1 /*
2 * Firmware I/O code for mac80211 Prism54 drivers
3 *
4 * Copyright (c) 2006, Michael Wu <flamingice@sourmilk.net>
5 * Copyright (c) 2007-2009, Christian Lamparter <chunkeey@web.de>
6 * Copyright 2008, Johannes Berg <johannes@sipsolutions.net>
7 *
8 * Based on:
9 * - the islsm (softmac prism54) driver, which is:
10 * Copyright 2004-2006 Jean-Baptiste Note <jbnote@gmail.com>, et al.
11 * - stlc45xx driver
12 * Copyright (C) 2008 Nokia Corporation and/or its subsidiary(-ies).
13 *
14 * This program is free software; you can redistribute it and/or modify
15 * it under the terms of the GNU General Public License version 2 as
16 * published by the Free Software Foundation.
17 */
18
19 #include <linux/slab.h>
20 #include <linux/firmware.h>
21 #include <linux/etherdevice.h>
22 #include <linux/export.h>
23
24 #include <net/mac80211.h>
25
26 #include "p54.h"
27 #include "eeprom.h"
28 #include "lmac.h"
29
p54_parse_firmware(struct ieee80211_hw * dev,const struct firmware * fw)30 int p54_parse_firmware(struct ieee80211_hw *dev, const struct firmware *fw)
31 {
32 struct p54_common *priv = dev->priv;
33 struct exp_if *exp_if;
34 struct bootrec *bootrec;
35 u32 *data = (u32 *)fw->data;
36 u32 *end_data = (u32 *)fw->data + (fw->size >> 2);
37 u8 *fw_version = NULL;
38 size_t len;
39 int i;
40 int maxlen;
41
42 if (priv->rx_start)
43 return 0;
44
45 while (data < end_data && *data)
46 data++;
47
48 while (data < end_data && !*data)
49 data++;
50
51 bootrec = (struct bootrec *) data;
52
53 while (bootrec->data <= end_data && (bootrec->data +
54 (len = le32_to_cpu(bootrec->len))) <= end_data) {
55 u32 code = le32_to_cpu(bootrec->code);
56 switch (code) {
57 case BR_CODE_COMPONENT_ID:
58 priv->fw_interface = be32_to_cpup((__be32 *)
59 bootrec->data);
60 switch (priv->fw_interface) {
61 case FW_LM86:
62 case FW_LM20:
63 case FW_LM87: {
64 char *iftype = (char *)bootrec->data;
65 wiphy_info(priv->hw->wiphy,
66 "p54 detected a LM%c%c firmware\n",
67 iftype[2], iftype[3]);
68 break;
69 }
70 case FW_FMAC:
71 default:
72 wiphy_err(priv->hw->wiphy,
73 "unsupported firmware\n");
74 return -ENODEV;
75 }
76 break;
77 case BR_CODE_COMPONENT_VERSION:
78 /* 24 bytes should be enough for all firmwares */
79 if (strnlen((unsigned char *) bootrec->data, 24) < 24)
80 fw_version = (unsigned char *) bootrec->data;
81 break;
82 case BR_CODE_DESCR: {
83 struct bootrec_desc *desc =
84 (struct bootrec_desc *)bootrec->data;
85 priv->rx_start = le32_to_cpu(desc->rx_start);
86 /* FIXME add sanity checking */
87 priv->rx_end = le32_to_cpu(desc->rx_end) - 0x3500;
88 priv->headroom = desc->headroom;
89 priv->tailroom = desc->tailroom;
90 priv->privacy_caps = desc->privacy_caps;
91 priv->rx_keycache_size = desc->rx_keycache_size;
