0001
0002
0003
0004
0005
0006
0007
0008
0009
0010
0011
0012
0013
0014
0015
0016
0017 #include <linux/firmware.h>
0018 #include <net/bluetooth/bluetooth.h>
0019 #include "rsi_mgmt.h"
0020 #include "rsi_hal.h"
0021 #include "rsi_sdio.h"
0022 #include "rsi_common.h"
0023
0024
0025 static struct ta_metadata metadata_flash_content[] = {
0026 {"flash_content", 0x00010000},
0027 {"rsi/rs9113_wlan_qspi.rps", 0x00010000},
0028 {"rsi/rs9113_wlan_bt_dual_mode.rps", 0x00010000},
0029 {"flash_content", 0x00010000},
0030 {"rsi/rs9113_ap_bt_dual_mode.rps", 0x00010000},
0031
0032 };
0033
0034 static struct ta_metadata metadata[] = {{"pmemdata_dummy", 0x00000000},
0035 {"rsi/rs9116_wlan.rps", 0x00000000},
0036 {"rsi/rs9116_wlan_bt_classic.rps", 0x00000000},
0037 {"rsi/pmemdata_dummy", 0x00000000},
0038 {"rsi/rs9116_wlan_bt_classic.rps", 0x00000000}
0039 };
0040
0041 int rsi_send_pkt_to_bus(struct rsi_common *common, struct sk_buff *skb)
0042 {
0043 struct rsi_hw *adapter = common->priv;
0044 int status;
0045
0046 if (common->coex_mode > 1)
0047 mutex_lock(&common->tx_bus_mutex);
0048
0049 status = adapter->host_intf_ops->write_pkt(common->priv,
0050 skb->data, skb->len);
0051
0052 if (common->coex_mode > 1)
0053 mutex_unlock(&common->tx_bus_mutex);
0054
0055 return status;
0056 }
0057
0058 int rsi_prepare_mgmt_desc(struct rsi_common *common, struct sk_buff *skb)
0059 {
0060 struct rsi_hw *adapter = common->priv;
0061 struct ieee80211_hdr *wh = NULL;
0062 struct ieee80211_tx_info *info;
0063 struct ieee80211_conf *conf = &adapter->hw->conf;
0064 struct ieee80211_vif *vif;
0065 struct rsi_mgmt_desc *mgmt_desc;
0066 struct skb_info *tx_params;
0067 struct rsi_xtended_desc *xtend_desc = NULL;
0068 u8 header_size;
0069 u32 dword_align_bytes = 0;
0070
0071 if (skb->len > MAX_MGMT_PKT_SIZE) {
0072 rsi_dbg(INFO_ZONE, "%s: Dropping mgmt pkt > 512\n", __func__);
0073 return -EINVAL;
0074 }
0075
0076 info = IEEE80211_SKB_CB(skb);
0077 tx_params = (struct skb_info *)info->driver_data;
0078 vif = tx_params->vif;
0079
0080
0081 header_size = FRAME_DESC_SZ + sizeof(struct rsi_xtended_desc);
0082 if (header_size > skb_headroom(skb)) {
0083 rsi_dbg(ERR_ZONE,
0084 "%s: Failed to add extended descriptor\n",
0085 __func__);
0086 return -ENOSPC;
0087 }
0088 skb_push(skb, header_size);
0089 dword_align_bytes = ((unsigned long)skb->data & 0x3f);
0090 if (dword_align_bytes > skb_headroom(skb)) {
0091 rsi_dbg(ERR_ZONE,
0092 "%s: Failed to add dword align\n", __func__);
0093 return -ENOSPC;
0094 }
0095 skb_push(skb, dword_align_bytes);
0096 header_size += dword_align_bytes;
0097
0098 tx_params->internal_hdr_size = header_size;
0099 memset(&skb->data[0], 0, header_size);
0100 wh = (struct ieee80211_hdr *)&skb->data[header_size];
0101
0102 mgmt_desc = (struct rsi_mgmt_desc *)skb->data;
0103 xtend_desc = (struct rsi_xtended_desc *)&skb->data[FRAME_DESC_SZ];
0104
0105 rsi_set_len_qno(&mgmt_desc->len_qno, (skb->len - FRAME_DESC_SZ),
0106 RSI_WIFI_MGMT_Q);
0107 mgmt_desc->frame_type = TX_DOT11_MGMT;
0108 mgmt_desc->header_len = MIN_802_11_HDR_LEN;
0109 mgmt_desc->xtend_desc_size = header_size - FRAME_DESC_SZ;
0110
0111 if (ieee80211_is_probe_req(wh->frame_control))
0112 mgmt_desc->frame_info = cpu_to_le16(RSI_INSERT_SEQ_IN_FW);
0113 mgmt_desc->frame_info |= cpu_to_le16(RATE_INFO_ENABLE);
0114 if (is_broadcast_ether_addr(wh->addr1))
0115 mgmt_desc->frame_info |= cpu_to_le16(RSI_BROADCAST_PKT);
0116
0117 mgmt_desc->seq_ctrl =
0118 cpu_to_le16(IEEE80211_SEQ_TO_SN(le16_to_cpu(wh->seq_ctrl)));
0119 if ((common->band == NL80211_BAND_2GHZ) && !common->p2p_enabled)
0120 mgmt_desc->rate_info = cpu_to_le16(RSI_RATE_1);
0121 else
0122 mgmt_desc->rate_info = cpu_to_le16(RSI_RATE_6);
0123
0124 if (conf_is_ht40(conf))
0125 mgmt_desc->bbp_info = cpu_to_le16(FULL40M_ENABLE);
0126
0127 if (ieee80211_is_probe_resp(wh->frame_control)) {
0128 mgmt_desc->misc_flags |= (RSI_ADD_DELTA_TSF_VAP_ID |
0129 RSI_FETCH_RETRY_CNT_FRM_HST);
0130 #define PROBE_RESP_RETRY_CNT 3
0131 xtend_desc->retry_cnt = PROBE_RESP_RETRY_CNT;
0132 }
0133
0134 if (((vif->type == NL80211_IFTYPE_AP) ||
0135 (vif->type == NL80211_IFTYPE_P2P_GO)) &&
0136 (ieee80211_is_action(wh->frame_control))) {
0137 struct rsi_sta *rsta = rsi_find_sta(common, wh->addr1);
0138
0139 if (rsta)
0140 mgmt_desc->sta_id = tx_params->sta_id;
0141 else
