Avoid reading past buffer when calling GETACL
[zen-stable.git] / drivers / net / wireless / p54 / p54pci.c
blobb1f51a215792028783223984dec8f0b0ac1a8f17
2 /*
3 * Linux device driver for PCI based Prism54
5 * Copyright (c) 2006, Michael Wu <flamingice@sourmilk.net>
6 * Copyright (c) 2008, Christian Lamparter <chunkeey@web.de>
8 * Based on the islsm (softmac prism54) driver, which is:
9 * Copyright 2004-2006 Jean-Baptiste Note <jean-baptiste.note@m4x.org>, et al.
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License version 2 as
13 * published by the Free Software Foundation.
16 #include <linux/init.h>
17 #include <linux/pci.h>
18 #include <linux/slab.h>
19 #include <linux/firmware.h>
20 #include <linux/etherdevice.h>
21 #include <linux/delay.h>
22 #include <linux/completion.h>
23 #include <linux/module.h>
24 #include <net/mac80211.h>
26 #include "p54.h"
27 #include "lmac.h"
28 #include "p54pci.h"
30 MODULE_AUTHOR("Michael Wu <flamingice@sourmilk.net>");
31 MODULE_DESCRIPTION("Prism54 PCI wireless driver");
32 MODULE_LICENSE("GPL");
33 MODULE_ALIAS("prism54pci");
34 MODULE_FIRMWARE("isl3886pci");
36 static DEFINE_PCI_DEVICE_TABLE(p54p_table) = {
37 /* Intersil PRISM Duette/Prism GT Wireless LAN adapter */
38 { PCI_DEVICE(0x1260, 0x3890) },
39 /* 3COM 3CRWE154G72 Wireless LAN adapter */
40 { PCI_DEVICE(0x10b7, 0x6001) },
41 /* Intersil PRISM Indigo Wireless LAN adapter */
42 { PCI_DEVICE(0x1260, 0x3877) },
43 /* Intersil PRISM Javelin/Xbow Wireless LAN adapter */
44 { PCI_DEVICE(0x1260, 0x3886) },
45 /* Intersil PRISM Xbow Wireless LAN adapter (Symbol AP-300) */
46 { PCI_DEVICE(0x1260, 0xffff) },
47 { },
50 MODULE_DEVICE_TABLE(pci, p54p_table);
52 static int p54p_upload_firmware(struct ieee80211_hw *dev)
54 struct p54p_priv *priv = dev->priv;
55 __le32 reg;
56 int err;
57 __le32 *data;
58 u32 remains, left, device_addr;
60 P54P_WRITE(int_enable, cpu_to_le32(0));
61 P54P_READ(int_enable);
62 udelay(10);
64 reg = P54P_READ(ctrl_stat);
65 reg &= cpu_to_le32(~ISL38XX_CTRL_STAT_RESET);
66 reg &= cpu_to_le32(~ISL38XX_CTRL_STAT_RAMBOOT);
67 P54P_WRITE(ctrl_stat, reg);
68 P54P_READ(ctrl_stat);
69 udelay(10);
71 reg |= cpu_to_le32(ISL38XX_CTRL_STAT_RESET);
72 P54P_WRITE(ctrl_stat, reg);
73 wmb();
74 udelay(10);
76 reg &= cpu_to_le32(~ISL38XX_CTRL_STAT_RESET);
77 P54P_WRITE(ctrl_stat, reg);
78 wmb();
80 /* wait for the firmware to reset properly */
81 mdelay(10);
83 err = p54_parse_firmware(dev, priv->firmware);
84 if (err)
85 return err;
87 if (priv->common.fw_interface != FW_LM86) {
88 dev_err(&priv->pdev->dev, "wrong firmware, "
89 "please get a LM86(PCI) firmware a try again.\n");
90 return -EINVAL;
93 data = (__le32 *) priv->firmware->data;
94 remains = priv->firmware->size;
95 device_addr = ISL38XX_DEV_FIRMWARE_ADDR;
96 while (remains) {
97 u32 i = 0;
98 left = min((u32)0x1000, remains);
99 P54P_WRITE(direct_mem_base, cpu_to_le32(device_addr));
100 P54P_READ(int_enable);
102 device_addr += 0x1000;
