2 * Copyright (c) 2012-2014 Qualcomm Atheros, Inc.
4 * Permission to use, copy, modify, and/or distribute this software for any
5 * purpose with or without fee is hereby granted, provided that the above
6 * copyright notice and this permission notice appear in all copies.
8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 #include <linux/moduleparam.h>
18 #include <linux/etherdevice.h>
19 #include <linux/if_arp.h>
26 static uint max_assoc_sta = 1;
27 module_param(max_assoc_sta, uint, S_IRUGO | S_IWUSR);
28 MODULE_PARM_DESC(max_assoc_sta, " Max number of stations associated to the AP");
31 * WMI event receiving - theory of operations
33 * When firmware about to report WMI event, it fills memory area
34 * in the mailbox and raises misc. IRQ. Thread interrupt handler invoked for
35 * the misc IRQ, function @wmi_recv_cmd called by thread IRQ handler.
37 * @wmi_recv_cmd reads event, allocates memory chunk and attaches it to the
38 * event list @wil->pending_wmi_ev. Then, work queue @wil->wmi_wq wakes up
39 * and handles events within the @wmi_event_worker. Every event get detached
40 * from list, processed and deleted.
42 * Purpose for this mechanism is to release IRQ thread; otherwise,
43 * if WMI event handling involves another WMI command flow, this 2-nd flow
44 * won't be completed because of blocked IRQ thread.
48 * Addressing - theory of operations
50 * There are several buses present on the WIL6210 card.
51 * Same memory areas are visible at different address on
52 * the different busses. There are 3 main bus masters:
54 * - User CPU (firmware)
57 * On the PCI bus, there is one BAR (BAR0) of 2Mb size, exposing
58 * AHB addresses starting from 0x880000
60 * Internally, firmware uses addresses that allows faster access but
61 * are invisible from the host. To read from these addresses, alternative
62 * AHB address must be used.
65 * Linker address PCI/Host address
66 * 0x880000 .. 0xa80000 2Mb BAR0
67 * 0x800000 .. 0x807000 0x900000 .. 0x907000 28k DCCM
68 * 0x840000 .. 0x857000 0x908000 .. 0x91f000 92k PERIPH
72 * @fw_mapping provides memory remapping table
74 * array size should be in sync with the declaration in the wil6210.h
76 const struct fw_map fw_mapping[] = {
77 {0x000000, 0x040000, 0x8c0000, "fw_code"}, /* FW code RAM 256k */
78 {0x800000, 0x808000, 0x900000, "fw_data"}, /* FW data RAM 32k */
79 {0x840000, 0x860000, 0x908000, "fw_peri"}, /* periph. data RAM 128k */
80 {0x880000, 0x88a000, 0x880000, "rgf"}, /* various RGF 40k */
81 {0x88a000, 0x88b000, 0x88a000, "AGC_tbl"}, /* AGC table 4k */
82 {0x88b000, 0x88c000, 0x88b000, "rgf_ext"}, /* Pcie_ext_rgf 4k */
83 {0x8c0000, 0x949000, 0x8c0000, "upper"}, /* upper area 548k */
85 * 920000..930000 ucode code RAM
86 * 930000..932000 ucode data RAM
87 * 932000..949000 back-door debug data
92 * return AHB address for given firmware/ucode internal (linker) address
93 * @x - internal address
94 * If address have no valid AHB mapping, return 0
96 static u32 wmi_addr_remap(u32 x)
100 for (i = 0; i < ARRAY_SIZE(fw_mapping); i++) {
101 if ((x >= fw_mapping[i].from) && (x < fw_mapping[i].to))
102 return x + fw_mapping[i].host - fw_mapping[i].from;
109 * Check address validity for WMI buffer; remap if needed
110 * @ptr - internal (linker) fw/ucode address
112 * Valid buffer should be DWORD aligned
114 * return address for accessing buffer from the host;
115 * if buffer is not valid, return NULL.