0142 return -EINVAL;
0143 }
0144 mgmt_desc->rate_info |=
0145 cpu_to_le16((tx_params->vap_id << RSI_DESC_VAP_ID_OFST) &
0146 RSI_DESC_VAP_ID_MASK);
0147
0148 return 0;
0149 }
0150
0151
0152 int rsi_prepare_data_desc(struct rsi_common *common, struct sk_buff *skb)
0153 {
0154 struct rsi_hw *adapter = common->priv;
0155 struct ieee80211_vif *vif;
0156 struct ieee80211_hdr *wh = NULL;
0157 struct ieee80211_tx_info *info;
0158 struct skb_info *tx_params;
0159 struct rsi_data_desc *data_desc;
0160 struct rsi_xtended_desc *xtend_desc;
0161 u8 ieee80211_size = MIN_802_11_HDR_LEN;
0162 u8 header_size;
0163 u8 vap_id = 0;
0164 u8 dword_align_bytes;
0165 u16 seq_num;
0166
0167 info = IEEE80211_SKB_CB(skb);
0168 vif = info->control.vif;
0169 tx_params = (struct skb_info *)info->driver_data;
0170
0171 header_size = FRAME_DESC_SZ + sizeof(struct rsi_xtended_desc);
0172 if (header_size > skb_headroom(skb)) {
0173 rsi_dbg(ERR_ZONE, "%s: Unable to send pkt\n", __func__);
0174 return -ENOSPC;
0175 }
0176 skb_push(skb, header_size);
0177 dword_align_bytes = ((unsigned long)skb->data & 0x3f);
0178 if (header_size > skb_headroom(skb)) {
0179 rsi_dbg(ERR_ZONE, "%s: Not enough headroom\n", __func__);
0180 return -ENOSPC;
0181 }
0182 skb_push(skb, dword_align_bytes);
0183 header_size += dword_align_bytes;
0184
0185 tx_params->internal_hdr_size = header_size;
0186 data_desc = (struct rsi_data_desc *)skb->data;
0187 memset(data_desc, 0, header_size);
0188
0189 xtend_desc = (struct rsi_xtended_desc *)&skb->data[FRAME_DESC_SZ];
0190 wh = (struct ieee80211_hdr *)&skb->data[header_size];
0191 seq_num = IEEE80211_SEQ_TO_SN(le16_to_cpu(wh->seq_ctrl));
0192
0193 data_desc->xtend_desc_size = header_size - FRAME_DESC_SZ;
0194
0195 if (ieee80211_is_data_qos(wh->frame_control)) {
0196 ieee80211_size += 2;
0197 data_desc->mac_flags |= cpu_to_le16(RSI_QOS_ENABLE);
0198 }
0199
0200 if (((vif->type == NL80211_IFTYPE_STATION) ||
0201 (vif->type == NL80211_IFTYPE_P2P_CLIENT)) &&
0202 (adapter->ps_state == PS_ENABLED))
0203 wh->frame_control |= cpu_to_le16(RSI_SET_PS_ENABLE);
0204
0205 if ((!(info->flags & IEEE80211_TX_INTFL_DONT_ENCRYPT)) &&
0206 tx_params->have_key) {
0207 if (rsi_is_cipher_wep(common))
0208 ieee80211_size += 4;
0209 else
0210 ieee80211_size += 8;
0211 data_desc->mac_flags |= cpu_to_le16(RSI_ENCRYPT_PKT);
0212 }
0213 rsi_set_len_qno(&data_desc->len_qno, (skb->len - FRAME_DESC_SZ),
0214 RSI_WIFI_DATA_Q);
0215 data_desc->header_len = ieee80211_size;
0216
0217 if (common->rate_config[common->band].fixed_enabled) {
0218
0219 u16 fixed_rate = common->rate_config[common->band].fixed_hw_rate;
0220
0221 data_desc->frame_info = cpu_to_le16(RATE_INFO_ENABLE);
0222 data_desc->rate_info = cpu_to_le16(fixed_rate);
0223
0224 if (conf_is_ht40(&common->priv->hw->conf))
0225 data_desc->bbp_info = cpu_to_le16(FULL40M_ENABLE);
0226
0227 if (common->vif_info[0].sgi && (fixed_rate & 0x100)) {
0228
0229 data_desc->rate_info |=
0230 cpu_to_le16(ENABLE_SHORTGI_RATE);
0231 }
0232 }
0233
0234 if (skb->protocol == cpu_to_be16(ETH_P_PAE)) {
0235 rsi_dbg(INFO_ZONE, "*** Tx EAPOL ***\n");
0236
0237 data_desc->frame_info = cpu_to_le16(RATE_INFO_ENABLE);
0238 if (common->band == NL80211_BAND_5GHZ)
0239 data_desc->rate_info = cpu_to_le16(RSI_RATE_6);
0240 else
0241 data_desc->rate_info = cpu_to_le16(RSI_RATE_1);
0242 data_desc->mac_flags |= cpu_to_le16(RSI_REKEY_PURPOSE);
0243 data_desc->misc_flags |= RSI_FETCH_RETRY_CNT_FRM_HST;
0244 #define EAPOL_RETRY_CNT 15
0245 xtend_desc->retry_cnt = EAPOL_RETRY_CNT;
0246
0247 if (common->eapol4_confirm)
0248 skb->priority = VO_Q;
0249 else
0250 rsi_set_len_qno(&data_desc->len_qno,
0251 (skb->len - FRAME_DESC_SZ),
0252 RSI_WIFI_MGMT_Q);
0253 if (((skb->len - header_size) == EAPOL4_PACKET_LEN) ||
0254 ((skb->len - header_size) == EAPOL4_PACKET_LEN - 2)) {
0255 data_desc->misc_flags |=
0256 RSI_DESC_REQUIRE_CFM_TO_HOST;
0257 xtend_desc->confirm_frame_type = EAPOL4_CONFIRM;
0258 }
0259 }
0260
0261 data_desc->mac_flags |= cpu_to_le16(seq_num & 0xfff);
0262 data_desc->qid_tid = ((skb->priority & 0xf) |
0263 ((tx_params->tid & 0xf) << 4));
0264 data_desc->sta_id = tx_params->sta_id;
0265
0266 if ((is_broadcast_ether_addr(wh->addr1)) ||
0267 (is_multicast_ether_addr(wh->addr1))) {
0268 data_desc->frame_info = cpu_to_le16(RATE_INFO_ENABLE);
