xref: /linux/drivers/net/wireless/ath/ath6kl/init.c (revision 4413e16d9d21673bb5048a2e542f1aaa00015c2e)
1 
2 /*
3  * Copyright (c) 2011 Atheros Communications Inc.
4  * Copyright (c) 2011-2012 Qualcomm Atheros, Inc.
5  *
6  * Permission to use, copy, modify, and/or distribute this software for any
7  * purpose with or without fee is hereby granted, provided that the above
8  * copyright notice and this permission notice appear in all copies.
9  *
10  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17  */
18 
19 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
20 
21 #include <linux/moduleparam.h>
22 #include <linux/errno.h>
23 #include <linux/export.h>
24 #include <linux/of.h>
25 #include <linux/mmc/sdio_func.h>
26 #include <linux/vmalloc.h>
27 
28 #include "core.h"
29 #include "cfg80211.h"
30 #include "target.h"
31 #include "debug.h"
32 #include "hif-ops.h"
33 #include "htc-ops.h"
34 
35 static const struct ath6kl_hw hw_list[] = {
36 	{
37 		.id				= AR6003_HW_2_0_VERSION,
38 		.name				= "ar6003 hw 2.0",
39 		.dataset_patch_addr		= 0x57e884,
40 		.app_load_addr			= 0x543180,
41 		.board_ext_data_addr		= 0x57e500,
42 		.reserved_ram_size		= 6912,
43 		.refclk_hz			= 26000000,
44 		.uarttx_pin			= 8,
45 		.flags				= 0,
46 
47 		/* hw2.0 needs override address hardcoded */
48 		.app_start_override_addr	= 0x944C00,
49 
50 		.fw = {
51 			.dir		= AR6003_HW_2_0_FW_DIR,
52 			.otp		= AR6003_HW_2_0_OTP_FILE,
53 			.fw		= AR6003_HW_2_0_FIRMWARE_FILE,
54 			.tcmd		= AR6003_HW_2_0_TCMD_FIRMWARE_FILE,
55 			.patch		= AR6003_HW_2_0_PATCH_FILE,
56 		},
57 
58 		.fw_board		= AR6003_HW_2_0_BOARD_DATA_FILE,
59 		.fw_default_board	= AR6003_HW_2_0_DEFAULT_BOARD_DATA_FILE,
60 	},
61 	{
62 		.id				= AR6003_HW_2_1_1_VERSION,
63 		.name				= "ar6003 hw 2.1.1",
64 		.dataset_patch_addr		= 0x57ff74,
65 		.app_load_addr			= 0x1234,
66 		.board_ext_data_addr		= 0x542330,
67 		.reserved_ram_size		= 512,
68 		.refclk_hz			= 26000000,
69 		.uarttx_pin			= 8,
70 		.testscript_addr		= 0x57ef74,
71 		.flags				= 0,
72 
73 		.fw = {
74 			.dir		= AR6003_HW_2_1_1_FW_DIR,
75 			.otp		= AR6003_HW_2_1_1_OTP_FILE,
76 			.fw		= AR6003_HW_2_1_1_FIRMWARE_FILE,
77 			.tcmd		= AR6003_HW_2_1_1_TCMD_FIRMWARE_FILE,
78 			.patch		= AR6003_HW_2_1_1_PATCH_FILE,
79 			.utf		= AR6003_HW_2_1_1_UTF_FIRMWARE_FILE,
80 			.testscript	= AR6003_HW_2_1_1_TESTSCRIPT_FILE,
81 		},
82 
83 		.fw_board		= AR6003_HW_2_1_1_BOARD_DATA_FILE,
84 		.fw_default_board = AR6003_HW_2_1_1_DEFAULT_BOARD_DATA_FILE,
85 	},
86 	{
87 		.id				= AR6004_HW_1_0_VERSION,
88 		.name				= "ar6004 hw 1.0",
89 		.dataset_patch_addr		= 0x57e884,
90 		.app_load_addr			= 0x1234,
91 		.board_ext_data_addr		= 0x437000,
92 		.reserved_ram_size		= 19456,
93 		.board_addr			= 0x433900,
94 		.refclk_hz			= 26000000,
95 		.uarttx_pin			= 11,
96 		.flags				= ATH6KL_HW_FLAG_64BIT_RATES,
97 
98 		.fw = {
99 			.dir		= AR6004_HW_1_0_FW_DIR,
100 			.fw		= AR6004_HW_1_0_FIRMWARE_FILE,
101 		},
102 
103 		.fw_board		= AR6004_HW_1_0_BOARD_DATA_FILE,
104 		.fw_default_board	= AR6004_HW_1_0_DEFAULT_BOARD_DATA_FILE,
105 	},
106 	{
107 		.id				= AR6004_HW_1_1_VERSION,
108 		.name				= "ar6004 hw 1.1",
109 		.dataset_patch_addr		= 0x57e884,
110 		.app_load_addr			= 0x1234,
111 		.board_ext_data_addr		= 0x437000,
112 		.reserved_ram_size		= 11264,
113 		.board_addr			= 0x43d400,
114 		.refclk_hz			= 40000000,
115 		.uarttx_pin			= 11,
116 		.flags				= ATH6KL_HW_FLAG_64BIT_RATES,
117 
118 		.fw = {
119 			.dir		= AR6004_HW_1_1_FW_DIR,
120 			.fw		= AR6004_HW_1_1_FIRMWARE_FILE,
121 		},
122 
123 		.fw_board		= AR6004_HW_1_1_BOARD_DATA_FILE,
124 		.fw_default_board	= AR6004_HW_1_1_DEFAULT_BOARD_DATA_FILE,
125 	},
126 	{
127 		.id				= AR6004_HW_1_2_VERSION,
128 		.name				= "ar6004 hw 1.2",
129 		.dataset_patch_addr		= 0x436ecc,
130 		.app_load_addr			= 0x1234,
131 		.board_ext_data_addr		= 0x437000,
132 		.reserved_ram_size		= 9216,
133 		.board_addr			= 0x435c00,
134 		.refclk_hz			= 40000000,
135 		.uarttx_pin			= 11,
136 		.flags				= ATH6KL_HW_FLAG_64BIT_RATES,
137 
138 		.fw = {
139 			.dir		= AR6004_HW_1_2_FW_DIR,
140 			.fw		= AR6004_HW_1_2_FIRMWARE_FILE,
141 		},
142 		.fw_board		= AR6004_HW_1_2_BOARD_DATA_FILE,
143 		.fw_default_board	= AR6004_HW_1_2_DEFAULT_BOARD_DATA_FILE,
144 	},
145 };
146 
147 /*
148  * Include definitions here that can be used to tune the WLAN module
149  * behavior. Different customers can tune the behavior as per their needs,
150  * here.
151  */
152 
153 /*
154  * This configuration item enable/disable keepalive support.
155  * Keepalive support: In the absence of any data traffic to AP, null
156  * frames will be sent to the AP at periodic interval, to keep the association
157  * active. This configuration item defines the periodic interval.
158  * Use value of zero to disable keepalive support
159  * Default: 60 seconds
160  */
161 #define WLAN_CONFIG_KEEP_ALIVE_INTERVAL 60
162 
163 /*
164  * This configuration item sets the value of disconnect timeout
165  * Firmware delays sending the disconnec event to the host for this
166  * timeout after is gets disconnected from the current AP.