117 void __iomem *wmi_buffer(struct wil6210_priv *wil, __le32 ptr_)
120 u32 ptr = le32_to_cpu(ptr_);
125 ptr = wmi_addr_remap(ptr);
126 if (ptr < WIL6210_FW_HOST_OFF)
130 if (off > WIL6210_MEM_SIZE - 4)
133 return wil->csr + off;
137 * Check address validity
139 void __iomem *wmi_addr(struct wil6210_priv *wil, u32 ptr)
146 if (ptr < WIL6210_FW_HOST_OFF)
150 if (off > WIL6210_MEM_SIZE - 4)
153 return wil->csr + off;
156 int wmi_read_hdr(struct wil6210_priv *wil, __le32 ptr,
157 struct wil6210_mbox_hdr *hdr)
159 void __iomem *src = wmi_buffer(wil, ptr);
164 wil_memcpy_fromio_32(hdr, src, sizeof(*hdr));
169 static int __wmi_send(struct wil6210_priv *wil, u16 cmdid, void *buf, u16 len)
172 struct wil6210_mbox_hdr hdr;
173 struct wil6210_mbox_hdr_wmi wmi;
176 .type = WIL_MBOX_HDR_TYPE_WMI,
178 .len = cpu_to_le16(sizeof(cmd.wmi) + len),
182 .id = cpu_to_le16(cmdid),
185 struct wil6210_mbox_ring *r = &wil->mbox_ctl.tx;
186 struct wil6210_mbox_ring_desc d_head;
189 void __iomem *head = wmi_addr(wil, r->head);
192 if (sizeof(cmd) + len > r->entry_size) {
193 wil_err(wil, "WMI size too large: %d bytes, max is %d\n",
194 (int)(sizeof(cmd) + len), r->entry_size);
200 if (!test_bit(wil_status_fwready, &wil->status)) {
201 wil_err(wil, "WMI: cannot send command while FW not ready\n");
206 wil_err(wil, "WMI head is garbage: 0x%08x\n", r->head);
209 /* read Tx head till it is not busy */
210 for (retry = 5; retry > 0; retry--) {
211 wil_memcpy_fromio_32(&d_head, head, sizeof(d_head));
212 if (d_head.sync == 0)
216 if (d_head.sync != 0) {
217 wil_err(wil, "WMI head busy\n");
221 next_head = r->base + ((r->head - r->base + sizeof(d_head)) % r->size);
222 wil_dbg_wmi(wil, "Head 0x%08x -> 0x%08x\n", r->head, next_head);
223 /* wait till FW finish with previous command */
224 for (retry = 5; retry > 0; retry--) {
225 r->tail = ioread32(wil->csr + HOST_MBOX +
226 offsetof(struct wil6210_mbox_ctl, tx.tail));
227 if (next_head != r->tail)
231 if (next_head == r->tail) {
232 wil_err(wil, "WMI ring full\n");
235 dst = wmi_buffer(wil, d_head.addr);
237 wil_err(wil, "invalid WMI buffer: 0x%08x\n",
238 le32_to_cpu(d_head.addr));
241 cmd.hdr.seq = cpu_to_le16(++wil->wmi_seq);
243 wil_dbg_wmi(wil, "WMI command 0x%04x [%d]\n", cmdid, len);
244 wil_hex_dump_wmi("Cmd ", DUMP_PREFIX_OFFSET, 16, 1, &cmd,
246 wil_hex_dump_wmi("cmd ", DUMP_PREFIX_OFFSET, 16, 1, buf,
248 wil_memcpy_toio_32(dst, &cmd, sizeof(cmd));
249 wil_memcpy_toio_32(dst + sizeof(cmd), buf, len);
250 /* mark entry as full */
251 iowrite32(1, wil->csr + HOSTADDR(r->head) +
252 offsetof(struct wil6210_mbox_ring_desc, sync));
253 /* advance next ptr */
254 iowrite32(r->head = next_head, wil->csr + HOST_MBOX +
255 offsetof(struct wil6210_mbox_ctl, tx.head));
257 trace_wil6210_wmi_cmd(&cmd.wmi, buf, len);
259 /* interrupt to FW */
260 iowrite32(SW_INT_MBOX, wil->csr + HOST_SW_INT);
265 int wmi_send(struct wil6210_priv *wil, u16 cmdid, void *buf, u16 len)
269 mutex_lock(&wil->wmi_mutex);
270 rc = __wmi_send(wil, cmdid, buf, len);
271 mutex_unlock(&wil->wmi_mutex);
276 /*=== Event handlers ===*/
277 static void wmi_evt_ready(struct wil6210_priv *wil, int id, void *d, int len)
279 struct net_device *ndev = wil_to_ndev(wil);
280 struct wireless_dev *wdev = wil->wdev;
281 struct wmi_ready_event *evt = d;
283 wil->fw_version = le32_to_cpu(evt->sw_version);
284 wil->n_mids = evt->numof_additional_mids;
286 wil_info(wil, "FW ver. %d; MAC %pM; %d MID's\n", wil->fw_version,
287 evt->mac, wil->n_mids);
289 if (!is_valid_ether_addr(ndev->dev_addr)) {
290 memcpy(ndev->dev_addr, evt->mac, ETH_ALEN);
291 memcpy(ndev->perm_addr, evt->mac, ETH_ALEN);
293 snprintf(wdev->wiphy->fw_version, sizeof(wdev->wiphy->fw_version),
294 "%d", wil->fw_version);
297 static void wmi_evt_fw_ready(struct wil6210_priv *wil, int id, void *d,
