1/* 2 * Copyright (c) 2014 Redpine Signals Inc. 3 * 4 * Permission to use, copy, modify, and/or distribute this software for any 5 * purpose with or without fee is hereby granted, provided that the above 6 * copyright notice and this permission notice appear in all copies. 7 * 8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 */ 16 17#include <linux/firmware.h> 18#include <net/bluetooth/bluetooth.h> 19#include "rsi_mgmt.h" 20#include "rsi_hal.h" 21#include "rsi_sdio.h" 22#include "rsi_common.h" 23 24/* FLASH Firmware */ 25static struct ta_metadata metadata_flash_content[] = { 26 {"flash_content", 0x00010000}, 27 {"rsi/rs9113_wlan_qspi.rps", 0x00010000}, 28 {"rsi/rs9113_wlan_bt_dual_mode.rps", 0x00010000}, 29 {"flash_content", 0x00010000}, 30 {"rsi/rs9113_ap_bt_dual_mode.rps", 0x00010000}, 31 32}; 33 34static struct ta_metadata metadata[] = {{"pmemdata_dummy", 0x00000000}, 35 {"rsi/rs9116_wlan.rps", 0x00000000}, 36 {"rsi/rs9116_wlan_bt_classic.rps", 0x00000000}, 37 {"rsi/pmemdata_dummy", 0x00000000}, 38 {"rsi/rs9116_wlan_bt_classic.rps", 0x00000000} 39}; 40 41int rsi_send_pkt_to_bus(struct rsi_common *common, struct sk_buff *skb) 42{ 43 struct rsi_hw *adapter = common->priv; 44 int status; 45 46 if (common->coex_mode > 1) 47 mutex_lock(&common->tx_bus_mutex); 48 49 status = adapter->host_intf_ops->write_pkt(common->priv, 50 skb->data, skb->len); 51 52 if (common->coex_mode > 1) 53 mutex_unlock(&common->tx_bus_mutex); 54 55 return status; 56} 57 58int rsi_prepare_mgmt_desc(struct rsi_common *common, struct sk_buff *skb) 59{ 60 struct rsi_hw *adapter = common->priv; 61 struct ieee80211_hdr *wh = NULL; 62 struct ieee80211_tx_info *info; 63 struct ieee80211_conf *conf = &adapter->hw->conf; 64 struct ieee80211_vif *vif; 65 struct rsi_mgmt_desc *mgmt_desc; 66 struct skb_info *tx_params; 67 struct rsi_xtended_desc *xtend_desc = NULL; 68 u8 header_size; 69 u32 dword_align_bytes = 0; 70 71 if (skb->len > MAX_MGMT_PKT_SIZE) { 72 rsi_dbg(INFO_ZONE, "%s: Dropping mgmt pkt > 512\n", __func__); 73 return -EINVAL; 74 } 75 76 info = IEEE80211_SKB_CB(skb); 77 tx_params = (struct skb_info *)info->driver_data; 78 vif = tx_params->vif; 79 80 /* Update header size */ 81 header_size = FRAME_DESC_SZ + sizeof(struct rsi_xtended_desc); 82 if (header_size > skb_headroom(skb)) { 83 rsi_dbg(ERR_ZONE, 84 "%s: Failed to add extended descriptor\n", 85 __func__); 86 return -ENOSPC; 87 } 88 skb_push(skb, header_size); 89 dword_align_bytes = ((unsigned long)skb->data & 0x3f); 90 if (dword_align_bytes > skb_headroom(skb)) { 91 rsi_dbg(ERR_ZONE, 92 "%s: Failed to add dword align\n", __func__); 93 return -ENOSPC; 94 } 95 skb_push(skb, dword_align_bytes); 96 header_size += dword_align_bytes; 97 98 tx_params->internal_hdr_size = header_size; 99 memset(&skb->data[0], 0, header_size); 100 wh = (struct ieee80211_hdr *)&skb->data[header_size]; 101 102 mgmt_desc = (struct rsi_mgmt_desc *)skb->data; 103 xtend_desc = (struct rsi_xtended_desc *)&skb->data[FRAME_DESC_SZ]; 104 105 rsi_set_len_qno(&mgmt_desc->len_qno, (skb->len - FRAME_DESC_SZ), 106 RSI_WIFI_MGMT_Q); 107 mgmt_desc->frame_type = TX_DOT11_MGMT; 108 mgmt_desc->header_len = MIN_802_11_HDR_LEN; 109 mgmt_desc->xtend_desc_size = header_size - FRAME_DESC_SZ; 110 111 if (ieee80211_is_probe_req(wh->frame_control)) 112 mgmt_desc->frame_info = cpu_to_le16(RSI_INSERT_SEQ_IN_FW); 113 mgmt_desc->frame_info |= cpu_to_le16(RATE_INFO_ENABLE); 114 if (is_broadcast_ether_addr(wh->addr1)) 115 mgmt_desc->frame_info |= cpu_to_le16(RSI_BROADCAST_PKT); 116 117 mgmt_desc->seq_ctrl = 118 cpu_to_le16(IEEE80211_SEQ_TO_SN(le16_to_cpu(wh->seq_ctrl))); 119 if ((common->band == NL80211_BAND_2GHZ) && !common->p2p_enabled) 120 mgmt_desc->rate_info = cpu_to_le16(RSI_RATE_1); 121 else 122 mgmt_desc->rate_info = cpu_to_le16(RSI_RATE_6); 123 124 if (conf_is_ht40(conf)) 125 mgmt_desc->bbp_info = cpu_to_le16(FULL40M_ENABLE); 126 127 if (ieee80211_is_probe_resp(wh->frame_control)) { 128 mgmt_desc->misc_flags |= (RSI_ADD_DELTA_TSF_VAP_ID | 129 RSI_FETCH_RETRY_CNT_FRM_HST); 130#define PROBE_RESP_RETRY_CNT 3 131 xtend_desc->retry_cnt = PROBE_RESP_RETRY_CNT; 132 } 133 134 if (((vif->type == NL80211_IFTYPE_AP) || 135 (vif->type == NL80211_IFTYPE_P2P_GO)) && 136 (ieee80211_is_action(wh->frame_control))) { 137 struct rsi_sta *rsta = rsi_find_sta(common, wh->addr1); 