Enter\n"); 2317 2318 if (bus->watchdog_tsk) { 2319 send_sig(SIGTERM, bus->watchdog_tsk, 1); 2320 kthread_stop(bus->watchdog_tsk); 2321 bus->watchdog_tsk = NULL; 2322 } 2323 2324 if (bus->dpc_tsk && bus->dpc_tsk != current) { 2325 send_sig(SIGTERM, bus->dpc_tsk, 1); 2326 kthread_stop(bus->dpc_tsk); 2327 bus->dpc_tsk = NULL; 2328 } 2329 2330 down(&bus->sdsem); 2331 2332 bus_wake(bus); 2333 2334 /* Enable clock for device interrupts */ 2335 brcmf_sdbrcm_clkctl(bus, CLK_AVAIL, false); 2336 2337 /* Disable and clear interrupts at the chip level also */ 2338 w_sdreg32(bus, 0, offsetof(struct sdpcmd_regs, hostintmask), &retries); 2339 local_hostintmask = bus->hostintmask; 2340 bus->hostintmask = 0; 2341 2342 /* Change our idea of bus state */ 2343 bus->sdiodev->bus_if->state = BRCMF_BUS_DOWN; 2344 2345 /* Force clocks on backplane to be sure F2 interrupt propagates */ 2346 saveclk = brcmf_sdcard_cfg_read(bus->sdiodev, SDIO_FUNC_1, 2347 SBSDIO_FUNC1_CHIPCLKCSR, &err); 2348 if (!err) { 2349 brcmf_sdcard_cfg_write(bus->sdiodev, SDIO_FUNC_1, 2350 SBSDIO_FUNC1_CHIPCLKCSR, 2351 (saveclk | SBSDIO_FORCE_HT), &err); 2352 } 2353 if (err) 2354 brcmf_dbg(ERROR, "Failed to force clock for F2: err %d\n", err); 2355 2356 /* Turn off the bus (F2), free any pending packets */ 2357 brcmf_dbg(INTR, "disable SDIO interrupts\n"); 2358 brcmf_sdcard_cfg_write(bus->sdiodev, SDIO_FUNC_0, SDIO_CCCR_IOEx, 2359 SDIO_FUNC_ENABLE_1, NULL); 2360 2361 /* Clear any pending interrupts now that F2 is disabled */ 2362 w_sdreg32(bus, local_hostintmask, 2363 offsetof(struct sdpcmd_regs, intstatus), &retries); 2364 2365 /* Turn off the backplane clock (only) */ 2366 brcmf_sdbrcm_clkctl(bus, CLK_SDONLY, false); 2367 2368 /* Clear the data packet queues */ 2369 brcmu_pktq_flush(&bus->txq, true, NULL, NULL); 2370 2371 /* Clear any held glomming stuff */ 2372 if (bus->glomd) 2373 brcmu_pkt_buf_free_skb(bus->glomd); 2374 brcmf_sdbrcm_free_glom(bus); 2375 2376 /* Clear rx control and wake any waiters */ 2377 bus->rxlen = 0; 2378 brcmf_sdbrcm_dcmd_resp_wake(bus); 2379 2380 /* Reset some F2 state stuff */ 2381 bus->rxskip = false; 2382 bus->tx_seq = bus->rx_seq = 0; 2383 2384 up(&bus->sdsem); 2385} 2386 2387static bool brcmf_sdbrcm_dpc(struct brcmf_sdio *bus) 2388{ 2389 u32 intstatus, newstatus = 0; 2390 uint retries = 0; 2391 uint rxlimit = bus->rxbound; /* Rx frames to read before resched */ 2392 uint txlimit = bus->txbound; /* Tx frames to send before resched */ 2393 uint framecnt = 0; /* Temporary counter of tx/rx frames */ 2394 bool rxdone = true; /* Flag for no more read data */ 2395 bool resched = false; /* Flag indicating resched wanted */ 2396 2397 brcmf_dbg(TRACE, "Enter\n"); 2398 2399 /* Start with leftover status bits */ 2400 intstatus = bus->intstatus; 2401 2402 down(&bus->sdsem); 2403 2404 /* If waiting for HTAVAIL, check status */ 2405 if (bus->clkstate == CLK_PENDING) { 2406 int err; 2407 u8 clkctl, devctl = 0; 2408 2409#ifdef BCMDBG 2410 /* Check for inconsistent device control */ 2411 devctl = brcmf_sdcard_cfg_read(bus->sdiodev, SDIO_FUNC_1, 2412 SBSDIO_DEVICE_CTL, &err); 2413 if (err) { 2414 brcmf_dbg(ERROR, "error reading DEVCTL: %d\n", err); 2415 bus->sdiodev->bus_if->state = BRCMF_BUS_DOWN; 2416 } 2417#endif /* BCMDBG */ 2418 2419 /* Read CSR, if clock on switch to AVAIL, else ignore */ 2420 clkctl = brcmf_sdcard_cfg_read(bus->sdiodev, SDIO_FUNC_1, 2421 SBSDIO_FUNC1_CHIPCLKCSR, &err); 2422 if (err) { 2423 brcmf_dbg(ERROR, "error reading CSR: %d\n", 2424 err); 2425 bus->sdiodev->bus_if->state = BRCMF_BUS_DOWN; 2426 } 2427 2428 brcmf_dbg(INFO, "DPC: PENDING, devctl 0x%02x clkctl 0x%02x\n", 2429 devctl, clkctl); 2430 2431 if (SBSDIO_HTAV(clkctl)) { 2432 devctl = brcmf_sdcard_cfg_read(bus->sdiodev, 2433 SDIO_FUNC_1, 2434 SBSDIO_DEVICE_CTL, &err); 2435 if (err) { 2436 brcmf_dbg(ERROR, "error reading DEVCTL: %d\n", 2437 err); 2438 bus->sdiodev->bus_if->state = BRCMF_BUS_DOWN; 2439 } 2440 devctl &= ~SBSDIO_DEVCTL_CA_INT_ONLY; 2441 brcmf_sdcard_cfg_write(bus->sdiodev, SDIO_FUNC_1, 2442 SBSDIO_DEVICE_CTL, devctl, &err); 2443 if (err) { 2444 brcmf_dbg(ERROR, "error writing DEVCTL: %d\n", 2445 err); 2446 bus->sdiodev->bus_if->state = BRCMF_BUS_DOWN; 2447 } 2448 bus->clkstate = CLK_AVAIL; 2449 } else { 2450 goto clkwait; 2451 } 2452 } 2453 2454 bus_wake(bus); 2455 2456 /* Make sure backplane clock is on */ 2457 brcmf_sdbrcm_clkctl(bus, CLK_AVAIL, true); 2458 if (bus->clkstate == CLK_PENDING) 2459 goto clkwait; 2460 2461 /* Pending interrupt indicates new device status */ 2462 if (bus->ipend) { 2463 bus->ipend = false; 2464 r_sdreg32(bus, &newstatus, 2465 offsetof(struct sdpcmd_regs, intstatus), &retries); 2466 bus->f1regdata++; 2467 if (brcmf_sdcard_regfail(bus->sdiodev)) 2468 newstatus = 0; 2469 newstatus &= bus->hostintmask; 2470 bus->fcstate = !!(newstatus & I_HMB_FC_STATE); 2471 if (newstatus) { 2472 w_sdreg32(bus, newstatus, 2473 offsetof(struct sdpcmd_regs, intstatus), 2474 &retries); 2475 bus->f1regdata++; 2476 } 2477 } 2478 2479 /* Merge new bits with previous */ 2480 intstatus |= newstatus; 2481 bus->intstatus = 0; 2482 2483 /* Handle flow-control change: read new state in case our ack 2484 * crossed another change interrupt. If change still set, assume 2485 * FC ON for safety, let next loop through do the debounce. 2486 */ 2487 if (intstatus & I_HMB_FC_CHANGE) { 2488 intstatus &= ~I_HMB_FC_CHANGE; 2489 w_sdreg32(bus, I_HMB_FC_CHANGE, 2490 offsetof(struct sdpcmd_regs, intstatus), &retries); 2491 2492 r_sdreg32(bus, &newstatus, 2493 offsetof(struct sdpcmd_regs, intstatus), &retries); 2494 bus->f1regdata += 2; 2495 bus->fcstate = 2496 !!