300 wil_dbg_wmi(wil, "WMI: got FW ready event\n");
302 set_bit(wil_status_fwready, &wil->status);
303 /* reuse wmi_ready for the firmware ready indication */
304 complete(&wil->wmi_ready);
307 static void wmi_evt_rx_mgmt(struct wil6210_priv *wil, int id, void *d, int len)
309 struct wmi_rx_mgmt_packet_event *data = d;
310 struct wiphy *wiphy = wil_to_wiphy(wil);
311 struct ieee80211_mgmt *rx_mgmt_frame =
312 (struct ieee80211_mgmt *)data->payload;
313 int ch_no = data->info.channel+1;
314 u32 freq = ieee80211_channel_to_frequency(ch_no,
315 IEEE80211_BAND_60GHZ);
316 struct ieee80211_channel *channel = ieee80211_get_channel(wiphy, freq);
317 s32 signal = data->info.sqi;
318 __le16 fc = rx_mgmt_frame->frame_control;
319 u32 d_len = le32_to_cpu(data->info.len);
320 u16 d_status = le16_to_cpu(data->info.status);
322 wil_dbg_wmi(wil, "MGMT: channel %d MCS %d SNR %d SQI %d%%\n",
323 data->info.channel, data->info.mcs, data->info.snr,
325 wil_dbg_wmi(wil, "status 0x%04x len %d fc 0x%04x\n", d_status, d_len,
327 wil_dbg_wmi(wil, "qid %d mid %d cid %d\n",
328 data->info.qid, data->info.mid, data->info.cid);
331 wil_err(wil, "Frame on unsupported channel\n");
335 if (ieee80211_is_beacon(fc) || ieee80211_is_probe_resp(fc)) {
336 struct cfg80211_bss *bss;
337 u64 tsf = le64_to_cpu(rx_mgmt_frame->u.beacon.timestamp);
338 u16 cap = le16_to_cpu(rx_mgmt_frame->u.beacon.capab_info);
339 u16 bi = le16_to_cpu(rx_mgmt_frame->u.beacon.beacon_int);
340 const u8 *ie_buf = rx_mgmt_frame->u.beacon.variable;
341 size_t ie_len = d_len - offsetof(struct ieee80211_mgmt,
343 wil_dbg_wmi(wil, "Capability info : 0x%04x\n", cap);
344 wil_dbg_wmi(wil, "TSF : 0x%016llx\n", tsf);
345 wil_dbg_wmi(wil, "Beacon interval : %d\n", bi);
346 wil_hex_dump_wmi("IE ", DUMP_PREFIX_OFFSET, 16, 1, ie_buf,
349 bss = cfg80211_inform_bss_frame(wiphy, channel, rx_mgmt_frame,
350 d_len, signal, GFP_KERNEL);
352 wil_dbg_wmi(wil, "Added BSS %pM\n",
353 rx_mgmt_frame->bssid);
354 cfg80211_put_bss(wiphy, bss);
356 wil_err(wil, "cfg80211_inform_bss_frame() failed\n");
359 cfg80211_rx_mgmt(wil->wdev, freq, signal,
360 (void *)rx_mgmt_frame, d_len, 0);
364 static void wmi_evt_scan_complete(struct wil6210_priv *wil, int id,
367 if (wil->scan_request) {
368 struct wmi_scan_complete_event *data = d;
369 bool aborted = (data->status != WMI_SCAN_SUCCESS);
371 wil_dbg_wmi(wil, "SCAN_COMPLETE(0x%08x)\n", data->status);
372 wil_dbg_misc(wil, "Complete scan_request 0x%p aborted %d\n",
373 wil->scan_request, aborted);
375 del_timer_sync(&wil->scan_timer);
376 cfg80211_scan_done(wil->scan_request, aborted);
377 wil->scan_request = NULL;
379 wil_err(wil, "SCAN_COMPLETE while not scanning\n");
383 static void wmi_evt_connect(struct wil6210_priv *wil, int id, void *d, int len)
385 struct net_device *ndev = wil_to_ndev(wil);
386 struct wireless_dev *wdev = wil->wdev;
387 struct wmi_connect_event *evt = d;
388 int ch; /* channel number */
389 struct station_info sinfo;
390 u8 *assoc_req_ie, *assoc_resp_ie;
391 size_t assoc_req_ielen, assoc_resp_ielen;
392 /* capinfo(u16) + listen_interval(u16) + IEs */
393 const size_t assoc_req_ie_offset = sizeof(u16) * 2;
394 /* capinfo(u16) + status_code(u16) + associd(u16) + IEs */
395 const size_t assoc_resp_ie_offset = sizeof(u16) * 3;
397 if (len < sizeof(*evt)) {
398 wil_err(wil, "Connect event too short : %d bytes\n", len);
401 if (len != sizeof(*evt) + evt->beacon_ie_len + evt->assoc_req_len +
402 evt->assoc_resp_len) {
404 "Connect event corrupted : %d != %d + %d + %d + %d\n",
405 len, (int)sizeof(*evt), evt->beacon_ie_len,
406 evt->assoc_req_len, evt->assoc_resp_len);
409 if (evt->cid >= WIL6210_MAX_CID) {
410 wil_err(wil, "Connect CID invalid : %d\n", evt->cid);
414 ch = evt->channel + 1;
415 wil_dbg_wmi(wil, "Connect %pM channel [%d] cid %d\n",
416 evt->bssid, ch, evt->cid);
