LXR linux/drivers/net/wireless/cw1200/wsm.c

   1/*
   2 * WSM host interface (HI) implementation for
   3 * ST-Ericsson CW1200 mac80211 drivers.
   4 *
   5 * Copyright (c) 2010, ST-Ericsson
   6 * Author: Dmitry Tarnyagin <dmitry.tarnyagin@lockless.no>
   7 *
   8 * This program is free software; you can redistribute it and/or modify
   9 * it under the terms of the GNU General Public License version 2 as
  10 * published by the Free Software Foundation.
  11 */
  12
  13#include <linux/skbuff.h>
  14#include <linux/wait.h>
  15#include <linux/delay.h>
  16#include <linux/sched.h>
  17#include <linux/random.h>
  18
  19#include "cw1200.h"
  20#include "wsm.h"
  21#include "bh.h"
  22#include "sta.h"
  23#include "debug.h"
  24
  25#define WSM_CMD_TIMEOUT         (2 * HZ) /* With respect to interrupt loss */
  26#define WSM_CMD_START_TIMEOUT   (7 * HZ)
  27#define WSM_CMD_RESET_TIMEOUT   (3 * HZ) /* 2 sec. timeout was observed.   */
  28#define WSM_CMD_MAX_TIMEOUT     (3 * HZ)
  29
  30#define WSM_SKIP(buf, size)                                             \
  31        do {                                                            \
  32                if ((buf)->data + size > (buf)->end)                    \
  33                        goto underflow;                                 \
  34                (buf)->data += size;                                    \
  35        } while (0)
  36
  37#define WSM_GET(buf, ptr, size)                                         \
  38        do {                                                            \
  39                if ((buf)->data + size > (buf)->end)                    \
  40                        goto underflow;                                 \
  41                memcpy(ptr, (buf)->data, size);                         \
  42                (buf)->data += size;                                    \
  43        } while (0)
  44
  45#define __WSM_GET(buf, type, type2, cvt)                                \
  46        ({                                                              \
  47                type val;                                               \
  48                if ((buf)->data + sizeof(type) > (buf)->end)            \
  49                        goto underflow;                                 \
  50                val = cvt(*(type2 *)(buf)->data);                       \
  51                (buf)->data += sizeof(type);                            \
  52                val;                                                    \
  53        })
  54
  55#define WSM_GET8(buf)  __WSM_GET(buf, u8, u8, (u8))
  56#define WSM_GET16(buf) __WSM_GET(buf, u16, __le16, __le16_to_cpu)
  57#define WSM_GET32(buf) __WSM_GET(buf, u32, __le32, __le32_to_cpu)
  58
  59#define WSM_PUT(buf, ptr, size)                                         \
  60        do {                                                            \
  61                if ((buf)->data + size > (buf)->end)            \
  62                        if (wsm_buf_reserve((buf), size))       \
  63                                goto nomem;                             \
  64                memcpy((buf)->data, ptr, size);                         \
  65                (buf)->data += size;                                    \
  66        } while (0)
  67
  68#define __WSM_PUT(buf, val, type, type2, cvt)                           \
  69        do {                                                            \
  70                if ((buf)->data + sizeof(type) > (buf)->end)            \
  71                        if (wsm_buf_reserve((buf), sizeof(type))) \
  72                                goto nomem;                             \
  73                *(type2 *)(buf)->data = cvt(val);                       \
  74                (buf)->data += sizeof(type);                            \
  75        } while (0)
  76
  77#define WSM_PUT8(buf, val)  __WSM_PUT(buf, val, u8, u8, (u8))
  78#define WSM_PUT16(buf, val) __WSM_PUT(buf, val, u16, __le16, __cpu_to_le16)
  79#define WSM_PUT32(buf, val) __WSM_PUT(buf, val, u32, __le32, __cpu_to_le32)
  80
  81static void wsm_buf_reset(struct wsm_buf *buf);
  82static int wsm_buf_reserve(struct wsm_buf *buf, size_t extra_size);
  83
  84static int wsm_cmd_send(struct cw1200_common *priv,
  85                        struct wsm_buf *buf,
  86                        void *arg, u16 cmd, long tmo);
  87
  88#define wsm_cmd_lock(__priv) mutex_lock(&((__priv)->wsm_cmd_mux))
  89#define wsm_cmd_unlock(__priv) mutex_unlock(&((__priv)->wsm_cmd_mux))
  90
  91/* ******************************************************************** */
  92/* WSM API implementation                                               */
  93
  94static int wsm_generic_confirm(struct cw1200_common *priv,
  95                             void *arg,
  96                             struct wsm_buf *buf)
  97{
  98        u32 status = WSM_GET32(buf);
  99        if (status != WSM_STATUS_SUCCESS)
 100                return -EINVAL;
 101        return 0;
 102
 103underflow:
 104        WARN_ON(1);
 105        return -EINVAL;
 106}
 107
 108int wsm_configuration(struct cw1200_common *priv, struct wsm_configuration *arg)
 109{
 110        int ret;
 111        struct wsm_buf *buf = &priv->wsm_cmd_buf;
 112
 113        wsm_cmd_lock(priv);
 114
 115        WSM_PUT32(buf, arg->dot11MaxTransmitMsduLifeTime);
 116        WSM_PUT32(buf, arg->dot11MaxReceiveLifeTime);
 117        WSM_PUT32(buf, arg->dot11RtsThreshold);
 118
 119        /* DPD block. */
 120        WSM_PUT16(buf, arg->dpdData_size + 12);
 121        WSM_PUT16(buf, 1); /* DPD version */
 122        WSM_PUT(buf, arg->dot11StationId, ETH_ALEN);
 123        WSM_PUT16(buf, 5); /* DPD flags */
 124        WSM_PUT(buf, arg->dpdData, arg->dpdData_size);
 125
 126        ret = wsm_cmd_send(priv, buf, arg,
 127                           WSM_CONFIGURATION_REQ_ID, WSM_CMD_TIMEOUT);
 128
 129        wsm_cmd_unlock(priv);
 130        return ret;
 131
 132nomem:
 133        wsm_cmd_unlock(priv);
 134        return -ENOMEM;
 135}
 136
 137static int wsm_configuration_confirm(struct cw1200_common *priv,
 138                                     struct wsm_configuration *arg,
 139                                     struct wsm_buf *buf)
 140{
 141        int i;
 142        int status;
 143
 144        status = WSM_GET32(buf);
 145        if (WARN_ON(status != WSM_STATUS_SUCCESS))
 146                return -EINVAL;
 147
 148        WSM_GET(buf, arg->dot11StationId, ETH_ALEN);
 149        arg->dot11FrequencyBandsSupported = WSM_GET8(buf);
 150        WSM_SKIP(buf, 1);
 151        arg->supportedRateMask = WSM_GET32(buf);
 152        for (i = 0; i < 2; ++i) {
 153                arg->txPowerRange[i].min_power_level = WSM_GET32(buf);
 154                arg->txPowerRange[i].max_power_level = WSM_GET32(buf);
 155                arg->txPowerRange[i].stepping = WSM_GET32(buf);
 156        }
 157        return 0;
 158
 159underflow:
 160        WARN_ON(1);
 161        return -EINVAL;
 162}
 163
 164/* ******************************************************************** */
 165
 166int wsm_reset(struct cw1200_common *priv, const struct wsm_reset *arg)
 167{
 168        int ret;
 169        struct wsm_buf *buf = &priv->wsm_cmd_buf;
 170        u16 cmd = WSM_RESET_REQ_ID | WSM_TX_LINK_ID(arg->link_id);
 171
 172        wsm_cmd_lock(priv);
 173
 174        WSM_PUT32(buf, arg->reset_statistics ? 0 : 1);
 175        ret = wsm_cmd_send(priv, buf, NULL, cmd, WSM_CMD_RESET_TIMEOUT);
 176        wsm_cmd_unlock(priv);
 177        return ret;
 178
 179nomem:
 180        wsm_cmd_unlock(priv);
 181        return -ENOMEM;
 182}
 183
 184/* ******************************************************************** */
 185
 186struct wsm_mib {
 187        u16 mib_id;
 188        void *buf;
 189        size_t buf_size;
 190};
 191
 192int wsm_read_mib(struct cw1200_common *priv, u16 mib_id, void *_buf,
 193                        size_t buf_size)
 194{
 195        int ret;
 196        struct wsm_buf *buf = &priv->wsm_cmd_buf;
 197        struct wsm_mib mib_buf = {
 198                .mib_id = mib_id,
 199                .buf = _buf,
 200                .buf_size = buf_size,
