1 /*
2  * Hermes download helper.
3  *
4  * This helper:
5  *  - is capable of writing to the volatile area of the hermes device
6  *  - is currently not capable of writing to non-volatile areas
7  *  - provide helpers to identify and update plugin data
8  *  - is not capable of interpreting a fw image directly. That is up to
9  *    the main card driver.
10  *  - deals with Hermes I devices. It can probably be modified to deal
11  *    with Hermes II devices
12  *
13  * Copyright (C) 2007, David Kilroy
14  *
15  * Plug data code slightly modified from spectrum_cs driver
16  *    Copyright (C) 2002-2005 Pavel Roskin <proski@gnu.org>
17  * Portions based on information in wl_lkm_718 Agere driver
18  *    COPYRIGHT (C) 2001-2004 by Agere Systems Inc. All Rights Reserved
19  *
20  * The contents of this file are subject to the Mozilla Public License
21  * Version 1.1 (the "License"); you may not use this file except in
22  * compliance with the License. You may obtain a copy of the License
23  * at http://www.mozilla.org/MPL/
24  *
25  * Software distributed under the License is distributed on an "AS IS"
26  * basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
27  * the License for the specific language governing rights and
28  * limitations under the License.
29  *
30  * Alternatively, the contents of this file may be used under the
31  * terms of the GNU General Public License version 2 (the "GPL"), in
32  * which case the provisions of the GPL are applicable instead of the
33  * above.  If you wish to allow the use of your version of this file
34  * only under the terms of the GPL and not to allow others to use your
35  * version of this file under the MPL, indicate your decision by
36  * deleting the provisions above and replace them with the notice and
37  * other provisions required by the GPL.  If you do not delete the
38  * provisions above, a recipient may use your version of this file
39  * under either the MPL or the GPL.
40  */
41 
42 #include <linux/module.h>
43 #include <linux/delay.h>
44 #include "hermes.h"
45 #include "hermes_dld.h"
46 
47 #define PFX "hermes_dld: "
48 
49 /* End markers used in dblocks */
50 #define PDI_END		0x00000000	/* End of PDA */
51 #define BLOCK_END	0xFFFFFFFF	/* Last image block */
52 #define TEXT_END	0x1A		/* End of text header */
53 
54 /*
55  * The following structures have little-endian fields denoted by
56  * the leading underscore.  Don't access them directly - use inline
57  * functions defined below.
58  */
59 
60 /*
61  * The binary image to be downloaded consists of series of data blocks.
62  * Each block has the following structure.
63  */
64 struct dblock {
65 	__le32 addr;		/* adapter address where to write the block */
66 	__le16 len;		/* length of the data only, in bytes */
67 	char data[0];		/* data to be written */
68 } __packed;
69 
70 /*
71  * Plug Data References are located in the image after the last data
72  * block.  They refer to areas in the adapter memory where the plug data
73  * items with matching ID should be written.
74  */
75 struct pdr {
76 	__le32 id;		/* record ID */
77 	__le32 addr;		/* adapter address where to write the data */
78 	__le32 len;		/* expected length of the data, in bytes */
79 	char next[0];		/* next PDR starts here */
80 } __packed;
81 
82 /*
83  * Plug Data Items are located in the EEPROM read from the adapter by
84  * primary firmware.  They refer to the device-specific data that should
85  * be plugged into the secondary firmware.
