1 /*
2 * Copyright (c) 2010-2011 Atheros Communications Inc.
3 *
4 * Permission to use, copy, modify, and/or distribute this software for any
5 * purpose with or without fee is hereby granted, provided that the above
6 * copyright notice and this permission notice appear in all copies.
7 *
8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15 */
16
17 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
18
19 #include "htc.h"
20
htc_issue_send(struct htc_target * target,struct sk_buff * skb,u16 len,u8 flags,u8 epid)21 static int htc_issue_send(struct htc_target *target, struct sk_buff* skb,
22 u16 len, u8 flags, u8 epid)
23
24 {
25 struct htc_frame_hdr *hdr;
26 struct htc_endpoint *endpoint = &target->endpoint[epid];
27 int status;
28
29 hdr = skb_push(skb, sizeof(struct htc_frame_hdr));
30 hdr->endpoint_id = epid;
31 hdr->flags = flags;
32 hdr->payload_len = cpu_to_be16(len);
33 memset(hdr->control, 0, sizeof(hdr->control));
34
35 status = target->hif->send(target->hif_dev, endpoint->ul_pipeid, skb);
36
37 return status;
38 }
39
get_next_avail_ep(struct htc_endpoint * endpoint)40 static struct htc_endpoint *get_next_avail_ep(struct htc_endpoint *endpoint)
41 {
42 enum htc_endpoint_id avail_epid;
43
44 for (avail_epid = (ENDPOINT_MAX - 1); avail_epid > ENDPOINT0; avail_epid--)
45 if (endpoint[avail_epid].service_id == 0)
46 return &endpoint[avail_epid];
47 return NULL;
48 }
49
service_to_ulpipe(u16 service_id)50 static u8 service_to_ulpipe(u16 service_id)
51 {
52 switch (service_id) {
53 case WMI_CONTROL_SVC:
54 return 4;
55 case WMI_BEACON_SVC:
56 case WMI_CAB_SVC:
57 case WMI_UAPSD_SVC:
58 case WMI_MGMT_SVC:
59 case WMI_DATA_VO_SVC:
60 case WMI_DATA_VI_SVC:
61 case WMI_DATA_BE_SVC:
62 case WMI_DATA_BK_SVC:
63 return 1;
64 default:
65 return 0;
66 }
67 }
68
service_to_dlpipe(u16 service_id)69 static u8 service_to_dlpipe(u16 service_id)
70 {
71 switch (service_id) {
72 case WMI_CONTROL_SVC:
73 return 3;
74 case WMI_BEACON_SVC:
75 case WMI_CAB_SVC:
76 case WMI_UAPSD_SVC:
77 case WMI_MGMT_SVC:
78 case WMI_DATA_VO_SVC:
79 case WMI_DATA_VI_SVC:
80 case WMI_DATA_BE_SVC:
81 case WMI_DATA_BK_SVC:
82 return 2;
83 default:
84 return 0;
85 }
86 }
87
htc_process_target_rdy(struct htc_target * target,void * buf)88 static void htc_process_target_rdy(struct htc_target *target,
89 void *buf)
90 {
91 struct htc_endpoint *endpoint;
92 struct htc_ready_msg *htc_ready_msg = (struct htc_ready_msg *) buf;
93
94 target->credit_size = be16_to_cpu(htc_ready_msg->credit_size);
95
96 endpoint = &target->endpoint[ENDPOINT0];
97 endpoint->service_id = HTC_CTRL_RSVD_SVC;
98 endpoint->max_msglen = HTC_MAX_CONTROL_MESSAGE_LENGTH;
99 atomic_inc(&target->tgt_ready);
100 complete(&target->target_wait);
101 }
102
htc_process_conn_rsp(struct htc_target * target,struct htc_frame_hdr * htc_hdr)103 static void htc_process_conn_rsp(struct htc_target *target,
104 struct htc_frame_hdr *htc_hdr)
105 {
106 struct htc_conn_svc_rspmsg *svc_rspmsg;
107 struct htc_endpoint *endpoint, *tmp_endpoint = NULL;
108 u16 service_id;
109 u16 max_msglen;
110 enum htc_endpoint_id epid, tepid;
111
112 svc_rspmsg = (struct htc_conn_svc_rspmsg *)
113 ((void *) htc_hdr + sizeof(struct htc_frame_hdr));
114
115 if (svc_rspmsg->status == HTC_SERVICE_SUCCESS) {
116 epid = svc_rspmsg->endpoint_id;
117
118 /* Check that the received epid for the endpoint to attach
119 * a new service is valid. ENDPOINT0 can't be used here as it
120 * is already reserved for HTC_CTRL_RSVD_SVC service and thus
121 * should not be modified.