 201        };
 202        wsm_cmd_lock(priv);
 203
 204        WSM_PUT16(buf, mib_id);
 205        WSM_PUT16(buf, 0);
 206
 207        ret = wsm_cmd_send(priv, buf, &mib_buf,
 208                           WSM_READ_MIB_REQ_ID, WSM_CMD_TIMEOUT);
 209        wsm_cmd_unlock(priv);
 210        return ret;
 211
 212nomem:
 213        wsm_cmd_unlock(priv);
 214        return -ENOMEM;
 215}
 216
 217static int wsm_read_mib_confirm(struct cw1200_common *priv,
 218                                struct wsm_mib *arg,
 219                                struct wsm_buf *buf)
 220{
 221        u16 size;
 222        if (WARN_ON(WSM_GET32(buf) != WSM_STATUS_SUCCESS))
 223                return -EINVAL;
 224
 225        if (WARN_ON(WSM_GET16(buf) != arg->mib_id))
 226                return -EINVAL;
 227
 228        size = WSM_GET16(buf);
 229        if (size > arg->buf_size)
 230                size = arg->buf_size;
 231
 232        WSM_GET(buf, arg->buf, size);
 233        arg->buf_size = size;
 234        return 0;
 235
 236underflow:
 237        WARN_ON(1);
 238        return -EINVAL;
 239}
 240
 241/* ******************************************************************** */
 242
 243int wsm_write_mib(struct cw1200_common *priv, u16 mib_id, void *_buf,
 244                        size_t buf_size)
 245{
 246        int ret;
 247        struct wsm_buf *buf = &priv->wsm_cmd_buf;
 248        struct wsm_mib mib_buf = {
 249                .mib_id = mib_id,
 250                .buf = _buf,
 251                .buf_size = buf_size,
 252        };
 253
 254        wsm_cmd_lock(priv);
 255
 256        WSM_PUT16(buf, mib_id);
 257        WSM_PUT16(buf, buf_size);
 258        WSM_PUT(buf, _buf, buf_size);
 259
 260        ret = wsm_cmd_send(priv, buf, &mib_buf,
 261                           WSM_WRITE_MIB_REQ_ID, WSM_CMD_TIMEOUT);
 262        wsm_cmd_unlock(priv);
 263        return ret;
 264
 265nomem:
 266        wsm_cmd_unlock(priv);
 267        return -ENOMEM;
 268}
 269
 270static int wsm_write_mib_confirm(struct cw1200_common *priv,
 271                                struct wsm_mib *arg,
 272                                struct wsm_buf *buf)
 273{
 274        int ret;
 275
 276        ret = wsm_generic_confirm(priv, arg, buf);
 277        if (ret)
 278                return ret;
 279
 280        if (arg->mib_id == WSM_MIB_ID_OPERATIONAL_POWER_MODE) {
 281                /* OperationalMode: update PM status. */
 282                const char *p = arg->buf;
 283                cw1200_enable_powersave(priv, (p[0] & 0x0F) ? true : false);
 284        }
 285        return 0;
 286}
 287
 288/* ******************************************************************** */
 289
 290int wsm_scan(struct cw1200_common *priv, const struct wsm_scan *arg)
 291{
 292        int i;
 293        int ret;
 294        struct wsm_buf *buf = &priv->wsm_cmd_buf;
 295
 296        if (arg->num_channels > 48)
 297                return -EINVAL;
 298
 299        if (arg->num_ssids > 2)
 300                return -EINVAL;
 301
 302        if (arg->band > 1)
 303                return -EINVAL;
 304
 305        wsm_cmd_lock(priv);
 306
 307        WSM_PUT8(buf, arg->band);
 308        WSM_PUT8(buf, arg->type);
 309        WSM_PUT8(buf, arg->flags);
 310        WSM_PUT8(buf, arg->max_tx_rate);
 311        WSM_PUT32(buf, arg->auto_scan_interval);
 312        WSM_PUT8(buf, arg->num_probes);
 313        WSM_PUT8(buf, arg->num_channels);
 314        WSM_PUT8(buf, arg->num_ssids);
 315        WSM_PUT8(buf, arg->probe_delay);
 316
 317        for (i = 0; i < arg->num_channels; ++i) {
 318                WSM_PUT16(buf, arg->ch[i].number);
 319                WSM_PUT16(buf, 0);
 320                WSM_PUT32(buf, arg->ch[i].min_chan_time);
 321                WSM_PUT32(buf, arg->ch[i].max_chan_time);
 322                WSM_PUT32(buf, 0);
 323        }
 324
 325        for (i = 0; i < arg->num_ssids; ++i) {
 326                WSM_PUT32(buf, arg->ssids[i].length);
 327                WSM_PUT(buf, &arg->ssids[i].ssid[0],
 328                        sizeof(arg->ssids[i].ssid));
 329        }
 330
 331        ret = wsm_cmd_send(priv, buf, NULL,
 332                           WSM_START_SCAN_REQ_ID, WSM_CMD_TIMEOUT);
 333        wsm_cmd_unlock(priv);
 334        return ret;
 335
 336nomem:
 337        wsm_cmd_unlock(priv);
 338        return -ENOMEM;
 339}
 340
 341/* ******************************************************************** */
 342
 343int wsm_stop_scan(struct cw1200_common *priv)
 344{
 345        int ret;
 346        struct wsm_buf *buf = &priv->wsm_cmd_buf;
 347        wsm_cmd_lock(priv);
 348        ret = wsm_cmd_send(priv, buf, NULL,
 349                           WSM_STOP_SCAN_REQ_ID, WSM_CMD_TIMEOUT);
 350        wsm_cmd_unlock(priv);
 351        return ret;
 352}
 353
 354
 355static int wsm_tx_confirm(struct cw1200_common *priv,
 356                          struct wsm_buf *buf,
 357                          int link_id)
 358{
 359        struct wsm_tx_confirm tx_confirm;
 360
 361        tx_confirm.packet_id = WSM_GET32(buf);
 362        tx_confirm.status = WSM_GET32(buf);
 363        tx_confirm.tx_rate = WSM_GET8(buf);
 364        tx_confirm.ack_failures = WSM_GET8(buf);
 365        tx_confirm.flags = WSM_GET16(buf);
 366        tx_confirm.media_delay = WSM_GET32(buf);
 367        tx_confirm.tx_queue_delay = WSM_GET32(buf);
 368
 369        cw1200_tx_confirm_cb(priv, link_id, &tx_confirm);
 370        return 0;
 371
 372underflow:
 373        WARN_ON(1);
 374        return -EINVAL;
 375}
 376
 377static int wsm_multi_tx_confirm(struct cw1200_common *priv,
 378                                struct wsm_buf *buf, int link_id)
 379{
 380        int ret;
 381        int count;
 382        int i;
 383
 384        count = WSM_GET32(buf);
 385        if (WARN_ON(count <= 0))
 386                return -EINVAL;
 387
 388        if (count > 1) {
 389                /* We already released one buffer, now for the rest */
 390                ret = wsm_release_tx_buffer(priv, count - 1);
 391                if (ret < 0)
 392                        return ret;
 393                else if (ret > 0)
 394                        cw1200_bh_wakeup(priv);
 395        }
 396
 397        cw1200_debug_txed_multi(priv, count);
 398        for (i = 0; i < count; ++i) {
 399                ret = wsm_tx_confirm(priv, buf, link_id);
 400                if (ret)
 401                        return ret;
 402        }
 403        return ret;
 404
 405underflow:
 406        WARN_ON(1);
 407        return -EINVAL;
 408}
 409
 410/* ******************************************************************** */
 411
 412static int wsm_join_confirm(struct cw1200_common *priv,
 413                            struct wsm_join_cnf *arg,
 414                            struct wsm_buf *buf)
 415{
 416        arg->status = WSM_GET32(buf);
 417        if (WARN_ON(arg->status) != WSM_STATUS_SUCCESS)
 418                return -EINVAL;
 419
 420        arg->min_power_level = WSM_GET32(buf);
 421        arg->max_power_level = WSM_GET32(buf);
 422
 423        return 0;
 424
 425underflow:
 426        WARN_ON(1);
 427        return -EINVAL;
 428}
 429
 430int wsm_join(struct cw1200_common *priv, struct wsm_join *arg)
 431{
 432        int ret;
 433        struct wsm_buf *buf = &priv->wsm_cmd_buf;
 434        struct wsm_join_cnf resp;
 435        wsm_cmd_lock(priv);
 436
 437        WSM_PUT8(buf, arg->mode);
 438        WSM_PUT8(buf, arg->band);
 439        WSM_PUT16(buf, arg->channel_number);
 440        WSM_PUT(buf, &arg->bssid[0], sizeof(arg->bssid));
 441        WSM_PUT16(buf, arg->atim_window);
 442        WSM_PUT8(buf, arg->preamble_type);
 443        WSM_PUT8(buf, arg->probe_for_join);
 444        WSM_PUT8(buf, arg->dtim_period);
 445        WSM_PUT8(buf, arg->flags);
 446        WSM_PUT32(buf, arg->ssid_len);
 447        WSM_PUT(buf, &arg->ssid[0], sizeof(arg->ssid));
 448        WSM_PUT32(buf, arg->beacon_interval);
 449        WSM_PUT32(buf, arg->basic_rate_set);
 450
 451        priv->tx_burst_idx = -1;
 452        ret = wsm_cmd_send(priv, buf, &resp,
 453                           WSM_JOIN_REQ_ID, WSM_CMD_TIMEOUT);
 454        /* TODO:  Update state based on resp.min|max_power_level */
