xref: /linux/drivers/net/wireless/ti/wlcore/cmd.c (revision 36110669ddf832e6c9ceba4dd203749d5be31d31)
1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3  * This file is part of wl1271
4  *
5  * Copyright (C) 2009-2010 Nokia Corporation
6  *
7  * Contact: Luciano Coelho <luciano.coelho@nokia.com>
8  */
9 
10 #include <linux/module.h>
11 #include <linux/platform_device.h>
12 #include <linux/pm_runtime.h>
13 #include <linux/spi/spi.h>
14 #include <linux/etherdevice.h>
15 #include <linux/ieee80211.h>
16 #include <linux/slab.h>
17 
18 #include "wlcore.h"
19 #include "debug.h"
20 #include "io.h"
21 #include "acx.h"
22 #include "wl12xx_80211.h"
23 #include "cmd.h"
24 #include "event.h"
25 #include "tx.h"
26 #include "hw_ops.h"
27 
28 #define WL1271_CMD_FAST_POLL_COUNT       50
29 #define WL1271_WAIT_EVENT_FAST_POLL_COUNT 20
30 
31 /*
32  * send command to firmware
33  *
34  * @wl: wl struct
35  * @id: command id
36  * @buf: buffer containing the command, must work with dma
37  * @len: length of the buffer
38  * return the cmd status code on success.
39  */
40 static int __wlcore_cmd_send(struct wl1271 *wl, u16 id, void *buf,
41 			     size_t len, size_t res_len)
42 {
43 	struct wl1271_cmd_header *cmd;
44 	unsigned long timeout;
45 	u32 intr;
46 	int ret;
47 	u16 status;
48 	u16 poll_count = 0;
49 
50 	if (unlikely(wl->state == WLCORE_STATE_RESTARTING &&
51 		     id != CMD_STOP_FWLOGGER))
52 		return -EIO;
53 
54 	if (WARN_ON_ONCE(len < sizeof(*cmd)))
55 		return -EIO;
56 
57 	cmd = buf;
58 	cmd->id = cpu_to_le16(id);
59 	cmd->status = 0;
60 
61 	WARN_ON(len % 4 != 0);
62 	WARN_ON(test_bit(WL1271_FLAG_IN_ELP, &wl->flags));
63 
64 	ret = wlcore_write(wl, wl->cmd_box_addr, buf, len, false);
65 	if (ret < 0)
66 		return ret;
67 
68 	/*
69 	 * TODO: we just need this because one bit is in a different
70 	 * place.  Is there any better way?
71 	 */
72 	ret = wl->ops->trigger_cmd(wl, wl->cmd_box_addr, buf, len);
73 	if (ret < 0)
74 		return ret;
75 
76 	timeout = jiffies + msecs_to_jiffies(WL1271_COMMAND_TIMEOUT);
77 
78 	ret = wlcore_read_reg(wl, REG_INTERRUPT_NO_CLEAR, &intr);
79 	if (ret < 0)
80 		return ret;
81 
82 	while (!(intr & WL1271_ACX_INTR_CMD_COMPLETE)) {
83 		if (time_after(jiffies, timeout)) {
84 			wl1271_error("command complete timeout");
85 			return -ETIMEDOUT;
86 		}
87 
88 		poll_count++;
89 		if (poll_count < WL1271_CMD_FAST_POLL_COUNT)
90 			udelay(10);
91 		else
92 			msleep(1);
93 
94 		ret = wlcore_read_reg(wl, REG_INTERRUPT_NO_CLEAR, &intr);
95 		if (ret < 0)
96 			return ret;
97 	}
98 
99 	/* read back the status code of the command */
100 	if (res_len == 0)
101 		res_len = sizeof(struct wl1271_cmd_header);
102 
103 	ret = wlcore_read(wl, wl->cmd_box_addr, cmd, res_len, false);
104 	if (ret < 0)
105 		return ret;
106 
107 	status = le16_to_cpu(cmd->status);
108 
109 	ret = wlcore_write_reg(wl, REG_INTERRUPT_ACK,
110 			       WL1271_ACX_INTR_CMD_COMPLETE);
111 	if (ret < 0)
112 		return ret;
113 
114 	return status;
115 }
116 
117 /*
118  * send command to fw and return cmd status on success
119  * valid_rets contains a bitmap of allowed error codes
120  */
121 static int wlcore_cmd_send_failsafe(struct wl1271 *wl, u16 id, void *buf,
122 				    size_t len, size_t res_len,
123 				    unsigned long valid_rets)
124 {
125 	int ret = __wlcore_cmd_send(wl, id, buf, len, res_len);
126 
127 	if (ret < 0)
128 		goto fail;
129 
130 	/* success is always a valid status */
131 	valid_rets |= BIT(CMD_STATUS_SUCCESS);
132 
133 	if (ret >= MAX_COMMAND_STATUS ||
134 	    !test_bit(ret, &valid_rets)) {
135 		wl1271_error("command execute failure %d", ret);
136 		ret = -EIO;
137 		goto fail;
138 	}
139 	return ret;
140 fail:
141 	wl12xx_queue_recovery_work(wl);
142 	return ret;
143 }
144 
145 /*
146  * wrapper for wlcore_cmd_send that accept only CMD_STATUS_SUCCESS
147  * return 0 on success.
148  */
149 int wl1271_cmd_send(struct wl1271 *wl, u16 id, void *buf, size_t len,
150 		    size_t res_len)
151 {
152 	int ret = wlcore_cmd_send_failsafe(wl, id, buf, len, res_len, 0);
153 
154 	if (ret < 0)
155 		return ret;
156 	return 0;
157 }
158 EXPORT_SYMBOL_GPL(wl1271_cmd_send);
159 
160 /*
161  * Poll the mailbox event field until any of the bits in the mask is set or a
162  * timeout occurs (WL1271_EVENT_TIMEOUT in msecs)
163  */
164 int wlcore_cmd_wait_for_event_or_timeout(struct wl1271 *wl,
165 					 u32 mask, bool *timeout)
166 {
167 	u32 *events_vector;
168 	u32 event;
169 	unsigned long timeout_time;
170 	u16 poll_count = 0;
171 	int ret = 0;
172 
173 	*timeout = false;
174 
175 	events_vector = kmalloc(sizeof(*events_vector), GFP_KERNEL | GFP_DMA);
176 	if (!events_vector)
177 		return -ENOMEM;
178 
179 	timeout_time = jiffies + msecs_to_jiffies(WL1271_EVENT_TIMEOUT);
180 
181 	ret = pm_runtime_resume_and_get(wl->dev);
182 	if (ret < 0)
183 		goto free_vector;
184 
185 	do {
186 		if (time_after(jiffies, timeout_time)) {
187 			wl1271_debug(DEBUG_CMD, "timeout waiting for event %d",
188 				     (int)mask);
189 			*timeout = true;
190 			goto out;
191 		}
192 
193 		poll_count++;
194 		if (poll_count < WL1271_WAIT_EVENT_FAST_POLL_COUNT)
195 			usleep_range(50, 51);
196 		else
197 			usleep_range(1000, 5000);
198 
199 		/* read from both event fields */
200 		ret = wlcore_read(wl, wl->mbox_ptr[0], events_vector,
201 				  sizeof(*events_vector), false);
202 		if (ret < 0)
203 			goto out;
204 
205 		event = *events_vector & mask;
206 
207 		ret = wlcore_read(wl, wl->mbox_ptr[1], events_vector,
208 				  sizeof(*events_vector), false);
209 		if (ret < 0)
210 			goto out;
211 
212 		event |= *events_vector & mask;
213 	} while (!event);
214 
215 out:
216 	pm_runtime_mark_last_busy(wl->dev);
217 	pm_runtime_put_autosuspend(wl->dev);
218 free_vector:
219 	kfree(events_vector);
220 	return ret;
221 }
222 EXPORT_SYMBOL_GPL(wlcore_cmd_wait_for_event_or_timeout);
223 
224 int wl12xx_cmd_role_enable(struct wl1271 *wl, u8 *addr, u8 role_type,
225 			   u8 *role_id)
226 {
227 	struct wl12xx_cmd_role_enable *cmd;
228 	int ret;
229 
230 	wl1271_debug(DEBUG_CMD, "cmd role enable");
231 
232 	if (WARN_ON(*role_id != WL12XX_INVALID_ROLE_ID))
233 		return -EBUSY;
234 
235 	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
236 	if (!cmd) {
237 		ret = -ENOMEM;
238 		goto out;
239 	}
240 
241 	/* get role id */
242 	cmd->role_id = find_first_zero_bit(wl->roles_map, WL12XX_MAX_ROLES);
243 	if (cmd->role_id >= WL12XX_MAX_ROLES) {
244 		ret = -EBUSY;
245 		goto out_free;
246 	}
247 
248 	memcpy(cmd->mac_address, addr, ETH_ALEN);
249 	cmd->role_type = role_type;
250 
251 	ret = wl1271_cmd_send(wl, CMD_ROLE_ENABLE, cmd, sizeof(*cmd), 0);
252 	if (ret < 0) {
253 		wl1271_error("failed to initiate cmd role enable");
254 		goto out_free;
255 	}
256 
257 	__set_bit(cmd->role_id, wl->roles_map);
258 	*role_id = cmd->role_id;
259 
260 out_free:
261 	kfree(cmd);
262 
263 out:
264 	return ret;
265 }
266 
267 int wl12xx_cmd_role_disable(struct wl1271 *wl, u8 *role_id)
268 {
269 	struct wl12xx_cmd_role_disable *cmd;
270 	int ret;
271 
272 	wl1271_debug(DEBUG_CMD, "cmd role disable");
273 
274 	if (WARN_ON(*role_id == WL12XX_INVALID_ROLE_ID))
275 		return -ENOENT;
276 
277 	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
278 	if (!cmd) {
279 		ret = -ENOMEM;
280 		goto out;
281 	}
282 	cmd->role_id = *role_id;
283 
284 	ret = wl1271_cmd_send(wl, CMD_ROLE_DISABLE, cmd, sizeof(*cmd), 0);
285 	if (ret < 0) {
286 		wl1271_error("failed to initiate cmd role disable");
287 		goto out_free;
288 	}
289 
290 	__clear_bit(*role_id, wl->roles_map);
291 	*role_id = WL12XX_INVALID_ROLE_ID;
292 
293 out_free:
294 	kfree(cmd);
295 
296 out:
297 	return ret;
298 }
299 
300 static int wlcore_get_new_session_id(struct wl1271 *wl, u8 hlid)
301 {
302 	if (wl->session_ids[hlid] >= SESSION_COUNTER_MAX)
303 		wl->session_ids[hlid] = 0;
304 
305 	wl->session_ids[hlid]++;
306 
307 	return wl->session_ids[hlid];
308 }
309 
310 int wl12xx_allocate_link(struct wl1271 *wl, struct wl12xx_vif *wlvif, u8 *hlid)
311 {
312 	unsigned long flags;
313 	u8 link = find_first_zero_bit(wl->links_map, wl->num_links);
314 	if (link >= wl->num_links)
315 		return -EBUSY;
316 
317 	wl->session_ids[link] = wlcore_get_new_session_id(wl, link);
318 
319 	/* these bits are used by op_tx */
320 	spin_lock_irqsave(&wl->wl_lock, flags);
321 	__set_bit(link, wl->links_map);
322 	__set_bit(link, wlvif->links_map);
323 	spin_unlock_irqrestore(&wl->wl_lock, flags);
324 
325 	/*
326 	 * take the last "freed packets" value from the current FW status.