167  * If the firmware successly roams within the disconnect timeout
168  * it sends a new connect event
169  */
170 #define WLAN_CONFIG_DISCONNECT_TIMEOUT 10
171 
172 
173 #define ATH6KL_DATA_OFFSET    64
174 struct sk_buff *ath6kl_buf_alloc(int size)
175 {
176 	struct sk_buff *skb;
177 	u16 reserved;
178 
179 	/* Add chacheline space at front and back of buffer */
180 	reserved = (2 * L1_CACHE_BYTES) + ATH6KL_DATA_OFFSET +
181 		   sizeof(struct htc_packet) + ATH6KL_HTC_ALIGN_BYTES;
182 	skb = dev_alloc_skb(size + reserved);
183 
184 	if (skb)
185 		skb_reserve(skb, reserved - L1_CACHE_BYTES);
186 	return skb;
187 }
188 
189 void ath6kl_init_profile_info(struct ath6kl_vif *vif)
190 {
191 	vif->ssid_len = 0;
192 	memset(vif->ssid, 0, sizeof(vif->ssid));
193 
194 	vif->dot11_auth_mode = OPEN_AUTH;
195 	vif->auth_mode = NONE_AUTH;
196 	vif->prwise_crypto = NONE_CRYPT;
197 	vif->prwise_crypto_len = 0;
198 	vif->grp_crypto = NONE_CRYPT;
199 	vif->grp_crypto_len = 0;
200 	memset(vif->wep_key_list, 0, sizeof(vif->wep_key_list));
201 	memset(vif->req_bssid, 0, sizeof(vif->req_bssid));
202 	memset(vif->bssid, 0, sizeof(vif->bssid));
203 	vif->bss_ch = 0;
204 }
205 
206 static int ath6kl_set_host_app_area(struct ath6kl *ar)
207 {
208 	u32 address, data;
209 	struct host_app_area host_app_area;
210 
211 	/* Fetch the address of the host_app_area_s
212 	 * instance in the host interest area */
213 	address = ath6kl_get_hi_item_addr(ar, HI_ITEM(hi_app_host_interest));
214 	address = TARG_VTOP(ar->target_type, address);
215 
216 	if (ath6kl_diag_read32(ar, address, &data))
217 		return -EIO;
218 
219 	address = TARG_VTOP(ar->target_type, data);
220 	host_app_area.wmi_protocol_ver = cpu_to_le32(WMI_PROTOCOL_VERSION);
221 	if (ath6kl_diag_write(ar, address, (u8 *) &host_app_area,
222 			      sizeof(struct host_app_area)))
223 		return -EIO;
224 
225 	return 0;
226 }
227 
228 static inline void set_ac2_ep_map(struct ath6kl *ar,
229 				  u8 ac,
230 				  enum htc_endpoint_id ep)
231 {
232 	ar->ac2ep_map[ac] = ep;
233 	ar->ep2ac_map[ep] = ac;
234 }
235 
236 /* connect to a service */
237 static int ath6kl_connectservice(struct ath6kl *ar,
238 				 struct htc_service_connect_req  *con_req,
239 				 char *desc)
240 {
241 	int status;
242 	struct htc_service_connect_resp response;
243 
244 	memset(&response, 0, sizeof(response));
245 
246 	status = ath6kl_htc_conn_service(ar->htc_target, con_req, &response);
247 	if (status) {
248 		ath6kl_err("failed to connect to %s service status:%d\n",
249 			   desc, status);
250 		return status;
251 	}
252 
253 	switch (con_req->svc_id) {
254 	case WMI_CONTROL_SVC:
255 		if (test_bit(WMI_ENABLED, &ar->flag))
256 			ath6kl_wmi_set_control_ep(ar->wmi, response.endpoint);
257 		ar->ctrl_ep = response.endpoint;
258 		break;
259 	case WMI_DATA_BE_SVC:
260 		set_ac2_ep_map(ar, WMM_AC_BE, response.endpoint);
261 		break;
262 	case WMI_DATA_BK_SVC:
263 		set_ac2_ep_map(ar, WMM_AC_BK, response.endpoint);
264 		break;
265 	case WMI_DATA_VI_SVC:
266 		set_ac2_ep_map(ar, WMM_AC_VI, response.endpoint);
267 		break;
268 	case WMI_DATA_VO_SVC:
269 		set_ac2_ep_map(ar, WMM_AC_VO, response.endpoint);
270 		break;
271 	default:
272 		ath6kl_err("service id is not mapped %d\n", con_req->svc_id);
273 		return -EINVAL;
274 	}
275 
276 	return 0;
277 }
278 
279 static int ath6kl_init_service_ep(struct ath6kl *ar)
280 {
281 	struct htc_service_connect_req connect;
282 
283 	memset(&connect, 0, sizeof(connect));
284 
285 	/* these fields are the same for all service endpoints */
286 	connect.ep_cb.tx_comp_multi = ath6kl_tx_complete;
287 	connect.ep_cb.rx = ath6kl_rx;
288 	connect.ep_cb.rx_refill = ath6kl_rx_refill;
289 	connect.ep_cb.tx_full = ath6kl_tx_queue_full;
290 
291 	/*
292 	 * Set the max queue depth so that our ath6kl_tx_queue_full handler
293 	 * gets called.
294 	*/
295 	connect.max_txq_depth = MAX_DEFAULT_SEND_QUEUE_DEPTH;
296 	connect.ep_cb.rx_refill_thresh = ATH6KL_MAX_RX_BUFFERS / 4;
297 	if (!connect.ep_cb.rx_refill_thresh)
298 		connect.ep_cb.rx_refill_thresh++;
299 
300 	/* connect to control service */
301 	connect.svc_id = WMI_CONTROL_SVC;
302 	if (ath6kl_connectservice(ar, &connect, "WMI CONTROL"))
303 		return -EIO;
304 
305 	connect.flags |= HTC_FLGS_TX_BNDL_PAD_EN;
306 
307 	/*
308 	 * Limit the HTC message size on the send path, although e can
309 	 * receive A-MSDU frames of 4K, we will only send ethernet-sized
310 	 * (802.3) frames on the send path.
311 	 */
312 	connect.max_rxmsg_sz = WMI_MAX_TX_DATA_FRAME_LENGTH;
313 
314 	/*
315 	 * To reduce the amount of committed memory for larger A_MSDU
316 	 * frames, use the recv-alloc threshold mechanism for larger
317 	 * packets.
318 	 */
319 	connect.ep_cb.rx_alloc_thresh = ATH6KL_BUFFER_SIZE;
320 	connect.ep_cb.rx_allocthresh = ath6kl_alloc_amsdu_rxbuf;
321 
322 	/*
323 	 * For the remaining data services set the connection flag to
324 	 * reduce dribbling, if configured to do so.
325 	 */
326 	connect.conn_flags |= HTC_CONN_FLGS_REDUCE_CRED_DRIB;
327 	connect.conn_flags &= ~HTC_CONN_FLGS_THRESH_MASK;
328 	connect.conn_flags |= HTC_CONN_FLGS_THRESH_LVL_HALF;
329 
330 	connect.svc_id = WMI_DATA_BE_SVC;
331 
332 	if (ath6kl_connectservice(ar, &connect, "WMI DATA BE"))
333 		return -EIO;
334 
335 	/* connect to back-ground map this to WMI LOW_PRI */
336 	connect.svc_id = WMI_DATA_BK_SVC;
337 	if (ath6kl_connectservice(ar, &connect, "WMI DATA BK"))
338 		return -EIO;
339 
340 	/* connect to Video service, map this to to HI PRI */
341 	connect.svc_id = WMI_DATA_VI_SVC;
342 	if (ath6kl_connectservice(ar, &connect, "WMI DATA VI"))
343 		return -EIO;
344 
345 	/*
346 	 * Connect to VO service, this is currently not mapped to a WMI
347 	 * priority stream due to historical reasons. WMI originally
348 	 * defined 3 priorities over 3 mailboxes We can change this when
349 	 * WMI is reworked so that priorities are not dependent on
350 	 * mailboxes.
351 	 */
352 	connect.svc_id = WMI_DATA_VO_SVC;
353 	if (ath6kl_connectservice(ar, &connect, "WMI DATA VO"))
354 		return -EIO;
355 
356 	return 0;
357 }
358 
359 void ath6kl_init_control_info(struct ath6kl_vif *vif)
360 {
361 	ath6kl_init_profile_info(vif);
362 	vif->def_txkey_index = 0;
363 	memset(vif->wep_key_list, 0, sizeof(vif->wep_key_list));
364 	vif->ch_hint = 0;
365 }
366 
367 /*
368  * Set HTC/Mbox operational parameters, this can only be called when the
369  * target is in the BMI phase.
370  */
371 static int ath6kl_set_htc_params(struct ath6kl *ar, u32 mbox_isr_yield_val,
372 				 u8 htc_ctrl_buf)
373 {
374 	int status;
375 	u32 blk_size;
376 
377 	blk_size = ar->mbox_info.block_size;
378 
379 	if (htc_ctrl_buf)
380 		blk_size |=  ((u32)htc_ctrl_buf) << 16;
381 
382 	/* set the host interest area for the block size */
383 	status = ath6kl_bmi_write_hi32(ar, hi_mbox_io_block_sz, blk_size);
384 	if (status) {
385 		ath6kl_err("bmi_write_memory for IO block size failed\n");
386 		goto out;
387 	}
388 
389 	ath6kl_dbg(ATH6KL_DBG_TRC, "block size set: %d (target addr:0x%X)\n",
390 		   blk_size,
391 		   ath6kl_get_hi_item_addr(ar, HI_ITEM(hi_mbox_io_block_sz)));
392 
393 	if (mbox_isr_yield_val) {
394 		/* set the host interest area for the mbox ISR yield limit */
395 		status = ath6kl_bmi_write_hi32(ar, hi_mbox_isr_yield_limit,
396 					       mbox_isr_yield_val);
397 		if (status) {
398 			ath6kl_err("bmi_write_memory for yield limit failed\n");
399 			goto out;
400 		}
401 	}
402 
403 out:
404 	return status;
405 }
406 
407 static int ath6kl_target_config_wlan_params(struct ath6kl *ar, int idx)
408 {
409 	int ret;
410 
411 	/*
412 	 * Configure the device for rx dot11 header rules. "0,0" are the
413 	 * default values. Required if checksum offload is needed. Set
414 	 * RxMetaVersion to 2.