122 */
123 if (epid <= ENDPOINT0 || epid >= ENDPOINT_MAX)
124 return;
125
126 service_id = be16_to_cpu(svc_rspmsg->service_id);
127 max_msglen = be16_to_cpu(svc_rspmsg->max_msg_len);
128 endpoint = &target->endpoint[epid];
129
130 for (tepid = (ENDPOINT_MAX - 1); tepid > ENDPOINT0; tepid--) {
131 tmp_endpoint = &target->endpoint[tepid];
132 if (tmp_endpoint->service_id == service_id) {
133 tmp_endpoint->service_id = 0;
134 break;
135 }
136 }
137
138 if (tepid == ENDPOINT0)
139 return;
140
141 endpoint->service_id = service_id;
142 endpoint->max_txqdepth = tmp_endpoint->max_txqdepth;
143 endpoint->ep_callbacks = tmp_endpoint->ep_callbacks;
144 endpoint->ul_pipeid = tmp_endpoint->ul_pipeid;
145 endpoint->dl_pipeid = tmp_endpoint->dl_pipeid;
146 endpoint->max_msglen = max_msglen;
147 target->conn_rsp_epid = epid;
148 complete(&target->cmd_wait);
149 } else {
150 target->conn_rsp_epid = ENDPOINT_UNUSED;
151 }
152 }
153
htc_config_pipe_credits(struct htc_target * target)154 static int htc_config_pipe_credits(struct htc_target *target)
155 {
156 struct sk_buff *skb;
157 struct htc_config_pipe_msg *cp_msg;
158 int ret;
159 unsigned long time_left;
160
161 skb = alloc_skb(50 + sizeof(struct htc_frame_hdr), GFP_ATOMIC);
162 if (!skb) {
163 dev_err(target->dev, "failed to allocate send buffer\n");
164 return -ENOMEM;
165 }
166 skb_reserve(skb, sizeof(struct htc_frame_hdr));
167
168 cp_msg = skb_put(skb, sizeof(struct htc_config_pipe_msg));
169
170 cp_msg->message_id = cpu_to_be16(HTC_MSG_CONFIG_PIPE_ID);
171 cp_msg->pipe_id = USB_WLAN_TX_PIPE;
172 cp_msg->credits = target->credits;
173
174 target->htc_flags |= HTC_OP_CONFIG_PIPE_CREDITS;
175
176 ret = htc_issue_send(target, skb, skb->len, 0, ENDPOINT0);
177 if (ret)
178 goto err;
179
180 time_left = wait_for_completion_timeout(&target->cmd_wait, HZ);
181 if (!time_left) {
182 dev_err(target->dev, "HTC credit config timeout\n");
183 return -ETIMEDOUT;
184 }
185
186 return 0;
187 err:
188 kfree_skb(skb);
189 return -EINVAL;
190 }
191
htc_setup_complete(struct htc_target * target)192 static int htc_setup_complete(struct htc_target *target)
193 {
194 struct sk_buff *skb;
195 struct htc_comp_msg *comp_msg;
196 int ret = 0;
197 unsigned long time_left;
198
199 skb = alloc_skb(50 + sizeof(struct htc_frame_hdr), GFP_ATOMIC);
200 if (!skb) {
201 dev_err(target->dev, "failed to allocate send buffer\n");
202 return -ENOMEM;
203 }
204 skb_reserve(skb, sizeof(struct htc_frame_hdr));
205
206 comp_msg = skb_put(skb, sizeof(struct htc_comp_msg));
207 comp_msg->msg_id = cpu_to_be16(HTC_MSG_SETUP_COMPLETE_ID);
208
209 target->htc_flags |= HTC_OP_START_WAIT;
210
211 ret = htc_issue_send(target, skb, skb->len, 0, ENDPOINT0);
212 if (ret)
213 goto err;
214
215 time_left = wait_for_completion_timeout(&target->cmd_wait, HZ);
216 if (!time_left) {
217 dev_err(target->dev, "HTC start timeout\n");
218 return -ETIMEDOUT;
219 }
220
221 return 0;
222
223 err:
224 kfree_skb(skb);
225 return -EINVAL;
226 }
227
228 /* HTC APIs */
229