138 139 if (rsta) 140 mgmt_desc->sta_id = tx_params->sta_id; 141 else 142 return -EINVAL; 143 } 144 mgmt_desc->rate_info |= 145 cpu_to_le16((tx_params->vap_id << RSI_DESC_VAP_ID_OFST) & 146 RSI_DESC_VAP_ID_MASK); 147 148 return 0; 149} 150 151/* This function prepares descriptor for given data packet */ 152int rsi_prepare_data_desc(struct rsi_common *common, struct sk_buff *skb) 153{ 154 struct rsi_hw *adapter = common->priv; 155 struct ieee80211_vif *vif; 156 struct ieee80211_hdr *wh = NULL; 157 struct ieee80211_tx_info *info; 158 struct skb_info *tx_params; 159 struct rsi_data_desc *data_desc; 160 struct rsi_xtended_desc *xtend_desc; 161 u8 ieee80211_size = MIN_802_11_HDR_LEN; 162 u8 header_size; 163 u8 vap_id = 0; 164 u8 dword_align_bytes; 165 bool tx_eapol; 166 u16 seq_num; 167 168 info = IEEE80211_SKB_CB(skb); 169 vif = info->control.vif; 170 tx_params = (struct skb_info *)info->driver_data; 171 172 tx_eapol = IEEE80211_SKB_CB(skb)->control.flags & 173 IEEE80211_TX_CTRL_PORT_CTRL_PROTO; 174 175 header_size = FRAME_DESC_SZ + sizeof(struct rsi_xtended_desc); 176 if (header_size > skb_headroom(skb)) { 177 rsi_dbg(ERR_ZONE, "%s: Unable to send pkt\n", __func__); 178 return -ENOSPC; 179 } 180 skb_push(skb, header_size); 181 dword_align_bytes = ((unsigned long)skb->data & 0x3f); 182 if (header_size > skb_headroom(skb)) { 183 rsi_dbg(ERR_ZONE, "%s: Not enough headroom\n", __func__); 184 return -ENOSPC; 185 } 186 skb_push(skb, dword_align_bytes); 187 header_size += dword_align_bytes; 188 189 tx_params->internal_hdr_size = header_size; 190 data_desc = (struct rsi_data_desc *)skb->data; 191 memset(data_desc, 0, header_size); 192 193 xtend_desc = (struct rsi_xtended_desc *)&skb->data[FRAME_DESC_SZ]; 194 wh = (struct ieee80211_hdr *)&skb->data[header_size]; 195 seq_num = IEEE80211_SEQ_TO_SN(le16_to_cpu(wh->seq_ctrl)); 196 197 data_desc->xtend_desc_size = header_size - FRAME_DESC_SZ; 198 199 if (ieee80211_is_data_qos(wh->frame_control)) { 200 ieee80211_size += 2; 201 data_desc->mac_flags |= cpu_to_le16(RSI_QOS_ENABLE); 202 } 203 204 if (((vif->type == NL80211_IFTYPE_STATION) || 205 (vif->type == NL80211_IFTYPE_P2P_CLIENT)) && 206 (adapter->ps_state == PS_ENABLED)) 207 wh->frame_control |= cpu_to_le16(RSI_SET_PS_ENABLE); 208 209 if ((!(info->flags & IEEE80211_TX_INTFL_DONT_ENCRYPT)) && 210 tx_params->have_key) { 211 if (rsi_is_cipher_wep(common)) 212 ieee80211_size += 4; 213 else 214 ieee80211_size += 8; 215 data_desc->mac_flags |= cpu_to_le16(RSI_ENCRYPT_PKT); 216 } 217 rsi_set_len_qno(&data_desc->len_qno, (skb->len - FRAME_DESC_SZ), 218 RSI_WIFI_DATA_Q); 219 data_desc->header_len = ieee80211_size; 220 221 if (common->rate_config[common->band].fixed_enabled) { 222 /* Send fixed rate */ 223 u16 fixed_rate = common->rate_config[common->band].fixed_hw_rate; 224 225 data_desc->frame_info = cpu_to_le16(RATE_INFO_ENABLE); 226 data_desc->rate_info = cpu_to_le16(fixed_rate); 227 228 if (conf_is_ht40(&common->priv->hw->conf)) 229 data_desc->bbp_info = cpu_to_le16(FULL40M_ENABLE); 230 231 if (common->vif_info[0].sgi && (fixed_rate & 0x100)) { 232 /* Only MCS rates */ 233 data_desc->rate_info |= 234 cpu_to_le16(ENABLE_SHORTGI_RATE); 235 } 236 } 237 238 if (tx_eapol) { 239 rsi_dbg(INFO_ZONE, "*** Tx EAPOL ***\n"); 240 241 data_desc->frame_info = cpu_to_le16(RATE_INFO_ENABLE); 242 if (common->band == NL80211_BAND_5GHZ) 243 data_desc->rate_info = cpu_to_le16(RSI_RATE_6); 244 else 245 data_desc->rate_info = cpu_to_le16(RSI_RATE_1); 246 data_desc->mac_flags |= cpu_to_le16(RSI_REKEY_PURPOSE); 247 data_desc->misc_flags |= RSI_FETCH_RETRY_CNT_FRM_HST; 248#define EAPOL_RETRY_CNT 15 249 xtend_desc->retry_cnt = EAPOL_RETRY_CNT; 250 251 if (common->eapol4_confirm) 252 skb->priority = VO_Q; 253 else 254 rsi_set_len_qno(&data_desc->len_qno, 255 (skb->len - FRAME_DESC_SZ), 256 RSI_WIFI_MGMT_Q); 257 if (((skb->len - header_size) == EAPOL4_PACKET_LEN) || 258 ((skb->len - header_size) == EAPOL4_PACKET_LEN - 2)) { 259 data_desc->misc_flags |= 260 RSI_DESC_REQUIRE_CFM_TO_HOST; 261 xtend_desc->confirm_frame_type = EAPOL4_CONFIRM; 262 } 263 } 264 265 data_desc->mac_flags |= cpu_to_le16(seq_num & 0xfff); 266 data_desc->qid_tid = ((skb->priority & 0xf) | 267 ((tx_params->tid & 0xf) << 4)); 268 data_desc->sta_id = tx_params->sta_id; 269 270 if ((is_broadcast_ether_addr(wh->addr1)) || 271 (is_multicast_ether_addr(wh->addr1))) { 272 data_desc->frame_info = cpu_to_le16(RATE_INFO_ENABLE); 273 data_desc->frame_info |= cpu_to_le16(RSI_BROADCAST_PKT); 274 data_desc->sta_id = vap_id; 275 276 if ((vif->type == NL80211_IFTYPE_AP) || 277 (vif->type == NL80211_IFTYPE_P2P_GO)) { 278 if (common->band == NL80211_BAND_5GHZ) 279 data_desc->rate_info = cpu_to_le16(RSI_RATE_6); 280 else 281 data_desc->rate_info = cpu_to_le16(RSI_RATE_1); 282 } 283 } 284 if (((vif->type == NL80211_IFTYPE_AP) || 285 (vif->type == NL80211_IFTYPE_P2P_GO)) && 286 (ieee80211_has_moredata(wh->frame_control))) 287 data_desc->frame_info |= cpu_to_le16(MORE_DATA_PRESENT); 288 289 data_desc->rate_info |= 290 cpu_to_le16((tx_params->vap_id << RSI_DESC_VAP_ID_OFST) & 291 RSI_DESC_VAP_ID_MASK); 292 293 return 0; 294} 295 296/* This function sends received data packet from driver to device */ 297int rsi_send_data_pkt(struct rsi_common *common, struct sk_buff *skb) 298{ 299 struct rsi_hw *adapter = common->priv; 300 struct ieee80211_vif *vif; 301 struct ieee80211_tx_info *info; 302 struct ieee80211_bss_conf *bss; 303 int status = -EINVAL; 304 305 if (!skb) 306 return 0; 307 if (common->iface_down) 308 goto err; 309 310 info = IEEE80211_SKB_CB(skb); 311 if (!info->control.vif) 312 goto err; 313 vif = info->control.vif; 314 bss = &vif->bss_conf; 315 316 if (((vif->type == NL80211_IFTYPE_STATION) || 317 (vif->type == NL80211_IFTYPE_P2P_CLIENT)) && 318 (!bss->assoc)) 319 goto err; 320 321 status = rsi_send_pkt_to_bus(common, skb); 322 if (status) 323 rsi_dbg(ERR_ZONE, "%s: Failed to write pkt\n", __func__); 324 325err: 326 ++common->tx_stats.total_tx_pkt_freed[skb->priority]; 327 rsi_indicate_tx_status(adapter, skb, status); 328 return status; 329} 330 331/** 332 * rsi_send_mgmt_pkt() - This functions sends the received management packet 333 * from driver to device. 334 * @common: Pointer to the driver private structure. 335 * @skb: Pointer to the socket buffer structure. 336 * 337 * Return: status: 0 on success, -1 on failure. 338 */ 339int rsi_send_mgmt_pkt(struct rsi_common *common, 340 struct sk_buff *skb) 341{ 342 struct rsi_hw *adapter = common->priv; 343 struct ieee80211_bss_conf *bss; 344 struct ieee80211_hdr *wh; 345 struct ieee80211_tx_info *info; 346 struct skb_info *tx_params; 347 struct rsi_mgmt_desc *mgmt_desc; 348 struct rsi_xtended_desc *xtend_desc; 349 int status = -E2BIG; 350 u8 header_size; 351 352 info = IEEE80211_SKB_CB(skb); 353 tx_params = (struct skb_info *)info->driver_data; 354 header_size = tx_params->internal_hdr_size; 355 356 if (tx_params->flags & INTERNAL_MGMT_PKT) { 357 status = adapter->host_intf_ops->write_pkt(common->priv, 358 (u8 *)skb->data, 359 skb->len); 360 if (status) { 361 rsi_dbg(ERR_ZONE, 362 "%s: Failed to write the packet\n", __func__); 363 } 364 dev_kfree_skb(skb); 365 return status; 366 } 367 368 bss = &info->control.vif->bss_conf; 369 wh = (struct ieee80211_hdr *)&skb->data[header_size]; 370 mgmt_desc = (struct rsi_mgmt_desc *)skb->data; 371 xtend_desc = (struct rsi_xtended_desc *)&skb->data[FRAME_DESC_SZ]; 372 373 /* Indicate to firmware to give cfm for probe */ 374 if (ieee80211_is_probe_req(wh->frame_control) && !bss->assoc) { 375 rsi_dbg(INFO_ZONE, 376 "%s: blocking mgmt queue\n", __func__); 377 mgmt_desc->misc_flags = RSI_DESC_REQUIRE_CFM_TO_HOST; 378 xtend_desc->confirm_frame_type = PROBEREQ_CONFIRM; 379 common->mgmt_q_block = true; 380 rsi_dbg(INFO_ZONE, "Mgmt queue blocked\n"); 381 } 382 383 status = rsi_send_pkt_to_bus(common, skb); 384 if (status) 385 rsi_dbg(ERR_ZONE, "%s: Failed to write the packet\n", __func__); 386 387 rsi_indicate_tx_status(common->priv, skb, status); 388 return status; 389} 390 391int rsi_send_bt_pkt(struct rsi_common *common, struct sk_buff *skb) 392{ 393 int status = -EINVAL; 394 u8 header_size = 0; 395 struct rsi_bt_desc *bt_desc; 396 u8 queueno = ((skb->data[1] >> 4) & 0xf); 397 398 if (queueno == RSI_BT_MGMT_Q) { 399 status = rsi_send_pkt_to_bus(common, skb); 400 if (status) 401 rsi_dbg(ERR_ZONE, "%s: Failed to write bt mgmt pkt\n", 402 __func__); 403 goto out; 404 } 405 header_size = FRAME_DESC_SZ; 406 if (header_size > skb_headroom(skb)) { 407 rsi_dbg(ERR_ZONE, "%s: Not enough headroom\n", __func__); 408 status = -ENOSPC; 409 goto out; 