(newstatus & (I_HMB_FC_STATE | I_HMB_FC_CHANGE)); 2497 intstatus |= (newstatus & bus->hostintmask); 2498 } 2499 2500 /* Handle host mailbox indication */ 2501 if (intstatus & I_HMB_HOST_INT) { 2502 intstatus &= ~I_HMB_HOST_INT; 2503 intstatus |= brcmf_sdbrcm_hostmail(bus); 2504 } 2505 2506 /* Generally don't ask for these, can get CRC errors... */ 2507 if (intstatus & I_WR_OOSYNC) { 2508 brcmf_dbg(ERROR, "Dongle reports WR_OOSYNC\n"); 2509 intstatus &= ~I_WR_OOSYNC; 2510 } 2511 2512 if (intstatus & I_RD_OOSYNC) { 2513 brcmf_dbg(ERROR, "Dongle reports RD_OOSYNC\n"); 2514 intstatus &= ~I_RD_OOSYNC; 2515 } 2516 2517 if (intstatus & I_SBINT) { 2518 brcmf_dbg(ERROR, "Dongle reports SBINT\n"); 2519 intstatus &= ~I_SBINT; 2520 } 2521 2522 /* Would be active due to wake-wlan in gSPI */ 2523 if (intstatus & I_CHIPACTIVE) { 2524 brcmf_dbg(INFO, "Dongle reports CHIPACTIVE\n"); 2525 intstatus &= ~I_CHIPACTIVE; 2526 } 2527 2528 /* Ignore frame indications if rxskip is set */ 2529 if (bus->rxskip) 2530 intstatus &= ~I_HMB_FRAME_IND; 2531 2532 /* On frame indication, read available frames */ 2533 if (PKT_AVAILABLE()) { 2534 framecnt = brcmf_sdbrcm_readframes(bus, rxlimit, &rxdone); 2535 if (rxdone || bus->rxskip) 2536 intstatus &= ~I_HMB_FRAME_IND; 2537 rxlimit -= min(framecnt, rxlimit); 2538 } 2539 2540 /* Keep still-pending events for next scheduling */ 2541 bus->intstatus = intstatus; 2542 2543clkwait: 2544 if (data_ok(bus) && bus->ctrl_frame_stat && 2545 (bus->clkstate == CLK_AVAIL)) { 2546 int ret, i; 2547 2548 ret = brcmf_sdcard_send_buf(bus->sdiodev, bus->sdiodev->sbwad, 2549 SDIO_FUNC_2, F2SYNC, (u8 *) bus->ctrl_frame_buf, 2550 (u32) bus->ctrl_frame_len); 2551 2552 if (ret < 0) { 2553 /* On failure, abort the command and 2554 terminate the frame */ 2555 brcmf_dbg(INFO, "sdio error %d, abort command and terminate frame\n", 2556 ret); 2557 bus->tx_sderrs++; 2558 2559 brcmf_sdcard_abort(bus->sdiodev, SDIO_FUNC_2); 2560 2561 brcmf_sdcard_cfg_write(bus->sdiodev, SDIO_FUNC_1, 2562 SBSDIO_FUNC1_FRAMECTRL, SFC_WF_TERM, 2563 NULL); 2564 bus->f1regdata++; 2565 2566 for (i = 0; i < 3; i++) { 2567 u8 hi, lo; 2568 hi = brcmf_sdcard_cfg_read(bus->sdiodev, 2569 SDIO_FUNC_1, 2570 SBSDIO_FUNC1_WFRAMEBCHI, 2571 NULL); 2572 lo = brcmf_sdcard_cfg_read(bus->sdiodev, 2573 SDIO_FUNC_1, 2574 SBSDIO_FUNC1_WFRAMEBCLO, 2575 NULL); 2576 bus->f1regdata += 2; 2577 if ((hi == 0) && (lo == 0)) 2578 break; 2579 } 2580 2581 } 2582 if (ret == 0) 2583 bus->tx_seq = (bus->tx_seq + 1) % SDPCM_SEQUENCE_WRAP; 2584 2585 brcmf_dbg(INFO, "Return_dpc value is : %d\n", ret); 2586 bus->ctrl_frame_stat = false; 2587 brcmf_sdbrcm_wait_event_wakeup(bus); 2588 } 2589 /* Send queued frames (limit 1 if rx may still be pending) */ 2590 else if ((bus->clkstate == CLK_AVAIL) && !bus->fcstate && 2591 brcmu_pktq_mlen(&bus->txq, ~bus->flowcontrol) && txlimit 2592 && data_ok(bus)) { 2593 framecnt = rxdone ? txlimit : min(txlimit, bus->txminmax); 2594 framecnt = brcmf_sdbrcm_sendfromq(bus, framecnt); 2595 txlimit -= framecnt; 2596 } 2597 2598 /* Resched if events or tx frames are pending, 2599 else await next interrupt */ 2600 /* On failed register access, all bets are off: 2601 no resched or interrupts */ 2602 if ((bus->sdiodev->bus_if->state == BRCMF_BUS_DOWN) || 2603 brcmf_sdcard_regfail(bus->sdiodev)) { 2604 brcmf_dbg(ERROR, "failed backplane access over SDIO, halting operation %d\n", 2605 brcmf_sdcard_regfail(bus->sdiodev)); 2606 bus->sdiodev->bus_if->state = BRCMF_BUS_DOWN; 2607 bus->intstatus = 0; 2608 } else if (bus->clkstate == CLK_PENDING) { 2609 brcmf_dbg(INFO, "rescheduled due to CLK_PENDING awaiting I_CHIPACTIVE interrupt\n"); 2610 resched = true; 2611 } else if (bus->intstatus || bus->ipend || 2612 (!bus->fcstate && brcmu_pktq_mlen(&bus->txq, ~bus->flowcontrol) 2613 && data_ok(bus)) || PKT_AVAILABLE()) { 2614 resched = true; 2615 } 2616 2617 bus->dpc_sched = resched; 2618 2619 /* If we're done for now, turn off clock request. */ 2620 if ((bus->clkstate != CLK_PENDING) 2621 && bus->idletime == BRCMF_IDLE_IMMEDIATE) { 2622 bus->activity = false; 2623 brcmf_sdbrcm_clkctl(bus, CLK_NONE, false); 2624 } 2625 2626 up(&bus->sdsem); 2627 2628 return resched; 2629} 2630 2631static int brcmf_sdbrcm_dpc_thread(void *data) 2632{ 2633 struct brcmf_sdio *bus = (struct brcmf_sdio *) data; 2634 2635 allow_signal(SIGTERM); 2636 /* Run until signal received */ 2637 while (1) { 2638 if (kthread_should_stop()) 2639 break; 2640 if (!wait_for_completion_interruptible(&bus->dpc_wait)) { 2641 /* Call bus dpc unless it indicated down 2642 (then clean stop) */ 2643 if (bus->sdiodev->bus_if->state != BRCMF_BUS_DOWN) { 2644 if (brcmf_sdbrcm_dpc(bus)) 2645 complete(&bus->dpc_wait); 2646 } else { 2647 /* after stopping the bus, exit thread */ 2648 brcmf_sdbrcm_bus_stop(bus->sdiodev->dev); 2649 bus->dpc_tsk = NULL; 2650 break; 2651 } 2652 } else 2653 break; 2654 } 2655 return 0; 2656} 2657 2658int brcmf_sdbrcm_bus_txdata(struct device *dev, struct sk_buff *pkt) 2659{ 2660 int ret = -EBADE; 2661 uint datalen, prec; 2662 struct brcmf_bus *bus_if = dev_get_drvdata(dev); 2663 struct brcmf_sdio_dev *sdiodev = bus_if->bus_priv; 2664 struct brcmf_sdio *bus = sdiodev->bus; 2665 2666 brcmf_dbg(TRACE, "Enter\n"); 2667 2668 datalen = pkt->len; 2669 2670 /* Add space for the header */ 2671 skb_push(pkt, SDPCM_HDRLEN); 2672 /* precondition: IS_ALIGNED((unsigned long)(pkt->data), 2) */ 2673 2674 prec = prio2prec((pkt->priority & PRIOMASK)); 2675 2676 /* Check for existing queue, current flow-control, 2677 pending event, or pending clock */ 2678 brcmf_dbg(TRACE, "deferring pktq len %d\n", pktq_len(&bus->txq)); 2679 bus->fcqueued++; 2680 2681 /* Priority based enq */ 2682 spin_lock_bh(&bus->txqlock); 2683 if (brcmf_c_prec_enq(bus->sdiodev->dev, &bus->txq, pkt, prec) == 2684 false) { 2685 skb_pull(pkt, SDPCM_HDRLEN); 2686 brcmf_txcomplete(bus->sdiodev->dev, pkt, false); 2687 brcmu_pkt_buf_free_skb(pkt); 2688 brcmf_dbg(ERROR, "out of bus->txq !!!