415 	 */
416 	ret = ath6kl_wmi_set_rx_frame_format_cmd(ar->wmi, idx,
417 						 ar->rx_meta_ver, 0, 0);
418 	if (ret) {
419 		ath6kl_err("unable to set the rx frame format: %d\n", ret);
420 		return ret;
421 	}
422 
423 	if (ar->conf_flags & ATH6KL_CONF_IGNORE_PS_FAIL_EVT_IN_SCAN) {
424 		ret = ath6kl_wmi_pmparams_cmd(ar->wmi, idx, 0, 1, 0, 0, 1,
425 					      IGNORE_PS_FAIL_DURING_SCAN);
426 		if (ret) {
427 			ath6kl_err("unable to set power save fail event policy: %d\n",
428 				   ret);
429 			return ret;
430 		}
431 	}
432 
433 	if (!(ar->conf_flags & ATH6KL_CONF_IGNORE_ERP_BARKER)) {
434 		ret = ath6kl_wmi_set_lpreamble_cmd(ar->wmi, idx, 0,
435 						   WMI_FOLLOW_BARKER_IN_ERP);
436 		if (ret) {
437 			ath6kl_err("unable to set barker preamble policy: %d\n",
438 				   ret);
439 			return ret;
440 		}
441 	}
442 
443 	ret = ath6kl_wmi_set_keepalive_cmd(ar->wmi, idx,
444 					   WLAN_CONFIG_KEEP_ALIVE_INTERVAL);
445 	if (ret) {
446 		ath6kl_err("unable to set keep alive interval: %d\n", ret);
447 		return ret;
448 	}
449 
450 	ret = ath6kl_wmi_disctimeout_cmd(ar->wmi, idx,
451 					 WLAN_CONFIG_DISCONNECT_TIMEOUT);
452 	if (ret) {
453 		ath6kl_err("unable to set disconnect timeout: %d\n", ret);
454 		return ret;
455 	}
456 
457 	if (!(ar->conf_flags & ATH6KL_CONF_ENABLE_TX_BURST)) {
458 		ret = ath6kl_wmi_set_wmm_txop(ar->wmi, idx, WMI_TXOP_DISABLED);
459 		if (ret) {
460 			ath6kl_err("unable to set txop bursting: %d\n", ret);
461 			return ret;
462 		}
463 	}
464 
465 	if (ar->p2p && (ar->vif_max == 1 || idx)) {
466 		ret = ath6kl_wmi_info_req_cmd(ar->wmi, idx,
467 					      P2P_FLAG_CAPABILITIES_REQ |
468 					      P2P_FLAG_MACADDR_REQ |
469 					      P2P_FLAG_HMODEL_REQ);
470 		if (ret) {
471 			ath6kl_dbg(ATH6KL_DBG_TRC,
472 				   "failed to request P2P capabilities (%d) - assuming P2P not supported\n",
473 				   ret);
474 			ar->p2p = false;
475 		}
476 	}
477 
478 	if (ar->p2p && (ar->vif_max == 1 || idx)) {
479 		/* Enable Probe Request reporting for P2P */
480 		ret = ath6kl_wmi_probe_report_req_cmd(ar->wmi, idx, true);
481 		if (ret) {
482 			ath6kl_dbg(ATH6KL_DBG_TRC,
483 				   "failed to enable Probe Request reporting (%d)\n",
484 				   ret);
485 		}
486 	}
487 
488 	return ret;
489 }
490 
491 int ath6kl_configure_target(struct ath6kl *ar)
492 {
493 	u32 param, ram_reserved_size;
494 	u8 fw_iftype, fw_mode = 0, fw_submode = 0;
495 	int i, status;
496 
497 	param = !!(ar->conf_flags & ATH6KL_CONF_UART_DEBUG);
498 	if (ath6kl_bmi_write_hi32(ar, hi_serial_enable, param)) {
499 		ath6kl_err("bmi_write_memory for uart debug failed\n");
500 		return -EIO;
501 	}
502 
503 	/*
504 	 * Note: Even though the firmware interface type is
505 	 * chosen as BSS_STA for all three interfaces, can
506 	 * be configured to IBSS/AP as long as the fw submode
507 	 * remains normal mode (0 - AP, STA and IBSS). But
508 	 * due to an target assert in firmware only one interface is
509 	 * configured for now.
510 	 */
511 	fw_iftype = HI_OPTION_FW_MODE_BSS_STA;
512 
513 	for (i = 0; i < ar->vif_max; i++)
514 		fw_mode |= fw_iftype << (i * HI_OPTION_FW_MODE_BITS);
515 
516 	/*
517 	 * Submodes when fw does not support dynamic interface
518 	 * switching:
519 	 *		vif[0] - AP/STA/IBSS
520 	 *		vif[1] - "P2P dev"/"P2P GO"/"P2P Client"
521 	 *		vif[2] - "P2P dev"/"P2P GO"/"P2P Client"
522 	 * Otherwise, All the interface are initialized to p2p dev.
523 	 */
524 
525 	if (test_bit(ATH6KL_FW_CAPABILITY_STA_P2PDEV_DUPLEX,
526 		     ar->fw_capabilities)) {
527 		for (i = 0; i < ar->vif_max; i++)
528 			fw_submode |= HI_OPTION_FW_SUBMODE_P2PDEV <<
529 				(i * HI_OPTION_FW_SUBMODE_BITS);
530 	} else {
531 		for (i = 0; i < ar->max_norm_iface; i++)
532 			fw_submode |= HI_OPTION_FW_SUBMODE_NONE <<
533 				(i * HI_OPTION_FW_SUBMODE_BITS);
534 
535 		for (i = ar->max_norm_iface; i < ar->vif_max; i++)
536 			fw_submode |= HI_OPTION_FW_SUBMODE_P2PDEV <<
537 				(i * HI_OPTION_FW_SUBMODE_BITS);
538 
539 		if (ar->p2p && ar->vif_max == 1)
540 			fw_submode = HI_OPTION_FW_SUBMODE_P2PDEV;
541 	}
542 
543 	if (ath6kl_bmi_write_hi32(ar, hi_app_host_interest,
544 				  HTC_PROTOCOL_VERSION) != 0) {
545 		ath6kl_err("bmi_write_memory for htc version failed\n");
546 		return -EIO;
547 	}
548 
549 	/* set the firmware mode to STA/IBSS/AP */
550 	param = 0;
551 
552 	if (ath6kl_bmi_read_hi32(ar, hi_option_flag, &param) != 0) {
553 		ath6kl_err("bmi_read_memory for setting fwmode failed\n");
554 		return -EIO;
555 	}
556 
557 	param |= (ar->vif_max << HI_OPTION_NUM_DEV_SHIFT);
558 	param |= fw_mode << HI_OPTION_FW_MODE_SHIFT;
559 	param |= fw_submode << HI_OPTION_FW_SUBMODE_SHIFT;
560 
561 	param |= (0 << HI_OPTION_MAC_ADDR_METHOD_SHIFT);
562 	param |= (0 << HI_OPTION_FW_BRIDGE_SHIFT);
563 
564 	if (ath6kl_bmi_write_hi32(ar, hi_option_flag, param) != 0) {
565 		ath6kl_err("bmi_write_memory for setting fwmode failed\n");
566 		return -EIO;
567 	}
568 
569 	ath6kl_dbg(ATH6KL_DBG_TRC, "firmware mode set\n");
570 
571 	/*
572 	 * Hardcode the address use for the extended board data
573 	 * Ideally this should be pre-allocate by the OS at boot time
574 	 * But since it is a new feature and board data is loaded
575 	 * at init time, we have to workaround this from host.
576 	 * It is difficult to patch the firmware boot code,
577 	 * but possible in theory.