417 wil_hex_dump_wmi("connect AI : ", DUMP_PREFIX_OFFSET, 16, 1,
418 evt->assoc_info, len - sizeof(*evt), true);
420 /* figure out IE's */
421 assoc_req_ie = &evt->assoc_info[evt->beacon_ie_len +
422 assoc_req_ie_offset];
423 assoc_req_ielen = evt->assoc_req_len - assoc_req_ie_offset;
424 if (evt->assoc_req_len <= assoc_req_ie_offset) {
429 assoc_resp_ie = &evt->assoc_info[evt->beacon_ie_len +
431 assoc_resp_ie_offset];
432 assoc_resp_ielen = evt->assoc_resp_len - assoc_resp_ie_offset;
433 if (evt->assoc_resp_len <= assoc_resp_ie_offset) {
434 assoc_resp_ie = NULL;
435 assoc_resp_ielen = 0;
438 if ((wdev->iftype == NL80211_IFTYPE_STATION) ||
439 (wdev->iftype == NL80211_IFTYPE_P2P_CLIENT)) {
440 if (!test_bit(wil_status_fwconnecting, &wil->status)) {
441 wil_err(wil, "Not in connecting state\n");
444 del_timer_sync(&wil->connect_timer);
445 cfg80211_connect_result(ndev, evt->bssid,
446 assoc_req_ie, assoc_req_ielen,
447 assoc_resp_ie, assoc_resp_ielen,
448 WLAN_STATUS_SUCCESS, GFP_KERNEL);
450 } else if ((wdev->iftype == NL80211_IFTYPE_AP) ||
451 (wdev->iftype == NL80211_IFTYPE_P2P_GO)) {
452 memset(&sinfo, 0, sizeof(sinfo));
454 sinfo.generation = wil->sinfo_gen++;
457 sinfo.assoc_req_ies = assoc_req_ie;
458 sinfo.assoc_req_ies_len = assoc_req_ielen;
459 sinfo.filled |= STATION_INFO_ASSOC_REQ_IES;
462 cfg80211_new_sta(ndev, evt->bssid, &sinfo, GFP_KERNEL);
464 clear_bit(wil_status_fwconnecting, &wil->status);
465 set_bit(wil_status_fwconnected, &wil->status);
467 /* FIXME FW can transmit only ucast frames to peer */
468 /* FIXME real ring_id instead of hard coded 0 */
469 memcpy(wil->sta[evt->cid].addr, evt->bssid, ETH_ALEN);
470 wil->sta[evt->cid].status = wil_sta_conn_pending;
472 wil->pending_connect_cid = evt->cid;
473 queue_work(wil->wmi_wq_conn, &wil->connect_worker);
476 static void wmi_evt_disconnect(struct wil6210_priv *wil, int id,
479 struct wmi_disconnect_event *evt = d;
481 wil_dbg_wmi(wil, "Disconnect %pM reason %d proto %d wmi\n",
483 evt->protocol_reason_status, evt->disconnect_reason);
487 mutex_lock(&wil->mutex);
488 wil6210_disconnect(wil, evt->bssid);
489 mutex_unlock(&wil->mutex);
493 * Firmware reports EAPOL frame using WME event.
494 * Reconstruct Ethernet frame and deliver it via normal Rx
496 static void wmi_evt_eapol_rx(struct wil6210_priv *wil, int id,
499 struct net_device *ndev = wil_to_ndev(wil);
500 struct wmi_eapol_rx_event *evt = d;
501 u16 eapol_len = le16_to_cpu(evt->eapol_len);
502 int sz = eapol_len + ETH_HLEN;
506 struct wil_net_stats *stats = NULL;
508 wil_dbg_wmi(wil, "EAPOL len %d from %pM\n", eapol_len,
511 cid = wil_find_cid(wil, evt->src_mac);
513 stats = &wil->sta[cid].stats;
515 if (eapol_len > 196) { /* TODO: revisit size limit */
516 wil_err(wil, "EAPOL too large\n");
520 skb = alloc_skb(sz, GFP_KERNEL);
522 wil_err(wil, "Failed to allocate skb\n");
526 eth = (struct ethhdr *)skb_put(skb, ETH_HLEN);
527 memcpy(eth->h_dest, ndev->dev_addr, ETH_ALEN);
528 memcpy(eth->h_source, evt->src_mac, ETH_ALEN);
529 eth->h_proto = cpu_to_be16(ETH_P_PAE);
530 memcpy(skb_put(skb, eapol_len), evt->eapol, eapol_len);
531 skb->protocol = eth_type_trans(skb, ndev);
532 if (likely(netif_rx_ni(skb) == NET_RX_SUCCESS)) {
533 ndev->stats.rx_packets++;
534 ndev->stats.rx_bytes += sz;
537 stats->rx_bytes += sz;
540 ndev->stats.rx_dropped++;
546 static void wmi_evt_linkup(struct wil6210_priv *wil, int id, void *d, int len)
548 struct net_device *ndev = wil_to_ndev(wil);
549 struct wmi_data_port_open_event *evt = d;
552 wil_dbg_wmi(wil, "Link UP for CID %d\n", cid);
554 if (cid >= ARRAY_SIZE(wil->sta)) {
555 wil_err(wil, "Link UP for invalid CID %d\n", cid);
559 wil->sta[cid].data_port_open = true;
560 netif_carrier_on(ndev);
563 static void wmi_evt_linkdown(struct wil6210_priv *wil, int id, void *d, int len)
565 struct net_device *ndev = wil_to_ndev(wil);
