1 // SPDX-License-Identifier: GPL-2.0+
2 /*
3  * Copyright (c) 1996, 2003 VIA Networking Technologies, Inc.
4  * All rights reserved.
5  *
6  * Purpose: Handle USB control endpoint
7  *
8  * Author: Warren Hsu
9  *
10  * Date: Mar. 29, 2005
11  *
12  * Functions:
13  *	vnt_control_out - Write variable length bytes to MEM/BB/MAC/EEPROM
14  *	vnt_control_in - Read variable length bytes from MEM/BB/MAC/EEPROM
15  *	vnt_control_out_u8 - Write one byte to MEM/BB/MAC/EEPROM
16  *	vnt_control_in_u8 - Read one byte from MEM/BB/MAC/EEPROM
17  *
18  * Revision History:
19  *      04-05-2004 Jerry Chen: Initial release
20  *      11-24-2004 Warren Hsu: Add ControlvWriteByte,ControlvReadByte,
21  *                             ControlvMaskByte
22  *
23  */
24 
25 #include "rxtx.h"
26 #include "desc.h"
27 #include "device.h"
28 #include "usbpipe.h"
29 #include "mac.h"
30 #include "rf.h"
31 
32 #define USB_CTL_WAIT	500 /* ms */
33 
vnt_control_out(struct vnt_private * priv,u8 request,u16 value,u16 index,u16 length,const u8 * buffer)34 int vnt_control_out(struct vnt_private *priv, u8 request, u16 value,
35 		    u16 index, u16 length, const u8 *buffer)
36 {
37 	int ret = 0;
38 	u8 *usb_buffer;
39 
40 	if (test_bit(DEVICE_FLAGS_DISCONNECTED, &priv->flags)) {
41 		ret = -EINVAL;
42 		goto end;
43 	}
44 
45 	mutex_lock(&priv->usb_lock);
46 
47 	usb_buffer = kmemdup(buffer, length, GFP_KERNEL);
48 	if (!usb_buffer) {
49 		ret = -ENOMEM;
50 		goto end_unlock;
51 	}
52 
53 	ret = usb_control_msg(priv->usb,
54 			      usb_sndctrlpipe(priv->usb, 0),
55 			      request, 0x40, value,
56 			      index, usb_buffer, length, USB_CTL_WAIT);
57 
58 	kfree(usb_buffer);
59 
60 	if (ret == (int)length)
61 		ret = 0;
62 	else
63 		ret = -EIO;
64 
65 end_unlock:
66 	mutex_unlock(&priv->usb_lock);
67 end:
68 	return ret;
69 }
70 
vnt_control_out_u8(struct vnt_private * priv,u8 reg,u8 reg_off,u8 data)71 int vnt_control_out_u8(struct vnt_private *priv, u8 reg, u8 reg_off, u8 data)
72 {
73 	return vnt_control_out(priv, MESSAGE_TYPE_WRITE,
74 			       reg_off, reg, sizeof(u8), &data);
75 }
76 
vnt_control_out_blocks(struct vnt_private * priv,u16 block,u8 reg,u16 length,const u8 * data)77 int vnt_control_out_blocks(struct vnt_private *priv,
78 			   u16 block, u8 reg, u16 length, const u8 *data)
79 {
80 	int ret = 0, i;
81 
82 	for (i = 0; i < length; i += block) {
83 		u16 len = min_t(int, length - i, block);
84 
85 		ret = vnt_control_out(priv, MESSAGE_TYPE_WRITE,
86 				      i, reg, len, data + i);
87 		if (ret)
88 			goto end;
89 	}
90 end:
91 	return ret;
92 }
93 
vnt_control_in(struct vnt_private * priv,u8 request,u16 value,u16 index,u16 length,u8 * buffer)94 int vnt_control_in(struct vnt_private *priv, u8 request, u16 value,
95 		   u16 index, u16 length, u8 *buffer)
96 {
97 	int ret = 0;
98 	u8 *usb_buffer;
99 
100 	if (test_bit(DEVICE_FLAGS_DISCONNECTED, &priv->flags)) {
101 		ret = -EINVAL;