578 	 */
579 
580 	if (ar->target_type == TARGET_TYPE_AR6003) {
581 		param = ar->hw.board_ext_data_addr;
582 		ram_reserved_size = ar->hw.reserved_ram_size;
583 
584 		if (ath6kl_bmi_write_hi32(ar, hi_board_ext_data, param) != 0) {
585 			ath6kl_err("bmi_write_memory for hi_board_ext_data failed\n");
586 			return -EIO;
587 		}
588 
589 		if (ath6kl_bmi_write_hi32(ar, hi_end_ram_reserve_sz,
590 					  ram_reserved_size) != 0) {
591 			ath6kl_err("bmi_write_memory for hi_end_ram_reserve_sz failed\n");
592 			return -EIO;
593 		}
594 	}
595 
596 	/* set the block size for the target */
597 	if (ath6kl_set_htc_params(ar, MBOX_YIELD_LIMIT, 0))
598 		/* use default number of control buffers */
599 		return -EIO;
600 
601 	/* Configure GPIO AR600x UART */
602 	status = ath6kl_bmi_write_hi32(ar, hi_dbg_uart_txpin,
603 				       ar->hw.uarttx_pin);
604 	if (status)
605 		return status;
606 
607 	/* Configure target refclk_hz */
608 	status = ath6kl_bmi_write_hi32(ar, hi_refclk_hz, ar->hw.refclk_hz);
609 	if (status)
610 		return status;
611 
612 	return 0;
613 }
614 
615 /* firmware upload */
616 static int ath6kl_get_fw(struct ath6kl *ar, const char *filename,
617 			 u8 **fw, size_t *fw_len)
618 {
619 	const struct firmware *fw_entry;
620 	int ret;
621 
622 	ret = request_firmware(&fw_entry, filename, ar->dev);
623 	if (ret)
624 		return ret;
625 
626 	*fw_len = fw_entry->size;
627 	*fw = kmemdup(fw_entry->data, fw_entry->size, GFP_KERNEL);
628 
629 	if (*fw == NULL)
630 		ret = -ENOMEM;
631 
632 	release_firmware(fw_entry);
633 
634 	return ret;
635 }
636 
637 #ifdef CONFIG_OF
638 /*
639  * Check the device tree for a board-id and use it to construct
640  * the pathname to the firmware file.  Used (for now) to find a
641  * fallback to the "bdata.bin" file--typically a symlink to the
642  * appropriate board-specific file.
643  */
644 static bool check_device_tree(struct ath6kl *ar)
645 {
646 	static const char *board_id_prop = "atheros,board-id";
647 	struct device_node *node;
648 	char board_filename[64];
649 	const char *board_id;
650 	int ret;
651 
652 	for_each_compatible_node(node, NULL, "atheros,ath6kl") {
653 		board_id = of_get_property(node, board_id_prop, NULL);
654 		if (board_id == NULL) {
655 			ath6kl_warn("No \"%s\" property on %s node.\n",
656 				    board_id_prop, node->name);
657 			continue;
658 		}
659 		snprintf(board_filename, sizeof(board_filename),
660 			 "%s/bdata.%s.bin", ar->hw.fw.dir, board_id);
661 
662 		ret = ath6kl_get_fw(ar, board_filename, &ar->fw_board,
663 				    &ar->fw_board_len);
664 		if (ret) {
665 			ath6kl_err("Failed to get DT board file %s: %d\n",
666 				   board_filename, ret);
667 			continue;
668 		}
669 		return true;
670 	}
671 	return false;
672 }
673 #else
674 static bool check_device_tree(struct ath6kl *ar)
675 {
676 	return false;
677 }
678 #endif /* CONFIG_OF */
679 
680 static int ath6kl_fetch_board_file(struct ath6kl *ar)
681 {
682 	const char *filename;
683 	int ret;
684 
685 	if (ar->fw_board != NULL)
686 		return 0;
687 
688 	if (WARN_ON(ar->hw.fw_board == NULL))
689 		return -EINVAL;
690 
691 	filename = ar->hw.fw_board;
692 
693 	ret = ath6kl_get_fw(ar, filename, &ar->fw_board,
694 			    &ar->fw_board_len);
695 	if (ret == 0) {
696 		/* managed to get proper board file */
697 		return 0;
698 	}
699 
700 	if (check_device_tree(ar)) {
701 		/* got board file from device tree */
702 		return 0;
703 	}
704 
705 	/* there was no proper board file, try to use default instead */
706 	ath6kl_warn("Failed to get board file %s (%d), trying to find default board file.\n",
707 		    filename, ret);
708 
709 	filename = ar->hw.fw_default_board;
710 
711 	ret = ath6kl_get_fw(ar, filename, &ar->fw_board,
712 			    &ar->fw_board_len);
713 	if (ret) {
714 		ath6kl_err("Failed to get default board file %s: %d\n",
715 			   filename, ret);
716 		return ret;
717 	}
718 
719 	ath6kl_warn("WARNING! No proper board file was not found, instead using a default board file.\n");
720 	ath6kl_warn("Most likely your hardware won't work as specified. Install correct board file!\n");
721 
722 	return 0;
723 }
724 
725 static int ath6kl_fetch_otp_file(struct ath6kl *ar)
726 {
727 	char filename[100];
728 	int ret;
729 
730 	if (ar->fw_otp != NULL)
731 		return 0;
732 
733 	if (ar->hw.fw.otp == NULL) {
734 		ath6kl_dbg(ATH6KL_DBG_BOOT,
735 			   "no OTP file configured for this hw\n");
736 		return 0;
737 	}
738 
739 	snprintf(filename, sizeof(filename), "%s/%s",
740 		 ar->hw.fw.dir, ar->hw.fw.otp);
741 
742 	ret = ath6kl_get_fw(ar, filename, &ar->fw_otp,
743 			    &ar->fw_otp_len);
744 	if (ret) {
745 		ath6kl_err("Failed to get OTP file %s: %d\n",
746 			   filename, ret);
747 		return ret;
748 	}
749 
750 	return 0;
751 }
752 
753 static int ath6kl_fetch_testmode_file(struct ath6kl *ar)
754 {
755 	char filename[100];
756 	int ret;
757 
758 	if (ar->testmode == 0)
759 		return 0;
760 
761 	ath6kl_dbg(ATH6KL_DBG_BOOT, "testmode %d\n", ar->testmode);
762 
763 	if (ar->testmode == 2) {
764 		if (ar->hw.fw.utf == NULL) {
765 			ath6kl_warn("testmode 2 not supported\n");
766 			return -EOPNOTSUPP;
767 		}
768 
769 		snprintf(filename, sizeof(filename), "%s/%s",
770 			 ar->hw.fw.dir, ar->hw.fw.utf);
771 	} else {
772 		if (ar->hw.fw.tcmd == NULL) {
773 			ath6kl_warn("testmode 1 not supported\n");
774 			return -EOPNOTSUPP;
775 		}
776 
777 		snprintf(filename, sizeof(filename), "%s/%s",
778 			 ar->hw.fw.dir, ar->hw.fw.tcmd);
779 	}
780 
781 	set_bit(TESTMODE, &ar->flag);
782 
783 	ret = ath6kl_get_fw(ar, filename, &ar->fw, &ar->fw_len);
784 	if (ret) {
785 		ath6kl_err("Failed to get testmode %d firmware file %s: %d\n",
786 			   ar->testmode, filename, ret);
787 		return ret;
788 	}
789 
790 	return 0;
791 }
792 
793 static int ath6kl_fetch_fw_file(struct ath6kl *ar)
794 {
795 	char filename[100];
796 	int ret;
797 
798 	if (ar->fw != NULL)
799 		return 0;
800 
801 	/* FIXME: remove WARN_ON() as we won't support FW API 1 for long */
802 	if (WARN_ON(ar->hw.fw.fw == NULL))
803 		return -EINVAL;
804 
805 	snprintf(filename, sizeof(filename), "%s/%s",
806 		 ar->hw.fw.dir, ar->hw.fw.fw);
807 
808 	ret = ath6kl_get_fw(ar, filename, &ar->fw, &ar->fw_len);
809 	if (ret) {
810 		ath6kl_err("Failed to get firmware file %s: %d\n",
811 			   filename, ret);
812 		return ret;
813 	}
814 
815 	return 0;
816 }
817 
818 static int ath6kl_fetch_patch_file(struct ath6kl *ar)
819 {
820 	char filename[100];
821 	int ret;
822 
823 	if (ar->fw_patch != NULL)
824 		return 0;
825 
826 	if (ar->hw.fw.patch == NULL)
827 		return 0;
828 
829 	snprintf(filename, sizeof(filename), "%s/%s",
830 		 ar->hw.fw.dir, ar->hw.fw.patch);
831 
832 	ret = ath6kl_get_fw(ar, filename, &ar->fw_patch,
833 			    &ar->fw_patch_len);
834 	if (ret) {
835 		ath6kl_err("Failed to get patch file %s: %d\n",
836 			   filename, ret);
837 		return ret;
838 	}
839 