86  */
87 struct pdi {
88 	__le16 len;		/* length of ID and data, in words */
89 	__le16 id;		/* record ID */
90 	char data[0];		/* plug data */
91 } __packed;
92 
93 /*** FW data block access functions ***/
94 
95 static inline u32
dblock_addr(const struct dblock * blk)96 dblock_addr(const struct dblock *blk)
97 {
98 	return le32_to_cpu(blk->addr);
99 }
100 
101 static inline u32
dblock_len(const struct dblock * blk)102 dblock_len(const struct dblock *blk)
103 {
104 	return le16_to_cpu(blk->len);
105 }
106 
107 /*** PDR Access functions ***/
108 
109 static inline u32
pdr_id(const struct pdr * pdr)110 pdr_id(const struct pdr *pdr)
111 {
112 	return le32_to_cpu(pdr->id);
113 }
114 
115 static inline u32
pdr_addr(const struct pdr * pdr)116 pdr_addr(const struct pdr *pdr)
117 {
118 	return le32_to_cpu(pdr->addr);
119 }
120 
121 static inline u32
pdr_len(const struct pdr * pdr)122 pdr_len(const struct pdr *pdr)
123 {
124 	return le32_to_cpu(pdr->len);
125 }
126 
127 /*** PDI Access functions ***/
128 
129 static inline u32
pdi_id(const struct pdi * pdi)130 pdi_id(const struct pdi *pdi)
131 {
132 	return le16_to_cpu(pdi->id);
133 }
134 
135 /* Return length of the data only, in bytes */
136 static inline u32
pdi_len(const struct pdi * pdi)137 pdi_len(const struct pdi *pdi)
138 {
139 	return 2 * (le16_to_cpu(pdi->len) - 1);
140 }
141 
142 /*** Plug Data Functions ***/
143 
144 /*
145  * Scan PDR for the record with the specified RECORD_ID.
146  * If it's not found, return NULL.
147  */
148 static const struct pdr *
hermes_find_pdr(const struct pdr * first_pdr,u32 record_id,const void * end)149 hermes_find_pdr(const struct pdr *first_pdr, u32 record_id, const void *end)
150 {
151 	const struct pdr *pdr = first_pdr;
152 
153 	end -= sizeof(struct pdr);
154 
155 	while (((void *) pdr <= end) &&
156 	       (pdr_id(pdr) != PDI_END)) {
157 		/*
158 		 * PDR area is currently not terminated by PDI_END.
159 		 * It's followed by CRC records, which have the type
160 		 * field where PDR has length.  The type can be 0 or 1.
161 		 */
162 		if (pdr_len(pdr) < 2)
163 			return NULL;
164 
165 		/* If the record ID matches, we are done */
166 		if (pdr_id(pdr) == record_id)
167 			return pdr;
168 
169 		pdr = (struct pdr *) pdr->next;
170 	}
171 	return NULL;
172 }
173 
174 /* Scan production data items for a particular entry */
175 static const struct pdi *
hermes_find_pdi(const struct pdi * first_pdi,u32 record_id,const void * end)176 hermes_find_pdi(const struct pdi *first_pdi, u32 record_id, const void *end)
177 {
178 	const struct pdi *pdi = first_pdi;
179 
180 	end -= sizeof(struct pdi);
181 
182 	while (((void *) pdi <= end) &&
183 	       (pdi_id(pdi) != PDI_END)) {
184 
185 		/* If the record ID matches, we are done */
186 		if (pdi_id(pdi) == record_id)
187 			return pdi;
188 
189 		pdi = (struct pdi *) &pdi->data[pdi_len(pdi)];
190 	}
191 	return NULL;
192 }
193 
194 /* Process one Plug Data Item - find corresponding PDR and plug it */
195 static int
hermes_plug_pdi(hermes_t * hw,const struct pdr * first_pdr,const struct pdi * pdi,const void * pdr_end)196 hermes_plug_pdi(hermes_t *hw, const struct pdr *first_pdr,
197 		const struct pdi *pdi, const void *pdr_end)
198 {
199 	const struct pdr *pdr;
200 
201 	/* Find the PDR corresponding to this PDI */
202 	pdr = hermes_find_pdr(first_pdr, pdi_id(pdi), pdr_end);
203 
204 	/* No match is found, safe to ignore */
205 	if (!pdr)
206 		return 0;
207 
208 	/* Lengths of the data in PDI and PDR must match */
209 	if (pdi_len(pdi) != pdr_len(pdr))
210 		return -EINVAL;
211 
212 	/* do the actual plugging */
213 	hw->ops->program(hw, pdi->data, pdr_addr(pdr), pdi_len(pdi));
214 
215 	return 0;
216 }
217 
218 /* Parse PDA and write the records into the adapter
219  *
220  * Attempt to write every records that is in the specified pda
221  * which also has a valid production data record for the firmware.
