1 /** 2 * Copyright (c) 2014 Redpine Signals Inc. 3 * 4 * Permission to use, copy, modify, and/or distribute this software for any 5 * purpose with or without fee is hereby granted, provided that the above 6 * copyright notice and this permission notice appear in all copies. 7 * 8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 */ 16 17 #include <linux/firmware.h> 18 #include "rsi_mgmt.h" 19 #include "rsi_hal.h" 20 #include "rsi_sdio.h" 21 #include "rsi_common.h" 22 23 /* FLASH Firmware */ 24 static struct ta_metadata metadata_flash_content[] = { 25 {"flash_content", 0x00010000}, 26 {"rsi/rs9113_wlan_qspi.rps", 0x00010000}, 27 }; 28 29 int rsi_send_pkt_to_bus(struct rsi_common *common, struct sk_buff *skb) 30 { 31 struct rsi_hw *adapter = common->priv; 32 int status; 33 34 status = adapter->host_intf_ops->write_pkt(common->priv, 35 skb->data, skb->len); 36 return status; 37 } 38 39 static int rsi_prepare_mgmt_desc(struct rsi_common *common, struct sk_buff *skb) 40 { 41 struct rsi_hw *adapter = common->priv; 42 struct ieee80211_hdr *wh = NULL; 43 struct ieee80211_tx_info *info; 44 struct ieee80211_conf *conf = &adapter->hw->conf; 45 struct ieee80211_vif *vif; 46 struct rsi_mgmt_desc *mgmt_desc; 47 struct skb_info *tx_params; 48 struct ieee80211_bss_conf *bss = NULL; 49 struct xtended_desc *xtend_desc = NULL; 50 u8 header_size; 51 u32 dword_align_bytes = 0; 52 53 if (skb->len > MAX_MGMT_PKT_SIZE) { 54 rsi_dbg(INFO_ZONE, "%s: Dropping mgmt pkt > 512\n", __func__); 55 return -EINVAL; 56 } 57 58 info = IEEE80211_SKB_CB(skb); 59 tx_params = (struct skb_info *)info->driver_data; 60 vif = tx_params->vif; 61 62 /* Update header size */ 63 header_size = FRAME_DESC_SZ + sizeof(struct xtended_desc); 64 if (header_size > skb_headroom(skb)) { 65 rsi_dbg(ERR_ZONE, 66 "%s: Failed to add extended descriptor\n", 67 __func__); 68 return -ENOSPC; 69 } 70 skb_push(skb, header_size); 71 dword_align_bytes = ((unsigned long)skb->data & 0x3f); 72 if (dword_align_bytes > skb_headroom(skb)) { 73 rsi_dbg(ERR_ZONE, 74 "%s: Failed to add dword align\n", __func__); 75 return -ENOSPC; 76 } 77 skb_push(skb, dword_align_bytes); 78 header_size += dword_align_bytes; 79 80 tx_params->internal_hdr_size = header_size; 81 memset(&skb->data[0], 0, header_size); 82 bss = &vif->bss_conf; 83 wh = (struct ieee80211_hdr *)&skb->data[header_size]; 84 85 mgmt_desc = (struct rsi_mgmt_desc *)skb->data; 86 xtend_desc = (struct xtended_desc *)&skb->data[FRAME_DESC_SZ]; 87 88 rsi_set_len_qno(&mgmt_desc->len_qno, (skb->len - FRAME_DESC_SZ), 89 RSI_WIFI_MGMT_Q); 90 mgmt_desc->frame_type = TX_DOT11_MGMT; 91 mgmt_desc->header_len = MIN_802_11_HDR_LEN; 92 mgmt_desc->xtend_desc_size = header_size - FRAME_DESC_SZ; 93 mgmt_desc->frame_info |= cpu_to_le16(RATE_INFO_ENABLE); 94 if (is_broadcast_ether_addr(wh->addr1)) 95 mgmt_desc->frame_info |= cpu_to_le16(RSI_BROADCAST_PKT); 96 97 mgmt_desc->seq_ctrl = 98 cpu_to_le16(IEEE80211_SEQ_TO_SN(le16_to_cpu(wh->seq_ctrl))); 99 if ((common->band == NL80211_BAND_2GHZ) && !common->p2p_enabled) 100 mgmt_desc->rate_info = cpu_to_le16(RSI_RATE_1); 101 else 102 mgmt_desc->rate_info = cpu_to_le16(RSI_RATE_6); 103 104 if (conf_is_ht40(conf)) 105 mgmt_desc->bbp_info = cpu_to_le16(FULL40M_ENABLE); 106 107 if (ieee80211_is_probe_req(wh->frame_control)) { 108 if (!bss->assoc) { 109 rsi_dbg(INFO_ZONE, 110 "%s: blocking mgmt queue\n", __func__); 111 mgmt_desc->misc_flags = RSI_DESC_REQUIRE_CFM_TO_HOST; 112 xtend_desc->confirm_frame_type = PROBEREQ_CONFIRM; 113 common->mgmt_q_block = true; 114 rsi_dbg(INFO_ZONE, "Mgmt queue blocked\n"); 115 } 116 } 117 118 if (ieee80211_is_probe_resp(wh->frame_control)) { 119 mgmt_desc->misc_flags |= (RSI_ADD_DELTA_TSF_VAP_ID | 120 RSI_FETCH_RETRY_CNT_FRM_HST); 121 #define PROBE_RESP_RETRY_CNT 3 122 xtend_desc->retry_cnt = PROBE_RESP_RETRY_CNT; 123 } 124 125 if (((vif->type == NL80211_IFTYPE_AP) || 126 (vif->type == NL80211_IFTYPE_P2P_GO)) && 127 (ieee80211_is_action(wh->frame_control))) { 128 struct rsi_sta *rsta = rsi_find_sta(common, wh->addr1); 129 130 if (rsta) 131 mgmt_desc->sta_id = tx_params->sta_id; 132 else 133 return -EINVAL; 134 } 135 mgmt_desc->rate_info |= 136 cpu_to_le16((tx_params->vap_id << RSI_DESC_VAP_ID_OFST) & 137 RSI_DESC_VAP_ID_MASK); 138 139 return 0; 140 } 141 142 /* This function prepares descriptor for given data packet */ 143 static int rsi_prepare_data_desc(struct rsi_common *common, struct sk_buff *skb) 144 { 145 struct rsi_hw *adapter = common->priv; 146 struct ieee80211_vif *vif; 147 struct ieee80211_hdr *wh = NULL; 148 struct ieee80211_tx_info *info; 149 struct skb_info *tx_params; 150 struct ieee80211_bss_conf *bss; 151 struct rsi_data_desc *data_desc; 152 struct xtended_desc *xtend_desc; 153 u8 ieee80211_size = MIN_802_11_HDR_LEN; 154 u8 header_size; 155 u8 vap_id = 0; 156 u8 dword_align_bytes; 157 u16 seq_num; 158 159 info = IEEE80211_SKB_CB(skb); 160 vif = info->control.vif; 161 bss = &vif->bss_conf; 162 tx_params = (struct skb_info *)info->driver_data; 163 164 header_size = FRAME_DESC_SZ + sizeof(struct xtended_desc); 165 if (header_size > skb_headroom(skb)) { 166 rsi_dbg(ERR_ZONE, "%s: Unable to send pkt\n", __func__); 167 return -ENOSPC; 168 } 169 skb_push(skb, header_size); 170 dword_align_bytes = ((unsigned long)skb->data & 0x3f); 171 if (header_size > skb_headroom(skb)) { 172 rsi_dbg(ERR_ZONE, "%s: Not enough headroom\n", __func__); 173 return -ENOSPC; 174 } 175 skb_push(skb, dword_align_bytes); 176 header_size += dword_align_bytes; 177 178 tx_params->internal_hdr_size = header_size; 179 data_desc = (struct rsi_data_desc *)skb->data; 180 memset(data_desc, 0, header_size); 181 182 xtend_desc = (struct xtended_desc *)&skb->data[FRAME_DESC_SZ]; 183 wh = (struct ieee80211_hdr *)&skb->data[header_size]; 184 seq_num = IEEE80211_SEQ_TO_SN(le16_to_cpu(wh->seq_ctrl)); 185 186 data_desc->xtend_desc_size = header_size - FRAME_DESC_SZ; 187 188 if (ieee80211_is_data_qos(wh->frame_control)) { 189 ieee80211_size += 2; 190 data_desc->mac_flags |= cpu_to_le16(RSI_QOS_ENABLE); 191 } 192 193 if (((vif->type == NL80211_IFTYPE_STATION) || 194 (vif->type == NL80211_IFTYPE_P2P_CLIENT)) && 195 (adapter->ps_state == PS_ENABLED)) 196 wh->frame_control |= cpu_to_le16(RSI_SET_PS_ENABLE); 197 198 if ((!(info->flags & IEEE80211_TX_INTFL_DONT_ENCRYPT)) && 199 (common->secinfo.security_enable)) { 200 if (rsi_is_cipher_wep(common)) 201 ieee80211_size += 4; 202 else 203 ieee80211_size += 8; 204 data_desc->mac_flags |= cpu_to_le16(RSI_ENCRYPT_PKT); 205 } 206 rsi_set_len_qno(&data_desc->len_qno, (skb->len - FRAME_DESC_SZ), 207 RSI_WIFI_DATA_Q); 208 data_desc->header_len = ieee80211_size; 209 210 if (common->min_rate != RSI_RATE_AUTO) { 211 /* Send fixed rate */ 212 data_desc->frame_info = cpu_to_le16(RATE_INFO_ENABLE); 213 data_desc->rate_info = cpu_to_le16(common->min_rate); 214 215 if (conf_is_ht40(&common->priv->hw->conf)) 216 data_desc->bbp_info = cpu_to_le16(FULL40M_ENABLE); 217 218 if ((common->vif_info[0].sgi) && (common->min_rate & 0x100)) { 219 /* Only MCS rates */ 220 data_desc->rate_info |= 221 cpu_to_le16(ENABLE_SHORTGI_RATE); 222 } 223 } 224 225 if (skb->protocol == cpu_to_be16(ETH_P_PAE)) { 226 rsi_dbg(INFO_ZONE, "*** Tx EAPOL ***\n"); 227 228 data_desc->frame_info = cpu_to_le16(RATE_INFO_ENABLE); 229 if (common->band == NL80211_BAND_5GHZ) 230 data_desc->rate_info = cpu_to_le16(RSI_RATE_6); 231 else 232 data_desc->rate_info = cpu_to_le16(RSI_RATE_1); 233 data_desc->mac_flags |= cpu_to_le16(RSI_REKEY_PURPOSE); 234 data_desc->misc_flags |= RSI_FETCH_RETRY_CNT_FRM_HST; 235 #define EAPOL_RETRY_CNT 15 236 xtend_desc->retry_cnt = EAPOL_RETRY_CNT; 237 } 238 239 data_desc->mac_flags = cpu_to_le16(seq_num & 0xfff); 240 data_desc->qid_tid = ((skb->priority & 0xf) | 241 ((tx_params->tid & 0xf) << 4)); 242 data_desc->sta_id = tx_params->sta_id; 243 244 if ((is_broadcast_ether_addr(wh->addr1)) || 245 (is_multicast_ether_addr(wh->addr1))) { 246 data_desc->frame_info = cpu_to_le16(RATE_INFO_ENABLE); 247 data_desc->frame_info |= cpu_to_le16(RSI_BROADCAST_PKT); 248 data_desc->sta_id = vap_id; 249 250 if ((vif->type == NL80211_IFTYPE_AP) || 251 (vif->type == NL80211_IFTYPE_P2P_GO)) { 252 if (common->band == NL80211_BAND_5GHZ) 253 data_desc->rate_info = cpu_to_le16(RSI_RATE_6); 254 else 255 data_desc->rate_info = cpu_to_le16(RSI_RATE_1); 256 } 257 } 258 if (((vif->type == NL80211_IFTYPE_AP) || 259 (vif->type == NL80211_IFTYPE_P2P_GO)) && 260 (ieee80211_has_moredata(wh->frame_control))) 261 data_desc->frame_info |= cpu_to_le16(MORE_DATA_PRESENT); 262 263 data_desc->rate_info |= 264 cpu_to_le16((tx_params->vap_id << RSI_DESC_VAP_ID_OFST) & 265 RSI_DESC_VAP_ID_MASK); 266 267 return 0; 268 } 269 270 /* This function sends received data packet from driver to device */ 271 int rsi_send_data_pkt(struct rsi_common *common, struct sk_buff *skb) 272 { 273 struct rsi_hw *adapter = common->priv; 274 struct ieee80211_vif *vif; 275 struct ieee80211_tx_info *info; 276 struct ieee80211_bss_conf *bss; 277 int status = -EINVAL; 278 279 if (!skb) 280 return 0; 281 if (common->iface_down) 282 goto err; 283 284 info = IEEE80211_SKB_CB(skb); 285 if (!info->control.vif) 286 goto err; 287 vif = info->control.vif; 288 bss = &vif->bss_conf; 289 290 if (((vif->type == NL80211_IFTYPE_STATION) || 291 (vif->type == NL80211_IFTYPE_P2P_CLIENT)) && 292 (!bss->assoc)) 293 goto err; 294 295 status = rsi_prepare_data_desc(common, skb); 296 if (status) 297 goto err; 298 299 status = adapter->host_intf_ops->write_pkt(common->priv, skb->data, 300 skb->len); 301 if (status) 302 rsi_dbg(ERR_ZONE, "%s: Failed to write pkt\n", __func__); 303 304 err: 305 ++common->tx_stats.total_tx_pkt_freed[skb->priority]; 306 rsi_indicate_tx_status(adapter, skb, status); 307 return status; 308 } 309 310 /** 311 * rsi_send_mgmt_pkt() - This functions sends the received management packet 312 * from driver to device. 313 * @common: Pointer to the driver private structure. 314 * @skb: Pointer to the socket buffer structure. 315 * 316 * Return: status: 0 on success, -1 on failure. 