2 * Copyright (c) 2010 Broadcom Corporation
4 * Permission to use, copy, modify, and/or distribute this software for any
5 * purpose with or without fee is hereby granted, provided that the above
6 * copyright notice and this permission notice appear in all copies.
8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
11 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
13 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
14 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
19 #include <linux/types.h>
20 #include <linux/kernel.h>
21 #include <linux/kthread.h>
22 #include <linux/printk.h>
23 #include <linux/pci_ids.h>
24 #include <linux/netdevice.h>
25 #include <linux/interrupt.h>
26 #include <linux/sched.h>
27 #include <linux/mmc/sdio.h>
28 #include <linux/mmc/sdio_func.h>
29 #include <linux/mmc/card.h>
30 #include <linux/semaphore.h>
31 #include <linux/firmware.h>
32 #include <linux/module.h>
33 #include <linux/bcma/bcma.h>
34 #include <linux/debugfs.h>
35 #include <linux/vmalloc.h>
36 #include <asm/unaligned.h>
38 #include <brcmu_wifi.h>
39 #include <brcmu_utils.h>
40 #include <brcm_hw_ids.h>
42 #include "sdio_host.h"
43 #include "sdio_chip.h"
45 #define DCMD_RESP_TIMEOUT 2000 /* In milli second */
49 #define BRCMF_TRAP_INFO_SIZE 80
51 #define CBUF_LEN (128)
53 /* Device console log buffer state */
54 #define CONSOLE_BUFFER_MAX 2024
57 __le32 buf; /* Can't be pointer on (64-bit) hosts */
60 char *_buf_compat; /* Redundant pointer for backward compat. */
65 * When there is no UART (e.g. Quickturn),
66 * the host should write a complete
67 * input line directly into cbuf and then write
68 * the length into vcons_in.
69 * This may also be used when there is a real UART
70 * (at risk of conflicting with
71 * the real UART). vcons_out is currently unused.
76 /* Output (logging) buffer
77 * Console output is written to a ring buffer log_buf at index log_idx.
78 * The host may read the output when it sees log_idx advance.
79 * Output will be lost if the output wraps around faster than the host
82 struct rte_log_le log_le;
84 /* Console input line buffer
85 * Characters are read one at a time into cbuf
86 * until <CR> is received, then
87 * the buffer is processed as a command line.
88 * Also used for virtual UART.
95 #include <chipcommon.h>
100 #define TXQLEN 2048 /* bulk tx queue length */
101 #define TXHI (TXQLEN - 256) /* turn on flow control above TXHI */
102 #define TXLOW (TXHI - 256) /* turn off flow control below TXLOW */
105 #define TXRETRIES 2 /* # of retries for tx frames */
107 #define BRCMF_RXBOUND 50 /* Default for max rx frames in
110 #define BRCMF_TXBOUND 20 /* Default for max tx frames in
113 #define BRCMF_TXMINMAX 1 /* Max tx frames if rx still pending */
115 #define MEMBLOCK 2048 /* Block size used for downloading
117 #define MAX_DATA_BUF (32 * 1024) /* Must be large enough to hold
118 biggest possible glom */
120 #define BRCMF_FIRSTREAD (1 << 6)
123 /* SBSDIO_DEVICE_CTL */
125 /* 1: device will assert busy signal when receiving CMD53 */
126 #define SBSDIO_DEVCTL_SETBUSY 0x01
127 /* 1: assertion of sdio interrupt is synchronous to the sdio clock */
128 #define SBSDIO_DEVCTL_SPI_INTR_SYNC 0x02
129 /* 1: mask all interrupts to host except the chipActive (rev 8) */
130 #define SBSDIO_DEVCTL_CA_INT_ONLY 0x04
131 /* 1: isolate internal sdio signals, put external pads in tri-state; requires
132 * sdio bus power cycle to clear (rev 9) */
133 #define SBSDIO_DEVCTL_PADS_ISO 0x08
134 /* Force SD->SB reset mapping (rev 11) */
135 #define SBSDIO_DEVCTL_SB_RST_CTL 0x30
136 /* Determined by CoreControl bit */
137 #define SBSDIO_DEVCTL_RST_CORECTL 0x00
138 /* Force backplane reset */
139 #define SBSDIO_DEVCTL_RST_BPRESET 0x10
140 /* Force no backplane reset */
141 #define SBSDIO_DEVCTL_RST_NOBPRESET 0x20
143 /* direct(mapped) cis space */
145 /* MAPPED common CIS address */
146 #define SBSDIO_CIS_BASE_COMMON 0x1000
147 /* maximum bytes in one CIS */
148 #define SBSDIO_CIS_SIZE_LIMIT 0x200
149 /* cis offset addr is < 17 bits */
150 #define SBSDIO_CIS_OFT_ADDR_MASK 0x1FFFF
152 /* manfid tuple length, include tuple, link bytes */
153 #define SBSDIO_CIS_MANFID_TUPLE_LEN 6
156 #define I_SMB_SW0 (1 << 0) /* To SB Mail S/W interrupt 0 */
157 #define I_SMB_SW1 (1 << 1) /* To SB Mail S/W interrupt 1 */
158 #define I_SMB_SW2 (1 << 2) /* To SB Mail S/W interrupt 2 */
159 #define I_SMB_SW3 (1 << 3) /* To SB Mail S/W interrupt 3 */
160 #define I_SMB_SW_MASK 0x0000000f /* To SB Mail S/W interrupts mask */
161 #define I_SMB_SW_SHIFT 0 /* To SB Mail S/W interrupts shift */
162 #define I_HMB_SW0 (1 << 4) /* To Host Mail S/W interrupt 0 */
163 #define I_HMB_SW1 (1 << 5) /* To Host Mail S/W interrupt 1 */
164 #define I_HMB_SW2 (1 << 6) /* To Host Mail S/W interrupt 2 */
165 #define I_HMB_SW3 (1 << 7) /* To Host Mail S/W interrupt 3 */
166 #define I_HMB_SW_MASK 0x000000f0 /* To Host Mail S/W interrupts mask */
167 #define I_HMB_SW_SHIFT 4 /* To Host Mail S/W interrupts shift */
168 #define I_WR_OOSYNC (1 << 8) /* Write Frame Out Of Sync */
169 #define I_RD_OOSYNC (1 << 9) /* Read Frame Out Of Sync */
170 #define I_PC (1 << 10) /* descriptor error */
171 #define I_PD (1 << 11) /* data error */
172 #define I_DE (1 << 12) /* Descriptor protocol Error */
173 #define I_RU (1 << 13) /* Receive descriptor Underflow */
174 #define I_RO (1 << 14) /* Receive fifo Overflow */
175 #define I_XU (1 << 15) /* Transmit fifo Underflow */
176 #define I_RI (1 << 16) /* Receive Interrupt */
177 #define I_BUSPWR (1 << 17) /* SDIO Bus Power Change (rev 9) */
178 #define I_XMTDATA_AVAIL (1 << 23) /* bits in fifo */
179 #define I_XI (1 << 24) /* Transmit Interrupt */
180 #define I_RF_TERM (1 << 25) /* Read Frame Terminate */
181 #define I_WF_TERM (1 << 26) /* Write Frame Terminate */
182 #define I_PCMCIA_XU (1 << 27) /* PCMCIA Transmit FIFO Underflow */
183 #define I_SBINT (1 << 28) /* sbintstatus Interrupt */
184 #define I_CHIPACTIVE (1 << 29) /* chip from doze to active state */
185 #define I_SRESET (1 << 30) /* CCCR RES interrupt */
186 #define I_IOE2 (1U << 31) /* CCCR IOE2 Bit Changed */
187 #define I_ERRORS (I_PC | I_PD | I_DE | I_RU | I_RO | I_XU)
188 #define I_DMA (I_RI | I_XI | I_ERRORS)
191 #define CC_CISRDY (1 << 0) /* CIS Ready */
192 #define CC_BPRESEN (1 << 1) /* CCCR RES signal */
193 #define CC_F2RDY (1 << 2) /* set CCCR IOR2 bit */
194 #define CC_CLRPADSISO (1 << 3) /* clear SDIO pads isolation */
195 #define CC_XMTDATAAVAIL_MODE (1 << 4)
196 #define CC_XMTDATAAVAIL_CTRL (1 << 5)
199 #define SFC_RF_TERM (1 << 0) /* Read Frame Terminate */
200 #define SFC_WF_TERM (1 << 1) /* Write Frame Terminate */
201 #define SFC_CRC4WOOS (1 << 2) /* CRC error for write out of sync */
202 #define SFC_ABORTALL (1 << 3) /* Abort all in-progress frames */
205 #define SDPCM_FRAMETAG_LEN 4 /* 2 bytes len, 2 bytes check val */
207 /* Total length of frame header for dongle protocol */
208 #define SDPCM_HDRLEN (SDPCM_FRAMETAG_LEN + SDPCM_SWHEADER_LEN)
209 #define SDPCM_RESERVE (SDPCM_HDRLEN + BRCMF_SDALIGN)
212 * Software allocation of To SB Mailbox resources
215 /* tosbmailbox bits corresponding to intstatus bits */
216 #define SMB_NAK (1 << 0) /* Frame NAK */
217 #define SMB_INT_ACK (1 << 1) /* Host Interrupt ACK */
218 #define SMB_USE_OOB (1 << 2) /* Use OOB Wakeup */
219 #define SMB_DEV_INT (1 << 3) /* Miscellaneous Interrupt */
221 /* tosbmailboxdata */
222 #define SMB_DATA_VERSION_SHIFT 16 /* host protocol version */
225 * Software allocation of To Host Mailbox resources
229 #define I_HMB_FC_STATE I_HMB_SW0 /* Flow Control State */
230 #define I_HMB_FC_CHANGE I_HMB_SW1 /* Flow Control State Changed */
231 #define I_HMB_FRAME_IND I_HMB_SW2 /* Frame Indication */
232 #define I_HMB_HOST_INT I_HMB_SW3 /* Miscellaneous Interrupt */
234 /* tohostmailboxdata */
235 #define HMB_DATA_NAKHANDLED 1 /* retransmit NAK'd frame */
236 #define HMB_DATA_DEVREADY 2 /* talk to host after enable */
237 #define HMB_DATA_FC 4 /* per prio flowcontrol update flag */
238 #define HMB_DATA_FWREADY 8 /* fw ready for protocol activity */
240 #define HMB_DATA_FCDATA_MASK 0xff000000
241 #define HMB_DATA_FCDATA_SHIFT 24
243 #define HMB_DATA_VERSION_MASK 0x00ff0000
244 #define HMB_DATA_VERSION_SHIFT 16
247 * Software-defined protocol header
250 /* Current protocol version */
251 #define SDPCM_PROT_VERSION 4
253 /* SW frame header */
254 #define SDPCM_PACKET_SEQUENCE(p) (((u8 *)p)[0] & 0xff)
256 #define SDPCM_CHANNEL_MASK 0x00000f00
257 #define SDPCM_CHANNEL_SHIFT 8
258 #define SDPCM_PACKET_CHANNEL(p) (((u8 *)p)[1] & 0x0f)
260 #define SDPCM_NEXTLEN_OFFSET 2
262 /* Data Offset from SOF (HW Tag, SW Tag, Pad) */
263 #define SDPCM_DOFFSET_OFFSET 3 /* Data Offset */
264 #define SDPCM_DOFFSET_VALUE(p) (((u8 *)p)[SDPCM_DOFFSET_OFFSET] & 0xff)
265 #define SDPCM_DOFFSET_MASK 0xff000000
266 #define SDPCM_DOFFSET_SHIFT 24
267 #define SDPCM_FCMASK_OFFSET 4 /* Flow control */
268 #define SDPCM_FCMASK_VALUE(p) (((u8 *)p)[SDPCM_FCMASK_OFFSET] & 0xff)
269 #define SDPCM_WINDOW_OFFSET 5 /* Credit based fc */
270 #define SDPCM_WINDOW_VALUE(p) (((u8 *)p)[SDPCM_WINDOW_OFFSET] & 0xff)
272 #define SDPCM_SWHEADER_LEN 8 /* SW header is 64 bits */
274 /* logical channel numbers */
275 #define SDPCM_CONTROL_CHANNEL 0 /* Control channel Id */
276 #define SDPCM_EVENT_CHANNEL 1 /* Asyc Event Indication Channel Id */
277 #define SDPCM_DATA_CHANNEL 2 /* Data Xmit/Recv Channel Id */
278 #define SDPCM_GLOM_CHANNEL 3 /* For coalesced packets */
279 #define SDPCM_TEST_CHANNEL 15 /* Reserved for test/debug packets */
281 #define SDPCM_SEQUENCE_WRAP 256 /* wrap-around val for 8bit frame seq */
283 #define SDPCM_GLOMDESC(p) (((u8 *)p)[1] & 0x80)
286 * Shared structure between dongle and the host.
287 * The structure contains pointers to trap or assert information.
289 #define SDPCM_SHARED_VERSION 0x0003
290 #define SDPCM_SHARED_VERSION_MASK 0x00FF
291 #define SDPCM_SHARED_ASSERT_BUILT 0x0100
292 #define SDPCM_SHARED_ASSERT 0x0200
293 #define SDPCM_SHARED_TRAP 0x0400
295 /* Space for header read, limit for data packets */
296 #define MAX_HDR_READ (1 << 6)
297 #define MAX_RX_DATASZ 2048
299 /* Maximum milliseconds to wait for F2 to come up */
300 #define BRCMF_WAIT_F2RDY 3000
302 /* Bump up limit on waiting for HT to account for first startup;
303 * if the image is doing a CRC calculation before programming the PMU
304 * for HT availability, it could take a couple hundred ms more, so
305 * max out at a 1 second (1000000us).
307 #undef PMU_MAX_TRANSITION_DLY
308 #define PMU_MAX_TRANSITION_DLY 1000000
310 /* Value for ChipClockCSR during initial setup */
311 #define BRCMF_INIT_CLKCTL1 (SBSDIO_FORCE_HW_CLKREQ_OFF | \
312 SBSDIO_ALP_AVAIL_REQ)
314 /* Flags for SDH calls */
315 #define F2SYNC (SDIO_REQ_4BYTE | SDIO_REQ_FIXED)
317 #define BRCMF_SDIO_FW_NAME "brcm/brcmfmac-sdio.bin"
318 #define BRCMF_SDIO_NV_NAME "brcm/brcmfmac-sdio.txt"
319 MODULE_FIRMWARE(BRCMF_SDIO_FW_NAME);
320 MODULE_FIRMWARE(BRCMF_SDIO_NV_NAME);
322 #define BRCMF_IDLE_IMMEDIATE (-1) /* Enter idle immediately */
323 #define BRCMF_IDLE_ACTIVE 0 /* Do not request any SD clock change
326 #define BRCMF_IDLE_INTERVAL 1
329 * Conversion of 802.1D priority to precedence level
331 static uint prio2prec(u32 prio)
333 return (prio == PRIO_8021D_NONE || prio == PRIO_8021D_BE) ?