327 	 * on recovery, we might not have fw_status yet, and
328 	 * tx_lnk_free_pkts will be NULL. check for it.
329 	 */
330 	if (wl->fw_status->counters.tx_lnk_free_pkts)
331 		wl->links[link].prev_freed_pkts =
332 			wl->fw_status->counters.tx_lnk_free_pkts[link];
333 	wl->links[link].wlvif = wlvif;
334 
335 	/*
336 	 * Take the last sec_pn16 value from the current FW status. On recovery,
337 	 * we might not have fw_status yet, and tx_lnk_sec_pn16[] will be NULL.
338 	 */
339 	if (wl->fw_status->counters.tx_lnk_sec_pn16)
340 		wl->links[link].prev_sec_pn16 =
341 			le16_to_cpu(wl->fw_status->counters.tx_lnk_sec_pn16[link]);
342 
343 	/*
344 	 * Take saved value for total freed packets from wlvif, in case this is
345 	 * recovery/resume
346 	 */
347 	if (wlvif->bss_type != BSS_TYPE_AP_BSS)
348 		wl->links[link].total_freed_pkts = wlvif->total_freed_pkts;
349 
350 	*hlid = link;
351 
352 	wl->active_link_count++;
353 	return 0;
354 }
355 
356 void wl12xx_free_link(struct wl1271 *wl, struct wl12xx_vif *wlvif, u8 *hlid)
357 {
358 	unsigned long flags;
359 
360 	if (*hlid == WL12XX_INVALID_LINK_ID)
361 		return;
362 
363 	/* these bits are used by op_tx */
364 	spin_lock_irqsave(&wl->wl_lock, flags);
365 	__clear_bit(*hlid, wl->links_map);
366 	__clear_bit(*hlid, wlvif->links_map);
367 	spin_unlock_irqrestore(&wl->wl_lock, flags);
368 
369 	wl->links[*hlid].allocated_pkts = 0;
370 	wl->links[*hlid].prev_freed_pkts = 0;
371 	wl->links[*hlid].prev_sec_pn16 = 0;
372 	wl->links[*hlid].ba_bitmap = 0;
373 	eth_zero_addr(wl->links[*hlid].addr);
374 
375 	/*
376 	 * At this point op_tx() will not add more packets to the queues. We
377 	 * can purge them.
378 	 */
379 	wl1271_tx_reset_link_queues(wl, *hlid);
380 	wl->links[*hlid].wlvif = NULL;
381 
382 	if (wlvif->bss_type == BSS_TYPE_AP_BSS &&
383 	    *hlid == wlvif->ap.bcast_hlid) {
384 		u32 sqn_padding = WL1271_TX_SQN_POST_RECOVERY_PADDING;
385 		/*
386 		 * save the total freed packets in the wlvif, in case this is
387 		 * recovery or suspend
388 		 */
389 		wlvif->total_freed_pkts = wl->links[*hlid].total_freed_pkts;
390 
391 		/*
392 		 * increment the initial seq number on recovery to account for
393 		 * transmitted packets that we haven't yet got in the FW status
394 		 */
395 		if (wlvif->encryption_type == KEY_GEM)
396 			sqn_padding = WL1271_TX_SQN_POST_RECOVERY_PADDING_GEM;
397 
398 		if (test_bit(WL1271_FLAG_RECOVERY_IN_PROGRESS, &wl->flags))
399 			wlvif->total_freed_pkts += sqn_padding;
400 	}
401 
402 	wl->links[*hlid].total_freed_pkts = 0;
403 
404 	*hlid = WL12XX_INVALID_LINK_ID;
405 	wl->active_link_count--;
406 	WARN_ON_ONCE(wl->active_link_count < 0);
407 }
408 
409 u8 wlcore_get_native_channel_type(u8 nl_channel_type)
410 {
411 	switch (nl_channel_type) {
412 	case NL80211_CHAN_NO_HT:
413 		return WLCORE_CHAN_NO_HT;
414 	case NL80211_CHAN_HT20:
415 		return WLCORE_CHAN_HT20;
416 	case NL80211_CHAN_HT40MINUS:
417 		return WLCORE_CHAN_HT40MINUS;
418 	case NL80211_CHAN_HT40PLUS:
419 		return WLCORE_CHAN_HT40PLUS;
420 	default:
421 		WARN_ON(1);
422 		return WLCORE_CHAN_NO_HT;
423 	}
424 }
425 EXPORT_SYMBOL_GPL(wlcore_get_native_channel_type);
426 
427 static int wl12xx_cmd_role_start_dev(struct wl1271 *wl,
428 				     struct wl12xx_vif *wlvif,
429 				     enum nl80211_band band,
430 				     int channel)
431 {
432 	struct wl12xx_cmd_role_start *cmd;
433 	int ret;
434 
435 	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
436 	if (!cmd) {
437 		ret = -ENOMEM;
438 		goto out;
439 	}
440 
441 	wl1271_debug(DEBUG_CMD, "cmd role start dev %d", wlvif->dev_role_id);
442 
443 	cmd->role_id = wlvif->dev_role_id;
444 	if (band == NL80211_BAND_5GHZ)
445 		cmd->band = WLCORE_BAND_5GHZ;
446 	cmd->channel = channel;
447 
448 	if (wlvif->dev_hlid == WL12XX_INVALID_LINK_ID) {
449 		ret = wl12xx_allocate_link(wl, wlvif, &wlvif->dev_hlid);
450 		if (ret)
451 			goto out_free;
452 	}
453 	cmd->device.hlid = wlvif->dev_hlid;
454 	cmd->device.session = wl->session_ids[wlvif->dev_hlid];
455 
456 	wl1271_debug(DEBUG_CMD, "role start: roleid=%d, hlid=%d, session=%d",
457 		     cmd->role_id, cmd->device.hlid, cmd->device.session);
458 
459 	ret = wl1271_cmd_send(wl, CMD_ROLE_START, cmd, sizeof(*cmd), 0);
460 	if (ret < 0) {
461 		wl1271_error("failed to initiate cmd role enable");
462 		goto err_hlid;
463 	}
464 
465 	goto out_free;
466 
467 err_hlid:
468 	/* clear links on error */
469 	wl12xx_free_link(wl, wlvif, &wlvif->dev_hlid);
470 
471 out_free:
472 	kfree(cmd);
473 
474 out:
475 	return ret;
476 }
477 
478 static int wl12xx_cmd_role_stop_dev(struct wl1271 *wl,
479 				    struct wl12xx_vif *wlvif)
480 {
481 	struct wl12xx_cmd_role_stop *cmd;
482 	int ret;
483 
484 	if (WARN_ON(wlvif->dev_hlid == WL12XX_INVALID_LINK_ID))
485 		return -EINVAL;
486 
487 	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
488 	if (!cmd) {
489 		ret = -ENOMEM;
490 		goto out;
491 	}
492 
493 	wl1271_debug(DEBUG_CMD, "cmd role stop dev");
494 
495 	cmd->role_id = wlvif->dev_role_id;
496 	cmd->disc_type = DISCONNECT_IMMEDIATE;
497 	cmd->reason = cpu_to_le16(WLAN_REASON_UNSPECIFIED);
498 
499 	ret = wl1271_cmd_send(wl, CMD_ROLE_STOP, cmd, sizeof(*cmd), 0);
500 	if (ret < 0) {
501 		wl1271_error("failed to initiate cmd role stop");
502 		goto out_free;
503 	}
504 
505 	wl12xx_free_link(wl, wlvif, &wlvif->dev_hlid);
506 
507 out_free:
508 	kfree(cmd);
509 
510 out:
511 	return ret;
512 }
513 
514 int wl12xx_cmd_role_start_sta(struct wl1271 *wl, struct wl12xx_vif *wlvif)
515 {
516 	struct ieee80211_vif *vif = wl12xx_wlvif_to_vif(wlvif);
517 	struct wl12xx_cmd_role_start *cmd;
518 	u32 supported_rates;
519 	int ret;
520 
521 	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
522 	if (!cmd) {
523 		ret = -ENOMEM;
524 		goto out;
525 	}
526 
527 	wl1271_debug(DEBUG_CMD, "cmd role start sta %d", wlvif->role_id);
528 
529 	cmd->role_id = wlvif->role_id;
530 	if (wlvif->band == NL80211_BAND_5GHZ)
531 		cmd->band = WLCORE_BAND_5GHZ;
532 	cmd->channel = wlvif->channel;
533 	cmd->sta.basic_rate_set = cpu_to_le32(wlvif->basic_rate_set);
534 	cmd->sta.beacon_interval = cpu_to_le16(wlvif->beacon_int);
535 	cmd->sta.ssid_type = WL12XX_SSID_TYPE_ANY;
536 	cmd->sta.ssid_len = wlvif->ssid_len;
537 	memcpy(cmd->sta.ssid, wlvif->ssid, wlvif->ssid_len);
538 	memcpy(cmd->sta.bssid, vif->bss_conf.bssid, ETH_ALEN);
539 
540 	supported_rates = CONF_TX_ENABLED_RATES | CONF_TX_MCS_RATES |
541 			  wlcore_hw_sta_get_ap_rate_mask(wl, wlvif);
542 	if (wlvif->p2p)
543 		supported_rates &= ~CONF_TX_CCK_RATES;
544 
545 	cmd->sta.local_rates = cpu_to_le32(supported_rates);
546 
547 	cmd->channel_type = wlcore_get_native_channel_type(wlvif->channel_type);
548 
549 	if (wlvif->sta.hlid == WL12XX_INVALID_LINK_ID) {
550 		ret = wl12xx_allocate_link(wl, wlvif, &wlvif->sta.hlid);
551 		if (ret)
552 			goto out_free;
553 	}
554 	cmd->sta.hlid = wlvif->sta.hlid;
555 	cmd->sta.session = wl->session_ids[wlvif->sta.hlid];
556 	/*
557 	 * We don't have the correct remote rates in this stage.  The
558 	 * rates will be reconfigured later, after association, if the
559 	 * firmware supports ACX_PEER_CAP.  Otherwise, there's nothing
560 	 * we can do, so use all supported_rates here.
