Avoid reading past buffer when calling GETACL
[zen-stable.git] / drivers / net / wimax / i2400m / sdio.c
blob21a9edd6e75d5826e7a30026f57647f990e32216
1 /*
2 * Intel Wireless WiMAX Connection 2400m
3 * Linux driver model glue for the SDIO device, reset & fw upload
6 * Copyright (C) 2007-2008 Intel Corporation <linux-wimax@intel.com>
7 * Dirk Brandewie <dirk.j.brandewie@intel.com>
8 * Inaky Perez-Gonzalez <inaky.perez-gonzalez@intel.com>
9 * Yanir Lubetkin <yanirx.lubetkin@intel.com>
11 * This program is free software; you can redistribute it and/or
12 * modify it under the terms of the GNU General Public License version
13 * 2 as published by the Free Software Foundation.
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, write to the Free Software
22 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
23 * 02110-1301, USA.
26 * See i2400m-sdio.h for a general description of this driver.
28 * This file implements driver model glue, and hook ups for the
29 * generic driver to implement the bus-specific functions (device
30 * communication setup/tear down, firmware upload and resetting).
32 * ROADMAP
34 * i2400m_probe()
35 * alloc_netdev()
36 * i2400ms_netdev_setup()
37 * i2400ms_init()
38 * i2400m_netdev_setup()
39 * i2400ms_enable_function()
40 * i2400m_setup()
42 * i2400m_remove()
43 * i2400m_release()
44 * free_netdev(net_dev)
46 * i2400ms_bus_reset() Called by i2400m_reset
47 * __i2400ms_reset()
48 * __i2400ms_send_barker()
51 #include <linux/slab.h>
52 #include <linux/debugfs.h>
53 #include <linux/mmc/sdio_ids.h>
54 #include <linux/mmc/sdio.h>
55 #include <linux/mmc/sdio_func.h>
56 #include "i2400m-sdio.h"
57 #include <linux/wimax/i2400m.h>
58 #include <linux/module.h>
60 #define D_SUBMODULE main
61 #include "sdio-debug-levels.h"
63 /* IOE WiMAX function timeout in seconds */
64 static int ioe_timeout = 2;
65 module_param(ioe_timeout, int, 0);
67 static char i2400ms_debug_params[128];
68 module_param_string(debug, i2400ms_debug_params, sizeof(i2400ms_debug_params),
69 0644);
70 MODULE_PARM_DESC(debug,
71 "String of space-separated NAME:VALUE pairs, where NAMEs "
72 "are the different debug submodules and VALUE are the "
73 "initial debug value to set.");
75 /* Our firmware file name list */
76 static const char *i2400ms_bus_fw_names[] = {
77 #define I2400MS_FW_FILE_NAME "i2400m-fw-sdio-1.3.sbcf"
78 I2400MS_FW_FILE_NAME,
79 NULL
83 static const struct i2400m_poke_table i2400ms_pokes[] = {
84 I2400M_FW_POKE(0x6BE260, 0x00000088),
85 I2400M_FW_POKE(0x080550, 0x00000005),
86 I2400M_FW_POKE(0xAE0000, 0x00000000),
87 I2400M_FW_POKE(0x000000, 0x00000000), /* MUST be 0 terminated or bad
88 * things will happen */
92 * Enable the SDIO function
94 * Tries to enable the SDIO function; might fail if it is still not
95 * ready (in some hardware, the SDIO WiMAX function is only enabled
96 * when we ask it to explicitly doing). Tries until a timeout is
97 * reached.
99 * The @maxtries argument indicates how many times (at most) it should
100 * be tried to enable the function. 0 means forever. This acts along
101 * with the timeout (ie: it'll stop trying as soon as the maximum
102 * number of tries is reached _or_ as soon as the timeout is reached).
104 * The reverse of this is...sdio_disable_function()
106 * Returns: 0 if the SDIO function was enabled, < 0 errno code on
107 * error (-ENODEV when it was unable to enable the function).
109 static
110 int i2400ms_enable_function(struct i2400ms *i2400ms, unsigned maxtries)
112 struct sdio_func *func = i2400ms->func;
113 u64 timeout;
114 int err;
115 struct device *dev = &func->dev;
116 unsigned tries = 0;
118 d_fnstart(3, dev, "(func %p)\n", func);
119 /* Setup timeout (FIXME: This needs to read the CIS table to
120 * get a real timeout) and then wait for the device to signal
121 * it is ready */
122 timeout = get_jiffies_64() + ioe_timeout * HZ;
123 err = -ENODEV;
124 while (err != 0 && time_before64(get_jiffies_64(), timeout)) {
125 sdio_claim_host(func);
127 * There is a sillicon bug on the IWMC3200, where the
128 * IOE timeout will cause problems on Moorestown
129 * platforms (system hang). We explicitly overwrite
130 * func->enable_timeout here to work around the issue.