102 		goto end;
103 	}
104 
105 	mutex_lock(&priv->usb_lock);
106 
107 	usb_buffer = kmalloc(length, GFP_KERNEL);
108 	if (!usb_buffer) {
109 		ret = -ENOMEM;
110 		goto end_unlock;
111 	}
112 
113 	ret = usb_control_msg(priv->usb,
114 			      usb_rcvctrlpipe(priv->usb, 0),
115 			      request, 0xc0, value,
116 			      index, usb_buffer, length, USB_CTL_WAIT);
117 
118 	if (ret == length)
119 		memcpy(buffer, usb_buffer, length);
120 
121 	kfree(usb_buffer);
122 
123 	if (ret == (int)length)
124 		ret = 0;
125 	else
126 		ret = -EIO;
127 
128 end_unlock:
129 	mutex_unlock(&priv->usb_lock);
130 end:
131 	return ret;
132 }
133 
vnt_control_in_u8(struct vnt_private * priv,u8 reg,u8 reg_off,u8 * data)134 int vnt_control_in_u8(struct vnt_private *priv, u8 reg, u8 reg_off, u8 *data)
135 {
136 	return vnt_control_in(priv, MESSAGE_TYPE_READ,
137 			      reg_off, reg, sizeof(u8), data);
138 }
139 
vnt_int_report_rate(struct vnt_private * priv,u8 pkt_no,u8 tsr)140 static int vnt_int_report_rate(struct vnt_private *priv, u8 pkt_no, u8 tsr)
141 {
142 	struct vnt_usb_send_context *context;
143 	struct ieee80211_tx_info *info;
144 	u8 tx_retry = (tsr & 0xf0) >> 4;
145 	s8 idx;
146 
147 	if (pkt_no >= priv->num_tx_context)
148 		return -EINVAL;
149 
150 	context = priv->tx_context[pkt_no];
151 
152 	if (!context->skb)
153 		return -EINVAL;
154 
155 	info = IEEE80211_SKB_CB(context->skb);
156 	idx = info->control.rates[0].idx;
157 
158 	ieee80211_tx_info_clear_status(info);
159 
160 	info->status.rates[0].count = tx_retry;
161 
162 	if (!(tsr & TSR_TMO)) {
163 		info->status.rates[0].idx = idx;
164 
165 		if (!(info->flags & IEEE80211_TX_CTL_NO_ACK))
166 			info->flags |= IEEE80211_TX_STAT_ACK;
167 	}
168 
169 	ieee80211_tx_status_irqsafe(priv->hw, context->skb);
170 
171 	context->in_use = false;
172 
173 	return 0;
174 }
175 
vnt_int_process_data(struct vnt_private * priv)176 static void vnt_int_process_data(struct vnt_private *priv)
177 {
178 	struct vnt_interrupt_data *int_data;
179 	struct ieee80211_low_level_stats *low_stats = &priv->low_stats;
180 
181 	dev_dbg(&priv->usb->dev, "---->s_nsInterruptProcessData\n");
182 
183 	int_data = (struct vnt_interrupt_data *)priv->int_buf.data_buf;
184 
185 	if (int_data->tsr0 & TSR_VALID)
186 		vnt_int_report_rate(priv, int_data->pkt0, int_data->tsr0);
187 
188 	if (int_data->tsr1 & TSR_VALID)
189 		vnt_int_report_rate(priv, int_data->pkt1, int_data->tsr1);
190 
191 	if (int_data->tsr2 & TSR_VALID)
192 		vnt_int_report_rate(priv, int_data->pkt2, int_data->tsr2);
193 
194 	if (int_data->tsr3 & TSR_VALID)
195 		vnt_int_report_rate(priv, int_data->pkt3, int_data->tsr3);
196 
197 	if (!int_data->isr0)
198 		return;
199 
200 	if (int_data->isr0 & ISR_BNTX && priv->op_mode == NL80211_IFTYPE_AP)
201 		vnt_schedule_command(priv, WLAN_CMD_BECON_SEND);
202 
203 	priv->current_tsf = le64_to_cpu(int_data->tsf);
204 