561 	 */
562 	cmd->sta.remote_rates = cpu_to_le32(supported_rates);
563 
564 	wl1271_debug(DEBUG_CMD, "role start: roleid=%d, hlid=%d, session=%d "
565 		     "basic_rate_set: 0x%x, remote_rates: 0x%x",
566 		     wlvif->role_id, cmd->sta.hlid, cmd->sta.session,
567 		     wlvif->basic_rate_set, wlvif->rate_set);
568 
569 	ret = wl1271_cmd_send(wl, CMD_ROLE_START, cmd, sizeof(*cmd), 0);
570 	if (ret < 0) {
571 		wl1271_error("failed to initiate cmd role start sta");
572 		goto err_hlid;
573 	}
574 
575 	wlvif->sta.role_chan_type = wlvif->channel_type;
576 	goto out_free;
577 
578 err_hlid:
579 	/* clear links on error. */
580 	wl12xx_free_link(wl, wlvif, &wlvif->sta.hlid);
581 
582 out_free:
583 	kfree(cmd);
584 
585 out:
586 	return ret;
587 }
588 
589 /* use this function to stop ibss as well */
590 int wl12xx_cmd_role_stop_sta(struct wl1271 *wl, struct wl12xx_vif *wlvif)
591 {
592 	struct wl12xx_cmd_role_stop *cmd;
593 	int ret;
594 
595 	if (WARN_ON(wlvif->sta.hlid == WL12XX_INVALID_LINK_ID))
596 		return -EINVAL;
597 
598 	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
599 	if (!cmd) {
600 		ret = -ENOMEM;
601 		goto out;
602 	}
603 
604 	wl1271_debug(DEBUG_CMD, "cmd role stop sta %d", wlvif->role_id);
605 
606 	cmd->role_id = wlvif->role_id;
607 	cmd->disc_type = DISCONNECT_IMMEDIATE;
608 	cmd->reason = cpu_to_le16(WLAN_REASON_UNSPECIFIED);
609 
610 	ret = wl1271_cmd_send(wl, CMD_ROLE_STOP, cmd, sizeof(*cmd), 0);
611 	if (ret < 0) {
612 		wl1271_error("failed to initiate cmd role stop sta");
613 		goto out_free;
614 	}
615 
616 	wl12xx_free_link(wl, wlvif, &wlvif->sta.hlid);
617 
618 out_free:
619 	kfree(cmd);
620 
621 out:
622 	return ret;
623 }
624 
625 int wl12xx_cmd_role_start_ap(struct wl1271 *wl, struct wl12xx_vif *wlvif)
626 {
627 	struct wl12xx_cmd_role_start *cmd;
628 	struct ieee80211_vif *vif = wl12xx_wlvif_to_vif(wlvif);
629 	struct ieee80211_bss_conf *bss_conf = &vif->bss_conf;
630 	u32 supported_rates;
631 	int ret;
632 
633 	wl1271_debug(DEBUG_CMD, "cmd role start ap %d", wlvif->role_id);
634 
635 	/* If MESH --> ssid_len is always 0 */
636 	if (!ieee80211_vif_is_mesh(vif)) {
637 		/* trying to use hidden SSID with an old hostapd version */
638 		if (wlvif->ssid_len == 0 && !bss_conf->hidden_ssid) {
639 			wl1271_error("got a null SSID from beacon/bss");
640 			ret = -EINVAL;
641 			goto out;
642 		}
643 	}
644 
645 	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
646 	if (!cmd) {
647 		ret = -ENOMEM;
648 		goto out;
649 	}
650 
651 	ret = wl12xx_allocate_link(wl, wlvif, &wlvif->ap.global_hlid);
652 	if (ret < 0)
653 		goto out_free;
654 
655 	ret = wl12xx_allocate_link(wl, wlvif, &wlvif->ap.bcast_hlid);
656 	if (ret < 0)
657 		goto out_free_global;
658 
659 	/* use the previous security seq, if this is a recovery/resume */
660 	wl->links[wlvif->ap.bcast_hlid].total_freed_pkts =
661 						wlvif->total_freed_pkts;
662 
663 	cmd->role_id = wlvif->role_id;
664 	cmd->ap.aging_period = cpu_to_le16(wl->conf.tx.ap_aging_period);
665 	cmd->ap.bss_index = WL1271_AP_BSS_INDEX;
666 	cmd->ap.global_hlid = wlvif->ap.global_hlid;
667 	cmd->ap.broadcast_hlid = wlvif->ap.bcast_hlid;
668 	cmd->ap.global_session_id = wl->session_ids[wlvif->ap.global_hlid];
669 	cmd->ap.bcast_session_id = wl->session_ids[wlvif->ap.bcast_hlid];
670 	cmd->ap.basic_rate_set = cpu_to_le32(wlvif->basic_rate_set);
671 	cmd->ap.beacon_interval = cpu_to_le16(wlvif->beacon_int);
672 	cmd->ap.dtim_interval = bss_conf->dtim_period;
673 	cmd->ap.beacon_expiry = WL1271_AP_DEF_BEACON_EXP;
674 	/* FIXME: Change when adding DFS */
675 	cmd->ap.reset_tsf = 1;  /* By default reset AP TSF */
676 	cmd->ap.wmm = wlvif->wmm_enabled;
677 	cmd->channel = wlvif->channel;
678 	cmd->channel_type = wlcore_get_native_channel_type(wlvif->channel_type);
679 
680 	if (!bss_conf->hidden_ssid) {
681 		/* take the SSID from the beacon for backward compatibility */
682 		cmd->ap.ssid_type = WL12XX_SSID_TYPE_PUBLIC;
683 		cmd->ap.ssid_len = wlvif->ssid_len;
684 		memcpy(cmd->ap.ssid, wlvif->ssid, wlvif->ssid_len);
685 	} else {
686 		cmd->ap.ssid_type = WL12XX_SSID_TYPE_HIDDEN;
687 		cmd->ap.ssid_len = vif->cfg.ssid_len;
688 		memcpy(cmd->ap.ssid, vif->cfg.ssid, vif->cfg.ssid_len);
689 	}
690 
691 	supported_rates = CONF_TX_ENABLED_RATES | CONF_TX_MCS_RATES |
692 		wlcore_hw_ap_get_mimo_wide_rate_mask(wl, wlvif);
693 	if (wlvif->p2p)
694 		supported_rates &= ~CONF_TX_CCK_RATES;
695 
696 	wl1271_debug(DEBUG_CMD, "cmd role start ap with supported_rates 0x%08x",
697 		     supported_rates);
698 
699 	cmd->ap.local_rates = cpu_to_le32(supported_rates);
700 
701 	switch (wlvif->band) {
702 	case NL80211_BAND_2GHZ:
703 		cmd->band = WLCORE_BAND_2_4GHZ;
704 		break;
705 	case NL80211_BAND_5GHZ:
706 		cmd->band = WLCORE_BAND_5GHZ;
707 		break;
708 	default:
709 		wl1271_warning("ap start - unknown band: %d", (int)wlvif->band);
710 		cmd->band = WLCORE_BAND_2_4GHZ;
711 		break;
712 	}
713 
714 	ret = wl1271_cmd_send(wl, CMD_ROLE_START, cmd, sizeof(*cmd), 0);
715 	if (ret < 0) {
716 		wl1271_error("failed to initiate cmd role start ap");
717 		goto out_free_bcast;
718 	}
719 
720 	goto out_free;
721 
722 out_free_bcast:
723 	wl12xx_free_link(wl, wlvif, &wlvif->ap.bcast_hlid);
724 
725 out_free_global:
726 	wl12xx_free_link(wl, wlvif, &wlvif->ap.global_hlid);
727 
728 out_free:
729 	kfree(cmd);
730 
731 out:
732 	return ret;
733 }
734 
735 int wl12xx_cmd_role_stop_ap(struct wl1271 *wl, struct wl12xx_vif *wlvif)
736 {
737 	struct wl12xx_cmd_role_stop *cmd;
738 	int ret;
739 
740 	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
741 	if (!cmd) {
742 		ret = -ENOMEM;
743 		goto out;
744 	}
745 
746 	wl1271_debug(DEBUG_CMD, "cmd role stop ap %d", wlvif->role_id);
747 
748 	cmd->role_id = wlvif->role_id;
749 
750 	ret = wl1271_cmd_send(wl, CMD_ROLE_STOP, cmd, sizeof(*cmd), 0);
751 	if (ret < 0) {
752 		wl1271_error("failed to initiate cmd role stop ap");
753 		goto out_free;
754 	}
755 
756 	wl12xx_free_link(wl, wlvif, &wlvif->ap.bcast_hlid);
757 	wl12xx_free_link(wl, wlvif, &wlvif->ap.global_hlid);
758 
759 out_free:
760 	kfree(cmd);
761 
762 out:
763 	return ret;
764 }
765 
766 int wl12xx_cmd_role_start_ibss(struct wl1271 *wl, struct wl12xx_vif *wlvif)
767 {
768 	struct ieee80211_vif *vif = wl12xx_wlvif_to_vif(wlvif);
769 	struct wl12xx_cmd_role_start *cmd;
770 	struct ieee80211_bss_conf *bss_conf = &vif->bss_conf;
771 	int ret;
772 
773 	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
774 	if (!cmd) {
775 		ret = -ENOMEM;
776 		goto out;
777 	}
778 
779 	wl1271_debug(DEBUG_CMD, "cmd role start ibss %d", wlvif->role_id);
780 
781 	cmd->role_id = wlvif->role_id;
782 	if (wlvif->band == NL80211_BAND_5GHZ)
783 		cmd->band = WLCORE_BAND_5GHZ;
784 	cmd->channel = wlvif->channel;
785 	cmd->ibss.basic_rate_set = cpu_to_le32(wlvif->basic_rate_set);
786 	cmd->ibss.beacon_interval = cpu_to_le16(wlvif->beacon_int);
787 	cmd->ibss.dtim_interval = bss_conf->dtim_period;
788 	cmd->ibss.ssid_type = WL12XX_SSID_TYPE_ANY;
789 	cmd->ibss.ssid_len = wlvif->ssid_len;
790 	memcpy(cmd->ibss.ssid, wlvif->ssid, wlvif->ssid_len);
791 	memcpy(cmd->ibss.bssid, vif->bss_conf.bssid, ETH_ALEN);
792 	cmd->sta.local_rates = cpu_to_le32(wlvif->rate_set);
793 
794 	if (wlvif->sta.hlid == WL12XX_INVALID_LINK_ID) {
795 		ret = wl12xx_allocate_link(wl, wlvif, &wlvif->sta.hlid);
796 		if (ret)
797 			goto out_free;
798 	}
799 	cmd->ibss.hlid = wlvif->sta.hlid;
800 	cmd->ibss.remote_rates = cpu_to_le32(wlvif->rate_set);
801 
802 	wl1271_debug(DEBUG_CMD, "role start: roleid=%d, hlid=%d, session=%d "
803 		     "basic_rate_set: 0x%x, remote_rates: 0x%x",
804 		     wlvif->role_id, cmd->sta.hlid, cmd->sta.session,
805 		     wlvif->basic_rate_set, wlvif->rate_set);
806 
807 	wl1271_debug(DEBUG_CMD, "vif->bss_conf.bssid = %pM",
808 		     vif->bss_conf.bssid);