htc_init(struct htc_target * target)230 int htc_init(struct htc_target *target)
231 {
232 int ret;
233
234 ret = htc_config_pipe_credits(target);
235 if (ret)
236 return ret;
237
238 return htc_setup_complete(target);
239 }
240
htc_connect_service(struct htc_target * target,struct htc_service_connreq * service_connreq,enum htc_endpoint_id * conn_rsp_epid)241 int htc_connect_service(struct htc_target *target,
242 struct htc_service_connreq *service_connreq,
243 enum htc_endpoint_id *conn_rsp_epid)
244 {
245 struct sk_buff *skb;
246 struct htc_endpoint *endpoint;
247 struct htc_conn_svc_msg *conn_msg;
248 int ret;
249 unsigned long time_left;
250
251 /* Find an available endpoint */
252 endpoint = get_next_avail_ep(target->endpoint);
253 if (!endpoint) {
254 dev_err(target->dev, "Endpoint is not available for service %d\n",
255 service_connreq->service_id);
256 return -EINVAL;
257 }
258
259 endpoint->service_id = service_connreq->service_id;
260 endpoint->max_txqdepth = service_connreq->max_send_qdepth;
261 endpoint->ul_pipeid = service_to_ulpipe(service_connreq->service_id);
262 endpoint->dl_pipeid = service_to_dlpipe(service_connreq->service_id);
263 endpoint->ep_callbacks = service_connreq->ep_callbacks;
264
265 skb = alloc_skb(sizeof(struct htc_conn_svc_msg) +
266 sizeof(struct htc_frame_hdr), GFP_ATOMIC);
267 if (!skb) {
268 dev_err(target->dev, "Failed to allocate buf to send"
269 "service connect req\n");
270 return -ENOMEM;
271 }
272
273 skb_reserve(skb, sizeof(struct htc_frame_hdr));
274
275 conn_msg = skb_put(skb, sizeof(struct htc_conn_svc_msg));
276 conn_msg->service_id = cpu_to_be16(service_connreq->service_id);
277 conn_msg->msg_id = cpu_to_be16(HTC_MSG_CONNECT_SERVICE_ID);
278 conn_msg->con_flags = cpu_to_be16(service_connreq->con_flags);
279 conn_msg->dl_pipeid = endpoint->dl_pipeid;
280 conn_msg->ul_pipeid = endpoint->ul_pipeid;
281
282 /* To prevent infoleak */
283 conn_msg->svc_meta_len = 0;
284 conn_msg->pad = 0;
285
286 ret = htc_issue_send(target, skb, skb->len, 0, ENDPOINT0);
287 if (ret)
288 goto err;
289
290 time_left = wait_for_completion_timeout(&target->cmd_wait, HZ);
291 if (!time_left) {
292 dev_err(target->dev, "Service connection timeout for: %d\n",
293 service_connreq->service_id);
294 return -ETIMEDOUT;
295 }
296
297 *conn_rsp_epid = target->conn_rsp_epid;
298 return 0;
299 err:
300 kfree_skb(skb);
301 return ret;
302 }
303
htc_send(struct htc_target * target,struct sk_buff * skb)304 int htc_send(struct htc_target *target, struct sk_buff *skb)
305 {
306 struct ath9k_htc_tx_ctl *tx_ctl;
307
308 tx_ctl = HTC_SKB_CB(skb);
309 return htc_issue_send(target, skb, skb->len, 0, tx_ctl->epid);
310 }
311
htc_send_epid(struct htc_target * target,struct sk_buff * skb,enum htc_endpoint_id epid)312 int htc_send_epid(struct htc_target *target, struct sk_buff *skb,
313 enum htc_endpoint_id epid)
314 {
315 return htc_issue_send(target, skb, skb->len, 0, epid);
316 }
317
htc_stop(struct htc_target * target)318 void htc_stop(struct htc_target *target)
319 {
320 target->hif->stop(target->hif_dev);