205 	low_stats->dot11RTSSuccessCount += int_data->rts_success;
206 	low_stats->dot11RTSFailureCount += int_data->rts_fail;
207 	low_stats->dot11ACKFailureCount += int_data->ack_fail;
208 	low_stats->dot11FCSErrorCount += int_data->fcs_err;
209 }
210 
vnt_start_interrupt_urb_complete(struct urb * urb)211 static void vnt_start_interrupt_urb_complete(struct urb *urb)
212 {
213 	struct vnt_private *priv = urb->context;
214 	int status = urb->status;
215 
216 	switch (status) {
217 	case 0:
218 	case -ETIMEDOUT:
219 		break;
220 	case -ECONNRESET:
221 	case -ENOENT:
222 	case -ESHUTDOWN:
223 		return;
224 	default:
225 		break;
226 	}
227 
228 	if (status)
229 		dev_dbg(&priv->usb->dev, "%s status = %d\n", __func__, status);
230 	else
231 		vnt_int_process_data(priv);
232 
233 	if (!test_bit(DEVICE_FLAGS_DISCONNECTED, &priv->flags))
234 		status = usb_submit_urb(priv->interrupt_urb, GFP_ATOMIC);
235 
236 	if (status)
237 		dev_dbg(&priv->usb->dev, "Submit int URB failed %d\n", status);
238 }
239 
vnt_start_interrupt_urb(struct vnt_private * priv)240 int vnt_start_interrupt_urb(struct vnt_private *priv)
241 {
242 	int ret = 0;
243 
244 	dev_dbg(&priv->usb->dev, "---->Interrupt Polling Thread\n");
245 
246 	usb_fill_int_urb(priv->interrupt_urb,
247 			 priv->usb,
248 			 usb_rcvintpipe(priv->usb, 1),
249 			 priv->int_buf.data_buf,
250 			 MAX_INTERRUPT_SIZE,
251 			 vnt_start_interrupt_urb_complete,
252 			 priv,
253 			 priv->int_interval);
254 
255 	ret = usb_submit_urb(priv->interrupt_urb, GFP_ATOMIC);
256 	if (ret)
257 		dev_dbg(&priv->usb->dev, "Submit int URB failed %d\n", ret);
258 
259 	return ret;
260 }
261 
vnt_rx_data(struct vnt_private * priv,struct vnt_rcb * ptr_rcb,unsigned long bytes_received)262 static int vnt_rx_data(struct vnt_private *priv, struct vnt_rcb *ptr_rcb,
263 		       unsigned long bytes_received)
264 {
265 	struct ieee80211_hw *hw = priv->hw;
266 	struct ieee80211_supported_band *sband;
267 	struct sk_buff *skb;
268 	struct ieee80211_rx_status *rx_status;
269 	struct vnt_rx_header *head;
270 	struct vnt_rx_tail *tail;
271 	u32 frame_size;
272 	int ii;
273 	u16 rx_bitrate, pay_load_with_padding;
274 	u8 rate_idx = 0;
275 	long rx_dbm;
276 
277 	skb = ptr_rcb->skb;
278 	rx_status = IEEE80211_SKB_RXCB(skb);
279 
280 	/* [31:16]RcvByteCount ( not include 4-byte Status ) */
281 	head = (struct vnt_rx_header *)skb->data;
282 	frame_size = head->wbk_status >> 16;
283 	frame_size += 4;
284 
285 	if (bytes_received != frame_size) {
286 		dev_dbg(&priv->usb->dev, "------- WRONG Length 1\n");
287 		return false;
288 	}
289 
290 	if ((bytes_received > 2372) || (bytes_received <= 40)) {
291 		/* Frame Size error drop this packet.*/
292 		dev_dbg(&priv->usb->dev, "------ WRONG Length 2\n");
293 		return false;
294 	}
295 
296 	/* real Frame Size = USBframe_size -4WbkStatus - 4RxStatus */
297 	/* -8TSF - 4RSR - 4SQ3 - ?Padding */
298 