 455
 456        priv->join_complete_status = resp.status;
 457
 458        wsm_cmd_unlock(priv);
 459        return ret;
 460
 461nomem:
 462        wsm_cmd_unlock(priv);
 463        return -ENOMEM;
 464}
 465
 466/* ******************************************************************** */
 467
 468int wsm_set_bss_params(struct cw1200_common *priv,
 469                       const struct wsm_set_bss_params *arg)
 470{
 471        int ret;
 472        struct wsm_buf *buf = &priv->wsm_cmd_buf;
 473
 474        wsm_cmd_lock(priv);
 475
 476        WSM_PUT8(buf, (arg->reset_beacon_loss ?  0x1 : 0));
 477        WSM_PUT8(buf, arg->beacon_lost_count);
 478        WSM_PUT16(buf, arg->aid);
 479        WSM_PUT32(buf, arg->operational_rate_set);
 480
 481        ret = wsm_cmd_send(priv, buf, NULL,
 482                           WSM_SET_BSS_PARAMS_REQ_ID, WSM_CMD_TIMEOUT);
 483
 484        wsm_cmd_unlock(priv);
 485        return ret;
 486
 487nomem:
 488        wsm_cmd_unlock(priv);
 489        return -ENOMEM;
 490}
 491
 492/* ******************************************************************** */
 493
 494int wsm_add_key(struct cw1200_common *priv, const struct wsm_add_key *arg)
 495{
 496        int ret;
 497        struct wsm_buf *buf = &priv->wsm_cmd_buf;
 498
 499        wsm_cmd_lock(priv);
 500
 501        WSM_PUT(buf, arg, sizeof(*arg));
 502
 503        ret = wsm_cmd_send(priv, buf, NULL,
 504                           WSM_ADD_KEY_REQ_ID, WSM_CMD_TIMEOUT);
 505
 506        wsm_cmd_unlock(priv);
 507        return ret;
 508
 509nomem:
 510        wsm_cmd_unlock(priv);
 511        return -ENOMEM;
 512}
 513
 514/* ******************************************************************** */
 515
 516int wsm_remove_key(struct cw1200_common *priv, const struct wsm_remove_key *arg)
 517{
 518        int ret;
 519        struct wsm_buf *buf = &priv->wsm_cmd_buf;
 520
 521        wsm_cmd_lock(priv);
 522
 523        WSM_PUT8(buf, arg->index);
 524        WSM_PUT8(buf, 0);
 525        WSM_PUT16(buf, 0);
 526
 527        ret = wsm_cmd_send(priv, buf, NULL,
 528                           WSM_REMOVE_KEY_REQ_ID, WSM_CMD_TIMEOUT);
 529
 530        wsm_cmd_unlock(priv);
 531        return ret;
 532
 533nomem:
 534        wsm_cmd_unlock(priv);
 535        return -ENOMEM;
 536}
 537
 538/* ******************************************************************** */
 539
 540int wsm_set_tx_queue_params(struct cw1200_common *priv,
 541                const struct wsm_set_tx_queue_params *arg, u8 id)
 542{
 543        int ret;
 544        struct wsm_buf *buf = &priv->wsm_cmd_buf;
 545        u8 queue_id_to_wmm_aci[] = {3, 2, 0, 1};
 546
 547        wsm_cmd_lock(priv);
 548
 549        WSM_PUT8(buf, queue_id_to_wmm_aci[id]);
 550        WSM_PUT8(buf, 0);
 551        WSM_PUT8(buf, arg->ackPolicy);
 552        WSM_PUT8(buf, 0);
 553        WSM_PUT32(buf, arg->maxTransmitLifetime);
 554        WSM_PUT16(buf, arg->allowedMediumTime);
 555        WSM_PUT16(buf, 0);
 556
 557        ret = wsm_cmd_send(priv, buf, NULL, 0x0012, WSM_CMD_TIMEOUT);
 558
 559        wsm_cmd_unlock(priv);
 560        return ret;
 561
 562nomem:
 563        wsm_cmd_unlock(priv);
 564        return -ENOMEM;
 565}
 566
 567/* ******************************************************************** */
 568
 569int wsm_set_edca_params(struct cw1200_common *priv,
 570                                const struct wsm_edca_params *arg)
 571{
 572        int ret;
 573        struct wsm_buf *buf = &priv->wsm_cmd_buf;
 574
 575        wsm_cmd_lock(priv);
 576
 577        /* Implemented according to specification. */
 578
 579        WSM_PUT16(buf, arg->params[3].cwmin);
 580        WSM_PUT16(buf, arg->params[2].cwmin);
 581        WSM_PUT16(buf, arg->params[1].cwmin);
 582        WSM_PUT16(buf, arg->params[0].cwmin);
 583
 584        WSM_PUT16(buf, arg->params[3].cwmax);
 585        WSM_PUT16(buf, arg->params[2].cwmax);
 586        WSM_PUT16(buf, arg->params[1].cwmax);
 587        WSM_PUT16(buf, arg->params[0].cwmax);
 588
 589        WSM_PUT8(buf, arg->params[3].aifns);
 590        WSM_PUT8(buf, arg->params[2].aifns);
 591        WSM_PUT8(buf, arg->params[1].aifns);
 592        WSM_PUT8(buf, arg->params[0].aifns);
 593
 594        WSM_PUT16(buf, arg->params[3].txop_limit);
 595        WSM_PUT16(buf, arg->params[2].txop_limit);
 596        WSM_PUT16(buf, arg->params[1].txop_limit);
 597        WSM_PUT16(buf, arg->params[0].txop_limit);
 598
 599        WSM_PUT32(buf, arg->params[3].max_rx_lifetime);
 600        WSM_PUT32(buf, arg->params[2].max_rx_lifetime);
 601        WSM_PUT32(buf, arg->params[1].max_rx_lifetime);
 602        WSM_PUT32(buf, arg->params[0].max_rx_lifetime);
 603
 604        ret = wsm_cmd_send(priv, buf, NULL,
 605                           WSM_EDCA_PARAMS_REQ_ID, WSM_CMD_TIMEOUT);
 606        wsm_cmd_unlock(priv);
 607        return ret;
 608
 609nomem:
 610        wsm_cmd_unlock(priv);
 611        return -ENOMEM;
 612}
 613
 614/* ******************************************************************** */
 615
 616int wsm_switch_channel(struct cw1200_common *priv,
 617                        const struct wsm_switch_channel *arg)
 618{
 619        int ret;
 620        struct wsm_buf *buf = &priv->wsm_cmd_buf;
 621
 622        wsm_cmd_lock(priv);
 623
 624        WSM_PUT8(buf, arg->mode);
 625        WSM_PUT8(buf, arg->switch_count);
 626        WSM_PUT16(buf, arg->channel_number);
 627
 628        priv->channel_switch_in_progress = 1;
 629
 630        ret = wsm_cmd_send(priv, buf, NULL,
 631                           WSM_SWITCH_CHANNEL_REQ_ID, WSM_CMD_TIMEOUT);
 632        if (ret)
 633                priv->channel_switch_in_progress = 0;
 634
 635        wsm_cmd_unlock(priv);
 636        return ret;
 637
 638nomem:
 639        wsm_cmd_unlock(priv);
 640        return -ENOMEM;
 641}
 642
 643/* ******************************************************************** */
 644
 645int wsm_set_pm(struct cw1200_common *priv, const struct wsm_set_pm *arg)
 646{
 647        int ret;
 648        struct wsm_buf *buf = &priv->wsm_cmd_buf;
 649        priv->ps_mode_switch_in_progress = 1;
 650
 651        wsm_cmd_lock(priv);
 652
 653        WSM_PUT8(buf, arg->mode);
 654        WSM_PUT8(buf, arg->fast_psm_idle_period);
 655        WSM_PUT8(buf, arg->ap_psm_change_period);
 656        WSM_PUT8(buf, arg->min_auto_pspoll_period);
 657
 658        ret = wsm_cmd_send(priv, buf, NULL,
 659                           WSM_SET_PM_REQ_ID, WSM_CMD_TIMEOUT);
 660
 661        wsm_cmd_unlock(priv);
 662        return ret;
 663
 664nomem:
 665        wsm_cmd_unlock(priv);
 666        return -ENOMEM;
 667}
 668
 669/* ******************************************************************** */
 670
 671int wsm_start(struct cw1200_common *priv, const struct wsm_start *arg)
 672{
 673        int ret;
 674        struct wsm_buf *buf = &priv->wsm_cmd_buf;
 675
 676        wsm_cmd_lock(priv);
 677
 678        WSM_PUT8(buf, arg->mode);
 679        WSM_PUT8(buf, arg->band);
 680        WSM_PUT16(buf, arg->channel_number);
 681        WSM_PUT32(buf, arg->ct_window);
 682        WSM_PUT32(buf, arg->beacon_interval);
 683        WSM_PUT8(buf, arg->dtim_period);
 684        WSM_PUT8(buf, arg->preamble);
 685        WSM_PUT8(buf, arg->probe_delay);
 686        WSM_PUT8(buf, arg->ssid_len);
 687        WSM_PUT(buf, arg->ssid, sizeof(arg->ssid));
 688        WSM_PUT32(buf, arg->basic_rate_set);
 689
 690        priv->tx_burst_idx = -1;
 691        ret = wsm_cmd_send(priv, buf, NULL,
 692                           WSM_START_REQ_ID, WSM_CMD_START_TIMEOUT);
 693
 694        wsm_cmd_unlock(priv);
 695        return ret;
 696
 697nomem:
 698        wsm_cmd_unlock(priv);
 699        return -ENOMEM;
 700}
 701
 702/* ******************************************************************** */
 703
 704int wsm_beacon_transmit(struct cw1200_common *priv,
 705                        const struct wsm_beacon_transmit *arg)
 706{
 707        int ret;
 708        struct wsm_buf *buf = &priv->wsm_cmd_buf;
 709
 710        wsm_cmd_lock(priv);
 711
 712        WSM_PUT32(buf, arg->enable_beaconing ? 1 : 0);
 713
 714        ret = wsm_cmd_send(priv, buf, NULL,