809 
810 	ret = wl1271_cmd_send(wl, CMD_ROLE_START, cmd, sizeof(*cmd), 0);
811 	if (ret < 0) {
812 		wl1271_error("failed to initiate cmd role enable");
813 		goto err_hlid;
814 	}
815 
816 	goto out_free;
817 
818 err_hlid:
819 	/* clear links on error. */
820 	wl12xx_free_link(wl, wlvif, &wlvif->sta.hlid);
821 
822 out_free:
823 	kfree(cmd);
824 
825 out:
826 	return ret;
827 }
828 
829 
830 /**
831  * wl1271_cmd_test - send test command to firmware
832  *
833  * @wl: wl struct
834  * @buf: buffer containing the command, with all headers, must work with dma
835  * @buf_len: length of the buffer
836  * @answer: is answer needed
837  */
838 int wl1271_cmd_test(struct wl1271 *wl, void *buf, size_t buf_len, u8 answer)
839 {
840 	int ret;
841 	size_t res_len = 0;
842 
843 	wl1271_debug(DEBUG_CMD, "cmd test");
844 
845 	if (answer)
846 		res_len = buf_len;
847 
848 	ret = wl1271_cmd_send(wl, CMD_TEST, buf, buf_len, res_len);
849 
850 	if (ret < 0) {
851 		wl1271_warning("TEST command failed");
852 		return ret;
853 	}
854 
855 	return ret;
856 }
857 EXPORT_SYMBOL_GPL(wl1271_cmd_test);
858 
859 /**
860  * wl1271_cmd_interrogate - read acx from firmware
861  *
862  * @wl: wl struct
863  * @id: acx id
864  * @buf: buffer for the response, including all headers, must work with dma
865  * @cmd_len: length of command
866  * @res_len: length of payload
867  */
868 int wl1271_cmd_interrogate(struct wl1271 *wl, u16 id, void *buf,
869 			   size_t cmd_len, size_t res_len)
870 {
871 	struct acx_header *acx = buf;
872 	int ret;
873 
874 	wl1271_debug(DEBUG_CMD, "cmd interrogate");
875 
876 	acx->id = cpu_to_le16(id);
877 
878 	/* response payload length, does not include any headers */
879 	acx->len = cpu_to_le16(res_len - sizeof(*acx));
880 
881 	ret = wl1271_cmd_send(wl, CMD_INTERROGATE, acx, cmd_len, res_len);
882 	if (ret < 0)
883 		wl1271_error("INTERROGATE command failed");
884 
885 	return ret;
886 }
887 
888 /**
889  * wlcore_cmd_configure_failsafe - write acx value to firmware
890  *
891  * @wl: wl struct
892  * @id: acx id
893  * @buf: buffer containing acx, including all headers, must work with dma
894  * @len: length of buf
895  * @valid_rets: bitmap of valid cmd status codes (i.e. return values).
896  * return the cmd status on success.
897  */
898 int wlcore_cmd_configure_failsafe(struct wl1271 *wl, u16 id, void *buf,
899 				  size_t len, unsigned long valid_rets)
900 {
901 	struct acx_header *acx = buf;
902 	int ret;
903 
904 	wl1271_debug(DEBUG_CMD, "cmd configure (%d)", id);
905 
906 	if (WARN_ON_ONCE(len < sizeof(*acx)))
907 		return -EIO;
908 
909 	acx->id = cpu_to_le16(id);
910 
911 	/* payload length, does not include any headers */
912 	acx->len = cpu_to_le16(len - sizeof(*acx));
913 
914 	ret = wlcore_cmd_send_failsafe(wl, CMD_CONFIGURE, acx, len, 0,
915 				       valid_rets);
916 	if (ret < 0) {
917 		wl1271_warning("CONFIGURE command NOK");
918 		return ret;
919 	}
920 
921 	return ret;
922 }
923 
924 /*
925  * wrapper for wlcore_cmd_configure that accepts only success status.
926  * return 0 on success
927  */
928 int wl1271_cmd_configure(struct wl1271 *wl, u16 id, void *buf, size_t len)
929 {
930 	int ret = wlcore_cmd_configure_failsafe(wl, id, buf, len, 0);
931 
932 	if (ret < 0)
933 		return ret;
934 	return 0;
935 }
936 EXPORT_SYMBOL_GPL(wl1271_cmd_configure);
937 
938 int wl1271_cmd_data_path(struct wl1271 *wl, bool enable)
939 {
940 	struct cmd_enabledisable_path *cmd;
941 	int ret;
942 	u16 cmd_rx, cmd_tx;
943 
944 	wl1271_debug(DEBUG_CMD, "cmd data path");
945 
946 	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
947 	if (!cmd) {
948 		ret = -ENOMEM;
949 		goto out;
950 	}
951 
952 	/* the channel here is only used for calibration, so hardcoded to 1 */
953 	cmd->channel = 1;
954 
955 	if (enable) {
956 		cmd_rx = CMD_ENABLE_RX;
957 		cmd_tx = CMD_ENABLE_TX;
958 	} else {
959 		cmd_rx = CMD_DISABLE_RX;
960 		cmd_tx = CMD_DISABLE_TX;
961 	}
962 
963 	ret = wl1271_cmd_send(wl, cmd_rx, cmd, sizeof(*cmd), 0);
964 	if (ret < 0) {
965 		wl1271_error("rx %s cmd for channel %d failed",
966 			     enable ? "start" : "stop", cmd->channel);
967 		goto out;
968 	}
969 
970 	wl1271_debug(DEBUG_BOOT, "rx %s cmd channel %d",
971 		     enable ? "start" : "stop", cmd->channel);
972 
973 	ret = wl1271_cmd_send(wl, cmd_tx, cmd, sizeof(*cmd), 0);
974 	if (ret < 0) {
975 		wl1271_error("tx %s cmd for channel %d failed",
976 			     enable ? "start" : "stop", cmd->channel);
977 		goto out;
978 	}
979 
980 	wl1271_debug(DEBUG_BOOT, "tx %s cmd channel %d",
981 		     enable ? "start" : "stop", cmd->channel);
982 
983 out:
984 	kfree(cmd);
985 	return ret;
986 }
987 EXPORT_SYMBOL_GPL(wl1271_cmd_data_path);
988 
989 int wl1271_cmd_ps_mode(struct wl1271 *wl, struct wl12xx_vif *wlvif,
990 		       u8 ps_mode, u16 auto_ps_timeout)
991 {
992 	struct wl1271_cmd_ps_params *ps_params = NULL;
993 	int ret = 0;
994 
995 	wl1271_debug(DEBUG_CMD, "cmd set ps mode");
996 
997 	ps_params = kzalloc(sizeof(*ps_params), GFP_KERNEL);
998 	if (!ps_params) {
999 		ret = -ENOMEM;
1000 		goto out;
1001 	}
1002 
1003 	ps_params->role_id = wlvif->role_id;
1004 	ps_params->ps_mode = ps_mode;
1005 	ps_params->auto_ps_timeout = auto_ps_timeout;
1006 
1007 	ret = wl1271_cmd_send(wl, CMD_SET_PS_MODE, ps_params,
1008 			      sizeof(*ps_params), 0);
1009 	if (ret < 0) {
1010 		wl1271_error("cmd set_ps_mode failed");
1011 		goto out;
1012 	}
1013 
1014 out:
1015 	kfree(ps_params);
1016 	return ret;
1017 }
1018 
1019 int wl1271_cmd_template_set(struct wl1271 *wl, u8 role_id,
1020 			    u16 template_id, void *buf, size_t buf_len,
1021 			    int index, u32 rates)
1022 {
1023 	struct wl1271_cmd_template_set *cmd;
1024 	int ret = 0;
1025 
1026 	wl1271_debug(DEBUG_CMD, "cmd template_set %d (role %d)",
1027 		     template_id, role_id);
1028 
1029 	WARN_ON(buf_len > WL1271_CMD_TEMPL_MAX_SIZE);
1030 	buf_len = min_t(size_t, buf_len, WL1271_CMD_TEMPL_MAX_SIZE);
1031 
1032 	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
1033 	if (!cmd) {
1034 		ret = -ENOMEM;
1035 		goto out;
1036 	}
1037 
1038 	/* during initialization wlvif is NULL */
1039 	cmd->role_id = role_id;
1040 	cmd->len = cpu_to_le16(buf_len);
1041 	cmd->template_type = template_id;
1042 	cmd->enabled_rates = cpu_to_le32(rates);
1043 	cmd->short_retry_limit = wl->conf.tx.tmpl_short_retry_limit;
1044 	cmd->long_retry_limit = wl->conf.tx.tmpl_long_retry_limit;
1045 	cmd->index = index;
1046 
1047 	if (buf)
1048 		memcpy(cmd->template_data, buf, buf_len);
1049 
1050 	ret = wl1271_cmd_send(wl, CMD_SET_TEMPLATE, cmd, sizeof(*cmd), 0);
1051 	if (ret < 0) {
1052 		wl1271_warning("cmd set_template failed: %d", ret);
1053 		goto out_free;
1054 	}
1055 
1056 out_free:
1057 	kfree(cmd);
1058 
1059 out:
1060 	return ret;
1061 }
1062 
1063 int wl12xx_cmd_build_null_data(struct wl1271 *wl, struct wl12xx_vif *wlvif)
1064 {
1065 	struct sk_buff *skb = NULL;
1066 	int size;
1067 	void *ptr;
1068 	int ret = -ENOMEM;
1069 
1070 
1071 	if (wlvif->bss_type == BSS_TYPE_IBSS) {
1072 		size = sizeof(struct wl12xx_null_data_template);
1073 		ptr = NULL;
1074 	} else {
1075 		skb = ieee80211_nullfunc_get(wl->hw,
1076 					     wl12xx_wlvif_to_vif(wlvif),
1077 					     -1, false);
1078 		if (!skb)
1079 			goto out;
1080 		size = skb->len;
1081 		ptr = skb->data;
1082 	}
1083 
1084 	ret = wl1271_cmd_template_set(wl, wlvif->role_id,
1085 				      CMD_TEMPL_NULL_DATA, ptr, size, 0,
1086 				      wlvif->basic_rate);
1087 
1088 out:
1089 	dev_kfree_skb(skb);
1090 	if (ret)
1091 		wl1271_warning("cmd build null data failed %d", ret);
1092 
1093 	return ret;
1094 
1095 }
1096 
1097 int wl12xx_cmd_build_klv_null_data(struct wl1271 *wl,
1098 				   struct wl12xx_vif *wlvif)
1099 {
1100 	struct ieee80211_vif *vif = wl12xx_wlvif_to_vif(wlvif);
1101 	struct sk_buff *skb = NULL;