92 if (le32_to_cpu(bootrec->len) == 11)
93 priv->rx_mtu = le16_to_cpu(desc->rx_mtu);
94 else
95 priv->rx_mtu = (size_t)
96 0x620 - priv->tx_hdr_len;
97 maxlen = priv->tx_hdr_len + /* USB devices */
98 sizeof(struct p54_rx_data) +
99 4 + /* rx alignment */
100 IEEE80211_MAX_FRAG_THRESHOLD;
101 if (priv->rx_mtu > maxlen && PAGE_SIZE == 4096) {
102 printk(KERN_INFO "p54: rx_mtu reduced from %d "
103 "to %d\n", priv->rx_mtu, maxlen);
104 priv->rx_mtu = maxlen;
105 }
106 break;
107 }
108 case BR_CODE_EXPOSED_IF:
109 exp_if = (struct exp_if *) bootrec->data;
110 for (i = 0; i < (len * sizeof(*exp_if) / 4); i++)
111 if (exp_if[i].if_id == cpu_to_le16(IF_ID_LMAC))
112 priv->fw_var = le16_to_cpu(exp_if[i].variant);
113 break;
114 case BR_CODE_DEPENDENT_IF:
115 break;
116 case BR_CODE_END_OF_BRA:
117 case LEGACY_BR_CODE_END_OF_BRA:
118 end_data = NULL;
119 break;
120 default:
121 break;
122 }
123 bootrec = (struct bootrec *)&bootrec->data[len];
124 }
125
126 if (fw_version) {
127 wiphy_info(priv->hw->wiphy,
128 "FW rev %s - Softmac protocol %x.%x\n",
129 fw_version, priv->fw_var >> 8, priv->fw_var & 0xff);
130 snprintf(dev->wiphy->fw_version, sizeof(dev->wiphy->fw_version),
131 "%s - %x.%x", fw_version,
132 priv->fw_var >> 8, priv->fw_var & 0xff);
133 }
134
135 if (priv->fw_var < 0x500)
136 wiphy_info(priv->hw->wiphy,
137 "you are using an obsolete firmware. "
138 "visit http://wireless.kernel.org/en/users/Drivers/p54 "
139 "and grab one for \"kernel >= 2.6.28\"!\n");
140
141 if (priv->fw_var >= 0x300) {
142 /* Firmware supports QoS, use it! */
143
144 if (priv->fw_var >= 0x500) {
145 priv->tx_stats[P54_QUEUE_AC_VO].limit = 16;
146 priv->tx_stats[P54_QUEUE_AC_VI].limit = 16;
147 priv->tx_stats[P54_QUEUE_AC_BE].limit = 16;
148 priv->tx_stats[P54_QUEUE_AC_BK].limit = 16;
149 } else {
150 priv->tx_stats[P54_QUEUE_AC_VO].limit = 3;
151 priv->tx_stats[P54_QUEUE_AC_VI].limit = 4;
152 priv->tx_stats[P54_QUEUE_AC_BE].limit = 3;
153 priv->tx_stats[P54_QUEUE_AC_BK].limit = 2;
154 }
155 priv->hw->queues = P54_QUEUE_AC_NUM;
156 }
157
158 wiphy_info(priv->hw->wiphy,
159 "cryptographic accelerator WEP:%s, TKIP:%s, CCMP:%s\n",
160 (priv->privacy_caps & BR_DESC_PRIV_CAP_WEP) ? "YES" : "no",
161 (priv->privacy_caps &
162 (BR_DESC_PRIV_CAP_TKIP | BR_DESC_PRIV_CAP_MICHAEL))
163 ? "YES" : "no",
164 (priv->privacy_caps & BR_DESC_PRIV_CAP_AESCCMP)
165 ? "YES" : "no");
166
167 if (priv->rx_keycache_size) {
168 /*
169 * NOTE:
170 *
171 * The firmware provides at most 255 (0 - 254) slots
172 * for keys which are then used to offload decryption.
173 * As a result the 255 entry (aka 0xff) can be used
174 * safely by the driver to mark keys that didn't fit
175 * into the full cache. This trick saves us from
176 * keeping a extra list for uploaded keys.
