LXR linux/drivers/net/wireless/st/cw1200/wsm.c

   1// SPDX-License-Identifier: GPL-2.0-only
   2/*
   3 * WSM host interface (HI) implementation for
   4 * ST-Ericsson CW1200 mac80211 drivers.
   5 *
   6 * Copyright (c) 2010, ST-Ericsson
   7 * Author: Dmitry Tarnyagin <dmitry.tarnyagin@lockless.no>
   8 */
   9
  10#include <linux/skbuff.h>
  11#include <linux/wait.h>
  12#include <linux/delay.h>
  13#include <linux/sched.h>
  14#include <linux/random.h>
  15
  16#include "cw1200.h"
  17#include "wsm.h"
  18#include "bh.h"
  19#include "sta.h"
  20#include "debug.h"
  21
  22#define WSM_CMD_TIMEOUT         (2 * HZ) /* With respect to interrupt loss */
  23#define WSM_CMD_START_TIMEOUT   (7 * HZ)
  24#define WSM_CMD_RESET_TIMEOUT   (3 * HZ) /* 2 sec. timeout was observed.   */
  25#define WSM_CMD_MAX_TIMEOUT     (3 * HZ)
  26
  27#define WSM_SKIP(buf, size)                                             \
  28        do {                                                            \
  29                if ((buf)->data + size > (buf)->end)                    \
  30                        goto underflow;                                 \
  31                (buf)->data += size;                                    \
  32        } while (0)
  33
  34#define WSM_GET(buf, ptr, size)                                         \
  35        do {                                                            \
  36                if ((buf)->data + size > (buf)->end)                    \
  37                        goto underflow;                                 \
  38                memcpy(ptr, (buf)->data, size);                         \
  39                (buf)->data += size;                                    \
  40        } while (0)
  41
  42#define __WSM_GET(buf, type, type2, cvt)                                \
  43        ({                                                              \
  44                type val;                                               \
  45                if ((buf)->data + sizeof(type) > (buf)->end)            \
  46                        goto underflow;                                 \
  47                val = cvt(*(type2 *)(buf)->data);                       \
  48                (buf)->data += sizeof(type);                            \
  49                val;                                                    \
  50        })
  51
  52#define WSM_GET8(buf)  __WSM_GET(buf, u8, u8, (u8))
  53#define WSM_GET16(buf) __WSM_GET(buf, u16, __le16, __le16_to_cpu)
  54#define WSM_GET32(buf) __WSM_GET(buf, u32, __le32, __le32_to_cpu)
  55
  56#define WSM_PUT(buf, ptr, size)                                         \
  57        do {                                                            \
  58                if ((buf)->data + size > (buf)->end)            \
  59                        if (wsm_buf_reserve((buf), size))       \
  60                                goto nomem;                             \
  61                memcpy((buf)->data, ptr, size);                         \
  62                (buf)->data += size;                                    \
  63        } while (0)
  64
  65#define __WSM_PUT(buf, val, type, type2, cvt)                           \
  66        do {                                                            \
  67                if ((buf)->data + sizeof(type) > (buf)->end)            \
  68                        if (wsm_buf_reserve((buf), sizeof(type))) \
  69                                goto nomem;                             \
  70                *(type2 *)(buf)->data = cvt(val);                       \
  71                (buf)->data += sizeof(type);                            \
  72        } while (0)
  73
  74#define WSM_PUT8(buf, val)  __WSM_PUT(buf, val, u8, u8, (u8))
  75#define WSM_PUT16(buf, val) __WSM_PUT(buf, val, u16, __le16, __cpu_to_le16)
  76#define WSM_PUT32(buf, val) __WSM_PUT(buf, val, u32, __le32, __cpu_to_le32)
  77
  78static void wsm_buf_reset(struct wsm_buf *buf);
  79static int wsm_buf_reserve(struct wsm_buf *buf, size_t extra_size);
  80
  81static int wsm_cmd_send(struct cw1200_common *priv,
  82                        struct wsm_buf *buf,
  83                        void *arg, u16 cmd, long tmo);
  84
  85#define wsm_cmd_lock(__priv) mutex_lock(&((__priv)->wsm_cmd_mux))
  86#define wsm_cmd_unlock(__priv) mutex_unlock(&((__priv)->wsm_cmd_mux))
  87
  88/* ******************************************************************** */
  89/* WSM API implementation                                               */
  90
  91static int wsm_generic_confirm(struct cw1200_common *priv,
  92                             void *arg,
  93                             struct wsm_buf *buf)
  94{
  95        u32 status = WSM_GET32(buf);
  96        if (status != WSM_STATUS_SUCCESS)
  97                return -EINVAL;
  98        return 0;
  99
 100underflow:
 101        WARN_ON(1);
 102        return -EINVAL;
 103}
 104
 105int wsm_configuration(struct cw1200_common *priv, struct wsm_configuration *arg)
 106{
 107        int ret;
 108        struct wsm_buf *buf = &priv->wsm_cmd_buf;
 109
 110        wsm_cmd_lock(priv);
 111
 112        WSM_PUT32(buf, arg->dot11MaxTransmitMsduLifeTime);
 113        WSM_PUT32(buf, arg->dot11MaxReceiveLifeTime);
 114        WSM_PUT32(buf, arg->dot11RtsThreshold);
 115
 116        /* DPD block. */
 117        WSM_PUT16(buf, arg->dpdData_size + 12);
 118        WSM_PUT16(buf, 1); /* DPD version */
 119        WSM_PUT(buf, arg->dot11StationId, ETH_ALEN);
 120        WSM_PUT16(buf, 5); /* DPD flags */
 121        WSM_PUT(buf, arg->dpdData, arg->dpdData_size);
 122
 123        ret = wsm_cmd_send(priv, buf, arg,
 124                           WSM_CONFIGURATION_REQ_ID, WSM_CMD_TIMEOUT);
 125
 126        wsm_cmd_unlock(priv);
 127        return ret;
 128
 129nomem:
 130        wsm_cmd_unlock(priv);
 131        return -ENOMEM;
 132}
 133
 134static int wsm_configuration_confirm(struct cw1200_common *priv,
 135                                     struct wsm_configuration *arg,
 136                                     struct wsm_buf *buf)
 137{
 138        int i;
 139        int status;
 140
 141        status = WSM_GET32(buf);
 142        if (WARN_ON(status != WSM_STATUS_SUCCESS))
 143                return -EINVAL;
 144
 145        WSM_GET(buf, arg->dot11StationId, ETH_ALEN);
 146        arg->dot11FrequencyBandsSupported = WSM_GET8(buf);
 147        WSM_SKIP(buf, 1);
 148        arg->supportedRateMask = WSM_GET32(buf);
 149        for (i = 0; i < 2; ++i) {
 150                arg->txPowerRange[i].min_power_level = WSM_GET32(buf);
 151                arg->txPowerRange[i].max_power_level = WSM_GET32(buf);
 152                arg->txPowerRange[i].stepping = WSM_GET32(buf);
 153        }
 154        return 0;
 155
 156underflow:
 157        WARN_ON(1);
 158        return -EINVAL;
 159}
 160
 161/* ******************************************************************** */
 162
 163int wsm_reset(struct cw1200_common *priv, const struct wsm_reset *arg)
 164{
 165        int ret;
 166        struct wsm_buf *buf = &priv->wsm_cmd_buf;
 167        u16 cmd = WSM_RESET_REQ_ID | WSM_TX_LINK_ID(arg->link_id);
 168
 169        wsm_cmd_lock(priv);
 170
 171        WSM_PUT32(buf, arg->reset_statistics ? 0 : 1);
 172        ret = wsm_cmd_send(priv, buf, NULL, cmd, WSM_CMD_RESET_TIMEOUT);
 173        wsm_cmd_unlock(priv);
 174        return ret;
 175
 176nomem:
 177        wsm_cmd_unlock(priv);
 178        return -ENOMEM;
 179}
 180
 181/* ******************************************************************** */
 182
 183struct wsm_mib {
 184        u16 mib_id;
 185        void *buf;
 186        size_t buf_size;
 187};
 188
 189int wsm_read_mib(struct cw1200_common *priv, u16 mib_id, void *_buf,
 190                        size_t buf_size)
 191{
 192        int ret;
 193        struct wsm_buf *buf = &priv->wsm_cmd_buf;
 194        struct wsm_mib mib_buf = {
 195                .mib_id = mib_id,
 196                .buf = _buf,
 197                .buf_size = buf_size,
 198        };
 199        wsm_cmd_lock(priv);
 200
 201        WSM_PUT16(buf, mib_id);