566 struct wmi_wbe_link_down_event *evt = d;
569 wil_dbg_wmi(wil, "Link DOWN for CID %d, reason %d\n",
570 cid, le32_to_cpu(evt->reason));
572 if (cid >= ARRAY_SIZE(wil->sta)) {
573 wil_err(wil, "Link DOWN for invalid CID %d\n", cid);
577 wil->sta[cid].data_port_open = false;
578 netif_carrier_off(ndev);
581 static void wmi_evt_ba_status(struct wil6210_priv *wil, int id, void *d,
584 struct wmi_vring_ba_status_event *evt = d;
585 struct wil_sta_info *sta;
588 /* TODO: use Rx BA status, not Tx one */
590 wil_dbg_wmi(wil, "BACK[%d] %s {%d} timeout %d\n",
592 evt->status == WMI_BA_AGREED ? "OK" : "N/A",
593 evt->agg_wsize, __le16_to_cpu(evt->ba_timeout));
595 if (evt->ringid >= WIL6210_MAX_TX_RINGS) {
596 wil_err(wil, "invalid ring id %d\n", evt->ringid);
600 mutex_lock(&wil->mutex);
602 cid = wil->vring2cid_tid[evt->ringid][0];
603 if (cid >= WIL6210_MAX_CID) {
604 wil_err(wil, "invalid CID %d for vring %d\n", cid, evt->ringid);
608 sta = &wil->sta[cid];
609 if (sta->status == wil_sta_unused) {
610 wil_err(wil, "CID %d unused\n", cid);
614 wil_dbg_wmi(wil, "BACK for CID %d %pM\n", cid, sta->addr);
615 for (i = 0; i < WIL_STA_TID_NUM; i++) {
616 struct wil_tid_ampdu_rx *r;
619 spin_lock_irqsave(&sta->tid_rx_lock, flags);
622 sta->tid_rx[i] = NULL;
623 wil_tid_ampdu_rx_free(wil, r);
625 spin_unlock_irqrestore(&sta->tid_rx_lock, flags);
627 if ((evt->status == WMI_BA_AGREED) && evt->agg_wsize)
628 sta->tid_rx[i] = wil_tid_ampdu_rx_alloc(wil,
633 mutex_unlock(&wil->mutex);
636 static const struct {
638 void (*handler)(struct wil6210_priv *wil, int eventid,
639 void *data, int data_len);
640 } wmi_evt_handlers[] = {
641 {WMI_READY_EVENTID, wmi_evt_ready},
642 {WMI_FW_READY_EVENTID, wmi_evt_fw_ready},
643 {WMI_RX_MGMT_PACKET_EVENTID, wmi_evt_rx_mgmt},
644 {WMI_SCAN_COMPLETE_EVENTID, wmi_evt_scan_complete},
645 {WMI_CONNECT_EVENTID, wmi_evt_connect},
646 {WMI_DISCONNECT_EVENTID, wmi_evt_disconnect},
647 {WMI_EAPOL_RX_EVENTID, wmi_evt_eapol_rx},
648 {WMI_DATA_PORT_OPEN_EVENTID, wmi_evt_linkup},
649 {WMI_WBE_LINKDOWN_EVENTID, wmi_evt_linkdown},
650 {WMI_BA_STATUS_EVENTID, wmi_evt_ba_status},
655 * Extract WMI command from mailbox. Queue it to the @wil->pending_wmi_ev
656 * that will be eventually handled by the @wmi_event_worker in the thread
657 * context of thread "wil6210_wmi"
659 void wmi_recv_cmd(struct wil6210_priv *wil)
661 struct wil6210_mbox_ring_desc d_tail;
662 struct wil6210_mbox_hdr hdr;
663 struct wil6210_mbox_ring *r = &wil->mbox_ctl.rx;
664 struct pending_wmi_event *evt;
670 if (!test_bit(wil_status_reset_done, &wil->status)) {
671 wil_err(wil, "Reset in progress. Cannot handle WMI event\n");
679 r->head = ioread32(wil->csr + HOST_MBOX +
680 offsetof(struct wil6210_mbox_ctl, rx.head));
681 if (r->tail == r->head)
684 wil_dbg_wmi(wil, "Mbox head %08x tail %08x\n",
686 /* read cmd descriptor from tail */
687 wil_memcpy_fromio_32(&d_tail, wil->csr + HOSTADDR(r->tail),
688 sizeof(struct wil6210_mbox_ring_desc));
689 if (d_tail.sync == 0) {
690 wil_err(wil, "Mbox evt not owned by FW?\n");
694 /* read cmd header from descriptor */
695 if (0 != wmi_read_hdr(wil, d_tail.addr, &hdr)) {
696 wil_err(wil, "Mbox evt at 0x%08x?\n",
697 le32_to_cpu(d_tail.addr));
700 len = le16_to_cpu(hdr.len);
701 wil_dbg_wmi(wil, "Mbox evt %04x %04x %04x %02x\n",
702 le16_to_cpu(hdr.seq), len, le16_to_cpu(hdr.type),
705 /* read cmd buffer from descriptor */
706 src = wmi_buffer(wil, d_tail.addr) +
707 sizeof(struct wil6210_mbox_hdr);
708 evt = kmalloc(ALIGN(offsetof(struct pending_wmi_event,
709 event.wmi) + len, 4),
714 evt->event.hdr = hdr;
715 cmd = (void *)&evt->event.wmi;
716 wil_memcpy_fromio_32(cmd, src, len);
717 /* mark entry as empty */
718 iowrite32(0, wil->csr + HOSTADDR(r->tail) +
719 offsetof(struct wil6210_mbox_ring_desc, sync));