339 u32 corecontrol; /* 0x00, rev8 */
340 u32 corestatus; /* rev8 */
342 u32 biststatus; /* rev8 */
345 u16 pcmciamesportaladdr; /* 0x010, rev8 */
347 u16 pcmciamesportalmask; /* rev8 */
349 u16 pcmciawrframebc; /* rev8 */
351 u16 pcmciaunderflowtimer; /* rev8 */
355 u32 intstatus; /* 0x020, rev8 */
356 u32 hostintmask; /* rev8 */
357 u32 intmask; /* rev8 */
358 u32 sbintstatus; /* rev8 */
359 u32 sbintmask; /* rev8 */
360 u32 funcintmask; /* rev4 */
362 u32 tosbmailbox; /* 0x040, rev8 */
363 u32 tohostmailbox; /* rev8 */
364 u32 tosbmailboxdata; /* rev8 */
365 u32 tohostmailboxdata; /* rev8 */
367 /* synchronized access to registers in SDIO clock domain */
368 u32 sdioaccess; /* 0x050, rev8 */
371 /* PCMCIA frame control */
372 u8 pcmciaframectrl; /* 0x060, rev8 */
374 u8 pcmciawatermark; /* rev8 */
377 /* interrupt batching control */
378 u32 intrcvlazy; /* 0x100, rev8 */
382 u32 cmd52rd; /* 0x110, rev8 */
383 u32 cmd52wr; /* rev8 */
384 u32 cmd53rd; /* rev8 */
385 u32 cmd53wr; /* rev8 */
386 u32 abort; /* rev8 */
387 u32 datacrcerror; /* rev8 */
388 u32 rdoutofsync; /* rev8 */
389 u32 wroutofsync; /* rev8 */
390 u32 writebusy; /* rev8 */
391 u32 readwait; /* rev8 */
392 u32 readterm; /* rev8 */
393 u32 writeterm; /* rev8 */
395 u32 clockctlstatus; /* rev8 */
398 u32 PAD[128]; /* DMA engines */
400 /* SDIO/PCMCIA CIS region */
401 char cis[512]; /* 0x400-0x5ff, rev6 */
403 /* PCMCIA function control registers */
404 char pcmciafcr[256]; /* 0x600-6ff, rev6 */
407 /* PCMCIA backplane access */
408 u16 backplanecsr; /* 0x76E, rev6 */
409 u16 backplaneaddr0; /* rev6 */
410 u16 backplaneaddr1; /* rev6 */
411 u16 backplaneaddr2; /* rev6 */
412 u16 backplaneaddr3; /* rev6 */
413 u16 backplanedata0; /* rev6 */
414 u16 backplanedata1; /* rev6 */
415 u16 backplanedata2; /* rev6 */
416 u16 backplanedata3; /* rev6 */
419 /* sprom "size" & "blank" info */
420 u16 spromstatus; /* 0x7BE, rev2 */
427 /* Device console log buffer state */
428 struct brcmf_console {
429 uint count; /* Poll interval msec counter */
430 uint log_addr; /* Log struct address (fixed) */
431 struct rte_log_le log_le; /* Log struct (host copy) */
432 uint bufsize; /* Size of log buffer */
433 u8 *buf; /* Log buffer (host copy) */
434 uint last; /* Last buffer read index */
437 struct brcmf_trap_info {
451 __le32 r9; /* sb/v6 */
452 __le32 r10; /* sl/v7 */
453 __le32 r11; /* fp/v8 */
461 struct sdpcm_shared {
465 u32 assert_file_addr;
467 u32 console_addr; /* Address of struct rte_console */
473 struct sdpcm_shared_le {
476 __le32 assert_exp_addr;
477 __le32 assert_file_addr;
479 __le32 console_addr; /* Address of struct rte_console */
480 __le32 msgtrace_addr;
486 /* misc chip info needed by some of the routines */
487 /* Private data for SDIO bus interaction */
489 struct brcmf_sdio_dev *sdiodev; /* sdio device handler */
490 struct chip_info *ci; /* Chip info struct */
491 char *vars; /* Variables (from CIS and/or other) */
492 uint varsz; /* Size of variables buffer */
494 u32 ramsize; /* Size of RAM in SOCRAM (bytes) */
496 u32 hostintmask; /* Copy of Host Interrupt Mask */
497 u32 intstatus; /* Intstatus bits (events) pending */
498 bool dpc_sched; /* Indicates DPC schedule (intrpt rcvd) */
499 bool fcstate; /* State of dongle flow-control */
501 uint blocksize; /* Block size of SDIO transfers */
502 uint roundup; /* Max roundup limit */
504 struct pktq txq; /* Queue length used for flow-control */
505 u8 flowcontrol; /* per prio flow control bitmask */
506 u8 tx_seq; /* Transmit sequence number (next) */
507 u8 tx_max; /* Maximum transmit sequence allowed */
509 u8 hdrbuf[MAX_HDR_READ + BRCMF_SDALIGN];
510 u8 *rxhdr; /* Header of current rx frame (in hdrbuf) */
511 u16 nextlen; /* Next Read Len from last header */
512 u8 rx_seq; /* Receive sequence number (expected) */
513 bool rxskip; /* Skip receive (awaiting NAK ACK) */
515 uint rxbound; /* Rx frames to read before resched */
516 uint txbound; /* Tx frames to send before resched */
519 struct sk_buff *glomd; /* Packet containing glomming descriptor */
520 struct sk_buff_head glom; /* Packet list for glommed superframe */
521 uint glomerr; /* Glom packet read errors */
523 u8 *rxbuf; /* Buffer for receiving control packets */
524 uint rxblen; /* Allocated length of rxbuf */
525 u8 *rxctl; /* Aligned pointer into rxbuf */
526 u8 *databuf; /* Buffer for receiving big glom packet */
527 u8 *dataptr; /* Aligned pointer into databuf */
528 uint rxlen; /* Length of valid data in buffer */
530 u8 sdpcm_ver; /* Bus protocol reported by dongle */
532 bool intr; /* Use interrupts */
533 bool poll; /* Use polling */
534 bool ipend; /* Device interrupt is pending */
535 uint spurious; /* Count of spurious interrupts */
536 uint pollrate; /* Ticks between device polls */
537 uint polltick; /* Tick counter */
540 uint console_interval;
541 struct brcmf_console console; /* Console output polling support */
542 uint console_addr; /* Console address from shared struct */
545 uint clkstate; /* State of sd and backplane clock(s) */
546 bool activity; /* Activity flag for clock down */
547 s32 idletime; /* Control for activity timeout */
548 s32 idlecount; /* Activity timeout counter */
549 s32 idleclock; /* How to set bus driver when idle */
551 bool use_rxchain; /* If brcmf should use PKT chains */
552 bool sleeping; /* Is SDIO bus sleeping? */
553 bool rxflow_mode; /* Rx flow control mode */
554 bool rxflow; /* Is rx flow control on */
555 bool alp_only; /* Don't use HT clock (ALP only) */
556 /* Field to decide if rx of control frames happen in rxbuf or lb-pool */
561 bool ctrl_frame_stat;
564 wait_queue_head_t ctrl_wait;
565 wait_queue_head_t dcmd_resp_wait;
567 struct timer_list timer;
568 struct completion watchdog_wait;
569 struct task_struct *watchdog_tsk;
573 struct task_struct *dpc_tsk;
574 struct completion dpc_wait;
575 struct list_head dpc_tsklst;
576 spinlock_t dpc_tl_lock;
578 struct semaphore sdsem;
580 const struct firmware *firmware;
583 bool txoff; /* Transmit flow-controlled */
584 struct brcmf_sdio_count sdcnt;
590 #define CLK_PENDING 2 /* Not used yet */
594 static int qcount[NUMPRIO];
595 static int tx_packets[NUMPRIO];
598 #define SDIO_DRIVE_STRENGTH 6 /* in milliamps */
600 #define RETRYCHAN(chan) ((chan) == SDPCM_EVENT_CHANNEL)
602 /* Retry count for register access failures */
603 static const uint retry_limit = 2;
605 /* Limit on rounding up frames */
606 static const uint max_roundup = 512;
610 static void pkt_align(struct sk_buff *p, int len, int align)
613 datalign = (unsigned long)(p->data);
614 datalign = roundup(datalign, (align)) - datalign;
616 skb_pull(p, datalign);
620 /* To check if there's window offered */
621 static bool data_ok(struct brcmf_sdio *bus)
623 return (u8)(bus->tx_max - bus->tx_seq) != 0 &&
624 ((u8)(bus->tx_max - bus->tx_seq) & 0x80) == 0;
628 * Reads a register in the SDIO hardware block. This block occupies a series of
629 * adresses on the 32 bit backplane bus.
632 r_sdreg32(struct brcmf_sdio *bus, u32 *regvar, u32 offset)
634 u8 idx = brcmf_sdio_chip_getinfidx(bus->ci, BCMA_CORE_SDIO_DEV);
637 *regvar = brcmf_sdio_regrl(bus->sdiodev,
638 bus->ci->c_inf[idx].base + offset, &ret);
644 w_sdreg32(struct brcmf_sdio *bus, u32 regval, u32 reg_offset)
646 u8 idx = brcmf_sdio_chip_getinfidx(bus->ci, BCMA_CORE_SDIO_DEV);
649 brcmf_sdio_regwl(bus->sdiodev,
650 bus->ci->c_inf[idx].base + reg_offset,
656 #define PKT_AVAILABLE() (intstatus & I_HMB_FRAME_IND)
658 #define HOSTINTMASK (I_HMB_SW_MASK | I_CHIPACTIVE)
660 /* Packet free applicable unconditionally for sdio and sdspi.
661 * Conditional if bufpool was present for gspi bus.
663 static void brcmf_sdbrcm_pktfree2(struct brcmf_sdio *bus, struct sk_buff *pkt)
666 brcmu_pkt_buf_free_skb(pkt);
669 /* Turn backplane clock on or off */
670 static int brcmf_sdbrcm_htclk(struct brcmf_sdio *bus, bool on, bool pendok)
673 u8 clkctl, clkreq, devctl;
674 unsigned long timeout;
676 brcmf_dbg(TRACE, "Enter\n");
681 /* Request HT Avail */
683 bus->alp_only ? SBSDIO_ALP_AVAIL_REQ : SBSDIO_HT_AVAIL_REQ;
685 brcmf_sdio_regwb(bus->sdiodev, SBSDIO_FUNC1_CHIPCLKCSR,
688 brcmf_dbg(ERROR, "HT Avail request error: %d\n", err);
692 /* Check current status */
693 clkctl = brcmf_sdio_regrb(bus->sdiodev,
694 SBSDIO_FUNC1_CHIPCLKCSR, &err);
696 brcmf_dbg(ERROR, "HT Avail read error: %d\n", err);
700 /* Go to pending and await interrupt if appropriate */
701 if (!SBSDIO_CLKAV(clkctl, bus->alp_only) && pendok) {
702 /* Allow only clock-available interrupt */
703 devctl = brcmf_sdio_regrb(bus->sdiodev,
704 SBSDIO_DEVICE_CTL, &err);
706 brcmf_dbg(ERROR, "Devctl error setting CA: %d\n",
711 devctl |= SBSDIO_DEVCTL_CA_INT_ONLY;
712 brcmf_sdio_regwb(bus->sdiodev, SBSDIO_DEVICE_CTL,
714 brcmf_dbg(INFO, "CLKCTL: set PENDING\n");
715 bus->clkstate = CLK_PENDING;
718 } else if (bus->clkstate == CLK_PENDING) {
719 /* Cancel CA-only interrupt filter */
720 devctl = brcmf_sdio_regrb(bus->sdiodev,
721 SBSDIO_DEVICE_CTL, &err);
722 devctl &= ~SBSDIO_DEVCTL_CA_INT_ONLY;
723 brcmf_sdio_regwb(bus->sdiodev, SBSDIO_DEVICE_CTL,
727 /* Otherwise, wait here (polling) for HT Avail */
729 msecs_to_jiffies(PMU_MAX_TRANSITION_DLY/1000);
730 while (!SBSDIO_CLKAV(clkctl, bus->alp_only)) {
731 clkctl = brcmf_sdio_regrb(bus->sdiodev,
732 SBSDIO_FUNC1_CHIPCLKCSR,
734 if (time_after(jiffies, timeout))
737 usleep_range(5000, 10000);
740 brcmf_dbg(ERROR, "HT Avail request error: %d\n", err);
743 if (!SBSDIO_CLKAV(clkctl, bus->alp_only)) {
744 brcmf_dbg(ERROR, "HT Avail timeout (%d): clkctl 0x%02x\n",
745 PMU_MAX_TRANSITION_DLY, clkctl);
749 /* Mark clock available */
750 bus->clkstate = CLK_AVAIL;
751 brcmf_dbg(INFO, "CLKCTL: turned ON\n");
754 if (!bus->alp_only) {
755 if (SBSDIO_ALPONLY(clkctl))
756 brcmf_dbg(ERROR, "HT Clock should be on\n");
758 #endif /* defined (DEBUG) */
760 bus->activity = true;
764 if (bus->clkstate == CLK_PENDING) {
765 /* Cancel CA-only interrupt filter */
766 devctl = brcmf_sdio_regrb(bus->sdiodev,
767 SBSDIO_DEVICE_CTL, &err);
768 devctl &= ~SBSDIO_DEVCTL_CA_INT_ONLY;
769 brcmf_sdio_regwb(bus->sdiodev, SBSDIO_DEVICE_CTL,
773 bus->clkstate = CLK_SDONLY;
774 brcmf_sdio_regwb(bus->sdiodev, SBSDIO_FUNC1_CHIPCLKCSR,
776 brcmf_dbg(INFO, "CLKCTL: turned OFF\n");
778 brcmf_dbg(ERROR, "Failed access turning clock off: %d\n",
786 /* Change idle/active SD state */
787 static int brcmf_sdbrcm_sdclk(struct brcmf_sdio *bus, bool on)
789 brcmf_dbg(TRACE, "Enter\n");
792 bus->clkstate = CLK_SDONLY;
794 bus->clkstate = CLK_NONE;
799 /* Transition SD and backplane clock readiness */
800 static int brcmf_sdbrcm_clkctl(struct brcmf_sdio *bus, uint target, bool pendok)
803 uint oldstate = bus->clkstate;
806 brcmf_dbg(TRACE, "Enter\n");
808 /* Early exit if we're already there */
809 if (bus->clkstate == target) {
810 if (target == CLK_AVAIL) {
811 brcmf_sdbrcm_wd_timer(bus, BRCMF_WD_POLL_MS);
812 bus->activity = true;
819 /* Make sure SD clock is available */
820 if (bus->clkstate == CLK_NONE)
821 brcmf_sdbrcm_sdclk(bus, true);
822 /* Now request HT Avail on the backplane */
823 brcmf_sdbrcm_htclk(bus, true, pendok);
824 brcmf_sdbrcm_wd_timer(bus, BRCMF_WD_POLL_MS);
825 bus->activity = true;
829 /* Remove HT request, or bring up SD clock */
830 if (bus->clkstate == CLK_NONE)
831 brcmf_sdbrcm_sdclk(bus, true);
832 else if (bus->clkstate == CLK_AVAIL)
833 brcmf_sdbrcm_htclk(bus, false, false);
835 brcmf_dbg(ERROR, "request for %d -> %d\n",
836 bus->clkstate, target);
837 brcmf_sdbrcm_wd_timer(bus, BRCMF_WD_POLL_MS);
841 /* Make sure to remove HT request */
842 if (bus->clkstate == CLK_AVAIL)
843 brcmf_sdbrcm_htclk(bus, false, false);
844 /* Now remove the SD clock */
845 brcmf_sdbrcm_sdclk(bus, false);
846 brcmf_sdbrcm_wd_timer(bus, 0);
850 brcmf_dbg(INFO, "%d -> %d\n", oldstate, bus->clkstate);
856 static int brcmf_sdbrcm_bussleep(struct brcmf_sdio *bus, bool sleep)
860 brcmf_dbg(INFO, "request %s (currently %s)\n",
861 sleep ? "SLEEP" : "WAKE",
862 bus->sleeping ? "SLEEP" : "WAKE");
864 /* Done if we're already in the requested state */
865 if (sleep == bus->sleeping)
868 /* Going to sleep: set the alarm and turn off the lights... */
870 /* Don't sleep if something is pending */
871 if (bus->dpc_sched || bus->rxskip || pktq_len(&bus->txq))
874 /* Make sure the controller has the bus up */
875 brcmf_sdbrcm_clkctl(bus, CLK_AVAIL, false);
877 /* Tell device to start using OOB wakeup */
878 ret = w_sdreg32(bus, SMB_USE_OOB,
879 offsetof(struct sdpcmd_regs, tosbmailbox));
881 brcmf_dbg(ERROR, "CANNOT SIGNAL CHIP, WILL NOT WAKE UP!!\n");
883 /* Turn off our contribution to the HT clock request */
884 brcmf_sdbrcm_clkctl(bus, CLK_SDONLY, false);
886 brcmf_sdio_regwb(bus->sdiodev, SBSDIO_FUNC1_CHIPCLKCSR,
887 SBSDIO_FORCE_HW_CLKREQ_OFF, NULL);
889 /* Isolate the bus */
890 brcmf_sdio_regwb(bus->sdiodev, SBSDIO_DEVICE_CTL,
891 SBSDIO_DEVCTL_PADS_ISO, NULL);
894 bus->sleeping = true;
897 /* Waking up: bus power up is ok, set local state */
899 brcmf_sdio_regwb(bus->sdiodev, SBSDIO_FUNC1_CHIPCLKCSR,
902 /* Make sure the controller has the bus up */
903 brcmf_sdbrcm_clkctl(bus, CLK_AVAIL, false);
905 /* Send misc interrupt to indicate OOB not needed */
906 ret = w_sdreg32(bus, 0,
907 offsetof(struct sdpcmd_regs, tosbmailboxdata));
909 ret = w_sdreg32(bus, SMB_DEV_INT,
910 offsetof(struct sdpcmd_regs, tosbmailbox));
913 brcmf_dbg(ERROR, "CANNOT SIGNAL CHIP TO CLEAR OOB!!\n");
915 /* Make sure we have SD bus access */
916 brcmf_sdbrcm_clkctl(bus, CLK_SDONLY, false);
919 bus->sleeping = false;
925 static void bus_wake(struct brcmf_sdio *bus)
928 brcmf_sdbrcm_bussleep(bus, false);
931 static u32 brcmf_sdbrcm_hostmail(struct brcmf_sdio *bus)
938 brcmf_dbg(TRACE, "Enter\n");
940 /* Read mailbox data and ack that we did so */
941 ret = r_sdreg32(bus, &hmb_data,
942 offsetof(struct sdpcmd_regs, tohostmailboxdata));
945 w_sdreg32(bus, SMB_INT_ACK,
946 offsetof(struct sdpcmd_regs, tosbmailbox));
947 bus->sdcnt.f1regdata += 2;
949 /* Dongle recomposed rx frames, accept them again */
950 if (hmb_data & HMB_DATA_NAKHANDLED) {
951 brcmf_dbg(INFO, "Dongle reports NAK handled, expect rtx of %d\n",
954 brcmf_dbg(ERROR, "unexpected NAKHANDLED!\n");
957 intstatus |= I_HMB_FRAME_IND;
961 * DEVREADY does not occur with gSPI.
963 if (hmb_data & (HMB_DATA_DEVREADY | HMB_DATA_FWREADY)) {
965 (hmb_data & HMB_DATA_VERSION_MASK) >>
966 HMB_DATA_VERSION_SHIFT;
967 if (bus->sdpcm_ver != SDPCM_PROT_VERSION)
968 brcmf_dbg(ERROR, "Version mismatch, dongle reports %d, "
970 bus->sdpcm_ver, SDPCM_PROT_VERSION);
972 brcmf_dbg(INFO, "Dongle ready, protocol version %d\n",
977 * Flow Control has been moved into the RX headers and this out of band
978 * method isn't used any more.
979 * remaining backward compatible with older dongles.