\n"); 2689 ret = -ENOSR; 2690 } else { 2691 ret = 0; 2692 } 2693 spin_unlock_bh(&bus->txqlock); 2694 2695 if (pktq_len(&bus->txq) >= TXHI) { 2696 bus->txoff = ON; 2697 brcmf_txflowcontrol(bus->sdiodev->dev, 0, ON); 2698 } 2699 2700#ifdef BCMDBG 2701 if (pktq_plen(&bus->txq, prec) > qcount[prec]) 2702 qcount[prec] = pktq_plen(&bus->txq, prec); 2703#endif 2704 /* Schedule DPC if needed to send queued packet(s) */ 2705 if (!bus->dpc_sched) { 2706 bus->dpc_sched = true; 2707 if (bus->dpc_tsk) 2708 complete(&bus->dpc_wait); 2709 } 2710 2711 return ret; 2712} 2713 2714static int 2715brcmf_sdbrcm_membytes(struct brcmf_sdio *bus, bool write, u32 address, u8 *data, 2716 uint size) 2717{ 2718 int bcmerror = 0; 2719 u32 sdaddr; 2720 uint dsize; 2721 2722 /* Determine initial transfer parameters */ 2723 sdaddr = address & SBSDIO_SB_OFT_ADDR_MASK; 2724 if ((sdaddr + size) & SBSDIO_SBWINDOW_MASK) 2725 dsize = (SBSDIO_SB_OFT_ADDR_LIMIT - sdaddr); 2726 else 2727 dsize = size; 2728 2729 /* Set the backplane window to include the start address */ 2730 bcmerror = brcmf_sdcard_set_sbaddr_window(bus->sdiodev, address); 2731 if (bcmerror) { 2732 brcmf_dbg(ERROR, "window change failed\n"); 2733 goto xfer_done; 2734 } 2735 2736 /* Do the transfer(s) */ 2737 while (size) { 2738 brcmf_dbg(INFO, "%s %d bytes at offset 0x%08x in window 0x%08x\n", 2739 write ? "write" : "read", dsize, 2740 sdaddr, address & SBSDIO_SBWINDOW_MASK); 2741 bcmerror = brcmf_sdcard_rwdata(bus->sdiodev, write, 2742 sdaddr, data, dsize); 2743 if (bcmerror) { 2744 brcmf_dbg(ERROR, "membytes transfer failed\n"); 2745 break; 2746 } 2747 2748 /* Adjust for next transfer (if any) */ 2749 size -= dsize; 2750 if (size) { 2751 data += dsize; 2752 address += dsize; 2753 bcmerror = brcmf_sdcard_set_sbaddr_window(bus->sdiodev, 2754 address); 2755 if (bcmerror) { 2756 brcmf_dbg(ERROR, "window change failed\n"); 2757 break; 2758 } 2759 sdaddr = 0; 2760 dsize = min_t(uint, SBSDIO_SB_OFT_ADDR_LIMIT, size); 2761 } 2762 } 2763 2764xfer_done: 2765 /* Return the window to backplane enumeration space for core access */ 2766 if (brcmf_sdcard_set_sbaddr_window(bus->sdiodev, bus->sdiodev->sbwad)) 2767 brcmf_dbg(ERROR, "FAILED to set window back to 0x%x\n", 2768 bus->sdiodev->sbwad); 2769 2770 return bcmerror; 2771} 2772 2773#ifdef BCMDBG 2774#define CONSOLE_LINE_MAX 192 2775 2776static int brcmf_sdbrcm_readconsole(struct brcmf_sdio *bus) 2777{ 2778 struct brcmf_console *c = &bus->console; 2779 u8 line[CONSOLE_LINE_MAX], ch; 2780 u32 n, idx, addr; 2781 int rv; 2782 2783 /* Don't do anything until FWREADY updates console address */ 2784 if (bus->console_addr == 0) 2785 return 0; 2786 2787 /* Read console log struct */ 2788 addr = bus->console_addr + offsetof(struct rte_console, log_le); 2789 rv = brcmf_sdbrcm_membytes(bus, false, addr, (u8 *)&c->log_le, 2790 sizeof(c->log_le)); 2791 if (rv < 0) 2792 return rv; 2793 2794 /* Allocate console buffer (one time only) */ 2795 if (c->buf == NULL) { 2796 c->bufsize = le32_to_cpu(c->log_le.buf_size); 2797 c->buf = kmalloc(c->bufsize, GFP_ATOMIC); 2798 if (c->buf == NULL) 2799 return -ENOMEM; 2800 } 2801 2802 idx = le32_to_cpu(c->log_le.idx); 2803 2804 /* Protect against corrupt value */ 2805 if (idx > c->bufsize) 2806 return -EBADE; 2807 2808 /* Skip reading the console buffer if the index pointer 2809 has not moved */ 2810 if (idx == c->last) 2811 return 0; 2812 2813 /* Read the console buffer */ 2814 addr = le32_to_cpu(c->log_le.buf); 2815 rv = brcmf_sdbrcm_membytes(bus, false, addr, c->buf, c->bufsize); 2816 if (rv < 0) 2817 return rv; 2818 2819 while (c->last != idx) { 2820 for (n = 0; n < CONSOLE_LINE_MAX - 2; n++) { 2821 if (c->last == idx) { 2822 /* This would output a partial line. 2823 * Instead, back up 2824 * the buffer pointer and output this 2825 * line next time around. 2826 */ 2827 if (c->last >= n) 2828 c->last -= n; 2829 else 2830 c->last = c->bufsize - n; 2831 goto break2; 2832 } 2833 ch = c->buf[c->last]; 2834 c->last = (c->last + 1) % c->bufsize; 2835 if (ch == '\n') 2836 break; 2837 line[n] = ch; 2838 } 2839 2840 if (n > 0) { 2841 if (line[n - 1] == '\r') 2842 n--; 2843 line[n] = 0; 2844 printk(KERN_DEBUG "CONSOLE: %s\n", line); 2845 } 2846 } 2847break2: 2848 2849 return 0; 2850} 2851#endif /* BCMDBG */ 2852 2853static int brcmf_tx_frame(struct brcmf_sdio *bus, u8 *frame, u16 len) 2854{ 2855 int i; 2856 int ret; 2857 2858 bus->ctrl_frame_stat = false; 2859 ret = brcmf_sdcard_send_buf(bus->sdiodev, bus->sdiodev->sbwad, 2860 SDIO_FUNC_2, F2SYNC, frame, len); 2861 2862 if (ret < 0) { 2863 /* On failure, abort the command and terminate the frame */ 2864 brcmf_dbg(INFO, "sdio error %d, abort command and terminate frame\n", 2865 ret); 2866 bus->tx_sderrs++; 2867 2868 brcmf_sdcard_abort(bus->sdiodev, SDIO_FUNC_2); 2869 2870 brcmf_sdcard_cfg_write(bus->sdiodev, SDIO_FUNC_1, 2871 SBSDIO_FUNC1_FRAMECTRL, 2872 SFC_WF_TERM, NULL); 2873 bus->f1regdata++; 2874 2875 for (i = 0; i < 3; i++) { 2876 u8 hi, lo; 2877 hi = brcmf_sdcard_cfg_read(bus->sdiodev, SDIO_FUNC_1, 2878 SBSDIO_FUNC1_WFRAMEBCHI, 2879 NULL); 2880 lo = brcmf_sdcard_cfg_read(bus->sdiodev, SDIO_FUNC_1, 2881 SBSDIO_FUNC1_WFRAMEBCLO, 2882 NULL); 2883 bus->f1regdata += 2; 2884 if (hi == 0 && lo == 0) 2885 break; 2886 } 2887 return ret; 2888 } 2889 2890 bus->tx_seq = (bus->tx_seq + 1) % SDPCM_SEQUENCE_WRAP; 2891 2892 return ret; 2893} 2894 2895int 2896brcmf_sdbrcm_bus_txctl(struct device *dev, unsigned char *msg, uint msglen) 2897{ 2898 u8 *frame; 2899 u16 len; 2900 u32 swheader; 2901 uint retries = 0; 2902 u8 doff = 0; 2903 int ret = -1; 2904 struct brcmf_bus *bus_if = dev_get_drvdata(dev); 2905 struct brcmf_sdio_dev *sdiodev = bus_if->bus_priv; 2906 struct brcmf_sdio *bus = sdiodev->bus; 2907 2908 brcmf_dbg(TRACE, "Enter\n"); 2909 2910 /* Back the pointer to make a room for bus header */ 2911 frame = msg - SDPCM_HDRLEN; 2912 len = (msglen += SDPCM_HDRLEN); 2913 2914 /* Add alignment padding (optional for ctl frames) */ 2915 doff = ((unsigned long)frame % BRCMF_SDALIGN); 2916 if (doff) { 2917 frame -= doff; 2918 len += doff; 2919 msglen += doff; 2920 memset(frame, 0, doff + SDPCM_HDRLEN); 2921 } 2922 /* precondition: doff < BRCMF_SDALIGN */ 2923 doff += SDPCM_HDRLEN; 2924 2925 /* Round send length to next SDIO block */ 2926 if (bus->roundup && bus->blocksize && (len > bus->blocksize)) { 2927 u16 pad = bus->blocksize - (len % bus->blocksize); 2928 if ((pad <= bus->roundup) && (pad < bus->blocksize)) 2929 len += pad; 2930 } else if (len % BRCMF_SDALIGN) { 2931 len += BRCMF_SDALIGN - (len % BRCMF_SDALIGN); 2932 } 2933 2934 /* Satisfy length-alignment requirements */ 2935 if (len & (ALIGNMENT - 1)) 2936 len = roundup(len, ALIGNMENT); 2937 2938 /* precondition: IS_ALIGNED((unsigned long)frame, 2) */ 2939 2940 /* Need to lock here to protect txseq and SDIO tx calls */ 2941 down(&bus->sdsem); 2942 2943 bus_wake(bus); 2944 2945 /* Make