103 while (i < left) {
104 P54P_WRITE(direct_mem_win[i], *data++);
105 i += sizeof(u32);
108 remains -= left;
109 P54P_READ(int_enable);
112 reg = P54P_READ(ctrl_stat);
113 reg &= cpu_to_le32(~ISL38XX_CTRL_STAT_CLKRUN);
114 reg &= cpu_to_le32(~ISL38XX_CTRL_STAT_RESET);
115 reg |= cpu_to_le32(ISL38XX_CTRL_STAT_RAMBOOT);
116 P54P_WRITE(ctrl_stat, reg);
117 P54P_READ(ctrl_stat);
118 udelay(10);
120 reg |= cpu_to_le32(ISL38XX_CTRL_STAT_RESET);
121 P54P_WRITE(ctrl_stat, reg);
122 wmb();
123 udelay(10);
125 reg &= cpu_to_le32(~ISL38XX_CTRL_STAT_RESET);
126 P54P_WRITE(ctrl_stat, reg);
127 wmb();
128 udelay(10);
130 /* wait for the firmware to boot properly */
131 mdelay(100);
133 return 0;
136 static void p54p_refill_rx_ring(struct ieee80211_hw *dev,
137 int ring_index, struct p54p_desc *ring, u32 ring_limit,
138 struct sk_buff **rx_buf, u32 index)
140 struct p54p_priv *priv = dev->priv;
141 struct p54p_ring_control *ring_control = priv->ring_control;
142 u32 limit, idx, i;
144 idx = le32_to_cpu(ring_control->host_idx[ring_index]);
145 limit = idx;
146 limit -= index;
147 limit = ring_limit - limit;
149 i = idx % ring_limit;
150 while (limit-- > 1) {
151 struct p54p_desc *desc = &ring[i];
153 if (!desc->host_addr) {
154 struct sk_buff *skb;
155 dma_addr_t mapping;
156 skb = dev_alloc_skb(priv->common.rx_mtu + 32);
157 if (!skb)
158 break;
160 mapping = pci_map_single(priv->pdev,
161 skb_tail_pointer(skb),
162 priv->common.rx_mtu + 32,
163 PCI_DMA_FROMDEVICE);
165 if (pci_dma_mapping_error(priv->pdev, mapping)) {
166 dev_kfree_skb_any(skb);
167 dev_err(&priv->pdev->dev,
168 "RX DMA Mapping error\n");
169 break;
172 desc->host_addr = cpu_to_le32(mapping);
173 desc->device_addr = 0; // FIXME: necessary?
174 desc->len = cpu_to_le16(priv->common.rx_mtu + 32);
175 desc->flags = 0;
176 rx_buf[i] = skb;
179 i++;
180 idx++;
181 i %= ring_limit;
184 wmb();
185 ring_control->host_idx[ring_index] = cpu_to_le32(idx);
188 static void p54p_check_rx_ring(struct ieee80211_hw *dev, u32 *index,
189 int ring_index, struct p54p_desc *ring, u32 ring_limit,
190 struct sk_buff **rx_buf)
192 struct p54p_priv *priv = dev->priv;
193 struct p54p_ring_control *ring_control = priv->ring_control;
194 struct p54p_desc *desc;
195 u32 idx, i;
197 i = (*index) % ring_limit;
198 (*index) = idx = le32_to_cpu(ring_control->device_idx[ring_index]);
199 idx %= ring_limit;
200 while (i != idx) {
201 u16 len;
202 struct sk_buff *skb;
203 dma_addr_t dma_addr;
204 desc = &ring[i];
205 len = le16_to_cpu(desc->len);
206 skb = rx_buf[i];
208 if (!skb) {
209 i++;
210 i %= ring_limit;
211 continue;
214 if (unlikely(len > priv->common.rx_mtu)) {
215 if (net_ratelimit())
216 dev_err(&priv->pdev->dev, "rx'd frame size "
217 "exceeds length threshold.\n");
219 len = priv->common.rx_mtu;
221 dma_addr = le32_to_cpu(desc->host_addr);
222 pci_dma_sync_single_for_cpu(priv->pdev, dma_addr,
223 priv->common.rx_mtu + 32, PCI_DMA_FROMDEVICE);