721 if ((hdr.type == WIL_MBOX_HDR_TYPE_WMI) &&
722 (len >= sizeof(struct wil6210_mbox_hdr_wmi))) {
723 struct wil6210_mbox_hdr_wmi *wmi = &evt->event.wmi;
724 u16 id = le16_to_cpu(wmi->id);
725 u32 tstamp = le32_to_cpu(wmi->timestamp);
727 wil_dbg_wmi(wil, "WMI event 0x%04x MID %d @%d msec\n",
728 id, wmi->mid, tstamp);
729 trace_wil6210_wmi_event(wmi, &wmi[1],
732 wil_hex_dump_wmi("evt ", DUMP_PREFIX_OFFSET, 16, 1,
733 &evt->event.hdr, sizeof(hdr) + len, true);
736 r->tail = r->base + ((r->tail - r->base +
737 sizeof(struct wil6210_mbox_ring_desc)) % r->size);
738 iowrite32(r->tail, wil->csr + HOST_MBOX +
739 offsetof(struct wil6210_mbox_ctl, rx.tail));
741 /* add to the pending list */
742 spin_lock_irqsave(&wil->wmi_ev_lock, flags);
743 list_add_tail(&evt->list, &wil->pending_wmi_ev);
744 spin_unlock_irqrestore(&wil->wmi_ev_lock, flags);
745 q = queue_work(wil->wmi_wq, &wil->wmi_event_worker);
746 wil_dbg_wmi(wil, "queue_work -> %d\n", q);
748 /* normally, 1 event per IRQ should be processed */
749 wil_dbg_wmi(wil, "%s -> %d events queued\n", __func__, n);
752 int wmi_call(struct wil6210_priv *wil, u16 cmdid, void *buf, u16 len,
753 u16 reply_id, void *reply, u8 reply_size, int to_msec)
758 mutex_lock(&wil->wmi_mutex);
760 rc = __wmi_send(wil, cmdid, buf, len);
764 wil->reply_id = reply_id;
765 wil->reply_buf = reply;
766 wil->reply_size = reply_size;
767 remain = wait_for_completion_timeout(&wil->wmi_ready,
768 msecs_to_jiffies(to_msec));
770 wil_err(wil, "wmi_call(0x%04x->0x%04x) timeout %d msec\n",
771 cmdid, reply_id, to_msec);
775 "wmi_call(0x%04x->0x%04x) completed in %d msec\n",
777 to_msec - jiffies_to_msecs(remain));
780 wil->reply_buf = NULL;
783 mutex_unlock(&wil->wmi_mutex);
788 int wmi_echo(struct wil6210_priv *wil)
790 struct wmi_echo_cmd cmd = {
791 .value = cpu_to_le32(0x12345678),
794 return wmi_call(wil, WMI_ECHO_CMDID, &cmd, sizeof(cmd),
795 WMI_ECHO_RSP_EVENTID, NULL, 0, 20);
798 int wmi_set_mac_address(struct wil6210_priv *wil, void *addr)
800 struct wmi_set_mac_address_cmd cmd;
802 memcpy(cmd.mac, addr, ETH_ALEN);
804 wil_dbg_wmi(wil, "Set MAC %pM\n", addr);
806 return wmi_send(wil, WMI_SET_MAC_ADDRESS_CMDID, &cmd, sizeof(cmd));
809 int wmi_pcp_start(struct wil6210_priv *wil, int bi, u8 wmi_nettype, u8 chan)
813 struct wmi_pcp_start_cmd cmd = {
814 .bcon_interval = cpu_to_le16(bi),
815 .network_type = wmi_nettype,
816 .disable_sec_offload = 1,
818 .pcp_max_assoc_sta = max_assoc_sta,
821 struct wil6210_mbox_hdr_wmi wmi;
822 struct wmi_pcp_started_event evt;
825 if (!wil->secure_pcp)
828 if ((cmd.pcp_max_assoc_sta > WIL6210_MAX_CID) ||
829 (cmd.pcp_max_assoc_sta <= 0)) {
831 "Requested connection limit %u, valid values are 1 - %d. Setting to %d\n",
832 max_assoc_sta, WIL6210_MAX_CID, WIL6210_MAX_CID);
833 cmd.pcp_max_assoc_sta = WIL6210_MAX_CID;
837 * Processing time may be huge, in case of secure AP it takes about
838 * 3500ms for FW to start AP
840 rc = wmi_call(wil, WMI_PCP_START_CMDID, &cmd, sizeof(cmd),
841 WMI_PCP_STARTED_EVENTID, &reply, sizeof(reply), 5000);
845 if (reply.evt.status != WMI_FW_STATUS_SUCCESS)
851 int wmi_pcp_stop(struct wil6210_priv *wil)
853 return wmi_call(wil, WMI_PCP_STOP_CMDID, NULL, 0,
854 WMI_PCP_STOPPED_EVENTID, NULL, 0, 20);
857 int wmi_set_ssid(struct wil6210_priv *wil, u8 ssid_len, const void *ssid)
859 struct wmi_set_ssid_cmd cmd = {
860 .ssid_len = cpu_to_le32(ssid_len),
863 if (ssid_len > sizeof(cmd.ssid))
866 memcpy(cmd.ssid, ssid, ssid_len);
868 return wmi_send(wil, WMI_SET_SSID_CMDID, &cmd, sizeof(cmd));
871 int wmi_get_ssid(struct wil6210_priv *wil, u8 *ssid_len, void *ssid)
875 struct wil6210_mbox_hdr_wmi wmi;
876 struct wmi_set_ssid_cmd cmd;
878 int len; /* reply.cmd.ssid_len in CPU order */
880 rc = wmi_call(wil, WMI_GET_SSID_CMDID, NULL, 0, WMI_GET_SSID_EVENTID,
881 &reply, sizeof(reply), 20);