1102 	int ret = -ENOMEM;
1103 
1104 	skb = ieee80211_nullfunc_get(wl->hw, vif,-1, false);
1105 	if (!skb)
1106 		goto out;
1107 
1108 	ret = wl1271_cmd_template_set(wl, wlvif->role_id, CMD_TEMPL_KLV,
1109 				      skb->data, skb->len,
1110 				      wlvif->sta.klv_template_id,
1111 				      wlvif->basic_rate);
1112 
1113 out:
1114 	dev_kfree_skb(skb);
1115 	if (ret)
1116 		wl1271_warning("cmd build klv null data failed %d", ret);
1117 
1118 	return ret;
1119 
1120 }
1121 
1122 int wl1271_cmd_build_ps_poll(struct wl1271 *wl, struct wl12xx_vif *wlvif,
1123 			     u16 aid)
1124 {
1125 	struct ieee80211_vif *vif = wl12xx_wlvif_to_vif(wlvif);
1126 	struct sk_buff *skb;
1127 	int ret = 0;
1128 
1129 	skb = ieee80211_pspoll_get(wl->hw, vif);
1130 	if (!skb)
1131 		goto out;
1132 
1133 	ret = wl1271_cmd_template_set(wl, wlvif->role_id,
1134 				      CMD_TEMPL_PS_POLL, skb->data,
1135 				      skb->len, 0, wlvif->basic_rate_set);
1136 
1137 out:
1138 	dev_kfree_skb(skb);
1139 	return ret;
1140 }
1141 
1142 int wl12xx_cmd_build_probe_req(struct wl1271 *wl, struct wl12xx_vif *wlvif,
1143 			       u8 role_id, u8 band,
1144 			       const u8 *ssid, size_t ssid_len,
1145 			       const u8 *ie0, size_t ie0_len, const u8 *ie1,
1146 			       size_t ie1_len, bool sched_scan)
1147 {
1148 	struct ieee80211_vif *vif = wl12xx_wlvif_to_vif(wlvif);
1149 	struct sk_buff *skb;
1150 	int ret;
1151 	u32 rate;
1152 	u16 template_id_2_4 = wl->scan_templ_id_2_4;
1153 	u16 template_id_5 = wl->scan_templ_id_5;
1154 
1155 	wl1271_debug(DEBUG_SCAN, "build probe request band %d", band);
1156 
1157 	skb = ieee80211_probereq_get(wl->hw, vif->addr, ssid, ssid_len,
1158 				     ie0_len + ie1_len);
1159 	if (!skb) {
1160 		ret = -ENOMEM;
1161 		goto out;
1162 	}
1163 	if (ie0_len)
1164 		skb_put_data(skb, ie0, ie0_len);
1165 	if (ie1_len)
1166 		skb_put_data(skb, ie1, ie1_len);
1167 
1168 	if (sched_scan &&
1169 	    (wl->quirks & WLCORE_QUIRK_DUAL_PROBE_TMPL)) {
1170 		template_id_2_4 = wl->sched_scan_templ_id_2_4;
1171 		template_id_5 = wl->sched_scan_templ_id_5;
1172 	}
1173 
1174 	rate = wl1271_tx_min_rate_get(wl, wlvif->bitrate_masks[band]);
1175 	if (band == NL80211_BAND_2GHZ)
1176 		ret = wl1271_cmd_template_set(wl, role_id,
1177 					      template_id_2_4,
1178 					      skb->data, skb->len, 0, rate);
1179 	else
1180 		ret = wl1271_cmd_template_set(wl, role_id,
1181 					      template_id_5,
1182 					      skb->data, skb->len, 0, rate);
1183 
1184 out:
1185 	dev_kfree_skb(skb);
1186 	return ret;
1187 }
1188 EXPORT_SYMBOL_GPL(wl12xx_cmd_build_probe_req);
1189 
1190 struct sk_buff *wl1271_cmd_build_ap_probe_req(struct wl1271 *wl,
1191 					      struct wl12xx_vif *wlvif,
1192 					      struct sk_buff *skb)
1193 {
1194 	struct ieee80211_vif *vif = wl12xx_wlvif_to_vif(wlvif);
1195 	int ret;
1196 	u32 rate;
1197 
1198 	if (!skb)
1199 		skb = ieee80211_ap_probereq_get(wl->hw, vif);
1200 	if (!skb)
1201 		goto out;
1202 
1203 	wl1271_debug(DEBUG_SCAN, "set ap probe request template");
1204 
1205 	rate = wl1271_tx_min_rate_get(wl, wlvif->bitrate_masks[wlvif->band]);
1206 	if (wlvif->band == NL80211_BAND_2GHZ)
1207 		ret = wl1271_cmd_template_set(wl, wlvif->role_id,
1208 					      CMD_TEMPL_CFG_PROBE_REQ_2_4,
1209 					      skb->data, skb->len, 0, rate);
1210 	else
1211 		ret = wl1271_cmd_template_set(wl, wlvif->role_id,
1212 					      CMD_TEMPL_CFG_PROBE_REQ_5,
1213 					      skb->data, skb->len, 0, rate);
1214 
1215 	if (ret < 0)
1216 		wl1271_error("Unable to set ap probe request template.");
1217 
1218 out:
1219 	return skb;
1220 }
1221 
1222 int wl1271_cmd_build_arp_rsp(struct wl1271 *wl, struct wl12xx_vif *wlvif)
1223 {
1224 	int ret, extra = 0;
1225 	u16 fc;
1226 	struct ieee80211_vif *vif = wl12xx_wlvif_to_vif(wlvif);
1227 	struct sk_buff *skb;
1228 	struct wl12xx_arp_rsp_template *tmpl;
1229 	struct ieee80211_hdr_3addr *hdr;
1230 	struct arphdr *arp_hdr;
1231 
1232 	skb = dev_alloc_skb(sizeof(*hdr) + sizeof(__le16) + sizeof(*tmpl) +
1233 			    WL1271_EXTRA_SPACE_MAX);
1234 	if (!skb) {
1235 		wl1271_error("failed to allocate buffer for arp rsp template");
1236 		return -ENOMEM;
1237 	}
1238 
1239 	skb_reserve(skb, sizeof(*hdr) + WL1271_EXTRA_SPACE_MAX);
1240 
1241 	tmpl = skb_put_zero(skb, sizeof(*tmpl));
1242 
1243 	/* llc layer */
1244 	memcpy(tmpl->llc_hdr, rfc1042_header, sizeof(rfc1042_header));
1245 	tmpl->llc_type = cpu_to_be16(ETH_P_ARP);
1246 
1247 	/* arp header */
1248 	arp_hdr = &tmpl->arp_hdr;
1249 	arp_hdr->ar_hrd = cpu_to_be16(ARPHRD_ETHER);
1250 	arp_hdr->ar_pro = cpu_to_be16(ETH_P_IP);
1251 	arp_hdr->ar_hln = ETH_ALEN;
1252 	arp_hdr->ar_pln = 4;
1253 	arp_hdr->ar_op = cpu_to_be16(ARPOP_REPLY);
1254 
1255 	/* arp payload */
1256 	memcpy(tmpl->sender_hw, vif->addr, ETH_ALEN);
1257 	tmpl->sender_ip = wlvif->ip_addr;
1258 
1259 	/* encryption space */
1260 	switch (wlvif->encryption_type) {
1261 	case KEY_TKIP:
1262 		if (wl->quirks & WLCORE_QUIRK_TKIP_HEADER_SPACE)
1263 			extra = WL1271_EXTRA_SPACE_TKIP;
1264 		break;
1265 	case KEY_AES:
1266 		extra = WL1271_EXTRA_SPACE_AES;
1267 		break;
1268 	case KEY_NONE:
1269 	case KEY_WEP:
1270 	case KEY_GEM:
1271 		extra = 0;
1272 		break;
1273 	default:
1274 		wl1271_warning("Unknown encryption type: %d",
1275 			       wlvif->encryption_type);
1276 		ret = -EINVAL;
1277 		goto out;
1278 	}
1279 
1280 	if (extra) {
1281 		u8 *space = skb_push(skb, extra);
1282 		memset(space, 0, extra);
1283 	}
1284 
1285 	/* QoS header - BE */
1286 	if (wlvif->sta.qos)
1287 		memset(skb_push(skb, sizeof(__le16)), 0, sizeof(__le16));
1288 
1289 	/* mac80211 header */
1290 	hdr = skb_push(skb, sizeof(*hdr));
1291 	memset(hdr, 0, sizeof(*hdr));
1292 	fc = IEEE80211_FTYPE_DATA | IEEE80211_FCTL_TODS;
1293 	if (wlvif->sta.qos)
1294 		fc |= IEEE80211_STYPE_QOS_DATA;
1295 	else
1296 		fc |= IEEE80211_STYPE_DATA;
1297 	if (wlvif->encryption_type != KEY_NONE)
1298 		fc |= IEEE80211_FCTL_PROTECTED;
1299 
1300 	hdr->frame_control = cpu_to_le16(fc);
1301 	memcpy(hdr->addr1, vif->bss_conf.bssid, ETH_ALEN);
1302 	memcpy(hdr->addr2, vif->addr, ETH_ALEN);
1303 	eth_broadcast_addr(hdr->addr3);
1304 
1305 	ret = wl1271_cmd_template_set(wl, wlvif->role_id, CMD_TEMPL_ARP_RSP,
1306 				      skb->data, skb->len, 0,
1307 				      wlvif->basic_rate);
1308 out:
1309 	dev_kfree_skb(skb);
1310 	return ret;
1311 }
1312 
1313 int wl1271_build_qos_null_data(struct wl1271 *wl, struct ieee80211_vif *vif)
1314 {
1315 	struct wl12xx_vif *wlvif = wl12xx_vif_to_data(vif);
1316 	struct ieee80211_qos_hdr template;
1317 
1318 	memset(&template, 0, sizeof(template));
1319 
1320 	memcpy(template.addr1, vif->bss_conf.bssid, ETH_ALEN);
1321 	memcpy(template.addr2, vif->addr, ETH_ALEN);
1322 	memcpy(template.addr3, vif->bss_conf.bssid, ETH_ALEN);
1323 
1324 	template.frame_control = cpu_to_le16(IEEE80211_FTYPE_DATA |
1325 					     IEEE80211_STYPE_QOS_NULLFUNC |
1326 					     IEEE80211_FCTL_TODS);
1327 
1328 	/* FIXME: not sure what priority to use here */
1329 	template.qos_ctrl = cpu_to_le16(0);
1330 
1331 	return wl1271_cmd_template_set(wl, wlvif->role_id,
1332 				       CMD_TEMPL_QOS_NULL_DATA, &template,
1333 				       sizeof(template), 0,
1334 				       wlvif->basic_rate);
1335 }
1336 
1337 int wl12xx_cmd_set_default_wep_key(struct wl1271 *wl, u8 id, u8 hlid)
1338 {
1339 	struct wl1271_cmd_set_keys *cmd;
1340 	int ret = 0;
1341 
1342 	wl1271_debug(DEBUG_CMD, "cmd set_default_wep_key %d", id);
1343 
1344 	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
1345 	if (!cmd) {
1346 		ret = -ENOMEM;
1347 		goto out;
1348 	}
1349 
1350 	cmd->hlid = hlid;
1351 	cmd->key_id = id;
1352 	cmd->lid_key_type = WEP_DEFAULT_LID_TYPE;
1353 	cmd->key_action = cpu_to_le16(KEY_SET_ID);
1354 	cmd->key_type = KEY_WEP;
1355 
1356 	ret = wl1271_cmd_send(wl, CMD_SET_KEYS, cmd, sizeof(*cmd), 0);