224 skb_put(skb, len);
226 if (p54_rx(dev, skb)) {
227 pci_unmap_single(priv->pdev, dma_addr,
228 priv->common.rx_mtu + 32, PCI_DMA_FROMDEVICE);
229 rx_buf[i] = NULL;
230 desc->host_addr = cpu_to_le32(0);
231 } else {
232 skb_trim(skb, 0);
233 pci_dma_sync_single_for_device(priv->pdev, dma_addr,
234 priv->common.rx_mtu + 32, PCI_DMA_FROMDEVICE);
235 desc->len = cpu_to_le16(priv->common.rx_mtu + 32);
238 i++;
239 i %= ring_limit;
242 p54p_refill_rx_ring(dev, ring_index, ring, ring_limit, rx_buf, *index);
245 static void p54p_check_tx_ring(struct ieee80211_hw *dev, u32 *index,
246 int ring_index, struct p54p_desc *ring, u32 ring_limit,
247 struct sk_buff **tx_buf)
249 struct p54p_priv *priv = dev->priv;
250 struct p54p_ring_control *ring_control = priv->ring_control;
251 struct p54p_desc *desc;
252 struct sk_buff *skb;
253 u32 idx, i;
255 i = (*index) % ring_limit;
256 (*index) = idx = le32_to_cpu(ring_control->device_idx[ring_index]);
257 idx %= ring_limit;
259 while (i != idx) {
260 desc = &ring[i];
262 skb = tx_buf[i];
263 tx_buf[i] = NULL;
265 pci_unmap_single(priv->pdev, le32_to_cpu(desc->host_addr),
266 le16_to_cpu(desc->len), PCI_DMA_TODEVICE);
268 desc->host_addr = 0;
269 desc->device_addr = 0;
270 desc->len = 0;
271 desc->flags = 0;
273 if (skb && FREE_AFTER_TX(skb))
274 p54_free_skb(dev, skb);
276 i++;
277 i %= ring_limit;
281 static void p54p_tasklet(unsigned long dev_id)
283 struct ieee80211_hw *dev = (struct ieee80211_hw *)dev_id;
284 struct p54p_priv *priv = dev->priv;
285 struct p54p_ring_control *ring_control = priv->ring_control;
287 p54p_check_tx_ring(dev, &priv->tx_idx_mgmt, 3, ring_control->tx_mgmt,
288 ARRAY_SIZE(ring_control->tx_mgmt),
289 priv->tx_buf_mgmt);
291 p54p_check_tx_ring(dev, &priv->tx_idx_data, 1, ring_control->tx_data,
292 ARRAY_SIZE(ring_control->tx_data),
293 priv->tx_buf_data);
295 p54p_check_rx_ring(dev, &priv->rx_idx_mgmt, 2, ring_control->rx_mgmt,
296 ARRAY_SIZE(ring_control->rx_mgmt), priv->rx_buf_mgmt);
298 p54p_check_rx_ring(dev, &priv->rx_idx_data, 0, ring_control->rx_data,
299 ARRAY_SIZE(ring_control->rx_data), priv->rx_buf_data);
301 wmb();
302 P54P_WRITE(dev_int, cpu_to_le32(ISL38XX_DEV_INT_UPDATE));
305 static irqreturn_t p54p_interrupt(int irq, void *dev_id)
307 struct ieee80211_hw *dev = dev_id;
308 struct p54p_priv *priv = dev->priv;
309 __le32 reg;
311 reg = P54P_READ(int_ident);
312 if (unlikely(reg == cpu_to_le32(0xFFFFFFFF))) {
313 goto out;
315 P54P_WRITE(int_ack, reg);
317 reg &= P54P_READ(int_enable);
319 if (reg & cpu_to_le32(ISL38XX_INT_IDENT_UPDATE))
320 tasklet_schedule(&priv->tasklet);
321 else if (reg & cpu_to_le32(ISL38XX_INT_IDENT_INIT))
322 complete(&priv->boot_comp);
324 out:
325 return reg ? IRQ_HANDLED : IRQ_NONE;
328 static void p54p_tx(struct ieee80211_hw *dev, struct sk_buff *skb)
330 unsigned long flags;
331 struct p54p_priv *priv = dev->priv;
332 struct p54p_ring_control *ring_control = priv->ring_control;