132 if (i2400ms->iwmc3200)
133 func->enable_timeout = IWMC3200_IOR_TIMEOUT;
134 err = sdio_enable_func(func);
135 if (0 == err) {
136 sdio_release_host(func);
137 d_printf(2, dev, "SDIO function enabled\n");
138 goto function_enabled;
140 d_printf(2, dev, "SDIO function failed to enable: %d\n", err);
141 sdio_release_host(func);
142 if (maxtries > 0 && ++tries >= maxtries) {
143 err = -ETIME;
144 break;
146 msleep(I2400MS_INIT_SLEEP_INTERVAL);
148 /* If timed out, device is not there yet -- get -ENODEV so
149 * the device driver core will retry later on. */
150 if (err == -ETIME) {
151 dev_err(dev, "Can't enable WiMAX function; "
152 " has the function been enabled?\n");
153 err = -ENODEV;
155 function_enabled:
156 d_fnend(3, dev, "(func %p) = %d\n", func, err);
157 return err;
162 * Setup minimal device communication infrastructure needed to at
163 * least be able to update the firmware.
165 * Note the ugly trick: if we are in the probe path
166 * (i2400ms->debugfs_dentry == NULL), we only retry function
167 * enablement one, to avoid racing with the iwmc3200 top controller.
169 static
170 int i2400ms_bus_setup(struct i2400m *i2400m)
172 int result;
173 struct i2400ms *i2400ms =
174 container_of(i2400m, struct i2400ms, i2400m);
175 struct device *dev = i2400m_dev(i2400m);
176 struct sdio_func *func = i2400ms->func;
177 int retries;
179 sdio_claim_host(func);
180 result = sdio_set_block_size(func, I2400MS_BLK_SIZE);
181 sdio_release_host(func);
182 if (result < 0) {
183 dev_err(dev, "Failed to set block size: %d\n", result);
184 goto error_set_blk_size;
187 if (i2400ms->iwmc3200 && i2400ms->debugfs_dentry == NULL)
188 retries = 1;
189 else
190 retries = 0;
191 result = i2400ms_enable_function(i2400ms, retries);
192 if (result < 0) {
193 dev_err(dev, "Cannot enable SDIO function: %d\n", result);
194 goto error_func_enable;
197 result = i2400ms_tx_setup(i2400ms);
198 if (result < 0)
199 goto error_tx_setup;
200 result = i2400ms_rx_setup(i2400ms);
201 if (result < 0)
202 goto error_rx_setup;
203 return 0;
205 error_rx_setup:
206 i2400ms_tx_release(i2400ms);
207 error_tx_setup:
208 sdio_claim_host(func);
209 sdio_disable_func(func);
210 sdio_release_host(func);
211 error_func_enable:
212 error_set_blk_size:
213 return result;
218 * Tear down minimal device communication infrastructure needed to at
219 * least be able to update the firmware.
221 static
222 void i2400ms_bus_release(struct i2400m *i2400m)
224 struct i2400ms *i2400ms =
225 container_of(i2400m, struct i2400ms, i2400m);
226 struct sdio_func *func = i2400ms->func;
228 i2400ms_rx_release(i2400ms);
229 i2400ms_tx_release(i2400ms);
230 sdio_claim_host(func);
231 sdio_disable_func(func);
232 sdio_release_host(func);
237 * Setup driver resources needed to communicate with the device
239 * The fw needs some time to settle, and it was just uploaded,
240 * so give it a break first. I'd prefer to just wait for the device to
241 * send something, but seems the poking we do to enable SDIO stuff
242 * interferes with it, so just give it a break before starting...
244 static
245 int i2400ms_bus_dev_start(struct i2400m *i2400m)
247 struct i2400ms *i2400ms = container_of(i2400m, struct i2400ms, i2400m);
248 struct sdio_func *func = i2400ms->func;
249 struct device *dev = &func->dev;
251 d_fnstart(3, dev, "(i2400m %p)\n", i2400m);
252 msleep(200);
253 d_fnend(3, dev, "(i2400m %p) = %d\n", i2400m, 0);
254 return 0;
259 * Sends a barker buffer to the device
261 * This helper will allocate a kmalloced buffer and use it to transmit
262 * (then free it). Reason for this is that the SDIO host controller
263 * expects alignment (unknown exactly which) which the stack won't
264 * really provide and certain arches/host-controller combinations
265 * cannot use stack/vmalloc/text areas for DMA transfers.