177 */
178
179 priv->used_rxkeys = kzalloc(BITS_TO_LONGS(
180 priv->rx_keycache_size), GFP_KERNEL);
181
182 if (!priv->used_rxkeys)
183 return -ENOMEM;
184 }
185
186 return 0;
187 }
188 EXPORT_SYMBOL_GPL(p54_parse_firmware);
189
p54_alloc_skb(struct p54_common * priv,u16 hdr_flags,u16 payload_len,u16 type,gfp_t memflags)190 static struct sk_buff *p54_alloc_skb(struct p54_common *priv, u16 hdr_flags,
191 u16 payload_len, u16 type, gfp_t memflags)
192 {
193 struct p54_hdr *hdr;
194 struct sk_buff *skb;
195 size_t frame_len = sizeof(*hdr) + payload_len;
196
197 if (frame_len > P54_MAX_CTRL_FRAME_LEN)
198 return NULL;
199
200 if (unlikely(skb_queue_len(&priv->tx_pending) > 64))
201 return NULL;
202
203 skb = __dev_alloc_skb(priv->tx_hdr_len + frame_len, memflags);
204 if (!skb)
205 return NULL;
206 skb_reserve(skb, priv->tx_hdr_len);
207
208 hdr = (struct p54_hdr *) skb_put(skb, sizeof(*hdr));
209 hdr->flags = cpu_to_le16(hdr_flags);
210 hdr->len = cpu_to_le16(payload_len);
211 hdr->type = cpu_to_le16(type);
212 hdr->tries = hdr->rts_tries = 0;
213 return skb;
214 }
215
p54_download_eeprom(struct p54_common * priv,void * buf,u16 offset,u16 len)216 int p54_download_eeprom(struct p54_common *priv, void *buf,
217 u16 offset, u16 len)
218 {
219 struct p54_eeprom_lm86 *eeprom_hdr;
220 struct sk_buff *skb;
221 size_t eeprom_hdr_size;
222 int ret = 0;
223 long timeout;
224
225 if (priv->fw_var >= 0x509)
226 eeprom_hdr_size = sizeof(*eeprom_hdr);
227 else
228 eeprom_hdr_size = 0x4;
229
230 skb = p54_alloc_skb(priv, P54_HDR_FLAG_CONTROL, eeprom_hdr_size +
231 len, P54_CONTROL_TYPE_EEPROM_READBACK,
232 GFP_KERNEL);
233 if (unlikely(!skb))
234 return -ENOMEM;
235
236 mutex_lock(&priv->eeprom_mutex);
237 priv->eeprom = buf;
238 eeprom_hdr = (struct p54_eeprom_lm86 *) skb_put(skb,
239 eeprom_hdr_size + len);
240
241 if (priv->fw_var < 0x509) {
242 eeprom_hdr->v1.offset = cpu_to_le16(offset);
243 eeprom_hdr->v1.len = cpu_to_le16(len);
244 } else {
245 eeprom_hdr->v2.offset = cpu_to_le32(offset);
246 eeprom_hdr->v2.len = cpu_to_le16(len);
247 eeprom_hdr->v2.magic2 = 0xf;
248 memcpy(eeprom_hdr->v2.magic, (const char *)"LOCK", 4);
249 }
250
251 p54_tx(priv, skb);
252
253 timeout = wait_for_completion_interruptible_timeout(
254 &priv->eeprom_comp, HZ);
255 if (timeout <= 0) {
256 wiphy_err(priv->hw->wiphy,
257 "device does not respond or signal received!\n");
258 ret = -EBUSY;
259 }
260 priv->eeprom = NULL;
261 mutex_unlock(&priv->eeprom_mutex);
262 return ret;
263 }
264
p54_update_beacon_tim(struct p54_common * priv,u16 aid,bool set)265 int p54_update_beacon_tim(struct p54_common *priv, u16 aid, bool set)
266 {
267 struct sk_buff *skb;
268 struct p54_tim *tim;
269
270 skb = p54_alloc_skb(priv, P54_HDR_FLAG_CONTROL_OPSET, sizeof(*tim),
271 P54_CONTROL_TYPE_TIM, GFP_ATOMIC);
272 if (unlikely(!skb))
273 return -ENOMEM;
274
275 tim = (struct p54_tim *) skb_put(skb, sizeof(*tim));
276 tim->count = 1;
277 tim->entry[0] = cpu_to_le16(set ? (aid | 0x8000) : aid);
278 p54_tx(priv, skb);
279 return 0;
280 }
281
p54_sta_unlock(struct p54_common * priv,u8 * addr)282 int p54_sta_unlock(struct p54_common *priv, u8 *addr)
283 {
284 struct sk_buff *skb;
285 struct p54_sta_unlock *sta;