 202        WSM_PUT16(buf, 0);
 203
 204        ret = wsm_cmd_send(priv, buf, &mib_buf,
 205                           WSM_READ_MIB_REQ_ID, WSM_CMD_TIMEOUT);
 206        wsm_cmd_unlock(priv);
 207        return ret;
 208
 209nomem:
 210        wsm_cmd_unlock(priv);
 211        return -ENOMEM;
 212}
 213
 214static int wsm_read_mib_confirm(struct cw1200_common *priv,
 215                                struct wsm_mib *arg,
 216                                struct wsm_buf *buf)
 217{
 218        u16 size;
 219        if (WARN_ON(WSM_GET32(buf) != WSM_STATUS_SUCCESS))
 220                return -EINVAL;
 221
 222        if (WARN_ON(WSM_GET16(buf) != arg->mib_id))
 223                return -EINVAL;
 224
 225        size = WSM_GET16(buf);
 226        if (size > arg->buf_size)
 227                size = arg->buf_size;
 228
 229        WSM_GET(buf, arg->buf, size);
 230        arg->buf_size = size;
 231        return 0;
 232
 233underflow:
 234        WARN_ON(1);
 235        return -EINVAL;
 236}
 237
 238/* ******************************************************************** */
 239
 240int wsm_write_mib(struct cw1200_common *priv, u16 mib_id, void *_buf,
 241                        size_t buf_size)
 242{
 243        int ret;
 244        struct wsm_buf *buf = &priv->wsm_cmd_buf;
 245        struct wsm_mib mib_buf = {
 246                .mib_id = mib_id,
 247                .buf = _buf,
 248                .buf_size = buf_size,
 249        };
 250
 251        wsm_cmd_lock(priv);
 252
 253        WSM_PUT16(buf, mib_id);
 254        WSM_PUT16(buf, buf_size);
 255        WSM_PUT(buf, _buf, buf_size);
 256
 257        ret = wsm_cmd_send(priv, buf, &mib_buf,
 258                           WSM_WRITE_MIB_REQ_ID, WSM_CMD_TIMEOUT);
 259        wsm_cmd_unlock(priv);
 260        return ret;
 261
 262nomem:
 263        wsm_cmd_unlock(priv);
 264        return -ENOMEM;
 265}
 266
 267static int wsm_write_mib_confirm(struct cw1200_common *priv,
 268                                struct wsm_mib *arg,
 269                                struct wsm_buf *buf)
 270{
 271        int ret;
 272
 273        ret = wsm_generic_confirm(priv, arg, buf);
 274        if (ret)
 275                return ret;
 276
 277        if (arg->mib_id == WSM_MIB_ID_OPERATIONAL_POWER_MODE) {
 278                /* OperationalMode: update PM status. */
 279                const char *p = arg->buf;
 280                cw1200_enable_powersave(priv, (p[0] & 0x0F) ? true : false);
 281        }
 282        return 0;
 283}
 284
 285/* ******************************************************************** */
 286
 287int wsm_scan(struct cw1200_common *priv, const struct wsm_scan *arg)
 288{
 289        int i;
 290        int ret;
 291        struct wsm_buf *buf = &priv->wsm_cmd_buf;
 292
 293        if (arg->num_channels > 48)
 294                return -EINVAL;
 295
 296        if (arg->num_ssids > 2)
 297                return -EINVAL;
 298
 299        if (arg->band > 1)
 300                return -EINVAL;
 301
 302        wsm_cmd_lock(priv);
 303
 304        WSM_PUT8(buf, arg->band);
 305        WSM_PUT8(buf, arg->type);
 306        WSM_PUT8(buf, arg->flags);
 307        WSM_PUT8(buf, arg->max_tx_rate);
 308        WSM_PUT32(buf, arg->auto_scan_interval);
 309        WSM_PUT8(buf, arg->num_probes);
 310        WSM_PUT8(buf, arg->num_channels);
 311        WSM_PUT8(buf, arg->num_ssids);
 312        WSM_PUT8(buf, arg->probe_delay);
 313
 314        for (i = 0; i < arg->num_channels; ++i) {
 315                WSM_PUT16(buf, arg->ch[i].number);
 316                WSM_PUT16(buf, 0);
 317                WSM_PUT32(buf, arg->ch[i].min_chan_time);
 318                WSM_PUT32(buf, arg->ch[i].max_chan_time);
 319                WSM_PUT32(buf, 0);
 320        }
 321
 322        for (i = 0; i < arg->num_ssids; ++i) {
 323                WSM_PUT32(buf, arg->ssids[i].length);
 324                WSM_PUT(buf, &arg->ssids[i].ssid[0],
 325                        sizeof(arg->ssids[i].ssid));
 326        }
 327
 328        ret = wsm_cmd_send(priv, buf, NULL,
 329                           WSM_START_SCAN_REQ_ID, WSM_CMD_TIMEOUT);
 330        wsm_cmd_unlock(priv);
 331        return ret;
 332
 333nomem:
 334        wsm_cmd_unlock(priv);
 335        return -ENOMEM;
 336}
 337
 338/* ******************************************************************** */
 339
 340int wsm_stop_scan(struct cw1200_common *priv)
 341{
 342        int ret;
 343        struct wsm_buf *buf = &priv->wsm_cmd_buf;
 344        wsm_cmd_lock(priv);
 345        ret = wsm_cmd_send(priv, buf, NULL,
 346                           WSM_STOP_SCAN_REQ_ID, WSM_CMD_TIMEOUT);
 347        wsm_cmd_unlock(priv);
 348        return ret;
 349}
 350
 351
 352static int wsm_tx_confirm(struct cw1200_common *priv,
 353                          struct wsm_buf *buf,
 354                          int link_id)
 355{
 356        struct wsm_tx_confirm tx_confirm;
 357
 358        tx_confirm.packet_id = WSM_GET32(buf);
 359        tx_confirm.status = WSM_GET32(buf);
 360        tx_confirm.tx_rate = WSM_GET8(buf);
 361        tx_confirm.ack_failures = WSM_GET8(buf);
 362        tx_confirm.flags = WSM_GET16(buf);
 363        tx_confirm.media_delay = WSM_GET32(buf);
 364        tx_confirm.tx_queue_delay = WSM_GET32(buf);
 365
 366        cw1200_tx_confirm_cb(priv, link_id, &tx_confirm);
 367        return 0;
 368
 369underflow:
 370        WARN_ON(1);
 371        return -EINVAL;
 372}
 373
 374static int wsm_multi_tx_confirm(struct cw1200_common *priv,
 375                                struct wsm_buf *buf, int link_id)
 376{
 377        int ret;
 378        int count;
 379
 380        count = WSM_GET32(buf);
 381        if (WARN_ON(count <= 0))
 382                return -EINVAL;
 383
 384        if (count > 1) {
 385                /* We already released one buffer, now for the rest */
 386                ret = wsm_release_tx_buffer(priv, count - 1);
 387                if (ret < 0)
 388                        return ret;
 389                else if (ret > 0)
 390                        cw1200_bh_wakeup(priv);
 391        }
 392
 393        cw1200_debug_txed_multi(priv, count);
 394        do {
 395                ret = wsm_tx_confirm(priv, buf, link_id);
 396        } while (!ret && --count);
 397
 398        return ret;
 399
 400underflow:
 401        WARN_ON(1);
 402        return -EINVAL;
 403}
 404
 405/* ******************************************************************** */
 406
 407static int wsm_join_confirm(struct cw1200_common *priv,
 408                            struct wsm_join_cnf *arg,
 409                            struct wsm_buf *buf)
 410{
 411        arg->status = WSM_GET32(buf);
 412        if (WARN_ON(arg->status) != WSM_STATUS_SUCCESS)
 413                return -EINVAL;
 414
 415        arg->min_power_level = WSM_GET32(buf);
 416        arg->max_power_level = WSM_GET32(buf);
 417
 418        return 0;
 419
 420underflow:
 421        WARN_ON(1);
 422        return -EINVAL;
 423}
 424
 425int wsm_join(struct cw1200_common *priv, struct wsm_join *arg)
 426{
 427        int ret;
 428        struct wsm_buf *buf = &priv->wsm_cmd_buf;
 429        struct wsm_join_cnf resp;
 430        wsm_cmd_lock(priv);
 431
 432        WSM_PUT8(buf, arg->mode);
 433        WSM_PUT8(buf, arg->band);
 434        WSM_PUT16(buf, arg->channel_number);
 435        WSM_PUT(buf, &arg->bssid[0], sizeof(arg->bssid));
 436        WSM_PUT16(buf, arg->atim_window);
 437        WSM_PUT8(buf, arg->preamble_type);
 438        WSM_PUT8(buf, arg->probe_for_join);
 439        WSM_PUT8(buf, arg->dtim_period);
 440        WSM_PUT8(buf, arg->flags);
 441        WSM_PUT32(buf, arg->ssid_len);
 442        WSM_PUT(buf, &arg->ssid[0], sizeof(arg->ssid));
 443        WSM_PUT32(buf, arg->beacon_interval);
 444        WSM_PUT32(buf, arg->basic_rate_set);
 445
 446        priv->tx_burst_idx = -1;
 447        ret = wsm_cmd_send(priv, buf, &resp,
 448                           WSM_JOIN_REQ_ID, WSM_CMD_TIMEOUT);
 449        /* TODO:  Update state based on resp.min|max_power_level */
 450
 451        priv->join_complete_status = resp.status;
 452