sure backplane clock is on */ 2946 brcmf_sdbrcm_clkctl(bus, CLK_AVAIL, false); 2947 2948 /* Hardware tag: 2 byte len followed by 2 byte ~len check (all LE) */ 2949 *(__le16 *) frame = cpu_to_le16((u16) msglen); 2950 *(((__le16 *) frame) + 1) = cpu_to_le16(~msglen); 2951 2952 /* Software tag: channel, sequence number, data offset */ 2953 swheader = 2954 ((SDPCM_CONTROL_CHANNEL << SDPCM_CHANNEL_SHIFT) & 2955 SDPCM_CHANNEL_MASK) 2956 | bus->tx_seq | ((doff << SDPCM_DOFFSET_SHIFT) & 2957 SDPCM_DOFFSET_MASK); 2958 put_unaligned_le32(swheader, frame + SDPCM_FRAMETAG_LEN); 2959 put_unaligned_le32(0, frame + SDPCM_FRAMETAG_LEN + sizeof(swheader)); 2960 2961 if (!data_ok(bus)) { 2962 brcmf_dbg(INFO, "No bus credit bus->tx_max %d, bus->tx_seq %d\n", 2963 bus->tx_max, bus->tx_seq); 2964 bus->ctrl_frame_stat = true; 2965 /* Send from dpc */ 2966 bus->ctrl_frame_buf = frame; 2967 bus->ctrl_frame_len = len; 2968 2969 brcmf_sdbrcm_wait_for_event(bus, &bus->ctrl_frame_stat); 2970 2971 if (bus->ctrl_frame_stat == false) { 2972 brcmf_dbg(INFO, "ctrl_frame_stat == false\n"); 2973 ret = 0; 2974 } else { 2975 brcmf_dbg(INFO, "ctrl_frame_stat == true\n"); 2976 ret = -1; 2977 } 2978 } 2979 2980 if (ret == -1) { 2981#ifdef BCMDBG 2982 if (BRCMF_BYTES_ON() && BRCMF_CTL_ON()) { 2983 printk(KERN_DEBUG "Tx Frame:\n"); 2984 print_hex_dump_bytes("", DUMP_PREFIX_OFFSET, 2985 frame, len); 2986 } else if (BRCMF_HDRS_ON()) { 2987 printk(KERN_DEBUG "TxHdr:\n"); 2988 print_hex_dump_bytes("", DUMP_PREFIX_OFFSET, 2989 frame, min_t(u16, len, 16)); 2990 } 2991#endif 2992 2993 do { 2994 ret = brcmf_tx_frame(bus, frame, len); 2995 } while (ret < 0 && retries++ < TXRETRIES); 2996 } 2997 2998 if ((bus->idletime == BRCMF_IDLE_IMMEDIATE) && !bus->dpc_sched) { 2999 bus->activity = false; 3000 brcmf_sdbrcm_clkctl(bus, CLK_NONE, true); 3001 } 3002 3003 up(&bus->sdsem); 3004 3005 if (ret) 3006 bus->tx_ctlerrs++; 3007 else 3008 bus->tx_ctlpkts++; 3009 3010 return ret ? -EIO : 0; 3011} 3012 3013int 3014brcmf_sdbrcm_bus_rxctl(struct device *dev, unsigned char *msg, uint msglen) 3015{ 3016 int timeleft; 3017 uint rxlen = 0; 3018 bool pending; 3019 struct brcmf_bus *bus_if = dev_get_drvdata(dev); 3020 struct brcmf_sdio_dev *sdiodev = bus_if->bus_priv; 3021 struct brcmf_sdio *bus = sdiodev->bus; 3022 3023 brcmf_dbg(TRACE, "Enter\n"); 3024 3025 /* Wait until control frame is available */ 3026 timeleft = brcmf_sdbrcm_dcmd_resp_wait(bus, &bus->rxlen, &pending); 3027 3028 down(&bus->sdsem); 3029 rxlen = bus->rxlen; 3030 memcpy(msg, bus->rxctl, min(msglen, rxlen)); 3031 bus->rxlen = 0; 3032 up(&bus->sdsem); 3033 3034 if (rxlen) { 3035 brcmf_dbg(CTL, "resumed on rxctl frame, got %d expected %d\n", 3036 rxlen, msglen); 3037 } else if (timeleft == 0) { 3038 brcmf_dbg(ERROR, "resumed on timeout\n"); 3039 } else if (pending == true) { 3040 brcmf_dbg(CTL, "cancelled\n"); 3041 return -ERESTARTSYS; 3042 } else { 3043 brcmf_dbg(CTL, "resumed for unknown reason?\n"); 3044 } 3045 3046 if (rxlen) 3047 bus->rx_ctlpkts++; 3048 else 3049 bus->rx_ctlerrs++; 3050 3051 return rxlen ? (int)rxlen : -ETIMEDOUT; 3052} 3053 3054static int brcmf_sdbrcm_downloadvars(struct brcmf_sdio *bus, void *arg, int len) 3055{ 3056 int bcmerror = 0; 3057 3058 brcmf_dbg(TRACE, "Enter\n"); 3059 3060 /* Basic sanity checks */ 3061 if (bus->sdiodev->bus_if->drvr_up) { 3062 bcmerror = -EISCONN; 3063 goto err; 3064 } 3065 if (!len) { 3066 bcmerror = -EOVERFLOW; 3067 goto err; 3068 } 3069 3070 /* Free the old ones and replace with passed variables */ 3071 kfree(bus->vars); 3072 3073 bus->vars = kmalloc(len, GFP_ATOMIC); 3074 bus->varsz = bus->vars ? len : 0; 3075 if (bus->vars == NULL) { 3076 bcmerror = -ENOMEM; 3077 goto err; 3078 } 3079 3080 /* Copy the passed variables, which should include the 3081 terminating double-null */ 3082 memcpy(bus->vars, arg, bus->varsz); 3083err: 3084 return bcmerror; 3085} 3086 3087static int brcmf_sdbrcm_write_vars(struct brcmf_sdio *bus) 3088{ 3089 int bcmerror = 0; 3090 u32 varsize; 3091 u32 varaddr; 3092 u8 *vbuffer; 3093 u32 varsizew; 3094 __le32 varsizew_le; 3095#ifdef BCMDBG 3096 char *nvram_ularray; 3097#endif /* BCMDBG */ 3098 3099 /* Even if there are no vars are to be written, we still 3100 need to set the ramsize. */ 3101 varsize = bus->varsz ? roundup(bus->varsz, 4) : 0; 3102 varaddr = (bus->ramsize - 4) - varsize; 3103 3104 if (bus->vars) { 3105 vbuffer = kzalloc(varsize, GFP_ATOMIC); 3106 if (!vbuffer) 3107 return -ENOMEM; 3108 3109 memcpy(vbuffer, bus->vars, bus->varsz); 3110 3111 /* Write the vars list */ 3112 bcmerror = 3113 brcmf_sdbrcm_membytes(bus, true, varaddr, vbuffer, varsize); 3114#ifdef BCMDBG 3115 /* Verify NVRAM bytes */ 3116 brcmf_dbg(INFO, "Compare NVRAM dl & ul; varsize=%d\n", varsize); 3117 nvram_ularray = kmalloc(varsize, GFP_ATOMIC); 3118 if (!nvram_ularray) 3119 return -ENOMEM; 3120 3121 /* Upload image to verify downloaded contents. */ 3122 memset(nvram_ularray, 0xaa, varsize); 3123 3124 /* Read the vars list to temp buffer for comparison */ 3125 bcmerror = 3126 brcmf_sdbrcm_membytes(bus, false, varaddr, nvram_ularray, 3127 varsize); 3128 if (bcmerror) { 3129 brcmf_dbg(ERROR, "error %d on reading %d nvram bytes at 0x%08x\n", 3130 bcmerror, varsize, varaddr); 3131 } 3132 /* Compare the org NVRAM with the one read from RAM */ 3133 if (memcmp(vbuffer, nvram_ularray, varsize)) 3134 brcmf_dbg(ERROR, "Downloaded NVRAM image is corrupted\n"); 3135 else 3136 brcmf_dbg(ERROR, "Download/Upload/Compare of NVRAM ok\n"); 3137 3138 kfree(nvram_ularray); 3139#endif /* BCMDBG */ 3140 3141 kfree(vbuffer); 3142 } 3143 3144 /* adjust to the user specified RAM */ 3145 brcmf_dbg(INFO, "Physical memory size: %d\n", bus->ramsize); 3146 brcmf_dbg(INFO, "Vars are at %d, orig varsize is %d\n", 3147 varaddr, varsize); 3148 varsize = ((bus->ramsize - 4) - varaddr); 3149 3150 /* 3151 * Determine the length token: 3152 * Varsize, converted to words, in lower 16-bits, checksum 3153 * in upper 16-bits. 3154 */ 3155 if (bcmerror) { 3156 varsizew = 0; 3157 varsizew_le = cpu_to_le32(0); 3158 } else { 3159 varsizew = varsize / 4; 3160 varsizew = (~varsizew << 16) | (varsizew & 0x0000FFFF); 3161 varsizew_le = cpu_to_le32(varsizew); 3162 } 3163 3164 brcmf_dbg(INFO, "New varsize is %d, length token=0x%08x\n", 3165 varsize, varsizew); 3166 3167 /* Write the length token to the last word */ 3168 bcmerror = brcmf_sdbrcm_membytes(bus, true, (bus->ramsize - 4), 3169 (u8 *)&varsizew_le, 4); 3170 3171 return bcmerror; 3172} 3173 3174static int brcmf_sdbrcm_download_state(struct brcmf_sdio *bus, bool enter) 3175{ 3176 uint retries; 3177 int bcmerror = 0; 3178 struct chip_info *ci = bus->ci; 3179 3180 /* To enter download state, disable ARM and reset SOCRAM. 