981 if (hmb_data & HMB_DATA_FC) {
982 fcbits = (hmb_data & HMB_DATA_FCDATA_MASK) >>
983 HMB_DATA_FCDATA_SHIFT;
985 if (fcbits & ~bus->flowcontrol)
986 bus->sdcnt.fc_xoff++;
988 if (bus->flowcontrol & ~fcbits)
991 bus->sdcnt.fc_rcvd++;
992 bus->flowcontrol = fcbits;
995 /* Shouldn't be any others */
996 if (hmb_data & ~(HMB_DATA_DEVREADY |
997 HMB_DATA_NAKHANDLED |
1000 HMB_DATA_FCDATA_MASK | HMB_DATA_VERSION_MASK))
1001 brcmf_dbg(ERROR, "Unknown mailbox data content: 0x%02x\n",
1007 static void brcmf_sdbrcm_rxfail(struct brcmf_sdio *bus, bool abort, bool rtx)
1014 brcmf_dbg(ERROR, "%sterminate frame%s\n",
1015 abort ? "abort command, " : "",
1016 rtx ? ", send NAK" : "");
1019 brcmf_sdcard_abort(bus->sdiodev, SDIO_FUNC_2);
1021 brcmf_sdio_regwb(bus->sdiodev, SBSDIO_FUNC1_FRAMECTRL,
1023 bus->sdcnt.f1regdata++;
1025 /* Wait until the packet has been flushed (device/FIFO stable) */
1026 for (lastrbc = retries = 0xffff; retries > 0; retries--) {
1027 hi = brcmf_sdio_regrb(bus->sdiodev,
1028 SBSDIO_FUNC1_RFRAMEBCHI, &err);
1029 lo = brcmf_sdio_regrb(bus->sdiodev,
1030 SBSDIO_FUNC1_RFRAMEBCLO, &err);
1031 bus->sdcnt.f1regdata += 2;
1033 if ((hi == 0) && (lo == 0))
1036 if ((hi > (lastrbc >> 8)) && (lo > (lastrbc & 0x00ff))) {
1037 brcmf_dbg(ERROR, "count growing: last 0x%04x now 0x%04x\n",
1038 lastrbc, (hi << 8) + lo);
1040 lastrbc = (hi << 8) + lo;
1044 brcmf_dbg(ERROR, "count never zeroed: last 0x%04x\n", lastrbc);
1046 brcmf_dbg(INFO, "flush took %d iterations\n", 0xffff - retries);
1050 err = w_sdreg32(bus, SMB_NAK,
1051 offsetof(struct sdpcmd_regs, tosbmailbox));
1053 bus->sdcnt.f1regdata++;
1058 /* Clear partial in any case */
1061 /* If we can't reach the device, signal failure */
1063 bus->sdiodev->bus_if->state = BRCMF_BUS_DOWN;
1066 /* copy a buffer into a pkt buffer chain */
1067 static uint brcmf_sdbrcm_glom_from_buf(struct brcmf_sdio *bus, uint len)
1076 skb_queue_walk(&bus->glom, p) {
1077 n = min_t(uint, p->len, len);
1078 memcpy(p->data, buf, n);
1089 /* return total length of buffer chain */
1090 static uint brcmf_sdbrcm_glom_len(struct brcmf_sdio *bus)
1096 skb_queue_walk(&bus->glom, p)
1101 static void brcmf_sdbrcm_free_glom(struct brcmf_sdio *bus)
1103 struct sk_buff *cur, *next;
1105 skb_queue_walk_safe(&bus->glom, cur, next) {
1106 skb_unlink(cur, &bus->glom);
1107 brcmu_pkt_buf_free_skb(cur);
1111 static u8 brcmf_sdbrcm_rxglom(struct brcmf_sdio *bus, u8 rxseq)
1117 struct sk_buff *pfirst, *pnext;
1120 u8 chan, seq, doff, sfdoff;
1124 bool usechain = bus->use_rxchain;
1126 /* If packets, issue read(s) and send up packet chain */
1127 /* Return sequence numbers consumed? */
1129 brcmf_dbg(TRACE, "start: glomd %p glom %p\n",
1130 bus->glomd, skb_peek(&bus->glom));
1132 /* If there's a descriptor, generate the packet chain */
1134 pfirst = pnext = NULL;
1135 dlen = (u16) (bus->glomd->len);
1136 dptr = bus->glomd->data;
1137 if (!dlen || (dlen & 1)) {
1138 brcmf_dbg(ERROR, "bad glomd len(%d), ignore descriptor\n",
1143 for (totlen = num = 0; dlen; num++) {
1144 /* Get (and move past) next length */
1145 sublen = get_unaligned_le16(dptr);
1146 dlen -= sizeof(u16);
1147 dptr += sizeof(u16);
1148 if ((sublen < SDPCM_HDRLEN) ||
1149 ((num == 0) && (sublen < (2 * SDPCM_HDRLEN)))) {
1150 brcmf_dbg(ERROR, "descriptor len %d bad: %d\n",
1155 if (sublen % BRCMF_SDALIGN) {
1156 brcmf_dbg(ERROR, "sublen %d not multiple of %d\n",
1157 sublen, BRCMF_SDALIGN);
1162 /* For last frame, adjust read len so total
1163 is a block multiple */
1166 (roundup(totlen, bus->blocksize) - totlen);
1167 totlen = roundup(totlen, bus->blocksize);
1170 /* Allocate/chain packet for next subframe */
1171 pnext = brcmu_pkt_buf_get_skb(sublen + BRCMF_SDALIGN);
1172 if (pnext == NULL) {
1173 brcmf_dbg(ERROR, "bcm_pkt_buf_get_skb failed, num %d len %d\n",
1177 skb_queue_tail(&bus->glom, pnext);
1179 /* Adhere to start alignment requirements */
1180 pkt_align(pnext, sublen, BRCMF_SDALIGN);
1183 /* If all allocations succeeded, save packet chain
1186 brcmf_dbg(GLOM, "allocated %d-byte packet chain for %d subframes\n",
1188 if (BRCMF_GLOM_ON() && bus->nextlen &&
1189 totlen != bus->nextlen) {
1190 brcmf_dbg(GLOM, "glomdesc mismatch: nextlen %d glomdesc %d rxseq %d\n",
1191 bus->nextlen, totlen, rxseq);
1193 pfirst = pnext = NULL;
1195 brcmf_sdbrcm_free_glom(bus);
1199 /* Done with descriptor packet */
1200 brcmu_pkt_buf_free_skb(bus->glomd);
1205 /* Ok -- either we just generated a packet chain,
1206 or had one from before */
1207 if (!skb_queue_empty(&bus->glom)) {
1208 if (BRCMF_GLOM_ON()) {
1209 brcmf_dbg(GLOM, "try superframe read, packet chain:\n");
1210 skb_queue_walk(&bus->glom, pnext) {
1211 brcmf_dbg(GLOM, " %p: %p len 0x%04x (%d)\n",
1212 pnext, (u8 *) (pnext->data),
1213 pnext->len, pnext->len);
1217 pfirst = skb_peek(&bus->glom);
1218 dlen = (u16) brcmf_sdbrcm_glom_len(bus);
1220 /* Do an SDIO read for the superframe. Configurable iovar to
1221 * read directly into the chained packet, or allocate a large
1222 * packet and and copy into the chain.
1225 errcode = brcmf_sdcard_recv_chain(bus->sdiodev,
1226 bus->sdiodev->sbwad,
1227 SDIO_FUNC_2, F2SYNC, &bus->glom);
1228 } else if (bus->dataptr) {
1229 errcode = brcmf_sdcard_recv_buf(bus->sdiodev,
1230 bus->sdiodev->sbwad,
1231 SDIO_FUNC_2, F2SYNC,
1232 bus->dataptr, dlen);
1233 sublen = (u16) brcmf_sdbrcm_glom_from_buf(bus, dlen);
1234 if (sublen != dlen) {
1235 brcmf_dbg(ERROR, "FAILED TO COPY, dlen %d sublen %d\n",
1241 brcmf_dbg(ERROR, "COULDN'T ALLOC %d-BYTE GLOM, FORCE FAILURE\n",
1245 bus->sdcnt.f2rxdata++;
1247 /* On failure, kill the superframe, allow a couple retries */
1249 brcmf_dbg(ERROR, "glom read of %d bytes failed: %d\n",
1251 bus->sdiodev->bus_if->dstats.rx_errors++;
1253 if (bus->glomerr++ < 3) {
1254 brcmf_sdbrcm_rxfail(bus, true, true);
1257 brcmf_sdbrcm_rxfail(bus, true, false);
1258 bus->sdcnt.rxglomfail++;
1259 brcmf_sdbrcm_free_glom(bus);
1264 brcmf_dbg_hex_dump(BRCMF_GLOM_ON(),
1265 pfirst->data, min_t(int, pfirst->len, 48),
1268 /* Validate the superframe header */
1269 dptr = (u8 *) (pfirst->data);
1270 sublen = get_unaligned_le16(dptr);
1271 check = get_unaligned_le16(dptr + sizeof(u16));
1273 chan = SDPCM_PACKET_CHANNEL(&dptr[SDPCM_FRAMETAG_LEN]);
1274 seq = SDPCM_PACKET_SEQUENCE(&dptr[SDPCM_FRAMETAG_LEN]);
1275 bus->nextlen = dptr[SDPCM_FRAMETAG_LEN + SDPCM_NEXTLEN_OFFSET];
1276 if ((bus->nextlen << 4) > MAX_RX_DATASZ) {
1277 brcmf_dbg(INFO, "nextlen too large (%d) seq %d\n",
1281 doff = SDPCM_DOFFSET_VALUE(&dptr[SDPCM_FRAMETAG_LEN]);
1282 txmax = SDPCM_WINDOW_VALUE(&dptr[SDPCM_FRAMETAG_LEN]);
1285 if ((u16)~(sublen ^ check)) {
1286 brcmf_dbg(ERROR, "(superframe): HW hdr error: len/check 0x%04x/0x%04x\n",
1289 } else if (roundup(sublen, bus->blocksize) != dlen) {
1290 brcmf_dbg(ERROR, "(superframe): len 0x%04x, rounded 0x%04x, expect 0x%04x\n",
1291 sublen, roundup(sublen, bus->blocksize),
1294 } else if (SDPCM_PACKET_CHANNEL(&dptr[SDPCM_FRAMETAG_LEN]) !=
1295 SDPCM_GLOM_CHANNEL) {
1296 brcmf_dbg(ERROR, "(superframe): bad channel %d\n",
1297 SDPCM_PACKET_CHANNEL(
1298 &dptr[SDPCM_FRAMETAG_LEN]));
1300 } else if (SDPCM_GLOMDESC(&dptr[SDPCM_FRAMETAG_LEN])) {
1301 brcmf_dbg(ERROR, "(superframe): got 2nd descriptor?\n");
1303 } else if ((doff < SDPCM_HDRLEN) ||
1304 (doff > (pfirst->len - SDPCM_HDRLEN))) {
1305 brcmf_dbg(ERROR, "(superframe): Bad data offset %d: HW %d pkt %d min %d\n",
1306 doff, sublen, pfirst->len, SDPCM_HDRLEN);
1310 /* Check sequence number of superframe SW header */
1312 brcmf_dbg(INFO, "(superframe) rx_seq %d, expected %d\n",
1314 bus->sdcnt.rx_badseq++;
1318 /* Check window for sanity */
1319 if ((u8) (txmax - bus->tx_seq) > 0x40) {
1320 brcmf_dbg(ERROR, "unlikely tx max %d with tx_seq %d\n",
1321 txmax, bus->tx_seq);
1322 txmax = bus->tx_seq + 2;
1324 bus->tx_max = txmax;
1326 /* Remove superframe header, remember offset */
1327 skb_pull(pfirst, doff);
1331 /* Validate all the subframe headers */
1332 skb_queue_walk(&bus->glom, pnext) {
1333 /* leave when invalid subframe is found */
1337 dptr = (u8 *) (pnext->data);
1338 dlen = (u16) (pnext->len);
1339 sublen = get_unaligned_le16(dptr);
1340 check = get_unaligned_le16(dptr + sizeof(u16));
1341 chan = SDPCM_PACKET_CHANNEL(&dptr[SDPCM_FRAMETAG_LEN]);
1342 doff = SDPCM_DOFFSET_VALUE(&dptr[SDPCM_FRAMETAG_LEN]);
1343 brcmf_dbg_hex_dump(BRCMF_GLOM_ON(),
1344 dptr, 32, "subframe:\n");
1346 if ((u16)~(sublen ^ check)) {
1347 brcmf_dbg(ERROR, "(subframe %d): HW hdr error: len/check 0x%04x/0x%04x\n",
1348 num, sublen, check);
1350 } else if ((sublen > dlen) || (sublen < SDPCM_HDRLEN)) {
1351 brcmf_dbg(ERROR, "(subframe %d): length mismatch: len 0x%04x, expect 0x%04x\n",
1354 } else if ((chan != SDPCM_DATA_CHANNEL) &&
1355 (chan != SDPCM_EVENT_CHANNEL)) {
1356 brcmf_dbg(ERROR, "(subframe %d): bad channel %d\n",
1359 } else if ((doff < SDPCM_HDRLEN) || (doff > sublen)) {
1360 brcmf_dbg(ERROR, "(subframe %d): Bad data offset %d: HW %d min %d\n",
1361 num, doff, sublen, SDPCM_HDRLEN);
1364 /* increase the subframe count */
1369 /* Terminate frame on error, request
1371 if (bus->glomerr++ < 3) {
1372 /* Restore superframe header space */
1373 skb_push(pfirst, sfdoff);
1374 brcmf_sdbrcm_rxfail(bus, true, true);
1377 brcmf_sdbrcm_rxfail(bus, true, false);
1378 bus->sdcnt.rxglomfail++;
1379 brcmf_sdbrcm_free_glom(bus);
1385 /* Basic SD framing looks ok - process each packet (header) */
1387 skb_queue_walk_safe(&bus->glom, pfirst, pnext) {
1388 dptr = (u8 *) (pfirst->data);
1389 sublen = get_unaligned_le16(dptr);
1390 chan = SDPCM_PACKET_CHANNEL(&dptr[SDPCM_FRAMETAG_LEN]);
1391 seq = SDPCM_PACKET_SEQUENCE(&dptr[SDPCM_FRAMETAG_LEN]);
1392 doff = SDPCM_DOFFSET_VALUE(&dptr[SDPCM_FRAMETAG_LEN]);
1394 brcmf_dbg(GLOM, "Get subframe %d, %p(%p/%d), sublen %d chan %d seq %d\n",
1395 num, pfirst, pfirst->data,
1396 pfirst->len, sublen, chan, seq);
1398 /* precondition: chan == SDPCM_DATA_CHANNEL ||
1399 chan == SDPCM_EVENT_CHANNEL */
1402 brcmf_dbg(GLOM, "rx_seq %d, expected %d\n",
1404 bus->sdcnt.rx_badseq++;
1409 brcmf_dbg_hex_dump(BRCMF_BYTES_ON() && BRCMF_DATA_ON(),
1410 dptr, dlen, "Rx Subframe Data:\n");
1412 __skb_trim(pfirst, sublen);
1413 skb_pull(pfirst, doff);
1415 if (pfirst->len == 0) {
1416 skb_unlink(pfirst, &bus->glom);
1417 brcmu_pkt_buf_free_skb(pfirst);
1419 } else if (brcmf_proto_hdrpull(bus->sdiodev->dev,
1420 &ifidx, pfirst) != 0) {
1421 brcmf_dbg(ERROR, "rx protocol error\n");
1422 bus->sdiodev->bus_if->dstats.rx_errors++;
1423 skb_unlink(pfirst, &bus->glom);
1424 brcmu_pkt_buf_free_skb(pfirst);
1428 brcmf_dbg_hex_dump(BRCMF_GLOM_ON(),
1430 min_t(int, pfirst->len, 32),
1431 "subframe %d to stack, %p (%p/%d) nxt/lnk %p/%p\n",
1432 bus->glom.qlen, pfirst, pfirst->data,
1433 pfirst->len, pfirst->next,
1436 /* sent any remaining packets up */
1437 if (bus->glom.qlen) {
1439 brcmf_rx_frame(bus->sdiodev->dev, ifidx, &bus->glom);
1443 bus->sdcnt.rxglomframes++;
1444 bus->sdcnt.rxglompkts += bus->glom.qlen;
1449 static int brcmf_sdbrcm_dcmd_resp_wait(struct brcmf_sdio *bus, uint *condition,
1452 DECLARE_WAITQUEUE(wait, current);
1453 int timeout = msecs_to_jiffies(DCMD_RESP_TIMEOUT);
1455 /* Wait until control frame is available */
1456 add_wait_queue(&bus->dcmd_resp_wait, &wait);
1457 set_current_state(TASK_INTERRUPTIBLE);
1459 while (!(*condition) && (!signal_pending(current) && timeout))
1460 timeout = schedule_timeout(timeout);
1462 if (signal_pending(current))
1465 set_current_state(TASK_RUNNING);
1466 remove_wait_queue(&bus->dcmd_resp_wait, &wait);
1471 static int brcmf_sdbrcm_dcmd_resp_wake(struct brcmf_sdio *bus)
1473 if (waitqueue_active(&bus->dcmd_resp_wait))
1474 wake_up_interruptible(&bus->dcmd_resp_wait);
1479 brcmf_sdbrcm_read_control(struct brcmf_sdio *bus, u8 *hdr, uint len, uint doff)
1485 brcmf_dbg(TRACE, "Enter\n");
1487 /* Set rxctl for frame (w/optional alignment) */
1488 bus->rxctl = bus->rxbuf;
1489 bus->rxctl += BRCMF_FIRSTREAD;
1490 pad = ((unsigned long)bus->rxctl % BRCMF_SDALIGN);
1492 bus->rxctl += (BRCMF_SDALIGN - pad);
1493 bus->rxctl -= BRCMF_FIRSTREAD;
1495 /* Copy the already-read portion over */
1496 memcpy(bus->rxctl, hdr, BRCMF_FIRSTREAD);
1497 if (len <= BRCMF_FIRSTREAD)
1500 /* Raise rdlen to next SDIO block to avoid tail command */
1501 rdlen = len - BRCMF_FIRSTREAD;
1502 if (bus->roundup && bus->blocksize && (rdlen > bus->blocksize)) {
1503 pad = bus->blocksize - (rdlen % bus->blocksize);
1504 if ((pad <= bus->roundup) && (pad < bus->blocksize) &&
1505 ((len + pad) < bus->sdiodev->bus_if->maxctl))
1507 } else if (rdlen % BRCMF_SDALIGN) {
1508 rdlen += BRCMF_SDALIGN - (rdlen % BRCMF_SDALIGN);
1511 /* Satisfy length-alignment requirements */
1512 if (rdlen & (ALIGNMENT - 1))
1513 rdlen = roundup(rdlen, ALIGNMENT);
1515 /* Drop if the read is too big or it exceeds our maximum */
1516 if ((rdlen + BRCMF_FIRSTREAD) > bus->sdiodev->bus_if->maxctl) {
1517 brcmf_dbg(ERROR, "%d-byte control read exceeds %d-byte buffer\n",
1518 rdlen, bus->sdiodev->bus_if->maxctl);
1519 bus->sdiodev->bus_if->dstats.rx_errors++;
1520 brcmf_sdbrcm_rxfail(bus, false, false);
1524 if ((len - doff) > bus->sdiodev->bus_if->maxctl) {
1525 brcmf_dbg(ERROR, "%d-byte ctl frame (%d-byte ctl data) exceeds %d-byte limit\n",
1526 len, len - doff, bus->sdiodev->bus_if->maxctl);
1527 bus->sdiodev->bus_if->dstats.rx_errors++;
1528 bus->sdcnt.rx_toolong++;
1529 brcmf_sdbrcm_rxfail(bus, false, false);
1533 /* Read remainder of frame body into the rxctl buffer */
1534 sdret = brcmf_sdcard_recv_buf(bus->sdiodev,
1535 bus->sdiodev->sbwad,
1537 F2SYNC, (bus->rxctl + BRCMF_FIRSTREAD), rdlen);
1538 bus->sdcnt.f2rxdata++;
1540 /* Control frame failures need retransmission */
1542 brcmf_dbg(ERROR, "read %d control bytes failed: %d\n",
1544 bus->sdcnt.rxc_errors++;
1545 brcmf_sdbrcm_rxfail(bus, true, true);
1551 brcmf_dbg_hex_dump(BRCMF_BYTES_ON() && BRCMF_CTL_ON(),
1552 bus->rxctl, len, "RxCtrl:\n");
1554 /* Point to valid data and indicate its length */
1556 bus->rxlen = len - doff;
1559 /* Awake any waiters */
1560 brcmf_sdbrcm_dcmd_resp_wake(bus);
1563 /* Pad read to blocksize for efficiency */
1564 static void brcmf_pad(struct brcmf_sdio *bus, u16 *pad, u16 *rdlen)
1566 if (bus->roundup && bus->blocksize && *rdlen > bus->blocksize) {
1567 *pad = bus->blocksize - (*rdlen % bus->blocksize);
1568 if (*pad <= bus->roundup && *pad < bus->blocksize &&
1569 *rdlen + *pad + BRCMF_FIRSTREAD < MAX_RX_DATASZ)
1571 } else if (*rdlen % BRCMF_SDALIGN) {
1572 *rdlen += BRCMF_SDALIGN - (*rdlen % BRCMF_SDALIGN);
1577 brcmf_alloc_pkt_and_read(struct brcmf_sdio *bus, u16 rdlen,
1578 struct sk_buff **pkt, u8 **rxbuf)
1580 int sdret; /* Return code from calls */
1582 *pkt = brcmu_pkt_buf_get_skb(rdlen + BRCMF_SDALIGN);
1586 pkt_align(*pkt, rdlen, BRCMF_SDALIGN);
1587 *rxbuf = (u8 *) ((*pkt)->data);
1588 /* Read the entire frame */
1589 sdret = brcmf_sdcard_recv_pkt(bus->sdiodev, bus->sdiodev->sbwad,
1590 SDIO_FUNC_2, F2SYNC, *pkt);
1591 bus->sdcnt.f2rxdata++;
1594 brcmf_dbg(ERROR, "(nextlen): read %d bytes failed: %d\n",
1596 brcmu_pkt_buf_free_skb(*pkt);
1597 bus->sdiodev->bus_if->dstats.rx_errors++;
1598 /* Force retry w/normal header read.