 453        wsm_cmd_unlock(priv);
 454        return ret;
 455
 456nomem:
 457        wsm_cmd_unlock(priv);
 458        return -ENOMEM;
 459}
 460
 461/* ******************************************************************** */
 462
 463int wsm_set_bss_params(struct cw1200_common *priv,
 464                       const struct wsm_set_bss_params *arg)
 465{
 466        int ret;
 467        struct wsm_buf *buf = &priv->wsm_cmd_buf;
 468
 469        wsm_cmd_lock(priv);
 470
 471        WSM_PUT8(buf, (arg->reset_beacon_loss ?  0x1 : 0));
 472        WSM_PUT8(buf, arg->beacon_lost_count);
 473        WSM_PUT16(buf, arg->aid);
 474        WSM_PUT32(buf, arg->operational_rate_set);
 475
 476        ret = wsm_cmd_send(priv, buf, NULL,
 477                           WSM_SET_BSS_PARAMS_REQ_ID, WSM_CMD_TIMEOUT);
 478
 479        wsm_cmd_unlock(priv);
 480        return ret;
 481
 482nomem:
 483        wsm_cmd_unlock(priv);
 484        return -ENOMEM;
 485}
 486
 487/* ******************************************************************** */
 488
 489int wsm_add_key(struct cw1200_common *priv, const struct wsm_add_key *arg)
 490{
 491        int ret;
 492        struct wsm_buf *buf = &priv->wsm_cmd_buf;
 493
 494        wsm_cmd_lock(priv);
 495
 496        WSM_PUT(buf, arg, sizeof(*arg));
 497
 498        ret = wsm_cmd_send(priv, buf, NULL,
 499                           WSM_ADD_KEY_REQ_ID, WSM_CMD_TIMEOUT);
 500
 501        wsm_cmd_unlock(priv);
 502        return ret;
 503
 504nomem:
 505        wsm_cmd_unlock(priv);
 506        return -ENOMEM;
 507}
 508
 509/* ******************************************************************** */
 510
 511int wsm_remove_key(struct cw1200_common *priv, const struct wsm_remove_key *arg)
 512{
 513        int ret;
 514        struct wsm_buf *buf = &priv->wsm_cmd_buf;
 515
 516        wsm_cmd_lock(priv);
 517
 518        WSM_PUT8(buf, arg->index);
 519        WSM_PUT8(buf, 0);
 520        WSM_PUT16(buf, 0);
 521
 522        ret = wsm_cmd_send(priv, buf, NULL,
 523                           WSM_REMOVE_KEY_REQ_ID, WSM_CMD_TIMEOUT);
 524
 525        wsm_cmd_unlock(priv);
 526        return ret;
 527
 528nomem:
 529        wsm_cmd_unlock(priv);
 530        return -ENOMEM;
 531}
 532
 533/* ******************************************************************** */
 534
 535int wsm_set_tx_queue_params(struct cw1200_common *priv,
 536                const struct wsm_set_tx_queue_params *arg, u8 id)
 537{
 538        int ret;
 539        struct wsm_buf *buf = &priv->wsm_cmd_buf;
 540        u8 queue_id_to_wmm_aci[] = {3, 2, 0, 1};
 541
 542        wsm_cmd_lock(priv);
 543
 544        WSM_PUT8(buf, queue_id_to_wmm_aci[id]);
 545        WSM_PUT8(buf, 0);
 546        WSM_PUT8(buf, arg->ackPolicy);
 547        WSM_PUT8(buf, 0);
 548        WSM_PUT32(buf, arg->maxTransmitLifetime);
 549        WSM_PUT16(buf, arg->allowedMediumTime);
 550        WSM_PUT16(buf, 0);
 551
 552        ret = wsm_cmd_send(priv, buf, NULL, 0x0012, WSM_CMD_TIMEOUT);
 553
 554        wsm_cmd_unlock(priv);
 555        return ret;
 556
 557nomem:
 558        wsm_cmd_unlock(priv);
 559        return -ENOMEM;
 560}
 561
 562/* ******************************************************************** */
 563
 564int wsm_set_edca_params(struct cw1200_common *priv,
 565                                const struct wsm_edca_params *arg)
 566{
 567        int ret;
 568        struct wsm_buf *buf = &priv->wsm_cmd_buf;
 569
 570        wsm_cmd_lock(priv);
 571
 572        /* Implemented according to specification. */
 573
 574        WSM_PUT16(buf, arg->params[3].cwmin);
 575        WSM_PUT16(buf, arg->params[2].cwmin);
 576        WSM_PUT16(buf, arg->params[1].cwmin);
 577        WSM_PUT16(buf, arg->params[0].cwmin);
 578
 579        WSM_PUT16(buf, arg->params[3].cwmax);
 580        WSM_PUT16(buf, arg->params[2].cwmax);
 581        WSM_PUT16(buf, arg->params[1].cwmax);
 582        WSM_PUT16(buf, arg->params[0].cwmax);
 583
 584        WSM_PUT8(buf, arg->params[3].aifns);
 585        WSM_PUT8(buf, arg->params[2].aifns);
 586        WSM_PUT8(buf, arg->params[1].aifns);
 587        WSM_PUT8(buf, arg->params[0].aifns);
 588
 589        WSM_PUT16(buf, arg->params[3].txop_limit);
 590        WSM_PUT16(buf, arg->params[2].txop_limit);
 591        WSM_PUT16(buf, arg->params[1].txop_limit);
 592        WSM_PUT16(buf, arg->params[0].txop_limit);
 593
 594        WSM_PUT32(buf, arg->params[3].max_rx_lifetime);
 595        WSM_PUT32(buf, arg->params[2].max_rx_lifetime);
 596        WSM_PUT32(buf, arg->params[1].max_rx_lifetime);
 597        WSM_PUT32(buf, arg->params[0].max_rx_lifetime);
 598
 599        ret = wsm_cmd_send(priv, buf, NULL,
 600                           WSM_EDCA_PARAMS_REQ_ID, WSM_CMD_TIMEOUT);
 601        wsm_cmd_unlock(priv);
 602        return ret;
 603
 604nomem:
 605        wsm_cmd_unlock(priv);
 606        return -ENOMEM;
 607}
 608
 609/* ******************************************************************** */
 610
 611int wsm_switch_channel(struct cw1200_common *priv,
 612                        const struct wsm_switch_channel *arg)
 613{
 614        int ret;
 615        struct wsm_buf *buf = &priv->wsm_cmd_buf;
 616
 617        wsm_cmd_lock(priv);
 618
 619        WSM_PUT8(buf, arg->mode);
 620        WSM_PUT8(buf, arg->switch_count);
 621        WSM_PUT16(buf, arg->channel_number);
 622
 623        priv->channel_switch_in_progress = 1;
 624
 625        ret = wsm_cmd_send(priv, buf, NULL,
 626                           WSM_SWITCH_CHANNEL_REQ_ID, WSM_CMD_TIMEOUT);
 627        if (ret)
 628                priv->channel_switch_in_progress = 0;
 629
 630        wsm_cmd_unlock(priv);
 631        return ret;
 632
 633nomem:
 634        wsm_cmd_unlock(priv);
 635        return -ENOMEM;
 636}
 637
 638/* ******************************************************************** */
 639
 640int wsm_set_pm(struct cw1200_common *priv, const struct wsm_set_pm *arg)
 641{
 642        int ret;
 643        struct wsm_buf *buf = &priv->wsm_cmd_buf;
 644        priv->ps_mode_switch_in_progress = 1;
 645
 646        wsm_cmd_lock(priv);
 647
 648        WSM_PUT8(buf, arg->mode);
 649        WSM_PUT8(buf, arg->fast_psm_idle_period);
 650        WSM_PUT8(buf, arg->ap_psm_change_period);
 651        WSM_PUT8(buf, arg->min_auto_pspoll_period);
 652
 653        ret = wsm_cmd_send(priv, buf, NULL,
 654                           WSM_SET_PM_REQ_ID, WSM_CMD_TIMEOUT);
 655
 656        wsm_cmd_unlock(priv);
 657        return ret;
 658
 659nomem:
 660        wsm_cmd_unlock(priv);
 661        return -ENOMEM;
 662}
 663
 664/* ******************************************************************** */
 665
 666int wsm_start(struct cw1200_common *priv, const struct wsm_start *arg)
 667{
 668        int ret;
 669        struct wsm_buf *buf = &priv->wsm_cmd_buf;
 670
 671        wsm_cmd_lock(priv);
 672
 673        WSM_PUT8(buf, arg->mode);
 674        WSM_PUT8(buf, arg->band);
 675        WSM_PUT16(buf, arg->channel_number);
 676        WSM_PUT32(buf, arg->ct_window);
 677        WSM_PUT32(buf, arg->beacon_interval);
 678        WSM_PUT8(buf, arg->dtim_period);
 679        WSM_PUT8(buf, arg->preamble);
 680        WSM_PUT8(buf, arg->probe_delay);
 681        WSM_PUT8(buf, arg->ssid_len);
 682        WSM_PUT(buf, arg->ssid, sizeof(arg->ssid));
 683        WSM_PUT32(buf, arg->basic_rate_set);
 684
 685        priv->tx_burst_idx = -1;
 686        ret = wsm_cmd_send(priv, buf, NULL,
 687                           WSM_START_REQ_ID, WSM_CMD_START_TIMEOUT);
 688
 689        wsm_cmd_unlock(priv);
 690        return ret;
 691
 692nomem:
 693        wsm_cmd_unlock(priv);
 694        return -ENOMEM;
 695}
 696
 697/* ******************************************************************** */
 698
 699int wsm_beacon_transmit(struct cw1200_common *priv,
 700                        const struct wsm_beacon_transmit *arg)
 701{
 702        int ret;
 703        struct wsm_buf *buf = &priv->wsm_cmd_buf;
 704
 705        wsm_cmd_lock(priv);
 706
 707        WSM_PUT32(buf, arg->enable_beaconing ? 1 : 0);
 708
 709        ret = wsm_cmd_send(priv, buf, NULL,
 710                           WSM_BEACON_TRANSMIT_REQ_ID, WSM_CMD_TIMEOUT);