286
287 skb = p54_alloc_skb(priv, P54_HDR_FLAG_CONTROL_OPSET, sizeof(*sta),
288 P54_CONTROL_TYPE_PSM_STA_UNLOCK, GFP_ATOMIC);
289 if (unlikely(!skb))
290 return -ENOMEM;
291
292 sta = (struct p54_sta_unlock *)skb_put(skb, sizeof(*sta));
293 memcpy(sta->addr, addr, ETH_ALEN);
294 p54_tx(priv, skb);
295 return 0;
296 }
297
p54_tx_cancel(struct p54_common * priv,__le32 req_id)298 int p54_tx_cancel(struct p54_common *priv, __le32 req_id)
299 {
300 struct sk_buff *skb;
301 struct p54_txcancel *cancel;
302 u32 _req_id = le32_to_cpu(req_id);
303
304 if (unlikely(_req_id < priv->rx_start || _req_id > priv->rx_end))
305 return -EINVAL;
306
307 skb = p54_alloc_skb(priv, P54_HDR_FLAG_CONTROL_OPSET, sizeof(*cancel),
308 P54_CONTROL_TYPE_TXCANCEL, GFP_ATOMIC);
309 if (unlikely(!skb))
310 return -ENOMEM;
311
312 cancel = (struct p54_txcancel *)skb_put(skb, sizeof(*cancel));
313 cancel->req_id = req_id;
314 p54_tx(priv, skb);
315 return 0;
316 }
317
p54_setup_mac(struct p54_common * priv)318 int p54_setup_mac(struct p54_common *priv)
319 {
320 struct sk_buff *skb;
321 struct p54_setup_mac *setup;
322 u16 mode;
323
324 skb = p54_alloc_skb(priv, P54_HDR_FLAG_CONTROL_OPSET, sizeof(*setup),
325 P54_CONTROL_TYPE_SETUP, GFP_ATOMIC);
326 if (!skb)
327 return -ENOMEM;
328
329 setup = (struct p54_setup_mac *) skb_put(skb, sizeof(*setup));
330 if (!(priv->hw->conf.flags & IEEE80211_CONF_IDLE)) {
331 switch (priv->mode) {
332 case NL80211_IFTYPE_STATION:
333 mode = P54_FILTER_TYPE_STATION;
334 break;
335 case NL80211_IFTYPE_AP:
336 mode = P54_FILTER_TYPE_AP;
337 break;
338 case NL80211_IFTYPE_ADHOC:
339 case NL80211_IFTYPE_MESH_POINT:
340 mode = P54_FILTER_TYPE_IBSS;
341 break;
342 case NL80211_IFTYPE_MONITOR:
343 mode = P54_FILTER_TYPE_PROMISCUOUS;
344 break;
345 default:
346 mode = P54_FILTER_TYPE_HIBERNATE;
347 break;
348 }
349
350 /*
351 * "TRANSPARENT and PROMISCUOUS are mutually exclusive"
352 * STSW45X0C LMAC API - page 12
353 */
354 if (((priv->filter_flags & FIF_PROMISC_IN_BSS) ||
355 (priv->filter_flags & FIF_OTHER_BSS)) &&
356 (mode != P54_FILTER_TYPE_PROMISCUOUS))
357 mode |= P54_FILTER_TYPE_TRANSPARENT;
358 } else {
359 mode = P54_FILTER_TYPE_HIBERNATE;
360 }
361
362 setup->mac_mode = cpu_to_le16(mode);
363 memcpy(setup->mac_addr, priv->mac_addr, ETH_ALEN);
364 memcpy(setup->bssid, priv->bssid, ETH_ALEN);
365 setup->rx_antenna = 2 & priv->rx_diversity_mask; /* automatic */
366 setup->rx_align = 0;
367 if (priv->fw_var < 0x500) {
368 setup->v1.basic_rate_mask = cpu_to_le32(priv->basic_rate_mask);
369 memset(setup->v1.rts_rates, 0, 8);
370 setup->v1.rx_addr = cpu_to_le32(priv->rx_end);
371 setup->v1.max_rx = cpu_to_le16(priv->rx_mtu);
372 setup->v1.rxhw = cpu_to_le16(priv->rxhw);
373 setup->v1.wakeup_timer = cpu_to_le16(priv->wakeup_timer);
374 setup->v1.unalloc0 = cpu_to_le16(0);
375 } else {
376 setup->v2.rx_addr = cpu_to_le32(priv->rx_end);
377 setup->v2.max_rx = cpu_to_le16(priv->rx_mtu);
378 setup->v2.rxhw = cpu_to_le16(priv->rxhw);
379 setup->v2.timer = cpu_to_le16(priv->wakeup_timer);
380 setup->v2.truncate = cpu_to_le16(48896);
381 setup->v2.basic_rate_mask = cpu_to_le32(priv->basic_rate_mask);
382 setup->v2.sbss_offset = 0;
383 setup->v2.mcast_window = 0;