0269 data_desc->frame_info |= cpu_to_le16(RSI_BROADCAST_PKT);
0270 data_desc->sta_id = vap_id;
0271
0272 if ((vif->type == NL80211_IFTYPE_AP) ||
0273 (vif->type == NL80211_IFTYPE_P2P_GO)) {
0274 if (common->band == NL80211_BAND_5GHZ)
0275 data_desc->rate_info = cpu_to_le16(RSI_RATE_6);
0276 else
0277 data_desc->rate_info = cpu_to_le16(RSI_RATE_1);
0278 }
0279 }
0280 if (((vif->type == NL80211_IFTYPE_AP) ||
0281 (vif->type == NL80211_IFTYPE_P2P_GO)) &&
0282 (ieee80211_has_moredata(wh->frame_control)))
0283 data_desc->frame_info |= cpu_to_le16(MORE_DATA_PRESENT);
0284
0285 data_desc->rate_info |=
0286 cpu_to_le16((tx_params->vap_id << RSI_DESC_VAP_ID_OFST) &
0287 RSI_DESC_VAP_ID_MASK);
0288
0289 return 0;
0290 }
0291
0292
0293 int rsi_send_data_pkt(struct rsi_common *common, struct sk_buff *skb)
0294 {
0295 struct rsi_hw *adapter = common->priv;
0296 struct ieee80211_vif *vif;
0297 struct ieee80211_tx_info *info;
0298 int status = -EINVAL;
0299
0300 if (!skb)
0301 return 0;
0302 if (common->iface_down)
0303 goto err;
0304
0305 info = IEEE80211_SKB_CB(skb);
0306 if (!info->control.vif)
0307 goto err;
0308 vif = info->control.vif;
0309
0310 if (((vif->type == NL80211_IFTYPE_STATION) ||
0311 (vif->type == NL80211_IFTYPE_P2P_CLIENT)) &&
0312 (!vif->cfg.assoc))
0313 goto err;
0314
0315 status = rsi_send_pkt_to_bus(common, skb);
0316 if (status)
0317 rsi_dbg(ERR_ZONE, "%s: Failed to write pkt\n", __func__);
0318
0319 err:
0320 ++common->tx_stats.total_tx_pkt_freed[skb->priority];
0321 rsi_indicate_tx_status(adapter, skb, status);
0322 return status;
0323 }
0324
0325
0326
0327
0328
0329
0330
0331
0332
0333 int rsi_send_mgmt_pkt(struct rsi_common *common,
0334 struct sk_buff *skb)
0335 {
0336 struct rsi_hw *adapter = common->priv;
0337 struct ieee80211_hdr *wh;
0338 struct ieee80211_tx_info *info;
0339 struct skb_info *tx_params;
0340 struct rsi_mgmt_desc *mgmt_desc;
0341 struct rsi_xtended_desc *xtend_desc;
0342 int status = -E2BIG;
0343 u8 header_size;
0344
0345 info = IEEE80211_SKB_CB(skb);
0346 tx_params = (struct skb_info *)info->driver_data;
0347 header_size = tx_params->internal_hdr_size;
0348
0349 if (tx_params->flags & INTERNAL_MGMT_PKT) {
0350 status = adapter->host_intf_ops->write_pkt(common->priv,
0351 (u8 *)skb->data,
0352 skb->len);
0353 if (status) {
0354 rsi_dbg(ERR_ZONE,
0355 "%s: Failed to write the packet\n", __func__);
0356 }
0357 dev_kfree_skb(skb);
0358 return status;
0359 }
0360
0361 wh = (struct ieee80211_hdr *)&skb->data[header_size];
0362 mgmt_desc = (struct rsi_mgmt_desc *)skb->data;
0363 xtend_desc = (struct rsi_xtended_desc *)&skb->data[FRAME_DESC_SZ];
0364
0365
0366 if (ieee80211_is_probe_req(wh->frame_control) &&
0367 !info->control.vif->cfg.assoc) {
0368 rsi_dbg(INFO_ZONE,
0369 "%s: blocking mgmt queue\n", __func__);
0370 mgmt_desc->misc_flags = RSI_DESC_REQUIRE_CFM_TO_HOST;
0371 xtend_desc->confirm_frame_type = PROBEREQ_CONFIRM;
0372 common->mgmt_q_block = true;
0373 rsi_dbg(INFO_ZONE, "Mgmt queue blocked\n");
0374 }
0375
0376 status = rsi_send_pkt_to_bus(common, skb);
0377 if (status)
0378 rsi_dbg(ERR_ZONE, "%s: Failed to write the packet\n", __func__);
0379
0380 rsi_indicate_tx_status(common->priv, skb, status);
0381 return status;
0382 }
0383
0384 int rsi_send_bt_pkt(struct rsi_common *common, struct sk_buff *skb)
0385 {
0386 int status = -EINVAL;
0387 u8 header_size = 0;
0388 struct rsi_bt_desc *bt_desc;
0389 u8 queueno = ((skb->data[1] >> 4) & 0xf);
0390
0391 if (queueno == RSI_BT_MGMT_Q) {
0392 status = rsi_send_pkt_to_bus(common, skb);
0393 if (status)
0394 rsi_dbg(ERR_ZONE, "%s: Failed to write bt mgmt pkt\n",
0395 __func__);
0396 goto out;
0397 }
0398 header_size = FRAME_DESC_SZ;
0399 if (header_size > skb_headroom(skb)) {
0400 rsi_dbg(ERR_ZONE, "%s: Not enough headroom\n", __func__);
0401 status = -ENOSPC;
0402 goto out;
0403 }
0404 skb_push(skb, header_size);
0405 memset(skb->data, 0, header_size);
0406 bt_desc = (struct rsi_bt_desc *)skb->data;
0407
0408 rsi_set_len_qno(&bt_desc->len_qno, (skb->len - FRAME_DESC_SZ),
0409 RSI_BT_DATA_Q);
0410 bt_desc->bt_pkt_type = cpu_to_le16(bt_cb(skb)->pkt_type);
0411
0412 status = rsi_send_pkt_to_bus(common, skb);
0413 if (status)
0414 rsi_dbg(ERR_ZONE, "%s: Failed to write bt pkt\n", __func__);
0415
0416 out:
0417 dev_kfree_skb(skb);
0418 return status;
0419 }
0420