 711
 712        wsm_cmd_unlock(priv);
 713        return ret;
 714
 715nomem:
 716        wsm_cmd_unlock(priv);
 717        return -ENOMEM;
 718}
 719
 720/* ******************************************************************** */
 721
 722int wsm_start_find(struct cw1200_common *priv)
 723{
 724        int ret;
 725        struct wsm_buf *buf = &priv->wsm_cmd_buf;
 726
 727        wsm_cmd_lock(priv);
 728        ret = wsm_cmd_send(priv, buf, NULL, 0x0019, WSM_CMD_TIMEOUT);
 729        wsm_cmd_unlock(priv);
 730        return ret;
 731}
 732
 733/* ******************************************************************** */
 734
 735int wsm_stop_find(struct cw1200_common *priv)
 736{
 737        int ret;
 738        struct wsm_buf *buf = &priv->wsm_cmd_buf;
 739
 740        wsm_cmd_lock(priv);
 741        ret = wsm_cmd_send(priv, buf, NULL, 0x001A, WSM_CMD_TIMEOUT);
 742        wsm_cmd_unlock(priv);
 743        return ret;
 744}
 745
 746/* ******************************************************************** */
 747
 748int wsm_map_link(struct cw1200_common *priv, const struct wsm_map_link *arg)
 749{
 750        int ret;
 751        struct wsm_buf *buf = &priv->wsm_cmd_buf;
 752        u16 cmd = 0x001C | WSM_TX_LINK_ID(arg->link_id);
 753
 754        wsm_cmd_lock(priv);
 755
 756        WSM_PUT(buf, &arg->mac_addr[0], sizeof(arg->mac_addr));
 757        WSM_PUT16(buf, 0);
 758
 759        ret = wsm_cmd_send(priv, buf, NULL, cmd, WSM_CMD_TIMEOUT);
 760
 761        wsm_cmd_unlock(priv);
 762        return ret;
 763
 764nomem:
 765        wsm_cmd_unlock(priv);
 766        return -ENOMEM;
 767}
 768
 769/* ******************************************************************** */
 770
 771int wsm_update_ie(struct cw1200_common *priv,
 772                  const struct wsm_update_ie *arg)
 773{
 774        int ret;
 775        struct wsm_buf *buf = &priv->wsm_cmd_buf;
 776
 777        wsm_cmd_lock(priv);
 778
 779        WSM_PUT16(buf, arg->what);
 780        WSM_PUT16(buf, arg->count);
 781        WSM_PUT(buf, arg->ies, arg->length);
 782
 783        ret = wsm_cmd_send(priv, buf, NULL, 0x001B, WSM_CMD_TIMEOUT);
 784
 785        wsm_cmd_unlock(priv);
 786        return ret;
 787
 788nomem:
 789        wsm_cmd_unlock(priv);
 790        return -ENOMEM;
 791}
 792
 793/* ******************************************************************** */
 794int wsm_set_probe_responder(struct cw1200_common *priv, bool enable)
 795{
 796        priv->rx_filter.probeResponder = enable;
 797        return wsm_set_rx_filter(priv, &priv->rx_filter);
 798}
 799
 800/* ******************************************************************** */
 801/* WSM indication events implementation                                 */
 802const char * const cw1200_fw_types[] = {
 803        "ETF",
 804        "WFM",
 805        "WSM",
 806        "HI test",
 807        "Platform test"
 808};
 809
 810static int wsm_startup_indication(struct cw1200_common *priv,
 811                                        struct wsm_buf *buf)
 812{
 813        priv->wsm_caps.input_buffers     = WSM_GET16(buf);
 814        priv->wsm_caps.input_buffer_size = WSM_GET16(buf);
 815        priv->wsm_caps.hw_id      = WSM_GET16(buf);
 816        priv->wsm_caps.hw_subid   = WSM_GET16(buf);
 817        priv->wsm_caps.status     = WSM_GET16(buf);
 818        priv->wsm_caps.fw_cap     = WSM_GET16(buf);
 819        priv->wsm_caps.fw_type    = WSM_GET16(buf);
 820        priv->wsm_caps.fw_api     = WSM_GET16(buf);
 821        priv->wsm_caps.fw_build   = WSM_GET16(buf);
 822        priv->wsm_caps.fw_ver     = WSM_GET16(buf);
 823        WSM_GET(buf, priv->wsm_caps.fw_label, sizeof(priv->wsm_caps.fw_label));
 824        priv->wsm_caps.fw_label[sizeof(priv->wsm_caps.fw_label) - 1] = 0; /* Do not trust FW too much... */
 825
 826        if (WARN_ON(priv->wsm_caps.status))
 827                return -EINVAL;
 828
 829        if (WARN_ON(priv->wsm_caps.fw_type > 4))
 830                return -EINVAL;
 831
 832        pr_info("CW1200 WSM init done.\n"
 833                "   Input buffers: %d x %d bytes\n"
 834                "   Hardware: %d.%d\n"
 835                "   %s firmware [%s], ver: %d, build: %d,"
 836                "   api: %d, cap: 0x%.4X\n",
 837                priv->wsm_caps.input_buffers,
 838                priv->wsm_caps.input_buffer_size,
 839                priv->wsm_caps.hw_id, priv->wsm_caps.hw_subid,
 840                cw1200_fw_types[priv->wsm_caps.fw_type],
 841                priv->wsm_caps.fw_label, priv->wsm_caps.fw_ver,
 842                priv->wsm_caps.fw_build,
 843                priv->wsm_caps.fw_api, priv->wsm_caps.fw_cap);
 844
 845        /* Disable unsupported frequency bands */
 846        if (!(priv->wsm_caps.fw_cap & 0x1))
 847                priv->hw->wiphy->bands[NL80211_BAND_2GHZ] = NULL;
 848        if (!(priv->wsm_caps.fw_cap & 0x2))
 849                priv->hw->wiphy->bands[NL80211_BAND_5GHZ] = NULL;
 850
 851        priv->firmware_ready = 1;
 852        wake_up(&priv->wsm_startup_done);
 853        return 0;
 854
 855underflow:
 856        WARN_ON(1);
 857        return -EINVAL;
 858}
 859
 860static int wsm_receive_indication(struct cw1200_common *priv,
 861                                  int link_id,
 862                                  struct wsm_buf *buf,
 863                                  struct sk_buff **skb_p)
 864{
 865        struct wsm_rx rx;
 866        struct ieee80211_hdr *hdr;
 867        size_t hdr_len;
 868        __le16 fctl;
 869
 870        rx.status = WSM_GET32(buf);
 871        rx.channel_number = WSM_GET16(buf);
 872        rx.rx_rate = WSM_GET8(buf);
 873        rx.rcpi_rssi = WSM_GET8(buf);
 874        rx.flags = WSM_GET32(buf);
 875
 876        /* FW Workaround: Drop probe resp or
 877           beacon when RSSI is 0
 878        */
 879        hdr = (struct ieee80211_hdr *)(*skb_p)->data;
 880
 881        if (!rx.rcpi_rssi &&
 882            (ieee80211_is_probe_resp(hdr->frame_control) ||
 883             ieee80211_is_beacon(hdr->frame_control)))
 884                return 0;
 885
 886        /* If no RSSI subscription has been made,
 887         * convert RCPI to RSSI here
 888         */
 889        if (!priv->cqm_use_rssi)
 890                rx.rcpi_rssi = rx.rcpi_rssi / 2 - 110;
 891
 892        fctl = *(__le16 *)buf->data;
 893        hdr_len = buf->data - buf->begin;
 894        skb_pull(*skb_p, hdr_len);
 895        if (!rx.status && ieee80211_is_deauth(fctl)) {
 896                if (priv->join_status == CW1200_JOIN_STATUS_STA) {
 897                        /* Shedule unjoin work */
 898                        pr_debug("[WSM] Issue unjoin command (RX).\n");
 899                        wsm_lock_tx_async(priv);
 900                        if (queue_work(priv->workqueue,
 901                                       &priv->unjoin_work) <= 0)
 902                                wsm_unlock_tx(priv);
 903                }
 904        }
 905        cw1200_rx_cb(priv, &rx, link_id, skb_p);
 906        if (*skb_p)
 907                skb_push(*skb_p, hdr_len);
 908
 909        return 0;
 910
 911underflow:
 912        return -EINVAL;
 913}
 914
 915static int wsm_event_indication(struct cw1200_common *priv, struct wsm_buf *buf)
 916{
 917        int first;
 918        struct cw1200_wsm_event *event;
 919
 920        if (priv->mode == NL80211_IFTYPE_UNSPECIFIED) {
 921                /* STA is stopped. */
 922                return 0;
 923        }
 924
 925        event = kzalloc(sizeof(struct cw1200_wsm_event), GFP_KERNEL);
 926        if (!event)
 927                return -ENOMEM;
 928
 929        event->evt.id = WSM_GET32(buf);
 930        event->evt.data = WSM_GET32(buf);
 931
 932        pr_debug("[WSM] Event: %d(%d)\n",
 933                 event->evt.id, event->evt.data);
 934
 935        spin_lock(&priv->event_queue_lock);
 936        first = list_empty(&priv->event_queue);
 937        list_add_tail(&event->link, &priv->event_queue);
 938        spin_unlock(&priv->event_queue_lock);
 939
 940        if (first)
 941                queue_work(priv->workqueue, &priv->event_handler);
 942