317 */ 318 int rsi_send_mgmt_pkt(struct rsi_common *common, 319 struct sk_buff *skb) 320 { 321 struct rsi_hw *adapter = common->priv; 322 struct ieee80211_tx_info *info; 323 struct skb_info *tx_params; 324 int status = -E2BIG; 325 326 info = IEEE80211_SKB_CB(skb); 327 tx_params = (struct skb_info *)info->driver_data; 328 329 if (tx_params->flags & INTERNAL_MGMT_PKT) { 330 status = adapter->host_intf_ops->write_pkt(common->priv, 331 (u8 *)skb->data, 332 skb->len); 333 if (status) { 334 rsi_dbg(ERR_ZONE, 335 "%s: Failed to write the packet\n", __func__); 336 } 337 dev_kfree_skb(skb); 338 return status; 339 } 340 341 if (FRAME_DESC_SZ > skb_headroom(skb)) 342 goto err; 343 344 rsi_prepare_mgmt_desc(common, skb); 345 status = adapter->host_intf_ops->write_pkt(common->priv, 346 (u8 *)skb->data, skb->len); 347 if (status) 348 rsi_dbg(ERR_ZONE, "%s: Failed to write the packet\n", __func__); 349 350 err: 351 rsi_indicate_tx_status(common->priv, skb, status); 352 return status; 353 } 354 355 int rsi_prepare_beacon(struct rsi_common *common, struct sk_buff *skb) 356 { 357 struct rsi_hw *adapter = (struct rsi_hw *)common->priv; 358 struct rsi_data_desc *bcn_frm; 359 struct ieee80211_hw *hw = common->priv->hw; 360 struct ieee80211_conf *conf = &hw->conf; 361 struct ieee80211_vif *vif; 362 struct sk_buff *mac_bcn; 363 u8 vap_id = 0, i; 364 u16 tim_offset = 0; 365 366 for (i = 0; i < RSI_MAX_VIFS; i++) { 367 vif = adapter->vifs[i]; 368 if (!vif) 369 continue; 370 if ((vif->type == NL80211_IFTYPE_AP) || 371 (vif->type == NL80211_IFTYPE_P2P_GO)) 372 break; 373 } 374 if (!vif) 375 return -EINVAL; 376 mac_bcn = ieee80211_beacon_get_tim(adapter->hw, 377 vif, 378 &tim_offset, NULL); 379 if (!mac_bcn) { 380 rsi_dbg(ERR_ZONE, "Failed to get beacon from mac80211\n"); 381 return -EINVAL; 382 } 383 384 common->beacon_cnt++; 385 bcn_frm = (struct rsi_data_desc *)skb->data; 386 rsi_set_len_qno(&bcn_frm->len_qno, mac_bcn->len, RSI_WIFI_DATA_Q); 387 bcn_frm->header_len = MIN_802_11_HDR_LEN; 388 bcn_frm->frame_info = cpu_to_le16(RSI_DATA_DESC_MAC_BBP_INFO | 389 RSI_DATA_DESC_NO_ACK_IND | 390 RSI_DATA_DESC_BEACON_FRAME | 391 RSI_DATA_DESC_INSERT_TSF | 392 RSI_DATA_DESC_INSERT_SEQ_NO | 393 RATE_INFO_ENABLE); 394 bcn_frm->rate_info = cpu_to_le16(vap_id << 14); 395 bcn_frm->qid_tid = BEACON_HW_Q; 396 397 if (conf_is_ht40_plus(conf)) { 398 bcn_frm->bbp_info = cpu_to_le16(LOWER_20_ENABLE); 399 bcn_frm->bbp_info |= cpu_to_le16(LOWER_20_ENABLE >> 12); 400 } else if (conf_is_ht40_minus(conf)) { 401 bcn_frm->bbp_info = cpu_to_le16(UPPER_20_ENABLE); 402 bcn_frm->bbp_info |= cpu_to_le16(UPPER_20_ENABLE >> 12); 403 } 404 405 if (common->band == NL80211_BAND_2GHZ) 406 bcn_frm->bbp_info |= cpu_to_le16(RSI_RATE_1); 407 else 408 bcn_frm->bbp_info |= cpu_to_le16(RSI_RATE_6); 409 410 if (mac_bcn->data[tim_offset + 2] == 0) 411 bcn_frm->frame_info |= cpu_to_le16(RSI_DATA_DESC_DTIM_BEACON); 412 413 memcpy(&skb->data[FRAME_DESC_SZ], mac_bcn->data, mac_bcn->len); 414 skb_put(skb, mac_bcn->len + FRAME_DESC_SZ); 415 416 dev_kfree_skb(mac_bcn); 417 418 return 0; 419 } 420 421 static void bl_cmd_timeout(unsigned long priv) 422 { 423 struct rsi_hw *adapter = (struct rsi_hw *)priv; 424 425 adapter->blcmd_timer_expired = true; 426 del_timer(&adapter->bl_cmd_timer); 427 } 428 429 static int bl_start_cmd_timer(struct rsi_hw *adapter, u32 timeout) 430 { 431 setup_timer(&adapter->bl_cmd_timer, (void *)&bl_cmd_timeout, 432 (unsigned long)adapter); 433 adapter->bl_cmd_timer.expires = (msecs_to_jiffies(timeout) + jiffies); 434 435 adapter->blcmd_timer_expired = false; 436 add_timer(&adapter->bl_cmd_timer); 437 438 return 0; 439 } 440 441 static int bl_stop_cmd_timer(struct rsi_hw *adapter) 442 { 443 adapter->blcmd_timer_expired = false; 444 if (timer_pending(&adapter->bl_cmd_timer)) 445 del_timer(&adapter->bl_cmd_timer); 446 447 return 0; 448 } 449 