0421 int rsi_prepare_beacon(struct rsi_common *common, struct sk_buff *skb)
0422 {
0423 struct rsi_hw *adapter = (struct rsi_hw *)common->priv;
0424 struct rsi_data_desc *bcn_frm;
0425 struct ieee80211_hw *hw = common->priv->hw;
0426 struct ieee80211_conf *conf = &hw->conf;
0427 struct ieee80211_vif *vif;
0428 struct sk_buff *mac_bcn;
0429 u8 vap_id = 0, i;
0430 u16 tim_offset = 0;
0431
0432 for (i = 0; i < RSI_MAX_VIFS; i++) {
0433 vif = adapter->vifs[i];
0434 if (!vif)
0435 continue;
0436 if ((vif->type == NL80211_IFTYPE_AP) ||
0437 (vif->type == NL80211_IFTYPE_P2P_GO))
0438 break;
0439 }
0440 if (!vif)
0441 return -EINVAL;
0442 mac_bcn = ieee80211_beacon_get_tim(adapter->hw,
0443 vif,
0444 &tim_offset, NULL, 0);
0445 if (!mac_bcn) {
0446 rsi_dbg(ERR_ZONE, "Failed to get beacon from mac80211\n");
0447 return -EINVAL;
0448 }
0449
0450 common->beacon_cnt++;
0451 bcn_frm = (struct rsi_data_desc *)skb->data;
0452 rsi_set_len_qno(&bcn_frm->len_qno, mac_bcn->len, RSI_WIFI_DATA_Q);
0453 bcn_frm->header_len = MIN_802_11_HDR_LEN;
0454 bcn_frm->frame_info = cpu_to_le16(RSI_DATA_DESC_MAC_BBP_INFO |
0455 RSI_DATA_DESC_NO_ACK_IND |
0456 RSI_DATA_DESC_BEACON_FRAME |
0457 RSI_DATA_DESC_INSERT_TSF |
0458 RSI_DATA_DESC_INSERT_SEQ_NO |
0459 RATE_INFO_ENABLE);
0460 bcn_frm->rate_info = cpu_to_le16(vap_id << 14);
0461 bcn_frm->qid_tid = BEACON_HW_Q;
0462
0463 if (conf_is_ht40_plus(conf)) {
0464 bcn_frm->bbp_info = cpu_to_le16(LOWER_20_ENABLE);
0465 bcn_frm->bbp_info |= cpu_to_le16(LOWER_20_ENABLE >> 12);
0466 } else if (conf_is_ht40_minus(conf)) {
0467 bcn_frm->bbp_info = cpu_to_le16(UPPER_20_ENABLE);
0468 bcn_frm->bbp_info |= cpu_to_le16(UPPER_20_ENABLE >> 12);
0469 }
0470
0471 if (common->band == NL80211_BAND_2GHZ)
0472 bcn_frm->rate_info |= cpu_to_le16(RSI_RATE_1);
0473 else
0474 bcn_frm->rate_info |= cpu_to_le16(RSI_RATE_6);
0475
0476 if (mac_bcn->data[tim_offset + 2] == 0)
0477 bcn_frm->frame_info |= cpu_to_le16(RSI_DATA_DESC_DTIM_BEACON);
0478
0479 memcpy(&skb->data[FRAME_DESC_SZ], mac_bcn->data, mac_bcn->len);
0480 skb_put(skb, mac_bcn->len + FRAME_DESC_SZ);
0481
0482 dev_kfree_skb(mac_bcn);
0483
0484 return 0;
0485 }
0486
0487 static void bl_cmd_timeout(struct timer_list *t)
0488 {
0489 struct rsi_hw *adapter = from_timer(adapter, t, bl_cmd_timer);
0490
0491 adapter->blcmd_timer_expired = true;
0492 del_timer(&adapter->bl_cmd_timer);
0493 }
0494
0495 static int bl_start_cmd_timer(struct rsi_hw *adapter, u32 timeout)
0496 {
0497 timer_setup(&adapter->bl_cmd_timer, bl_cmd_timeout, 0);
0498 adapter->bl_cmd_timer.expires = (msecs_to_jiffies(timeout) + jiffies);
0499
0500 adapter->blcmd_timer_expired = false;
0501 add_timer(&adapter->bl_cmd_timer);
0502
0503 return 0;
0504 }
0505
0506 static int bl_stop_cmd_timer(struct rsi_hw *adapter)
0507 {
0508 adapter->blcmd_timer_expired = false;
0509 if (timer_pending(&adapter->bl_cmd_timer))
0510 del_timer(&adapter->bl_cmd_timer);
0511
0512 return 0;
0513 }
0514
0515 static int bl_write_cmd(struct rsi_hw *adapter, u8 cmd, u8 exp_resp,
0516 u16 *cmd_resp)
0517 {
0518 struct rsi_host_intf_ops *hif_ops = adapter->host_intf_ops;
0519 u32 regin_val = 0, regout_val = 0;
0520 u32 regin_input = 0;
0521 u8 output = 0;
0522 int status;
0523
0524 regin_input = (REGIN_INPUT | adapter->priv->coex_mode);
0525
0526 while (!adapter->blcmd_timer_expired) {
0527 regin_val = 0;
0528 status = hif_ops->master_reg_read(adapter, SWBL_REGIN,
0529 ®in_val, 2);
0530 if (status < 0) {
0531 rsi_dbg(ERR_ZONE,
0532 "%s: Command %0x REGIN reading failed..\n",
0533 __func__, cmd);
0534 return status;
0535 }
0536 mdelay(1);
0537 if ((regin_val >> 12) != REGIN_VALID)
0538 break;
0539 }
0540 if (adapter->blcmd_timer_expired) {
0541 rsi_dbg(ERR_ZONE,
0542 "%s: Command %0x REGIN reading timed out..\n",
0543 __func__, cmd);
0544 return -ETIMEDOUT;
0545 }
0546
0547 rsi_dbg(INFO_ZONE,
0548 "Issuing write to Regin val:%0x sending cmd:%0x\n",
0549 regin_val, (cmd | regin_input << 8));
0550 status = hif_ops->master_reg_write(adapter, SWBL_REGIN,
0551 (cmd | regin_input << 8), 2);
0552 if (status < 0)
0553 return status;
0554 mdelay(1);
0555
0556 if (cmd == LOAD_HOSTED_FW || cmd == JUMP_TO_ZERO_PC) {
0557
0558
0559
0560 return 0;
0561 }
0562
0563 while (!adapter->blcmd_timer_expired) {
0564 regout_val = 0;
0565 status = hif_ops->master_reg_read(adapter, SWBL_REGOUT,