384 setup->v2.rx_rssi_threshold = 0;
385 setup->v2.rx_ed_threshold = 0;
386 setup->v2.ref_clock = cpu_to_le32(644245094);
387 setup->v2.lpf_bandwidth = cpu_to_le16(65535);
388 setup->v2.osc_start_delay = cpu_to_le16(65535);
389 }
390 p54_tx(priv, skb);
391 priv->phy_idle = mode == P54_FILTER_TYPE_HIBERNATE;
392 return 0;
393 }
394
p54_scan(struct p54_common * priv,u16 mode,u16 dwell)395 int p54_scan(struct p54_common *priv, u16 mode, u16 dwell)
396 {
397 struct sk_buff *skb;
398 struct p54_hdr *hdr;
399 struct p54_scan_head *head;
400 struct p54_iq_autocal_entry *iq_autocal;
401 union p54_scan_body_union *body;
402 struct p54_scan_tail_rate *rate;
403 struct pda_rssi_cal_entry *rssi;
404 struct p54_rssi_db_entry *rssi_data;
405 unsigned int i;
406 void *entry;
407 __le16 freq = cpu_to_le16(priv->hw->conf.chandef.chan->center_freq);
408
409 skb = p54_alloc_skb(priv, P54_HDR_FLAG_CONTROL_OPSET, sizeof(*head) +
410 2 + sizeof(*iq_autocal) + sizeof(*body) +
411 sizeof(*rate) + 2 * sizeof(*rssi),
412 P54_CONTROL_TYPE_SCAN, GFP_ATOMIC);
413 if (!skb)
414 return -ENOMEM;
415
416 head = (struct p54_scan_head *) skb_put(skb, sizeof(*head));
417 memset(head->scan_params, 0, sizeof(head->scan_params));
418 head->mode = cpu_to_le16(mode);
419 head->dwell = cpu_to_le16(dwell);
420 head->freq = freq;
421
422 if (priv->rxhw == PDR_SYNTH_FRONTEND_LONGBOW) {
423 __le16 *pa_power_points = (__le16 *) skb_put(skb, 2);
424 *pa_power_points = cpu_to_le16(0x0c);
425 }
426
427 iq_autocal = (void *) skb_put(skb, sizeof(*iq_autocal));
428 for (i = 0; i < priv->iq_autocal_len; i++) {
429 if (priv->iq_autocal[i].freq != freq)
430 continue;
431
432 memcpy(iq_autocal, &priv->iq_autocal[i].params,
433 sizeof(struct p54_iq_autocal_entry));
434 break;
435 }
436 if (i == priv->iq_autocal_len)
437 goto err;
438
439 if (priv->rxhw == PDR_SYNTH_FRONTEND_LONGBOW)
440 body = (void *) skb_put(skb, sizeof(body->longbow));
441 else
442 body = (void *) skb_put(skb, sizeof(body->normal));
443
444 for (i = 0; i < priv->output_limit->entries; i++) {
445 __le16 *entry_freq = (void *) (priv->output_limit->data +
446 priv->output_limit->entry_size * i);
447
448 if (*entry_freq != freq)
449 continue;
450
451 if (priv->rxhw == PDR_SYNTH_FRONTEND_LONGBOW) {
452 memcpy(&body->longbow.power_limits,
453 (void *) entry_freq + sizeof(__le16),
454 priv->output_limit->entry_size);
455 } else {
456 struct pda_channel_output_limit *limits =
457 (void *) entry_freq;
458
459 body->normal.val_barker = 0x38;
460 body->normal.val_bpsk = body->normal.dup_bpsk =
461 limits->val_bpsk;
462 body->normal.val_qpsk = body->normal.dup_qpsk =
463 limits->val_qpsk;
464 body->normal.val_16qam = body->normal.dup_16qam =
465 limits->val_16qam;
466 body->normal.val_64qam = body->normal.dup_64qam =
467 limits->val_64qam;
468 }
469 break;
470 }
471 if (i == priv->output_limit->entries)
472 goto err;
473
474 entry = (void *)(priv->curve_data->data + priv->curve_data->offset);
475 for (i = 0; i < priv->curve_data->entries; i++) {
476 if (*((__le16 *)entry) != freq) {
477 entry += priv->curve_data->entry_size;
478 continue;
479 }
480
481 if (priv->rxhw == PDR_SYNTH_FRONTEND_LONGBOW) {
482 memcpy(&body->longbow.curve_data,