 943        return 0;
 944
 945underflow:
 946        kfree(event);
 947        return -EINVAL;
 948}
 949
 950static int wsm_channel_switch_indication(struct cw1200_common *priv,
 951                                         struct wsm_buf *buf)
 952{
 953        WARN_ON(WSM_GET32(buf));
 954
 955        priv->channel_switch_in_progress = 0;
 956        wake_up(&priv->channel_switch_done);
 957
 958        wsm_unlock_tx(priv);
 959
 960        return 0;
 961
 962underflow:
 963        return -EINVAL;
 964}
 965
 966static int wsm_set_pm_indication(struct cw1200_common *priv,
 967                                 struct wsm_buf *buf)
 968{
 969        /* TODO:  Check buf (struct wsm_set_pm_complete) for validity */
 970        if (priv->ps_mode_switch_in_progress) {
 971                priv->ps_mode_switch_in_progress = 0;
 972                wake_up(&priv->ps_mode_switch_done);
 973        }
 974        return 0;
 975}
 976
 977static int wsm_scan_started(struct cw1200_common *priv, void *arg,
 978                            struct wsm_buf *buf)
 979{
 980        u32 status = WSM_GET32(buf);
 981        if (status != WSM_STATUS_SUCCESS) {
 982                cw1200_scan_failed_cb(priv);
 983                return -EINVAL;
 984        }
 985        return 0;
 986
 987underflow:
 988        WARN_ON(1);
 989        return -EINVAL;
 990}
 991
 992static int wsm_scan_complete_indication(struct cw1200_common *priv,
 993                                        struct wsm_buf *buf)
 994{
 995        struct wsm_scan_complete arg;
 996        arg.status = WSM_GET32(buf);
 997        arg.psm = WSM_GET8(buf);
 998        arg.num_channels = WSM_GET8(buf);
 999        cw1200_scan_complete_cb(priv, &arg);
1000

1001        return 0;
1002
1003underflow:
1004        return -EINVAL;
1005}
1006
1007static int wsm_join_complete_indication(struct cw1200_common *priv,
1008                                        struct wsm_buf *buf)
1009{
1010        struct wsm_join_complete arg;
1011        arg.status = WSM_GET32(buf);
1012        pr_debug("[WSM] Join complete indication, status: %d\n", arg.status);
1013        cw1200_join_complete_cb(priv, &arg);
1014
1015        return 0;
1016
1017underflow:
1018        return -EINVAL;
1019}
1020
1021static int wsm_find_complete_indication(struct cw1200_common *priv,
1022                                        struct wsm_buf *buf)
1023{
1024        pr_warn("Implement find_complete_indication\n");
1025        return 0;
1026}
1027
1028static int wsm_ba_timeout_indication(struct cw1200_common *priv,
1029                                     struct wsm_buf *buf)
1030{
1031        u8 tid;
1032        u8 addr[ETH_ALEN];
1033
1034        WSM_GET32(buf);
1035        tid = WSM_GET8(buf);
1036        WSM_GET8(buf);
1037        WSM_GET(buf, addr, ETH_ALEN);
1038
1039        pr_info("BlockACK timeout, tid %d, addr %pM\n",
1040                tid, addr);
1041
1042        return 0;
1043
1044underflow:
1045        return -EINVAL;
1046}
1047
1048static int wsm_suspend_resume_indication(struct cw1200_common *priv,
1049                                         int link_id, struct wsm_buf *buf)
1050{
1051        u32 flags;
1052        struct wsm_suspend_resume arg;
1053
1054        flags = WSM_GET32(buf);
1055        arg.link_id = link_id;
1056        arg.stop = !(flags & 1);
1057        arg.multicast = !!(flags & 8);
1058        arg.queue = (flags >> 1) & 3;
1059
1060        cw1200_suspend_resume(priv, &arg);
1061
1062        return 0;
1063
1064underflow:
1065        return -EINVAL;
1066}
1067
1068
1069/* ******************************************************************** */
1070/* WSM TX                                                               */
1071
1072static int wsm_cmd_send(struct cw1200_common *priv,
1073                        struct wsm_buf *buf,
1074                        void *arg, u16 cmd, long tmo)
1075{
1076        size_t buf_len = buf->data - buf->begin;
1077        int ret;
1078
1079        /* Don't bother if we're dead. */
1080        if (priv->bh_error) {
1081                ret = 0;
1082                goto done;
1083        }
1084
1085        /* Block until the cmd buffer is completed.  Tortuous. */
1086        spin_lock(&priv->wsm_cmd.lock);
1087        while (!priv->wsm_cmd.done) {
1088                spin_unlock(&priv->wsm_cmd.lock);
1089                spin_lock(&priv->wsm_cmd.lock);
1090        }
1091        priv->wsm_cmd.done = 0;
1092        spin_unlock(&priv->wsm_cmd.lock);
1093
1094        if (cmd == WSM_WRITE_MIB_REQ_ID ||
1095            cmd == WSM_READ_MIB_REQ_ID)
1096                pr_debug("[WSM] >>> 0x%.4X [MIB: 0x%.4X] (%zu)\n",
1097                         cmd, __le16_to_cpu(((__le16 *)buf->begin)[2]),
1098                         buf_len);
1099        else
1100                pr_debug("[WSM] >>> 0x%.4X (%zu)\n", cmd, buf_len);
1101
1102        /* Due to buggy SPI on CW1200, we need to
1103         * pad the message by a few bytes to ensure
1104         * that it's completely received.
1105         */
1106        buf_len += 4;
1107
1108        /* Fill HI message header */
1109        /* BH will add sequence number */
1110        ((__le16 *)buf->begin)[0] = __cpu_to_le16(buf_len);
1111        ((__le16 *)buf->begin)[1] = __cpu_to_le16(cmd);
1112
1113        spin_lock(&priv->wsm_cmd.lock);
1114        BUG_ON(priv->wsm_cmd.ptr);
1115        priv->wsm_cmd.ptr = buf->begin;
1116        priv->wsm_cmd.len = buf_len;
1117        priv->wsm_cmd.arg = arg;
1118        priv->wsm_cmd.cmd = cmd;
1119        spin_unlock(&priv->wsm_cmd.lock);
1120
1121        cw1200_bh_wakeup(priv);
1122
1123        /* Wait for command completion */
1124        ret = wait_event_timeout(priv->wsm_cmd_wq,
1125                                 priv->wsm_cmd.done, tmo);
1126
1127        if (!ret && !priv->wsm_cmd.done) {
1128                spin_lock(&priv->wsm_cmd.lock);
1129                priv->wsm_cmd.done = 1;
1130                priv->wsm_cmd.ptr = NULL;
1131                spin_unlock(&priv->wsm_cmd.lock);
1132                if (priv->bh_error) {
1133                        /* Return ok to help system cleanup */
1134                        ret = 0;
1135                } else {
1136                        pr_err("CMD req (0x%04x) stuck in firmware, killing BH\n", priv->wsm_cmd.cmd);
1137                        print_hex_dump_bytes("REQDUMP: ", DUMP_PREFIX_NONE,
1138                                             buf->begin, buf_len);
1139                        pr_err("Outstanding outgoing frames:  %d\n", priv->hw_bufs_used);
1140
1141                        /* Kill BH thread to report the error to the top layer. */
1142                        atomic_inc(&priv->bh_term);
1143                        wake_up(&priv->bh_wq);
1144                        ret = -ETIMEDOUT;
1145                }
1146        } else {
1147                spin_lock(&priv->wsm_cmd.lock);
1148                BUG_ON(!priv->wsm_cmd.done);
1149                ret = priv->wsm_cmd.ret;
1150                spin_unlock(&priv->wsm_cmd.lock);
1151        }
1152done:
1153        wsm_buf_reset(buf);
1154        return ret;
1155}
1156
1157/* ******************************************************************** */
1158/* WSM TX port control                                                  */
1159
1160void wsm_lock_tx(struct cw1200_common *priv)
1161{
1162        wsm_cmd_lock(priv);
1163        if (atomic_inc_return(&priv->tx_lock) == 1) {
1164                if (wsm_flush_tx(priv))
1165                        pr_debug("[WSM] TX is locked.\n");
1166        }
1167        wsm_cmd_unlock(priv);
1168}
1169
1170void wsm_lock_tx_async(struct cw1200_common *priv)
1171{
1172        if (atomic_inc_return(&priv->tx_lock) == 1)
1173                pr_debug("[WSM] TX is locked (async).\n");
1174}
1175
1176bool wsm_flush_tx(struct cw1200_common *priv)
1177{
1178        unsigned long timestamp = jiffies;
1179        bool pending = false;
1180        long timeout;
1181        int i;
1182
1183        /* Flush must be called with TX lock held. */
1184        BUG_ON(!atomic_read(&priv->tx_lock));
1185
1186        /* First check if we really need to do something.