222  */
hermes_apply_pda(hermes_t * hw,const char * first_pdr,const void * pdr_end,const __le16 * pda,const void * pda_end)223 int hermes_apply_pda(hermes_t *hw,
224 		     const char *first_pdr,
225 		     const void *pdr_end,
226 		     const __le16 *pda,
227 		     const void *pda_end)
228 {
229 	int ret;
230 	const struct pdi *pdi;
231 	const struct pdr *pdr;
232 
233 	pdr = (const struct pdr *) first_pdr;
234 	pda_end -= sizeof(struct pdi);
235 
236 	/* Go through every PDI and plug them into the adapter */
237 	pdi = (const struct pdi *) (pda + 2);
238 	while (((void *) pdi <= pda_end) &&
239 	       (pdi_id(pdi) != PDI_END)) {
240 		ret = hermes_plug_pdi(hw, pdr, pdi, pdr_end);
241 		if (ret)
242 			return ret;
243 
244 		/* Increment to the next PDI */
245 		pdi = (const struct pdi *) &pdi->data[pdi_len(pdi)];
246 	}
247 	return 0;
248 }
249 
250 /* Identify the total number of bytes in all blocks
251  * including the header data.
252  */
253 size_t
hermes_blocks_length(const char * first_block,const void * end)254 hermes_blocks_length(const char *first_block, const void *end)
255 {
256 	const struct dblock *blk = (const struct dblock *) first_block;
257 	int total_len = 0;
258 	int len;
259 
260 	end -= sizeof(*blk);
261 
262 	/* Skip all blocks to locate Plug Data References
263 	 * (Spectrum CS) */
264 	while (((void *) blk <= end) &&
265 	       (dblock_addr(blk) != BLOCK_END)) {
266 		len = dblock_len(blk);
267 		total_len += sizeof(*blk) + len;
268 		blk = (struct dblock *) &blk->data[len];
269 	}
270 
271 	return total_len;
272 }
273 
274 /*** Hermes programming ***/
275 
276 /* Program the data blocks */
hermes_program(hermes_t * hw,const char * first_block,const void * end)277 int hermes_program(hermes_t *hw, const char *first_block, const void *end)
278 {
279 	const struct dblock *blk;
280 	u32 blkaddr;
281 	u32 blklen;
282 	int err = 0;
283 
284 	blk = (const struct dblock *) first_block;
285 
286 	if ((void *) blk > (end - sizeof(*blk)))
287 		return -EIO;
288 
289 	blkaddr = dblock_addr(blk);
290 	blklen = dblock_len(blk);
291 
292 	while ((blkaddr != BLOCK_END) &&
293 	       (((void *) blk + blklen) <= end)) {
294 		pr_debug(PFX "Programming block of length %d "
295 			 "to address 0x%08x\n", blklen, blkaddr);
296 
297 		err = hw->ops->program(hw, blk->data, blkaddr, blklen);
298 		if (err)
299 			break;
300 
301 		blk = (const struct dblock *) &blk->data[blklen];
302 
303 		if ((void *) blk > (end - sizeof(*blk)))
304 			return -EIO;
305 
306 		blkaddr = dblock_addr(blk);
307 		blklen = dblock_len(blk);
308 	}
309 	return err;
310 }
311 
312 /*** Default plugging data for Hermes I ***/