410 } 411 skb_push(skb, header_size); 412 memset(skb->data, 0, header_size); 413 bt_desc = (struct rsi_bt_desc *)skb->data; 414 415 rsi_set_len_qno(&bt_desc->len_qno, (skb->len - FRAME_DESC_SZ), 416 RSI_BT_DATA_Q); 417 bt_desc->bt_pkt_type = cpu_to_le16(bt_cb(skb)->pkt_type); 418 419 status = rsi_send_pkt_to_bus(common, skb); 420 if (status) 421 rsi_dbg(ERR_ZONE, "%s: Failed to write bt pkt\n", __func__); 422 423out: 424 dev_kfree_skb(skb); 425 return status; 426} 427 428int rsi_prepare_beacon(struct rsi_common *common, struct sk_buff *skb) 429{ 430 struct rsi_hw *adapter = (struct rsi_hw *)common->priv; 431 struct rsi_data_desc *bcn_frm; 432 struct ieee80211_hw *hw = common->priv->hw; 433 struct ieee80211_conf *conf = &hw->conf; 434 struct ieee80211_vif *vif; 435 struct sk_buff *mac_bcn; 436 u8 vap_id = 0, i; 437 u16 tim_offset = 0; 438 439 for (i = 0; i < RSI_MAX_VIFS; i++) { 440 vif = adapter->vifs[i]; 441 if (!vif) 442 continue; 443 if ((vif->type == NL80211_IFTYPE_AP) || 444 (vif->type == NL80211_IFTYPE_P2P_GO)) 445 break; 446 } 447 if (!vif) 448 return -EINVAL; 449 mac_bcn = ieee80211_beacon_get_tim(adapter->hw, 450 vif, 451 &tim_offset, NULL); 452 if (!mac_bcn) { 453 rsi_dbg(ERR_ZONE, "Failed to get beacon from mac80211\n"); 454 return -EINVAL; 455 } 456 457 common->beacon_cnt++; 458 bcn_frm = (struct rsi_data_desc *)skb->data; 459 rsi_set_len_qno(&bcn_frm->len_qno, mac_bcn->len, RSI_WIFI_DATA_Q); 460 bcn_frm->header_len = MIN_802_11_HDR_LEN; 461 bcn_frm->frame_info = cpu_to_le16(RSI_DATA_DESC_MAC_BBP_INFO | 462 RSI_DATA_DESC_NO_ACK_IND | 463 RSI_DATA_DESC_BEACON_FRAME | 464 RSI_DATA_DESC_INSERT_TSF | 465 RSI_DATA_DESC_INSERT_SEQ_NO | 466 RATE_INFO_ENABLE); 467 bcn_frm->rate_info = cpu_to_le16(vap_id << 14); 468 bcn_frm->qid_tid = BEACON_HW_Q; 469 470 if (conf_is_ht40_plus(conf)) { 471 bcn_frm->bbp_info = cpu_to_le16(LOWER_20_ENABLE); 472 bcn_frm->bbp_info |= cpu_to_le16(LOWER_20_ENABLE >> 12); 473 } else if (conf_is_ht40_minus(conf)) { 474 bcn_frm->bbp_info = cpu_to_le16(UPPER_20_ENABLE); 475 bcn_frm->bbp_info |= cpu_to_le16(UPPER_20_ENABLE >> 12); 476 } 477 478 if (common->band == NL80211_BAND_2GHZ) 479 bcn_frm->rate_info |= cpu_to_le16(RSI_RATE_1); 480 else 481 bcn_frm->rate_info |= cpu_to_le16(RSI_RATE_6); 482 483 if (mac_bcn->data[tim_offset + 2] == 0) 484 bcn_frm->frame_info |= cpu_to_le16(RSI_DATA_DESC_DTIM_BEACON); 485 486 memcpy(&skb->data[FRAME_DESC_SZ], mac_bcn->data, mac_bcn->len); 487 skb_put(skb, mac_bcn->len + FRAME_DESC_SZ); 488 489 dev_kfree_skb(mac_bcn); 490 491 return 0; 492} 493 494static void bl_cmd_timeout(struct timer_list *t) 495{ 496 struct rsi_hw *adapter = from_timer(adapter, t, bl_cmd_timer); 497 498 adapter->blcmd_timer_expired = true; 499 del_timer(&adapter->bl_cmd_timer); 500} 501 502static int bl_start_cmd_timer(struct rsi_hw *adapter, u32 timeout) 503{ 504 timer_setup(&adapter->bl_cmd_timer, bl_cmd_timeout, 0); 505 adapter->bl_cmd_timer.expires = (msecs_to_jiffies(timeout) + jiffies); 506 507 adapter->blcmd_timer_expired = false; 508 add_timer(&adapter->bl_cmd_timer); 509 510 return 0; 511} 512 513static int bl_stop_cmd_timer(struct rsi_hw *adapter) 514{ 515 adapter->blcmd_timer_expired = false; 516 if (timer_pending(&adapter->bl_cmd_timer)) 517 del_timer(&adapter->bl_cmd_timer); 518 519 return 0; 520} 521 522static int bl_write_cmd(struct rsi_hw *adapter, u8 cmd, u8 exp_resp, 523 u16 *cmd_resp) 524{ 525 struct rsi_host_intf_ops *hif_ops = adapter->host_intf_ops; 526 u32 regin_val = 0, regout_val = 0; 527 u32 regin_input = 0; 528 u8 output = 0; 529 int status; 530 531 regin_input = (REGIN_INPUT | adapter->priv->coex_mode); 532 533 while (!adapter->blcmd_timer_expired) { 534 regin_val = 0; 535 status = hif_ops->master_reg_read(adapter, SWBL_REGIN, 536 ®in_val, 2); 537 if (status < 0) { 538 rsi_dbg(ERR_ZONE, 539 "%s: Command %0x REGIN reading failed..\n", 540 __func__, cmd); 541 return status; 542 } 543 mdelay(1); 544 if ((regin_val >> 12) != REGIN_VALID) 545 break; 546 } 547 if (adapter->blcmd_timer_expired) { 548 rsi_dbg(ERR_ZONE, 549 "%s: Command %0x REGIN reading timed out..