 715                           WSM_BEACON_TRANSMIT_REQ_ID, WSM_CMD_TIMEOUT);
 716
 717        wsm_cmd_unlock(priv);
 718        return ret;
 719
 720nomem:
 721        wsm_cmd_unlock(priv);
 722        return -ENOMEM;
 723}
 724
 725/* ******************************************************************** */
 726
 727int wsm_start_find(struct cw1200_common *priv)
 728{
 729        int ret;
 730        struct wsm_buf *buf = &priv->wsm_cmd_buf;
 731
 732        wsm_cmd_lock(priv);
 733        ret = wsm_cmd_send(priv, buf, NULL, 0x0019, WSM_CMD_TIMEOUT);
 734        wsm_cmd_unlock(priv);
 735        return ret;
 736}
 737
 738/* ******************************************************************** */
 739
 740int wsm_stop_find(struct cw1200_common *priv)
 741{
 742        int ret;
 743        struct wsm_buf *buf = &priv->wsm_cmd_buf;
 744
 745        wsm_cmd_lock(priv);
 746        ret = wsm_cmd_send(priv, buf, NULL, 0x001A, WSM_CMD_TIMEOUT);
 747        wsm_cmd_unlock(priv);
 748        return ret;
 749}
 750
 751/* ******************************************************************** */
 752
 753int wsm_map_link(struct cw1200_common *priv, const struct wsm_map_link *arg)
 754{
 755        int ret;
 756        struct wsm_buf *buf = &priv->wsm_cmd_buf;
 757        u16 cmd = 0x001C | WSM_TX_LINK_ID(arg->link_id);
 758
 759        wsm_cmd_lock(priv);
 760
 761        WSM_PUT(buf, &arg->mac_addr[0], sizeof(arg->mac_addr));
 762        WSM_PUT16(buf, 0);
 763
 764        ret = wsm_cmd_send(priv, buf, NULL, cmd, WSM_CMD_TIMEOUT);
 765
 766        wsm_cmd_unlock(priv);
 767        return ret;
 768
 769nomem:
 770        wsm_cmd_unlock(priv);
 771        return -ENOMEM;
 772}
 773
 774/* ******************************************************************** */
 775
 776int wsm_update_ie(struct cw1200_common *priv,
 777                  const struct wsm_update_ie *arg)
 778{
 779        int ret;
 780        struct wsm_buf *buf = &priv->wsm_cmd_buf;
 781
 782        wsm_cmd_lock(priv);
 783
 784        WSM_PUT16(buf, arg->what);
 785        WSM_PUT16(buf, arg->count);
 786        WSM_PUT(buf, arg->ies, arg->length);
 787
 788        ret = wsm_cmd_send(priv, buf, NULL, 0x001B, WSM_CMD_TIMEOUT);
 789
 790        wsm_cmd_unlock(priv);
 791        return ret;
 792
 793nomem:
 794        wsm_cmd_unlock(priv);
 795        return -ENOMEM;
 796}
 797
 798/* ******************************************************************** */
 799int wsm_set_probe_responder(struct cw1200_common *priv, bool enable)
 800{
 801        priv->rx_filter.probeResponder = enable;
 802        return wsm_set_rx_filter(priv, &priv->rx_filter);
 803}
 804
 805/* ******************************************************************** */
 806/* WSM indication events implementation                                 */
 807const char * const cw1200_fw_types[] = {
 808        "ETF",
 809        "WFM",
 810        "WSM",
 811        "HI test",
 812        "Platform test"
 813};
 814
 815static int wsm_startup_indication(struct cw1200_common *priv,
 816                                        struct wsm_buf *buf)
 817{
 818        priv->wsm_caps.input_buffers     = WSM_GET16(buf);
 819        priv->wsm_caps.input_buffer_size = WSM_GET16(buf);
 820        priv->wsm_caps.hw_id      = WSM_GET16(buf);
 821        priv->wsm_caps.hw_subid   = WSM_GET16(buf);
 822        priv->wsm_caps.status     = WSM_GET16(buf);
 823        priv->wsm_caps.fw_cap     = WSM_GET16(buf);
 824        priv->wsm_caps.fw_type    = WSM_GET16(buf);
 825        priv->wsm_caps.fw_api     = WSM_GET16(buf);
 826        priv->wsm_caps.fw_build   = WSM_GET16(buf);
 827        priv->wsm_caps.fw_ver     = WSM_GET16(buf);
 828        WSM_GET(buf, priv->wsm_caps.fw_label, sizeof(priv->wsm_caps.fw_label));
 829        priv->wsm_caps.fw_label[sizeof(priv->wsm_caps.fw_label) - 1] = 0; /* Do not trust FW too much... */
 830
 831        if (WARN_ON(priv->wsm_caps.status))
 832                return -EINVAL;
 833
 834        if (WARN_ON(priv->wsm_caps.fw_type > 4))
 835                return -EINVAL;
 836
 837        pr_info("CW1200 WSM init done.\n"
 838                "   Input buffers: %d x %d bytes\n"
 839                "   Hardware: %d.%d\n"
 840                "   %s firmware [%s], ver: %d, build: %d,"
 841                "   api: %d, cap: 0x%.4X\n",
 842                priv->wsm_caps.input_buffers,
 843                priv->wsm_caps.input_buffer_size,
 844                priv->wsm_caps.hw_id, priv->wsm_caps.hw_subid,
 845                cw1200_fw_types[priv->wsm_caps.fw_type],
 846                priv->wsm_caps.fw_label, priv->wsm_caps.fw_ver,
 847                priv->wsm_caps.fw_build,
 848                priv->wsm_caps.fw_api, priv->wsm_caps.fw_cap);
 849
 850        /* Disable unsupported frequency bands */
 851        if (!(priv->wsm_caps.fw_cap & 0x1))
 852                priv->hw->wiphy->bands[IEEE80211_BAND_2GHZ] = NULL;
 853        if (!(priv->wsm_caps.fw_cap & 0x2))
 854                priv->hw->wiphy->bands[IEEE80211_BAND_5GHZ] = NULL;
 855
 856        priv->firmware_ready = 1;
 857        wake_up(&priv->wsm_startup_done);
 858        return 0;
 859
 860underflow:
 861        WARN_ON(1);
 862        return -EINVAL;
 863}
 864
 865static int wsm_receive_indication(struct cw1200_common *priv,
 866                                  int link_id,
 867                                  struct wsm_buf *buf,
 868                                  struct sk_buff **skb_p)
 869{
 870        struct wsm_rx rx;
 871        struct ieee80211_hdr *hdr;
 872        size_t hdr_len;
 873        __le16 fctl;
 874
 875        rx.status = WSM_GET32(buf);
 876        rx.channel_number = WSM_GET16(buf);
 877        rx.rx_rate = WSM_GET8(buf);
 878        rx.rcpi_rssi = WSM_GET8(buf);
 879        rx.flags = WSM_GET32(buf);
 880
 881        /* FW Workaround: Drop probe resp or
 882           beacon when RSSI is 0
 883        */
 884        hdr = (struct ieee80211_hdr *)(*skb_p)->data;
 885
 886        if (!rx.rcpi_rssi &&
 887            (ieee80211_is_probe_resp(hdr->frame_control) ||
 888             ieee80211_is_beacon(hdr->frame_control)))
 889                return 0;
 890
 891        /* If no RSSI subscription has been made,
 892         * convert RCPI to RSSI here
 893         */
 894        if (!priv->cqm_use_rssi)
 895                rx.rcpi_rssi = rx.rcpi_rssi / 2 - 110;
 896
 897        fctl = *(__le16 *)buf->data;
 898        hdr_len = buf->data - buf->begin;
 899        skb_pull(*skb_p, hdr_len);
 900        if (!rx.status && ieee80211_is_deauth(fctl)) {
 901                if (priv->join_status == CW1200_JOIN_STATUS_STA) {
 902                        /* Shedule unjoin work */
 903                        pr_debug("[WSM] Issue unjoin command (RX).\n");
 904                        wsm_lock_tx_async(priv);
 905                        if (queue_work(priv->workqueue,
 906                                       &priv->unjoin_work) <= 0)
 907                                wsm_unlock_tx(priv);
 908                }
 909        }
 910        cw1200_rx_cb(priv, &rx, link_id, skb_p);
 911        if (*skb_p)
 912                skb_push(*skb_p, hdr_len);
 913
 914        return 0;
 915
 916underflow:
 917        return -EINVAL;
 918}
 919
 920static int wsm_event_indication(struct cw1200_common *priv, struct wsm_buf *buf)
 921{
 922        int first;
 923        struct cw1200_wsm_event *event;
 924
 925        if (priv->mode == NL80211_IFTYPE_UNSPECIFIED) {
 926                /* STA is stopped. */
 927                return 0;
 928        }
 929
 930        event = kzalloc(sizeof(struct cw1200_wsm_event), GFP_KERNEL);
 931        if (!event)
 932                return -ENOMEM;
 933
 934        event->evt.id = WSM_GET32(buf);
 935        event->evt.data = WSM_GET32(buf);
 936
 937        pr_debug("[WSM] Event: %d(%d)\n",
 938                 event->evt.id, event->evt.data);
 939
 940        spin_lock(&priv->event_queue_lock);
 941        first = list_empty(&priv->event_queue);
 942        list_add_tail(&event->link, &priv->event_queue);
 943        spin_unlock(&priv->event_queue_lock);
 944
 945        if (first)
 946                queue_work(priv->workqueue, &priv->event_handler);
 947