267 static
268 int __i2400ms_send_barker(struct i2400ms *i2400ms,
269 const __le32 *barker, size_t barker_size)
271 int ret;
272 struct sdio_func *func = i2400ms->func;
273 struct device *dev = &func->dev;
274 void *buffer;
276 ret = -ENOMEM;
277 buffer = kmalloc(I2400MS_BLK_SIZE, GFP_KERNEL);
278 if (buffer == NULL)
279 goto error_kzalloc;
281 memcpy(buffer, barker, barker_size);
282 sdio_claim_host(func);
283 ret = sdio_memcpy_toio(func, 0, buffer, I2400MS_BLK_SIZE);
284 sdio_release_host(func);
286 if (ret < 0)
287 d_printf(0, dev, "E: barker error: %d\n", ret);
289 kfree(buffer);
290 error_kzalloc:
291 return ret;
296 * Reset a device at different levels (warm, cold or bus)
298 * @i2400ms: device descriptor
299 * @reset_type: soft, warm or bus reset (I2400M_RT_WARM/SOFT/BUS)
301 * FIXME: not tested -- need to confirm expected effects
303 * Warm and cold resets get an SDIO reset if they fail (unimplemented)
305 * Warm reset:
307 * The device will be fully reset internally, but won't be
308 * disconnected from the bus (so no reenumeration will
309 * happen). Firmware upload will be necessary.
311 * The device will send a reboot barker that will trigger the driver
312 * to reinitialize the state via __i2400m_dev_reset_handle.
315 * Cold and bus reset:
317 * The device will be fully reset internally, disconnected from the
318 * bus an a reenumeration will happen. Firmware upload will be
319 * necessary. Thus, we don't do any locking or struct
320 * reinitialization, as we are going to be fully disconnected and
321 * reenumerated.
323 * Note we need to return -ENODEV if a warm reset was requested and we
324 * had to resort to a bus reset. See i2400m_op_reset(), wimax_reset()
325 * and wimax_dev->op_reset.
327 * WARNING: no driver state saved/fixed
329 static
330 int i2400ms_bus_reset(struct i2400m *i2400m, enum i2400m_reset_type rt)
332 int result = 0;
333 struct i2400ms *i2400ms =
334 container_of(i2400m, struct i2400ms, i2400m);
335 struct device *dev = i2400m_dev(i2400m);
336 static const __le32 i2400m_WARM_BOOT_BARKER[4] = {
337 cpu_to_le32(I2400M_WARM_RESET_BARKER),
338 cpu_to_le32(I2400M_WARM_RESET_BARKER),
339 cpu_to_le32(I2400M_WARM_RESET_BARKER),
340 cpu_to_le32(I2400M_WARM_RESET_BARKER),
342 static const __le32 i2400m_COLD_BOOT_BARKER[4] = {
343 cpu_to_le32(I2400M_COLD_RESET_BARKER),
344 cpu_to_le32(I2400M_COLD_RESET_BARKER),
345 cpu_to_le32(I2400M_COLD_RESET_BARKER),
346 cpu_to_le32(I2400M_COLD_RESET_BARKER),
349 if (rt == I2400M_RT_WARM)
350 result = __i2400ms_send_barker(i2400ms, i2400m_WARM_BOOT_BARKER,
351 sizeof(i2400m_WARM_BOOT_BARKER));
352 else if (rt == I2400M_RT_COLD)
353 result = __i2400ms_send_barker(i2400ms, i2400m_COLD_BOOT_BARKER,
354 sizeof(i2400m_COLD_BOOT_BARKER));
355 else if (rt == I2400M_RT_BUS) {
356 do_bus_reset:
358 i2400ms_bus_release(i2400m);
360 /* Wait for the device to settle */
361 msleep(40);
363 result = i2400ms_bus_setup(i2400m);
364 } else
365 BUG();
366 if (result < 0 && rt != I2400M_RT_BUS) {
367 dev_err(dev, "%s reset failed (%d); trying SDIO reset\n",
368 rt == I2400M_RT_WARM ? "warm" : "cold", result);
369 rt = I2400M_RT_BUS;
370 goto do_bus_reset;
372 return result;
376 static
377 void i2400ms_netdev_setup(struct net_device *net_dev)
379 struct i2400m *i2400m = net_dev_to_i2400m(net_dev);
380 struct i2400ms *i2400ms = container_of(i2400m, struct i2400ms, i2400m);