\n", 550 __func__, cmd); 551 return -ETIMEDOUT; 552 } 553 554 rsi_dbg(INFO_ZONE, 555 "Issuing write to Regin val:%0x sending cmd:%0x\n", 556 regin_val, (cmd | regin_input << 8)); 557 status = hif_ops->master_reg_write(adapter, SWBL_REGIN, 558 (cmd | regin_input << 8), 2); 559 if (status < 0) 560 return status; 561 mdelay(1); 562 563 if (cmd == LOAD_HOSTED_FW || cmd == JUMP_TO_ZERO_PC) { 564 /* JUMP_TO_ZERO_PC doesn't expect 565 * any response. So return from here 566 */ 567 return 0; 568 } 569 570 while (!adapter->blcmd_timer_expired) { 571 regout_val = 0; 572 status = hif_ops->master_reg_read(adapter, SWBL_REGOUT, 573 ®out_val, 2); 574 if (status < 0) { 575 rsi_dbg(ERR_ZONE, 576 "%s: Command %0x REGOUT reading failed..\n", 577 __func__, cmd); 578 return status; 579 } 580 mdelay(1); 581 if ((regout_val >> 8) == REGOUT_VALID) 582 break; 583 } 584 if (adapter->blcmd_timer_expired) { 585 rsi_dbg(ERR_ZONE, 586 "%s: Command %0x REGOUT reading timed out..\n", 587 __func__, cmd); 588 return status; 589 } 590 591 *cmd_resp = ((u16 *)®out_val)[0] & 0xffff; 592 593 output = ((u8 *)®out_val)[0] & 0xff; 594 595 status = hif_ops->master_reg_write(adapter, SWBL_REGOUT, 596 (cmd | REGOUT_INVALID << 8), 2); 597 if (status < 0) { 598 rsi_dbg(ERR_ZONE, 599 "%s: Command %0x REGOUT writing failed..\n", 600 __func__, cmd); 601 return status; 602 } 603 mdelay(1); 604 605 if (output != exp_resp) { 606 rsi_dbg(ERR_ZONE, 607 "%s: Recvd resp %x for cmd %0x\n", 608 __func__, output, cmd); 609 return -EINVAL; 610 } 611 rsi_dbg(INFO_ZONE, 612 "%s: Recvd Expected resp %x for cmd %0x\n", 613 __func__, output, cmd); 614 615 return 0; 616} 617 618static int bl_cmd(struct rsi_hw *adapter, u8 cmd, u8 exp_resp, char *str) 619{ 620 u16 regout_val = 0; 621 u32 timeout; 622 int status; 623 624 if ((cmd == EOF_REACHED) || (cmd == PING_VALID) || (cmd == PONG_VALID)) 625 timeout = BL_BURN_TIMEOUT; 626 else 627 timeout = BL_CMD_TIMEOUT; 628 629 bl_start_cmd_timer(adapter, timeout); 630 status = bl_write_cmd(adapter, cmd, exp_resp, ®out_val); 631 if (status < 0) { 632 bl_stop_cmd_timer(adapter); 633 rsi_dbg(ERR_ZONE, 634 "%s: Command %s (%0x) writing failed..\n", 635 __func__, str, cmd); 636 return status; 637 } 638 bl_stop_cmd_timer(adapter); 639 return 0; 640} 641 642#define CHECK_SUM_OFFSET 20 643#define LEN_OFFSET 8 644#define ADDR_OFFSET 16 645static int bl_write_header(struct rsi_hw *adapter, u8 *flash_content, 646 u32 content_size) 647{ 648 struct rsi_host_intf_ops *hif_ops = adapter->host_intf_ops; 649 struct bl_header *bl_hdr; 650 u32 write_addr, write_len; 651 int status; 652 653 bl_hdr = kzalloc(sizeof(*bl_hdr), GFP_KERNEL); 654 if (!bl_hdr) 655 return -ENOMEM; 656 657 bl_hdr->flags = 0; 658 bl_hdr->image_no = cpu_to_le32(adapter->priv->coex_mode); 659 bl_hdr->check_sum = 660 cpu_to_le32(*(u32 *)&flash_content[CHECK_SUM_OFFSET]); 661 bl_hdr->flash_start_address = 662 cpu_to_le32(*(u32 *)&flash_content[ADDR_OFFSET]); 663 bl_hdr->flash_len = cpu_to_le32(*(u32 *)&flash_content[LEN_OFFSET]); 664 write_len = sizeof(struct bl_header); 665 666 if (adapter->rsi_host_intf == RSI_HOST_INTF_USB) { 667 write_addr = PING_BUFFER_ADDRESS; 668 status = hif_ops->write_reg_multiple(adapter, write_addr, 669 (u8 *)bl_hdr, write_len); 670 if (status < 0) { 671 rsi_dbg(ERR_ZONE, 672 "%s: Failed to load Version/CRC structure\n", 673 __func__); 674 goto fail; 675 } 676 } else { 677 write_addr = PING_BUFFER_ADDRESS >> 16; 678 status = hif_ops->master_access_msword(adapter, write_addr); 679 if (status < 0) { 680 rsi_dbg(ERR_ZONE, 681 "%s: Unable to set ms word to common reg\n", 682 __func__); 683 goto fail; 684 } 685 write_addr = RSI_SD_REQUEST_MASTER | 686 (PING_BUFFER_ADDRESS & 0xFFFF); 687 status = hif_ops->write_reg_multiple(adapter, write_addr, 688 (u8 *)bl_hdr, write_len); 689 if (status < 0) { 690 rsi_dbg(ERR_ZONE, 691 "%s: Failed to load Version/CRC structure\n", 692 __func__); 693 goto fail; 694 } 695 } 696 status = 0; 697fail: 698 kfree(bl_hdr); 699 return status; 700} 701 702static u32 read_flash_capacity(struct rsi_hw *adapter) 703{ 704 u32 flash_sz = 0; 705 706 if ((adapter->host_intf_ops->master_reg_read(adapter, FLASH_SIZE_ADDR, 707 &flash_sz, 2)) < 0) { 708 rsi_dbg(ERR_ZONE, 709 "%s: Flash size reading failed..