1187         * It is safe to use unprotected access, as hw_bufs_used
1188         * can only decrements.
1189         */
1190        if (!priv->hw_bufs_used)
1191                return true;
1192
1193        if (priv->bh_error) {
1194                /* In case of failure do not wait for magic. */
1195                pr_err("[WSM] Fatal error occurred, will not flush TX.\n");
1196                return false;
1197        } else {
1198                /* Get a timestamp of "oldest" frame */
1199                for (i = 0; i < 4; ++i)
1200                        pending |= cw1200_queue_get_xmit_timestamp(
1201                                        &priv->tx_queue[i],
1202                                        &timestamp, 0xffffffff);
1203                /* If there's nothing pending, we're good */
1204                if (!pending)
1205                        return true;
1206
1207                timeout = timestamp + WSM_CMD_LAST_CHANCE_TIMEOUT - jiffies;
1208                if (timeout < 0 || wait_event_timeout(priv->bh_evt_wq,
1209                                                      !priv->hw_bufs_used,
1210                                                      timeout) <= 0) {
1211                        /* Hmmm... Not good. Frame had stuck in firmware. */
1212                        priv->bh_error = 1;
1213                        wiphy_err(priv->hw->wiphy, "[WSM] TX Frames (%d) stuck in firmware, killing BH\n", priv->hw_bufs_used);
1214                        wake_up(&priv->bh_wq);
1215                        return false;
1216                }
1217
1218                /* Ok, everything is flushed. */
1219                return true;
1220        }
1221}
1222
1223void wsm_unlock_tx(struct cw1200_common *priv)
1224{
1225        int tx_lock;
1226        tx_lock = atomic_dec_return(&priv->tx_lock);
1227        BUG_ON(tx_lock < 0);
1228
1229        if (tx_lock == 0) {
1230                if (!priv->bh_error)
1231                        cw1200_bh_wakeup(priv);
1232                pr_debug("[WSM] TX is unlocked.\n");
1233        }
1234}
1235
1236/* ******************************************************************** */
1237/* WSM RX                                                               */
1238
1239int wsm_handle_exception(struct cw1200_common *priv, u8 *data, size_t len)
1240{
1241        struct wsm_buf buf;
1242        u32 reason;
1243        u32 reg[18];
1244        char fname[48];
1245        unsigned int i;
1246
1247        static const char * const reason_str[] = {
1248                "undefined instruction",
1249                "prefetch abort",
1250                "data abort",
1251                "unknown error",
1252        };
1253
1254        buf.begin = buf.data = data;
1255        buf.end = &buf.begin[len];
1256
1257        reason = WSM_GET32(&buf);
1258        for (i = 0; i < ARRAY_SIZE(reg); ++i)
1259                reg[i] = WSM_GET32(&buf);
1260        WSM_GET(&buf, fname, sizeof(fname));
1261
1262        if (reason < 4)
1263                wiphy_err(priv->hw->wiphy,
1264                          "Firmware exception: %s.\n",
1265                          reason_str[reason]);
1266        else
1267                wiphy_err(priv->hw->wiphy,
1268                          "Firmware assert at %.*s, line %d\n",
1269                          (int) sizeof(fname), fname, reg[1]);
1270
1271        for (i = 0; i < 12; i += 4)
1272                wiphy_err(priv->hw->wiphy,
1273                          "R%d: 0x%.8X, R%d: 0x%.8X, R%d: 0x%.8X, R%d: 0x%.8X,\n",
1274                          i + 0, reg[i + 0], i + 1, reg[i + 1],
1275                          i + 2, reg[i + 2], i + 3, reg[i + 3]);
1276        wiphy_err(priv->hw->wiphy,
1277                  "R12: 0x%.8X, SP: 0x%.8X, LR: 0x%.8X, PC: 0x%.8X,\n",
1278                  reg[i + 0], reg[i + 1], reg[i + 2], reg[i + 3]);
1279        i += 4;
1280        wiphy_err(priv->hw->wiphy,
1281                  "CPSR: 0x%.8X, SPSR: 0x%.8X\n",
1282                  reg[i + 0], reg[i + 1]);
1283
1284        print_hex_dump_bytes("R1: ", DUMP_PREFIX_NONE,
1285                             fname, sizeof(fname));
1286        return 0;
1287
1288underflow:
1289        wiphy_err(priv->hw->wiphy, "Firmware exception.\n");
1290        print_hex_dump_bytes("Exception: ", DUMP_PREFIX_NONE,
1291                             data, len);
1292        return -EINVAL;
1293}
1294
1295int wsm_handle_rx(struct cw1200_common *priv, u16 id,
1296                  struct wsm_hdr *wsm, struct sk_buff **skb_p)
1297{
1298        int ret = 0;
1299        struct wsm_buf wsm_buf;
1300        int link_id = (id >> 6) & 0x0F;
1301
1302        /* Strip link id. */
1303        id &= ~WSM_TX_LINK_ID(WSM_TX_LINK_ID_MAX);
1304
1305        wsm_buf.begin = (u8 *)&wsm[0];
1306        wsm_buf.data = (u8 *)&wsm[1];
1307        wsm_buf.end = &wsm_buf.begin[__le16_to_cpu(wsm->len)];
1308
1309        pr_debug("[WSM] <<< 0x%.4X (%td)\n", id,
1310                 wsm_buf.end - wsm_buf.begin);
1311
1312        if (id == WSM_TX_CONFIRM_IND_ID) {
1313                ret = wsm_tx_confirm(priv, &wsm_buf, link_id);
1314        } else if (id == WSM_MULTI_TX_CONFIRM_ID) {
1315                ret = wsm_multi_tx_confirm(priv, &wsm_buf, link_id);
1316        } else if (id & 0x0400) {
1317                void *wsm_arg;
1318                u16 wsm_cmd;
1319
1320                /* Do not trust FW too much. Protection against repeated
1321                 * response and race condition removal (see above).
1322                 */
1323                spin_lock(&priv->wsm_cmd.lock);
1324                wsm_arg = priv->wsm_cmd.arg;
1325                wsm_cmd = priv->wsm_cmd.cmd &
1326                                ~WSM_TX_LINK_ID(WSM_TX_LINK_ID_MAX);
1327                priv->wsm_cmd.cmd = 0xFFFF;
1328                spin_unlock(&priv->wsm_cmd.lock);
1329
1330                if (WARN_ON((id & ~0x0400) != wsm_cmd)) {
1331                        /* Note that any non-zero is a fatal retcode. */
1332                        ret = -EINVAL;
1333                        goto out;
1334                }
1335
1336                /* Note that wsm_arg can be NULL in case of timeout in
1337                 * wsm_cmd_send().