321 }
322
htc_start(struct htc_target * target)323 void htc_start(struct htc_target *target)
324 {
325 target->hif->start(target->hif_dev);
326 }
327
htc_sta_drain(struct htc_target * target,u8 idx)328 void htc_sta_drain(struct htc_target *target, u8 idx)
329 {
330 target->hif->sta_drain(target->hif_dev, idx);
331 }
332
ath9k_htc_txcompletion_cb(struct htc_target * htc_handle,struct sk_buff * skb,bool txok)333 void ath9k_htc_txcompletion_cb(struct htc_target *htc_handle,
334 struct sk_buff *skb, bool txok)
335 {
336 struct htc_endpoint *endpoint;
337 struct htc_frame_hdr *htc_hdr = NULL;
338
339 if (htc_handle->htc_flags & HTC_OP_CONFIG_PIPE_CREDITS) {
340 complete(&htc_handle->cmd_wait);
341 htc_handle->htc_flags &= ~HTC_OP_CONFIG_PIPE_CREDITS;
342 goto ret;
343 }
344
345 if (htc_handle->htc_flags & HTC_OP_START_WAIT) {
346 complete(&htc_handle->cmd_wait);
347 htc_handle->htc_flags &= ~HTC_OP_START_WAIT;
348 goto ret;
349 }
350
351 if (skb) {
352 htc_hdr = (struct htc_frame_hdr *) skb->data;
353 if (htc_hdr->endpoint_id >= ARRAY_SIZE(htc_handle->endpoint))
354 goto ret;
355 endpoint = &htc_handle->endpoint[htc_hdr->endpoint_id];
356 skb_pull(skb, sizeof(struct htc_frame_hdr));
357
358 if (endpoint->ep_callbacks.tx) {
359 endpoint->ep_callbacks.tx(endpoint->ep_callbacks.priv,
360 skb, htc_hdr->endpoint_id,
361 txok);
362 } else {
363 kfree_skb(skb);
364 }
365 }
366
367 return;
368 ret:
369 kfree_skb(skb);
370 }
371
ath9k_htc_fw_panic_report(struct htc_target * htc_handle,struct sk_buff * skb,u32 len)372 static void ath9k_htc_fw_panic_report(struct htc_target *htc_handle,
373 struct sk_buff *skb, u32 len)
374 {
375 uint32_t *pattern = (uint32_t *)skb->data;
376
377 if (*pattern == 0x33221199 && len >= sizeof(struct htc_panic_bad_vaddr)) {
378 struct htc_panic_bad_vaddr *htc_panic;
379 htc_panic = (struct htc_panic_bad_vaddr *) skb->data;
380 dev_err(htc_handle->dev, "ath: firmware panic! "
381 "exccause: 0x%08x; pc: 0x%08x; badvaddr: 0x%08x.\n",
382 htc_panic->exccause, htc_panic->pc,
383 htc_panic->badvaddr);
384 return;
385 }
386 if (*pattern == 0x33221299) {
387 struct htc_panic_bad_epid *htc_panic;
388 htc_panic = (struct htc_panic_bad_epid *) skb->data;
389 dev_err(htc_handle->dev, "ath: firmware panic! "
390 "bad epid: 0x%08x\n", htc_panic->epid);
391 return;
392 }
393 dev_err(htc_handle->dev, "ath: unknown panic pattern!\n");
394 }
395
396 /*
397 * HTC Messages are handled directly here and the obtained SKB
398 * is freed.
399 *
400 * Service messages (Data, WMI) are passed to the corresponding
401 * endpoint RX handlers, which have to free the SKB.
402 */
ath9k_htc_rx_msg(struct htc_target * htc_handle,struct sk_buff * skb,u32 len,u8 pipe_id)403 void ath9k_htc_rx_msg(struct htc_target *htc_handle,
404 struct sk_buff *skb, u32 len, u8 pipe_id)
405 {
406 struct htc_frame_hdr *htc_hdr;
407 enum htc_endpoint_id epid;
408 struct htc_endpoint *endpoint;
409 __be16 *msg_id;
410
411 if (!htc_handle || !skb)
412 return;
413
414 /* A valid message requires len >= 8.