\n", 710 __func__); 711 return 0; 712 } 713 rsi_dbg(INIT_ZONE, "Flash capacity: %d KiloBytes\n", flash_sz); 714 715 return (flash_sz * 1024); /* Return size in kbytes */ 716} 717 718static int ping_pong_write(struct rsi_hw *adapter, u8 cmd, u8 *addr, u32 size) 719{ 720 struct rsi_host_intf_ops *hif_ops = adapter->host_intf_ops; 721 u32 block_size = adapter->block_size; 722 u32 cmd_addr; 723 u16 cmd_resp, cmd_req; 724 u8 *str; 725 int status; 726 727 if (cmd == PING_WRITE) { 728 cmd_addr = PING_BUFFER_ADDRESS; 729 cmd_resp = PONG_AVAIL; 730 cmd_req = PING_VALID; 731 str = "PING_VALID"; 732 } else { 733 cmd_addr = PONG_BUFFER_ADDRESS; 734 cmd_resp = PING_AVAIL; 735 cmd_req = PONG_VALID; 736 str = "PONG_VALID"; 737 } 738 739 status = hif_ops->load_data_master_write(adapter, cmd_addr, size, 740 block_size, addr); 741 if (status) { 742 rsi_dbg(ERR_ZONE, "%s: Unable to write blk at addr %0x\n", 743 __func__, *addr); 744 return status; 745 } 746 747 status = bl_cmd(adapter, cmd_req, cmd_resp, str); 748 if (status) 749 return status; 750 751 return 0; 752} 753 754static int auto_fw_upgrade(struct rsi_hw *adapter, u8 *flash_content, 755 u32 content_size) 756{ 757 u8 cmd; 758 u32 temp_content_size, num_flash, index; 759 u32 flash_start_address; 760 int status; 761 762 if (content_size > MAX_FLASH_FILE_SIZE) { 763 rsi_dbg(ERR_ZONE, 764 "%s: Flash Content size is more than 400K %u\n", 765 __func__, MAX_FLASH_FILE_SIZE); 766 return -EINVAL; 767 } 768 769 flash_start_address = *(u32 *)&flash_content[FLASH_START_ADDRESS]; 770 rsi_dbg(INFO_ZONE, "flash start address: %08x\n", flash_start_address); 771 772 if (flash_start_address < FW_IMAGE_MIN_ADDRESS) { 773 rsi_dbg(ERR_ZONE, 774 "%s: Fw image Flash Start Address is less than 64K\n", 775 __func__); 776 return -EINVAL; 777 } 778 779 if (flash_start_address % FLASH_SECTOR_SIZE) { 780 rsi_dbg(ERR_ZONE, 781 "%s: Flash Start Address is not multiple of 4K\n", 782 __func__); 783 return -EINVAL; 784 } 785 786 if ((flash_start_address + content_size) > adapter->flash_capacity) { 787 rsi_dbg(ERR_ZONE, 788 "%s: Flash Content will cross max flash size\n", 789 __func__); 790 return -EINVAL; 791 } 792 793 temp_content_size = content_size; 794 num_flash = content_size / FLASH_WRITE_CHUNK_SIZE; 795 796 rsi_dbg(INFO_ZONE, "content_size: %d, num_flash: %d\n", 797 content_size, num_flash); 798 799 for (index = 0; index <= num_flash; index++) { 800 rsi_dbg(INFO_ZONE, "flash index: %d\n", index); 801 if (index != num_flash) { 802 content_size = FLASH_WRITE_CHUNK_SIZE; 803 rsi_dbg(INFO_ZONE, "QSPI content_size:%d\n", 804 content_size); 805 } else { 806 content_size = 807 temp_content_size % FLASH_WRITE_CHUNK_SIZE; 808 rsi_dbg(INFO_ZONE, 809 "Writing last sector content_size:%d\n", 810 content_size); 811 if (!content_size) { 812 rsi_dbg(INFO_ZONE, "instruction size zero\n"); 813 break; 814 } 815 } 816 817 if (index % 2) 818 cmd = PING_WRITE; 819 else 820 cmd = PONG_WRITE; 821 822 status = ping_pong_write(adapter, cmd, flash_content, 823 content_size); 824 if (status) { 825 rsi_dbg(ERR_ZONE, "%s: Unable to load %d block\n", 826 __func__, index); 827 return status; 828 } 829 830 rsi_dbg(INFO_ZONE, 831 "%s: Successfully loaded %d instructions\n", 832 __func__, index); 833 flash_content += content_size; 834 } 835 836 status = bl_cmd(adapter, EOF_REACHED, FW_LOADING_SUCCESSFUL, 837 "EOF_REACHED"); 838 if (status) 839 return status; 840 841 rsi_dbg(INFO_ZONE, "FW loading is done and FW is running..\n"); 842 return 0; 843} 844 845static int rsi_hal_prepare_fwload(struct rsi_hw *adapter) 846{ 847 struct rsi_host_intf_ops *hif_ops = adapter->host_intf_ops; 848 u32 regout_val = 0; 849 int status; 850 851 bl_start_cmd_timer(adapter, BL_CMD_TIMEOUT); 852 853 while (!adapter->blcmd_timer_expired) { 854 status = hif_ops->master_reg_read(adapter, SWBL_REGOUT, 855 ®out_val, 856 RSI_COMMON_REG_SIZE); 857 if (status < 0) { 858 bl_stop_cmd_timer(adapter); 859 rsi_dbg(ERR_ZONE, 860 "%s: REGOUT read failed\n", __func__); 861 return status; 862 } 863 mdelay(1); 864 if ((regout_val >> 8) == REGOUT_VALID) 865 break; 866 } 867 if (adapter->blcmd_timer_expired) { 868 rsi_dbg(ERR_ZONE, "%s: REGOUT read timedout\n", __func__); 869 rsi_dbg(ERR_ZONE, 870 "%s: Soft boot loader not present\n", __func__); 871 return -ETIMEDOUT; 872 } 873 bl_stop_cmd_timer(adapter); 874 875 rsi_dbg(INFO_ZONE, "Received Board Version Number: %x\n", 876 (regout_val & 0xff)); 877 878 status = hif_ops->master_reg_write(adapter, SWBL_REGOUT, 879 (REGOUT_INVALID | 880 REGOUT_INVALID << 8), 881 RSI_COMMON_REG_SIZE); 882 if (status < 0) 883 rsi_dbg(ERR_ZONE, "%s: REGOUT writing failed..