313 /* Values from wl_lkm_718/hcf/dhf.c */
314 
315 #define DEFINE_DEFAULT_PDR(pid, length, data)				\
316 static const struct {							\
317 	__le16 len;							\
318 	__le16 id;							\
319 	u8 val[length];							\
320 } __packed default_pdr_data_##pid = {			\
321 	cpu_to_le16((sizeof(default_pdr_data_##pid)/			\
322 				sizeof(__le16)) - 1),			\
323 	cpu_to_le16(pid),						\
324 	data								\
325 }
326 
327 #define DEFAULT_PDR(pid) default_pdr_data_##pid
328 
329 /*  HWIF Compatibility */
330 DEFINE_DEFAULT_PDR(0x0005, 10, "\x00\x00\x06\x00\x01\x00\x01\x00\x01\x00");
331 
332 /* PPPPSign */
333 DEFINE_DEFAULT_PDR(0x0108, 4, "\x00\x00\x00\x00");
334 
335 /* PPPPProf */
336 DEFINE_DEFAULT_PDR(0x0109, 10, "\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00");
337 
338 /* Antenna diversity */
339 DEFINE_DEFAULT_PDR(0x0150, 2, "\x00\x3F");
340 
341 /* Modem VCO band Set-up */
342 DEFINE_DEFAULT_PDR(0x0160, 28,
343 		   "\x00\x00\x00\x00\x00\x00\x00\x00"
344 		   "\x00\x00\x00\x00\x00\x00\x00\x00"
345 		   "\x00\x00\x00\x00\x00\x00\x00\x00"
346 		   "\x00\x00\x00\x00");
347 
348 /* Modem Rx Gain Table Values */
349 DEFINE_DEFAULT_PDR(0x0161, 256,
350 		   "\x3F\x01\x3F\01\x3F\x01\x3F\x01"
351 		   "\x3F\x01\x3F\01\x3F\x01\x3F\x01"
352 		   "\x3F\x01\x3F\01\x3F\x01\x3F\x01"
353 		   "\x3F\x01\x3F\01\x3F\x01\x3F\x01"
354 		   "\x3F\x01\x3E\01\x3E\x01\x3D\x01"
355 		   "\x3D\x01\x3C\01\x3C\x01\x3B\x01"
356 		   "\x3B\x01\x3A\01\x3A\x01\x39\x01"
357 		   "\x39\x01\x38\01\x38\x01\x37\x01"
358 		   "\x37\x01\x36\01\x36\x01\x35\x01"
359 		   "\x35\x01\x34\01\x34\x01\x33\x01"
360 		   "\x33\x01\x32\x01\x32\x01\x31\x01"
361 		   "\x31\x01\x30\x01\x30\x01\x7B\x01"
362 		   "\x7B\x01\x7A\x01\x7A\x01\x79\x01"
363 		   "\x79\x01\x78\x01\x78\x01\x77\x01"
364 		   "\x77\x01\x76\x01\x76\x01\x75\x01"
365 		   "\x75\x01\x74\x01\x74\x01\x73\x01"
366 		   "\x73\x01\x72\x01\x72\x01\x71\x01"
367 		   "\x71\x01\x70\x01\x70\x01\x68\x01"
368 		   "\x68\x01\x67\x01\x67\x01\x66\x01"
369 		   "\x66\x01\x65\x01\x65\x01\x57\x01"
370 		   "\x57\x01\x56\x01\x56\x01\x55\x01"
371 		   "\x55\x01\x54\x01\x54\x01\x53\x01"
372 		   "\x53\x01\x52\x01\x52\x01\x51\x01"
373 		   "\x51\x01\x50\x01\x50\x01\x48\x01"
374 		   "\x48\x01\x47\x01\x47\x01\x46\x01"
375 		   "\x46\x01\x45\x01\x45\x01\x44\x01"
376 		   "\x44\x01\x43\x01\x43\x01\x42\x01"
377 		   "\x42\x01\x41\x01\x41\x01\x40\x01"
378 		   "\x40\x01\x40\x01\x40\x01\x40\x01"
379 		   "\x40\x01\x40\x01\x40\x01\x40\x01"
380 		   "\x40\x01\x40\x01\x40\x01\x40\x01"
381 		   "\x40\x01\x40\x01\x40\x01\x40\x01");
382 
383 /* Write PDA according to certain rules.