840 	return 0;
841 }
842 
843 static int ath6kl_fetch_testscript_file(struct ath6kl *ar)
844 {
845 	char filename[100];
846 	int ret;
847 
848 	if (ar->testmode != 2)
849 		return 0;
850 
851 	if (ar->fw_testscript != NULL)
852 		return 0;
853 
854 	if (ar->hw.fw.testscript == NULL)
855 		return 0;
856 
857 	snprintf(filename, sizeof(filename), "%s/%s",
858 		 ar->hw.fw.dir, ar->hw.fw.testscript);
859 
860 	ret = ath6kl_get_fw(ar, filename, &ar->fw_testscript,
861 				&ar->fw_testscript_len);
862 	if (ret) {
863 		ath6kl_err("Failed to get testscript file %s: %d\n",
864 			   filename, ret);
865 		return ret;
866 	}
867 
868 	return 0;
869 }
870 
871 static int ath6kl_fetch_fw_api1(struct ath6kl *ar)
872 {
873 	int ret;
874 
875 	ret = ath6kl_fetch_otp_file(ar);
876 	if (ret)
877 		return ret;
878 
879 	ret = ath6kl_fetch_fw_file(ar);
880 	if (ret)
881 		return ret;
882 
883 	ret = ath6kl_fetch_patch_file(ar);
884 	if (ret)
885 		return ret;
886 
887 	ret = ath6kl_fetch_testscript_file(ar);
888 	if (ret)
889 		return ret;
890 
891 	return 0;
892 }
893 
894 static int ath6kl_fetch_fw_apin(struct ath6kl *ar, const char *name)
895 {
896 	size_t magic_len, len, ie_len;
897 	const struct firmware *fw;
898 	struct ath6kl_fw_ie *hdr;
899 	char filename[100];
900 	const u8 *data;
901 	int ret, ie_id, i, index, bit;
902 	__le32 *val;
903 
904 	snprintf(filename, sizeof(filename), "%s/%s", ar->hw.fw.dir, name);
905 
906 	ret = request_firmware(&fw, filename, ar->dev);
907 	if (ret)
908 		return ret;
909 
910 	data = fw->data;
911 	len = fw->size;
912 
913 	/* magic also includes the null byte, check that as well */
914 	magic_len = strlen(ATH6KL_FIRMWARE_MAGIC) + 1;
915 
916 	if (len < magic_len) {
917 		ret = -EINVAL;
918 		goto out;
919 	}
920 
921 	if (memcmp(data, ATH6KL_FIRMWARE_MAGIC, magic_len) != 0) {
922 		ret = -EINVAL;
923 		goto out;
924 	}
925 
926 	len -= magic_len;
927 	data += magic_len;
928 
929 	/* loop elements */
930 	while (len > sizeof(struct ath6kl_fw_ie)) {
931 		/* hdr is unaligned! */
932 		hdr = (struct ath6kl_fw_ie *) data;
933 
934 		ie_id = le32_to_cpup(&hdr->id);
935 		ie_len = le32_to_cpup(&hdr->len);
936 
937 		len -= sizeof(*hdr);
938 		data += sizeof(*hdr);
939 
940 		if (len < ie_len) {
941 			ret = -EINVAL;
942 			goto out;
943 		}
944 
945 		switch (ie_id) {
946 		case ATH6KL_FW_IE_FW_VERSION:
947 			strlcpy(ar->wiphy->fw_version, data,
948 				sizeof(ar->wiphy->fw_version));
949 
950 			ath6kl_dbg(ATH6KL_DBG_BOOT,
951 				   "found fw version %s\n",
952 				    ar->wiphy->fw_version);
953 			break;
954 		case ATH6KL_FW_IE_OTP_IMAGE:
955 			ath6kl_dbg(ATH6KL_DBG_BOOT, "found otp image ie (%zd B)\n",
956 				   ie_len);
957 
958 			ar->fw_otp = kmemdup(data, ie_len, GFP_KERNEL);
959 
960 			if (ar->fw_otp == NULL) {
961 				ret = -ENOMEM;
962 				goto out;
963 			}
964 
965 			ar->fw_otp_len = ie_len;
966 			break;
967 		case ATH6KL_FW_IE_FW_IMAGE:
968 			ath6kl_dbg(ATH6KL_DBG_BOOT, "found fw image ie (%zd B)\n",
969 				   ie_len);
970 
971 			/* in testmode we already might have a fw file */
972 			if (ar->fw != NULL)
973 				break;
974 
975 			ar->fw = vmalloc(ie_len);
976 
977 			if (ar->fw == NULL) {
978 				ret = -ENOMEM;
979 				goto out;
980 			}
981 
982 			memcpy(ar->fw, data, ie_len);
983 			ar->fw_len = ie_len;
984 			break;
985 		case ATH6KL_FW_IE_PATCH_IMAGE:
986 			ath6kl_dbg(ATH6KL_DBG_BOOT, "found patch image ie (%zd B)\n",
987 				   ie_len);
988 
989 			ar->fw_patch = kmemdup(data, ie_len, GFP_KERNEL);
990 
991 			if (ar->fw_patch == NULL) {
992 				ret = -ENOMEM;
993 				goto out;
994 			}
995 
996 			ar->fw_patch_len = ie_len;
997 			break;
998 		case ATH6KL_FW_IE_RESERVED_RAM_SIZE:
999 			val = (__le32 *) data;
1000 			ar->hw.reserved_ram_size = le32_to_cpup(val);
1001 
1002 			ath6kl_dbg(ATH6KL_DBG_BOOT,
1003 				   "found reserved ram size ie 0x%d\n",
1004 				   ar->hw.reserved_ram_size);
1005 			break;
1006 		case ATH6KL_FW_IE_CAPABILITIES:
1007 			ath6kl_dbg(ATH6KL_DBG_BOOT,
1008 				   "found firmware capabilities ie (%zd B)\n",
1009 				   ie_len);
1010 
1011 			for (i = 0; i < ATH6KL_FW_CAPABILITY_MAX; i++) {
1012 				index = i / 8;
1013 				bit = i % 8;
1014 
1015 				if (index == ie_len)
1016 					break;
1017 
1018 				if (data[index] & (1 << bit))
1019 					__set_bit(i, ar->fw_capabilities);
1020 			}
1021 
1022 			ath6kl_dbg_dump(ATH6KL_DBG_BOOT, "capabilities", "",
1023 					ar->fw_capabilities,
1024 					sizeof(ar->fw_capabilities));
1025 			break;
1026 		case ATH6KL_FW_IE_PATCH_ADDR:
1027 			if (ie_len != sizeof(*val))
1028 				break;
1029 
1030 			val = (__le32 *) data;
1031 			ar->hw.dataset_patch_addr = le32_to_cpup(val);
1032 
1033 			ath6kl_dbg(ATH6KL_DBG_BOOT,
1034 				   "found patch address ie 0x%x\n",
1035 				   ar->hw.dataset_patch_addr);
1036 			break;
1037 		case ATH6KL_FW_IE_BOARD_ADDR:
1038 			if (ie_len != sizeof(*val))
1039 				break;
1040 
1041 			val = (__le32 *) data;
1042 			ar->hw.board_addr = le32_to_cpup(val);
1043 
1044 			ath6kl_dbg(ATH6KL_DBG_BOOT,
1045 				   "found board address ie 0x%x\n",
1046 				   ar->hw.board_addr);
1047 			break;
1048 		case ATH6KL_FW_IE_VIF_MAX:
1049 			if (ie_len != sizeof(*val))
1050 				break;
1051 
1052 			val = (__le32 *) data;
1053 			ar->vif_max = min_t(unsigned int, le32_to_cpup(val),
1054 					    ATH6KL_VIF_MAX);
1055 
1056 			if (ar->vif_max > 1 && !ar->p2p)
1057 				ar->max_norm_iface = 2;
1058 
1059 			ath6kl_dbg(ATH6KL_DBG_BOOT,
1060 				   "found vif max ie %d\n", ar->vif_max);
1061 			break;
1062 		default:
1063 			ath6kl_dbg(ATH6KL_DBG_BOOT, "Unknown fw ie: %u\n",
1064 				   le32_to_cpup(&hdr->id));
1065 			break;
1066 		}
1067 
1068 		len -= ie_len;
1069 		data += ie_len;
1070 	};
1071 
1072 	ret = 0;
1073 out:
1074 	release_firmware(fw);
1075 
1076 	return ret;
1077 }
1078 
1079 int ath6kl_init_fetch_firmwares(struct ath6kl *ar)
1080 {
1081 	int ret;
1082 
1083 	ret = ath6kl_fetch_board_file(ar);
1084 	if (ret)
1085 		return ret;
1086 
1087 	ret = ath6kl_fetch_testmode_file(ar);
1088 	if (ret)
1089 		return ret;
1090 
1091 	ret = ath6kl_fetch_fw_apin(ar, ATH6KL_FW_API3_FILE);
1092 	if (ret == 0) {
1093 		ar->fw_api = 3;
1094 		goto out;
1095 	}
1096 
1097 	ret = ath6kl_fetch_fw_apin(ar, ATH6KL_FW_API2_FILE);
1098 	if (ret == 0) {
1099 		ar->fw_api = 2;
1100 		goto out;
1101 	}
1102 
1103 	ret = ath6kl_fetch_fw_api1(ar);
1104 	if (ret)
1105 		return ret;
1106 
1107 	ar->fw_api = 1;
1108 
1109 out:
1110 	ath6kl_dbg(ATH6KL_DBG_BOOT, "using fw api %d\n", ar->fw_api);
1111 
1112 	return 0;
1113 }
1114 
1115 static int ath6kl_upload_board_file(struct ath6kl *ar)
1116 {
1117 	u32 board_address, board_ext_address, param;
1118 	u32 board_data_size, board_ext_data_size;
1119 	int ret;
1120 
1121 	if (WARN_ON(ar->fw_board == NULL))
1122 		return -ENOENT;
1123 
1124 	/*
1125 	 * Determine where in Target RAM to write Board Data.