\n", __func__); 884 else 885 rsi_dbg(INFO_ZONE, 886 "===> Device is ready to load firmware <===\n"); 887 888 return status; 889} 890 891static int rsi_load_9113_firmware(struct rsi_hw *adapter) 892{ 893 struct rsi_common *common = adapter->priv; 894 const struct firmware *fw_entry = NULL; 895 u32 content_size; 896 u16 tmp_regout_val = 0; 897 struct ta_metadata *metadata_p; 898 int status; 899 900 status = bl_cmd(adapter, CONFIG_AUTO_READ_MODE, CMD_PASS, 901 "AUTO_READ_CMD"); 902 if (status < 0) 903 return status; 904 905 adapter->flash_capacity = read_flash_capacity(adapter); 906 if (adapter->flash_capacity <= 0) { 907 rsi_dbg(ERR_ZONE, 908 "%s: Unable to read flash size from EEPROM\n", 909 __func__); 910 return -EINVAL; 911 } 912 913 metadata_p = &metadata_flash_content[adapter->priv->coex_mode]; 914 915 rsi_dbg(INIT_ZONE, "%s: Loading file %s\n", __func__, metadata_p->name); 916 adapter->fw_file_name = metadata_p->name; 917 918 status = request_firmware(&fw_entry, metadata_p->name, adapter->device); 919 if (status < 0) { 920 rsi_dbg(ERR_ZONE, "%s: Failed to open file %s\n", 921 __func__, metadata_p->name); 922 return status; 923 } 924 content_size = fw_entry->size; 925 rsi_dbg(INFO_ZONE, "FW Length = %d bytes\n", content_size); 926 927 /* Get the firmware version */ 928 common->lmac_ver.ver.info.fw_ver[0] = 929 fw_entry->data[LMAC_VER_OFFSET_9113] & 0xFF; 930 common->lmac_ver.ver.info.fw_ver[1] = 931 fw_entry->data[LMAC_VER_OFFSET_9113 + 1] & 0xFF; 932 common->lmac_ver.major = 933 fw_entry->data[LMAC_VER_OFFSET_9113 + 2] & 0xFF; 934 common->lmac_ver.release_num = 935 fw_entry->data[LMAC_VER_OFFSET_9113 + 3] & 0xFF; 936 common->lmac_ver.minor = 937 fw_entry->data[LMAC_VER_OFFSET_9113 + 4] & 0xFF; 938 common->lmac_ver.patch_num = 0; 939 rsi_print_version(common); 940 941 status = bl_write_header(adapter, (u8 *)fw_entry->data, content_size); 942 if (status) { 943 rsi_dbg(ERR_ZONE, 944 "%s: RPS Image header loading failed\n", 945 __func__); 946 goto fail; 947 } 948 949 bl_start_cmd_timer(adapter, BL_CMD_TIMEOUT); 950 status = bl_write_cmd(adapter, CHECK_CRC, CMD_PASS, &tmp_regout_val); 951 if (status) { 952 bl_stop_cmd_timer(adapter); 953 rsi_dbg(ERR_ZONE, 954 "%s: CHECK_CRC Command writing failed..\n", 955 __func__); 956 if ((tmp_regout_val & 0xff) == CMD_FAIL) { 957 rsi_dbg(ERR_ZONE, 958 "CRC Fail.. Proceeding to Upgrade mode\n"); 959 goto fw_upgrade; 960 } 961 } 962 bl_stop_cmd_timer(adapter); 963 964 status = bl_cmd(adapter, POLLING_MODE, CMD_PASS, "POLLING_MODE"); 965 if (status) 966 goto fail; 967 968load_image_cmd: 969 status = bl_cmd(adapter, LOAD_HOSTED_FW, LOADING_INITIATED, 970 "LOAD_HOSTED_FW"); 971 if (status) 972 goto fail; 973 rsi_dbg(INFO_ZONE, "Load Image command passed..\n"); 974 goto success; 975 976fw_upgrade: 977 status = bl_cmd(adapter, BURN_HOSTED_FW, SEND_RPS_FILE, "FW_UPGRADE"); 978 if (status) 979 goto fail; 980 981 rsi_dbg(INFO_ZONE, "Burn Command Pass.. Upgrading the firmware\n"); 982 983 status = auto_fw_upgrade(adapter, (u8 *)fw_entry->data, content_size); 984 if (status == 0) { 985 rsi_dbg(ERR_ZONE, "Firmware upgradation Done\n"); 986 goto load_image_cmd; 987 } 988 rsi_dbg(ERR_ZONE, "Firmware upgrade failed\n"); 989 990 status = bl_cmd(adapter, CONFIG_AUTO_READ_MODE, CMD_PASS, 991 "AUTO_READ_MODE"); 992 if (status) 993 goto fail; 994 995success: 996 rsi_dbg(ERR_ZONE, "***** Firmware Loading successful *****\n"); 997 release_firmware(fw_entry); 998 return 0; 999 1000fail: 1001 rsi_dbg(ERR_ZONE, "##### Firmware loading failed #####\n"); 1002 release_firmware(fw_entry); 1003 return status; 1004} 1005 1006static int rsi_load_9116_firmware(struct rsi_hw *adapter) 1007{ 1008 struct rsi_common *common = adapter->priv; 1009 struct rsi_host_intf_ops *hif_ops = adapter->host_intf_ops; 1010 const struct firmware *fw_entry; 1011 struct ta_metadata *metadata_p; 1012 u8 *ta_firmware, *fw_p; 1013 struct bootload_ds bootload_ds; 1014 u32 instructions_sz, base_address; 1015 u16 block_size = adapter->block_size; 1016 u32 dest, len; 1017 int status, cnt; 1018 1019 rsi_dbg(INIT_ZONE, "***** Load 9116 TA Instructions *****\n"); 1020 1021 if (adapter->rsi_host_intf == RSI_HOST_INTF_USB) { 1022 status = bl_cmd(adapter, POLLING_MODE, CMD_PASS, 1023 "POLLING_MODE"); 