1338                 */
1339
1340                switch (id) {
1341                case WSM_READ_MIB_RESP_ID:
1342                        if (wsm_arg)
1343                                ret = wsm_read_mib_confirm(priv, wsm_arg,
1344                                                                &wsm_buf);
1345                        break;
1346                case WSM_WRITE_MIB_RESP_ID:
1347                        if (wsm_arg)
1348                                ret = wsm_write_mib_confirm(priv, wsm_arg,
1349                                                            &wsm_buf);
1350                        break;
1351                case WSM_START_SCAN_RESP_ID:
1352                        if (wsm_arg)
1353                                ret = wsm_scan_started(priv, wsm_arg, &wsm_buf);
1354                        break;
1355                case WSM_CONFIGURATION_RESP_ID:
1356                        if (wsm_arg)
1357                                ret = wsm_configuration_confirm(priv, wsm_arg,
1358                                                                &wsm_buf);
1359                        break;
1360                case WSM_JOIN_RESP_ID:
1361                        if (wsm_arg)
1362                                ret = wsm_join_confirm(priv, wsm_arg, &wsm_buf);
1363                        break;
1364                case WSM_STOP_SCAN_RESP_ID:
1365                case WSM_RESET_RESP_ID:
1366                case WSM_ADD_KEY_RESP_ID:
1367                case WSM_REMOVE_KEY_RESP_ID:
1368                case WSM_SET_PM_RESP_ID:
1369                case WSM_SET_BSS_PARAMS_RESP_ID:
1370                case 0x0412: /* set_tx_queue_params */
1371                case WSM_EDCA_PARAMS_RESP_ID:
1372                case WSM_SWITCH_CHANNEL_RESP_ID:
1373                case WSM_START_RESP_ID:
1374                case WSM_BEACON_TRANSMIT_RESP_ID:
1375                case 0x0419: /* start_find */
1376                case 0x041A: /* stop_find */
1377                case 0x041B: /* update_ie */
1378                case 0x041C: /* map_link */
1379                        WARN_ON(wsm_arg != NULL);
1380                        ret = wsm_generic_confirm(priv, wsm_arg, &wsm_buf);
1381                        if (ret) {
1382                                wiphy_warn(priv->hw->wiphy,
1383                                           "wsm_generic_confirm failed for request 0x%04x.\n",
1384                                           id & ~0x0400);
1385
1386                                /* often 0x407 and 0x410 occur, this means we're dead.. */
1387                                if (priv->join_status >= CW1200_JOIN_STATUS_JOINING) {
1388                                        wsm_lock_tx(priv);
1389                                        if (queue_work(priv->workqueue, &priv->unjoin_work) <= 0)
1390                                                wsm_unlock_tx(priv);
1391                                }
1392                        }
1393                        break;
1394                default:
1395                        wiphy_warn(priv->hw->wiphy,
1396                                   "Unrecognized confirmation 0x%04x\n",
1397                                   id & ~0x0400);
1398                }
1399
1400                spin_lock(&priv->wsm_cmd.lock);
1401                priv->wsm_cmd.ret = ret;
1402                priv->wsm_cmd.done = 1;
1403                spin_unlock(&priv->wsm_cmd.lock);
1404
1405                ret = 0; /* Error response from device should ne stop BH. */
1406
1407                wake_up(&priv->wsm_cmd_wq);
1408        } else if (id & 0x0800) {
1409                switch (id) {
1410                case WSM_STARTUP_IND_ID:
1411                        ret = wsm_startup_indication(priv, &wsm_buf);
1412                        break;
1413                case WSM_RECEIVE_IND_ID:
1414                        ret = wsm_receive_indication(priv, link_id,
1415                                                     &wsm_buf, skb_p);
1416                        break;
1417                case 0x0805:
1418                        ret = wsm_event_indication(priv, &wsm_buf);
1419                        break;
1420                case WSM_SCAN_COMPLETE_IND_ID:
1421                        ret = wsm_scan_complete_indication(priv, &wsm_buf);
1422                        break;
1423                case 0x0808:
1424                        ret = wsm_ba_timeout_indication(priv, &wsm_buf);
1425                        break;
1426                case 0x0809:
1427                        ret = wsm_set_pm_indication(priv, &wsm_buf);
1428                        break;
1429                case 0x080A:
1430                        ret = wsm_channel_switch_indication(priv, &wsm_buf);
1431                        break;
1432                case 0x080B:
1433                        ret = wsm_find_complete_indication(priv, &wsm_buf);
1434                        break;
1435                case 0x080C:
1436                        ret = wsm_suspend_resume_indication(priv,
1437                                        link_id, &wsm_buf);
1438                        break;
1439                case 0x080F:
1440                        ret = wsm_join_complete_indication(priv, &wsm_buf);
1441                        break;
1442                default:
1443                        pr_warn("Unrecognised WSM ID %04x\n", id);
1444                }
1445        } else {
1446                WARN_ON(1);
1447                ret = -EINVAL;
1448        }
1449out:
1450        return ret;
1451}
1452
1453static bool wsm_handle_tx_data(struct cw1200_common *priv,
1454                               struct wsm_tx *wsm,
1455                               const struct ieee80211_tx_info *tx_info,
1456                               const struct cw1200_txpriv *txpriv,
1457                               struct cw1200_queue *queue)
1458{
1459        bool handled = false;
1460        const struct ieee80211_hdr *frame =
1461                (struct ieee80211_hdr *)&((u8 *)wsm)[txpriv->offset];
1462        __le16 fctl = frame->frame_control;
1463        enum {
1464                do_probe,
1465                do_drop,
1466                do_wep,
1467                do_tx,
1468        } action = do_tx;
1469
1470        switch (priv->mode) {
1471        case NL80211_IFTYPE_STATION:
1472                if (priv->join_status == CW1200_JOIN_STATUS_MONITOR)
1473                        action = do_tx;
1474                else if (priv->join_status < CW1200_JOIN_STATUS_PRE_STA)
1475                        action = do_drop;
1476                break;
1477        case NL80211_IFTYPE_AP:
1478                if (!priv->join_status) {
1479                        action = do_drop;
1480                } else if (!(BIT(txpriv->raw_link_id) &
1481                             (BIT(0) | priv->link_id_map))) {
1482                        wiphy_warn(priv->hw->wiphy,
1483                                   "A frame with expired link id is dropped.\n");
1484                        action = do_drop;
1485                }
1486                if (cw1200_queue_get_generation(wsm->packet_id) >
1487                                CW1200_MAX_REQUEUE_ATTEMPTS) {
1488                        /* HACK!!! WSM324 firmware has tendency to requeue
1489                         * multicast frames in a loop, causing performance
1490                         * drop and high power consumption of the driver.
1491                         * In this situation it is better just to drop
1492                         * the problematic frame.
1493                         */
1494                        wiphy_warn(priv->hw->wiphy,
1495                                   "Too many attempts to requeue a frame; dropped.\n");
1496                        action = do_drop;
1497                }
1498                break;
1499        case NL80211_IFTYPE_ADHOC:
1500                if (priv->join_status != CW1200_JOIN_STATUS_IBSS)
1501                        action = do_drop;
1502                break;
1503        case NL80211_IFTYPE_MESH_POINT:
1504                action = do_tx; /* TODO:  Test me! */
1505                break;
1506        case NL80211_IFTYPE_MONITOR:
1507        default:
1508                action = do_drop;
1509                break;
1510        }
1511
1512        if (action == do_tx) {
1513                if (ieee80211_is_nullfunc(fctl)) {
1514                        spin_lock(&priv->bss_loss_lock);
1515                        if (priv->bss_loss_state) {
1516                                priv->bss_loss_confirm_id = wsm->packet_id;
1517                                wsm->queue_id = WSM_QUEUE_VOICE;
1518                        }
1519                        spin_unlock(&priv->bss_loss_lock);
1520                } else if (ieee80211_is_probe_req(fctl)) {
1521                        action = do_probe;
1522                } else if (ieee80211_is_deauth(fctl) &&
1523                           priv->mode != NL80211_IFTYPE_AP) {
1524                        pr_debug("[WSM] Issue unjoin command due to tx deauth.\n");
1525                        wsm_lock_tx_async(priv);
1526                        if (queue_work(priv->workqueue,
1527                                       &priv->unjoin_work) <= 0)
1528                                wsm_unlock_tx(priv);
1529                } else if (ieee80211_has_protected(fctl) &&
1530                           tx_info->control.hw_key &&
1531                           tx_info->control.hw_key->keyidx != priv->wep_default_key_id &&
1532                           (tx_info->control.hw_key->cipher == WLAN_CIPHER_SUITE_WEP40 ||
1533                            tx_info->control.hw_key->cipher == WLAN_CIPHER_SUITE_WEP104)) {
1534                        action = do_wep;
1535                }
1536        }
1537
1538        switch (action) {
1539        case do_probe:
1540                /* An interesting FW "feature". Device filters probe responses.
1541                 * The easiest way to get it back is to convert
1542                 * probe request into WSM start_scan command.