483 entry + sizeof(__le16),
484 priv->curve_data->entry_size);
485 } else {
486 struct p54_scan_body *chan = &body->normal;
487 struct pda_pa_curve_data *curve_data =
488 (void *) priv->curve_data->data;
489
490 entry += sizeof(__le16);
491 chan->pa_points_per_curve = 8;
492 memset(chan->curve_data, 0, sizeof(*chan->curve_data));
493 memcpy(chan->curve_data, entry,
494 sizeof(struct p54_pa_curve_data_sample) *
495 min((u8)8, curve_data->points_per_channel));
496 }
497 break;
498 }
499 if (i == priv->curve_data->entries)
500 goto err;
501
502 if ((priv->fw_var >= 0x500) && (priv->fw_var < 0x509)) {
503 rate = (void *) skb_put(skb, sizeof(*rate));
504 rate->basic_rate_mask = cpu_to_le32(priv->basic_rate_mask);
505 for (i = 0; i < sizeof(rate->rts_rates); i++)
506 rate->rts_rates[i] = i;
507 }
508
509 rssi = (struct pda_rssi_cal_entry *) skb_put(skb, sizeof(*rssi));
510 rssi_data = p54_rssi_find(priv, le16_to_cpu(freq));
511 rssi->mul = cpu_to_le16(rssi_data->mul);
512 rssi->add = cpu_to_le16(rssi_data->add);
513 if (priv->rxhw == PDR_SYNTH_FRONTEND_LONGBOW) {
514 /* Longbow frontend needs ever more */
515 rssi = (void *) skb_put(skb, sizeof(*rssi));
516 rssi->mul = cpu_to_le16(rssi_data->longbow_unkn);
517 rssi->add = cpu_to_le16(rssi_data->longbow_unk2);
518 }
519
520 if (priv->fw_var >= 0x509) {
521 rate = (void *) skb_put(skb, sizeof(*rate));
522 rate->basic_rate_mask = cpu_to_le32(priv->basic_rate_mask);
523 for (i = 0; i < sizeof(rate->rts_rates); i++)
524 rate->rts_rates[i] = i;
525 }
526
527 hdr = (struct p54_hdr *) skb->data;
528 hdr->len = cpu_to_le16(skb->len - sizeof(*hdr));
529
530 p54_tx(priv, skb);
531 priv->cur_rssi = rssi_data;
532 return 0;
533
534 err:
535 wiphy_err(priv->hw->wiphy, "frequency change to channel %d failed.\n",
536 ieee80211_frequency_to_channel(
537 priv->hw->conf.chandef.chan->center_freq));
538
539 dev_kfree_skb_any(skb);
540 return -EINVAL;
541 }
542
p54_set_leds(struct p54_common * priv)543 int p54_set_leds(struct p54_common *priv)
544 {
545 struct sk_buff *skb;
546 struct p54_led *led;
547
548 skb = p54_alloc_skb(priv, P54_HDR_FLAG_CONTROL_OPSET, sizeof(*led),
549 P54_CONTROL_TYPE_LED, GFP_ATOMIC);
550 if (unlikely(!skb))
551 return -ENOMEM;
552
553 led = (struct p54_led *) skb_put(skb, sizeof(*led));
554 led->flags = cpu_to_le16(0x0003);
555 led->mask[0] = led->mask[1] = cpu_to_le16(priv->softled_state);
556 led->delay[0] = cpu_to_le16(1);
557 led->delay[1] = cpu_to_le16(0);
558 p54_tx(priv, skb);
559 return 0;
560 }
561
p54_set_edcf(struct p54_common * priv)562 int p54_set_edcf(struct p54_common *priv)
563 {
564 struct sk_buff *skb;
565 struct p54_edcf *edcf;
566 u8 rtd;
567
568 skb = p54_alloc_skb(priv, P54_HDR_FLAG_CONTROL_OPSET, sizeof(*edcf),
569 P54_CONTROL_TYPE_DCFINIT, GFP_ATOMIC);
570 if (unlikely(!skb))
571 return -ENOMEM;
572
573 edcf = (struct p54_edcf *)skb_put(skb, sizeof(*edcf));
574 if (priv->use_short_slot) {
575 edcf->slottime = 9;
576 edcf->sifs = 0x10;
577 edcf->eofpad = 0x00;
578 } else {
579 edcf->slottime = 20;
580 edcf->sifs = 0x0a;
581 edcf->eofpad = 0x06;
582 }
583 /*
584 * calculate the extra round trip delay according to the
585 * formula from 802.11-2007 17.3.8.6.