1126 	 * For AR6004, host determine Target RAM address for
1127 	 * writing board data.
1128 	 */
1129 	if (ar->hw.board_addr != 0) {
1130 		board_address = ar->hw.board_addr;
1131 		ath6kl_bmi_write_hi32(ar, hi_board_data,
1132 				      board_address);
1133 	} else {
1134 		ath6kl_bmi_read_hi32(ar, hi_board_data, &board_address);
1135 	}
1136 
1137 	/* determine where in target ram to write extended board data */
1138 	ath6kl_bmi_read_hi32(ar, hi_board_ext_data, &board_ext_address);
1139 
1140 	if (ar->target_type == TARGET_TYPE_AR6003 &&
1141 	    board_ext_address == 0) {
1142 		ath6kl_err("Failed to get board file target address.\n");
1143 		return -EINVAL;
1144 	}
1145 
1146 	switch (ar->target_type) {
1147 	case TARGET_TYPE_AR6003:
1148 		board_data_size = AR6003_BOARD_DATA_SZ;
1149 		board_ext_data_size = AR6003_BOARD_EXT_DATA_SZ;
1150 		if (ar->fw_board_len > (board_data_size + board_ext_data_size))
1151 			board_ext_data_size = AR6003_BOARD_EXT_DATA_SZ_V2;
1152 		break;
1153 	case TARGET_TYPE_AR6004:
1154 		board_data_size = AR6004_BOARD_DATA_SZ;
1155 		board_ext_data_size = AR6004_BOARD_EXT_DATA_SZ;
1156 		break;
1157 	default:
1158 		WARN_ON(1);
1159 		return -EINVAL;
1160 		break;
1161 	}
1162 
1163 	if (board_ext_address &&
1164 	    ar->fw_board_len == (board_data_size + board_ext_data_size)) {
1165 
1166 		/* write extended board data */
1167 		ath6kl_dbg(ATH6KL_DBG_BOOT,
1168 			   "writing extended board data to 0x%x (%d B)\n",
1169 			   board_ext_address, board_ext_data_size);
1170 
1171 		ret = ath6kl_bmi_write(ar, board_ext_address,
1172 				       ar->fw_board + board_data_size,
1173 				       board_ext_data_size);
1174 		if (ret) {
1175 			ath6kl_err("Failed to write extended board data: %d\n",
1176 				   ret);
1177 			return ret;
1178 		}
1179 
1180 		/* record that extended board data is initialized */
1181 		param = (board_ext_data_size << 16) | 1;
1182 
1183 		ath6kl_bmi_write_hi32(ar, hi_board_ext_data_config, param);
1184 	}
1185 
1186 	if (ar->fw_board_len < board_data_size) {
1187 		ath6kl_err("Too small board file: %zu\n", ar->fw_board_len);
1188 		ret = -EINVAL;
1189 		return ret;
1190 	}
1191 
1192 	ath6kl_dbg(ATH6KL_DBG_BOOT, "writing board file to 0x%x (%d B)\n",
1193 		   board_address, board_data_size);
1194 
1195 	ret = ath6kl_bmi_write(ar, board_address, ar->fw_board,
1196 			       board_data_size);
1197 
1198 	if (ret) {
1199 		ath6kl_err("Board file bmi write failed: %d\n", ret);
1200 		return ret;
1201 	}
1202 
1203 	/* record the fact that Board Data IS initialized */
1204 	ath6kl_bmi_write_hi32(ar, hi_board_data_initialized, 1);
1205 
1206 	return ret;
1207 }
1208 
1209 static int ath6kl_upload_otp(struct ath6kl *ar)
1210 {
1211 	u32 address, param;
1212 	bool from_hw = false;
1213 	int ret;
1214 
1215 	if (ar->fw_otp == NULL)
1216 		return 0;
1217 
1218 	address = ar->hw.app_load_addr;
1219 
1220 	ath6kl_dbg(ATH6KL_DBG_BOOT, "writing otp to 0x%x (%zd B)\n", address,
1221 		   ar->fw_otp_len);
1222 
1223 	ret = ath6kl_bmi_fast_download(ar, address, ar->fw_otp,
1224 				       ar->fw_otp_len);
1225 	if (ret) {
1226 		ath6kl_err("Failed to upload OTP file: %d\n", ret);
1227 		return ret;
1228 	}
1229 
1230 	/* read firmware start address */
1231 	ret = ath6kl_bmi_read_hi32(ar, hi_app_start, &address);
1232 
1233 	if (ret) {
1234 		ath6kl_err("Failed to read hi_app_start: %d\n", ret);
1235 		return ret;
1236 	}
1237 
1238 	if (ar->hw.app_start_override_addr == 0) {
1239 		ar->hw.app_start_override_addr = address;
1240 		from_hw = true;
1241 	}
1242 
1243 	ath6kl_dbg(ATH6KL_DBG_BOOT, "app_start_override_addr%s 0x%x\n",
1244 		   from_hw ? " (from hw)" : "",
1245 		   ar->hw.app_start_override_addr);
1246 
1247 	/* execute the OTP code */
1248 	ath6kl_dbg(ATH6KL_DBG_BOOT, "executing OTP at 0x%x\n",
1249 		   ar->hw.app_start_override_addr);
1250 	param = 0;
1251 	ath6kl_bmi_execute(ar, ar->hw.app_start_override_addr, &param);
1252 
1253 	return ret;
1254 }
1255 
1256 static int ath6kl_upload_firmware(struct ath6kl *ar)
1257 {
1258 	u32 address;
1259 	int ret;
1260 
1261 	if (WARN_ON(ar->fw == NULL))
1262 		return 0;
1263 
1264 	address = ar->hw.app_load_addr;
1265 
1266 	ath6kl_dbg(ATH6KL_DBG_BOOT, "writing firmware to 0x%x (%zd B)\n",
1267 		   address, ar->fw_len);
1268 
1269 	ret = ath6kl_bmi_fast_download(ar, address, ar->fw, ar->fw_len);
1270 
1271 	if (ret) {
1272 		ath6kl_err("Failed to write firmware: %d\n", ret);
1273 		return ret;
1274 	}
1275 
1276 	/*
1277 	 * Set starting address for firmware
1278 	 * Don't need to setup app_start override addr on AR6004
1279 	 */
1280 	if (ar->target_type != TARGET_TYPE_AR6004) {
1281 		address = ar->hw.app_start_override_addr;
1282 		ath6kl_bmi_set_app_start(ar, address);
1283 	}
1284 	return ret;
1285 }
1286 
1287 static int ath6kl_upload_patch(struct ath6kl *ar)
1288 {
1289 	u32 address;
1290 	int ret;
1291 
1292 	if (ar->fw_patch == NULL)
1293 		return 0;
1294 
1295 	address = ar->hw.dataset_patch_addr;
1296 
1297 	ath6kl_dbg(ATH6KL_DBG_BOOT, "writing patch to 0x%x (%zd B)\n",
1298 		   address, ar->fw_patch_len);
1299 
1300 	ret = ath6kl_bmi_write(ar, address, ar->fw_patch, ar->fw_patch_len);
1301 	if (ret) {
1302 		ath6kl_err("Failed to write patch file: %d\n", ret);
1303 		return ret;
1304 	}
1305 
1306 	ath6kl_bmi_write_hi32(ar, hi_dset_list_head, address);
1307 
1308 	return 0;
1309 }
1310 
1311 static int ath6kl_upload_testscript(struct ath6kl *ar)
1312 {
1313 	u32 address;
1314 	int ret;
1315 
1316 	if (ar->testmode != 2)
1317 		return 0;
1318 
1319 	if (ar->fw_testscript == NULL)
1320 		return 0;
1321 
1322 	address = ar->hw.testscript_addr;
1323 
1324 	ath6kl_dbg(ATH6KL_DBG_BOOT, "writing testscript to 0x%x (%zd B)\n",
1325 		   address, ar->fw_testscript_len);
1326 
1327 	ret = ath6kl_bmi_write(ar, address, ar->fw_testscript,
1328 		ar->fw_testscript_len);
1329 	if (ret) {
1330 		ath6kl_err("Failed to write testscript file: %d\n", ret);
1331 		return ret;
1332 	}
1333 
1334 	ath6kl_bmi_write_hi32(ar, hi_ota_testscript, address);
1335 	ath6kl_bmi_write_hi32(ar, hi_end_ram_reserve_sz, 4096);
1336 	ath6kl_bmi_write_hi32(ar, hi_test_apps_related, 1);