0566 ®out_val, 2);
0567 if (status < 0) {
0568 rsi_dbg(ERR_ZONE,
0569 "%s: Command %0x REGOUT reading failed..\n",
0570 __func__, cmd);
0571 return status;
0572 }
0573 mdelay(1);
0574 if ((regout_val >> 8) == REGOUT_VALID)
0575 break;
0576 }
0577 if (adapter->blcmd_timer_expired) {
0578 rsi_dbg(ERR_ZONE,
0579 "%s: Command %0x REGOUT reading timed out..\n",
0580 __func__, cmd);
0581 return status;
0582 }
0583
0584 *cmd_resp = ((u16 *)®out_val)[0] & 0xffff;
0585
0586 output = ((u8 *)®out_val)[0] & 0xff;
0587
0588 status = hif_ops->master_reg_write(adapter, SWBL_REGOUT,
0589 (cmd | REGOUT_INVALID << 8), 2);
0590 if (status < 0) {
0591 rsi_dbg(ERR_ZONE,
0592 "%s: Command %0x REGOUT writing failed..\n",
0593 __func__, cmd);
0594 return status;
0595 }
0596 mdelay(1);
0597
0598 if (output != exp_resp) {
0599 rsi_dbg(ERR_ZONE,
0600 "%s: Recvd resp %x for cmd %0x\n",
0601 __func__, output, cmd);
0602 return -EINVAL;
0603 }
0604 rsi_dbg(INFO_ZONE,
0605 "%s: Recvd Expected resp %x for cmd %0x\n",
0606 __func__, output, cmd);
0607
0608 return 0;
0609 }
0610
0611 static int bl_cmd(struct rsi_hw *adapter, u8 cmd, u8 exp_resp, char *str)
0612 {
0613 u16 regout_val = 0;
0614 u32 timeout;
0615 int status;
0616
0617 if ((cmd == EOF_REACHED) || (cmd == PING_VALID) || (cmd == PONG_VALID))
0618 timeout = BL_BURN_TIMEOUT;
0619 else
0620 timeout = BL_CMD_TIMEOUT;
0621
0622 bl_start_cmd_timer(adapter, timeout);
0623 status = bl_write_cmd(adapter, cmd, exp_resp, ®out_val);
0624 if (status < 0) {
0625 bl_stop_cmd_timer(adapter);
0626 rsi_dbg(ERR_ZONE,
0627 "%s: Command %s (%0x) writing failed..\n",
0628 __func__, str, cmd);
0629 return status;
0630 }
0631 bl_stop_cmd_timer(adapter);
0632 return 0;
0633 }
0634
0635 #define CHECK_SUM_OFFSET 20
0636 #define LEN_OFFSET 8
0637 #define ADDR_OFFSET 16
0638 static int bl_write_header(struct rsi_hw *adapter, u8 *flash_content,
0639 u32 content_size)
0640 {
0641 struct rsi_host_intf_ops *hif_ops = adapter->host_intf_ops;
0642 struct bl_header *bl_hdr;
0643 u32 write_addr, write_len;
0644 int status;
0645
0646 bl_hdr = kzalloc(sizeof(*bl_hdr), GFP_KERNEL);
0647 if (!bl_hdr)
0648 return -ENOMEM;
0649
0650 bl_hdr->flags = 0;
0651 bl_hdr->image_no = cpu_to_le32(adapter->priv->coex_mode);
0652 bl_hdr->check_sum =
0653 cpu_to_le32(*(u32 *)&flash_content[CHECK_SUM_OFFSET]);
0654 bl_hdr->flash_start_address =
0655 cpu_to_le32(*(u32 *)&flash_content[ADDR_OFFSET]);
0656 bl_hdr->flash_len = cpu_to_le32(*(u32 *)&flash_content[LEN_OFFSET]);
0657 write_len = sizeof(struct bl_header);
0658
0659 if (adapter->rsi_host_intf == RSI_HOST_INTF_USB) {
0660 write_addr = PING_BUFFER_ADDRESS;
0661 status = hif_ops->write_reg_multiple(adapter, write_addr,
0662 (u8 *)bl_hdr, write_len);
0663 if (status < 0) {
0664 rsi_dbg(ERR_ZONE,
0665 "%s: Failed to load Version/CRC structure\n",
0666 __func__);
0667 goto fail;
0668 }
0669 } else {
0670 write_addr = PING_BUFFER_ADDRESS >> 16;
0671 status = hif_ops->master_access_msword(adapter, write_addr);
0672 if (status < 0) {
0673 rsi_dbg(ERR_ZONE,
0674 "%s: Unable to set ms word to common reg\n",
0675 __func__);
0676 goto fail;
0677 }
0678 write_addr = RSI_SD_REQUEST_MASTER |
0679 (PING_BUFFER_ADDRESS & 0xFFFF);
0680 status = hif_ops->write_reg_multiple(adapter, write_addr,
0681 (u8 *)bl_hdr, write_len);
0682 if (status < 0) {
0683 rsi_dbg(ERR_ZONE,
0684 "%s: Failed to load Version/CRC structure\n",
0685 __func__);
0686 goto fail;
0687 }
0688 }
0689 status = 0;
0690 fail:
0691 kfree(bl_hdr);
0692 return status;
0693 }
0694
0695 static u32 read_flash_capacity(struct rsi_hw *adapter)
0696 {
0697 u32 flash_sz = 0;
0698
0699 if ((adapter->host_intf_ops->master_reg_read(adapter, FLASH_SIZE_ADDR,
0700 &flash_sz, 2)) < 0) {
0701 rsi_dbg(ERR_ZONE,
0702 "%s: Flash size reading failed..\n",
0703 __func__);
0704 return 0;
0705 }
0706 rsi_dbg(INIT_ZONE, "Flash capacity: %d KiloBytes\n", flash_sz);
0707
0708 return (flash_sz * 1024);
0709 }
0710
0711 static int ping_pong_write(struct rsi_hw *adapter, u8 cmd, u8 *addr, u32 size)
0712 {
0713 struct rsi_host_intf_ops *hif_ops = adapter->host_intf_ops;
0714 u32 block_size = adapter->block_size;
0715 u32 cmd_addr;
0716 u16 cmd_resp, cmd_req;
0717 u8 *str;
0718 int status;
0719
0720 if (cmd == PING_WRITE) {
0721 cmd_addr = PING_BUFFER_ADDRESS;