381 i2400ms_init(i2400ms);
382 i2400m_netdev_setup(net_dev);
387 * Debug levels control; see debug.h
389 struct d_level D_LEVEL[] = {
390 D_SUBMODULE_DEFINE(main),
391 D_SUBMODULE_DEFINE(tx),
392 D_SUBMODULE_DEFINE(rx),
393 D_SUBMODULE_DEFINE(fw),
395 size_t D_LEVEL_SIZE = ARRAY_SIZE(D_LEVEL);
398 #define __debugfs_register(prefix, name, parent) \
399 do { \
400 result = d_level_register_debugfs(prefix, name, parent); \
401 if (result < 0) \
402 goto error; \
403 } while (0)
406 static
407 int i2400ms_debugfs_add(struct i2400ms *i2400ms)
409 int result;
410 struct dentry *dentry = i2400ms->i2400m.wimax_dev.debugfs_dentry;
412 dentry = debugfs_create_dir("i2400m-sdio", dentry);
413 result = PTR_ERR(dentry);
414 if (IS_ERR(dentry)) {
415 if (result == -ENODEV)
416 result = 0; /* No debugfs support */
417 goto error;
419 i2400ms->debugfs_dentry = dentry;
420 __debugfs_register("dl_", main, dentry);
421 __debugfs_register("dl_", tx, dentry);
422 __debugfs_register("dl_", rx, dentry);
423 __debugfs_register("dl_", fw, dentry);
425 return 0;
427 error:
428 debugfs_remove_recursive(i2400ms->debugfs_dentry);
429 i2400ms->debugfs_dentry = NULL;
430 return result;
434 static struct device_type i2400ms_type = {
435 .name = "wimax",
439 * Probe a i2400m interface and register it
441 * @func: SDIO function
442 * @id: SDIO device ID
443 * @returns: 0 if ok, < 0 errno code on error.
445 * Alloc a net device, initialize the bus-specific details and then
446 * calls the bus-generic initialization routine. That will register
447 * the wimax and netdev devices, upload the firmware [using
448 * _bus_bm_*()], call _bus_dev_start() to finalize the setup of the
449 * communication with the device and then will start to talk to it to
450 * finnish setting it up.
452 * Initialization is tricky; some instances of the hw are packed with
453 * others in a way that requires a third driver that enables the WiMAX
454 * function. In those cases, we can't enable the SDIO function and
455 * we'll return with -ENODEV. When the driver that enables the WiMAX
456 * function does its thing, it has to do a bus_rescan_devices() on the
457 * SDIO bus so this driver is called again to enumerate the WiMAX
458 * function.
460 static
461 int i2400ms_probe(struct sdio_func *func,
462 const struct sdio_device_id *id)
464 int result;
465 struct net_device *net_dev;
466 struct device *dev = &func->dev;
467 struct i2400m *i2400m;
468 struct i2400ms *i2400ms;
470 /* Allocate instance [calls i2400m_netdev_setup() on it]. */
471 result = -ENOMEM;
472 net_dev = alloc_netdev(sizeof(*i2400ms), "wmx%d",
473 i2400ms_netdev_setup);
474 if (net_dev == NULL) {
475 dev_err(dev, "no memory for network device instance\n");
476 goto error_alloc_netdev;
478 SET_NETDEV_DEV(net_dev, dev);
479 SET_NETDEV_DEVTYPE(net_dev, &i2400ms_type);
480 i2400m = net_dev_to_i2400m(net_dev);
481 i2400ms = container_of(i2400m, struct i2400ms, i2400m);
482 i2400m->wimax_dev.net_dev = net_dev;
483 i2400ms->func = func;
484 sdio_set_drvdata(func, i2400ms);
486 i2400m->bus_tx_block_size = I2400MS_BLK_SIZE;
488 * Room required in the TX queue for SDIO message to accommodate
489 * a smallest payload while allocating header space is 224 bytes,
490 * which is the smallest message size(the block size 256 bytes)
491 * minus the smallest message header size(32 bytes).