1599 * Don't attempt NAK for
1602 brcmf_sdbrcm_rxfail(bus, true, true);
1607 /* Checks the header */
1609 brcmf_check_rxbuf(struct brcmf_sdio *bus, struct sk_buff *pkt, u8 *rxbuf,
1610 u8 rxseq, u16 nextlen, u16 *len)
1613 bool len_consistent; /* Result of comparing readahead len and
1616 memcpy(bus->rxhdr, rxbuf, SDPCM_HDRLEN);
1618 /* Extract hardware header fields */
1619 *len = get_unaligned_le16(bus->rxhdr);
1620 check = get_unaligned_le16(bus->rxhdr + sizeof(u16));
1622 /* All zeros means readahead info was bad */
1623 if (!(*len | check)) {
1624 brcmf_dbg(INFO, "(nextlen): read zeros in HW header???\n");
1628 /* Validate check bytes */
1629 if ((u16)~(*len ^ check)) {
1630 brcmf_dbg(ERROR, "(nextlen): HW hdr error: nextlen/len/check 0x%04x/0x%04x/0x%04x\n",
1631 nextlen, *len, check);
1632 bus->sdcnt.rx_badhdr++;
1633 brcmf_sdbrcm_rxfail(bus, false, false);
1637 /* Validate frame length */
1638 if (*len < SDPCM_HDRLEN) {
1639 brcmf_dbg(ERROR, "(nextlen): HW hdr length invalid: %d\n",
1644 /* Check for consistency with readahead info */
1645 len_consistent = (nextlen != (roundup(*len, 16) >> 4));
1646 if (len_consistent) {
1647 /* Mismatch, force retry w/normal
1648 header (may be >4K) */
1649 brcmf_dbg(ERROR, "(nextlen): mismatch, nextlen %d len %d rnd %d; expected rxseq %d\n",
1650 nextlen, *len, roundup(*len, 16),
1652 brcmf_sdbrcm_rxfail(bus, true, true);
1659 brcmf_sdbrcm_pktfree2(bus, pkt);
1663 /* Return true if there may be more frames to read */
1665 brcmf_sdbrcm_readframes(struct brcmf_sdio *bus, uint maxframes, bool *finished)
1667 u16 len, check; /* Extracted hardware header fields */
1668 u8 chan, seq, doff; /* Extracted software header fields */
1669 u8 fcbits; /* Extracted fcbits from software header */
1671 struct sk_buff *pkt; /* Packet for event or data frames */
1672 u16 pad; /* Number of pad bytes to read */
1673 u16 rdlen; /* Total number of bytes to read */
1674 u8 rxseq; /* Next sequence number to expect */
1675 uint rxleft = 0; /* Remaining number of frames allowed */
1676 int sdret; /* Return code from calls */
1677 u8 txmax; /* Maximum tx sequence offered */
1680 uint rxcount = 0; /* Total frames read */
1682 brcmf_dbg(TRACE, "Enter\n");
1684 /* Not finished unless we encounter no more frames indication */
1687 for (rxseq = bus->rx_seq, rxleft = maxframes;
1688 !bus->rxskip && rxleft &&
1689 bus->sdiodev->bus_if->state != BRCMF_BUS_DOWN;
1690 rxseq++, rxleft--) {
1692 /* Handle glomming separately */
1693 if (bus->glomd || !skb_queue_empty(&bus->glom)) {
1695 brcmf_dbg(GLOM, "calling rxglom: glomd %p, glom %p\n",
1696 bus->glomd, skb_peek(&bus->glom));
1697 cnt = brcmf_sdbrcm_rxglom(bus, rxseq);
1698 brcmf_dbg(GLOM, "rxglom returned %d\n", cnt);
1700 rxleft = (rxleft > cnt) ? (rxleft - cnt) : 1;
1704 /* Try doing single read if we can */
1706 u16 nextlen = bus->nextlen;
1709 rdlen = len = nextlen << 4;
1710 brcmf_pad(bus, &pad, &rdlen);
1713 * After the frame is received we have to
1714 * distinguish whether it is data
1715 * or non-data frame.
1717 brcmf_alloc_pkt_and_read(bus, rdlen, &pkt, &rxbuf);
1719 /* Give up on data, request rtx of events */
1720 brcmf_dbg(ERROR, "(nextlen): brcmf_alloc_pkt_and_read failed: len %d rdlen %d expected rxseq %d\n",
1725 if (brcmf_check_rxbuf(bus, pkt, rxbuf, rxseq, nextlen,
1729 /* Extract software header fields */
1730 chan = SDPCM_PACKET_CHANNEL(
1731 &bus->rxhdr[SDPCM_FRAMETAG_LEN]);
1732 seq = SDPCM_PACKET_SEQUENCE(
1733 &bus->rxhdr[SDPCM_FRAMETAG_LEN]);
1734 doff = SDPCM_DOFFSET_VALUE(
1735 &bus->rxhdr[SDPCM_FRAMETAG_LEN]);
1736 txmax = SDPCM_WINDOW_VALUE(
1737 &bus->rxhdr[SDPCM_FRAMETAG_LEN]);
1740 bus->rxhdr[SDPCM_FRAMETAG_LEN +
1741 SDPCM_NEXTLEN_OFFSET];
1742 if ((bus->nextlen << 4) > MAX_RX_DATASZ) {
1743 brcmf_dbg(INFO, "(nextlen): got frame w/nextlen too large (%d), seq %d\n",
1748 bus->sdcnt.rx_readahead_cnt++;
1750 /* Handle Flow Control */
1751 fcbits = SDPCM_FCMASK_VALUE(
1752 &bus->rxhdr[SDPCM_FRAMETAG_LEN]);
1754 if (bus->flowcontrol != fcbits) {
1755 if (~bus->flowcontrol & fcbits)
1756 bus->sdcnt.fc_xoff++;
1758 if (bus->flowcontrol & ~fcbits)
1759 bus->sdcnt.fc_xon++;
1761 bus->sdcnt.fc_rcvd++;
1762 bus->flowcontrol = fcbits;
1765 /* Check and update sequence number */
1767 brcmf_dbg(INFO, "(nextlen): rx_seq %d, expected %d\n",
1769 bus->sdcnt.rx_badseq++;
1773 /* Check window for sanity */
1774 if ((u8) (txmax - bus->tx_seq) > 0x40) {
1775 brcmf_dbg(ERROR, "got unlikely tx max %d with tx_seq %d\n",
1776 txmax, bus->tx_seq);
1777 txmax = bus->tx_seq + 2;
1779 bus->tx_max = txmax;
1781 brcmf_dbg_hex_dump(BRCMF_BYTES_ON() && BRCMF_DATA_ON(),
1782 rxbuf, len, "Rx Data:\n");
1783 brcmf_dbg_hex_dump(!(BRCMF_BYTES_ON() &&
1786 bus->rxhdr, SDPCM_HDRLEN,
1789 if (chan == SDPCM_CONTROL_CHANNEL) {
1790 brcmf_dbg(ERROR, "(nextlen): readahead on control packet %d?\n",
1792 /* Force retry w/normal header read */
1794 brcmf_sdbrcm_rxfail(bus, false, true);
1795 brcmf_sdbrcm_pktfree2(bus, pkt);
1799 /* Validate data offset */
1800 if ((doff < SDPCM_HDRLEN) || (doff > len)) {
1801 brcmf_dbg(ERROR, "(nextlen): bad data offset %d: HW len %d min %d\n",
1802 doff, len, SDPCM_HDRLEN);
1803 brcmf_sdbrcm_rxfail(bus, false, false);
1804 brcmf_sdbrcm_pktfree2(bus, pkt);
1808 /* All done with this one -- now deliver the packet */
1812 /* Read frame header (hardware and software) */
1813 sdret = brcmf_sdcard_recv_buf(bus->sdiodev, bus->sdiodev->sbwad,
1814 SDIO_FUNC_2, F2SYNC, bus->rxhdr,
1816 bus->sdcnt.f2rxhdrs++;
1819 brcmf_dbg(ERROR, "RXHEADER FAILED: %d\n", sdret);
1820 bus->sdcnt.rx_hdrfail++;
1821 brcmf_sdbrcm_rxfail(bus, true, true);
1824 brcmf_dbg_hex_dump(BRCMF_BYTES_ON() || BRCMF_HDRS_ON(),
1825 bus->rxhdr, SDPCM_HDRLEN, "RxHdr:\n");
1828 /* Extract hardware header fields */
1829 len = get_unaligned_le16(bus->rxhdr);
1830 check = get_unaligned_le16(bus->rxhdr + sizeof(u16));
1832 /* All zeros means no more frames */
1833 if (!(len | check)) {
1838 /* Validate check bytes */
1839 if ((u16) ~(len ^ check)) {
1840 brcmf_dbg(ERROR, "HW hdr err: len/check 0x%04x/0x%04x\n",
1842 bus->sdcnt.rx_badhdr++;
1843 brcmf_sdbrcm_rxfail(bus, false, false);
1847 /* Validate frame length */
1848 if (len < SDPCM_HDRLEN) {
1849 brcmf_dbg(ERROR, "HW hdr length invalid: %d\n", len);
1853 /* Extract software header fields */
1854 chan = SDPCM_PACKET_CHANNEL(&bus->rxhdr[SDPCM_FRAMETAG_LEN]);
1855 seq = SDPCM_PACKET_SEQUENCE(&bus->rxhdr[SDPCM_FRAMETAG_LEN]);
1856 doff = SDPCM_DOFFSET_VALUE(&bus->rxhdr[SDPCM_FRAMETAG_LEN]);
1857 txmax = SDPCM_WINDOW_VALUE(&bus->rxhdr[SDPCM_FRAMETAG_LEN]);
1859 /* Validate data offset */
1860 if ((doff < SDPCM_HDRLEN) || (doff > len)) {
1861 brcmf_dbg(ERROR, "Bad data offset %d: HW len %d, min %d seq %d\n",
1862 doff, len, SDPCM_HDRLEN, seq);
1863 bus->sdcnt.rx_badhdr++;
1864 brcmf_sdbrcm_rxfail(bus, false, false);
1868 /* Save the readahead length if there is one */
1870 bus->rxhdr[SDPCM_FRAMETAG_LEN + SDPCM_NEXTLEN_OFFSET];
1871 if ((bus->nextlen << 4) > MAX_RX_DATASZ) {
1872 brcmf_dbg(INFO, "(nextlen): got frame w/nextlen too large (%d), seq %d\n",
1877 /* Handle Flow Control */
1878 fcbits = SDPCM_FCMASK_VALUE(&bus->rxhdr[SDPCM_FRAMETAG_LEN]);
1880 if (bus->flowcontrol != fcbits) {
1881 if (~bus->flowcontrol & fcbits)
1882 bus->sdcnt.fc_xoff++;
1884 if (bus->flowcontrol & ~fcbits)
1885 bus->sdcnt.fc_xon++;
1887 bus->sdcnt.fc_rcvd++;
1888 bus->flowcontrol = fcbits;
1891 /* Check and update sequence number */
1893 brcmf_dbg(INFO, "rx_seq %d, expected %d\n", seq, rxseq);
1894 bus->sdcnt.rx_badseq++;
1898 /* Check window for sanity */
1899 if ((u8) (txmax - bus->tx_seq) > 0x40) {
1900 brcmf_dbg(ERROR, "unlikely tx max %d with tx_seq %d\n",
1901 txmax, bus->tx_seq);
1902 txmax = bus->tx_seq + 2;
1904 bus->tx_max = txmax;
1906 /* Call a separate function for control frames */
1907 if (chan == SDPCM_CONTROL_CHANNEL) {
1908 brcmf_sdbrcm_read_control(bus, bus->rxhdr, len, doff);
1912 /* precondition: chan is either SDPCM_DATA_CHANNEL,
1913 SDPCM_EVENT_CHANNEL, SDPCM_TEST_CHANNEL or
1914 SDPCM_GLOM_CHANNEL */
1916 /* Length to read */
1917 rdlen = (len > BRCMF_FIRSTREAD) ? (len - BRCMF_FIRSTREAD) : 0;
1919 /* May pad read to blocksize for efficiency */
1920 if (bus->roundup && bus->blocksize &&
1921 (rdlen > bus->blocksize)) {
1922 pad = bus->blocksize - (rdlen % bus->blocksize);
1923 if ((pad <= bus->roundup) && (pad < bus->blocksize) &&
1924 ((rdlen + pad + BRCMF_FIRSTREAD) < MAX_RX_DATASZ))
1926 } else if (rdlen % BRCMF_SDALIGN) {
1927 rdlen += BRCMF_SDALIGN - (rdlen % BRCMF_SDALIGN);
1930 /* Satisfy length-alignment requirements */
1931 if (rdlen & (ALIGNMENT - 1))
1932 rdlen = roundup(rdlen, ALIGNMENT);
1934 if ((rdlen + BRCMF_FIRSTREAD) > MAX_RX_DATASZ) {
1935 /* Too long -- skip this frame */
1936 brcmf_dbg(ERROR, "too long: len %d rdlen %d\n",
1938 bus->sdiodev->bus_if->dstats.rx_errors++;
1939 bus->sdcnt.rx_toolong++;
1940 brcmf_sdbrcm_rxfail(bus, false, false);
1944 pkt = brcmu_pkt_buf_get_skb(rdlen +
1945 BRCMF_FIRSTREAD + BRCMF_SDALIGN);
1947 /* Give up on data, request rtx of events */
1948 brcmf_dbg(ERROR, "brcmu_pkt_buf_get_skb failed: rdlen %d chan %d\n",
1950 bus->sdiodev->bus_if->dstats.rx_dropped++;
1951 brcmf_sdbrcm_rxfail(bus, false, RETRYCHAN(chan));
1955 /* Leave room for what we already read, and align remainder */
1956 skb_pull(pkt, BRCMF_FIRSTREAD);
1957 pkt_align(pkt, rdlen, BRCMF_SDALIGN);
1959 /* Read the remaining frame data */
1960 sdret = brcmf_sdcard_recv_pkt(bus->sdiodev, bus->sdiodev->sbwad,
1961 SDIO_FUNC_2, F2SYNC, pkt);
1962 bus->sdcnt.f2rxdata++;
1965 brcmf_dbg(ERROR, "read %d %s bytes failed: %d\n", rdlen,
1966 ((chan == SDPCM_EVENT_CHANNEL) ? "event"
1967 : ((chan == SDPCM_DATA_CHANNEL) ? "data"
1969 brcmu_pkt_buf_free_skb(pkt);
1970 bus->sdiodev->bus_if->dstats.rx_errors++;
1971 brcmf_sdbrcm_rxfail(bus, true, RETRYCHAN(chan));
1975 /* Copy the already-read portion */
1976 skb_push(pkt, BRCMF_FIRSTREAD);
1977 memcpy(pkt->data, bus->rxhdr, BRCMF_FIRSTREAD);
1979 brcmf_dbg_hex_dump(BRCMF_BYTES_ON() && BRCMF_DATA_ON(),
1980 pkt->data, len, "Rx Data:\n");
1983 /* Save superframe descriptor and allocate packet frame */
1984 if (chan == SDPCM_GLOM_CHANNEL) {
1985 if (SDPCM_GLOMDESC(&bus->rxhdr[SDPCM_FRAMETAG_LEN])) {
1986 brcmf_dbg(GLOM, "glom descriptor, %d bytes:\n",
1988 brcmf_dbg_hex_dump(BRCMF_GLOM_ON(),
1991 __skb_trim(pkt, len);
1992 skb_pull(pkt, SDPCM_HDRLEN);
1995 brcmf_dbg(ERROR, "%s: glom superframe w/o "
1996 "descriptor!\n", __func__);
1997 brcmf_sdbrcm_rxfail(bus, false, false);
2002 /* Fill in packet len and prio, deliver upward */
2003 __skb_trim(pkt, len);
2004 skb_pull(pkt, doff);
2006 if (pkt->len == 0) {
2007 brcmu_pkt_buf_free_skb(pkt);