1024 if (status < 0) 1025 return status; 1026 } 1027 1028 status = hif_ops->master_reg_write(adapter, MEM_ACCESS_CTRL_FROM_HOST, 1029 RAM_384K_ACCESS_FROM_TA, 1030 RSI_9116_REG_SIZE); 1031 if (status < 0) { 1032 rsi_dbg(ERR_ZONE, "%s: Unable to access full RAM memory\n", 1033 __func__); 1034 return status; 1035 } 1036 1037 metadata_p = &metadata[adapter->priv->coex_mode]; 1038 rsi_dbg(INIT_ZONE, "%s: loading file %s\n", __func__, metadata_p->name); 1039 status = request_firmware(&fw_entry, metadata_p->name, adapter->device); 1040 if (status < 0) { 1041 rsi_dbg(ERR_ZONE, "%s: Failed to open file %s\n", 1042 __func__, metadata_p->name); 1043 return status; 1044 } 1045 1046 ta_firmware = kmemdup(fw_entry->data, fw_entry->size, GFP_KERNEL); 1047 if (!ta_firmware) { 1048 status = -ENOMEM; 1049 goto fail_release_fw; 1050 } 1051 fw_p = ta_firmware; 1052 instructions_sz = fw_entry->size; 1053 rsi_dbg(INFO_ZONE, "FW Length = %d bytes\n", instructions_sz); 1054 1055 common->lmac_ver.major = ta_firmware[LMAC_VER_OFFSET_9116]; 1056 common->lmac_ver.minor = ta_firmware[LMAC_VER_OFFSET_9116 + 1]; 1057 common->lmac_ver.release_num = ta_firmware[LMAC_VER_OFFSET_9116 + 2]; 1058 common->lmac_ver.patch_num = ta_firmware[LMAC_VER_OFFSET_9116 + 3]; 1059 common->lmac_ver.ver.info.fw_ver[0] = 1060 ta_firmware[LMAC_VER_OFFSET_9116 + 4]; 1061 1062 if (instructions_sz % FW_ALIGN_SIZE) 1063 instructions_sz += 1064 (FW_ALIGN_SIZE - (instructions_sz % FW_ALIGN_SIZE)); 1065 rsi_dbg(INFO_ZONE, "instructions_sz : %d\n", instructions_sz); 1066 1067 if (*(u16 *)fw_p == RSI_9116_FW_MAGIC_WORD) { 1068 memcpy(&bootload_ds, fw_p, sizeof(struct bootload_ds)); 1069 fw_p += le16_to_cpu(bootload_ds.offset); 1070 rsi_dbg(INFO_ZONE, "FW start = %x\n", *(u32 *)fw_p); 1071 1072 cnt = 0; 1073 do { 1074 rsi_dbg(ERR_ZONE, "%s: Loading chunk %d\n", 1075 __func__, cnt); 1076 1077 dest = le32_to_cpu(bootload_ds.bl_entry[cnt].dst_addr); 1078 len = le32_to_cpu(bootload_ds.bl_entry[cnt].control) & 1079 RSI_BL_CTRL_LEN_MASK; 1080 rsi_dbg(INFO_ZONE, "length %d destination %x\n", 1081 len, dest); 1082 1083 status = hif_ops->load_data_master_write(adapter, dest, 1084 len, 1085 block_size, 1086 fw_p); 1087 if (status < 0) { 1088 rsi_dbg(ERR_ZONE, 1089 "Failed to load chunk %d\n", cnt); 1090 break; 1091 } 1092 fw_p += len; 1093 if (le32_to_cpu(bootload_ds.bl_entry[cnt].control) & 1094 RSI_BL_CTRL_LAST_ENTRY) 1095 break; 1096 cnt++; 1097 } while (1); 1098 } else { 1099 base_address = metadata_p->address; 1100 status = hif_ops->load_data_master_write(adapter, 1101 base_address, 1102 instructions_sz, 1103 block_size, 1104 ta_firmware); 1105 } 1106 if (status) { 1107 rsi_dbg(ERR_ZONE, 1108 "%s: Unable to load %s blk\n", 1109 __func__, metadata_p->name); 1110 goto fail_free_fw; 1111 } 1112 1113 rsi_dbg(INIT_ZONE, "%s: Successfully loaded %s instructions\n", 1114 __func__, metadata_p->name); 1115 1116 if (adapter->rsi_host_intf == RSI_HOST_INTF_SDIO) { 1117 if (hif_ops->ta_reset(adapter)) 1118 rsi_dbg(ERR_ZONE, "Unable to put ta in reset\n"); 1119 } else { 1120 if (bl_cmd(adapter, JUMP_TO_ZERO_PC, 1121 CMD_PASS, "JUMP_TO_ZERO") < 0) 1122 rsi_dbg(INFO_ZONE, "Jump to zero command failed\n"); 1123 else 1124 rsi_dbg(INFO_ZONE, "Jump to zero command successful\n"); 1125 } 1126 1127fail_free_fw: 1128 kfree(ta_firmware); 1129fail_release_fw: 1130 release_firmware(fw_entry); 1131 1132 return status; 1133} 1134 1135int rsi_hal_device_init(struct rsi_hw *adapter) 1136{ 1137 struct rsi_common *common = adapter->priv; 1138 int status; 1139 1140 switch (adapter->device_model) { 1141 case RSI_DEV_9113: 1142 status = rsi_hal_prepare_fwload(adapter); 1143 if (status < 0) 1144 return status; 1145 if (rsi_load_9113_firmware(adapter)) { 1146 rsi_dbg(ERR_ZONE, 1147 "%s: Failed to load TA instructions\n", 1148 __func__); 1149 return -EINVAL; 1150 } 1151 break; 1152 case RSI_DEV_9116: 1153 status = rsi_hal_prepare_fwload(adapter); 1154 if (status < 0) 1155 return status; 1156 if (rsi_load_9116_firmware(adapter)) { 1157 rsi_dbg(ERR_ZONE, 1158 "%s: Failed to load firmware to 9116 device\n", 1159 __func__); 1160 return -EINVAL; 1161 } 1162 break; 1163 default: 1164 return -EINVAL; 1165 } 1166 common->fsm_state = FSM_CARD_NOT_READY; 1167 1168 return 0; 1169} 1170EXPORT_SYMBOL_GPL(rsi_hal_device_init); 1171 1172