885 len = le32_to_cpu(reply.cmd.ssid_len);
886 if (len > sizeof(reply.cmd.ssid))
890 memcpy(ssid, reply.cmd.ssid, len);
895 int wmi_set_channel(struct wil6210_priv *wil, int channel)
897 struct wmi_set_pcp_channel_cmd cmd = {
898 .channel = channel - 1,
901 return wmi_send(wil, WMI_SET_PCP_CHANNEL_CMDID, &cmd, sizeof(cmd));
904 int wmi_get_channel(struct wil6210_priv *wil, int *channel)
908 struct wil6210_mbox_hdr_wmi wmi;
909 struct wmi_set_pcp_channel_cmd cmd;
912 rc = wmi_call(wil, WMI_GET_PCP_CHANNEL_CMDID, NULL, 0,
913 WMI_GET_PCP_CHANNEL_EVENTID, &reply, sizeof(reply), 20);
917 if (reply.cmd.channel > 3)
920 *channel = reply.cmd.channel + 1;
925 int wmi_p2p_cfg(struct wil6210_priv *wil, int channel)
927 struct wmi_p2p_cfg_cmd cmd = {
928 .discovery_mode = WMI_DISCOVERY_MODE_NON_OFFLOAD,
929 .channel = channel - 1,
932 return wmi_send(wil, WMI_P2P_CFG_CMDID, &cmd, sizeof(cmd));
935 int wmi_del_cipher_key(struct wil6210_priv *wil, u8 key_index,
936 const void *mac_addr)
938 struct wmi_delete_cipher_key_cmd cmd = {
939 .key_index = key_index,
943 memcpy(cmd.mac, mac_addr, WMI_MAC_LEN);
945 return wmi_send(wil, WMI_DELETE_CIPHER_KEY_CMDID, &cmd, sizeof(cmd));
948 int wmi_add_cipher_key(struct wil6210_priv *wil, u8 key_index,
949 const void *mac_addr, int key_len, const void *key)
951 struct wmi_add_cipher_key_cmd cmd = {
952 .key_index = key_index,
953 .key_usage = WMI_KEY_USE_PAIRWISE,
957 if (!key || (key_len > sizeof(cmd.key)))
960 memcpy(cmd.key, key, key_len);
962 memcpy(cmd.mac, mac_addr, WMI_MAC_LEN);
964 return wmi_send(wil, WMI_ADD_CIPHER_KEY_CMDID, &cmd, sizeof(cmd));
967 int wmi_set_ie(struct wil6210_priv *wil, u8 type, u16 ie_len, const void *ie)
970 u16 len = sizeof(struct wmi_set_appie_cmd) + ie_len;
971 struct wmi_set_appie_cmd *cmd = kzalloc(len, GFP_KERNEL);
978 cmd->mgmt_frm_type = type;
979 /* BUG: FW API define ieLen as u8. Will fix FW */
980 cmd->ie_len = cpu_to_le16(ie_len);
981 memcpy(cmd->ie_info, ie, ie_len);
982 rc = wmi_send(wil, WMI_SET_APPIE_CMDID, cmd, len);
989 * wmi_rxon - turn radio on/off
990 * @on: turn on if true, off otherwise
992 * Only switch radio. Channel should be set separately.
993 * No timeout for rxon - radio turned on forever unless some other call
996 int wmi_rxon(struct wil6210_priv *wil, bool on)
1000 struct wil6210_mbox_hdr_wmi wmi;
1001 struct wmi_listen_started_event evt;
1004 wil_info(wil, "%s(%s)\n", __func__, on ? "on" : "off");
1007 rc = wmi_call(wil, WMI_START_LISTEN_CMDID, NULL, 0,
1008 WMI_LISTEN_STARTED_EVENTID,
1009 &reply, sizeof(reply), 100);
1010 if ((rc == 0) && (reply.evt.status != WMI_FW_STATUS_SUCCESS))
1013 rc = wmi_call(wil, WMI_DISCOVERY_STOP_CMDID, NULL, 0,
1014 WMI_DISCOVERY_STOPPED_EVENTID, NULL, 0, 20);
1020 int wmi_rx_chain_add(struct wil6210_priv *wil, struct vring *vring)
1022 struct wireless_dev *wdev = wil->wdev;
1023 struct net_device *ndev = wil_to_ndev(wil);
1024 struct wmi_cfg_rx_chain_cmd cmd = {
1025 .action = WMI_RX_CHAIN_ADD,
1027 .max_mpdu_size = cpu_to_le16(RX_BUF_LEN),
1028 .ring_mem_base = cpu_to_le64(vring->pa),
1029 .ring_size = cpu_to_le16(vring->size),
1031 .mid = 0, /* TODO - what is it? */
1032 .decap_trans_type = WMI_DECAP_TYPE_802_3,
1033 .reorder_type = WMI_RX_SW_REORDER,
1036 struct wil6210_mbox_hdr_wmi wmi;
1037 struct wmi_cfg_rx_chain_done_event evt;
1041 if (wdev->iftype == NL80211_IFTYPE_MONITOR) {
1042 struct ieee80211_channel *ch = wdev->preset_chandef.chan;
1044 cmd.sniffer_cfg.mode = cpu_to_le32(WMI_SNIFFER_ON);
1046 cmd.sniffer_cfg.channel = ch->hw_value - 1;
1047 cmd.sniffer_cfg.phy_info_mode =
1048 cpu_to_le32(ndev->type == ARPHRD_IEEE80211_RADIOTAP);
1049 cmd.sniffer_cfg.phy_support =
1050 cpu_to_le32((wil->monitor_flags & MONITOR_FLAG_CONTROL)
1051 ? WMI_SNIFFER_CP : WMI_SNIFFER_DP);
1053 /* Initialize offload (in non-sniffer mode).