586 */
587 rtd = 3 * priv->coverage_class;
588 edcf->slottime += rtd;
589 edcf->round_trip_delay = cpu_to_le16(rtd);
590 /* (see prism54/isl_oid.h for further details) */
591 edcf->frameburst = cpu_to_le16(0);
592 edcf->flags = 0;
593 memset(edcf->mapping, 0, sizeof(edcf->mapping));
594 memcpy(edcf->queue, priv->qos_params, sizeof(edcf->queue));
595 p54_tx(priv, skb);
596 return 0;
597 }
598
p54_set_ps(struct p54_common * priv)599 int p54_set_ps(struct p54_common *priv)
600 {
601 struct sk_buff *skb;
602 struct p54_psm *psm;
603 unsigned int i;
604 u16 mode;
605
606 if (priv->hw->conf.flags & IEEE80211_CONF_PS &&
607 !priv->powersave_override)
608 mode = P54_PSM | P54_PSM_BEACON_TIMEOUT | P54_PSM_DTIM |
609 P54_PSM_CHECKSUM | P54_PSM_MCBC;
610 else
611 mode = P54_PSM_CAM;
612
613 skb = p54_alloc_skb(priv, P54_HDR_FLAG_CONTROL_OPSET, sizeof(*psm),
614 P54_CONTROL_TYPE_PSM, GFP_ATOMIC);
615 if (!skb)
616 return -ENOMEM;
617
618 psm = (struct p54_psm *)skb_put(skb, sizeof(*psm));
619 psm->mode = cpu_to_le16(mode);
620 psm->aid = cpu_to_le16(priv->aid);
621 for (i = 0; i < ARRAY_SIZE(psm->intervals); i++) {
622 psm->intervals[i].interval =
623 cpu_to_le16(priv->hw->conf.listen_interval);
624 psm->intervals[i].periods = cpu_to_le16(1);
625 }
626
627 psm->beacon_rssi_skip_max = 200;
628 psm->rssi_delta_threshold = 0;
629 psm->nr = 1;
630 psm->exclude[0] = WLAN_EID_TIM;
631
632 p54_tx(priv, skb);
633 priv->phy_ps = mode != P54_PSM_CAM;
634 return 0;
635 }
636
p54_init_xbow_synth(struct p54_common * priv)637 int p54_init_xbow_synth(struct p54_common *priv)
638 {
639 struct sk_buff *skb;
640 struct p54_xbow_synth *xbow;
641
642 skb = p54_alloc_skb(priv, P54_HDR_FLAG_CONTROL_OPSET, sizeof(*xbow),
643 P54_CONTROL_TYPE_XBOW_SYNTH_CFG, GFP_KERNEL);
644 if (unlikely(!skb))
645 return -ENOMEM;
646
647 xbow = (struct p54_xbow_synth *)skb_put(skb, sizeof(*xbow));
648 xbow->magic1 = cpu_to_le16(0x1);
649 xbow->magic2 = cpu_to_le16(0x2);
650 xbow->freq = cpu_to_le16(5390);
651 memset(xbow->padding, 0, sizeof(xbow->padding));
652 p54_tx(priv, skb);
653 return 0;
654 }
655
p54_upload_key(struct p54_common * priv,u8 algo,int slot,u8 idx,u8 len,u8 * addr,u8 * key)656 int p54_upload_key(struct p54_common *priv, u8 algo, int slot, u8 idx, u8 len,
657 u8 *addr, u8* key)
658 {
659 struct sk_buff *skb;
660 struct p54_keycache *rxkey;
661
662 skb = p54_alloc_skb(priv, P54_HDR_FLAG_CONTROL_OPSET, sizeof(*rxkey),
663 P54_CONTROL_TYPE_RX_KEYCACHE, GFP_KERNEL);
664 if (unlikely(!skb))
665 return -ENOMEM;
666
667 rxkey = (struct p54_keycache *)skb_put(skb, sizeof(*rxkey));
668 rxkey->entry = slot;
669 rxkey->key_id = idx;
670 rxkey->key_type = algo;
671 if (addr)
672 memcpy(rxkey->mac, addr, ETH_ALEN);
673 else