3181 * To exit download state, simply reset ARM (default is RAM boot). 3182 */ 3183 if (enter) { 3184 bus->alp_only = true; 3185 3186 ci->coredisable(bus->sdiodev, ci, BCMA_CORE_ARM_CM3); 3187 3188 ci->resetcore(bus->sdiodev, ci, BCMA_CORE_INTERNAL_MEM); 3189 3190 /* Clear the top bit of memory */ 3191 if (bus->ramsize) { 3192 u32 zeros = 0; 3193 brcmf_sdbrcm_membytes(bus, true, bus->ramsize - 4, 3194 (u8 *)&zeros, 4); 3195 } 3196 } else { 3197 if (!ci->iscoreup(bus->sdiodev, ci, BCMA_CORE_INTERNAL_MEM)) { 3198 brcmf_dbg(ERROR, "SOCRAM core is down after reset?\n"); 3199 bcmerror = -EBADE; 3200 goto fail; 3201 } 3202 3203 bcmerror = brcmf_sdbrcm_write_vars(bus); 3204 if (bcmerror) { 3205 brcmf_dbg(ERROR, "no vars written to RAM\n"); 3206 bcmerror = 0; 3207 } 3208 3209 w_sdreg32(bus, 0xFFFFFFFF, 3210 offsetof(struct sdpcmd_regs, intstatus), &retries); 3211 3212 ci->resetcore(bus->sdiodev, ci, BCMA_CORE_ARM_CM3); 3213 3214 /* Allow HT Clock now that the ARM is running. */ 3215 bus->alp_only = false; 3216 3217 bus->sdiodev->bus_if->state = BRCMF_BUS_LOAD; 3218 } 3219fail: 3220 return bcmerror; 3221} 3222 3223static int brcmf_sdbrcm_get_image(char *buf, int len, struct brcmf_sdio *bus) 3224{ 3225 if (bus->firmware->size < bus->fw_ptr + len) 3226 len = bus->firmware->size - bus->fw_ptr; 3227 3228 memcpy(buf, &bus->firmware->data[bus->fw_ptr], len); 3229 bus->fw_ptr += len; 3230 return len; 3231} 3232 3233static int brcmf_sdbrcm_download_code_file(struct brcmf_sdio *bus) 3234{ 3235 int offset = 0; 3236 uint len; 3237 u8 *memblock = NULL, *memptr; 3238 int ret; 3239 3240 brcmf_dbg(INFO, "Enter\n"); 3241 3242 ret = request_firmware(&bus->firmware, BRCMFMAC_FW_NAME, 3243 &bus->sdiodev->func[2]->dev); 3244 if (ret) { 3245 brcmf_dbg(ERROR, "Fail to request firmware %d\n", ret); 3246 return ret; 3247 } 3248 bus->fw_ptr = 0; 3249 3250 memptr = memblock = kmalloc(MEMBLOCK + BRCMF_SDALIGN, GFP_ATOMIC); 3251 if (memblock == NULL) { 3252 ret = -ENOMEM; 3253 goto err; 3254 } 3255 if ((u32)(unsigned long)memblock % BRCMF_SDALIGN) 3256 memptr += (BRCMF_SDALIGN - 3257 ((u32)(unsigned long)memblock % BRCMF_SDALIGN)); 3258 3259 /* Download image */ 3260 while ((len = 3261 brcmf_sdbrcm_get_image((char *)memptr, MEMBLOCK, bus))) { 3262 ret = brcmf_sdbrcm_membytes(bus, true, offset, memptr, len); 3263 if (ret) { 3264 brcmf_dbg(ERROR, "error %d on writing %d membytes at 0x%08x\n", 3265 ret, MEMBLOCK, offset); 3266 goto err; 3267 } 3268 3269 offset += MEMBLOCK; 3270 } 3271 3272err: 3273 kfree(memblock); 3274 3275 release_firmware(bus->firmware); 3276 bus->fw_ptr = 0; 3277 3278 return ret; 3279} 3280 3281/* 3282 * ProcessVars:Takes a buffer of "<var>=<value>\n" lines read from a file 3283 * and ending in a NUL. 3284 * Removes carriage returns, empty lines, comment lines, and converts 3285 * newlines to NULs. 3286 * Shortens buffer as needed and pads with NULs. End of buffer is marked 3287 * by two NULs. 3288*/ 3289 3290static uint brcmf_process_nvram_vars(char *varbuf, uint len) 3291{ 3292 char *dp; 3293 bool findNewline; 3294 int column; 3295 uint buf_len, n; 3296 3297 dp = varbuf; 3298 3299 findNewline = false; 3300 column = 0; 3301 3302 for (n = 0; n < len; n++) { 3303 if (varbuf[n] == 0) 3304 break; 3305 if (varbuf[n] == '\r') 3306 continue; 3307 if (findNewline && varbuf[n] != '\n') 3308 continue; 3309 findNewline = false; 3310 if (varbuf[n] == '#') { 3311 findNewline = true; 3312 continue; 3313 } 3314 if (varbuf[n] == '\n') { 3315 if (column == 0) 3316 continue; 3317 *dp++ = 0; 3318 column = 0; 3319 continue; 3320 } 3321 *dp++ = varbuf[n]; 3322 column++; 3323 } 3324 buf_len = dp - varbuf; 3325 3326 while (dp < varbuf + n) 3327 *dp++ = 0; 3328 3329 return buf_len; 3330} 3331 3332static int brcmf_sdbrcm_download_nvram(struct brcmf_sdio *bus) 3333{ 3334 uint len; 3335 char *memblock = NULL; 3336 char *bufp; 3337 int ret; 3338 3339 ret = request_firmware(&bus->firmware, BRCMFMAC_NV_NAME, 3340 &bus->sdiodev->func[2]->dev); 3341 if (ret) { 3342 brcmf_dbg(ERROR, "Fail to request nvram %d\n", ret); 3343 return ret; 3344 } 3345 bus->fw_ptr = 0; 3346 3347 memblock = kmalloc(MEMBLOCK, GFP_ATOMIC); 3348 if (memblock == NULL) { 3349 ret = -ENOMEM; 3350 goto err; 3351 } 3352 3353 len = brcmf_sdbrcm_get_image(memblock, MEMBLOCK, bus); 3354 3355 if (len > 0 && len < MEMBLOCK) { 3356 bufp = (char *)memblock; 3357 bufp[len] = 0; 3358 len = brcmf_process_nvram_vars(bufp, len); 3359 bufp += len; 3360 *bufp++ = 0; 3361 if (len) 3362 ret = brcmf_sdbrcm_downloadvars(bus, memblock, len + 1); 3363 if (ret) 3364 brcmf_dbg(ERROR, "error downloading vars: %d\n", ret); 3365 } else { 3366 brcmf_dbg(ERROR, "error reading nvram file: %d\n", len); 3367 ret = -EIO; 3368 } 3369 3370err: 3371 kfree(memblock); 3372 3373 release_firmware(bus->firmware); 3374 bus->fw_ptr = 0; 3375 3376 return ret; 3377} 3378 3379static int _brcmf_sdbrcm_download_firmware(struct brcmf_sdio *bus) 3380{ 3381 int bcmerror = -1; 3382 3383 /* Keep arm in reset */ 3384 if (brcmf_sdbrcm_download_state(bus, true)) { 3385 brcmf_dbg(ERROR, "error placing ARM core in reset\n"); 3386 goto err; 3387 } 3388 3389 /* External image takes precedence if specified */ 3390 if (brcmf_sdbrcm_download_code_file(bus)) { 3391 brcmf_dbg(ERROR, "dongle image file download failed\n"); 3392 goto err; 3393 } 3394 3395 /* External nvram takes precedence if specified */ 3396 if (brcmf_sdbrcm_download_nvram(bus)) 3397 brcmf_dbg(ERROR, "dongle nvram file download failed\n"); 3398 3399 /* Take arm out of reset */ 3400 if (brcmf_sdbrcm_download_state(bus, false)) { 3401 brcmf_dbg(ERROR, "error getting out