1337 
1338 	return 0;
1339 }
1340 
1341 static int ath6kl_init_upload(struct ath6kl *ar)
1342 {
1343 	u32 param, options, sleep, address;
1344 	int status = 0;
1345 
1346 	if (ar->target_type != TARGET_TYPE_AR6003 &&
1347 	    ar->target_type != TARGET_TYPE_AR6004)
1348 		return -EINVAL;
1349 
1350 	/* temporarily disable system sleep */
1351 	address = MBOX_BASE_ADDRESS + LOCAL_SCRATCH_ADDRESS;
1352 	status = ath6kl_bmi_reg_read(ar, address, &param);
1353 	if (status)
1354 		return status;
1355 
1356 	options = param;
1357 
1358 	param |= ATH6KL_OPTION_SLEEP_DISABLE;
1359 	status = ath6kl_bmi_reg_write(ar, address, param);
1360 	if (status)
1361 		return status;
1362 
1363 	address = RTC_BASE_ADDRESS + SYSTEM_SLEEP_ADDRESS;
1364 	status = ath6kl_bmi_reg_read(ar, address, &param);
1365 	if (status)
1366 		return status;
1367 
1368 	sleep = param;
1369 
1370 	param |= SM(SYSTEM_SLEEP_DISABLE, 1);
1371 	status = ath6kl_bmi_reg_write(ar, address, param);
1372 	if (status)
1373 		return status;
1374 
1375 	ath6kl_dbg(ATH6KL_DBG_TRC, "old options: %d, old sleep: %d\n",
1376 		   options, sleep);
1377 
1378 	/* program analog PLL register */
1379 	/* no need to control 40/44MHz clock on AR6004 */
1380 	if (ar->target_type != TARGET_TYPE_AR6004) {
1381 		status = ath6kl_bmi_reg_write(ar, ATH6KL_ANALOG_PLL_REGISTER,
1382 					      0xF9104001);
1383 
1384 		if (status)
1385 			return status;
1386 
1387 		/* Run at 80/88MHz by default */
1388 		param = SM(CPU_CLOCK_STANDARD, 1);
1389 
1390 		address = RTC_BASE_ADDRESS + CPU_CLOCK_ADDRESS;
1391 		status = ath6kl_bmi_reg_write(ar, address, param);
1392 		if (status)
1393 			return status;
1394 	}
1395 
1396 	param = 0;
1397 	address = RTC_BASE_ADDRESS + LPO_CAL_ADDRESS;
1398 	param = SM(LPO_CAL_ENABLE, 1);
1399 	status = ath6kl_bmi_reg_write(ar, address, param);
1400 	if (status)
1401 		return status;
1402 
1403 	/* WAR to avoid SDIO CRC err */
1404 	if (ar->version.target_ver == AR6003_HW_2_0_VERSION ||
1405 	    ar->version.target_ver == AR6003_HW_2_1_1_VERSION) {
1406 		ath6kl_err("temporary war to avoid sdio crc error\n");
1407 
1408 		param = 0x28;
1409 		address = GPIO_BASE_ADDRESS + GPIO_PIN9_ADDRESS;
1410 		status = ath6kl_bmi_reg_write(ar, address, param);
1411 		if (status)
1412 			return status;
1413 
1414 		param = 0x20;
1415 
1416 		address = GPIO_BASE_ADDRESS + GPIO_PIN10_ADDRESS;
1417 		status = ath6kl_bmi_reg_write(ar, address, param);
1418 		if (status)
1419 			return status;
1420 
1421 		address = GPIO_BASE_ADDRESS + GPIO_PIN11_ADDRESS;
1422 		status = ath6kl_bmi_reg_write(ar, address, param);
1423 		if (status)
1424 			return status;
1425 
1426 		address = GPIO_BASE_ADDRESS + GPIO_PIN12_ADDRESS;
1427 		status = ath6kl_bmi_reg_write(ar, address, param);
1428 		if (status)
1429 			return status;
1430 
1431 		address = GPIO_BASE_ADDRESS + GPIO_PIN13_ADDRESS;
1432 		status = ath6kl_bmi_reg_write(ar, address, param);
1433 		if (status)
1434 			return status;
1435 	}
1436 
1437 	/* write EEPROM data to Target RAM */
1438 	status = ath6kl_upload_board_file(ar);
1439 	if (status)
1440 		return status;
1441 
1442 	/* transfer One time Programmable data */
1443 	status = ath6kl_upload_otp(ar);
1444 	if (status)
1445 		return status;
1446 
1447 	/* Download Target firmware */
1448 	status = ath6kl_upload_firmware(ar);
1449 	if (status)
1450 		return status;
1451 
1452 	status = ath6kl_upload_patch(ar);
1453 	if (status)
1454 		return status;
1455 
1456 	/* Download the test script */
1457 	status = ath6kl_upload_testscript(ar);
1458 	if (status)
1459 		return status;
1460 
1461 	/* Restore system sleep */
1462 	address = RTC_BASE_ADDRESS + SYSTEM_SLEEP_ADDRESS;
1463 	status = ath6kl_bmi_reg_write(ar, address, sleep);
1464 	if (status)
1465 		return status;
1466 
1467 	address = MBOX_BASE_ADDRESS + LOCAL_SCRATCH_ADDRESS;
1468 	param = options | 0x20;
1469 	status = ath6kl_bmi_reg_write(ar, address, param);
1470 	if (status)
1471 		return status;
1472 
1473 	return status;
1474 }
1475 
1476 int ath6kl_init_hw_params(struct ath6kl *ar)
1477 {
1478 	const struct ath6kl_hw *uninitialized_var(hw);
1479 	int i;
1480 
1481 	for (i = 0; i < ARRAY_SIZE(hw_list); i++) {
1482 		hw = &hw_list[i];
1483 
1484 		if (hw->id == ar->version.target_ver)
1485 			break;
1486 	}
1487 
1488 	if (i == ARRAY_SIZE(hw_list)) {
1489 		ath6kl_err("Unsupported hardware version: 0x%x\n",
1490 			   ar->version.target_ver);
1491 		return -EINVAL;
1492 	}
1493 
1494 	ar->hw = *hw;
1495 
1496 	ath6kl_dbg(ATH6KL_DBG_BOOT,
1497 		   "target_ver 0x%x target_type 0x%x dataset_patch 0x%x app_load_addr 0x%x\n",
1498 		   ar->version.target_ver, ar->target_type,
1499 		   ar->hw.dataset_patch_addr, ar->hw.app_load_addr);
1500 	ath6kl_dbg(ATH6KL_DBG_BOOT,
1501 		   "app_start_override_addr 0x%x board_ext_data_addr 0x%x reserved_ram_size 0x%x",
1502 		   ar->hw.app_start_override_addr, ar->hw.board_ext_data_addr,
1503 		   ar->hw.reserved_ram_size);
1504 	ath6kl_dbg(ATH6KL_DBG_BOOT,
1505 		   "refclk_hz %d uarttx_pin %d",
1506 		   ar->hw.refclk_hz, ar->hw.uarttx_pin);
1507 
1508 	return 0;
1509 }
1510 
1511 static const char *ath6kl_init_get_hif_name(enum ath6kl_hif_type type)
1512 {
1513 	switch (type) {
1514 	case ATH6KL_HIF_TYPE_SDIO:
1515 		return "sdio";
1516 	case ATH6KL_HIF_TYPE_USB:
1517 		return "usb";
1518 	}
1519 
1520 	return NULL;
1521 }
1522 
1523 int ath6kl_init_hw_start(struct ath6kl *ar)
1524 {
1525 	long timeleft;
1526 	int ret, i;
1527 
1528 	ath6kl_dbg(ATH6KL_DBG_BOOT, "hw start\n");
1529 
1530 	ret = ath6kl_hif_power_on(ar);
1531 	if (ret)
1532 		return ret;
1533 
1534 	ret = ath6kl_configure_target(ar);
1535 	if (ret)
1536 		goto err_power_off;
1537 
1538 	ret = ath6kl_init_upload(ar);
1539 	if (ret)
1540 		goto err_power_off;
1541 
1542 	/* Do we need to finish the BMI phase */
1543 	/* FIXME: return error from ath6kl_bmi_done() */
1544 	if (ath6kl_bmi_done(ar)) {
1545 		ret = -EIO;
1546 		goto err_power_off;
1547 	}
1548 
1549 	/*
1550 	 * The reason we have to wait for the target here is that the
1551 	 * driver layer has to init BMI in order to set the host block
1552 	 * size.