0722 cmd_resp = PONG_AVAIL;
0723 cmd_req = PING_VALID;
0724 str = "PING_VALID";
0725 } else {
0726 cmd_addr = PONG_BUFFER_ADDRESS;
0727 cmd_resp = PING_AVAIL;
0728 cmd_req = PONG_VALID;
0729 str = "PONG_VALID";
0730 }
0731
0732 status = hif_ops->load_data_master_write(adapter, cmd_addr, size,
0733 block_size, addr);
0734 if (status) {
0735 rsi_dbg(ERR_ZONE, "%s: Unable to write blk at addr %0x\n",
0736 __func__, *addr);
0737 return status;
0738 }
0739
0740 status = bl_cmd(adapter, cmd_req, cmd_resp, str);
0741 if (status)
0742 return status;
0743
0744 return 0;
0745 }
0746
0747 static int auto_fw_upgrade(struct rsi_hw *adapter, u8 *flash_content,
0748 u32 content_size)
0749 {
0750 u8 cmd;
0751 u32 temp_content_size, num_flash, index;
0752 u32 flash_start_address;
0753 int status;
0754
0755 if (content_size > MAX_FLASH_FILE_SIZE) {
0756 rsi_dbg(ERR_ZONE,
0757 "%s: Flash Content size is more than 400K %u\n",
0758 __func__, MAX_FLASH_FILE_SIZE);
0759 return -EINVAL;
0760 }
0761
0762 flash_start_address = *(u32 *)&flash_content[FLASH_START_ADDRESS];
0763 rsi_dbg(INFO_ZONE, "flash start address: %08x\n", flash_start_address);
0764
0765 if (flash_start_address < FW_IMAGE_MIN_ADDRESS) {
0766 rsi_dbg(ERR_ZONE,
0767 "%s: Fw image Flash Start Address is less than 64K\n",
0768 __func__);
0769 return -EINVAL;
0770 }
0771
0772 if (flash_start_address % FLASH_SECTOR_SIZE) {
0773 rsi_dbg(ERR_ZONE,
0774 "%s: Flash Start Address is not multiple of 4K\n",
0775 __func__);
0776 return -EINVAL;
0777 }
0778
0779 if ((flash_start_address + content_size) > adapter->flash_capacity) {
0780 rsi_dbg(ERR_ZONE,
0781 "%s: Flash Content will cross max flash size\n",
0782 __func__);
0783 return -EINVAL;
0784 }
0785
0786 temp_content_size = content_size;
0787 num_flash = content_size / FLASH_WRITE_CHUNK_SIZE;
0788
0789 rsi_dbg(INFO_ZONE, "content_size: %d, num_flash: %d\n",
0790 content_size, num_flash);
0791
0792 for (index = 0; index <= num_flash; index++) {
0793 rsi_dbg(INFO_ZONE, "flash index: %d\n", index);
0794 if (index != num_flash) {
0795 content_size = FLASH_WRITE_CHUNK_SIZE;
0796 rsi_dbg(INFO_ZONE, "QSPI content_size:%d\n",
0797 content_size);
0798 } else {
0799 content_size =
0800 temp_content_size % FLASH_WRITE_CHUNK_SIZE;
0801 rsi_dbg(INFO_ZONE,
0802 "Writing last sector content_size:%d\n",
0803 content_size);
0804 if (!content_size) {
0805 rsi_dbg(INFO_ZONE, "instruction size zero\n");
0806 break;
0807 }
0808 }
0809
0810 if (index % 2)
0811 cmd = PING_WRITE;
0812 else
0813 cmd = PONG_WRITE;
0814
0815 status = ping_pong_write(adapter, cmd, flash_content,
0816 content_size);
0817 if (status) {
0818 rsi_dbg(ERR_ZONE, "%s: Unable to load %d block\n",
0819 __func__, index);
0820 return status;
0821 }
0822
0823 rsi_dbg(INFO_ZONE,
0824 "%s: Successfully loaded %d instructions\n",
0825 __func__, index);
0826 flash_content += content_size;
0827 }
0828
0829 status = bl_cmd(adapter, EOF_REACHED, FW_LOADING_SUCCESSFUL,
0830 "EOF_REACHED");
0831 if (status)
0832 return status;
0833
0834 rsi_dbg(INFO_ZONE, "FW loading is done and FW is running..\n");
0835 return 0;
0836 }
0837
0838 static int rsi_hal_prepare_fwload(struct rsi_hw *adapter)
0839 {
0840 struct rsi_host_intf_ops *hif_ops = adapter->host_intf_ops;
0841 u32 regout_val = 0;
0842 int status;
0843
0844 bl_start_cmd_timer(adapter, BL_CMD_TIMEOUT);
0845
0846 while (!adapter->blcmd_timer_expired) {
0847 status = hif_ops->master_reg_read(adapter, SWBL_REGOUT,
0848 ®out_val,
0849 RSI_COMMON_REG_SIZE);
0850 if (status < 0) {
0851 bl_stop_cmd_timer(adapter);
0852 rsi_dbg(ERR_ZONE,
0853 "%s: REGOUT read failed\n", __func__);
0854 return status;
0855 }
0856 mdelay(1);
0857 if ((regout_val >> 8) == REGOUT_VALID)
0858 break;
0859 }
0860 if (adapter->blcmd_timer_expired) {
0861 rsi_dbg(ERR_ZONE, "%s: REGOUT read timedout\n", __func__);
0862 rsi_dbg(ERR_ZONE,
0863 "%s: Soft boot loader not present\n", __func__);
0864 return -ETIMEDOUT;
0865 }
0866 bl_stop_cmd_timer(adapter);
0867
0868 rsi_dbg(INFO_ZONE, "Received Board Version Number: %x\n",
0869 (regout_val & 0xff));
0870
0871 status = hif_ops->master_reg_write(adapter, SWBL_REGOUT,
0872 (REGOUT_INVALID |
0873 REGOUT_INVALID << 8),
0874 RSI_COMMON_REG_SIZE);
0875 if (status < 0)
0876 rsi_dbg(ERR_ZONE, "%s: REGOUT writing failed..\n", __func__);
0877 else