 948        return 0;
 949
 950underflow:
 951        kfree(event);
 952        return -EINVAL;
 953}
 954
 955static int wsm_channel_switch_indication(struct cw1200_common *priv,
 956                                         struct wsm_buf *buf)
 957{
 958        WARN_ON(WSM_GET32(buf));
 959
 960        priv->channel_switch_in_progress = 0;
 961        wake_up(&priv->channel_switch_done);
 962
 963        wsm_unlock_tx(priv);
 964
 965        return 0;
 966
 967underflow:
 968        return -EINVAL;
 969}
 970
 971static int wsm_set_pm_indication(struct cw1200_common *priv,
 972                                 struct wsm_buf *buf)
 973{
 974        /* TODO:  Check buf (struct wsm_set_pm_complete) for validity */
 975        if (priv->ps_mode_switch_in_progress) {
 976                priv->ps_mode_switch_in_progress = 0;
 977                wake_up(&priv->ps_mode_switch_done);
 978        }
 979        return 0;
 980}
 981
 982static int wsm_scan_started(struct cw1200_common *priv, void *arg,
 983                            struct wsm_buf *buf)
 984{
 985        u32 status = WSM_GET32(buf);
 986        if (status != WSM_STATUS_SUCCESS) {
 987                cw1200_scan_failed_cb(priv);
 988                return -EINVAL;
 989        }
 990        return 0;
 991
 992underflow:
 993        WARN_ON(1);
 994        return -EINVAL;
 995}
 996
 997static int wsm_scan_complete_indication(struct cw1200_common *priv,
 998                                        struct wsm_buf *buf)
 999{
1000        struct wsm_scan_complete arg;

1001        arg.status = WSM_GET32(buf);
1002        arg.psm = WSM_GET8(buf);
1003        arg.num_channels = WSM_GET8(buf);
1004        cw1200_scan_complete_cb(priv, &arg);
1005
1006        return 0;
1007
1008underflow:
1009        return -EINVAL;
1010}
1011
1012static int wsm_join_complete_indication(struct cw1200_common *priv,
1013                                        struct wsm_buf *buf)
1014{
1015        struct wsm_join_complete arg;
1016        arg.status = WSM_GET32(buf);
1017        pr_debug("[WSM] Join complete indication, status: %d\n", arg.status);
1018        cw1200_join_complete_cb(priv, &arg);
1019
1020        return 0;
1021
1022underflow:
1023        return -EINVAL;
1024}
1025
1026static int wsm_find_complete_indication(struct cw1200_common *priv,
1027                                        struct wsm_buf *buf)
1028{
1029        pr_warn("Implement find_complete_indication\n");
1030        return 0;
1031}
1032
1033static int wsm_ba_timeout_indication(struct cw1200_common *priv,
1034                                     struct wsm_buf *buf)
1035{
1036        u32 dummy;
1037        u8 tid;
1038        u8 dummy2;
1039        u8 addr[ETH_ALEN];
1040
1041        dummy = WSM_GET32(buf);
1042        tid = WSM_GET8(buf);
1043        dummy2 = WSM_GET8(buf);
1044        WSM_GET(buf, addr, ETH_ALEN);
1045
1046        pr_info("BlockACK timeout, tid %d, addr %pM\n",
1047                tid, addr);
1048
1049        return 0;
1050
1051underflow:
1052        return -EINVAL;
1053}
1054
1055static int wsm_suspend_resume_indication(struct cw1200_common *priv,
1056                                         int link_id, struct wsm_buf *buf)
1057{
1058        u32 flags;
1059        struct wsm_suspend_resume arg;
1060
1061        flags = WSM_GET32(buf);
1062        arg.link_id = link_id;
1063        arg.stop = !(flags & 1);
1064        arg.multicast = !!(flags & 8);
1065        arg.queue = (flags >> 1) & 3;
1066
1067        cw1200_suspend_resume(priv, &arg);
1068
1069        return 0;
1070
1071underflow:
1072        return -EINVAL;
1073}
1074
1075
1076/* ******************************************************************** */
1077/* WSM TX                                                               */
1078
1079static int wsm_cmd_send(struct cw1200_common *priv,
1080                        struct wsm_buf *buf,
1081                        void *arg, u16 cmd, long tmo)
1082{
1083        size_t buf_len = buf->data - buf->begin;
1084        int ret;
1085
1086        /* Don't bother if we're dead. */
1087        if (priv->bh_error) {
1088                ret = 0;
1089                goto done;
1090        }
1091
1092        /* Block until the cmd buffer is completed.  Tortuous. */
1093        spin_lock(&priv->wsm_cmd.lock);
1094        while (!priv->wsm_cmd.done) {
1095                spin_unlock(&priv->wsm_cmd.lock);
1096                spin_lock(&priv->wsm_cmd.lock);
1097        }
1098        priv->wsm_cmd.done = 0;
1099        spin_unlock(&priv->wsm_cmd.lock);
1100
1101        if (cmd == WSM_WRITE_MIB_REQ_ID ||
1102            cmd == WSM_READ_MIB_REQ_ID)
1103                pr_debug("[WSM] >>> 0x%.4X [MIB: 0x%.4X] (%zu)\n",
1104                         cmd, __le16_to_cpu(((__le16 *)buf->begin)[2]),
1105                         buf_len);
1106        else
1107                pr_debug("[WSM] >>> 0x%.4X (%zu)\n", cmd, buf_len);
1108
1109        /* Due to buggy SPI on CW1200, we need to
1110         * pad the message by a few bytes to ensure
1111         * that it's completely received.
1112         */
1113        buf_len += 4;
1114
1115        /* Fill HI message header */
1116        /* BH will add sequence number */
1117        ((__le16 *)buf->begin)[0] = __cpu_to_le16(buf_len);
1118        ((__le16 *)buf->begin)[1] = __cpu_to_le16(cmd);
1119
1120        spin_lock(&priv->wsm_cmd.lock);
1121        BUG_ON(priv->wsm_cmd.ptr);
1122        priv->wsm_cmd.ptr = buf->begin;
1123        priv->wsm_cmd.len = buf_len;
1124        priv->wsm_cmd.arg = arg;
1125        priv->wsm_cmd.cmd = cmd;
1126        spin_unlock(&priv->wsm_cmd.lock);
1127
1128        cw1200_bh_wakeup(priv);
1129
1130        /* Wait for command completion */
1131        ret = wait_event_timeout(priv->wsm_cmd_wq,
1132                                 priv->wsm_cmd.done, tmo);
1133
1134        if (!ret && !priv->wsm_cmd.done) {
1135                spin_lock(&priv->wsm_cmd.lock);
1136                priv->wsm_cmd.done = 1;
1137                priv->wsm_cmd.ptr = NULL;
1138                spin_unlock(&priv->wsm_cmd.lock);
1139                if (priv->bh_error) {
1140                        /* Return ok to help system cleanup */
1141                        ret = 0;
1142                } else {
1143                        pr_err("CMD req (0x%04x) stuck in firmware, killing BH\n", priv->wsm_cmd.cmd);
1144                        print_hex_dump_bytes("REQDUMP: ", DUMP_PREFIX_NONE,
1145                                             buf->begin, buf_len);
1146                        pr_err("Outstanding outgoing frames:  %d\n", priv->hw_bufs_used);
1147
1148                        /* Kill BH thread to report the error to the top layer. */
1149                        atomic_add(1, &priv->bh_term);
1150                        wake_up(&priv->bh_wq);
1151                        ret = -ETIMEDOUT;
1152                }
1153        } else {
1154                spin_lock(&priv->wsm_cmd.lock);
1155                BUG_ON(!priv->wsm_cmd.done);
1156                ret = priv->wsm_cmd.ret;
1157                spin_unlock(&priv->wsm_cmd.lock);
1158        }
1159done:
1160        wsm_buf_reset(buf);
1161        return ret;
1162}
1163
1164/* ******************************************************************** */
1165/* WSM TX port control                                                  */
1166
1167void wsm_lock_tx(struct cw1200_common *priv)
1168{
1169        wsm_cmd_lock(priv);
1170        if (atomic_add_return(1, &priv->tx_lock) == 1) {
1171                if (wsm_flush_tx(priv))
1172                        pr_debug("[WSM] TX is locked.\n");
1173        }
1174        wsm_cmd_unlock(priv);
1175}
1176
1177void wsm_lock_tx_async(struct cw1200_common *priv)
1178{
1179        if (atomic_add_return(1, &priv->tx_lock) == 1)
1180                pr_debug("[WSM] TX is locked (async).\n");
1181}
1182
1183bool wsm_flush_tx(struct cw1200_common *priv)
1184{
1185        unsigned long timestamp = jiffies;
1186        bool pending = false;
1187        long timeout;
1188        int i;
1189
1190        /* Flush must be called with TX lock held. */
1191        BUG_ON(!atomic_read(&priv->tx_lock));
1192
1193        /* First check if we really need to do something.