493 i2400m->bus_tx_room_min = I2400MS_BLK_SIZE - I2400M_PL_ALIGN * 2;
494 i2400m->bus_pl_size_max = I2400MS_PL_SIZE_MAX;
495 i2400m->bus_setup = i2400ms_bus_setup;
496 i2400m->bus_dev_start = i2400ms_bus_dev_start;
497 i2400m->bus_dev_stop = NULL;
498 i2400m->bus_release = i2400ms_bus_release;
499 i2400m->bus_tx_kick = i2400ms_bus_tx_kick;
500 i2400m->bus_reset = i2400ms_bus_reset;
501 /* The iwmc3200-wimax sometimes requires the driver to try
502 * hard when we paint it into a corner. */
503 i2400m->bus_bm_retries = I2400M_SDIO_BOOT_RETRIES;
504 i2400m->bus_bm_cmd_send = i2400ms_bus_bm_cmd_send;
505 i2400m->bus_bm_wait_for_ack = i2400ms_bus_bm_wait_for_ack;
506 i2400m->bus_fw_names = i2400ms_bus_fw_names;
507 i2400m->bus_bm_mac_addr_impaired = 1;
508 i2400m->bus_bm_pokes_table = &i2400ms_pokes[0];
510 switch (func->device) {
511 case SDIO_DEVICE_ID_INTEL_IWMC3200WIMAX:
512 case SDIO_DEVICE_ID_INTEL_IWMC3200WIMAX_2G5:
513 i2400ms->iwmc3200 = 1;
514 break;
515 default:
516 i2400ms->iwmc3200 = 0;
519 result = i2400m_setup(i2400m, I2400M_BRI_NO_REBOOT);
520 if (result < 0) {
521 dev_err(dev, "cannot setup device: %d\n", result);
522 goto error_setup;
525 result = i2400ms_debugfs_add(i2400ms);
526 if (result < 0) {
527 dev_err(dev, "cannot create SDIO debugfs: %d\n",
528 result);
529 goto error_debugfs_add;
531 return 0;
533 error_debugfs_add:
534 i2400m_release(i2400m);
535 error_setup:
536 sdio_set_drvdata(func, NULL);
537 free_netdev(net_dev);
538 error_alloc_netdev:
539 return result;
543 static
544 void i2400ms_remove(struct sdio_func *func)
546 struct device *dev = &func->dev;
547 struct i2400ms *i2400ms = sdio_get_drvdata(func);
548 struct i2400m *i2400m = &i2400ms->i2400m;
549 struct net_device *net_dev = i2400m->wimax_dev.net_dev;
551 d_fnstart(3, dev, "SDIO func %p\n", func);
552 debugfs_remove_recursive(i2400ms->debugfs_dentry);
553 i2400ms->debugfs_dentry = NULL;
554 i2400m_release(i2400m);
555 sdio_set_drvdata(func, NULL);
556 free_netdev(net_dev);
557 d_fnend(3, dev, "SDIO func %p\n", func);
560 static
561 const struct sdio_device_id i2400ms_sdio_ids[] = {
562 /* Intel: i2400m WiMAX (iwmc3200) over SDIO */
563 { SDIO_DEVICE(SDIO_VENDOR_ID_INTEL,
564 SDIO_DEVICE_ID_INTEL_IWMC3200WIMAX) },
565 { SDIO_DEVICE(SDIO_VENDOR_ID_INTEL,
566 SDIO_DEVICE_ID_INTEL_IWMC3200WIMAX_2G5) },
567 { /* end: all zeroes */ },
569 MODULE_DEVICE_TABLE(sdio, i2400ms_sdio_ids);
572 static
573 struct sdio_driver i2400m_sdio_driver = {
574 .name = KBUILD_MODNAME,
575 .probe = i2400ms_probe,
576 .remove = i2400ms_remove,
577 .id_table = i2400ms_sdio_ids,
581 static
582 int __init i2400ms_driver_init(void)
584 d_parse_params(D_LEVEL, D_LEVEL_SIZE, i2400ms_debug_params,
585 "i2400m_sdio.debug");
586 return sdio_register_driver(&i2400m_sdio_driver);
588 module_init(i2400ms_driver_init);
591 static
592 void __exit i2400ms_driver_exit(void)
594 sdio_unregister_driver(&i2400m_sdio_driver);
596 module_exit(i2400ms_driver_exit);
599 MODULE_AUTHOR("Intel Corporation <linux-wimax@intel.com>");
600 MODULE_DESCRIPTION("Intel 2400M WiMAX networking for SDIO");
601 MODULE_LICENSE("GPL");
602 MODULE_FIRMWARE(I2400MS_FW_FILE_NAME);