333 struct p54p_desc *desc;
334 dma_addr_t mapping;
335 u32 idx, i;
337 spin_lock_irqsave(&priv->lock, flags);
338 idx = le32_to_cpu(ring_control->host_idx[1]);
339 i = idx % ARRAY_SIZE(ring_control->tx_data);
341 mapping = pci_map_single(priv->pdev, skb->data, skb->len,
342 PCI_DMA_TODEVICE);
343 if (pci_dma_mapping_error(priv->pdev, mapping)) {
344 spin_unlock_irqrestore(&priv->lock, flags);
345 p54_free_skb(dev, skb);
346 dev_err(&priv->pdev->dev, "TX DMA mapping error\n");
347 return ;
349 priv->tx_buf_data[i] = skb;
351 desc = &ring_control->tx_data[i];
352 desc->host_addr = cpu_to_le32(mapping);
353 desc->device_addr = ((struct p54_hdr *)skb->data)->req_id;
354 desc->len = cpu_to_le16(skb->len);
355 desc->flags = 0;
357 wmb();
358 ring_control->host_idx[1] = cpu_to_le32(idx + 1);
359 spin_unlock_irqrestore(&priv->lock, flags);
361 P54P_WRITE(dev_int, cpu_to_le32(ISL38XX_DEV_INT_UPDATE));
362 P54P_READ(dev_int);
365 static void p54p_stop(struct ieee80211_hw *dev)
367 struct p54p_priv *priv = dev->priv;
368 struct p54p_ring_control *ring_control = priv->ring_control;
369 unsigned int i;
370 struct p54p_desc *desc;
372 P54P_WRITE(int_enable, cpu_to_le32(0));
373 P54P_READ(int_enable);
374 udelay(10);
376 free_irq(priv->pdev->irq, dev);
378 tasklet_kill(&priv->tasklet);
380 P54P_WRITE(dev_int, cpu_to_le32(ISL38XX_DEV_INT_RESET));
382 for (i = 0; i < ARRAY_SIZE(priv->rx_buf_data); i++) {
383 desc = &ring_control->rx_data[i];
384 if (desc->host_addr)
385 pci_unmap_single(priv->pdev,
386 le32_to_cpu(desc->host_addr),
387 priv->common.rx_mtu + 32,
388 PCI_DMA_FROMDEVICE);
389 kfree_skb(priv->rx_buf_data[i]);
390 priv->rx_buf_data[i] = NULL;
393 for (i = 0; i < ARRAY_SIZE(priv->rx_buf_mgmt); i++) {
394 desc = &ring_control->rx_mgmt[i];
395 if (desc->host_addr)
396 pci_unmap_single(priv->pdev,
397 le32_to_cpu(desc->host_addr),
398 priv->common.rx_mtu + 32,
399 PCI_DMA_FROMDEVICE);
400 kfree_skb(priv->rx_buf_mgmt[i]);
401 priv->rx_buf_mgmt[i] = NULL;
404 for (i = 0; i < ARRAY_SIZE(priv->tx_buf_data); i++) {
405 desc = &ring_control->tx_data[i];
406 if (desc->host_addr)
407 pci_unmap_single(priv->pdev,
408 le32_to_cpu(desc->host_addr),
409 le16_to_cpu(desc->len),
410 PCI_DMA_TODEVICE);
412 p54_free_skb(dev, priv->tx_buf_data[i]);
413 priv->tx_buf_data[i] = NULL;
416 for (i = 0; i < ARRAY_SIZE(priv->tx_buf_mgmt); i++) {
417 desc = &ring_control->tx_mgmt[i];
418 if (desc->host_addr)
419 pci_unmap_single(priv->pdev,
420 le32_to_cpu(desc->host_addr),
421 le16_to_cpu(desc->len),
422 PCI_DMA_TODEVICE);
424 p54_free_skb(dev, priv->tx_buf_mgmt[i]);
425 priv->tx_buf_mgmt[i] = NULL;
428 memset(ring_control, 0, sizeof(*ring_control));
431 static int p54p_open(struct ieee80211_hw *dev)
433 struct p54p_priv *priv = dev->priv;
434 int err;
436 init_completion(&priv->boot_comp);
437 err = request_irq(priv->pdev->irq, p54p_interrupt,
438 IRQF_SHARED, "p54pci", dev);
439 if (err) {