2009 } else if (brcmf_proto_hdrpull(bus->sdiodev->dev, &ifidx,
2011 brcmf_dbg(ERROR, "rx protocol error\n");
2012 brcmu_pkt_buf_free_skb(pkt);
2013 bus->sdiodev->bus_if->dstats.rx_errors++;
2017 /* Unlock during rx call */
2019 brcmf_rx_packet(bus->sdiodev->dev, ifidx, pkt);
2022 rxcount = maxframes - rxleft;
2023 /* Message if we hit the limit */
2025 brcmf_dbg(DATA, "hit rx limit of %d frames\n",
2028 brcmf_dbg(DATA, "processed %d frames\n", rxcount);
2029 /* Back off rxseq if awaiting rtx, update rx_seq */
2032 bus->rx_seq = rxseq;
2038 brcmf_sdbrcm_wait_for_event(struct brcmf_sdio *bus, bool *lockvar)
2041 wait_event_interruptible_timeout(bus->ctrl_wait, !*lockvar, HZ * 2);
2047 brcmf_sdbrcm_wait_event_wakeup(struct brcmf_sdio *bus)
2049 if (waitqueue_active(&bus->ctrl_wait))
2050 wake_up_interruptible(&bus->ctrl_wait);
2054 /* Writes a HW/SW header into the packet and sends it. */
2055 /* Assumes: (a) header space already there, (b) caller holds lock */
2056 static int brcmf_sdbrcm_txpkt(struct brcmf_sdio *bus, struct sk_buff *pkt,
2057 uint chan, bool free_pkt)
2063 struct sk_buff *new;
2066 brcmf_dbg(TRACE, "Enter\n");
2068 frame = (u8 *) (pkt->data);
2070 /* Add alignment padding, allocate new packet if needed */
2071 pad = ((unsigned long)frame % BRCMF_SDALIGN);
2073 if (skb_headroom(pkt) < pad) {
2074 brcmf_dbg(INFO, "insufficient headroom %d for %d pad\n",
2075 skb_headroom(pkt), pad);
2076 bus->sdiodev->bus_if->tx_realloc++;
2077 new = brcmu_pkt_buf_get_skb(pkt->len + BRCMF_SDALIGN);
2079 brcmf_dbg(ERROR, "couldn't allocate new %d-byte packet\n",
2080 pkt->len + BRCMF_SDALIGN);
2085 pkt_align(new, pkt->len, BRCMF_SDALIGN);
2086 memcpy(new->data, pkt->data, pkt->len);
2088 brcmu_pkt_buf_free_skb(pkt);
2089 /* free the pkt if canned one is not used */
2092 frame = (u8 *) (pkt->data);
2093 /* precondition: (frame % BRCMF_SDALIGN) == 0) */
2097 frame = (u8 *) (pkt->data);
2098 /* precondition: pad + SDPCM_HDRLEN <= pkt->len */
2099 memset(frame, 0, pad + SDPCM_HDRLEN);
2102 /* precondition: pad < BRCMF_SDALIGN */
2104 /* Hardware tag: 2 byte len followed by 2 byte ~len check (all LE) */
2105 len = (u16) (pkt->len);
2106 *(__le16 *) frame = cpu_to_le16(len);
2107 *(((__le16 *) frame) + 1) = cpu_to_le16(~len);
2109 /* Software tag: channel, sequence number, data offset */
2111 ((chan << SDPCM_CHANNEL_SHIFT) & SDPCM_CHANNEL_MASK) | bus->tx_seq |
2113 SDPCM_HDRLEN) << SDPCM_DOFFSET_SHIFT) & SDPCM_DOFFSET_MASK);
2115 put_unaligned_le32(swheader, frame + SDPCM_FRAMETAG_LEN);
2116 put_unaligned_le32(0, frame + SDPCM_FRAMETAG_LEN + sizeof(swheader));
2119 tx_packets[pkt->priority]++;
2122 brcmf_dbg_hex_dump(BRCMF_BYTES_ON() &&
2123 ((BRCMF_CTL_ON() && chan == SDPCM_CONTROL_CHANNEL) ||
2124 (BRCMF_DATA_ON() && chan != SDPCM_CONTROL_CHANNEL)),
2125 frame, len, "Tx Frame:\n");
2126 brcmf_dbg_hex_dump(!(BRCMF_BYTES_ON() &&
2128 chan == SDPCM_CONTROL_CHANNEL) ||
2130 chan != SDPCM_CONTROL_CHANNEL))) &&
2132 frame, min_t(u16, len, 16), "TxHdr:\n");
2134 /* Raise len to next SDIO block to eliminate tail command */
2135 if (bus->roundup && bus->blocksize && (len > bus->blocksize)) {
2136 u16 pad = bus->blocksize - (len % bus->blocksize);
2137 if ((pad <= bus->roundup) && (pad < bus->blocksize))
2139 } else if (len % BRCMF_SDALIGN) {
2140 len += BRCMF_SDALIGN - (len % BRCMF_SDALIGN);
2143 /* Some controllers have trouble with odd bytes -- round to even */
2144 if (len & (ALIGNMENT - 1))
2145 len = roundup(len, ALIGNMENT);
2147 ret = brcmf_sdcard_send_pkt(bus->sdiodev, bus->sdiodev->sbwad,
2148 SDIO_FUNC_2, F2SYNC, pkt);
2149 bus->sdcnt.f2txdata++;
2152 /* On failure, abort the command and terminate the frame */
2153 brcmf_dbg(INFO, "sdio error %d, abort command and terminate frame\n",
2155 bus->sdcnt.tx_sderrs++;
2157 brcmf_sdcard_abort(bus->sdiodev, SDIO_FUNC_2);
2158 brcmf_sdio_regwb(bus->sdiodev, SBSDIO_FUNC1_FRAMECTRL,
2160 bus->sdcnt.f1regdata++;
2162 for (i = 0; i < 3; i++) {
2164 hi = brcmf_sdio_regrb(bus->sdiodev,
2165 SBSDIO_FUNC1_WFRAMEBCHI, NULL);
2166 lo = brcmf_sdio_regrb(bus->sdiodev,
2167 SBSDIO_FUNC1_WFRAMEBCLO, NULL);
2168 bus->sdcnt.f1regdata += 2;
2169 if ((hi == 0) && (lo == 0))
2175 bus->tx_seq = (bus->tx_seq + 1) % SDPCM_SEQUENCE_WRAP;
2178 /* restore pkt buffer pointer before calling tx complete routine */
2179 skb_pull(pkt, SDPCM_HDRLEN + pad);
2181 brcmf_txcomplete(bus->sdiodev->dev, pkt, ret != 0);
2185 brcmu_pkt_buf_free_skb(pkt);
2190 static uint brcmf_sdbrcm_sendfromq(struct brcmf_sdio *bus, uint maxframes)
2192 struct sk_buff *pkt;
2194 int ret = 0, prec_out;
2199 brcmf_dbg(TRACE, "Enter\n");
2201 tx_prec_map = ~bus->flowcontrol;
2203 /* Send frames until the limit or some other event */
2204 for (cnt = 0; (cnt < maxframes) && data_ok(bus); cnt++) {
2205 spin_lock_bh(&bus->txqlock);
2206 pkt = brcmu_pktq_mdeq(&bus->txq, tx_prec_map, &prec_out);
2208 spin_unlock_bh(&bus->txqlock);
2211 spin_unlock_bh(&bus->txqlock);
2212 datalen = pkt->len - SDPCM_HDRLEN;
2214 ret = brcmf_sdbrcm_txpkt(bus, pkt, SDPCM_DATA_CHANNEL, true);
2216 bus->sdiodev->bus_if->dstats.tx_errors++;
2218 bus->sdiodev->bus_if->dstats.tx_bytes += datalen;
2220 /* In poll mode, need to check for other events */
2221 if (!bus->intr && cnt) {
2222 /* Check device status, signal pending interrupt */
2223 ret = r_sdreg32(bus, &intstatus,
2224 offsetof(struct sdpcmd_regs,
2226 bus->sdcnt.f2txdata++;
2229 if (intstatus & bus->hostintmask)
2234 /* Deflow-control stack if needed */
2235 if (bus->sdiodev->bus_if->drvr_up &&
2236 (bus->sdiodev->bus_if->state == BRCMF_BUS_DATA) &&
2237 bus->txoff && (pktq_len(&bus->txq) < TXLOW)) {
2239 brcmf_txflowcontrol(bus->sdiodev->dev, 0, OFF);
2245 static void brcmf_sdbrcm_bus_stop(struct device *dev)
2247 u32 local_hostintmask;
2250 struct brcmf_bus *bus_if = dev_get_drvdata(dev);
2251 struct brcmf_sdio_dev *sdiodev = bus_if->bus_priv.sdio;
2252 struct brcmf_sdio *bus = sdiodev->bus;
2254 brcmf_dbg(TRACE, "Enter\n");
2256 if (bus->watchdog_tsk) {
2257 send_sig(SIGTERM, bus->watchdog_tsk, 1);
2258 kthread_stop(bus->watchdog_tsk);
2259 bus->watchdog_tsk = NULL;
2262 if (bus->dpc_tsk && bus->dpc_tsk != current) {
2263 send_sig(SIGTERM, bus->dpc_tsk, 1);
2264 kthread_stop(bus->dpc_tsk);
2265 bus->dpc_tsk = NULL;
2272 /* Enable clock for device interrupts */
2273 brcmf_sdbrcm_clkctl(bus, CLK_AVAIL, false);
2275 /* Disable and clear interrupts at the chip level also */
2276 w_sdreg32(bus, 0, offsetof(struct sdpcmd_regs, hostintmask));
2277 local_hostintmask = bus->hostintmask;
2278 bus->hostintmask = 0;
2280 /* Change our idea of bus state */
2281 bus->sdiodev->bus_if->state = BRCMF_BUS_DOWN;
2283 /* Force clocks on backplane to be sure F2 interrupt propagates */
2284 saveclk = brcmf_sdio_regrb(bus->sdiodev,
2285 SBSDIO_FUNC1_CHIPCLKCSR, &err);
2287 brcmf_sdio_regwb(bus->sdiodev, SBSDIO_FUNC1_CHIPCLKCSR,
2288 (saveclk | SBSDIO_FORCE_HT), &err);
2291 brcmf_dbg(ERROR, "Failed to force clock for F2: err %d\n", err);
2293 /* Turn off the bus (F2), free any pending packets */
2294 brcmf_dbg(INTR, "disable SDIO interrupts\n");
2295 brcmf_sdio_regwb(bus->sdiodev, SDIO_CCCR_IOEx, SDIO_FUNC_ENABLE_1,
2298 /* Clear any pending interrupts now that F2 is disabled */
2299 w_sdreg32(bus, local_hostintmask,
2300 offsetof(struct sdpcmd_regs, intstatus));
2302 /* Turn off the backplane clock (only) */
2303 brcmf_sdbrcm_clkctl(bus, CLK_SDONLY, false);
2305 /* Clear the data packet queues */
2306 brcmu_pktq_flush(&bus->txq, true, NULL, NULL);
2308 /* Clear any held glomming stuff */
2310 brcmu_pkt_buf_free_skb(bus->glomd);
2311 brcmf_sdbrcm_free_glom(bus);
2313 /* Clear rx control and wake any waiters */
2315 brcmf_sdbrcm_dcmd_resp_wake(bus);
2317 /* Reset some F2 state stuff */
2318 bus->rxskip = false;
2319 bus->tx_seq = bus->rx_seq = 0;
2324 #ifdef CONFIG_BRCMFMAC_SDIO_OOB
2325 static inline void brcmf_sdbrcm_clrintr(struct brcmf_sdio *bus)
2327 unsigned long flags;
2329 spin_lock_irqsave(&bus->sdiodev->irq_en_lock, flags);
2330 if (!bus->sdiodev->irq_en && !bus->ipend) {
2331 enable_irq(bus->sdiodev->irq);
2332 bus->sdiodev->irq_en = true;
2334 spin_unlock_irqrestore(&bus->sdiodev->irq_en_lock, flags);
2337 static inline void brcmf_sdbrcm_clrintr(struct brcmf_sdio *bus)
2340 #endif /* CONFIG_BRCMFMAC_SDIO_OOB */
2342 static bool brcmf_sdbrcm_dpc(struct brcmf_sdio *bus)
2344 u32 intstatus, newstatus = 0;
2345 uint rxlimit = bus->rxbound; /* Rx frames to read before resched */
2346 uint txlimit = bus->txbound; /* Tx frames to send before resched */
2347 uint framecnt = 0; /* Temporary counter of tx/rx frames */
2348 bool rxdone = true; /* Flag for no more read data */
2349 bool resched = false; /* Flag indicating resched wanted */
2352 brcmf_dbg(TRACE, "Enter\n");
2354 /* Start with leftover status bits */
2355 intstatus = bus->intstatus;
2359 /* If waiting for HTAVAIL, check status */
2360 if (bus->clkstate == CLK_PENDING) {
2361 u8 clkctl, devctl = 0;
2364 /* Check for inconsistent device control */
2365 devctl = brcmf_sdio_regrb(bus->sdiodev,
2366 SBSDIO_DEVICE_CTL, &err);
2368 brcmf_dbg(ERROR, "error reading DEVCTL: %d\n", err);
2369 bus->sdiodev->bus_if->state = BRCMF_BUS_DOWN;
2373 /* Read CSR, if clock on switch to AVAIL, else ignore */
2374 clkctl = brcmf_sdio_regrb(bus->sdiodev,
2375 SBSDIO_FUNC1_CHIPCLKCSR, &err);
2377 brcmf_dbg(ERROR, "error reading CSR: %d\n",
2379 bus->sdiodev->bus_if->state = BRCMF_BUS_DOWN;
2382 brcmf_dbg(INFO, "DPC: PENDING, devctl 0x%02x clkctl 0x%02x\n",
2385 if (SBSDIO_HTAV(clkctl)) {
2386 devctl = brcmf_sdio_regrb(bus->sdiodev,
2387 SBSDIO_DEVICE_CTL, &err);
2389 brcmf_dbg(ERROR, "error reading DEVCTL: %d\n",
2391 bus->sdiodev->bus_if->state = BRCMF_BUS_DOWN;
2393 devctl &= ~SBSDIO_DEVCTL_CA_INT_ONLY;
2394 brcmf_sdio_regwb(bus->sdiodev, SBSDIO_DEVICE_CTL,
2397 brcmf_dbg(ERROR, "error writing DEVCTL: %d\n",
2399 bus->sdiodev->bus_if->state = BRCMF_BUS_DOWN;
2401 bus->clkstate = CLK_AVAIL;
2409 /* Make sure backplane clock is on */
2410 brcmf_sdbrcm_clkctl(bus, CLK_AVAIL, true);
2411 if (bus->clkstate == CLK_PENDING)
2414 /* Pending interrupt indicates new device status */
2417 err = r_sdreg32(bus, &newstatus,
2418 offsetof(struct sdpcmd_regs, intstatus));
2419 bus->sdcnt.f1regdata++;
2422 newstatus &= bus->hostintmask;
2423 bus->fcstate = !!(newstatus & I_HMB_FC_STATE);
2425 err = w_sdreg32(bus, newstatus,
2426 offsetof(struct sdpcmd_regs,
2428 bus->sdcnt.f1regdata++;
2432 /* Merge new bits with previous */
2433 intstatus |= newstatus;
2436 /* Handle flow-control change: read new state in case our ack
2437 * crossed another change interrupt. If change still set, assume
2438 * FC ON for safety, let next loop through do the debounce.