of ARM core reset\n"); 3402 goto err; 3403 } 3404 3405 bcmerror = 0; 3406 3407err: 3408 return bcmerror; 3409} 3410 3411static bool 3412brcmf_sdbrcm_download_firmware(struct brcmf_sdio *bus) 3413{ 3414 bool ret; 3415 3416 /* Download the firmware */ 3417 brcmf_sdbrcm_clkctl(bus, CLK_AVAIL, false); 3418 3419 ret = _brcmf_sdbrcm_download_firmware(bus) == 0; 3420 3421 brcmf_sdbrcm_clkctl(bus, CLK_SDONLY, false); 3422 3423 return ret; 3424} 3425 3426static int brcmf_sdbrcm_bus_init(struct device *dev) 3427{ 3428 struct brcmf_bus *bus_if = dev_get_drvdata(dev); 3429 struct brcmf_sdio_dev *sdiodev = bus_if->bus_priv; 3430 struct brcmf_sdio *bus = sdiodev->bus; 3431 unsigned long timeout; 3432 uint retries = 0; 3433 u8 ready, enable; 3434 int err, ret = 0; 3435 u8 saveclk; 3436 3437 brcmf_dbg(TRACE, "Enter\n"); 3438 3439 /* try to download image and nvram to the dongle */ 3440 if (bus_if->state == BRCMF_BUS_DOWN) { 3441 if (!(brcmf_sdbrcm_download_firmware(bus))) 3442 return -1; 3443 } 3444 3445 if (!bus->sdiodev->bus_if->drvr) 3446 return 0; 3447 3448 /* Start the watchdog timer */ 3449 bus->tickcnt = 0; 3450 brcmf_sdbrcm_wd_timer(bus, BRCMF_WD_POLL_MS); 3451 3452 down(&bus->sdsem); 3453 3454 /* Make sure backplane clock is on, needed to generate F2 interrupt */ 3455 brcmf_sdbrcm_clkctl(bus, CLK_AVAIL, false); 3456 if (bus->clkstate != CLK_AVAIL) 3457 goto exit; 3458 3459 /* Force clocks on backplane to be sure F2 interrupt propagates */ 3460 saveclk = 3461 brcmf_sdcard_cfg_read(bus->sdiodev, SDIO_FUNC_1, 3462 SBSDIO_FUNC1_CHIPCLKCSR, &err); 3463 if (!err) { 3464 brcmf_sdcard_cfg_write(bus->sdiodev, SDIO_FUNC_1, 3465 SBSDIO_FUNC1_CHIPCLKCSR, 3466 (saveclk | SBSDIO_FORCE_HT), &err); 3467 } 3468 if (err) { 3469 brcmf_dbg(ERROR, "Failed to force clock for F2: err %d\n", err); 3470 goto exit; 3471 } 3472 3473 /* Enable function 2 (frame transfers) */ 3474 w_sdreg32(bus, SDPCM_PROT_VERSION << SMB_DATA_VERSION_SHIFT, 3475 offsetof(struct sdpcmd_regs, tosbmailboxdata), &retries); 3476 enable = (SDIO_FUNC_ENABLE_1 | SDIO_FUNC_ENABLE_2); 3477 3478 brcmf_sdcard_cfg_write(bus->sdiodev, SDIO_FUNC_0, SDIO_CCCR_IOEx, 3479 enable, NULL); 3480 3481 timeout = jiffies + msecs_to_jiffies(BRCMF_WAIT_F2RDY); 3482 ready = 0; 3483 while (enable != ready) { 3484 ready = brcmf_sdcard_cfg_read(bus->sdiodev, SDIO_FUNC_0, 3485 SDIO_CCCR_IORx, NULL); 3486 if (time_after(jiffies, timeout)) 3487 break; 3488 else if (time_after(jiffies, timeout - BRCMF_WAIT_F2RDY + 50)) 3489 /* prevent busy waiting if it takes too long */ 3490 msleep_interruptible(20); 3491 } 3492 3493 brcmf_dbg(INFO, "enable 0x%02x, ready 0x%02x\n", enable, ready); 3494 3495 /* If F2 successfully enabled, set core and enable interrupts */ 3496 if (ready == enable) { 3497 /* Set up the interrupt mask and enable interrupts */ 3498 bus->hostintmask = HOSTINTMASK; 3499 w_sdreg32(bus, bus->hostintmask, 3500 offsetof(struct sdpcmd_regs, hostintmask), &retries); 3501 3502 brcmf_sdcard_cfg_write(bus->sdiodev, SDIO_FUNC_1, 3503 SBSDIO_WATERMARK, 8, &err); 3504 3505 /* Set bus state according to enable result */ 3506 bus_if->state = BRCMF_BUS_DATA; 3507 } 3508 3509 else { 3510 /* Disable F2 again */ 3511 enable = SDIO_FUNC_ENABLE_1; 3512 brcmf_sdcard_cfg_write(bus->sdiodev, SDIO_FUNC_0, 3513 SDIO_CCCR_IOEx, enable, NULL); 3514 } 3515 3516 /* Restore previous clock setting */ 3517 brcmf_sdcard_cfg_write(bus->sdiodev, SDIO_FUNC_1, 3518 SBSDIO_FUNC1_CHIPCLKCSR, saveclk, &err); 3519 3520 /* If we didn't come up, turn off backplane clock */ 3521 if (bus_if->state != BRCMF_BUS_DATA) 3522 brcmf_sdbrcm_clkctl(bus, CLK_NONE, false); 3523 3524exit: 3525 up(&bus->sdsem); 3526 3527 return ret; 3528} 3529 3530void brcmf_sdbrcm_isr(void *arg) 3531{ 3532 struct brcmf_sdio *bus = (struct brcmf_sdio *) arg; 3533 3534 brcmf_dbg(TRACE, "Enter\n"); 3535 3536 if (!bus) { 3537 brcmf_dbg(ERROR, "bus is null pointer, exiting\n"); 3538 return; 3539 } 3540 3541 if (bus->sdiodev->bus_if->state == BRCMF_BUS_DOWN) { 3542 brcmf_dbg(ERROR, "bus is down. we have nothing to do\n"); 3543 return; 3544 } 3545 /* Count the interrupt call */ 3546 bus->intrcount++; 3547 bus->ipend = true; 3548 3549 /* Shouldn't get this interrupt if we're sleeping? */ 3550 if (bus->sleeping) { 3551 brcmf_dbg(ERROR, "INTERRUPT WHILE SLEEPING??\n"); 3552 return; 3553 } 3554 3555 /* Disable additional interrupts (is this needed now)? */ 3556 if (!bus->intr) 3557 brcmf_dbg(ERROR, "isr w/o interrupt configured!\n"); 3558 3559 bus->dpc_sched = true; 3560 if (bus->dpc_tsk) 3561 complete(&bus->dpc_wait); 3562} 3563 3564static bool brcmf_sdbrcm_bus_watchdog(struct brcmf_sdio *bus) 3565{ 3566#ifdef BCMDBG 3567 struct brcmf_bus *bus_if = dev_get_drvdata(bus->sdiodev->dev); 3568#endif /* BCMDBG */ 3569 3570 brcmf_dbg(TIMER, "Enter\n"); 3571 3572 /* Ignore the timer if simulating bus down */ 3573 if (bus->sleeping) 3574 return false; 3575 3576 down(&bus->sdsem); 3577 3578 /* Poll period: check device if appropriate. */ 3579 if (bus->poll && (++bus->polltick >= bus->pollrate)) { 3580 u32 intstatus = 0; 3581 3582 /* Reset poll tick */ 3583 bus->polltick = 0; 3584 3585 /* Check device if no interrupts */ 3586 if (!bus->intr || (bus->intrcount == bus->lastintrs)) { 3587 3588 if (!bus->dpc_sched) { 3589 u8 devpend; 3590 devpend = brcmf_sdcard_cfg_read(bus->sdiodev, 3591 SDIO_FUNC_0, SDIO_CCCR_INTx, 3592 NULL); 3593 intstatus = 3594 devpend & (INTR_STATUS_FUNC1 | 3595 INTR_STATUS_FUNC2); 3596 } 3597 3598 /* If there is something, make like the ISR and 3599 schedule the DPC */ 3600 if (intstatus) { 3601 bus->pollcnt++; 3602 bus->ipend = true; 3603 3604 bus->dpc_sched = true; 3605 if (bus->dpc_tsk) 3606 complete(&bus->dpc_wait); 3607 } 3608 } 3609 3610 /* Update interrupt tracking */ 3611 bus->lastintrs = bus->intrcount; 3612 } 3613#ifdef BCMDBG 3614 /* Poll for console output periodically */ 3615 if (bus_if->state == BRCMF_BUS_DATA && 3616 bus->console_interval != 0) { 3617 bus->console.count += BRCMF_WD_POLL_MS; 3618 if (bus->console.count >= bus->console_interval) { 3619 bus->console.count -= bus->console_interval; 3620 /* Make sure backplane clock is on */ 3621 brcmf_sdbrcm_clkctl(bus, CLK_AVAIL, false); 