0878 rsi_dbg(INFO_ZONE,
0879 "===> Device is ready to load firmware <===\n");
0880
0881 return status;
0882 }
0883
0884 static int rsi_load_9113_firmware(struct rsi_hw *adapter)
0885 {
0886 struct rsi_common *common = adapter->priv;
0887 const struct firmware *fw_entry = NULL;
0888 u32 content_size;
0889 u16 tmp_regout_val = 0;
0890 struct ta_metadata *metadata_p;
0891 int status;
0892
0893 status = bl_cmd(adapter, CONFIG_AUTO_READ_MODE, CMD_PASS,
0894 "AUTO_READ_CMD");
0895 if (status < 0)
0896 return status;
0897
0898 adapter->flash_capacity = read_flash_capacity(adapter);
0899 if (adapter->flash_capacity <= 0) {
0900 rsi_dbg(ERR_ZONE,
0901 "%s: Unable to read flash size from EEPROM\n",
0902 __func__);
0903 return -EINVAL;
0904 }
0905
0906 metadata_p = &metadata_flash_content[adapter->priv->coex_mode];
0907
0908 rsi_dbg(INIT_ZONE, "%s: Loading file %s\n", __func__, metadata_p->name);
0909 adapter->fw_file_name = metadata_p->name;
0910
0911 status = request_firmware(&fw_entry, metadata_p->name, adapter->device);
0912 if (status < 0) {
0913 rsi_dbg(ERR_ZONE, "%s: Failed to open file %s\n",
0914 __func__, metadata_p->name);
0915 return status;
0916 }
0917 content_size = fw_entry->size;
0918 rsi_dbg(INFO_ZONE, "FW Length = %d bytes\n", content_size);
0919
0920
0921 common->lmac_ver.ver.info.fw_ver[0] =
0922 fw_entry->data[LMAC_VER_OFFSET_9113] & 0xFF;
0923 common->lmac_ver.ver.info.fw_ver[1] =
0924 fw_entry->data[LMAC_VER_OFFSET_9113 + 1] & 0xFF;
0925 common->lmac_ver.major =
0926 fw_entry->data[LMAC_VER_OFFSET_9113 + 2] & 0xFF;
0927 common->lmac_ver.release_num =
0928 fw_entry->data[LMAC_VER_OFFSET_9113 + 3] & 0xFF;
0929 common->lmac_ver.minor =
0930 fw_entry->data[LMAC_VER_OFFSET_9113 + 4] & 0xFF;
0931 common->lmac_ver.patch_num = 0;
0932 rsi_print_version(common);
0933
0934 status = bl_write_header(adapter, (u8 *)fw_entry->data, content_size);
0935 if (status) {
0936 rsi_dbg(ERR_ZONE,
0937 "%s: RPS Image header loading failed\n",
0938 __func__);
0939 goto fail;
0940 }
0941
0942 bl_start_cmd_timer(adapter, BL_CMD_TIMEOUT);
0943 status = bl_write_cmd(adapter, CHECK_CRC, CMD_PASS, &tmp_regout_val);
0944 if (status) {
0945 bl_stop_cmd_timer(adapter);
0946 rsi_dbg(ERR_ZONE,
0947 "%s: CHECK_CRC Command writing failed..\n",
0948 __func__);
0949 if ((tmp_regout_val & 0xff) == CMD_FAIL) {
0950 rsi_dbg(ERR_ZONE,
0951 "CRC Fail.. Proceeding to Upgrade mode\n");
0952 goto fw_upgrade;
0953 }
0954 }
0955 bl_stop_cmd_timer(adapter);
0956
0957 status = bl_cmd(adapter, POLLING_MODE, CMD_PASS, "POLLING_MODE");
0958 if (status)
0959 goto fail;
0960
0961 load_image_cmd:
0962 status = bl_cmd(adapter, LOAD_HOSTED_FW, LOADING_INITIATED,
0963 "LOAD_HOSTED_FW");
0964 if (status)
0965 goto fail;
0966 rsi_dbg(INFO_ZONE, "Load Image command passed..\n");
0967 goto success;
0968
0969 fw_upgrade:
0970 status = bl_cmd(adapter, BURN_HOSTED_FW, SEND_RPS_FILE, "FW_UPGRADE");
0971 if (status)
0972 goto fail;
0973
0974 rsi_dbg(INFO_ZONE, "Burn Command Pass.. Upgrading the firmware\n");
0975
0976 status = auto_fw_upgrade(adapter, (u8 *)fw_entry->data, content_size);
0977 if (status == 0) {
0978 rsi_dbg(ERR_ZONE, "Firmware upgradation Done\n");
0979 goto load_image_cmd;
0980 }
0981 rsi_dbg(ERR_ZONE, "Firmware upgrade failed\n");
0982
0983 status = bl_cmd(adapter, CONFIG_AUTO_READ_MODE, CMD_PASS,
0984 "AUTO_READ_MODE");
0985 if (status)
0986 goto fail;
0987
0988 success:
0989 rsi_dbg(ERR_ZONE, "***** Firmware Loading successful *****\n");
0990 release_firmware(fw_entry);
0991 return 0;
0992
0993 fail:
0994 rsi_dbg(ERR_ZONE, "##### Firmware loading failed #####\n");
0995 release_firmware(fw_entry);
0996 return status;
0997 }
0998
0999 static int rsi_load_9116_firmware(struct rsi_hw *adapter)
1000 {
1001 struct rsi_common *common = adapter->priv;
1002 struct rsi_host_intf_ops *hif_ops = adapter->host_intf_ops;
1003 const struct firmware *fw_entry;
1004 struct ta_metadata *metadata_p;
1005 u8 *ta_firmware, *fw_p;
1006 struct bootload_ds bootload_ds;
1007 u32 instructions_sz, base_address;
1008 u16 block_size = adapter->block_size;
1009 u32 dest, len;
1010 int status, cnt;
1011
1012 rsi_dbg(INIT_ZONE, "***** Load 9116 TA Instructions *****\n");
1013
1014 if (adapter->rsi_host_intf == RSI_HOST_INTF_USB) {
1015 status = bl_cmd(adapter, POLLING_MODE, CMD_PASS,
1016 "POLLING_MODE");