2440 if (intstatus & I_HMB_FC_CHANGE) {
2441 intstatus &= ~I_HMB_FC_CHANGE;
2442 err = w_sdreg32(bus, I_HMB_FC_CHANGE,
2443 offsetof(struct sdpcmd_regs, intstatus));
2445 err = r_sdreg32(bus, &newstatus,
2446 offsetof(struct sdpcmd_regs, intstatus));
2447 bus->sdcnt.f1regdata += 2;
2449 !!(newstatus & (I_HMB_FC_STATE | I_HMB_FC_CHANGE));
2450 intstatus |= (newstatus & bus->hostintmask);
2453 /* Handle host mailbox indication */
2454 if (intstatus & I_HMB_HOST_INT) {
2455 intstatus &= ~I_HMB_HOST_INT;
2456 intstatus |= brcmf_sdbrcm_hostmail(bus);
2459 /* Generally don't ask for these, can get CRC errors... */
2460 if (intstatus & I_WR_OOSYNC) {
2461 brcmf_dbg(ERROR, "Dongle reports WR_OOSYNC\n");
2462 intstatus &= ~I_WR_OOSYNC;
2465 if (intstatus & I_RD_OOSYNC) {
2466 brcmf_dbg(ERROR, "Dongle reports RD_OOSYNC\n");
2467 intstatus &= ~I_RD_OOSYNC;
2470 if (intstatus & I_SBINT) {
2471 brcmf_dbg(ERROR, "Dongle reports SBINT\n");
2472 intstatus &= ~I_SBINT;
2475 /* Would be active due to wake-wlan in gSPI */
2476 if (intstatus & I_CHIPACTIVE) {
2477 brcmf_dbg(INFO, "Dongle reports CHIPACTIVE\n");
2478 intstatus &= ~I_CHIPACTIVE;
2481 /* Ignore frame indications if rxskip is set */
2483 intstatus &= ~I_HMB_FRAME_IND;
2485 /* On frame indication, read available frames */
2486 if (PKT_AVAILABLE()) {
2487 framecnt = brcmf_sdbrcm_readframes(bus, rxlimit, &rxdone);
2488 if (rxdone || bus->rxskip)
2489 intstatus &= ~I_HMB_FRAME_IND;
2490 rxlimit -= min(framecnt, rxlimit);
2493 /* Keep still-pending events for next scheduling */
2494 bus->intstatus = intstatus;
2497 brcmf_sdbrcm_clrintr(bus);
2499 if (data_ok(bus) && bus->ctrl_frame_stat &&
2500 (bus->clkstate == CLK_AVAIL)) {
2503 ret = brcmf_sdcard_send_buf(bus->sdiodev, bus->sdiodev->sbwad,
2504 SDIO_FUNC_2, F2SYNC, (u8 *) bus->ctrl_frame_buf,
2505 (u32) bus->ctrl_frame_len);
2508 /* On failure, abort the command and
2509 terminate the frame */
2510 brcmf_dbg(INFO, "sdio error %d, abort command and terminate frame\n",
2512 bus->sdcnt.tx_sderrs++;
2514 brcmf_sdcard_abort(bus->sdiodev, SDIO_FUNC_2);
2516 brcmf_sdio_regwb(bus->sdiodev, SBSDIO_FUNC1_FRAMECTRL,
2518 bus->sdcnt.f1regdata++;
2520 for (i = 0; i < 3; i++) {
2522 hi = brcmf_sdio_regrb(bus->sdiodev,
2523 SBSDIO_FUNC1_WFRAMEBCHI,
2525 lo = brcmf_sdio_regrb(bus->sdiodev,
2526 SBSDIO_FUNC1_WFRAMEBCLO,
2528 bus->sdcnt.f1regdata += 2;
2529 if ((hi == 0) && (lo == 0))
2535 bus->tx_seq = (bus->tx_seq + 1) % SDPCM_SEQUENCE_WRAP;
2537 brcmf_dbg(INFO, "Return_dpc value is : %d\n", ret);
2538 bus->ctrl_frame_stat = false;
2539 brcmf_sdbrcm_wait_event_wakeup(bus);
2541 /* Send queued frames (limit 1 if rx may still be pending) */
2542 else if ((bus->clkstate == CLK_AVAIL) && !bus->fcstate &&
2543 brcmu_pktq_mlen(&bus->txq, ~bus->flowcontrol) && txlimit
2545 framecnt = rxdone ? txlimit : min(txlimit, bus->txminmax);
2546 framecnt = brcmf_sdbrcm_sendfromq(bus, framecnt);
2547 txlimit -= framecnt;
2550 /* Resched if events or tx frames are pending,
2551 else await next interrupt */
2552 /* On failed register access, all bets are off:
2553 no resched or interrupts */
2554 if ((bus->sdiodev->bus_if->state == BRCMF_BUS_DOWN) || (err != 0)) {
2555 brcmf_dbg(ERROR, "failed backplane access over SDIO, halting operation\n");
2556 bus->sdiodev->bus_if->state = BRCMF_BUS_DOWN;
2558 } else if (bus->clkstate == CLK_PENDING) {
2559 brcmf_dbg(INFO, "rescheduled due to CLK_PENDING awaiting I_CHIPACTIVE interrupt\n");
2561 } else if (bus->intstatus || bus->ipend ||
2562 (!bus->fcstate && brcmu_pktq_mlen(&bus->txq, ~bus->flowcontrol)
2563 && data_ok(bus)) || PKT_AVAILABLE()) {
2567 bus->dpc_sched = resched;
2569 /* If we're done for now, turn off clock request. */
2570 if ((bus->clkstate != CLK_PENDING)
2571 && bus->idletime == BRCMF_IDLE_IMMEDIATE) {
2572 bus->activity = false;
2573 brcmf_sdbrcm_clkctl(bus, CLK_NONE, false);
2581 static inline void brcmf_sdbrcm_adddpctsk(struct brcmf_sdio *bus)
2583 struct list_head *new_hd;
2584 unsigned long flags;
2587 new_hd = kzalloc(sizeof(struct list_head), GFP_ATOMIC);
2589 new_hd = kzalloc(sizeof(struct list_head), GFP_KERNEL);
2593 spin_lock_irqsave(&bus->dpc_tl_lock, flags);
2594 list_add_tail(new_hd, &bus->dpc_tsklst);
2595 spin_unlock_irqrestore(&bus->dpc_tl_lock, flags);
2598 static int brcmf_sdbrcm_dpc_thread(void *data)
2600 struct brcmf_sdio *bus = (struct brcmf_sdio *) data;
2601 struct list_head *cur_hd, *tmp_hd;
2602 unsigned long flags;
2604 allow_signal(SIGTERM);
2605 /* Run until signal received */
2607 if (kthread_should_stop())
2610 if (list_empty(&bus->dpc_tsklst))
2611 if (wait_for_completion_interruptible(&bus->dpc_wait))
2614 spin_lock_irqsave(&bus->dpc_tl_lock, flags);
2615 list_for_each_safe(cur_hd, tmp_hd, &bus->dpc_tsklst) {
2616 spin_unlock_irqrestore(&bus->dpc_tl_lock, flags);
2618 if (bus->sdiodev->bus_if->state == BRCMF_BUS_DOWN) {
2619 /* after stopping the bus, exit thread */
2620 brcmf_sdbrcm_bus_stop(bus->sdiodev->dev);
2621 bus->dpc_tsk = NULL;
2622 spin_lock_irqsave(&bus->dpc_tl_lock, flags);
2626 if (brcmf_sdbrcm_dpc(bus))
2627 brcmf_sdbrcm_adddpctsk(bus);
2629 spin_lock_irqsave(&bus->dpc_tl_lock, flags);
2633 spin_unlock_irqrestore(&bus->dpc_tl_lock, flags);
2638 static int brcmf_sdbrcm_bus_txdata(struct device *dev, struct sk_buff *pkt)
2642 struct brcmf_bus *bus_if = dev_get_drvdata(dev);
2643 struct brcmf_sdio_dev *sdiodev = bus_if->bus_priv.sdio;
2644 struct brcmf_sdio *bus = sdiodev->bus;
2646 brcmf_dbg(TRACE, "Enter\n");
2650 /* Add space for the header */
2651 skb_push(pkt, SDPCM_HDRLEN);
2652 /* precondition: IS_ALIGNED((unsigned long)(pkt->data), 2) */
2654 prec = prio2prec((pkt->priority & PRIOMASK));
2656 /* Check for existing queue, current flow-control,
2657 pending event, or pending clock */
2658 brcmf_dbg(TRACE, "deferring pktq len %d\n", pktq_len(&bus->txq));
2659 bus->sdcnt.fcqueued++;
2661 /* Priority based enq */
2662 spin_lock_bh(&bus->txqlock);
2663 if (!brcmf_c_prec_enq(bus->sdiodev->dev, &bus->txq, pkt, prec)) {
2664 skb_pull(pkt, SDPCM_HDRLEN);
2665 brcmf_txcomplete(bus->sdiodev->dev, pkt, false);
2666 brcmu_pkt_buf_free_skb(pkt);
2667 brcmf_dbg(ERROR, "out of bus->txq !!!\n");
2672 spin_unlock_bh(&bus->txqlock);
2674 if (pktq_len(&bus->txq) >= TXHI) {
2676 brcmf_txflowcontrol(bus->sdiodev->dev, 0, ON);
2680 if (pktq_plen(&bus->txq, prec) > qcount[prec])
2681 qcount[prec] = pktq_plen(&bus->txq, prec);
2683 /* Schedule DPC if needed to send queued packet(s) */
2684 if (!bus->dpc_sched) {
2685 bus->dpc_sched = true;
2687 brcmf_sdbrcm_adddpctsk(bus);
2688 complete(&bus->dpc_wait);
2696 brcmf_sdbrcm_membytes(struct brcmf_sdio *bus, bool write, u32 address, u8 *data,
2703 /* Determine initial transfer parameters */
2704 sdaddr = address & SBSDIO_SB_OFT_ADDR_MASK;
2705 if ((sdaddr + size) & SBSDIO_SBWINDOW_MASK)
2706 dsize = (SBSDIO_SB_OFT_ADDR_LIMIT - sdaddr);
2710 /* Set the backplane window to include the start address */
2711 bcmerror = brcmf_sdcard_set_sbaddr_window(bus->sdiodev, address);
2713 brcmf_dbg(ERROR, "window change failed\n");
2717 /* Do the transfer(s) */
2719 brcmf_dbg(INFO, "%s %d bytes at offset 0x%08x in window 0x%08x\n",
2720 write ? "write" : "read", dsize,
2721 sdaddr, address & SBSDIO_SBWINDOW_MASK);
2722 bcmerror = brcmf_sdcard_rwdata(bus->sdiodev, write,
2723 sdaddr, data, dsize);
2725 brcmf_dbg(ERROR, "membytes transfer failed\n");
2729 /* Adjust for next transfer (if any) */
2734 bcmerror = brcmf_sdcard_set_sbaddr_window(bus->sdiodev,
2737 brcmf_dbg(ERROR, "window change failed\n");
2741 dsize = min_t(uint, SBSDIO_SB_OFT_ADDR_LIMIT, size);
2746 /* Return the window to backplane enumeration space for core access */
2747 if (brcmf_sdcard_set_sbaddr_window(bus->sdiodev, bus->sdiodev->sbwad))
2748 brcmf_dbg(ERROR, "FAILED to set window back to 0x%x\n",
2749 bus->sdiodev->sbwad);
2755 #define CONSOLE_LINE_MAX 192
2757 static int brcmf_sdbrcm_readconsole(struct brcmf_sdio *bus)
2759 struct brcmf_console *c = &bus->console;
2760 u8 line[CONSOLE_LINE_MAX], ch;
2764 /* Don't do anything until FWREADY updates console address */
2765 if (bus->console_addr == 0)
2768 /* Read console log struct */
2769 addr = bus->console_addr + offsetof(struct rte_console, log_le);
2770 rv = brcmf_sdbrcm_membytes(bus, false, addr, (u8 *)&c->log_le,
2775 /* Allocate console buffer (one time only) */
2776 if (c->buf == NULL) {
2777 c->bufsize = le32_to_cpu(c->log_le.buf_size);
2778 c->buf = kmalloc(c->bufsize, GFP_ATOMIC);
2783 idx = le32_to_cpu(c->log_le.idx);
2785 /* Protect against corrupt value */
2786 if (idx > c->bufsize)
2789 /* Skip reading the console buffer if the index pointer
2794 /* Read the console buffer */
2795 addr = le32_to_cpu(c->log_le.buf);
2796 rv = brcmf_sdbrcm_membytes(bus, false, addr, c->buf, c->bufsize);
2800 while (c->last != idx) {
2801 for (n = 0; n < CONSOLE_LINE_MAX - 2; n++) {
2802 if (c->last == idx) {
2803 /* This would output a partial line.
2805 * the buffer pointer and output this
2806 * line next time around.
2811 c->last = c->bufsize - n;
2814 ch = c->buf[c->last];
2815 c->last = (c->last + 1) % c->bufsize;
2822 if (line[n - 1] == '\r')
2825 pr_debug("CONSOLE: %s\n", line);
2834 static int brcmf_tx_frame(struct brcmf_sdio *bus, u8 *frame, u16 len)
2839 bus->ctrl_frame_stat = false;
2840 ret = brcmf_sdcard_send_buf(bus->sdiodev, bus->sdiodev->sbwad,
2841 SDIO_FUNC_2, F2SYNC, frame, len);
2844 /* On failure, abort the command and terminate the frame */
2845 brcmf_dbg(INFO, "sdio error %d, abort command and terminate frame\n",
2847 bus->sdcnt.tx_sderrs++;
2849 brcmf_sdcard_abort(bus->sdiodev, SDIO_FUNC_2);
2851 brcmf_sdio_regwb(bus->sdiodev, SBSDIO_FUNC1_FRAMECTRL,
2853 bus->sdcnt.f1regdata++;
2855 for (i = 0; i < 3; i++) {
2857 hi = brcmf_sdio_regrb(bus->sdiodev,
2858 SBSDIO_FUNC1_WFRAMEBCHI, NULL);
2859 lo = brcmf_sdio_regrb(bus->sdiodev,
2860 SBSDIO_FUNC1_WFRAMEBCLO, NULL);
2861 bus->sdcnt.f1regdata += 2;
2862 if (hi == 0 && lo == 0)
2868 bus->tx_seq = (bus->tx_seq + 1) % SDPCM_SEQUENCE_WRAP;
2874 brcmf_sdbrcm_bus_txctl(struct device *dev, unsigned char *msg, uint msglen)
2882 struct brcmf_bus *bus_if = dev_get_drvdata(dev);
2883 struct brcmf_sdio_dev *sdiodev = bus_if->bus_priv.sdio;
2884 struct brcmf_sdio *bus = sdiodev->bus;
2886 brcmf_dbg(TRACE, "Enter\n");
2888 /* Back the pointer to make a room for bus header */
2889 frame = msg - SDPCM_HDRLEN;
2890 len = (msglen += SDPCM_HDRLEN);
2892 /* Add alignment padding (optional for ctl frames) */
2893 doff = ((unsigned long)frame % BRCMF_SDALIGN);
2898 memset(frame, 0, doff + SDPCM_HDRLEN);
2900 /* precondition: doff < BRCMF_SDALIGN */
2901 doff += SDPCM_HDRLEN;
2903 /* Round send length to next SDIO block */
2904 if (bus->roundup && bus->blocksize && (len > bus->blocksize)) {
2905 u16 pad = bus->blocksize - (len % bus->blocksize);
2906 if ((pad <= bus->roundup) && (pad < bus->blocksize))
2908 } else if (len % BRCMF_SDALIGN) {
2909 len += BRCMF_SDALIGN - (len % BRCMF_SDALIGN);
2912 /* Satisfy length-alignment requirements */
2913 if (len & (ALIGNMENT - 1))
2914 len = roundup(len, ALIGNMENT);
2916 /* precondition: IS_ALIGNED((unsigned long)frame, 2) */
2918 /* Need to lock here to protect txseq and SDIO tx calls */
2923 /* Make sure backplane clock is on */
2924 brcmf_sdbrcm_clkctl(bus, CLK_AVAIL, false);
2926 /* Hardware tag: 2 byte len followed by 2 byte ~len check (all LE) */
2927 *(__le16 *) frame = cpu_to_le16((u16) msglen);
2928 *(((__le16 *) frame) + 1) = cpu_to_le16(~msglen);
2930 /* Software tag: channel, sequence number, data offset */
2932 ((SDPCM_CONTROL_CHANNEL << SDPCM_CHANNEL_SHIFT) &
2934 | bus->tx_seq | ((doff << SDPCM_DOFFSET_SHIFT) &
2935 SDPCM_DOFFSET_MASK);
2936 put_unaligned_le32(swheader, frame + SDPCM_FRAMETAG_LEN);
2937 put_unaligned_le32(0, frame + SDPCM_FRAMETAG_LEN + sizeof(swheader));
2939 if (!data_ok(bus)) {
2940 brcmf_dbg(INFO, "No bus credit bus->tx_max %d, bus->tx_seq %d\n",
2941 bus->tx_max, bus->tx_seq);
2942 bus->ctrl_frame_stat = true;
2944 bus->ctrl_frame_buf = frame;
2945 bus->ctrl_frame_len = len;
2947 brcmf_sdbrcm_wait_for_event(bus, &bus->ctrl_frame_stat);
2949 if (!bus->ctrl_frame_stat) {
2950 brcmf_dbg(INFO, "ctrl_frame_stat == false\n");
2953 brcmf_dbg(INFO, "ctrl_frame_stat == true\n");
2959 brcmf_dbg_hex_dump(BRCMF_BYTES_ON() && BRCMF_CTL_ON(),
2960 frame, len, "Tx Frame:\n");
2961 brcmf_dbg_hex_dump(!(BRCMF_BYTES_ON() && BRCMF_CTL_ON()) &&
2963 frame, min_t(u16, len, 16), "TxHdr:\n");
2966 ret = brcmf_tx_frame(bus, frame, len);
2967 } while (ret < 0 && retries++ < TXRETRIES);
2970 if ((bus->idletime == BRCMF_IDLE_IMMEDIATE) && !bus->dpc_sched) {
2971 bus->activity = false;
2972 brcmf_sdbrcm_clkctl(bus, CLK_NONE, true);
2978 bus->sdcnt.tx_ctlerrs++;
2980 bus->sdcnt.tx_ctlpkts++;
2982 return ret ? -EIO : 0;
2986 static inline bool brcmf_sdio_valid_shared_address(u32 addr)
2988 return !(addr == 0 || ((~addr >> 16) & 0xffff) == (addr & 0xffff));
2991 static int brcmf_sdio_readshared(struct brcmf_sdio *bus,
2992 struct sdpcm_shared *sh)
2997 struct sdpcm_shared_le sh_le;
3000 shaddr = bus->ramsize - 4;
3003 * Read last word in socram to determine
3004 * address of sdpcm_shared structure
3006 rv = brcmf_sdbrcm_membytes(bus, false, shaddr,
3011 addr = le32_to_cpu(addr_le);
3013 brcmf_dbg(INFO, "sdpcm_shared address 0x%08X\n", addr);
3016 * Check if addr is valid.
3017 * NVRAM length at the end of memory should have been overwritten.