299 	/* if SQ3 the range is 24~27, if no SQ3 the range is 20~23 */
300 
301 	/*Fix hardware bug => PLCP_Length error */
302 	if (((bytes_received - head->pay_load_len) > 27) ||
303 	    ((bytes_received - head->pay_load_len) < 24) ||
304 	    (bytes_received < head->pay_load_len)) {
305 		dev_dbg(&priv->usb->dev, "Wrong PLCP Length %x\n",
306 			head->pay_load_len);
307 		return false;
308 	}
309 
310 	sband = hw->wiphy->bands[hw->conf.chandef.chan->band];
311 	rx_bitrate = head->rx_rate * 5; /* rx_rate * 5 */
312 
313 	for (ii = 0; ii < sband->n_bitrates; ii++) {
314 		if (sband->bitrates[ii].bitrate == rx_bitrate) {
315 			rate_idx = ii;
316 				break;
317 		}
318 	}
319 
320 	if (ii == sband->n_bitrates) {
321 		dev_dbg(&priv->usb->dev, "Wrong Rx Bit Rate %d\n", rx_bitrate);
322 		return false;
323 	}
324 
325 	pay_load_with_padding = ((head->pay_load_len / 4) +
326 		((head->pay_load_len % 4) ? 1 : 0)) * 4;
327 
328 	tail = (struct vnt_rx_tail *)(skb->data +
329 				      sizeof(*head) + pay_load_with_padding);
330 	priv->tsf_time = le64_to_cpu(tail->tsf_time);
331 
332 	if (tail->rsr & (RSR_IVLDTYP | RSR_IVLDLEN))
333 		return false;
334 
335 	vnt_rf_rssi_to_dbm(priv, tail->rssi, &rx_dbm);
336 
337 	priv->bb_pre_ed_rssi = (u8)-rx_dbm + 1;
338 	priv->current_rssi = priv->bb_pre_ed_rssi;
339 
340 	skb_pull(skb, sizeof(*head));
341 	skb_trim(skb, head->pay_load_len);
342 
343 	rx_status->mactime = priv->tsf_time;
344 	rx_status->band = hw->conf.chandef.chan->band;
345 	rx_status->signal = rx_dbm;
346 	rx_status->flag = 0;
347 	rx_status->freq = hw->conf.chandef.chan->center_freq;
348 
349 	if (!(tail->rsr & RSR_CRCOK))
350 		rx_status->flag |= RX_FLAG_FAILED_FCS_CRC;
351 
352 	rx_status->rate_idx = rate_idx;
353 
354 	if (tail->new_rsr & NEWRSR_DECRYPTOK)
355 		rx_status->flag |= RX_FLAG_DECRYPTED;
356 
357 	ieee80211_rx_irqsafe(priv->hw, skb);
358 
359 	return true;
360 }
361 
vnt_submit_rx_urb_complete(struct urb * urb)362 static void vnt_submit_rx_urb_complete(struct urb *urb)
363 {
364 	struct vnt_rcb *rcb = urb->context;
365 	struct vnt_private *priv = rcb->priv;
366 
367 	switch (urb->status) {
368 	case 0:
369 		break;
370 	case -ECONNRESET:
371 	case -ENOENT:
372 	case -ESHUTDOWN:
373 		return;
374 	case -ETIMEDOUT:
375 	default:
376 		dev_dbg(&priv->usb->dev, "BULK In failed %d\n", urb->status);
377 		break;
378 	}
379 
380 	if (urb->actual_length) {
381 		if (vnt_rx_data(priv, rcb, urb->actual_length)) {
382 			rcb->skb = dev_alloc_skb(priv->rx_buf_sz);
383 			if (!rcb->skb)
384 				return;
385 		} else {
386 			skb_push(rcb->skb, skb_headroom(rcb->skb));
387 			skb_trim(rcb->skb, 0);
388 		}
389 
390 		urb->transfer_buffer = skb_put(rcb->skb,
391 					       skb_tailroom(rcb->skb));
392 	}
393 
394 	if (usb_submit_urb(urb, GFP_ATOMIC))
395 		dev_dbg(&priv->usb->dev, "Failed to re submit rx skb\n");
396 }
397 