384  *
385  * For every production data record, look for a previous setting in
386  * the pda, and use that.
387  *
388  * For certain records, use defaults if they are not found in pda.
389  */
hermes_apply_pda_with_defaults(hermes_t * hw,const char * first_pdr,const void * pdr_end,const __le16 * pda,const void * pda_end)390 int hermes_apply_pda_with_defaults(hermes_t *hw,
391 				   const char *first_pdr,
392 				   const void *pdr_end,
393 				   const __le16 *pda,
394 				   const void *pda_end)
395 {
396 	const struct pdr *pdr = (const struct pdr *) first_pdr;
397 	const struct pdi *first_pdi = (const struct pdi *) &pda[2];
398 	const struct pdi *pdi;
399 	const struct pdi *default_pdi = NULL;
400 	const struct pdi *outdoor_pdi;
401 	int record_id;
402 
403 	pdr_end -= sizeof(struct pdr);
404 
405 	while (((void *) pdr <= pdr_end) &&
406 	       (pdr_id(pdr) != PDI_END)) {
407 		/*
408 		 * For spectrum_cs firmwares,
409 		 * PDR area is currently not terminated by PDI_END.
410 		 * It's followed by CRC records, which have the type
411 		 * field where PDR has length.  The type can be 0 or 1.
412 		 */
413 		if (pdr_len(pdr) < 2)
414 			break;
415 		record_id = pdr_id(pdr);
416 
417 		pdi = hermes_find_pdi(first_pdi, record_id, pda_end);
418 		if (pdi)
419 			pr_debug(PFX "Found record 0x%04x at %p\n",
420 				 record_id, pdi);
421 
422 		switch (record_id) {
423 		case 0x110: /* Modem REFDAC values */
424 		case 0x120: /* Modem VGDAC values */
425 			outdoor_pdi = hermes_find_pdi(first_pdi, record_id + 1,
426 						      pda_end);
427 			default_pdi = NULL;
428 			if (outdoor_pdi) {
429 				pdi = outdoor_pdi;
430 				pr_debug(PFX
431 					 "Using outdoor record 0x%04x at %p\n",
432 					 record_id + 1, pdi);
433 			}
434 			break;
435 		case 0x5: /*  HWIF Compatibility */
436 			default_pdi = (struct pdi *) &DEFAULT_PDR(0x0005);
437 			break;
438 		case 0x108: /* PPPPSign */
439 			default_pdi = (struct pdi *) &DEFAULT_PDR(0x0108);
440 			break;
441 		case 0x109: /* PPPPProf */
442 			default_pdi = (struct pdi *) &DEFAULT_PDR(0x0109);
443 			break;
444 		case 0x150: /* Antenna diversity */
445 			default_pdi = (struct pdi *) &DEFAULT_PDR(0x0150);
446 			break;
447 		case 0x160: /* Modem VCO band Set-up */
448 			default_pdi = (struct pdi *) &DEFAULT_PDR(0x0160);
449 			break;
450 		case 0x161: /* Modem Rx Gain Table Values */
451 			default_pdi = (struct pdi *) &DEFAULT_PDR(0x0161);
452 			break;
453 		default:
454 			default_pdi = NULL;
455 			break;
456 		}
457 		if (!pdi && default_pdi) {
458 			/* Use default */
459 			pdi = default_pdi;
460 			pr_debug(PFX "Using default record 0x%04x at %p\n",
461 				 record_id, pdi);
462 		}
463 
464 		if (pdi) {
465 			/* Lengths of the data in PDI and PDR must match */
466 			if ((pdi_len(pdi) == pdr_len(pdr)) &&
467 			    ((void *) pdi->data + pdi_len(pdi) < pda_end)) {
468 				/* do the actual plugging */
469 				hw->ops->program(hw, pdi->data, pdr_addr(pdr),
470 						 pdi_len(pdi));
471 			}
472 		}
473 
474 		pdr++;
475 	}
476 	return 0;
477 }
478