3019 if (!brcmf_sdio_valid_shared_address(addr)) {
3020 brcmf_dbg(ERROR, "invalid sdpcm_shared address 0x%08X\n",
3025 /* Read hndrte_shared structure */
3026 rv = brcmf_sdbrcm_membytes(bus, false, addr, (u8 *)&sh_le,
3027 sizeof(struct sdpcm_shared_le));
3032 sh->flags = le32_to_cpu(sh_le.flags);
3033 sh->trap_addr = le32_to_cpu(sh_le.trap_addr);
3034 sh->assert_exp_addr = le32_to_cpu(sh_le.assert_exp_addr);
3035 sh->assert_file_addr = le32_to_cpu(sh_le.assert_file_addr);
3036 sh->assert_line = le32_to_cpu(sh_le.assert_line);
3037 sh->console_addr = le32_to_cpu(sh_le.console_addr);
3038 sh->msgtrace_addr = le32_to_cpu(sh_le.msgtrace_addr);
3040 if ((sh->flags & SDPCM_SHARED_VERSION_MASK) != SDPCM_SHARED_VERSION) {
3042 "sdpcm_shared version mismatch: dhd %d dongle %d\n",
3043 SDPCM_SHARED_VERSION,
3044 sh->flags & SDPCM_SHARED_VERSION_MASK);
3051 static int brcmf_sdio_dump_console(struct brcmf_sdio *bus,
3052 struct sdpcm_shared *sh, char __user *data,
3055 u32 addr, console_ptr, console_size, console_index;
3056 char *conbuf = NULL;
3062 /* obtain console information from device memory */
3063 addr = sh->console_addr + offsetof(struct rte_console, log_le);
3064 rv = brcmf_sdbrcm_membytes(bus, false, addr,
3065 (u8 *)&sh_val, sizeof(u32));
3068 console_ptr = le32_to_cpu(sh_val);
3070 addr = sh->console_addr + offsetof(struct rte_console, log_le.buf_size);
3071 rv = brcmf_sdbrcm_membytes(bus, false, addr,
3072 (u8 *)&sh_val, sizeof(u32));
3075 console_size = le32_to_cpu(sh_val);
3077 addr = sh->console_addr + offsetof(struct rte_console, log_le.idx);
3078 rv = brcmf_sdbrcm_membytes(bus, false, addr,
3079 (u8 *)&sh_val, sizeof(u32));
3082 console_index = le32_to_cpu(sh_val);
3084 /* allocate buffer for console data */
3085 if (console_size <= CONSOLE_BUFFER_MAX)
3086 conbuf = vzalloc(console_size+1);
3091 /* obtain the console data from device */
3092 conbuf[console_size] = '\0';
3093 rv = brcmf_sdbrcm_membytes(bus, false, console_ptr, (u8 *)conbuf,
3098 rv = simple_read_from_buffer(data, count, &pos,
3099 conbuf + console_index,
3100 console_size - console_index);
3105 if (console_index > 0) {
3107 rv = simple_read_from_buffer(data+nbytes, count, &pos,
3108 conbuf, console_index - 1);
3118 static int brcmf_sdio_trap_info(struct brcmf_sdio *bus, struct sdpcm_shared *sh,
3119 char __user *data, size_t count)
3123 struct brcmf_trap_info tr;
3127 if ((sh->flags & SDPCM_SHARED_TRAP) == 0)
3130 error = brcmf_sdbrcm_membytes(bus, false, sh->trap_addr, (u8 *)&tr,
3131 sizeof(struct brcmf_trap_info));
3135 nbytes = brcmf_sdio_dump_console(bus, sh, data, count);
3139 res = scnprintf(buf, sizeof(buf),
3140 "dongle trap info: type 0x%x @ epc 0x%08x\n"
3141 " cpsr 0x%08x spsr 0x%08x sp 0x%08x\n"
3142 " lr 0x%08x pc 0x%08x offset 0x%x\n"
3143 " r0 0x%08x r1 0x%08x r2 0x%08x r3 0x%08x\n"
3144 " r4 0x%08x r5 0x%08x r6 0x%08x r7 0x%08x\n",
3145 le32_to_cpu(tr.type), le32_to_cpu(tr.epc),
3146 le32_to_cpu(tr.cpsr), le32_to_cpu(tr.spsr),
3147 le32_to_cpu(tr.r13), le32_to_cpu(tr.r14),
3148 le32_to_cpu(tr.pc), le32_to_cpu(sh->trap_addr),
3149 le32_to_cpu(tr.r0), le32_to_cpu(tr.r1),
3150 le32_to_cpu(tr.r2), le32_to_cpu(tr.r3),
3151 le32_to_cpu(tr.r4), le32_to_cpu(tr.r5),
3152 le32_to_cpu(tr.r6), le32_to_cpu(tr.r7));
3154 error = simple_read_from_buffer(data+nbytes, count, &pos, buf, res);
3162 static int brcmf_sdio_assert_info(struct brcmf_sdio *bus,
3163 struct sdpcm_shared *sh, char __user *data,
3168 char file[80] = "?";
3169 char expr[80] = "<???>";
3173 if ((sh->flags & SDPCM_SHARED_ASSERT_BUILT) == 0) {
3174 brcmf_dbg(INFO, "firmware not built with -assert\n");
3176 } else if ((sh->flags & SDPCM_SHARED_ASSERT) == 0) {
3177 brcmf_dbg(INFO, "no assert in dongle\n");
3181 if (sh->assert_file_addr != 0) {
3182 error = brcmf_sdbrcm_membytes(bus, false, sh->assert_file_addr,
3187 if (sh->assert_exp_addr != 0) {
3188 error = brcmf_sdbrcm_membytes(bus, false, sh->assert_exp_addr,
3194 res = scnprintf(buf, sizeof(buf),
3195 "dongle assert: %s:%d: assert(%s)\n",
3196 file, sh->assert_line, expr);
3197 return simple_read_from_buffer(data, count, &pos, buf, res);
3200 static int brcmf_sdbrcm_checkdied(struct brcmf_sdio *bus)
3203 struct sdpcm_shared sh;
3206 error = brcmf_sdio_readshared(bus, &sh);
3212 if ((sh.flags & SDPCM_SHARED_ASSERT_BUILT) == 0)
3213 brcmf_dbg(INFO, "firmware not built with -assert\n");
3214 else if (sh.flags & SDPCM_SHARED_ASSERT)
3215 brcmf_dbg(ERROR, "assertion in dongle\n");
3217 if (sh.flags & SDPCM_SHARED_TRAP)
3218 brcmf_dbg(ERROR, "firmware trap in dongle\n");
3223 static int brcmf_sdbrcm_died_dump(struct brcmf_sdio *bus, char __user *data,
3224 size_t count, loff_t *ppos)
3227 struct sdpcm_shared sh;
3235 error = brcmf_sdio_readshared(bus, &sh);
3239 error = brcmf_sdio_assert_info(bus, &sh, data, count);
3244 error = brcmf_sdio_trap_info(bus, &sh, data, count);
3255 static ssize_t brcmf_sdio_forensic_read(struct file *f, char __user *data,
3256 size_t count, loff_t *ppos)
3258 struct brcmf_sdio *bus = f->private_data;
3261 res = brcmf_sdbrcm_died_dump(bus, data, count, ppos);
3264 return (ssize_t)res;
3267 static const struct file_operations brcmf_sdio_forensic_ops = {
3268 .owner = THIS_MODULE,
3269 .open = simple_open,
3270 .read = brcmf_sdio_forensic_read
3273 static void brcmf_sdio_debugfs_create(struct brcmf_sdio *bus)
3275 struct brcmf_pub *drvr = bus->sdiodev->bus_if->drvr;
3276 struct dentry *dentry = brcmf_debugfs_get_devdir(drvr);
3278 if (IS_ERR_OR_NULL(dentry))
3281 debugfs_create_file("forensics", S_IRUGO, dentry, bus,
3282 &brcmf_sdio_forensic_ops);
3283 brcmf_debugfs_create_sdio_count(drvr, &bus->sdcnt);
3286 static int brcmf_sdbrcm_checkdied(struct brcmf_sdio *bus)
3291 static void brcmf_sdio_debugfs_create(struct brcmf_sdio *bus)
3297 brcmf_sdbrcm_bus_rxctl(struct device *dev, unsigned char *msg, uint msglen)
3302 struct brcmf_bus *bus_if = dev_get_drvdata(dev);
3303 struct brcmf_sdio_dev *sdiodev = bus_if->bus_priv.sdio;
3304 struct brcmf_sdio *bus = sdiodev->bus;
3306 brcmf_dbg(TRACE, "Enter\n");
3308 /* Wait until control frame is available */
3309 timeleft = brcmf_sdbrcm_dcmd_resp_wait(bus, &bus->rxlen, &pending);
3313 memcpy(msg, bus->rxctl, min(msglen, rxlen));
3318 brcmf_dbg(CTL, "resumed on rxctl frame, got %d expected %d\n",
3320 } else if (timeleft == 0) {
3321 brcmf_dbg(ERROR, "resumed on timeout\n");
3322 brcmf_sdbrcm_checkdied(bus);
3323 } else if (pending) {
3324 brcmf_dbg(CTL, "cancelled\n");
3325 return -ERESTARTSYS;
3327 brcmf_dbg(CTL, "resumed for unknown reason?\n");
3328 brcmf_sdbrcm_checkdied(bus);
3332 bus->sdcnt.rx_ctlpkts++;
3334 bus->sdcnt.rx_ctlerrs++;
3336 return rxlen ? (int)rxlen : -ETIMEDOUT;
3339 static int brcmf_sdbrcm_write_vars(struct brcmf_sdio *bus)
3346 char *nvram_ularray;
3349 /* Even if there are no vars are to be written, we still
3350 need to set the ramsize. */
3351 varaddr = (bus->ramsize - 4) - bus->varsz;
3354 /* Write the vars list */
3355 bcmerror = brcmf_sdbrcm_membytes(bus, true, varaddr,
3356 bus->vars, bus->varsz);
3358 /* Verify NVRAM bytes */
3359 brcmf_dbg(INFO, "Compare NVRAM dl & ul; varsize=%d\n",
3361 nvram_ularray = kmalloc(bus->varsz, GFP_ATOMIC);
3365 /* Upload image to verify downloaded contents. */
3366 memset(nvram_ularray, 0xaa, bus->varsz);
3368 /* Read the vars list to temp buffer for comparison */
3369 bcmerror = brcmf_sdbrcm_membytes(bus, false, varaddr,
3370 nvram_ularray, bus->varsz);
3372 brcmf_dbg(ERROR, "error %d on reading %d nvram bytes at 0x%08x\n",
3373 bcmerror, bus->varsz, varaddr);
3375 /* Compare the org NVRAM with the one read from RAM */
3376 if (memcmp(bus->vars, nvram_ularray, bus->varsz))
3377 brcmf_dbg(ERROR, "Downloaded NVRAM image is corrupted\n");
3379 brcmf_dbg(ERROR, "Download/Upload/Compare of NVRAM ok\n");
3381 kfree(nvram_ularray);
3385 /* adjust to the user specified RAM */
3386 brcmf_dbg(INFO, "Physical memory size: %d\n", bus->ramsize);
3387 brcmf_dbg(INFO, "Vars are at %d, orig varsize is %d\n",
3388 varaddr, bus->varsz);
3391 * Determine the length token:
3392 * Varsize, converted to words, in lower 16-bits, checksum
3397 varsizew_le = cpu_to_le32(0);
3399 varsizew = bus->varsz / 4;
3400 varsizew = (~varsizew << 16) | (varsizew & 0x0000FFFF);
3401 varsizew_le = cpu_to_le32(varsizew);
3404 brcmf_dbg(INFO, "New varsize is %d, length token=0x%08x\n",
3405 bus->varsz, varsizew);
3407 /* Write the length token to the last word */
3408 bcmerror = brcmf_sdbrcm_membytes(bus, true, (bus->ramsize - 4),
3409 (u8 *)&varsizew_le, 4);
3414 static int brcmf_sdbrcm_download_state(struct brcmf_sdio *bus, bool enter)
3417 struct chip_info *ci = bus->ci;
3419 /* To enter download state, disable ARM and reset SOCRAM.
3420 * To exit download state, simply reset ARM (default is RAM boot).
3423 bus->alp_only = true;
3425 ci->coredisable(bus->sdiodev, ci, BCMA_CORE_ARM_CM3);
3427 ci->resetcore(bus->sdiodev, ci, BCMA_CORE_INTERNAL_MEM);
3429 /* Clear the top bit of memory */
3432 brcmf_sdbrcm_membytes(bus, true, bus->ramsize - 4,
3436 if (!ci->iscoreup(bus->sdiodev, ci, BCMA_CORE_INTERNAL_MEM)) {
3437 brcmf_dbg(ERROR, "SOCRAM core is down after reset?\n");
3442 bcmerror = brcmf_sdbrcm_write_vars(bus);
3444 brcmf_dbg(ERROR, "no vars written to RAM\n");
3448 w_sdreg32(bus, 0xFFFFFFFF,
3449 offsetof(struct sdpcmd_regs, intstatus));
3451 ci->resetcore(bus->sdiodev, ci, BCMA_CORE_ARM_CM3);
3453 /* Allow HT Clock now that the ARM is running. */
3454 bus->alp_only = false;
3456 bus->sdiodev->bus_if->state = BRCMF_BUS_LOAD;
3462 static int brcmf_sdbrcm_get_image(char *buf, int len, struct brcmf_sdio *bus)
3464 if (bus->firmware->size < bus->fw_ptr + len)
3465 len = bus->firmware->size - bus->fw_ptr;
3467 memcpy(buf, &bus->firmware->data[bus->fw_ptr], len);
3472 static int brcmf_sdbrcm_download_code_file(struct brcmf_sdio *bus)
3476 u8 *memblock = NULL, *memptr;
3479 brcmf_dbg(INFO, "Enter\n");
3481 ret = request_firmware(&bus->firmware, BRCMF_SDIO_FW_NAME,
3482 &bus->sdiodev->func[2]->dev);
3484 brcmf_dbg(ERROR, "Fail to request firmware %d\n", ret);
3489 memptr = memblock = kmalloc(MEMBLOCK + BRCMF_SDALIGN, GFP_ATOMIC);
3490 if (memblock == NULL) {
3494 if ((u32)(unsigned long)memblock % BRCMF_SDALIGN)
3495 memptr += (BRCMF_SDALIGN -
3496 ((u32)(unsigned long)memblock % BRCMF_SDALIGN));
3498 /* Download image */
3500 brcmf_sdbrcm_get_image((char *)memptr, MEMBLOCK, bus))) {
3501 ret = brcmf_sdbrcm_membytes(bus, true, offset, memptr, len);
3503 brcmf_dbg(ERROR, "error %d on writing %d membytes at 0x%08x\n",
3504 ret, MEMBLOCK, offset);
3514 release_firmware(bus->firmware);
3521 * ProcessVars:Takes a buffer of "<var>=<value>\n" lines read from a file
3522 * and ending in a NUL.
3523 * Removes carriage returns, empty lines, comment lines, and converts
3525 * Shortens buffer as needed and pads with NULs. End of buffer is marked
3529 static int brcmf_process_nvram_vars(struct brcmf_sdio *bus)
3536 uint buf_len, n, len;
3538 len = bus->firmware->size;
3539 varbuf = vmalloc(len);
3543 memcpy(varbuf, bus->firmware->data, len);
3546 findNewline = false;
3549 for (n = 0; n < len; n++) {
3552 if (varbuf[n] == '\r')
3554 if (findNewline && varbuf[n] != '\n')
3556 findNewline = false;
3557 if (varbuf[n] == '#') {
3561 if (varbuf[n] == '\n') {
3571 buf_len = dp - varbuf;
3572 while (dp < varbuf + n)
3576 /* roundup needed for download to device */
3577 bus->varsz = roundup(buf_len + 1, 4);
3578 bus->vars = kmalloc(bus->varsz, GFP_KERNEL);
3579 if (bus->vars == NULL) {
3585 /* copy the processed variables and add null termination */
3586 memcpy(bus->vars, varbuf, buf_len);
3587 bus->vars[buf_len] = 0;
3593 static int brcmf_sdbrcm_download_nvram(struct brcmf_sdio *bus)
3597 if (bus->sdiodev->bus_if->drvr_up)
3600 ret = request_firmware(&bus->firmware, BRCMF_SDIO_NV_NAME,
3601 &bus->sdiodev->func[2]->dev);
3603 brcmf_dbg(ERROR, "Fail to request nvram %d\n", ret);
3607 ret = brcmf_process_nvram_vars(bus);
3609 release_firmware(bus->firmware);
3614 static int _brcmf_sdbrcm_download_firmware(struct brcmf_sdio *bus)
3618 /* Keep arm in reset */
3619 if (brcmf_sdbrcm_download_state(bus, true)) {
3620 brcmf_dbg(ERROR, "error placing ARM core in reset\n");
3624 /* External image takes precedence if specified */
3625 if (brcmf_sdbrcm_download_code_file(bus)) {
3626 brcmf_dbg(ERROR, "dongle image file download failed\n");
3630 /* External nvram takes precedence if specified */
3631 if (brcmf_sdbrcm_download_nvram(bus))
3632 brcmf_dbg(ERROR, "dongle nvram file download failed\n");
3634 /* Take arm out of reset */
3635 if (brcmf_sdbrcm_download_state(bus, false)) {
3636 brcmf_dbg(ERROR, "error getting out of ARM core reset\n");
3647 brcmf_sdbrcm_download_firmware(struct brcmf_sdio *bus)
3651 /* Download the firmware */
3652 brcmf_sdbrcm_clkctl(bus, CLK_AVAIL, false);
3654 ret = _brcmf_sdbrcm_download_firmware(bus) == 0;
3656 brcmf_sdbrcm_clkctl(bus, CLK_SDONLY, false);
3661 static int brcmf_sdbrcm_bus_init(struct device *dev)
3663 struct brcmf_bus *bus_if = dev_get_drvdata(dev);
3664 struct brcmf_sdio_dev *sdiodev = bus_if->bus_priv.sdio;
3665 struct brcmf_sdio *bus = sdiodev->bus;
3666 unsigned long timeout;
3671 brcmf_dbg(TRACE, "Enter\n");
3673 /* try to download image and nvram to the dongle */
3674 if (bus_if->state == BRCMF_BUS_DOWN) {
3675 if (!(brcmf_sdbrcm_download_firmware(bus)))
3679 if (!bus->sdiodev->bus_if->drvr)
3682 /* Start the watchdog timer */
3683 bus->sdcnt.tickcnt = 0;
3684 brcmf_sdbrcm_wd_timer(bus, BRCMF_WD_POLL_MS);
3688 /* Make sure backplane clock is on, needed to generate F2 interrupt */
3689 brcmf_sdbrcm_clkctl(bus, CLK_AVAIL, false);
3690 if (bus->clkstate != CLK_AVAIL)
3693 /* Force clocks on backplane to be sure F2 interrupt propagates */
3694 saveclk = brcmf_sdio_regrb(bus->sdiodev,
3695 SBSDIO_FUNC1_CHIPCLKCSR, &err);
3697 brcmf_sdio_regwb(bus->sdiodev, SBSDIO_FUNC1_CHIPCLKCSR,