3622 if (brcmf_sdbrcm_readconsole(bus) < 0) 3623 /* stop on error */ 3624 bus->console_interval = 0; 3625 } 3626 } 3627#endif /* BCMDBG */ 3628 3629 /* On idle timeout clear activity flag and/or turn off clock */ 3630 if ((bus->idletime > 0) && (bus->clkstate == CLK_AVAIL)) { 3631 if (++bus->idlecount >= bus->idletime) { 3632 bus->idlecount = 0; 3633 if (bus->activity) { 3634 bus->activity = false; 3635 brcmf_sdbrcm_wd_timer(bus, BRCMF_WD_POLL_MS); 3636 } else { 3637 brcmf_sdbrcm_clkctl(bus, CLK_NONE, false); 3638 } 3639 } 3640 } 3641 3642 up(&bus->sdsem); 3643 3644 return bus->ipend; 3645} 3646 3647static bool brcmf_sdbrcm_chipmatch(u16 chipid) 3648{ 3649 if (chipid == BCM4329_CHIP_ID) 3650 return true; 3651 if (chipid == BCM4330_CHIP_ID) 3652 return true; 3653 return false; 3654} 3655 3656static void brcmf_sdbrcm_release_malloc(struct brcmf_sdio *bus) 3657{ 3658 brcmf_dbg(TRACE, "Enter\n"); 3659 3660 kfree(bus->rxbuf); 3661 bus->rxctl = bus->rxbuf = NULL; 3662 bus->rxlen = 0; 3663 3664 kfree(bus->databuf); 3665 bus->databuf = NULL; 3666} 3667 3668static bool brcmf_sdbrcm_probe_malloc(struct brcmf_sdio *bus) 3669{ 3670 brcmf_dbg(TRACE, "Enter\n"); 3671 3672 if (bus->sdiodev->bus_if->maxctl) { 3673 bus->rxblen = 3674 roundup((bus->sdiodev->bus_if->maxctl + SDPCM_HDRLEN), 3675 ALIGNMENT) + BRCMF_SDALIGN; 3676 bus->rxbuf = kmalloc(bus->rxblen, GFP_ATOMIC); 3677 if (!(bus->rxbuf)) 3678 goto fail; 3679 } 3680 3681 /* Allocate buffer to receive glomed packet */ 3682 bus->databuf = kmalloc(MAX_DATA_BUF, GFP_ATOMIC); 3683 if (!(bus->databuf)) { 3684 /* release rxbuf which was already located as above */ 3685 if (!bus->rxblen) 3686 kfree(bus->rxbuf); 3687 goto fail; 3688 } 3689 3690 /* Align the buffer */ 3691 if ((unsigned long)bus->databuf % BRCMF_SDALIGN) 3692 bus->dataptr = bus->databuf + (BRCMF_SDALIGN - 3693 ((unsigned long)bus->databuf % BRCMF_SDALIGN)); 3694 else 3695 bus->dataptr = bus->databuf; 3696 3697 return true; 3698 3699fail: 3700 return false; 3701} 3702 3703static bool 3704brcmf_sdbrcm_probe_attach(struct brcmf_sdio *bus, u32 regsva) 3705{ 3706 u8 clkctl = 0; 3707 int err = 0; 3708 int reg_addr; 3709 u32 reg_val; 3710 u8 idx; 3711 3712 bus->alp_only = true; 3713 3714 /* Return the window to backplane enumeration space for core access */ 3715 if (brcmf_sdcard_set_sbaddr_window(bus->sdiodev, SI_ENUM_BASE)) 3716 brcmf_dbg(ERROR, "FAILED to return to SI_ENUM_BASE\n"); 3717 3718#ifdef BCMDBG 3719 printk(KERN_DEBUG "F1 signature read @0x18000000=0x%4x\n", 3720 brcmf_sdcard_reg_read(bus->sdiodev, SI_ENUM_BASE, 4)); 3721 3722#endif /* BCMDBG */ 3723 3724 /* 3725 * Force PLL off until brcmf_sdio_chip_attach() 3726 * programs PLL control regs 3727 */ 3728 3729 brcmf_sdcard_cfg_write(bus->sdiodev, SDIO_FUNC_1, 3730 SBSDIO_FUNC1_CHIPCLKCSR, 3731 BRCMF_INIT_CLKCTL1, &err); 3732 if (!err) 3733 clkctl = 3734 brcmf_sdcard_cfg_read(bus->sdiodev, SDIO_FUNC_1, 3735 SBSDIO_FUNC1_CHIPCLKCSR, &err); 3736 3737 if (err || ((clkctl & ~SBSDIO_AVBITS) != BRCMF_INIT_CLKCTL1)) { 3738 brcmf_dbg(ERROR, "ChipClkCSR access: err %d wrote 0x%02x read 0x%02x\n", 3739 err, BRCMF_INIT_CLKCTL1, clkctl); 3740 goto fail; 3741 } 3742 3743 if (brcmf_sdio_chip_attach(bus->sdiodev, &bus->ci, regsva)) { 3744 brcmf_dbg(ERROR, "brcmf_sdio_chip_attach failed!\n"); 3745 goto fail; 3746 } 3747 3748 if (!brcmf_sdbrcm_chipmatch((u16) bus->ci->chip)) { 3749 brcmf_dbg(ERROR, "unsupported chip: 0x%04x\n", bus->ci->chip); 3750 goto fail; 3751 } 3752 3753 brcmf_sdio_chip_drivestrengthinit(bus->sdiodev, bus->ci, 3754 SDIO_DRIVE_STRENGTH); 3755 3756 /* Get info on the SOCRAM cores... */ 3757 bus->ramsize = bus->ci->ramsize; 3758 if (!(bus->ramsize)) { 3759 brcmf_dbg(ERROR, "failed to find SOCRAM memory!\n"); 3760 goto fail; 3761 } 3762 3763 /* Set core control so an SDIO reset does a backplane reset */ 3764 idx = brcmf_sdio_chip_getinfidx(bus->ci, BCMA_CORE_SDIO_DEV); 3765 reg_addr = bus->ci->c_inf[idx].base + 3766 offsetof(struct sdpcmd_regs, corecontrol); 3767 reg_val = brcmf_sdcard_reg_read(bus->sdiodev, reg_addr, sizeof(u32)); 3768 brcmf_sdcard_reg_write(bus->sdiodev, reg_addr, sizeof(u32), 3769 reg_val | CC_BPRESEN); 3770 3771 brcmu_pktq_init(&bus->txq, (PRIOMASK + 1), TXQLEN); 3772 3773 /* Locate an appropriately-aligned portion of hdrbuf */ 3774 bus->rxhdr = (u8 *) roundup((unsigned long)&bus->hdrbuf[0], 3775 BRCMF_SDALIGN); 3776 3777 /* Set the poll and/or interrupt flags */ 3778 bus->intr = true; 3779 bus->poll = false; 3780 if (bus->poll) 3781 bus->pollrate = 1; 3782 3783 return true; 3784 3785fail: 3786 return false; 3787} 3788 3789static bool brcmf_sdbrcm_probe_init(struct brcmf_sdio *bus) 3790{ 3791 brcmf_dbg(TRACE, "Enter\n"); 3792 3793 /* Disable F2 to clear any intermediate frame state on the dongle */ 3794 brcmf_sdcard_cfg_write(bus->sdiodev, SDIO_FUNC_0, SDIO_CCCR_IOEx, 3795 SDIO_FUNC_ENABLE_1, NULL); 3796 3797 bus->sdiodev->bus_if->state = BRCMF_BUS_DOWN; 3798 bus->sleeping = false; 3799 bus->rxflow = false; 3800 3801 /* Done with backplane-dependent accesses, can drop clock... */ 3802 brcmf_sdcard_cfg_write(bus->sdiodev, SDIO_FUNC_1, 3803 SBSDIO_FUNC1_CHIPCLKCSR, 0, NULL); 3804 3805 /* ...and initialize clock/power states */ 3806 bus->clkstate = CLK_SDONLY; 3807 bus->idletime = BRCMF_IDLE_INTERVAL; 3808 bus->idleclock = BRCMF_IDLE_ACTIVE; 3809 3810 /* Query the F2 block size, set roundup accordingly */ 3811 bus->blocksize = bus->sdiodev->func[2]->cur_blksize; 3812 bus->roundup = min(max_roundup, bus->blocksize); 3813 3814 /* bus module does not support packet chaining */ 3815 bus->use_rxchain = false; 3816 bus->sd_rxchain = false; 3817 3818 return true; 3819} 3820 3821static int 3822brcmf_sdbrcm_watchdog_thread(void *data) 3823{ 3824 struct brcmf_sdio *bus = (struct brcmf_sdio *)data; 3825 3826 allow_signal(SIGTERM); 3827 /* Run until signal received */ 3828 while (1) { 3829 if (kthread_should_stop()) 3830 break; 3831 if (!wait_for_completion_interruptible(&bus->watchdog_wait)) { 3832 brcmf_sdbrcm_bus_watchdog(bus); 3833 /* Count the tick for reference */ 3834 bus->tickcnt++; 3835 } else 3836 break; 3837 } 3838 return 0; 3839} 3840 3841static