1357 	if (ret < 0) {
1358 		wl1271_warning("cmd set_default_wep_key failed: %d", ret);
1359 		goto out;
1360 	}
1361 
1362 out:
1363 	kfree(cmd);
1364 
1365 	return ret;
1366 }
1367 
1368 int wl1271_cmd_set_sta_key(struct wl1271 *wl, struct wl12xx_vif *wlvif,
1369 		       u16 action, u8 id, u8 key_type,
1370 		       u8 key_size, const u8 *key, const u8 *addr,
1371 		       u32 tx_seq_32, u16 tx_seq_16)
1372 {
1373 	struct wl1271_cmd_set_keys *cmd;
1374 	int ret = 0;
1375 
1376 	/* hlid might have already been deleted */
1377 	if (wlvif->sta.hlid == WL12XX_INVALID_LINK_ID)
1378 		return 0;
1379 
1380 	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
1381 	if (!cmd) {
1382 		ret = -ENOMEM;
1383 		goto out;
1384 	}
1385 
1386 	cmd->hlid = wlvif->sta.hlid;
1387 
1388 	if (key_type == KEY_WEP)
1389 		cmd->lid_key_type = WEP_DEFAULT_LID_TYPE;
1390 	else if (is_broadcast_ether_addr(addr))
1391 		cmd->lid_key_type = BROADCAST_LID_TYPE;
1392 	else
1393 		cmd->lid_key_type = UNICAST_LID_TYPE;
1394 
1395 	cmd->key_action = cpu_to_le16(action);
1396 	cmd->key_size = key_size;
1397 	cmd->key_type = key_type;
1398 
1399 	cmd->ac_seq_num16[0] = cpu_to_le16(tx_seq_16);
1400 	cmd->ac_seq_num32[0] = cpu_to_le32(tx_seq_32);
1401 
1402 	cmd->key_id = id;
1403 
1404 	if (key_type == KEY_TKIP) {
1405 		/*
1406 		 * We get the key in the following form:
1407 		 * TKIP (16 bytes) - TX MIC (8 bytes) - RX MIC (8 bytes)
1408 		 * but the target is expecting:
1409 		 * TKIP - RX MIC - TX MIC
1410 		 */
1411 		memcpy(cmd->key, key, 16);
1412 		memcpy(cmd->key + 16, key + 24, 8);
1413 		memcpy(cmd->key + 24, key + 16, 8);
1414 
1415 	} else {
1416 		memcpy(cmd->key, key, key_size);
1417 	}
1418 
1419 	wl1271_dump(DEBUG_CRYPT, "TARGET KEY: ", cmd, sizeof(*cmd));
1420 
1421 	ret = wl1271_cmd_send(wl, CMD_SET_KEYS, cmd, sizeof(*cmd), 0);
1422 	if (ret < 0) {
1423 		wl1271_warning("could not set keys");
1424 		goto out;
1425 	}
1426 
1427 out:
1428 	kfree(cmd);
1429 
1430 	return ret;
1431 }
1432 
1433 /*
1434  * TODO: merge with sta/ibss into 1 set_key function.
1435  * note there are slight diffs
1436  */
1437 int wl1271_cmd_set_ap_key(struct wl1271 *wl, struct wl12xx_vif *wlvif,
1438 			  u16 action, u8 id, u8 key_type,
1439 			  u8 key_size, const u8 *key, u8 hlid, u32 tx_seq_32,
1440 			  u16 tx_seq_16, bool is_pairwise)
1441 {
1442 	struct wl1271_cmd_set_keys *cmd;
1443 	int ret = 0;
1444 	u8 lid_type;
1445 
1446 	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
1447 	if (!cmd)
1448 		return -ENOMEM;
1449 
1450 	if (hlid == wlvif->ap.bcast_hlid) {
1451 		if (key_type == KEY_WEP)
1452 			lid_type = WEP_DEFAULT_LID_TYPE;
1453 		else
1454 			lid_type = BROADCAST_LID_TYPE;
1455 	} else if (is_pairwise) {
1456 		lid_type = UNICAST_LID_TYPE;
1457 	} else {
1458 		lid_type = BROADCAST_LID_TYPE;
1459 	}
1460 
1461 	wl1271_debug(DEBUG_CRYPT, "ap key action: %d id: %d lid: %d type: %d"
1462 		     " hlid: %d", (int)action, (int)id, (int)lid_type,
1463 		     (int)key_type, (int)hlid);
1464 
1465 	cmd->lid_key_type = lid_type;
1466 	cmd->hlid = hlid;
1467 	cmd->key_action = cpu_to_le16(action);
1468 	cmd->key_size = key_size;
1469 	cmd->key_type = key_type;
1470 	cmd->key_id = id;
1471 	cmd->ac_seq_num16[0] = cpu_to_le16(tx_seq_16);
1472 	cmd->ac_seq_num32[0] = cpu_to_le32(tx_seq_32);
1473 
1474 	if (key_type == KEY_TKIP) {
1475 		/*
1476 		 * We get the key in the following form:
1477 		 * TKIP (16 bytes) - TX MIC (8 bytes) - RX MIC (8 bytes)
1478 		 * but the target is expecting:
1479 		 * TKIP - RX MIC - TX MIC
1480 		 */
1481 		memcpy(cmd->key, key, 16);
1482 		memcpy(cmd->key + 16, key + 24, 8);
1483 		memcpy(cmd->key + 24, key + 16, 8);
1484 	} else {
1485 		memcpy(cmd->key, key, key_size);
1486 	}
1487 
1488 	wl1271_dump(DEBUG_CRYPT, "TARGET AP KEY: ", cmd, sizeof(*cmd));
1489 
1490 	ret = wl1271_cmd_send(wl, CMD_SET_KEYS, cmd, sizeof(*cmd), 0);
1491 	if (ret < 0) {
1492 		wl1271_warning("could not set ap keys");
1493 		goto out;
1494 	}
1495 
1496 out:
1497 	kfree(cmd);
1498 	return ret;
1499 }
1500 
1501 int wl12xx_cmd_set_peer_state(struct wl1271 *wl, struct wl12xx_vif *wlvif,
1502 			      u8 hlid)
1503 {
1504 	struct wl12xx_cmd_set_peer_state *cmd;
1505 	int ret = 0;
1506 
1507 	wl1271_debug(DEBUG_CMD, "cmd set peer state (hlid=%d)", hlid);
1508 
1509 	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
1510 	if (!cmd) {
1511 		ret = -ENOMEM;
1512 		goto out;
1513 	}
1514 
1515 	cmd->hlid = hlid;
1516 	cmd->state = WL1271_CMD_STA_STATE_CONNECTED;
1517 
1518 	/* wmm param is valid only for station role */
1519 	if (wlvif->bss_type == BSS_TYPE_STA_BSS)
1520 		cmd->wmm = wlvif->wmm_enabled;
1521 
1522 	ret = wl1271_cmd_send(wl, CMD_SET_PEER_STATE, cmd, sizeof(*cmd), 0);
1523 	if (ret < 0) {
1524 		wl1271_error("failed to send set peer state command");
1525 		goto out_free;
1526 	}
1527 
1528 out_free:
1529 	kfree(cmd);
1530 
1531 out:
1532 	return ret;
1533 }
1534 
1535 int wl12xx_cmd_add_peer(struct wl1271 *wl, struct wl12xx_vif *wlvif,
1536 			struct ieee80211_sta *sta, u8 hlid)
1537 {
1538 	struct wl12xx_cmd_add_peer *cmd;
1539 	int i, ret;
1540 	u32 sta_rates;
1541 
1542 	wl1271_debug(DEBUG_CMD, "cmd add peer %d", (int)hlid);
1543 
1544 	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
1545 	if (!cmd) {
1546 		ret = -ENOMEM;
1547 		goto out;
1548 	}
1549 
1550 	memcpy(cmd->addr, sta->addr, ETH_ALEN);
1551 	cmd->bss_index = WL1271_AP_BSS_INDEX;
1552 	cmd->aid = sta->aid;
1553 	cmd->hlid = hlid;
1554 	cmd->sp_len = sta->max_sp;
1555 	cmd->wmm = sta->wme ? 1 : 0;
1556 	cmd->session_id = wl->session_ids[hlid];
1557 	cmd->role_id = wlvif->role_id;
1558 
1559 	for (i = 0; i < NUM_ACCESS_CATEGORIES_COPY; i++)
1560 		if (sta->wme && (sta->uapsd_queues & BIT(i)))
1561 			cmd->psd_type[NUM_ACCESS_CATEGORIES_COPY-1-i] =
1562 					WL1271_PSD_UPSD_TRIGGER;
1563 		else
1564 			cmd->psd_type[NUM_ACCESS_CATEGORIES_COPY-1-i] =
1565 					WL1271_PSD_LEGACY;
1566 
1567 
1568 	sta_rates = sta->deflink.supp_rates[wlvif->band];
1569 	if (sta->deflink.ht_cap.ht_supported)
1570 		sta_rates |=
1571 			(sta->deflink.ht_cap.mcs.rx_mask[0] << HW_HT_RATES_OFFSET) |
1572 			(sta->deflink.ht_cap.mcs.rx_mask[1] << HW_MIMO_RATES_OFFSET);
1573 
1574 	cmd->supported_rates =
1575 		cpu_to_le32(wl1271_tx_enabled_rates_get(wl, sta_rates,
1576 							wlvif->band));
1577 
1578 	wl1271_debug(DEBUG_CMD, "new peer rates=0x%x queues=0x%x",
1579 		     cmd->supported_rates, sta->uapsd_queues);
1580 
1581 	ret = wl1271_cmd_send(wl, CMD_ADD_PEER, cmd, sizeof(*cmd), 0);
1582 	if (ret < 0) {
1583 		wl1271_error("failed to initiate cmd add peer");
1584 		goto out_free;
1585 	}
1586 
1587 out_free:
1588 	kfree(cmd);
1589 
1590 out:
1591 	return ret;
1592 }
1593 
1594 int wl12xx_cmd_remove_peer(struct wl1271 *wl, struct wl12xx_vif *wlvif,
1595 			   u8 hlid)
1596 {
1597 	struct wl12xx_cmd_remove_peer *cmd;
1598 	int ret;
1599 	bool timeout = false;
1600 
1601 	wl1271_debug(DEBUG_CMD, "cmd remove peer %d", (int)hlid);
1602 
1603 	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
1604 	if (!cmd) {
1605 		ret = -ENOMEM;
1606 		goto out;
1607 	}
1608 
1609 	cmd->hlid = hlid;
1610 	/* We never send a deauth, mac80211 is in charge of this */
1611 	cmd->reason_opcode = 0;
1612 	cmd->send_deauth_flag = 0;
1613 	cmd->role_id = wlvif->role_id;
1614 
1615 	ret = wl1271_cmd_send(wl, CMD_REMOVE_PEER, cmd, sizeof(*cmd), 0);
1616 	if (ret < 0) {
1617 		wl1271_error("failed to initiate cmd remove peer");
1618 		goto out_free;
1619 	}
1620 
1621 	ret = wl->ops->wait_for_event(wl,
1622 				      WLCORE_EVENT_PEER_REMOVE_COMPLETE,
1623 				      &timeout);
1624 
1625 	/*
1626 	 * We are ok with a timeout here. The event is sometimes not sent
1627 	 * due to a firmware bug. In case of another error (like SDIO timeout)
1628 	 * queue a recovery.