440 dev_err(&priv->pdev->dev, "failed to register IRQ handler\n");
441 return err;
444 memset(priv->ring_control, 0, sizeof(*priv->ring_control));
445 err = p54p_upload_firmware(dev);
446 if (err) {
447 free_irq(priv->pdev->irq, dev);
448 return err;
450 priv->rx_idx_data = priv->tx_idx_data = 0;
451 priv->rx_idx_mgmt = priv->tx_idx_mgmt = 0;
453 p54p_refill_rx_ring(dev, 0, priv->ring_control->rx_data,
454 ARRAY_SIZE(priv->ring_control->rx_data), priv->rx_buf_data, 0);
456 p54p_refill_rx_ring(dev, 2, priv->ring_control->rx_mgmt,
457 ARRAY_SIZE(priv->ring_control->rx_mgmt), priv->rx_buf_mgmt, 0);
459 P54P_WRITE(ring_control_base, cpu_to_le32(priv->ring_control_dma));
460 P54P_READ(ring_control_base);
461 wmb();
462 udelay(10);
464 P54P_WRITE(int_enable, cpu_to_le32(ISL38XX_INT_IDENT_INIT));
465 P54P_READ(int_enable);
466 wmb();
467 udelay(10);
469 P54P_WRITE(dev_int, cpu_to_le32(ISL38XX_DEV_INT_RESET));
470 P54P_READ(dev_int);
472 if (!wait_for_completion_interruptible_timeout(&priv->boot_comp, HZ)) {
473 wiphy_err(dev->wiphy, "Cannot boot firmware!\n");
474 p54p_stop(dev);
475 return -ETIMEDOUT;
478 P54P_WRITE(int_enable, cpu_to_le32(ISL38XX_INT_IDENT_UPDATE));
479 P54P_READ(int_enable);
480 wmb();
481 udelay(10);
483 P54P_WRITE(dev_int, cpu_to_le32(ISL38XX_DEV_INT_UPDATE));
484 P54P_READ(dev_int);
485 wmb();
486 udelay(10);
488 return 0;
491 static int __devinit p54p_probe(struct pci_dev *pdev,
492 const struct pci_device_id *id)
494 struct p54p_priv *priv;
495 struct ieee80211_hw *dev;
496 unsigned long mem_addr, mem_len;
497 int err;
499 err = pci_enable_device(pdev);
500 if (err) {
501 dev_err(&pdev->dev, "Cannot enable new PCI device\n");
502 return err;
505 mem_addr = pci_resource_start(pdev, 0);
506 mem_len = pci_resource_len(pdev, 0);
507 if (mem_len < sizeof(struct p54p_csr)) {
508 dev_err(&pdev->dev, "Too short PCI resources\n");
509 goto err_disable_dev;
512 err = pci_request_regions(pdev, "p54pci");
513 if (err) {
514 dev_err(&pdev->dev, "Cannot obtain PCI resources\n");
515 goto err_disable_dev;
518 if (pci_set_dma_mask(pdev, DMA_BIT_MASK(32)) ||
519 pci_set_consistent_dma_mask(pdev, DMA_BIT_MASK(32))) {
520 dev_err(&pdev->dev, "No suitable DMA available\n");
521 goto err_free_reg;
524 pci_set_master(pdev);
525 pci_try_set_mwi(pdev);
527 pci_write_config_byte(pdev, 0x40, 0);
528 pci_write_config_byte(pdev, 0x41, 0);
530 dev = p54_init_common(sizeof(*priv));
531 if (!dev) {
532 dev_err(&pdev->dev, "ieee80211 alloc failed\n");
533 err = -ENOMEM;
534 goto err_free_reg;
537 priv = dev->priv;
538 priv->pdev = pdev;
540 SET_IEEE80211_DEV(dev, &pdev->dev);
541 pci_set_drvdata(pdev, dev);
543 priv->map = ioremap(mem_addr, mem_len);
544 if (!priv->map) {
545 dev_err(&pdev->dev, "Cannot map device memory\n");
546 err = -ENOMEM;
547 goto err_free_dev;
550 priv->ring_control = pci_alloc_consistent(pdev, sizeof(*priv->ring_control),
551 &priv->ring_control_dma);
552 if (!priv->ring_control) {
