Avoid reading past buffer when calling GETACL
[zen-stable.git] / drivers / net / wireless / p54 / p54spi.c
blobf7929906d4371bd59ccdc0ad14ca6a9d5dff7a39
1 /*
2 * Copyright (C) 2008 Christian Lamparter <chunkeey@web.de>
3 * Copyright 2008 Johannes Berg <johannes@sipsolutions.net>
5 * This driver is a port from stlc45xx:
6 * Copyright (C) 2008 Nokia Corporation and/or its subsidiary(-ies).
8 * This program is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU General Public License
10 * version 2 as published by the Free Software Foundation.
12 * This program is distributed in the hope that it will be useful, but
13 * WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
20 * 02110-1301 USA
23 #include <linux/module.h>
24 #include <linux/platform_device.h>
25 #include <linux/interrupt.h>
26 #include <linux/firmware.h>
27 #include <linux/delay.h>
28 #include <linux/irq.h>
29 #include <linux/spi/spi.h>
30 #include <linux/etherdevice.h>
31 #include <linux/gpio.h>
32 #include <linux/slab.h>
34 #include "p54spi.h"
35 #include "p54.h"
37 #include "lmac.h"
39 #ifdef CONFIG_P54_SPI_DEFAULT_EEPROM
40 #include "p54spi_eeprom.h"
41 #endif /* CONFIG_P54_SPI_DEFAULT_EEPROM */
43 MODULE_FIRMWARE("3826.arm");
46 * gpios should be handled in board files and provided via platform data,
47 * but because it's currently impossible for p54spi to have a header file
48 * in include/linux, let's use module paramaters for now
51 static int p54spi_gpio_power = 97;
52 module_param(p54spi_gpio_power, int, 0444);
53 MODULE_PARM_DESC(p54spi_gpio_power, "gpio number for power line");
55 static int p54spi_gpio_irq = 87;
56 module_param(p54spi_gpio_irq, int, 0444);
57 MODULE_PARM_DESC(p54spi_gpio_irq, "gpio number for irq line");
59 static void p54spi_spi_read(struct p54s_priv *priv, u8 address,
60 void *buf, size_t len)
62 struct spi_transfer t[2];
63 struct spi_message m;
64 __le16 addr;
66 /* We first push the address */
67 addr = cpu_to_le16(address << 8 | SPI_ADRS_READ_BIT_15);
69 spi_message_init(&m);
70 memset(t, 0, sizeof(t));
72 t[0].tx_buf = &addr;
73 t[0].len = sizeof(addr);
74 spi_message_add_tail(&t[0], &m);
76 t[1].rx_buf = buf;
77 t[1].len = len;
78 spi_message_add_tail(&t[1], &m);
80 spi_sync(priv->spi, &m);
84 static void p54spi_spi_write(struct p54s_priv *priv, u8 address,
85 const void *buf, size_t len)
87 struct spi_transfer t[3];
88 struct spi_message m;
89 __le16 addr;
91 /* We first push the address */
92 addr = cpu_to_le16(address << 8);
94 spi_message_init(&m);
95 memset(t, 0, sizeof(t));
97 t[0].tx_buf = &addr;
98 t[0].len = sizeof(addr);
99 spi_message_add_tail(&t[0], &m);
101 t[1].tx_buf = buf;
102 t[1].len = len & ~1;
103 spi_message_add_tail(&t[1], &m);
105 if (len % 2) {
106 __le16 last_word;
107 last_word = cpu_to_le16(((u8 *)buf)[len - 1]);
109 t[2].tx_buf = &last_word;
110 t[2].len = sizeof(last_word);
111 spi_message_add_tail(&t[2], &m);
114 spi_sync(priv->spi, &m);
117 static u32 p54spi_read32(struct p54s_priv *priv, u8 addr)
119 __le32 val;
121 p54spi_spi_read(priv, addr, &val, sizeof(val));
123 return le32_to_cpu(val);
126 static inline void p54spi_write16(struct p54s_priv *priv, u8 addr, __le16 val)
128 p54spi_spi_write(priv, addr, &val, sizeof(val));
131 static inline void p54spi_write32(struct p54s_priv *priv, u8 addr, __le32 val)
133 p54spi_spi_write(priv, addr, &val, sizeof(val));
136 static int p54spi_wait_bit(struct p54s_priv *priv, u16 reg, u32 bits)
138 int i;
140 for (i = 0; i < 2000; i++) {
141 u32 buffer = p54spi_read32(priv, reg);
142 if ((buffer & bits) == bits)
143 return 1;
145 return 0;
148 static int p54spi_spi_write_dma(struct p54s_priv *priv, __le32 base,
149 const void *buf, size_t len)
151 if (!p54spi_wait_bit(priv, SPI_ADRS_DMA_WRITE_CTRL, HOST_ALLOWED)) {
152 dev_err(&priv->spi->dev, "spi_write_dma not allowed "
153 "to DMA write.\n");
154 return -EAGAIN;
157 p54spi_write16(priv, SPI_ADRS_DMA_WRITE_CTRL,
158 cpu_to_le16(SPI_DMA_WRITE_CTRL_ENABLE));
160 p54spi_write16(priv, SPI_ADRS_DMA_WRITE_LEN, cpu_to_le16(len));
161 p54spi_write32(priv, SPI_ADRS_DMA_WRITE_BASE, base);
162 p54spi_spi_write(priv, SPI_ADRS_DMA_DATA, buf, len);
163 return 0;
166 static int p54spi_request_firmware(struct ieee80211_hw *dev)
168 struct p54s_priv *priv = dev->priv;
169 int ret;
171 /* FIXME: should driver use it's own struct device? */
172 ret = request_firmware(&priv->firmware, "3826.arm", &priv->spi->dev);
174 if (ret < 0) {
175 dev_err(&priv->spi->dev, "request_firmware() failed: %d", ret);
176 return ret;
179 ret = p54_parse_firmware(dev, priv->firmware);
180 if (ret) {
181 release_firmware(priv->firmware);
182 return ret;
185 return 0;
188 static int p54spi_request_eeprom(struct ieee80211_hw *dev)
190 struct p54s_priv *priv = dev->priv;
191 const struct firmware *eeprom;
192 int ret;
195 * allow users to customize their eeprom.