1194         * It is safe to use unprotected access, as hw_bufs_used
1195         * can only decrements.
1196         */
1197        if (!priv->hw_bufs_used)
1198                return true;
1199
1200        if (priv->bh_error) {
1201                /* In case of failure do not wait for magic. */
1202                pr_err("[WSM] Fatal error occured, will not flush TX.\n");
1203                return false;
1204        } else {
1205                /* Get a timestamp of "oldest" frame */
1206                for (i = 0; i < 4; ++i)
1207                        pending |= cw1200_queue_get_xmit_timestamp(
1208                                        &priv->tx_queue[i],
1209                                        &timestamp, 0xffffffff);
1210                /* If there's nothing pending, we're good */
1211                if (!pending)
1212                        return true;
1213
1214                timeout = timestamp + WSM_CMD_LAST_CHANCE_TIMEOUT - jiffies;
1215                if (timeout < 0 || wait_event_timeout(priv->bh_evt_wq,
1216                                                      !priv->hw_bufs_used,
1217                                                      timeout) <= 0) {
1218                        /* Hmmm... Not good. Frame had stuck in firmware. */
1219                        priv->bh_error = 1;
1220                        wiphy_err(priv->hw->wiphy, "[WSM] TX Frames (%d) stuck in firmware, killing BH\n", priv->hw_bufs_used);
1221                        wake_up(&priv->bh_wq);
1222                        return false;
1223                }
1224
1225                /* Ok, everything is flushed. */
1226                return true;
1227        }
1228}
1229
1230void wsm_unlock_tx(struct cw1200_common *priv)
1231{
1232        int tx_lock;
1233        tx_lock = atomic_sub_return(1, &priv->tx_lock);
1234        BUG_ON(tx_lock < 0);
1235
1236        if (tx_lock == 0) {
1237                if (!priv->bh_error)
1238                        cw1200_bh_wakeup(priv);
1239                pr_debug("[WSM] TX is unlocked.\n");
1240        }
1241}
1242
1243/* ******************************************************************** */
1244/* WSM RX                                                               */
1245
1246int wsm_handle_exception(struct cw1200_common *priv, u8 *data, size_t len)
1247{
1248        struct wsm_buf buf;
1249        u32 reason;
1250        u32 reg[18];
1251        char fname[48];
1252        unsigned int i;
1253
1254        static const char * const reason_str[] = {
1255                "undefined instruction",
1256                "prefetch abort",
1257                "data abort",
1258                "unknown error",
1259        };
1260
1261        buf.begin = buf.data = data;
1262        buf.end = &buf.begin[len];
1263
1264        reason = WSM_GET32(&buf);
1265        for (i = 0; i < ARRAY_SIZE(reg); ++i)
1266                reg[i] = WSM_GET32(&buf);
1267        WSM_GET(&buf, fname, sizeof(fname));
1268
1269        if (reason < 4)
1270                wiphy_err(priv->hw->wiphy,
1271                          "Firmware exception: %s.\n",
1272                          reason_str[reason]);
1273        else
1274                wiphy_err(priv->hw->wiphy,
1275                          "Firmware assert at %.*s, line %d\n",
1276                          (int) sizeof(fname), fname, reg[1]);
1277
1278        for (i = 0; i < 12; i += 4)
1279                wiphy_err(priv->hw->wiphy,
1280                          "R%d: 0x%.8X, R%d: 0x%.8X, R%d: 0x%.8X, R%d: 0x%.8X,\n",
1281                          i + 0, reg[i + 0], i + 1, reg[i + 1],
1282                          i + 2, reg[i + 2], i + 3, reg[i + 3]);
1283        wiphy_err(priv->hw->wiphy,
1284                  "R12: 0x%.8X, SP: 0x%.8X, LR: 0x%.8X, PC: 0x%.8X,\n",
1285                  reg[i + 0], reg[i + 1], reg[i + 2], reg[i + 3]);
1286        i += 4;
1287        wiphy_err(priv->hw->wiphy,
1288                  "CPSR: 0x%.8X, SPSR: 0x%.8X\n",
1289                  reg[i + 0], reg[i + 1]);
1290
1291        print_hex_dump_bytes("R1: ", DUMP_PREFIX_NONE,
1292                             fname, sizeof(fname));
1293        return 0;
1294
1295underflow:
1296        wiphy_err(priv->hw->wiphy, "Firmware exception.\n");
1297        print_hex_dump_bytes("Exception: ", DUMP_PREFIX_NONE,
1298                             data, len);
1299        return -EINVAL;
1300}
1301
1302int wsm_handle_rx(struct cw1200_common *priv, u16 id,
1303                  struct wsm_hdr *wsm, struct sk_buff **skb_p)
1304{
1305        int ret = 0;
1306        struct wsm_buf wsm_buf;
1307        int link_id = (id >> 6) & 0x0F;
1308
1309        /* Strip link id. */
1310        id &= ~WSM_TX_LINK_ID(WSM_TX_LINK_ID_MAX);
1311
1312        wsm_buf.begin = (u8 *)&wsm[0];
1313        wsm_buf.data = (u8 *)&wsm[1];
1314        wsm_buf.end = &wsm_buf.begin[__le16_to_cpu(wsm->len)];
1315
1316        pr_debug("[WSM] <<< 0x%.4X (%td)\n", id,
1317                 wsm_buf.end - wsm_buf.begin);
1318
1319        if (id == WSM_TX_CONFIRM_IND_ID) {
1320                ret = wsm_tx_confirm(priv, &wsm_buf, link_id);
1321        } else if (id == WSM_MULTI_TX_CONFIRM_ID) {
1322                ret = wsm_multi_tx_confirm(priv, &wsm_buf, link_id);
1323        } else if (id & 0x0400) {
1324                void *wsm_arg;
1325                u16 wsm_cmd;
1326
1327                /* Do not trust FW too much. Protection against repeated
1328                 * response and race condition removal (see above).
1329                 */
1330                spin_lock(&priv->wsm_cmd.lock);
1331                wsm_arg = priv->wsm_cmd.arg;
1332                wsm_cmd = priv->wsm_cmd.cmd &
1333                                ~WSM_TX_LINK_ID(WSM_TX_LINK_ID_MAX);
1334                priv->wsm_cmd.cmd = 0xFFFF;
1335                spin_unlock(&priv->wsm_cmd.lock);
1336
1337                if (WARN_ON((id & ~0x0400) != wsm_cmd)) {
1338                        /* Note that any non-zero is a fatal retcode. */
1339                        ret = -EINVAL;
1340                        goto out;
1341                }
1342
1343                /* Note that wsm_arg can be NULL in case of timeout in
1344                 * wsm_cmd_send().