vnt_submit_rx_urb(struct vnt_private * priv,struct vnt_rcb * rcb)398 int vnt_submit_rx_urb(struct vnt_private *priv, struct vnt_rcb *rcb)
399 {
400 	int ret = 0;
401 	struct urb *urb = rcb->urb;
402 
403 	if (!rcb->skb) {
404 		dev_dbg(&priv->usb->dev, "rcb->skb is null\n");
405 		ret = -EINVAL;
406 		goto end;
407 	}
408 
409 	usb_fill_bulk_urb(urb,
410 			  priv->usb,
411 			  usb_rcvbulkpipe(priv->usb, 2),
412 			  skb_put(rcb->skb, skb_tailroom(rcb->skb)),
413 			  MAX_TOTAL_SIZE_WITH_ALL_HEADERS,
414 			  vnt_submit_rx_urb_complete,
415 			  rcb);
416 
417 	ret = usb_submit_urb(urb, GFP_ATOMIC);
418 	if (ret)
419 		dev_dbg(&priv->usb->dev, "Submit Rx URB failed %d\n", ret);
420 end:
421 	return ret;
422 }
423 
vnt_tx_context_complete(struct urb * urb)424 static void vnt_tx_context_complete(struct urb *urb)
425 {
426 	struct vnt_usb_send_context *context = urb->context;
427 	struct vnt_private *priv = context->priv;
428 
429 	switch (urb->status) {
430 	case 0:
431 		dev_dbg(&priv->usb->dev,
432 			"Write %d bytes\n", urb->actual_length);
433 		break;
434 	case -ECONNRESET:
435 	case -ENOENT:
436 	case -ESHUTDOWN:
437 		context->in_use = false;
438 		return;
439 	case -ETIMEDOUT:
440 	default:
441 		dev_dbg(&priv->usb->dev, "BULK Out failed %d\n", urb->status);
442 		break;
443 	}
444 
445 	if (context->type == CONTEXT_DATA_PACKET)
446 		ieee80211_wake_queues(priv->hw);
447 
448 	if (urb->status || context->type == CONTEXT_BEACON_PACKET) {
449 		if (context->skb)
450 			ieee80211_free_txskb(priv->hw, context->skb);
451 
452 		context->in_use = false;
453 	}
454 }
455 
vnt_tx_context(struct vnt_private * priv,struct vnt_usb_send_context * context,struct sk_buff * skb)456 int vnt_tx_context(struct vnt_private *priv,
457 		   struct vnt_usb_send_context *context,
458 		   struct sk_buff *skb)
459 {
460 	struct vnt_tx_usb_header *usb;
461 	struct urb *urb;
462 	int status;
463 	u16 count = skb->len;
464 
465 	usb = skb_push(skb, sizeof(*usb));
466 	usb->tx_byte_count = cpu_to_le16(count);
467 	usb->pkt_no = context->pkt_no;
468 	usb->type = context->type;
469 
470 	if (test_bit(DEVICE_FLAGS_DISCONNECTED, &priv->flags)) {
471 		context->in_use = false;
472 		return -ENODEV;
473 	}
474 
475 	if (skb->len > MAX_TOTAL_SIZE_WITH_ALL_HEADERS) {
476 		context->in_use = false;
477 		return -E2BIG;
478 	}
479 
480 	urb = usb_alloc_urb(0, GFP_ATOMIC);
481 	if (!urb) {
482 		context->in_use = false;
483 		return -ENOMEM;
484 	}
485 
486 	usb_fill_bulk_urb(urb,
487 			  priv->usb,
488 			  usb_sndbulkpipe(priv->usb, 3),
489 			  skb->data,
490 			  skb->len,
491 			  vnt_tx_context_complete,
492 			  context);
493 
494 	usb_anchor_urb(urb, &priv->tx_submitted);
495 
496 	status = usb_submit_urb(urb, GFP_ATOMIC);
497 	if (status) {
498 		dev_dbg(&priv->usb->dev, "Submit Tx URB failed %d\n", status);
499 		usb_unanchor_urb(urb);
500 		context->in_use = false;
501 	}
502 
503 	usb_free_urb(urb);
504 
505 	return status;
506 }
507