1543                 */
1544                pr_debug("[WSM] Convert probe request to scan.\n");
1545                wsm_lock_tx_async(priv);
1546                priv->pending_frame_id = wsm->packet_id;
1547                if (queue_delayed_work(priv->workqueue,
1548                                       &priv->scan.probe_work, 0) <= 0)
1549                        wsm_unlock_tx(priv);
1550                handled = true;
1551                break;
1552        case do_drop:
1553                pr_debug("[WSM] Drop frame (0x%.4X).\n", fctl);
1554                BUG_ON(cw1200_queue_remove(queue, wsm->packet_id));
1555                handled = true;
1556                break;
1557        case do_wep:
1558                pr_debug("[WSM] Issue set_default_wep_key.\n");
1559                wsm_lock_tx_async(priv);
1560                priv->wep_default_key_id = tx_info->control.hw_key->keyidx;
1561                priv->pending_frame_id = wsm->packet_id;
1562                if (queue_work(priv->workqueue, &priv->wep_key_work) <= 0)
1563                        wsm_unlock_tx(priv);
1564                handled = true;
1565                break;
1566        case do_tx:
1567                pr_debug("[WSM] Transmit frame.\n");
1568                break;
1569        default:
1570                /* Do nothing */
1571                break;
1572        }
1573        return handled;
1574}
1575
1576static int cw1200_get_prio_queue(struct cw1200_common *priv,
1577                                 u32 link_id_map, int *total)
1578{
1579        static const int urgent = BIT(CW1200_LINK_ID_AFTER_DTIM) |
1580                BIT(CW1200_LINK_ID_UAPSD);
1581        struct wsm_edca_queue_params *edca;
1582        unsigned score, best = -1;
1583        int winner = -1;
1584        int queued;
1585        int i;
1586
1587        /* search for a winner using edca params */
1588        for (i = 0; i < 4; ++i) {
1589                queued = cw1200_queue_get_num_queued(&priv->tx_queue[i],
1590                                link_id_map);
1591                if (!queued)
1592                        continue;
1593                *total += queued;
1594                edca = &priv->edca.params[i];
1595                score = ((edca->aifns + edca->cwmin) << 16) +
1596                        ((edca->cwmax - edca->cwmin) *
1597                         (get_random_int() & 0xFFFF));
1598                if (score < best && (winner < 0 || i != 3)) {
1599                        best = score;
1600                        winner = i;
1601                }
1602        }
1603
1604        /* override winner if bursting */
1605        if (winner >= 0 && priv->tx_burst_idx >= 0 &&
1606            winner != priv->tx_burst_idx &&
1607            !cw1200_queue_get_num_queued(
1608                    &priv->tx_queue[winner],
1609                    link_id_map & urgent) &&
1610            cw1200_queue_get_num_queued(
1611                    &priv->tx_queue[priv->tx_burst_idx],
1612                    link_id_map))
1613                winner = priv->tx_burst_idx;
1614
1615        return winner;
1616}
1617
1618static int wsm_get_tx_queue_and_mask(struct cw1200_common *priv,
1619                                     struct cw1200_queue **queue_p,
1620                                     u32 *tx_allowed_mask_p,
1621                                     bool *more)
1622{
1623        int idx;
1624        u32 tx_allowed_mask;
1625        int total = 0;
1626
1627        /* Search for a queue with multicast frames buffered */
1628        if (priv->tx_multicast) {
1629                tx_allowed_mask = BIT(CW1200_LINK_ID_AFTER_DTIM);
1630                idx = cw1200_get_prio_queue(priv,
1631                                tx_allowed_mask, &total);
1632                if (idx >= 0) {
1633                        *more = total > 1;
1634                        goto found;
1635                }
1636        }
1637
1638        /* Search for unicast traffic */
1639        tx_allowed_mask = ~priv->sta_asleep_mask;
1640        tx_allowed_mask |= BIT(CW1200_LINK_ID_UAPSD);
1641        if (priv->sta_asleep_mask) {
1642                tx_allowed_mask |= priv->pspoll_mask;
1643                tx_allowed_mask &= ~BIT(CW1200_LINK_ID_AFTER_DTIM);
1644        } else {
1645                tx_allowed_mask |= BIT(CW1200_LINK_ID_AFTER_DTIM);
1646        }
1647        idx = cw1200_get_prio_queue(priv,
1648                        tx_allowed_mask, &total);
1649        if (idx < 0)
1650                return -ENOENT;
1651
1652found:
1653        *queue_p = &priv->tx_queue[idx];
1654        *tx_allowed_mask_p = tx_allowed_mask;
1655        return 0;
1656}
1657
1658int wsm_get_tx(struct cw1200_common *priv, u8 **data,
1659               size_t *tx_len, int *burst)
1660{
1661        struct wsm_tx *wsm = NULL;
1662        struct ieee80211_tx_info *tx_info;
1663        struct cw1200_queue *queue = NULL;
1664        int queue_num;
1665        u32 tx_allowed_mask = 0;
1666        const struct cw1200_txpriv *txpriv = NULL;
1667        int count = 0;
1668
1669        /* More is used only for broadcasts. */
1670        bool more = false;
1671
1672        if (priv->wsm_cmd.ptr) { /* CMD request */
1673                ++count;
1674                spin_lock(&priv->wsm_cmd.lock);
1675                BUG_ON(!priv->wsm_cmd.ptr);
1676                *data = priv->wsm_cmd.ptr;
1677                *tx_len = priv->wsm_cmd.len;
1678                *burst = 1;
1679                spin_unlock(&priv->wsm_cmd.lock);
1680        } else {
1681                for (;;) {
1682                        int ret;
1683
1684                        if (atomic_add_return(0, &priv->tx_lock))
1685                                break;
1686
1687                        spin_lock_bh(&priv->ps_state_lock);
1688
1689                        ret = wsm_get_tx_queue_and_mask(priv, &queue,
1690                                                        &tx_allowed_mask, &more);
1691                        queue_num = queue - priv->tx_queue;
1692
1693                        if (priv->buffered_multicasts &&
1694                            (ret || !more) &&
1695                            (priv->tx_multicast || !priv->sta_asleep_mask)) {
1696                                priv->buffered_multicasts = false;
1697                                if (priv->tx_multicast) {
1698                                        priv->tx_multicast = false;
1699                                        queue_work(priv->workqueue,
1700                                                   &priv->multicast_stop_work);
1701                                }
1702                        }
1703
1704                        spin_unlock_bh(&priv->ps_state_lock);
1705
1706                        if (ret)
1707                                break;
1708
1709                        if (cw1200_queue_get(queue,
1710                                             tx_allowed_mask,
1711                                             &wsm, &tx_info, &txpriv))
1712                                continue;
1713
1714                        if (wsm_handle_tx_data(priv, wsm,
1715                                               tx_info, txpriv, queue))
1716                                continue;  /* Handled by WSM */
1717
1718                        wsm->hdr.id &= __cpu_to_le16(
1719                                ~WSM_TX_LINK_ID(WSM_TX_LINK_ID_MAX));
1720                        wsm->hdr.id |= cpu_to_le16(
1721                                WSM_TX_LINK_ID(txpriv->raw_link_id));
1722                        priv->pspoll_mask &= ~BIT(txpriv->raw_link_id);
1723
1724                        *data = (u8 *)wsm;
1725                        *tx_len = __le16_to_cpu(wsm->hdr.len);
1726
1727                        /* allow bursting if txop is set */
1728                        if (priv->edca.params[queue_num].txop_limit)
1729                                *burst = min(*burst,
1730                                             (int)cw1200_queue_get_num_queued(queue, tx_allowed_mask) + 1);
1731                        else
1732                                *burst = 1;
1733
1734                        /* store index of bursting queue */
1735                        if (*burst > 1)
1736                                priv->tx_burst_idx = queue_num;
1737                        else
1738                                priv->tx_burst_idx = -1;
1739
1740                        if (more) {
1741                                struct ieee80211_hdr *hdr =
1742                                        (struct ieee80211_hdr *)
1743                                        &((u8 *)wsm)[txpriv->offset];
1744                                /* more buffered multicast/broadcast frames
1745                                 *  ==> set MoreData flag in IEEE 802.11 header
1746                                 *  to inform PS STAs
1747                                 */
1748                                hdr->frame_control |=
1749                                        cpu_to_le16(IEEE80211_FCTL_MOREDATA);
1750                        }
1751
1752                        pr_debug("[WSM] >>> 0x%.4X (%zu) %p %c\n",
1753                                 0x0004, *tx_len, *data,
1754                                 wsm->more ? 'M' : ' ');
1755                        ++count;
1756                        break;
1757                }
1758        }
1759
1760        return count;
1761}
1762
1763void wsm_txed(struct cw1200_common *priv, u8 *data)
1764{
1765        if (data == priv->wsm_cmd.ptr) {
1766                spin_lock(&priv->wsm_cmd.lock);
1767                priv->wsm_cmd.ptr = NULL;
1768                spin_unlock(&priv->wsm_cmd.lock);
1769        }
1770}
1771
1772/* ******************************************************************** */
1773/* WSM buffer                                                           */
1774
1775void wsm_buf_init(struct wsm_buf *buf)
1776{
1777        BUG_ON(buf->begin);
1778        buf->begin = kmalloc(FWLOAD_BLOCK_SIZE, GFP_KERNEL | GFP_DMA);
1779        buf->end = buf->begin ? &buf->begin[FWLOAD_BLOCK_SIZE] : buf->begin;
1780        wsm_buf_reset(buf);
1781}
1782
1783void wsm_buf_deinit(struct wsm_buf *buf)
1784{
1785        kfree(buf->begin);
1786        buf->begin = buf->data = buf->end = NULL;
1787}
1788
1789static void wsm_buf_reset(struct wsm_buf *buf)
1790{
1791        if (buf->begin) {
1792                buf->data = &buf->begin[4];
1793                *(u32 *)buf->begin = 0;
1794        } else {
1795                buf->data = buf->begin;
1796        }
1797}
1798
1799static int wsm_buf_reserve(struct wsm_buf *buf, size_t extra_size)
1800{
1801        size_t pos = buf->data - buf->begin;
1802        size_t size = pos + extra_size;
1803        u8 *tmp;
1804
1805        size = round_up(size, FWLOAD_BLOCK_SIZE);
1806
1807        tmp = krealloc(buf->begin, size, GFP_KERNEL | GFP_DMA);
1808        if (!tmp) {
1809                wsm_buf_deinit(buf);
1810                return -ENOMEM;
1811        }
1812
1813        buf->begin = tmp;
1814        buf->data = &buf->begin[pos];
1815        buf->end = &buf->begin[size];
1816        return 0;
1817}
1818