450 static int bl_write_cmd(struct rsi_hw *adapter, u8 cmd, u8 exp_resp, 451 u16 *cmd_resp) 452 { 453 struct rsi_host_intf_ops *hif_ops = adapter->host_intf_ops; 454 u32 regin_val = 0, regout_val = 0; 455 u32 regin_input = 0; 456 u8 output = 0; 457 int status; 458 459 regin_input = (REGIN_INPUT | adapter->priv->coex_mode); 460 461 while (!adapter->blcmd_timer_expired) { 462 regin_val = 0; 463 status = hif_ops->master_reg_read(adapter, SWBL_REGIN, 464 ®in_val, 2); 465 if (status < 0) { 466 rsi_dbg(ERR_ZONE, 467 "%s: Command %0x REGIN reading failed..\n", 468 __func__, cmd); 469 return status; 470 } 471 mdelay(1); 472 if ((regin_val >> 12) != REGIN_VALID) 473 break; 474 } 475 if (adapter->blcmd_timer_expired) { 476 rsi_dbg(ERR_ZONE, 477 "%s: Command %0x REGIN reading timed out..\n", 478 __func__, cmd); 479 return -ETIMEDOUT; 480 } 481 482 rsi_dbg(INFO_ZONE, 483 "Issuing write to Regin val:%0x sending cmd:%0x\n", 484 regin_val, (cmd | regin_input << 8)); 485 status = hif_ops->master_reg_write(adapter, SWBL_REGIN, 486 (cmd | regin_input << 8), 2); 487 if (status < 0) 488 return status; 489 mdelay(1); 490 491 if (cmd == LOAD_HOSTED_FW || cmd == JUMP_TO_ZERO_PC) { 492 /* JUMP_TO_ZERO_PC doesn't expect 493 * any response. So return from here 494 */ 495 return 0; 496 } 497 498 while (!adapter->blcmd_timer_expired) { 499 regout_val = 0; 500 status = hif_ops->master_reg_read(adapter, SWBL_REGOUT, 501 ®out_val, 2); 502 if (status < 0) { 503 rsi_dbg(ERR_ZONE, 504 "%s: Command %0x REGOUT reading failed..\n", 505 __func__, cmd); 506 return status; 507 } 508 mdelay(1); 509 if ((regout_val >> 8) == REGOUT_VALID) 510 break; 511 } 512 if (adapter->blcmd_timer_expired) { 513 rsi_dbg(ERR_ZONE, 514 "%s: Command %0x REGOUT reading timed out..\n", 515 __func__, cmd); 516 return status; 517 } 518 519 *cmd_resp = ((u16 *)®out_val)[0] & 0xffff; 520 521 output = ((u8 *)®out_val)[0] & 0xff; 522 523 status = hif_ops->master_reg_write(adapter, SWBL_REGOUT, 524 (cmd | REGOUT_INVALID << 8), 2); 525 if (status < 0) { 526 rsi_dbg(ERR_ZONE, 527 "%s: Command %0x REGOUT writing failed..\n", 528 __func__, cmd); 529 return status; 530 } 531 mdelay(1); 532 533 if (output != exp_resp) { 534 rsi_dbg(ERR_ZONE, 535 "%s: Recvd resp %x for cmd %0x\n", 536 __func__, output, cmd); 537 return -EINVAL; 538 } 539 rsi_dbg(INFO_ZONE, 540 "%s: Recvd Expected resp %x for cmd %0x\n", 541 __func__, output, cmd); 542 543 return 0; 544 } 545 546 static int bl_cmd(struct rsi_hw *adapter, u8 cmd, u8 exp_resp, char *str) 547 { 548 u16 regout_val = 0; 549 u32 timeout; 550 int status; 551 552 if ((cmd == EOF_REACHED) || (cmd == PING_VALID) || (cmd == PONG_VALID)) 553 timeout = BL_BURN_TIMEOUT; 554 else 555 timeout = BL_CMD_TIMEOUT; 556 557 bl_start_cmd_timer(adapter, timeout); 558 status = bl_write_cmd(adapter, cmd, exp_resp, ®out_val); 559 if (status < 0) { 560 rsi_dbg(ERR_ZONE, 561 "%s: Command %s (%0x) writing failed..\n", 562 __func__, str, cmd); 563 return status; 564 } 565 bl_stop_cmd_timer(adapter); 566 return 0; 567 } 568 569 #define CHECK_SUM_OFFSET 20 570 #define LEN_OFFSET 8 571 #define ADDR_OFFSET 16 572 static int bl_write_header(struct rsi_hw *adapter, u8 *flash_content, 573 u32 content_size) 574 { 575 struct rsi_host_intf_ops *hif_ops = adapter->host_intf_ops; 576 struct bl_header bl_hdr; 577 u32 write_addr, write_len; 578 int status; 579 580 bl_hdr.flags = 0; 581 bl_hdr.image_no = cpu_to_le32(adapter->priv->coex_mode); 582 bl_hdr.check_sum = cpu_to_le32( 