3698 (saveclk | SBSDIO_FORCE_HT), &err);
3701 brcmf_dbg(ERROR, "Failed to force clock for F2: err %d\n", err);
3705 /* Enable function 2 (frame transfers) */
3706 w_sdreg32(bus, SDPCM_PROT_VERSION << SMB_DATA_VERSION_SHIFT,
3707 offsetof(struct sdpcmd_regs, tosbmailboxdata));
3708 enable = (SDIO_FUNC_ENABLE_1 | SDIO_FUNC_ENABLE_2);
3710 brcmf_sdio_regwb(bus->sdiodev, SDIO_CCCR_IOEx, enable, NULL);
3712 timeout = jiffies + msecs_to_jiffies(BRCMF_WAIT_F2RDY);
3714 while (enable != ready) {
3715 ready = brcmf_sdio_regrb(bus->sdiodev,
3716 SDIO_CCCR_IORx, NULL);
3717 if (time_after(jiffies, timeout))
3719 else if (time_after(jiffies, timeout - BRCMF_WAIT_F2RDY + 50))
3720 /* prevent busy waiting if it takes too long */
3721 msleep_interruptible(20);
3724 brcmf_dbg(INFO, "enable 0x%02x, ready 0x%02x\n", enable, ready);
3726 /* If F2 successfully enabled, set core and enable interrupts */
3727 if (ready == enable) {
3728 /* Set up the interrupt mask and enable interrupts */
3729 bus->hostintmask = HOSTINTMASK;
3730 w_sdreg32(bus, bus->hostintmask,
3731 offsetof(struct sdpcmd_regs, hostintmask));
3733 brcmf_sdio_regwb(bus->sdiodev, SBSDIO_WATERMARK, 8, &err);
3735 /* Disable F2 again */
3736 enable = SDIO_FUNC_ENABLE_1;
3737 brcmf_sdio_regwb(bus->sdiodev, SDIO_CCCR_IOEx, enable, NULL);
3741 /* Restore previous clock setting */
3742 brcmf_sdio_regwb(bus->sdiodev, SBSDIO_FUNC1_CHIPCLKCSR, saveclk, &err);
3745 ret = brcmf_sdio_intr_register(bus->sdiodev);
3747 brcmf_dbg(ERROR, "intr register failed:%d\n", ret);
3750 /* If we didn't come up, turn off backplane clock */
3751 if (bus_if->state != BRCMF_BUS_DATA)
3752 brcmf_sdbrcm_clkctl(bus, CLK_NONE, false);
3760 void brcmf_sdbrcm_isr(void *arg)
3762 struct brcmf_sdio *bus = (struct brcmf_sdio *) arg;
3764 brcmf_dbg(TRACE, "Enter\n");
3767 brcmf_dbg(ERROR, "bus is null pointer, exiting\n");
3771 if (bus->sdiodev->bus_if->state == BRCMF_BUS_DOWN) {
3772 brcmf_dbg(ERROR, "bus is down. we have nothing to do\n");
3775 /* Count the interrupt call */
3776 bus->sdcnt.intrcount++;
3779 /* Shouldn't get this interrupt if we're sleeping? */
3780 if (bus->sleeping) {
3781 brcmf_dbg(ERROR, "INTERRUPT WHILE SLEEPING??\n");
3785 /* Disable additional interrupts (is this needed now)? */
3787 brcmf_dbg(ERROR, "isr w/o interrupt configured!\n");
3789 bus->dpc_sched = true;
3791 brcmf_sdbrcm_adddpctsk(bus);
3792 complete(&bus->dpc_wait);
3796 static bool brcmf_sdbrcm_bus_watchdog(struct brcmf_sdio *bus)
3799 struct brcmf_bus *bus_if = dev_get_drvdata(bus->sdiodev->dev);
3802 brcmf_dbg(TIMER, "Enter\n");
3804 /* Ignore the timer if simulating bus down */
3810 /* Poll period: check device if appropriate. */
3811 if (bus->poll && (++bus->polltick >= bus->pollrate)) {
3814 /* Reset poll tick */
3817 /* Check device if no interrupts */
3819 (bus->sdcnt.intrcount == bus->sdcnt.lastintrs)) {
3821 if (!bus->dpc_sched) {
3823 devpend = brcmf_sdio_regrb(bus->sdiodev,
3827 devpend & (INTR_STATUS_FUNC1 |
3831 /* If there is something, make like the ISR and
3834 bus->sdcnt.pollcnt++;
3837 bus->dpc_sched = true;
3839 brcmf_sdbrcm_adddpctsk(bus);
3840 complete(&bus->dpc_wait);
3845 /* Update interrupt tracking */
3846 bus->sdcnt.lastintrs = bus->sdcnt.intrcount;
3849 /* Poll for console output periodically */
3850 if (bus_if->state == BRCMF_BUS_DATA &&
3851 bus->console_interval != 0) {
3852 bus->console.count += BRCMF_WD_POLL_MS;
3853 if (bus->console.count >= bus->console_interval) {
3854 bus->console.count -= bus->console_interval;
3855 /* Make sure backplane clock is on */
3856 brcmf_sdbrcm_clkctl(bus, CLK_AVAIL, false);
3857 if (brcmf_sdbrcm_readconsole(bus) < 0)
3859 bus->console_interval = 0;
3864 /* On idle timeout clear activity flag and/or turn off clock */
3865 if ((bus->idletime > 0) && (bus->clkstate == CLK_AVAIL)) {
3866 if (++bus->idlecount >= bus->idletime) {
3868 if (bus->activity) {
3869 bus->activity = false;
3870 brcmf_sdbrcm_wd_timer(bus, BRCMF_WD_POLL_MS);
3872 brcmf_sdbrcm_clkctl(bus, CLK_NONE, false);
3882 static bool brcmf_sdbrcm_chipmatch(u16 chipid)
3884 if (chipid == BCM4329_CHIP_ID)
3886 if (chipid == BCM4330_CHIP_ID)
3891 static void brcmf_sdbrcm_release_malloc(struct brcmf_sdio *bus)
3893 brcmf_dbg(TRACE, "Enter\n");
3896 bus->rxctl = bus->rxbuf = NULL;
3899 kfree(bus->databuf);
3900 bus->databuf = NULL;
3903 static bool brcmf_sdbrcm_probe_malloc(struct brcmf_sdio *bus)
3905 brcmf_dbg(TRACE, "Enter\n");
3907 if (bus->sdiodev->bus_if->maxctl) {
3909 roundup((bus->sdiodev->bus_if->maxctl + SDPCM_HDRLEN),
3910 ALIGNMENT) + BRCMF_SDALIGN;
3911 bus->rxbuf = kmalloc(bus->rxblen, GFP_ATOMIC);
3916 /* Allocate buffer to receive glomed packet */
3917 bus->databuf = kmalloc(MAX_DATA_BUF, GFP_ATOMIC);
3918 if (!(bus->databuf)) {
3919 /* release rxbuf which was already located as above */
3925 /* Align the buffer */
3926 if ((unsigned long)bus->databuf % BRCMF_SDALIGN)
3927 bus->dataptr = bus->databuf + (BRCMF_SDALIGN -
3928 ((unsigned long)bus->databuf % BRCMF_SDALIGN));
3930 bus->dataptr = bus->databuf;
3939 brcmf_sdbrcm_probe_attach(struct brcmf_sdio *bus, u32 regsva)
3947 bus->alp_only = true;
3949 pr_debug("F1 signature read @0x18000000=0x%4x\n",
3950 brcmf_sdio_regrl(bus->sdiodev, SI_ENUM_BASE, NULL));
3953 * Force PLL off until brcmf_sdio_chip_attach()
3954 * programs PLL control regs
3957 brcmf_sdio_regwb(bus->sdiodev, SBSDIO_FUNC1_CHIPCLKCSR,
3958 BRCMF_INIT_CLKCTL1, &err);
3960 clkctl = brcmf_sdio_regrb(bus->sdiodev,
3961 SBSDIO_FUNC1_CHIPCLKCSR, &err);
3963 if (err || ((clkctl & ~SBSDIO_AVBITS) != BRCMF_INIT_CLKCTL1)) {
3964 brcmf_dbg(ERROR, "ChipClkCSR access: err %d wrote 0x%02x read 0x%02x\n",
3965 err, BRCMF_INIT_CLKCTL1, clkctl);
3969 if (brcmf_sdio_chip_attach(bus->sdiodev, &bus->ci, regsva)) {
3970 brcmf_dbg(ERROR, "brcmf_sdio_chip_attach failed!\n");
3974 if (!brcmf_sdbrcm_chipmatch((u16) bus->ci->chip)) {
3975 brcmf_dbg(ERROR, "unsupported chip: 0x%04x\n", bus->ci->chip);
3979 brcmf_sdio_chip_drivestrengthinit(bus->sdiodev, bus->ci,
3980 SDIO_DRIVE_STRENGTH);
3982 /* Get info on the SOCRAM cores... */
3983 bus->ramsize = bus->ci->ramsize;
3984 if (!(bus->ramsize)) {
3985 brcmf_dbg(ERROR, "failed to find SOCRAM memory!\n");
3989 /* Set core control so an SDIO reset does a backplane reset */
3990 idx = brcmf_sdio_chip_getinfidx(bus->ci, BCMA_CORE_SDIO_DEV);
3991 reg_addr = bus->ci->c_inf[idx].base +
3992 offsetof(struct sdpcmd_regs, corecontrol);
3993 reg_val = brcmf_sdio_regrl(bus->sdiodev, reg_addr, NULL);
3994 brcmf_sdio_regwl(bus->sdiodev, reg_addr, reg_val | CC_BPRESEN, NULL);
3996 brcmu_pktq_init(&bus->txq, (PRIOMASK + 1), TXQLEN);
3998 /* Locate an appropriately-aligned portion of hdrbuf */
3999 bus->rxhdr = (u8 *) roundup((unsigned long)&bus->hdrbuf[0],
4002 /* Set the poll and/or interrupt flags */
4014 static bool brcmf_sdbrcm_probe_init(struct brcmf_sdio *bus)
4016 brcmf_dbg(TRACE, "Enter\n");
4018 /* Disable F2 to clear any intermediate frame state on the dongle */
4019 brcmf_sdio_regwb(bus->sdiodev, SDIO_CCCR_IOEx,
4020 SDIO_FUNC_ENABLE_1, NULL);
4022 bus->sdiodev->bus_if->state = BRCMF_BUS_DOWN;
4023 bus->sleeping = false;
4024 bus->rxflow = false;
4026 /* Done with backplane-dependent accesses, can drop clock... */
4027 brcmf_sdio_regwb(bus->sdiodev, SBSDIO_FUNC1_CHIPCLKCSR, 0, NULL);
4029 /* ...and initialize clock/power states */
4030 bus->clkstate = CLK_SDONLY;
4031 bus->idletime = BRCMF_IDLE_INTERVAL;
4032 bus->idleclock = BRCMF_IDLE_ACTIVE;
4034 /* Query the F2 block size, set roundup accordingly */
4035 bus->blocksize = bus->sdiodev->func[2]->cur_blksize;
4036 bus->roundup = min(max_roundup, bus->blocksize);
4038 /* bus module does not support packet chaining */
4039 bus->use_rxchain = false;
4040 bus->sd_rxchain = false;
4046 brcmf_sdbrcm_watchdog_thread(void *data)
4048 struct brcmf_sdio *bus = (struct brcmf_sdio *)data;
4050 allow_signal(SIGTERM);
4051 /* Run until signal received */
4053 if (kthread_should_stop())
4055 if (!wait_for_completion_interruptible(&bus->watchdog_wait)) {
4056 brcmf_sdbrcm_bus_watchdog(bus);
4057 /* Count the tick for reference */
4058 bus->sdcnt.tickcnt++;
4066 brcmf_sdbrcm_watchdog(unsigned long data)
4068 struct brcmf_sdio *bus = (struct brcmf_sdio *)data;
4070 if (bus->watchdog_tsk) {
4071 complete(&bus->watchdog_wait);
4072 /* Reschedule the watchdog */
4073 if (bus->wd_timer_valid)
4074 mod_timer(&bus->timer,
4075 jiffies + BRCMF_WD_POLL_MS * HZ / 1000);
4079 static void brcmf_sdbrcm_release_dongle(struct brcmf_sdio *bus)
4081 brcmf_dbg(TRACE, "Enter\n");
4084 brcmf_sdbrcm_clkctl(bus, CLK_AVAIL, false);
4085 brcmf_sdbrcm_clkctl(bus, CLK_NONE, false);
4086 brcmf_sdio_chip_detach(&bus->ci);
4087 if (bus->vars && bus->varsz)
4092 brcmf_dbg(TRACE, "Disconnected\n");
4095 /* Detach and free everything */
4096 static void brcmf_sdbrcm_release(struct brcmf_sdio *bus)
4098 brcmf_dbg(TRACE, "Enter\n");
4101 /* De-register interrupt handler */
4102 brcmf_sdio_intr_unregister(bus->sdiodev);
4104 if (bus->sdiodev->bus_if->drvr) {
4105 brcmf_detach(bus->sdiodev->dev);
4106 brcmf_sdbrcm_release_dongle(bus);
4109 brcmf_sdbrcm_release_malloc(bus);
4114 brcmf_dbg(TRACE, "Disconnected\n");
4117 void *brcmf_sdbrcm_probe(u32 regsva, struct brcmf_sdio_dev *sdiodev)
4120 struct brcmf_sdio *bus;
4121 struct brcmf_bus_dcmd *dlst;
4123 u32 dngl_txglomalign;
4126 brcmf_dbg(TRACE, "Enter\n");
4128 /* We make an assumption about address window mappings:
4129 * regsva == SI_ENUM_BASE*/
4131 /* Allocate private bus interface state */
4132 bus = kzalloc(sizeof(struct brcmf_sdio), GFP_ATOMIC);
4136 bus->sdiodev = sdiodev;
4138 skb_queue_head_init(&bus->glom);
4139 bus->txbound = BRCMF_TXBOUND;
4140 bus->rxbound = BRCMF_RXBOUND;
4141 bus->txminmax = BRCMF_TXMINMAX;
4142 bus->tx_seq = SDPCM_SEQUENCE_WRAP - 1;
4143 bus->usebufpool = false; /* Use bufpool if allocated,
4144 else use locally malloced rxbuf */
4146 /* attempt to attach to the dongle */
4147 if (!(brcmf_sdbrcm_probe_attach(bus, regsva))) {
4148 brcmf_dbg(ERROR, "brcmf_sdbrcm_probe_attach failed\n");
4152 spin_lock_init(&bus->txqlock);
4153 init_waitqueue_head(&bus->ctrl_wait);
4154 init_waitqueue_head(&bus->dcmd_resp_wait);
4156 /* Set up the watchdog timer */
4157 init_timer(&bus->timer);
4158 bus->timer.data = (unsigned long)bus;
4159 bus->timer.function = brcmf_sdbrcm_watchdog;
4161 /* Initialize thread based operation and lock */
4162 sema_init(&bus->sdsem, 1);
4164 /* Initialize watchdog thread */
4165 init_completion(&bus->watchdog_wait);
4166 bus->watchdog_tsk = kthread_run(brcmf_sdbrcm_watchdog_thread,
4167 bus, "brcmf_watchdog");
4168 if (IS_ERR(bus->watchdog_tsk)) {
4169 pr_warn("brcmf_watchdog thread failed to start\n");
4170 bus->watchdog_tsk = NULL;
4172 /* Initialize DPC thread */
4173 init_completion(&bus->dpc_wait);
4174 INIT_LIST_HEAD(&bus->dpc_tsklst);
4175 spin_lock_init(&bus->dpc_tl_lock);
4176 bus->dpc_tsk = kthread_run(brcmf_sdbrcm_dpc_thread,
4178 if (IS_ERR(bus->dpc_tsk)) {
4179 pr_warn("brcmf_dpc thread failed to start\n");
4180 bus->dpc_tsk = NULL;
4183 /* Assign bus interface call back */
4184 bus->sdiodev->bus_if->brcmf_bus_stop = brcmf_sdbrcm_bus_stop;
4185 bus->sdiodev->bus_if->brcmf_bus_init = brcmf_sdbrcm_bus_init;
4186 bus->sdiodev->bus_if->brcmf_bus_txdata = brcmf_sdbrcm_bus_txdata;
4187 bus->sdiodev->bus_if->brcmf_bus_txctl = brcmf_sdbrcm_bus_txctl;
4188 bus->sdiodev->bus_if->brcmf_bus_rxctl = brcmf_sdbrcm_bus_rxctl;
4189 /* Attach to the brcmf/OS/network interface */
4190 ret = brcmf_attach(SDPCM_RESERVE, bus->sdiodev->dev);
4192 brcmf_dbg(ERROR, "brcmf_attach failed\n");
4196 /* Allocate buffers */
4197 if (!(brcmf_sdbrcm_probe_malloc(bus))) {
4198 brcmf_dbg(ERROR, "brcmf_sdbrcm_probe_malloc failed\n");
4202 if (!(brcmf_sdbrcm_probe_init(bus))) {
4203 brcmf_dbg(ERROR, "brcmf_sdbrcm_probe_init failed\n");
4207 brcmf_sdio_debugfs_create(bus);
4208 brcmf_dbg(INFO, "completed!!\n");
4210 /* sdio bus core specific dcmd */
4211 idx = brcmf_sdio_chip_getinfidx(bus->ci, BCMA_CORE_SDIO_DEV);
4212 dlst = kzalloc(sizeof(struct brcmf_bus_dcmd), GFP_KERNEL);
4214 if (bus->ci->c_inf[idx].rev < 12) {
4215 /* for sdio core rev < 12, disable txgloming */
4217 dlst->name = "bus:txglom";
4218 dlst->param = (char *)&dngl_txglom;
4219 dlst->param_len = sizeof(u32);
4221 /* otherwise, set txglomalign */
4222 dngl_txglomalign = bus->sdiodev->bus_if->align;
4223 dlst->name = "bus:txglomalign";
4224 dlst->param = (char *)&dngl_txglomalign;
4225 dlst->param_len = sizeof(u32);
4227 list_add(&dlst->list, &bus->sdiodev->bus_if->dcmd_list);
4230 /* if firmware path present try to download and bring up bus */
4231 ret = brcmf_bus_start(bus->sdiodev->dev);
4233 if (ret == -ENOLINK) {
4234 brcmf_dbg(ERROR, "dongle is not responding\n");
4242 brcmf_sdbrcm_release(bus);
4246 void brcmf_sdbrcm_disconnect(void *ptr)
4248 struct brcmf_sdio *bus = (struct brcmf_sdio *)ptr;
4250 brcmf_dbg(TRACE, "Enter\n");
4253 brcmf_sdbrcm_release(bus);
4255 brcmf_dbg(TRACE, "Disconnected\n");
4259 brcmf_sdbrcm_wd_timer(struct brcmf_sdio *bus, uint wdtick)
4261 /* Totally stop the timer */
4262 if (!wdtick && bus->wd_timer_valid) {
4263 del_timer_sync(&bus->timer);
4264 bus->wd_timer_valid = false;
4265 bus->save_ms = wdtick;
4269 /* don't start the wd until fw is loaded */
4270 if (bus->sdiodev->bus_if->state == BRCMF_BUS_DOWN)
4274 if (bus->save_ms != BRCMF_WD_POLL_MS) {
4275 if (bus->wd_timer_valid)
4276 /* Stop timer and restart at new value */
4277 del_timer_sync(&bus->timer);
4279 /* Create timer again when watchdog period is
4280 dynamically changed or in the first instance
4282 bus->timer.expires =
4283 jiffies + BRCMF_WD_POLL_MS * HZ / 1000;
4284 add_timer(&bus->timer);
4287 /* Re arm the timer, at last watchdog period */
4288 mod_timer(&bus->timer,
4289 jiffies + BRCMF_WD_POLL_MS * HZ / 1000);
4292 bus->wd_timer_valid = true;
4293 bus->save_ms = wdtick;
projects / karo-tx-linux.git / blob