1629 	 */
1630 	if (ret)
1631 		wl12xx_queue_recovery_work(wl);
1632 
1633 out_free:
1634 	kfree(cmd);
1635 
1636 out:
1637 	return ret;
1638 }
1639 
1640 static int wlcore_get_reg_conf_ch_idx(enum nl80211_band band, u16 ch)
1641 {
1642 	/*
1643 	 * map the given band/channel to the respective predefined
1644 	 * bit expected by the fw
1645 	 */
1646 	switch (band) {
1647 	case NL80211_BAND_2GHZ:
1648 		/* channels 1..14 are mapped to 0..13 */
1649 		if (ch >= 1 && ch <= 14)
1650 			return ch - 1;
1651 		break;
1652 	case NL80211_BAND_5GHZ:
1653 		switch (ch) {
1654 		case 8 ... 16:
1655 			/* channels 8,12,16 are mapped to 18,19,20 */
1656 			return 18 + (ch-8)/4;
1657 		case 34 ... 48:
1658 			/* channels 34,36..48 are mapped to 21..28 */
1659 			return 21 + (ch-34)/2;
1660 		case 52 ... 64:
1661 			/* channels 52,56..64 are mapped to 29..32 */
1662 			return 29 + (ch-52)/4;
1663 		case 100 ... 140:
1664 			/* channels 100,104..140 are mapped to 33..43 */
1665 			return 33 + (ch-100)/4;
1666 		case 149 ... 165:
1667 			/* channels 149,153..165 are mapped to 44..48 */
1668 			return 44 + (ch-149)/4;
1669 		default:
1670 			break;
1671 		}
1672 		break;
1673 	default:
1674 		break;
1675 	}
1676 
1677 	wl1271_error("%s: unknown band/channel: %d/%d", __func__, band, ch);
1678 	return -1;
1679 }
1680 
1681 void wlcore_set_pending_regdomain_ch(struct wl1271 *wl, u16 channel,
1682 				     enum nl80211_band band)
1683 {
1684 	int ch_bit_idx = 0;
1685 
1686 	if (!(wl->quirks & WLCORE_QUIRK_REGDOMAIN_CONF))
1687 		return;
1688 
1689 	ch_bit_idx = wlcore_get_reg_conf_ch_idx(band, channel);
1690 
1691 	if (ch_bit_idx >= 0 && ch_bit_idx <= WL1271_MAX_CHANNELS)
1692 		__set_bit_le(ch_bit_idx, (long *)wl->reg_ch_conf_pending);
1693 }
1694 
1695 int wlcore_cmd_regdomain_config_locked(struct wl1271 *wl)
1696 {
1697 	struct wl12xx_cmd_regdomain_dfs_config *cmd = NULL;
1698 	int ret = 0, i, b, ch_bit_idx;
1699 	__le32 tmp_ch_bitmap[2] __aligned(sizeof(unsigned long));
1700 	struct wiphy *wiphy = wl->hw->wiphy;
1701 	struct ieee80211_supported_band *band;
1702 	bool timeout = false;
1703 
1704 	if (!(wl->quirks & WLCORE_QUIRK_REGDOMAIN_CONF))
1705 		return 0;
1706 
1707 	wl1271_debug(DEBUG_CMD, "cmd reg domain config");
1708 
1709 	memcpy(tmp_ch_bitmap, wl->reg_ch_conf_pending, sizeof(tmp_ch_bitmap));
1710 
1711 	for (b = NL80211_BAND_2GHZ; b <= NL80211_BAND_5GHZ; b++) {
1712 		band = wiphy->bands[b];
1713 		for (i = 0; i < band->n_channels; i++) {
1714 			struct ieee80211_channel *channel = &band->channels[i];
1715 			u16 ch = channel->hw_value;
1716 			u32 flags = channel->flags;
1717 
1718 			if (flags & (IEEE80211_CHAN_DISABLED |
1719 				     IEEE80211_CHAN_NO_IR))
1720 				continue;
1721 
1722 			if ((flags & IEEE80211_CHAN_RADAR) &&
1723 			    channel->dfs_state != NL80211_DFS_AVAILABLE)
1724 				continue;
1725 
1726 			ch_bit_idx = wlcore_get_reg_conf_ch_idx(b, ch);
1727 			if (ch_bit_idx < 0)
1728 				continue;
1729 
1730 			__set_bit_le(ch_bit_idx, (long *)tmp_ch_bitmap);
1731 		}
1732 	}
1733 
1734 	if (!memcmp(tmp_ch_bitmap, wl->reg_ch_conf_last, sizeof(tmp_ch_bitmap)))
1735 		goto out;
1736 
1737 	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
1738 	if (!cmd) {
1739 		ret = -ENOMEM;
1740 		goto out;
1741 	}
1742 
1743 	cmd->ch_bit_map1 = tmp_ch_bitmap[0];
1744 	cmd->ch_bit_map2 = tmp_ch_bitmap[1];
1745 	cmd->dfs_region = wl->dfs_region;
1746 
1747 	wl1271_debug(DEBUG_CMD,
1748 		     "cmd reg domain bitmap1: 0x%08x, bitmap2: 0x%08x",
1749 		     cmd->ch_bit_map1, cmd->ch_bit_map2);
1750 
1751 	ret = wl1271_cmd_send(wl, CMD_DFS_CHANNEL_CONFIG, cmd, sizeof(*cmd), 0);
1752 	if (ret < 0) {
1753 		wl1271_error("failed to send reg domain dfs config");
1754 		goto out;
1755 	}
1756 
1757 	ret = wl->ops->wait_for_event(wl,
1758 				      WLCORE_EVENT_DFS_CONFIG_COMPLETE,
1759 				      &timeout);
1760 	if (ret < 0 || timeout) {
1761 		wl1271_error("reg domain conf %serror",
1762 			     timeout ? "completion " : "");
1763 		ret = timeout ? -ETIMEDOUT : ret;
1764 		goto out;
1765 	}
1766 
1767 	memcpy(wl->reg_ch_conf_last, tmp_ch_bitmap, sizeof(tmp_ch_bitmap));
1768 	memset(wl->reg_ch_conf_pending, 0, sizeof(wl->reg_ch_conf_pending));
1769 
1770 out:
1771 	kfree(cmd);
1772 	return ret;
1773 }
1774 
1775 int wl12xx_cmd_config_fwlog(struct wl1271 *wl)
1776 {
1777 	struct wl12xx_cmd_config_fwlog *cmd;
1778 	int ret = 0;
1779 
1780 	wl1271_debug(DEBUG_CMD, "cmd config firmware logger");
1781 
1782 	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
1783 	if (!cmd) {
1784 		ret = -ENOMEM;
1785 		goto out;
1786 	}
1787 
1788 	cmd->logger_mode = wl->conf.fwlog.mode;
1789 	cmd->log_severity = wl->conf.fwlog.severity;
1790 	cmd->timestamp = wl->conf.fwlog.timestamp;
1791 	cmd->output = wl->conf.fwlog.output;
1792 	cmd->threshold = wl->conf.fwlog.threshold;
1793 
1794 	ret = wl1271_cmd_send(wl, CMD_CONFIG_FWLOGGER, cmd, sizeof(*cmd), 0);
1795 	if (ret < 0) {
1796 		wl1271_error("failed to send config firmware logger command");
1797 		goto out_free;
1798 	}
1799 
1800 out_free:
1801 	kfree(cmd);
1802 
1803 out:
1804 	return ret;
1805 }
1806 
1807 int wl12xx_cmd_start_fwlog(struct wl1271 *wl)
1808 {
1809 	struct wl12xx_cmd_start_fwlog *cmd;
1810 	int ret = 0;
1811 
1812 	wl1271_debug(DEBUG_CMD, "cmd start firmware logger");
1813 
1814 	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
1815 	if (!cmd) {
1816 		ret = -ENOMEM;
1817 		goto out;
1818 	}
1819 
1820 	ret = wl1271_cmd_send(wl, CMD_START_FWLOGGER, cmd, sizeof(*cmd), 0);
1821 	if (ret < 0) {
1822 		wl1271_error("failed to send start firmware logger command");
1823 		goto out_free;
1824 	}
1825 
1826 out_free:
1827 	kfree(cmd);
1828 
1829 out:
1830 	return ret;
1831 }
1832 
1833 int wl12xx_cmd_stop_fwlog(struct wl1271 *wl)
1834 {
1835 	struct wl12xx_cmd_stop_fwlog *cmd;
1836 	int ret = 0;
1837 
1838 	wl1271_debug(DEBUG_CMD, "cmd stop firmware logger");
1839 
1840 	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
1841 	if (!cmd) {
1842 		ret = -ENOMEM;
1843 		goto out;
1844 	}
1845 
1846 	ret = wl1271_cmd_send(wl, CMD_STOP_FWLOGGER, cmd, sizeof(*cmd), 0);
1847 	if (ret < 0) {
1848 		wl1271_error("failed to send stop firmware logger command");
1849 		goto out_free;
1850 	}
1851 
1852 out_free:
1853 	kfree(cmd);
1854 
1855 out:
1856 	return ret;
1857 }
1858 