415 *
416 * sizeof(struct htc_frame_hdr) == 8
417 * sizeof(struct htc_ready_msg) == 8
418 * sizeof(struct htc_panic_bad_vaddr) == 16
419 * sizeof(struct htc_panic_bad_epid) == 8
420 */
421 if (unlikely(len < sizeof(struct htc_frame_hdr)))
422 goto invalid;
423 htc_hdr = (struct htc_frame_hdr *) skb->data;
424 epid = htc_hdr->endpoint_id;
425
426 if (epid == 0x99) {
427 ath9k_htc_fw_panic_report(htc_handle, skb, len);
428 kfree_skb(skb);
429 return;
430 }
431
432 if (epid < 0 || epid >= ENDPOINT_MAX) {
433 invalid:
434 if (pipe_id != USB_REG_IN_PIPE)
435 dev_kfree_skb_any(skb);
436 else
437 kfree_skb(skb);
438 return;
439 }
440
441 if (epid == ENDPOINT0) {
442
443 /* Handle trailer */
444 if (htc_hdr->flags & HTC_FLAGS_RECV_TRAILER) {
445 if (be32_to_cpu(*(__be32 *) skb->data) == 0x00C60000) {
446 /* Move past the Watchdog pattern */
447 htc_hdr = (struct htc_frame_hdr *)(skb->data + 4);
448 len -= 4;
449 }
450 }
451
452 /* Get the message ID */
453 if (unlikely(len < sizeof(struct htc_frame_hdr) + sizeof(__be16)))
454 goto invalid;
455 msg_id = (__be16 *) ((void *) htc_hdr +
456 sizeof(struct htc_frame_hdr));
457
458 /* Now process HTC messages */
459 switch (be16_to_cpu(*msg_id)) {
460 case HTC_MSG_READY_ID:
461 if (unlikely(len < sizeof(struct htc_ready_msg)))
462 goto invalid;
463 htc_process_target_rdy(htc_handle, htc_hdr);
464 break;
465 case HTC_MSG_CONNECT_SERVICE_RESPONSE_ID:
466 if (unlikely(len < sizeof(struct htc_frame_hdr) +
467 sizeof(struct htc_conn_svc_rspmsg)))
468 goto invalid;
469 htc_process_conn_rsp(htc_handle, htc_hdr);
470 break;
471 default:
472 break;
473 }
474
475 kfree_skb(skb);
476
477 } else {
478 if (htc_hdr->flags & HTC_FLAGS_RECV_TRAILER)
479 skb_trim(skb, len - htc_hdr->control[0]);
480
481 skb_pull(skb, sizeof(struct htc_frame_hdr));
482
483 endpoint = &htc_handle->endpoint[epid];
484 if (endpoint->ep_callbacks.rx)
485 endpoint->ep_callbacks.rx(endpoint->ep_callbacks.priv,
486 skb, epid);
487 else
488 goto invalid;
489 }
490 }
491
ath9k_htc_hw_alloc(void * hif_handle,struct ath9k_htc_hif * hif,struct device * dev)492 struct htc_target *ath9k_htc_hw_alloc(void *hif_handle,
493 struct ath9k_htc_hif *hif,
494 struct device *dev)
495 {
496 struct htc_endpoint *endpoint;
497 struct htc_target *target;
498
499 target = kzalloc(sizeof(struct htc_target), GFP_KERNEL);
500 if (!target)
501 return NULL;
502
503 init_completion(&target->target_wait);
504 init_completion(&target->cmd_wait);
505
506 target->hif = hif;
507 target->hif_dev = hif_handle;
508 target->dev = dev;
509
510 /* Assign control endpoint pipe IDs */
511 endpoint = &target->endpoint[ENDPOINT0];
512 endpoint->ul_pipeid = hif->control_ul_pipe;
513 endpoint->dl_pipeid = hif->control_dl_pipe;
514
515 atomic_set(&target->tgt_ready, 0);
516
517 return target;
518 }
519
ath9k_htc_hw_free(struct htc_target * htc)520 void ath9k_htc_hw_free(struct htc_target *htc)
521 {
522 kfree(htc);
523 }
524
ath9k_htc_hw_init(struct htc_target * target,struct device * dev,u16 devid,char * product,u32 drv_info)525 int ath9k_htc_hw_init(struct htc_target *target,
526 struct device *dev, u16 devid,
527 char *product, u32 drv_info)
528 {
529 if (ath9k_htc_probe_device(target, dev, devid, product, drv_info)) {
530 pr_err("Failed to initialize the device\n");
531 return -ENODEV;
532 }
533
534 return 0;
535 }
536
ath9k_htc_hw_deinit(struct htc_target * target,bool hot_unplug)537 void ath9k_htc_hw_deinit(struct htc_target *target, bool hot_unplug)
538 {
539 if (target)
540 ath9k_htc_disconnect_device(target, hot_unplug);
541 }
542