583 *(u32 *)&flash_content[CHECK_SUM_OFFSET]); 584 bl_hdr.flash_start_address = cpu_to_le32( 585 *(u32 *)&flash_content[ADDR_OFFSET]); 586 bl_hdr.flash_len = cpu_to_le32(*(u32 *)&flash_content[LEN_OFFSET]); 587 write_len = sizeof(struct bl_header); 588 589 if (adapter->rsi_host_intf == RSI_HOST_INTF_USB) { 590 write_addr = PING_BUFFER_ADDRESS; 591 status = hif_ops->write_reg_multiple(adapter, write_addr, 592 (u8 *)&bl_hdr, write_len); 593 if (status < 0) { 594 rsi_dbg(ERR_ZONE, 595 "%s: Failed to load Version/CRC structure\n", 596 __func__); 597 return status; 598 } 599 } else { 600 write_addr = PING_BUFFER_ADDRESS >> 16; 601 status = hif_ops->master_access_msword(adapter, write_addr); 602 if (status < 0) { 603 rsi_dbg(ERR_ZONE, 604 "%s: Unable to set ms word to common reg\n", 605 __func__); 606 return status; 607 } 608 write_addr = RSI_SD_REQUEST_MASTER | 609 (PING_BUFFER_ADDRESS & 0xFFFF); 610 status = hif_ops->write_reg_multiple(adapter, write_addr, 611 (u8 *)&bl_hdr, write_len); 612 if (status < 0) { 613 rsi_dbg(ERR_ZONE, 614 "%s: Failed to load Version/CRC structure\n", 615 __func__); 616 return status; 617 } 618 } 619 return 0; 620 } 621 622 static u32 read_flash_capacity(struct rsi_hw *adapter) 623 { 624 u32 flash_sz = 0; 625 626 if ((adapter->host_intf_ops->master_reg_read(adapter, FLASH_SIZE_ADDR, 627 &flash_sz, 2)) < 0) { 628 rsi_dbg(ERR_ZONE, 629 "%s: Flash size reading failed..\n", 630 __func__); 631 return 0; 632 } 633 rsi_dbg(INIT_ZONE, "Flash capacity: %d KiloBytes\n", flash_sz); 634 635 return (flash_sz * 1024); /* Return size in kbytes */ 636 } 637 638 static int ping_pong_write(struct rsi_hw *adapter, u8 cmd, u8 *addr, u32 size) 639 { 640 struct rsi_host_intf_ops *hif_ops = adapter->host_intf_ops; 641 u32 block_size = adapter->block_size; 642 u32 cmd_addr; 643 u16 cmd_resp, cmd_req; 644 u8 *str; 645 int status; 646 647 if (cmd == PING_WRITE) { 648 cmd_addr = PING_BUFFER_ADDRESS; 649 cmd_resp = PONG_AVAIL; 650 cmd_req = PING_VALID; 651 str = "PING_VALID"; 652 } else { 653 cmd_addr = PONG_BUFFER_ADDRESS; 654 cmd_resp = PING_AVAIL; 655 cmd_req = PONG_VALID; 656 str = "PONG_VALID"; 657 } 658 659 status = hif_ops->load_data_master_write(adapter, cmd_addr, size, 660 block_size, addr); 661 if (status) { 662 rsi_dbg(ERR_ZONE, "%s: Unable to write blk at addr %0x\n", 663 __func__, *addr); 664 return status; 665 } 666 667 status = bl_cmd(adapter, cmd_req, cmd_resp, str); 668 if (status) { 669 bl_stop_cmd_timer(adapter); 670 return status; 671 } 672 return 0; 673 } 674 675 static int auto_fw_upgrade(struct rsi_hw *adapter, u8 *flash_content, 676 u32 content_size) 677 { 678 u8 cmd, *temp_flash_content; 679 u32 temp_content_size, num_flash, index; 680 u32 flash_start_address; 681 int status; 682 683 temp_flash_content = flash_content; 684 685 if (content_size > MAX_FLASH_FILE_SIZE) { 686 rsi_dbg(ERR_ZONE, 687 "%s: Flash Content size is more than 400K %u\n", 688 __func__, MAX_FLASH_FILE_SIZE); 689 return -EINVAL; 690 } 691 692 flash_start_address = *(u32 *)&flash_content[FLASH_START_ADDRESS]; 693 rsi_dbg(INFO_ZONE, "flash start address: %08x\n", flash_start_address); 694 695 if (flash_start_address < FW_IMAGE_MIN_ADDRESS) { 696 rsi_dbg(ERR_ZONE, 697 "%s: Fw image Flash Start Address is less than 64K\n", 698 __func__); 699 return -EINVAL; 700 } 701 702 if (flash_start_address % FLASH_SECTOR_SIZE) { 703 rsi_dbg(ERR_ZONE, 704 "%s: Flash Start Address is not multiple of 4K\n", 705 __func__); 706 return -EINVAL; 707 } 708 709 if ((flash_start_address + content_size) > adapter->flash_capacity) { 710 rsi_dbg(ERR_ZONE, 711 "%s: Flash Content will cross max flash size\n", 712 __func__); 713 return -EINVAL; 714 } 715 716 temp_content_size = content_size; 717 num_flash = content_size / FLASH_WRITE_CHUNK_SIZE; 718 719 rsi_dbg(INFO_ZONE, "content_size: %d, num_flash: %d\n", 720 content_size, num_flash); 721 722 for (index = 0; index <= num_flash; index++) { 723 rsi_dbg(INFO_ZONE, "flash index: %d\n", index); 724 if (index != num_flash) { 725 content_size = FLASH_WRITE_CHUNK_SIZE; 726 rsi_dbg(INFO_ZONE, "QSPI content_size:%d\n", 727 content_size); 728 } else { 729 content_size = 730 temp_content_size % FLASH_WRITE_CHUNK_SIZE; 731 rsi_dbg(INFO_ZONE, 732 "Writing last sector content_size:%d\n", 733 content_size); 734 if (!content_size) { 735 rsi_dbg(INFO_ZONE, "instruction size zero\n"); 736 break; 737 } 738 } 739 740 if (index % 2) 741 cmd = PING_WRITE; 742 else 743 cmd = PONG_WRITE; 744 745 status = ping_pong_write(adapter, cmd, flash_content, 746 content_size); 747 if (status) { 748 rsi_dbg(ERR_ZONE, "%s: Unable to load %d block\n", 749 __func__, index); 750 return status; 751 } 752 753 rsi_dbg(INFO_ZONE, 754 "%s: Successfully loaded %d instructions\n", 755 __func__, index); 756 flash_content += content_size; 757 } 758 759 status = bl_cmd(adapter, EOF_REACHED, FW_LOADING_SUCCESSFUL, 760 "EOF_REACHED"); 761 if (status) { 762 bl_stop_cmd_timer(adapter); 763 return status; 764 } 765 rsi_dbg(INFO_ZONE, "FW loading is done and FW is running..\n"); 766 return 0; 767 } 768 769 static int rsi_load_firmware(struct rsi_hw *adapter) 770 { 771 struct rsi_common *common = adapter->priv; 772 struct rsi_host_intf_ops *hif_ops = adapter->host_intf_ops; 773 const struct firmware *fw_entry = NULL; 774 u32 regout_val = 0, content_size; 775 u16 tmp_regout_val = 0; 776 u8 *flash_content = NULL; 777 struct ta_metadata *metadata_p; 778 int status; 779 780 bl_start_cmd_timer(adapter, BL_CMD_TIMEOUT); 781 782 while (!adapter->blcmd_timer_expired) { 783 status = hif_ops->master_reg_read(adapter, SWBL_REGOUT, 784 ®out_val, 2); 785 if (status < 0) { 786 rsi_dbg(ERR_ZONE, 787 "%s: REGOUT read failed\n", __func__); 788 return status; 789 } 790 mdelay(1); 791 if ((regout_val >> 8) == REGOUT_VALID) 792 break; 793 } 794 if (adapter->blcmd_timer_expired) { 795 rsi_dbg(ERR_ZONE, "%s: REGOUT read timedout\n", __func__); 796 rsi_dbg(ERR_ZONE, 797 "%s: Soft boot loader not present\n", __func__); 798 return -ETIMEDOUT; 799 } 800 bl_stop_cmd_timer(adapter); 801 802 rsi_dbg(INFO_ZONE, "Received Board Version Number: %x\n", 803 (regout_val & 0xff)); 804 805 status = hif_ops->master_reg_write(adapter, SWBL_REGOUT, 806 (REGOUT_INVALID | REGOUT_INVALID << 8), 807 2); 808 if (status < 0) { 809 rsi_dbg(ERR_ZONE, "%s: REGOUT writing failed..\n", __func__); 810 return status; 811 } 812 mdelay(1); 813 814 status = bl_cmd(adapter, CONFIG_AUTO_READ_MODE, CMD_PASS, 815 "AUTO_READ_CMD"); 816 if (status < 0) 817 return status; 818 819 adapter->flash_capacity = read_flash_capacity(adapter); 820 if (adapter->flash_capacity <= 0) { 821 rsi_dbg(ERR_ZONE, 822 "%s: Unable to read flash size from EEPROM\n", 823 __func__); 824 return -EINVAL; 825 } 826 827 metadata_p = &metadata_flash_content[adapter->priv->coex_mode]; 828 829 rsi_dbg(INIT_ZONE, "%s: Loading file %s\n", __func__, metadata_p->name); 830 adapter->fw_file_name = metadata_p->name; 831 832 status = request_firmware(&fw_entry, metadata_p->name, adapter->device); 833 if (status < 0) { 834 rsi_dbg(ERR_ZONE, "%s: Failed to open file %s\n", 835 __func__, metadata_p->name); 836 return status; 837 } 838 flash_content = kmemdup(fw_entry->data, fw_entry->size, GFP_KERNEL); 839 if (!flash_content) { 840 rsi_dbg(ERR_ZONE, "%s: Failed to copy firmware\n", __func__); 841 status = -EIO; 842 goto fail; 843 } 844 content_size = fw_entry->size; 845 rsi_dbg(INFO_ZONE, "FW Length = %d bytes\n", content_size); 846 847 /* Get the firmware version */ 848 common->lmac_ver.ver.info.fw_ver[0] = 849 flash_content[LMAC_VER_OFFSET] & 0xFF; 850 common->lmac_ver.ver.info.fw_ver[1] = 851 flash_content[LMAC_VER_OFFSET + 1] & 0xFF; 852 common->lmac_ver.major = flash_content[LMAC_VER_OFFSET + 2] & 0xFF; 853 common->lmac_ver.release_num = 854 flash_content[LMAC_VER_OFFSET + 3] & 0xFF; 855 common->lmac_ver.minor = flash_content[LMAC_VER_OFFSET + 4] & 0xFF; 856 common->lmac_ver.patch_num = 0; 857 rsi_print_version(common); 858 859 status = bl_write_header(adapter, flash_content, content_size); 860 if (status) { 861 rsi_dbg(ERR_ZONE, 862 "%s: RPS Image header loading failed\n", 863 __func__); 864 goto fail; 865 } 866 867 bl_start_cmd_timer(adapter, BL_CMD_TIMEOUT); 868 status = bl_write_cmd(adapter, CHECK_CRC, CMD_PASS, &tmp_regout_val); 869 if (status) { 870 bl_stop_cmd_timer(adapter); 871 rsi_dbg(ERR_ZONE, 872 "%s: CHECK_CRC Command writing failed..\n", 873 __func__); 874 if ((tmp_regout_val & 0xff) == CMD_FAIL) { 875 rsi_dbg(ERR_ZONE, 876 "CRC Fail.. Proceeding to Upgrade mode\n"); 877 goto fw_upgrade; 878 } 879 } 880 bl_stop_cmd_timer(adapter); 881 882 status = bl_cmd(adapter, POLLING_MODE, CMD_PASS, "POLLING_MODE"); 883 if (status) 884 goto fail; 885 886 load_image_cmd: 887 status = bl_cmd(adapter, LOAD_HOSTED_FW, LOADING_INITIATED, 888 "LOAD_HOSTED_FW"); 889 if (status) 890 goto fail; 891 rsi_dbg(INFO_ZONE, "Load Image command passed..\n"); 892 goto success; 893 894 fw_upgrade: 895 status = bl_cmd(adapter, BURN_HOSTED_FW, SEND_RPS_FILE, "FW_UPGRADE"); 896 if (status) 897 goto fail; 898 899 rsi_dbg(INFO_ZONE, "Burn Command Pass.. Upgrading the firmware\n"); 900 901 status = auto_fw_upgrade(adapter, flash_content, content_size); 902 if (status == 0) { 903 rsi_dbg(ERR_ZONE, "Firmware upgradation Done\n"); 904 goto load_image_cmd; 905 } 906 rsi_dbg(ERR_ZONE, "Firmware upgrade failed\n"); 907 908 status = bl_cmd(adapter, CONFIG_AUTO_READ_MODE, CMD_PASS, 909 "AUTO_READ_MODE"); 910 if (status) 911 goto fail; 912 913 success: 914 rsi_dbg(ERR_ZONE, "***** Firmware Loading successful *****\n"); 915 kfree(flash_content); 916 release_firmware(fw_entry); 917 return 0; 918 919 fail: 920 rsi_dbg(ERR_ZONE, "##### Firmware loading failed #####\n"); 921 kfree(flash_content); 922 release_firmware(fw_entry); 923 return status; 924 } 925 926 int rsi_hal_device_init(struct rsi_hw *adapter) 927 { 928 struct rsi_common *common = adapter->priv; 929 930 common->coex_mode = RSI_DEV_COEX_MODE_WIFI_ALONE; 931 common->oper_mode = RSI_DEV_OPMODE_WIFI_ALONE; 932 adapter->device_model = RSI_DEV_9113; 933 934 switch (adapter->device_model) { 935 case RSI_DEV_9113: 936 if (rsi_load_firmware(adapter)) { 937 rsi_dbg(ERR_ZONE, 938 "%s: Failed to load TA instructions\n", 939 __func__); 940 return -EINVAL; 941 } 942 break; 943 default: 944 return -EINVAL; 945 } 946 common->fsm_state = FSM_CARD_NOT_READY; 947 948 return 0; 949 } 950 EXPORT_SYMBOL_GPL(rsi_hal_device_init); 951 952