1859 static int wl12xx_cmd_roc(struct wl1271 *wl, struct wl12xx_vif *wlvif,
1860 			  u8 role_id, enum nl80211_band band, u8 channel)
1861 {
1862 	struct wl12xx_cmd_roc *cmd;
1863 	int ret = 0;
1864 
1865 	wl1271_debug(DEBUG_CMD, "cmd roc %d (%d)", channel, role_id);
1866 
1867 	if (WARN_ON(role_id == WL12XX_INVALID_ROLE_ID))
1868 		return -EINVAL;
1869 
1870 	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
1871 	if (!cmd) {
1872 		ret = -ENOMEM;
1873 		goto out;
1874 	}
1875 
1876 	cmd->role_id = role_id;
1877 	cmd->channel = channel;
1878 	switch (band) {
1879 	case NL80211_BAND_2GHZ:
1880 		cmd->band = WLCORE_BAND_2_4GHZ;
1881 		break;
1882 	case NL80211_BAND_5GHZ:
1883 		cmd->band = WLCORE_BAND_5GHZ;
1884 		break;
1885 	default:
1886 		wl1271_error("roc - unknown band: %d", (int)wlvif->band);
1887 		ret = -EINVAL;
1888 		goto out_free;
1889 	}
1890 
1891 
1892 	ret = wl1271_cmd_send(wl, CMD_REMAIN_ON_CHANNEL, cmd, sizeof(*cmd), 0);
1893 	if (ret < 0) {
1894 		wl1271_error("failed to send ROC command");
1895 		goto out_free;
1896 	}
1897 
1898 out_free:
1899 	kfree(cmd);
1900 
1901 out:
1902 	return ret;
1903 }
1904 
1905 static int wl12xx_cmd_croc(struct wl1271 *wl, u8 role_id)
1906 {
1907 	struct wl12xx_cmd_croc *cmd;
1908 	int ret = 0;
1909 
1910 	wl1271_debug(DEBUG_CMD, "cmd croc (%d)", role_id);
1911 
1912 	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
1913 	if (!cmd) {
1914 		ret = -ENOMEM;
1915 		goto out;
1916 	}
1917 	cmd->role_id = role_id;
1918 
1919 	ret = wl1271_cmd_send(wl, CMD_CANCEL_REMAIN_ON_CHANNEL, cmd,
1920 			      sizeof(*cmd), 0);
1921 	if (ret < 0) {
1922 		wl1271_error("failed to send ROC command");
1923 		goto out_free;
1924 	}
1925 
1926 out_free:
1927 	kfree(cmd);
1928 
1929 out:
1930 	return ret;
1931 }
1932 
1933 int wl12xx_roc(struct wl1271 *wl, struct wl12xx_vif *wlvif, u8 role_id,
1934 	       enum nl80211_band band, u8 channel)
1935 {
1936 	int ret = 0;
1937 
1938 	if (WARN_ON(test_bit(role_id, wl->roc_map)))
1939 		return 0;
1940 
1941 	ret = wl12xx_cmd_roc(wl, wlvif, role_id, band, channel);
1942 	if (ret < 0)
1943 		goto out;
1944 
1945 	__set_bit(role_id, wl->roc_map);
1946 out:
1947 	return ret;
1948 }
1949 
1950 int wl12xx_croc(struct wl1271 *wl, u8 role_id)
1951 {
1952 	int ret = 0;
1953 
1954 	if (WARN_ON(!test_bit(role_id, wl->roc_map)))
1955 		return 0;
1956 
1957 	ret = wl12xx_cmd_croc(wl, role_id);
1958 	if (ret < 0)
1959 		goto out;
1960 
1961 	__clear_bit(role_id, wl->roc_map);
1962 
1963 	/*
1964 	 * Rearm the tx watchdog when removing the last ROC. This prevents
1965 	 * recoveries due to just finished ROCs - when Tx hasn't yet had
1966 	 * a chance to get out.
1967 	 */
1968 	if (find_first_bit(wl->roc_map, WL12XX_MAX_ROLES) >= WL12XX_MAX_ROLES)
1969 		wl12xx_rearm_tx_watchdog_locked(wl);
1970 out:
1971 	return ret;
1972 }
1973 
1974 int wl12xx_cmd_stop_channel_switch(struct wl1271 *wl, struct wl12xx_vif *wlvif)
1975 {
1976 	struct wl12xx_cmd_stop_channel_switch *cmd;
1977 	int ret;
1978 
1979 	wl1271_debug(DEBUG_ACX, "cmd stop channel switch");
1980 
1981 	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
1982 	if (!cmd) {
1983 		ret = -ENOMEM;
1984 		goto out;
1985 	}
1986 
1987 	cmd->role_id = wlvif->role_id;
1988 
1989 	ret = wl1271_cmd_send(wl, CMD_STOP_CHANNEL_SWICTH, cmd, sizeof(*cmd), 0);
1990 	if (ret < 0) {
1991 		wl1271_error("failed to stop channel switch command");
1992 		goto out_free;
1993 	}
1994 
1995 out_free:
1996 	kfree(cmd);
1997 
1998 out:
1999 	return ret;
2000 }
2001 
2002 /* start dev role and roc on its channel */
2003 int wl12xx_start_dev(struct wl1271 *wl, struct wl12xx_vif *wlvif,
2004 		     enum nl80211_band band, int channel)
2005 {
2006 	int ret;
2007 
2008 	if (WARN_ON(!(wlvif->bss_type == BSS_TYPE_STA_BSS ||
2009 		      wlvif->bss_type == BSS_TYPE_IBSS)))
2010 		return -EINVAL;
2011 
2012 	/* the dev role is already started for p2p mgmt interfaces */
2013 	if (!wlcore_is_p2p_mgmt(wlvif)) {
2014 		ret = wl12xx_cmd_role_enable(wl,
2015 					     wl12xx_wlvif_to_vif(wlvif)->addr,
2016 					     WL1271_ROLE_DEVICE,
2017 					     &wlvif->dev_role_id);
2018 		if (ret < 0)
2019 			goto out;
2020 	}
2021 
2022 	ret = wl12xx_cmd_role_start_dev(wl, wlvif, band, channel);
2023 	if (ret < 0)
2024 		goto out_disable;
2025 
2026 	ret = wl12xx_roc(wl, wlvif, wlvif->dev_role_id, band, channel);
2027 	if (ret < 0)
2028 		goto out_stop;
2029 
2030 	return 0;
2031 
2032 out_stop:
2033 	wl12xx_cmd_role_stop_dev(wl, wlvif);
2034 out_disable:
2035 	if (!wlcore_is_p2p_mgmt(wlvif))
2036 		wl12xx_cmd_role_disable(wl, &wlvif->dev_role_id);
2037 out:
2038 	return ret;
2039 }
2040 
2041 /* croc dev hlid, and stop the role */
2042 int wl12xx_stop_dev(struct wl1271 *wl, struct wl12xx_vif *wlvif)
2043 {
2044 	int ret;
2045 
2046 	if (WARN_ON(!(wlvif->bss_type == BSS_TYPE_STA_BSS ||
2047 		      wlvif->bss_type == BSS_TYPE_IBSS)))
2048 		return -EINVAL;
2049 
2050 	/* flush all pending packets */
2051 	ret = wlcore_tx_work_locked(wl);
2052 	if (ret < 0)
2053 		goto out;
2054 
2055 	if (test_bit(wlvif->dev_role_id, wl->roc_map)) {
2056 		ret = wl12xx_croc(wl, wlvif->dev_role_id);
2057 		if (ret < 0)
2058 			goto out;
2059 	}
2060 
2061 	ret = wl12xx_cmd_role_stop_dev(wl, wlvif);
2062 	if (ret < 0)
2063 		goto out;
2064 
2065 	if (!wlcore_is_p2p_mgmt(wlvif)) {
2066 		ret = wl12xx_cmd_role_disable(wl, &wlvif->dev_role_id);
2067 		if (ret < 0)
2068 			goto out;
2069 	}
2070 
2071 out:
2072 	return ret;
2073 }
2074 
2075 int wlcore_cmd_generic_cfg(struct wl1271 *wl, struct wl12xx_vif *wlvif,
2076 			   u8 feature, u8 enable, u8 value)
2077 {
2078 	struct wlcore_cmd_generic_cfg *cmd;
2079 	int ret;
2080 
2081 	wl1271_debug(DEBUG_CMD,
2082 		     "cmd generic cfg (role %d feature %d enable %d value %d)",
2083 		     wlvif->role_id, feature, enable, value);
2084 
2085 	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
2086 	if (!cmd)
2087 		return -ENOMEM;
2088 
2089 	cmd->role_id = wlvif->role_id;
2090 	cmd->feature = feature;
2091 	cmd->enable = enable;
2092 	cmd->value = value;
2093 
2094 	ret = wl1271_cmd_send(wl, CMD_GENERIC_CFG, cmd, sizeof(*cmd), 0);
2095 	if (ret < 0) {
2096 		wl1271_error("failed to send generic cfg command");
2097 		goto out_free;
2098 	}
2099 out_free:
2100 	kfree(cmd);
2101 	return ret;
2102 }
2103 EXPORT_SYMBOL_GPL(wlcore_cmd_generic_cfg);
2104