1017 if (status < 0)
1018 return status;
1019 }
1020
1021 status = hif_ops->master_reg_write(adapter, MEM_ACCESS_CTRL_FROM_HOST,
1022 RAM_384K_ACCESS_FROM_TA,
1023 RSI_9116_REG_SIZE);
1024 if (status < 0) {
1025 rsi_dbg(ERR_ZONE, "%s: Unable to access full RAM memory\n",
1026 __func__);
1027 return status;
1028 }
1029
1030 metadata_p = &metadata[adapter->priv->coex_mode];
1031 rsi_dbg(INIT_ZONE, "%s: loading file %s\n", __func__, metadata_p->name);
1032 status = request_firmware(&fw_entry, metadata_p->name, adapter->device);
1033 if (status < 0) {
1034 rsi_dbg(ERR_ZONE, "%s: Failed to open file %s\n",
1035 __func__, metadata_p->name);
1036 return status;
1037 }
1038
1039 ta_firmware = kmemdup(fw_entry->data, fw_entry->size, GFP_KERNEL);
1040 if (!ta_firmware) {
1041 status = -ENOMEM;
1042 goto fail_release_fw;
1043 }
1044 fw_p = ta_firmware;
1045 instructions_sz = fw_entry->size;
1046 rsi_dbg(INFO_ZONE, "FW Length = %d bytes\n", instructions_sz);
1047
1048 common->lmac_ver.major = ta_firmware[LMAC_VER_OFFSET_9116];
1049 common->lmac_ver.minor = ta_firmware[LMAC_VER_OFFSET_9116 + 1];
1050 common->lmac_ver.release_num = ta_firmware[LMAC_VER_OFFSET_9116 + 2];
1051 common->lmac_ver.patch_num = ta_firmware[LMAC_VER_OFFSET_9116 + 3];
1052 common->lmac_ver.ver.info.fw_ver[0] =
1053 ta_firmware[LMAC_VER_OFFSET_9116 + 4];
1054
1055 if (instructions_sz % FW_ALIGN_SIZE)
1056 instructions_sz +=
1057 (FW_ALIGN_SIZE - (instructions_sz % FW_ALIGN_SIZE));
1058 rsi_dbg(INFO_ZONE, "instructions_sz : %d\n", instructions_sz);
1059
1060 if (*(u16 *)fw_p == RSI_9116_FW_MAGIC_WORD) {
1061 memcpy(&bootload_ds, fw_p, sizeof(struct bootload_ds));
1062 fw_p += le16_to_cpu(bootload_ds.offset);
1063 rsi_dbg(INFO_ZONE, "FW start = %x\n", *(u32 *)fw_p);
1064
1065 cnt = 0;
1066 do {
1067 rsi_dbg(ERR_ZONE, "%s: Loading chunk %d\n",
1068 __func__, cnt);
1069
1070 dest = le32_to_cpu(bootload_ds.bl_entry[cnt].dst_addr);
1071 len = le32_to_cpu(bootload_ds.bl_entry[cnt].control) &
1072 RSI_BL_CTRL_LEN_MASK;
1073 rsi_dbg(INFO_ZONE, "length %d destination %x\n",
1074 len, dest);
1075
1076 status = hif_ops->load_data_master_write(adapter, dest,
1077 len,
1078 block_size,
1079 fw_p);
1080 if (status < 0) {
1081 rsi_dbg(ERR_ZONE,
1082 "Failed to load chunk %d\n", cnt);
1083 break;
1084 }
1085 fw_p += len;
1086 if (le32_to_cpu(bootload_ds.bl_entry[cnt].control) &
1087 RSI_BL_CTRL_LAST_ENTRY)
1088 break;
1089 cnt++;
1090 } while (1);
1091 } else {
1092 base_address = metadata_p->address;
1093 status = hif_ops->load_data_master_write(adapter,
1094 base_address,
1095 instructions_sz,
1096 block_size,
1097 ta_firmware);
1098 }
1099 if (status) {
1100 rsi_dbg(ERR_ZONE,
1101 "%s: Unable to load %s blk\n",
1102 __func__, metadata_p->name);
1103 goto fail_free_fw;
1104 }
1105
1106 rsi_dbg(INIT_ZONE, "%s: Successfully loaded %s instructions\n",
1107 __func__, metadata_p->name);
1108
1109 if (adapter->rsi_host_intf == RSI_HOST_INTF_SDIO) {
1110 if (hif_ops->ta_reset(adapter))
1111 rsi_dbg(ERR_ZONE, "Unable to put ta in reset\n");
1112 } else {
1113 if (bl_cmd(adapter, JUMP_TO_ZERO_PC,
1114 CMD_PASS, "JUMP_TO_ZERO") < 0)
1115 rsi_dbg(INFO_ZONE, "Jump to zero command failed\n");
1116 else
1117 rsi_dbg(INFO_ZONE, "Jump to zero command successful\n");
1118 }
1119
1120 fail_free_fw:
1121 kfree(ta_firmware);
1122 fail_release_fw:
1123 release_firmware(fw_entry);
1124
1125 return status;
1126 }
1127
1128 int rsi_hal_device_init(struct rsi_hw *adapter)
1129 {
1130 struct rsi_common *common = adapter->priv;
1131 int status;
1132
1133 switch (adapter->device_model) {
1134 case RSI_DEV_9113:
1135 status = rsi_hal_prepare_fwload(adapter);
1136 if (status < 0)
1137 return status;
1138 if (rsi_load_9113_firmware(adapter)) {
1139 rsi_dbg(ERR_ZONE,
1140 "%s: Failed to load TA instructions\n",
1141 __func__);
1142 return -EINVAL;
1143 }
1144 break;
1145 case RSI_DEV_9116:
1146 status = rsi_hal_prepare_fwload(adapter);
1147 if (status < 0)
1148 return status;
1149 if (rsi_load_9116_firmware(adapter)) {
1150 rsi_dbg(ERR_ZONE,
1151 "%s: Failed to load firmware to 9116 device\n",
1152 __func__);
1153 return -EINVAL;
1154 }
1155 break;
1156 default:
1157 return -EINVAL;
1158 }
1159 common->fsm_state = FSM_CARD_NOT_READY;
1160
1161 return 0;
1162 }
1163 EXPORT_SYMBOL_GPL(rsi_hal_device_init);
1164