553 dev_err(&pdev->dev, "Cannot allocate rings\n");
554 err = -ENOMEM;
555 goto err_iounmap;
557 priv->common.open = p54p_open;
558 priv->common.stop = p54p_stop;
559 priv->common.tx = p54p_tx;
561 spin_lock_init(&priv->lock);
562 tasklet_init(&priv->tasklet, p54p_tasklet, (unsigned long)dev);
564 err = request_firmware(&priv->firmware, "isl3886pci",
565 &priv->pdev->dev);
566 if (err) {
567 dev_err(&pdev->dev, "Cannot find firmware (isl3886pci)\n");
568 err = request_firmware(&priv->firmware, "isl3886",
569 &priv->pdev->dev);
570 if (err)
571 goto err_free_common;
574 err = p54p_open(dev);
575 if (err)
576 goto err_free_common;
577 err = p54_read_eeprom(dev);
578 p54p_stop(dev);
579 if (err)
580 goto err_free_common;
582 err = p54_register_common(dev, &pdev->dev);
583 if (err)
584 goto err_free_common;
586 return 0;
588 err_free_common:
589 release_firmware(priv->firmware);
590 pci_free_consistent(pdev, sizeof(*priv->ring_control),
591 priv->ring_control, priv->ring_control_dma);
593 err_iounmap:
594 iounmap(priv->map);
596 err_free_dev:
597 pci_set_drvdata(pdev, NULL);
598 p54_free_common(dev);
600 err_free_reg:
601 pci_release_regions(pdev);
602 err_disable_dev:
603 pci_disable_device(pdev);
604 return err;
607 static void __devexit p54p_remove(struct pci_dev *pdev)
609 struct ieee80211_hw *dev = pci_get_drvdata(pdev);
610 struct p54p_priv *priv;
612 if (!dev)
613 return;
615 p54_unregister_common(dev);
616 priv = dev->priv;
617 release_firmware(priv->firmware);
618 pci_free_consistent(pdev, sizeof(*priv->ring_control),
619 priv->ring_control, priv->ring_control_dma);
620 iounmap(priv->map);
621 pci_release_regions(pdev);
622 pci_disable_device(pdev);
623 p54_free_common(dev);
626 #ifdef CONFIG_PM
627 static int p54p_suspend(struct pci_dev *pdev, pm_message_t state)
629 struct ieee80211_hw *dev = pci_get_drvdata(pdev);
630 struct p54p_priv *priv = dev->priv;
632 if (priv->common.mode != NL80211_IFTYPE_UNSPECIFIED) {
633 ieee80211_stop_queues(dev);
634 p54p_stop(dev);
637 pci_save_state(pdev);
638 pci_set_power_state(pdev, pci_choose_state(pdev, state));
639 return 0;
642 static int p54p_resume(struct pci_dev *pdev)
644 struct ieee80211_hw *dev = pci_get_drvdata(pdev);
645 struct p54p_priv *priv = dev->priv;
647 pci_set_power_state(pdev, PCI_D0);
648 pci_restore_state(pdev);
650 if (priv->common.mode != NL80211_IFTYPE_UNSPECIFIED) {
651 p54p_open(dev);
652 ieee80211_wake_queues(dev);
655 return 0;
657 #endif /* CONFIG_PM */
659 static struct pci_driver p54p_driver = {
660 .name = "p54pci",
661 .id_table = p54p_table,
662 .probe = p54p_probe,
663 .remove = __devexit_p(p54p_remove),
664 #ifdef CONFIG_PM
665 .suspend = p54p_suspend,
666 .resume = p54p_resume,
667 #endif /* CONFIG_PM */
670 static int __init p54p_init(void)
672 return pci_register_driver(&p54p_driver);
675 static void __exit p54p_exit(void)
677 pci_unregister_driver(&p54p_driver);
680 module_init(p54p_init);
681 module_exit(p54p_exit);