1345                 */
1346
1347                switch (id) {
1348                case WSM_READ_MIB_RESP_ID:
1349                        if (wsm_arg)
1350                                ret = wsm_read_mib_confirm(priv, wsm_arg,
1351                                                                &wsm_buf);
1352                        break;
1353                case WSM_WRITE_MIB_RESP_ID:
1354                        if (wsm_arg)
1355                                ret = wsm_write_mib_confirm(priv, wsm_arg,
1356                                                            &wsm_buf);
1357                        break;
1358                case WSM_START_SCAN_RESP_ID:
1359                        if (wsm_arg)
1360                                ret = wsm_scan_started(priv, wsm_arg, &wsm_buf);
1361                        break;
1362                case WSM_CONFIGURATION_RESP_ID:
1363                        if (wsm_arg)
1364                                ret = wsm_configuration_confirm(priv, wsm_arg,
1365                                                                &wsm_buf);
1366                        break;
1367                case WSM_JOIN_RESP_ID:
1368                        if (wsm_arg)
1369                                ret = wsm_join_confirm(priv, wsm_arg, &wsm_buf);
1370                        break;
1371                case WSM_STOP_SCAN_RESP_ID:
1372                case WSM_RESET_RESP_ID:
1373                case WSM_ADD_KEY_RESP_ID:
1374                case WSM_REMOVE_KEY_RESP_ID:
1375                case WSM_SET_PM_RESP_ID:
1376                case WSM_SET_BSS_PARAMS_RESP_ID:
1377                case 0x0412: /* set_tx_queue_params */
1378                case WSM_EDCA_PARAMS_RESP_ID:
1379                case WSM_SWITCH_CHANNEL_RESP_ID:
1380                case WSM_START_RESP_ID:
1381                case WSM_BEACON_TRANSMIT_RESP_ID:
1382                case 0x0419: /* start_find */
1383                case 0x041A: /* stop_find */
1384                case 0x041B: /* update_ie */
1385                case 0x041C: /* map_link */
1386                        WARN_ON(wsm_arg != NULL);
1387                        ret = wsm_generic_confirm(priv, wsm_arg, &wsm_buf);
1388                        if (ret) {
1389                                wiphy_warn(priv->hw->wiphy,
1390                                           "wsm_generic_confirm failed for request 0x%04x.\n",
1391                                           id & ~0x0400);
1392
1393                                /* often 0x407 and 0x410 occur, this means we're dead.. */
1394                                if (priv->join_status >= CW1200_JOIN_STATUS_JOINING) {
1395                                        wsm_lock_tx(priv);
1396                                        if (queue_work(priv->workqueue, &priv->unjoin_work) <= 0)
1397                                                wsm_unlock_tx(priv);
1398                                }
1399                        }
1400                        break;
1401                default:
1402                        wiphy_warn(priv->hw->wiphy,
1403                                   "Unrecognized confirmation 0x%04x\n",
1404                                   id & ~0x0400);
1405                }
1406
1407                spin_lock(&priv->wsm_cmd.lock);
1408                priv->wsm_cmd.ret = ret;
1409                priv->wsm_cmd.done = 1;
1410                spin_unlock(&priv->wsm_cmd.lock);
1411
1412                ret = 0; /* Error response from device should ne stop BH. */
1413
1414                wake_up(&priv->wsm_cmd_wq);
1415        } else if (id & 0x0800) {
1416                switch (id) {
1417                case WSM_STARTUP_IND_ID:
1418                        ret = wsm_startup_indication(priv, &wsm_buf);
1419                        break;
1420                case WSM_RECEIVE_IND_ID:
1421                        ret = wsm_receive_indication(priv, link_id,
1422                                                     &wsm_buf, skb_p);
1423                        break;
1424                case 0x0805:
1425                        ret = wsm_event_indication(priv, &wsm_buf);
1426                        break;
1427                case WSM_SCAN_COMPLETE_IND_ID:
1428                        ret = wsm_scan_complete_indication(priv, &wsm_buf);
1429                        break;
1430                case 0x0808:
1431                        ret = wsm_ba_timeout_indication(priv, &wsm_buf);
1432                        break;
1433                case 0x0809:
1434                        ret = wsm_set_pm_indication(priv, &wsm_buf);
1435                        break;
1436                case 0x080A:
1437                        ret = wsm_channel_switch_indication(priv, &wsm_buf);
1438                        break;
1439                case 0x080B:
1440                        ret = wsm_find_complete_indication(priv, &wsm_buf);
1441                        break;
1442                case 0x080C:
1443                        ret = wsm_suspend_resume_indication(priv,
1444                                        link_id, &wsm_buf);
1445                        break;
1446                case 0x080F:
1447                        ret = wsm_join_complete_indication(priv, &wsm_buf);
1448                        break;
1449                default:
1450                        pr_warn("Unrecognised WSM ID %04x\n", id);
1451                }
1452        } else {
1453                WARN_ON(1);
1454                ret = -EINVAL;
1455        }
1456out:
1457        return ret;
1458}
1459
1460static bool wsm_handle_tx_data(struct cw1200_common *priv,
1461                               struct wsm_tx *wsm,
1462                               const struct ieee80211_tx_info *tx_info,
1463                               const struct cw1200_txpriv *txpriv,
1464                               struct cw1200_queue *queue)
1465{
1466        bool handled = false;
1467        const struct ieee80211_hdr *frame =
1468                (struct ieee80211_hdr *)&((u8 *)wsm)[txpriv->offset];
1469        __le16 fctl = frame->frame_control;
1470        enum {
1471                do_probe,
1472                do_drop,
1473                do_wep,
1474                do_tx,
1475        } action = do_tx;
1476
1477        switch (priv->mode) {
1478        case NL80211_IFTYPE_STATION:
1479                if (priv->join_status == CW1200_JOIN_STATUS_MONITOR)
1480                        action = do_tx;
1481                else if (priv->join_status < CW1200_JOIN_STATUS_PRE_STA)
1482                        action = do_drop;
1483                break;
1484        case NL80211_IFTYPE_AP:
1485                if (!priv->join_status) {
1486                        action = do_drop;
1487                } else if (!(BIT(txpriv->raw_link_id) &
1488                             (BIT(0) | priv->link_id_map))) {
1489                        wiphy_warn(priv->hw->wiphy,
1490                                   "A frame with expired link id is dropped.\n");
1491                        action = do_drop;
1492                }
1493                if (cw1200_queue_get_generation(wsm->packet_id) >
1494                                CW1200_MAX_REQUEUE_ATTEMPTS) {
1495                        /* HACK!!! WSM324 firmware has tendency to requeue
1496                         * multicast frames in a loop, causing performance
1497                         * drop and high power consumption of the driver.
1498                         * In this situation it is better just to drop
1499                         * the problematic frame.
1500                         */
1501                        wiphy_warn(priv->hw->wiphy,
1502                                   "Too many attempts to requeue a frame; dropped.\n");
1503                        action = do_drop;
1504                }
1505                break;
1506        case NL80211_IFTYPE_ADHOC:
1507                if (priv->join_status != CW1200_JOIN_STATUS_IBSS)
1508                        action = do_drop;
1509                break;
1510        case NL80211_IFTYPE_MESH_POINT:
1511                action = do_tx; /* TODO:  Test me! */
1512                break;
1513        case NL80211_IFTYPE_MONITOR:
1514        default:
1515                action = do_drop;
1516                break;
1517        }
1518
1519        if (action == do_tx) {
1520                if (ieee80211_is_nullfunc(fctl)) {
1521                        spin_lock(&priv->bss_loss_lock);
1522                        if (priv->bss_loss_state) {
1523                                priv->bss_loss_confirm_id = wsm->packet_id;
1524                                wsm->queue_id = WSM_QUEUE_VOICE;
1525                        }
1526                        spin_unlock(&priv->bss_loss_lock);
1527                } else if (ieee80211_is_probe_req(fctl)) {
1528                        action = do_probe;
1529                } else if (ieee80211_is_deauth(fctl) &&
1530                           priv->mode != NL80211_IFTYPE_AP) {
1531                        pr_debug("[WSM] Issue unjoin command due to tx deauth.\n");
1532                        wsm_lock_tx_async(priv);
1533                        if (queue_work(priv->workqueue,
1534                                       &priv->unjoin_work) <= 0)
1535                                wsm_unlock_tx(priv);
1536                } else if (ieee80211_has_protected(fctl) &&
1537                           tx_info->control.hw_key &&
1538                           tx_info->control.hw_key->keyidx != priv->wep_default_key_id &&
1539                           (tx_info->control.hw_key->cipher == WLAN_CIPHER_SUITE_WEP40 ||
1540                            tx_info->control.hw_key->cipher == WLAN_CIPHER_SUITE_WEP104)) {
1541                        action = do_wep;
1542                }
1543        }
1544
1545        switch (action) {
1546        case do_probe:
1547                /* An interesting FW "feature". Device filters probe responses.
1548                 * The easiest way to get it back is to convert
1549                 * probe request into WSM start_scan command.