674 eth_broadcast_addr(rxkey->mac);
675
676 switch (algo) {
677 case P54_CRYPTO_WEP:
678 case P54_CRYPTO_AESCCMP:
679 rxkey->key_len = min_t(u8, 16, len);
680 memcpy(rxkey->key, key, rxkey->key_len);
681 break;
682
683 case P54_CRYPTO_TKIPMICHAEL:
684 rxkey->key_len = 24;
685 memcpy(rxkey->key, key, 16);
686 memcpy(&(rxkey->key[16]), &(key
687 [NL80211_TKIP_DATA_OFFSET_RX_MIC_KEY]), 8);
688 break;
689
690 case P54_CRYPTO_NONE:
691 rxkey->key_len = 0;
692 memset(rxkey->key, 0, sizeof(rxkey->key));
693 break;
694
695 default:
696 wiphy_err(priv->hw->wiphy,
697 "invalid cryptographic algorithm: %d\n", algo);
698 dev_kfree_skb(skb);
699 return -EINVAL;
700 }
701
702 p54_tx(priv, skb);
703 return 0;
704 }
705
p54_fetch_statistics(struct p54_common * priv)706 int p54_fetch_statistics(struct p54_common *priv)
707 {
708 struct ieee80211_tx_info *txinfo;
709 struct p54_tx_info *p54info;
710 struct sk_buff *skb;
711
712 skb = p54_alloc_skb(priv, P54_HDR_FLAG_CONTROL,
713 sizeof(struct p54_statistics),
714 P54_CONTROL_TYPE_STAT_READBACK, GFP_KERNEL);
715 if (!skb)
716 return -ENOMEM;
717
718 /*
719 * The statistic feedback causes some extra headaches here, if it
720 * is not to crash/corrupt the firmware data structures.
721 *
722 * Unlike all other Control Get OIDs we can not use helpers like
723 * skb_put to reserve the space for the data we're requesting.
724 * Instead the extra frame length -which will hold the results later-
725 * will only be told to the p54_assign_address, so that following
726 * frames won't be placed into the allegedly empty area.
727 */
728 txinfo = IEEE80211_SKB_CB(skb);
729 p54info = (void *) txinfo->rate_driver_data;
730 p54info->extra_len = sizeof(struct p54_statistics);
731
732 p54_tx(priv, skb);
733 return 0;
734 }
735
p54_set_groupfilter(struct p54_common * priv)736 int p54_set_groupfilter(struct p54_common *priv)
737 {
738 struct p54_group_address_table *grp;
739 struct sk_buff *skb;
740 bool on = false;
741
742 skb = p54_alloc_skb(priv, P54_HDR_FLAG_CONTROL_OPSET, sizeof(*grp),
743 P54_CONTROL_TYPE_GROUP_ADDRESS_TABLE, GFP_KERNEL);
744 if (!skb)
745 return -ENOMEM;
746
747 grp = (struct p54_group_address_table *)skb_put(skb, sizeof(*grp));
748
749 on = !(priv->filter_flags & FIF_ALLMULTI) &&
750 (priv->mc_maclist_num > 0 &&
751 priv->mc_maclist_num <= MC_FILTER_ADDRESS_NUM);
752
753 if (on) {
754 grp->filter_enable = cpu_to_le16(1);
755 grp->num_address = cpu_to_le16(priv->mc_maclist_num);
756 memcpy(grp->mac_list, priv->mc_maclist, sizeof(grp->mac_list));
757 } else {
758 grp->filter_enable = cpu_to_le16(0);
759 grp->num_address = cpu_to_le16(0);
760 memset(grp->mac_list, 0, sizeof(grp->mac_list));
761 }
762
763 p54_tx(priv, skb);
764 return 0;
765 }
766