void 3842brcmf_sdbrcm_watchdog(unsigned long data) 3843{ 3844 struct brcmf_sdio *bus = (struct brcmf_sdio *)data; 3845 3846 if (bus->watchdog_tsk) { 3847 complete(&bus->watchdog_wait); 3848 /* Reschedule the watchdog */ 3849 if (bus->wd_timer_valid) 3850 mod_timer(&bus->timer, 3851 jiffies + BRCMF_WD_POLL_MS * HZ / 1000); 3852 } 3853} 3854 3855static void brcmf_sdbrcm_release_dongle(struct brcmf_sdio *bus) 3856{ 3857 brcmf_dbg(TRACE, "Enter\n"); 3858 3859 if (bus->ci) { 3860 brcmf_sdbrcm_clkctl(bus, CLK_AVAIL, false); 3861 brcmf_sdbrcm_clkctl(bus, CLK_NONE, false); 3862 brcmf_sdio_chip_detach(&bus->ci); 3863 if (bus->vars && bus->varsz) 3864 kfree(bus->vars); 3865 bus->vars = NULL; 3866 } 3867 3868 brcmf_dbg(TRACE, "Disconnected\n"); 3869} 3870 3871/* Detach and free everything */ 3872static void brcmf_sdbrcm_release(struct brcmf_sdio *bus) 3873{ 3874 brcmf_dbg(TRACE, "Enter\n"); 3875 3876 if (bus) { 3877 /* De-register interrupt handler */ 3878 brcmf_sdcard_intr_dereg(bus->sdiodev); 3879 3880 if (bus->sdiodev->bus_if->drvr) { 3881 brcmf_detach(bus->sdiodev->dev); 3882 brcmf_sdbrcm_release_dongle(bus); 3883 } 3884 3885 brcmf_sdbrcm_release_malloc(bus); 3886 3887 kfree(bus); 3888 } 3889 3890 brcmf_dbg(TRACE, "Disconnected\n"); 3891} 3892 3893void *brcmf_sdbrcm_probe(u32 regsva, struct brcmf_sdio_dev *sdiodev) 3894{ 3895 int ret; 3896 struct brcmf_sdio *bus; 3897 3898 brcmf_dbg(TRACE, "Enter\n"); 3899 3900 /* We make an assumption about address window mappings: 3901 * regsva == SI_ENUM_BASE*/ 3902 3903 /* Allocate private bus interface state */ 3904 bus = kzalloc(sizeof(struct brcmf_sdio), GFP_ATOMIC); 3905 if (!bus) 3906 goto fail; 3907 3908 bus->sdiodev = sdiodev; 3909 sdiodev->bus = bus; 3910 skb_queue_head_init(&bus->glom); 3911 bus->txbound = BRCMF_TXBOUND; 3912 bus->rxbound = BRCMF_RXBOUND; 3913 bus->txminmax = BRCMF_TXMINMAX; 3914 bus->tx_seq = SDPCM_SEQUENCE_WRAP - 1; 3915 bus->usebufpool = false; /* Use bufpool if allocated, 3916 else use locally malloced rxbuf */ 3917 3918 /* attempt to attach to the dongle */ 3919 if (!(brcmf_sdbrcm_probe_attach(bus, regsva))) { 3920 brcmf_dbg(ERROR, "brcmf_sdbrcm_probe_attach failed\n"); 3921 goto fail; 3922 } 3923 3924 spin_lock_init(&bus->txqlock); 3925 init_waitqueue_head(&bus->ctrl_wait); 3926 init_waitqueue_head(&bus->dcmd_resp_wait); 3927 3928 /* Set up the watchdog timer */ 3929 init_timer(&bus->timer); 3930 bus->timer.data = (unsigned long)bus; 3931 bus->timer.function = brcmf_sdbrcm_watchdog; 3932 3933 /* Initialize thread based operation and lock */ 3934 sema_init(&bus->sdsem, 1); 3935 3936 /* Initialize watchdog thread */ 3937 init_completion(&bus->watchdog_wait); 3938 bus->watchdog_tsk = kthread_run(brcmf_sdbrcm_watchdog_thread, 3939 bus, "brcmf_watchdog"); 3940 if (IS_ERR(bus->watchdog_tsk)) { 3941 printk(KERN_WARNING 3942 "brcmf_watchdog thread failed to start\n"); 3943 bus->watchdog_tsk = NULL; 3944 } 3945 /* Initialize DPC thread */ 3946 init_completion(&bus->dpc_wait); 3947 bus->dpc_tsk = kthread_run(brcmf_sdbrcm_dpc_thread, 3948 bus, "brcmf_dpc"); 3949 if (IS_ERR(bus->dpc_tsk)) { 3950 printk(KERN_WARNING 3951 "brcmf_dpc thread failed to start\n"); 3952 bus->dpc_tsk = NULL; 3953 } 3954 3955 /* Assign bus interface call back */ 3956 bus->sdiodev->bus_if->brcmf_bus_stop = brcmf_sdbrcm_bus_stop; 3957 bus->sdiodev->bus_if->brcmf_bus_init = brcmf_sdbrcm_bus_init; 3958 /* Attach to the brcmf/OS/network interface */ 3959 ret = brcmf_attach(SDPCM_RESERVE, bus->sdiodev->dev); 3960 if (ret != 0) { 3961 brcmf_dbg(ERROR, "brcmf_attach failed\n"); 3962 goto fail; 3963 } 3964 3965 /* Allocate buffers */ 3966 if (!(brcmf_sdbrcm_probe_malloc(bus))) { 3967 brcmf_dbg(ERROR, "brcmf_sdbrcm_probe_malloc failed\n"); 3968 goto fail; 3969 } 3970 3971 if (!(brcmf_sdbrcm_probe_init(bus))) { 3972 brcmf_dbg(ERROR, "brcmf_sdbrcm_probe_init failed\n"); 3973 goto fail; 3974 } 3975 3976 /* Register interrupt callback, but mask it (not operational yet). */ 3977 brcmf_dbg(INTR, "disable SDIO interrupts (not interested yet)\n"); 3978 ret = brcmf_sdcard_intr_reg(bus->sdiodev); 3979 if (ret != 0) { 3980 brcmf_dbg(ERROR, "FAILED: sdcard_intr_reg returned %d\n", ret); 3981 goto fail; 3982 } 3983 brcmf_dbg(INTR, "registered SDIO interrupt function ok\n"); 3984 3985 brcmf_dbg(INFO, "completed!!\n"); 3986 3987 /* if firmware path present try to download and bring up bus */ 3988 ret = brcmf_bus_start(bus->sdiodev->dev); 3989 if (ret != 0) { 3990 if (ret == -ENOLINK) { 3991 brcmf_dbg(ERROR, "dongle is not responding\n"); 3992 goto fail; 3993 } 3994 } 3995 3996 /* add interface and open for business */ 3997 if (brcmf_add_if(bus->sdiodev->dev, 0, "wlan%d", NULL)) { 3998 brcmf_dbg(ERROR, "Add primary net device interface failed!!\n"); 3999 goto fail; 4000 } 4001 4002 return bus; 4003 4004fail: 4005 brcmf_sdbrcm_release(bus); 4006 return NULL; 4007} 4008 4009void brcmf_sdbrcm_disconnect(void *ptr) 4010{ 4011 struct brcmf_sdio *bus = (struct brcmf_sdio *)ptr; 4012 4013 brcmf_dbg(TRACE, "Enter\n"); 4014 4015 if (bus) 4016 brcmf_sdbrcm_release(bus); 4017 4018 brcmf_dbg(TRACE, "Disconnected\n"); 4019} 4020 4021void 4022brcmf_sdbrcm_wd_timer(struct brcmf_sdio *bus, uint wdtick) 4023{ 4024 /* Totally stop the timer */ 4025 if (!wdtick && bus->wd_timer_valid == true) { 4026 del_timer_sync(&bus->timer); 4027 bus->wd_timer_valid = false; 4028 bus->save_ms = wdtick; 4029 return; 4030 } 4031 4032 /* don't start the wd until fw is loaded */ 4033 if (bus->sdiodev->bus_if->state == BRCMF_BUS_DOWN) 4034 return; 4035 4036 if (wdtick) { 4037 if (bus->save_ms != BRCMF_WD_POLL_MS) { 4038 if (bus->wd_timer_valid == true) 4039 /* Stop timer and restart at new value */ 4040 del_timer_sync(&bus->timer); 4041 4042 /* Create timer again when watchdog period is 4043 dynamically changed or in the first instance 4044 */ 4045 bus->timer.expires = 4046 jiffies + BRCMF_WD_POLL_MS * HZ / 1000; 4047 add_timer(&bus->timer); 4048 4049 } else { 4050 /* Re arm the timer, at last watchdog period */ 4051 mod_timer(&bus->timer, 4052 jiffies + BRCMF_WD_POLL_MS * HZ / 1000); 4053 } 4054 4055 bus->wd_timer_valid = true; 4056 bus->save_ms = wdtick; 4057 } 4058} 4059