1550                 */
1551                pr_debug("[WSM] Convert probe request to scan.\n");
1552                wsm_lock_tx_async(priv);
1553                priv->pending_frame_id = wsm->packet_id;
1554                if (queue_delayed_work(priv->workqueue,
1555                                       &priv->scan.probe_work, 0) <= 0)
1556                        wsm_unlock_tx(priv);
1557                handled = true;
1558                break;
1559        case do_drop:
1560                pr_debug("[WSM] Drop frame (0x%.4X).\n", fctl);
1561                BUG_ON(cw1200_queue_remove(queue, wsm->packet_id));
1562                handled = true;
1563                break;
1564        case do_wep:
1565                pr_debug("[WSM] Issue set_default_wep_key.\n");
1566                wsm_lock_tx_async(priv);
1567                priv->wep_default_key_id = tx_info->control.hw_key->keyidx;
1568                priv->pending_frame_id = wsm->packet_id;
1569                if (queue_work(priv->workqueue, &priv->wep_key_work) <= 0)
1570                        wsm_unlock_tx(priv);
1571                handled = true;
1572                break;
1573        case do_tx:
1574                pr_debug("[WSM] Transmit frame.\n");
1575                break;
1576        default:
1577                /* Do nothing */
1578                break;
1579        }
1580        return handled;
1581}
1582
1583static int cw1200_get_prio_queue(struct cw1200_common *priv,
1584                                 u32 link_id_map, int *total)
1585{
1586        static const int urgent = BIT(CW1200_LINK_ID_AFTER_DTIM) |
1587                BIT(CW1200_LINK_ID_UAPSD);
1588        struct wsm_edca_queue_params *edca;
1589        unsigned score, best = -1;
1590        int winner = -1;
1591        int queued;
1592        int i;
1593
1594        /* search for a winner using edca params */
1595        for (i = 0; i < 4; ++i) {
1596                queued = cw1200_queue_get_num_queued(&priv->tx_queue[i],
1597                                link_id_map);
1598                if (!queued)
1599                        continue;
1600                *total += queued;
1601                edca = &priv->edca.params[i];
1602                score = ((edca->aifns + edca->cwmin) << 16) +
1603                        ((edca->cwmax - edca->cwmin) *
1604                         (get_random_int() & 0xFFFF));
1605                if (score < best && (winner < 0 || i != 3)) {
1606                        best = score;
1607                        winner = i;
1608                }
1609        }
1610
1611        /* override winner if bursting */
1612        if (winner >= 0 && priv->tx_burst_idx >= 0 &&
1613            winner != priv->tx_burst_idx &&
1614            !cw1200_queue_get_num_queued(
1615                    &priv->tx_queue[winner],
1616                    link_id_map & urgent) &&
1617            cw1200_queue_get_num_queued(
1618                    &priv->tx_queue[priv->tx_burst_idx],
1619                    link_id_map))
1620                winner = priv->tx_burst_idx;
1621
1622        return winner;
1623}
1624
1625static int wsm_get_tx_queue_and_mask(struct cw1200_common *priv,
1626                                     struct cw1200_queue **queue_p,
1627                                     u32 *tx_allowed_mask_p,
1628                                     bool *more)
1629{
1630        int idx;
1631        u32 tx_allowed_mask;
1632        int total = 0;
1633
1634        /* Search for a queue with multicast frames buffered */
1635        if (priv->tx_multicast) {
1636                tx_allowed_mask = BIT(CW1200_LINK_ID_AFTER_DTIM);
1637                idx = cw1200_get_prio_queue(priv,
1638                                tx_allowed_mask, &total);
1639                if (idx >= 0) {
1640                        *more = total > 1;
1641                        goto found;
1642                }
1643        }
1644
1645        /* Search for unicast traffic */
1646        tx_allowed_mask = ~priv->sta_asleep_mask;
1647        tx_allowed_mask |= BIT(CW1200_LINK_ID_UAPSD);
1648        if (priv->sta_asleep_mask) {
1649                tx_allowed_mask |= priv->pspoll_mask;
1650                tx_allowed_mask &= ~BIT(CW1200_LINK_ID_AFTER_DTIM);
1651        } else {
1652                tx_allowed_mask |= BIT(CW1200_LINK_ID_AFTER_DTIM);
1653        }
1654        idx = cw1200_get_prio_queue(priv,
1655                        tx_allowed_mask, &total);
1656        if (idx < 0)
1657                return -ENOENT;
1658
1659found:
1660        *queue_p = &priv->tx_queue[idx];
1661        *tx_allowed_mask_p = tx_allowed_mask;
1662        return 0;
1663}
1664
1665int wsm_get_tx(struct cw1200_common *priv, u8 **data,
1666               size_t *tx_len, int *burst)
1667{
1668        struct wsm_tx *wsm = NULL;
1669        struct ieee80211_tx_info *tx_info;
1670        struct cw1200_queue *queue = NULL;
1671        int queue_num;
1672        u32 tx_allowed_mask = 0;
1673        const struct cw1200_txpriv *txpriv = NULL;
1674        int count = 0;
1675
1676        /* More is used only for broadcasts. */
1677        bool more = false;
1678
1679        if (priv->wsm_cmd.ptr) { /* CMD request */
1680                ++count;
1681                spin_lock(&priv->wsm_cmd.lock);
1682                BUG_ON(!priv->wsm_cmd.ptr);
1683                *data = priv->wsm_cmd.ptr;
1684                *tx_len = priv->wsm_cmd.len;
1685                *burst = 1;
1686                spin_unlock(&priv->wsm_cmd.lock);
1687        } else {
1688                for (;;) {
1689                        int ret;
1690
1691                        if (atomic_add_return(0, &priv->tx_lock))
1692                                break;
1693
1694                        spin_lock_bh(&priv->ps_state_lock);
1695
1696                        ret = wsm_get_tx_queue_and_mask(priv, &queue,
1697                                                        &tx_allowed_mask, &more);
1698                        queue_num = queue - priv->tx_queue;
1699
1700                        if (priv->buffered_multicasts &&
1701                            (ret || !more) &&
1702                            (priv->tx_multicast || !priv->sta_asleep_mask)) {
1703                                priv->buffered_multicasts = false;
1704                                if (priv->tx_multicast) {
1705                                        priv->tx_multicast = false;
1706                                        queue_work(priv->workqueue,
1707                                                   &priv->multicast_stop_work);
1708                                }
1709                        }
1710
1711                        spin_unlock_bh(&priv->ps_state_lock);
1712
1713                        if (ret)
1714                                break;
1715
1716                        if (cw1200_queue_get(queue,
1717                                             tx_allowed_mask,
1718                                             &wsm, &tx_info, &txpriv))
1719                                continue;
1720
1721                        if (wsm_handle_tx_data(priv, wsm,
1722                                               tx_info, txpriv, queue))
1723                                continue;  /* Handled by WSM */
1724
1725                        wsm->hdr.id &= __cpu_to_le16(
1726                                ~WSM_TX_LINK_ID(WSM_TX_LINK_ID_MAX));
1727                        wsm->hdr.id |= cpu_to_le16(
1728                                WSM_TX_LINK_ID(txpriv->raw_link_id));
1729                        priv->pspoll_mask &= ~BIT(txpriv->raw_link_id);
1730
1731                        *data = (u8 *)wsm;
1732                        *tx_len = __le16_to_cpu(wsm->hdr.len);
1733
1734                        /* allow bursting if txop is set */
1735                        if (priv->edca.params[queue_num].txop_limit)
1736                                *burst = min(*burst,
1737                                             (int)cw1200_queue_get_num_queued(queue, tx_allowed_mask) + 1);
1738                        else
1739                                *burst = 1;
1740
1741                        /* store index of bursting queue */
1742                        if (*burst > 1)
1743                                priv->tx_burst_idx = queue_num;
1744                        else
1745                                priv->tx_burst_idx = -1;
1746
1747                        if (more) {
1748                                struct ieee80211_hdr *hdr =
1749                                        (struct ieee80211_hdr *)
1750                                        &((u8 *)wsm)[txpriv->offset];
1751                                /* more buffered multicast/broadcast frames
1752                                 *  ==> set MoreData flag in IEEE 802.11 header
1753                                 *  to inform PS STAs
1754                                 */
1755                                hdr->frame_control |=
1756                                        cpu_to_le16(IEEE80211_FCTL_MOREDATA);
1757                        }
1758
1759                        pr_debug("[WSM] >>> 0x%.4X (%zu) %p %c\n",
1760                                 0x0004, *tx_len, *data,
1761                                 wsm->more ? 'M' : ' ');
1762                        ++count;
1763                        break;
1764                }
1765        }
1766
1767        return count;
1768}
1769
1770void wsm_txed(struct cw1200_common *priv, u8 *data)
1771{
1772        if (data == priv->wsm_cmd.ptr) {
1773                spin_lock(&priv->wsm_cmd.lock);
1774                priv->wsm_cmd.ptr = NULL;
1775                spin_unlock(&priv->wsm_cmd.lock);
1776        }
1777}
1778
1779/* ******************************************************************** */
1780/* WSM buffer                                                           */
1781
1782void wsm_buf_init(struct wsm_buf *buf)
1783{
1784        BUG_ON(buf->begin);
1785        buf->begin = kmalloc(FWLOAD_BLOCK_SIZE, GFP_KERNEL | GFP_DMA);
1786        buf->end = buf->begin ? &buf->begin[FWLOAD_BLOCK_SIZE] : buf->begin;
1787        wsm_buf_reset(buf);
1788}
1789
1790void wsm_buf_deinit(struct wsm_buf *buf)
1791{
1792        kfree(buf->begin);
1793        buf->begin = buf->data = buf->end = NULL;
1794}
1795
1796static void wsm_buf_reset(struct wsm_buf *buf)
1797{
1798        if (buf->begin) {
1799                buf->data = &buf->begin[4];
1800                *(u32 *)buf->begin = 0;
1801        } else {
1802                buf->data = buf->begin;
1803        }
1804}
1805
1806static int wsm_buf_reserve(struct wsm_buf *buf, size_t extra_size)
1807{
1808        size_t pos = buf->data - buf->begin;
1809        size_t size = pos + extra_size;
1810
1811        size = round_up(size, FWLOAD_BLOCK_SIZE);
1812
1813        buf->begin = krealloc(buf->begin, size, GFP_KERNEL | GFP_DMA);
1814        if (buf->begin) {
1815                buf->data = &buf->begin[pos];
1816                buf->end = &buf->begin[size];
1817                return 0;
1818        } else {
1819                buf->end = buf->data = buf->begin;
1820                return -ENOMEM;
1821        }
1822}
1823