1553 	 */
1554 	if (ath6kl_htc_wait_target(ar->htc_target)) {
1555 		ret = -EIO;
1556 		goto err_power_off;
1557 	}
1558 
1559 	if (ath6kl_init_service_ep(ar)) {
1560 		ret = -EIO;
1561 		goto err_cleanup_scatter;
1562 	}
1563 
1564 	/* setup credit distribution */
1565 	ath6kl_htc_credit_setup(ar->htc_target, &ar->credit_state_info);
1566 
1567 	/* start HTC */
1568 	ret = ath6kl_htc_start(ar->htc_target);
1569 	if (ret) {
1570 		/* FIXME: call this */
1571 		ath6kl_cookie_cleanup(ar);
1572 		goto err_cleanup_scatter;
1573 	}
1574 
1575 	/* Wait for Wmi event to be ready */
1576 	timeleft = wait_event_interruptible_timeout(ar->event_wq,
1577 						    test_bit(WMI_READY,
1578 							     &ar->flag),
1579 						    WMI_TIMEOUT);
1580 
1581 	ath6kl_dbg(ATH6KL_DBG_BOOT, "firmware booted\n");
1582 
1583 
1584 	if (test_and_clear_bit(FIRST_BOOT, &ar->flag)) {
1585 		ath6kl_info("%s %s fw %s api %d%s\n",
1586 			    ar->hw.name,
1587 			    ath6kl_init_get_hif_name(ar->hif_type),
1588 			    ar->wiphy->fw_version,
1589 			    ar->fw_api,
1590 			    test_bit(TESTMODE, &ar->flag) ? " testmode" : "");
1591 	}
1592 
1593 	if (ar->version.abi_ver != ATH6KL_ABI_VERSION) {
1594 		ath6kl_err("abi version mismatch: host(0x%x), target(0x%x)\n",
1595 			   ATH6KL_ABI_VERSION, ar->version.abi_ver);
1596 		ret = -EIO;
1597 		goto err_htc_stop;
1598 	}
1599 
1600 	if (!timeleft || signal_pending(current)) {
1601 		ath6kl_err("wmi is not ready or wait was interrupted\n");
1602 		ret = -EIO;
1603 		goto err_htc_stop;
1604 	}
1605 
1606 	ath6kl_dbg(ATH6KL_DBG_TRC, "%s: wmi is ready\n", __func__);
1607 
1608 	/* communicate the wmi protocol verision to the target */
1609 	/* FIXME: return error */
1610 	if ((ath6kl_set_host_app_area(ar)) != 0)
1611 		ath6kl_err("unable to set the host app area\n");
1612 
1613 	for (i = 0; i < ar->vif_max; i++) {
1614 		ret = ath6kl_target_config_wlan_params(ar, i);
1615 		if (ret)
1616 			goto err_htc_stop;
1617 	}
1618 
1619 	ar->state = ATH6KL_STATE_ON;
1620 
1621 	return 0;
1622 
1623 err_htc_stop:
1624 	ath6kl_htc_stop(ar->htc_target);
1625 err_cleanup_scatter:
1626 	ath6kl_hif_cleanup_scatter(ar);
1627 err_power_off:
1628 	ath6kl_hif_power_off(ar);
1629 
1630 	return ret;
1631 }
1632 
1633 int ath6kl_init_hw_stop(struct ath6kl *ar)
1634 {
1635 	int ret;
1636 
1637 	ath6kl_dbg(ATH6KL_DBG_BOOT, "hw stop\n");
1638 
1639 	ath6kl_htc_stop(ar->htc_target);
1640 
1641 	ath6kl_hif_stop(ar);
1642 
1643 	ath6kl_bmi_reset(ar);
1644 
1645 	ret = ath6kl_hif_power_off(ar);
1646 	if (ret)
1647 		ath6kl_warn("failed to power off hif: %d\n", ret);
1648 
1649 	ar->state = ATH6KL_STATE_OFF;
1650 
1651 	return 0;
1652 }
1653 
1654 /* FIXME: move this to cfg80211.c and rename to ath6kl_cfg80211_vif_stop() */
1655 void ath6kl_cleanup_vif(struct ath6kl_vif *vif, bool wmi_ready)
1656 {
1657 	static u8 bcast_mac[] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
1658 	bool discon_issued;
1659 
1660 	netif_stop_queue(vif->ndev);
1661 
1662 	clear_bit(WLAN_ENABLED, &vif->flags);
1663 
1664 	if (wmi_ready) {
1665 		discon_issued = test_bit(CONNECTED, &vif->flags) ||
1666 				test_bit(CONNECT_PEND, &vif->flags);
1667 		ath6kl_disconnect(vif);
1668 		del_timer(&vif->disconnect_timer);
1669 
1670 		if (discon_issued)
1671 			ath6kl_disconnect_event(vif, DISCONNECT_CMD,
1672 						(vif->nw_type & AP_NETWORK) ?
1673 						bcast_mac : vif->bssid,
1674 						0, NULL, 0);
1675 	}
1676 
1677 	if (vif->scan_req) {
1678 		cfg80211_scan_done(vif->scan_req, true);
1679 		vif->scan_req = NULL;
1680 	}
1681 
1682 	/* need to clean up enhanced bmiss detection fw state */
1683 	ath6kl_cfg80211_sta_bmiss_enhance(vif, false);
1684 }
1685 
1686 void ath6kl_stop_txrx(struct ath6kl *ar)
1687 {
1688 	struct ath6kl_vif *vif, *tmp_vif;
1689 	int i;
1690 
1691 	set_bit(DESTROY_IN_PROGRESS, &ar->flag);
1692 
1693 	if (down_interruptible(&ar->sem)) {
1694 		ath6kl_err("down_interruptible failed\n");
1695 		return;
1696 	}
1697 
1698 	for (i = 0; i < AP_MAX_NUM_STA; i++)
1699 		aggr_reset_state(ar->sta_list[i].aggr_conn);
1700 
1701 	spin_lock_bh(&ar->list_lock);
1702 	list_for_each_entry_safe(vif, tmp_vif, &ar->vif_list, list) {
1703 		list_del(&vif->list);
1704 		spin_unlock_bh(&ar->list_lock);
1705 		ath6kl_cleanup_vif(vif, test_bit(WMI_READY, &ar->flag));
1706 		rtnl_lock();
1707 		ath6kl_cfg80211_vif_cleanup(vif);
1708 		rtnl_unlock();
1709 		spin_lock_bh(&ar->list_lock);
1710 	}
1711 	spin_unlock_bh(&ar->list_lock);
1712 
1713 	clear_bit(WMI_READY, &ar->flag);
1714 
1715 	/*
1716 	 * After wmi_shudown all WMI events will be dropped. We
1717 	 * need to cleanup the buffers allocated in AP mode and
1718 	 * give disconnect notification to stack, which usually
1719 	 * happens in the disconnect_event. Simulate the disconnect
1720 	 * event by calling the function directly. Sometimes
1721 	 * disconnect_event will be received when the debug logs
1722 	 * are collected.
1723 	 */
1724 	ath6kl_wmi_shutdown(ar->wmi);
1725 
1726 	clear_bit(WMI_ENABLED, &ar->flag);
1727 	if (ar->htc_target) {
1728 		ath6kl_dbg(ATH6KL_DBG_TRC, "%s: shut down htc\n", __func__);
1729 		ath6kl_htc_stop(ar->htc_target);
1730 	}
1731 
1732 	/*
1733 	 * Try to reset the device if we can. The driver may have been
1734 	 * configure NOT to reset the target during a debug session.
1735 	 */
1736 	ath6kl_dbg(ATH6KL_DBG_TRC,
1737 		   "attempting to reset target on instance destroy\n");
1738 	ath6kl_reset_device(ar, ar->target_type, true, true);
1739 
1740 	clear_bit(WLAN_ENABLED, &ar->flag);
1741 
1742 	up(&ar->sem);
1743 }
1744 EXPORT_SYMBOL(ath6kl_stop_txrx);
1745