1054 * Linux IP stack always calculates IP checksum
1055 * HW always calculate TCP/UDP checksum
1057 cmd.l3_l4_ctrl |= (1 << L3_L4_CTRL_TCPIP_CHECKSUM_EN_POS);
1059 /* typical time for secure PCP is 840ms */
1060 rc = wmi_call(wil, WMI_CFG_RX_CHAIN_CMDID, &cmd, sizeof(cmd),
1061 WMI_CFG_RX_CHAIN_DONE_EVENTID, &evt, sizeof(evt), 2000);
1065 vring->hwtail = le32_to_cpu(evt.evt.rx_ring_tail_ptr);
1067 wil_dbg_misc(wil, "Rx init: status %d tail 0x%08x\n",
1068 le32_to_cpu(evt.evt.status), vring->hwtail);
1070 if (le32_to_cpu(evt.evt.status) != WMI_CFG_RX_CHAIN_SUCCESS)
1076 int wmi_get_temperature(struct wil6210_priv *wil, u32 *t_m, u32 *t_r)
1079 struct wmi_temp_sense_cmd cmd = {
1080 .measure_marlon_m_en = cpu_to_le32(!!t_m),
1081 .measure_marlon_r_en = cpu_to_le32(!!t_r),
1084 struct wil6210_mbox_hdr_wmi wmi;
1085 struct wmi_temp_sense_done_event evt;
1088 rc = wmi_call(wil, WMI_TEMP_SENSE_CMDID, &cmd, sizeof(cmd),
1089 WMI_TEMP_SENSE_DONE_EVENTID, &reply, sizeof(reply), 100);
1094 *t_m = le32_to_cpu(reply.evt.marlon_m_t1000);
1096 *t_r = le32_to_cpu(reply.evt.marlon_r_t1000);
1101 int wmi_disconnect_sta(struct wil6210_priv *wil, const u8 *mac, u16 reason)
1103 struct wmi_disconnect_sta_cmd cmd = {
1104 .disconnect_reason = cpu_to_le16(reason),
1106 memcpy(cmd.dst_mac, mac, ETH_ALEN);
1108 wil_dbg_wmi(wil, "%s(%pM, reason %d)\n", __func__, mac, reason);
1110 return wmi_send(wil, WMI_DISCONNECT_STA_CMDID, &cmd, sizeof(cmd));
1113 void wmi_event_flush(struct wil6210_priv *wil)
1115 struct pending_wmi_event *evt, *t;
1117 wil_dbg_wmi(wil, "%s()\n", __func__);
1119 list_for_each_entry_safe(evt, t, &wil->pending_wmi_ev, list) {
1120 list_del(&evt->list);
1125 static bool wmi_evt_call_handler(struct wil6210_priv *wil, int id,
1130 for (i = 0; i < ARRAY_SIZE(wmi_evt_handlers); i++) {
1131 if (wmi_evt_handlers[i].eventid == id) {
1132 wmi_evt_handlers[i].handler(wil, id, d, len);
1140 static void wmi_event_handle(struct wil6210_priv *wil,
1141 struct wil6210_mbox_hdr *hdr)
1143 u16 len = le16_to_cpu(hdr->len);
1145 if ((hdr->type == WIL_MBOX_HDR_TYPE_WMI) &&
1146 (len >= sizeof(struct wil6210_mbox_hdr_wmi))) {
1147 struct wil6210_mbox_hdr_wmi *wmi = (void *)(&hdr[1]);
1148 void *evt_data = (void *)(&wmi[1]);
1149 u16 id = le16_to_cpu(wmi->id);
1151 wil_dbg_wmi(wil, "Handle WMI 0x%04x (reply_id 0x%04x)\n",
1153 /* check if someone waits for this event */
1154 if (wil->reply_id && wil->reply_id == id) {
1155 if (wil->reply_buf) {
1156 memcpy(wil->reply_buf, wmi,
1157 min(len, wil->reply_size));
1159 wmi_evt_call_handler(wil, id, evt_data,
1160 len - sizeof(*wmi));
1162 wil_dbg_wmi(wil, "Complete WMI 0x%04x\n", id);
1163 complete(&wil->wmi_ready);
1166 /* unsolicited event */
1167 /* search for handler */
1168 if (!wmi_evt_call_handler(wil, id, evt_data,
1169 len - sizeof(*wmi))) {
1170 wil_err(wil, "Unhandled event 0x%04x\n", id);
1173 wil_err(wil, "Unknown event type\n");
1174 print_hex_dump(KERN_ERR, "evt?? ", DUMP_PREFIX_OFFSET, 16, 1,
1175 hdr, sizeof(*hdr) + len, true);
1180 * Retrieve next WMI event from the pending list
1182 static struct list_head *next_wmi_ev(struct wil6210_priv *wil)
1185 struct list_head *ret = NULL;
1187 spin_lock_irqsave(&wil->wmi_ev_lock, flags);
1189 if (!list_empty(&wil->pending_wmi_ev)) {
1190 ret = wil->pending_wmi_ev.next;
1194 spin_unlock_irqrestore(&wil->wmi_ev_lock, flags);
1200 * Handler for the WMI events
1202 void wmi_event_worker(struct work_struct *work)
1204 struct wil6210_priv *wil = container_of(work, struct wil6210_priv,
1206 struct pending_wmi_event *evt;
1207 struct list_head *lh;
1209 wil_dbg_wmi(wil, "Start %s\n", __func__);
1210 while ((lh = next_wmi_ev(wil)) != NULL) {
1211 evt = list_entry(lh, struct pending_wmi_event, list);
1212 wmi_event_handle(wil, &evt->event.hdr);
1215 wil_dbg_wmi(wil, "Finished %s\n", __func__);
projects / firefly-linux-kernel-4.4.55.git / blob