198 ret = request_firmware(&eeprom, "3826.eeprom", &priv->spi->dev);
199 if (ret < 0) {
200 #ifdef CONFIG_P54_SPI_DEFAULT_EEPROM
201 dev_info(&priv->spi->dev, "loading default eeprom...\n");
202 ret = p54_parse_eeprom(dev, (void *) p54spi_eeprom,
203 sizeof(p54spi_eeprom));
204 #else
205 dev_err(&priv->spi->dev, "Failed to request user eeprom\n");
206 #endif /* CONFIG_P54_SPI_DEFAULT_EEPROM */
207 } else {
208 dev_info(&priv->spi->dev, "loading user eeprom...\n");
209 ret = p54_parse_eeprom(dev, (void *) eeprom->data,
210 (int)eeprom->size);
211 release_firmware(eeprom);
213 return ret;
216 static int p54spi_upload_firmware(struct ieee80211_hw *dev)
218 struct p54s_priv *priv = dev->priv;
219 unsigned long fw_len, _fw_len;
220 unsigned int offset = 0;
221 int err = 0;
222 u8 *fw;
224 fw_len = priv->firmware->size;
225 fw = kmemdup(priv->firmware->data, fw_len, GFP_KERNEL);
226 if (!fw)
227 return -ENOMEM;
229 /* stop the device */
230 p54spi_write16(priv, SPI_ADRS_DEV_CTRL_STAT, cpu_to_le16(
231 SPI_CTRL_STAT_HOST_OVERRIDE | SPI_CTRL_STAT_HOST_RESET |
232 SPI_CTRL_STAT_START_HALTED));
234 msleep(TARGET_BOOT_SLEEP);
236 p54spi_write16(priv, SPI_ADRS_DEV_CTRL_STAT, cpu_to_le16(
237 SPI_CTRL_STAT_HOST_OVERRIDE |
238 SPI_CTRL_STAT_START_HALTED));
240 msleep(TARGET_BOOT_SLEEP);
242 while (fw_len > 0) {
243 _fw_len = min_t(long, fw_len, SPI_MAX_PACKET_SIZE);
245 err = p54spi_spi_write_dma(priv, cpu_to_le32(
246 ISL38XX_DEV_FIRMWARE_ADDR + offset),
247 (fw + offset), _fw_len);
248 if (err < 0)
249 goto out;
251 fw_len -= _fw_len;
252 offset += _fw_len;
255 BUG_ON(fw_len != 0);
257 /* enable host interrupts */
258 p54spi_write32(priv, SPI_ADRS_HOST_INT_EN,
259 cpu_to_le32(SPI_HOST_INTS_DEFAULT));
261 /* boot the device */
262 p54spi_write16(priv, SPI_ADRS_DEV_CTRL_STAT, cpu_to_le16(
263 SPI_CTRL_STAT_HOST_OVERRIDE | SPI_CTRL_STAT_HOST_RESET |
264 SPI_CTRL_STAT_RAM_BOOT));
266 msleep(TARGET_BOOT_SLEEP);
268 p54spi_write16(priv, SPI_ADRS_DEV_CTRL_STAT, cpu_to_le16(
269 SPI_CTRL_STAT_HOST_OVERRIDE | SPI_CTRL_STAT_RAM_BOOT));
270 msleep(TARGET_BOOT_SLEEP);
272 out:
273 kfree(fw);
274 return err;
277 static void p54spi_power_off(struct p54s_priv *priv)
279 disable_irq(gpio_to_irq(p54spi_gpio_irq));
280 gpio_set_value(p54spi_gpio_power, 0);
283 static void p54spi_power_on(struct p54s_priv *priv)
285 gpio_set_value(p54spi_gpio_power, 1);
286 enable_irq(gpio_to_irq(p54spi_gpio_irq));
289 * need to wait a while before device can be accessed, the length
290 * is just a guess
292 msleep(10);
295 static inline void p54spi_int_ack(struct p54s_priv *priv, u32 val)
297 p54spi_write32(priv, SPI_ADRS_HOST_INT_ACK, cpu_to_le32(val));
300 static int p54spi_wakeup(struct p54s_priv *priv)
302 /* wake the chip */
303 p54spi_write32(priv, SPI_ADRS_ARM_INTERRUPTS,
304 cpu_to_le32(SPI_TARGET_INT_WAKEUP));
306 /* And wait for the READY interrupt */
307 if (!p54spi_wait_bit(priv, SPI_ADRS_HOST_INTERRUPTS,
308 SPI_HOST_INT_READY)) {
309 dev_err(&priv->spi->dev, "INT_READY timeout\n");
310 return -EBUSY;
313 p54spi_int_ack(priv, SPI_HOST_INT_READY);
314 return 0;
317 static inline void p54spi_sleep(struct p54s_priv *priv)
319 p54spi_write32(priv, SPI_ADRS_ARM_INTERRUPTS,
320 cpu_to_le32(SPI_TARGET_INT_SLEEP));
323 static void p54spi_int_ready(struct p54s_priv *priv)
325 p54spi_write32(priv, SPI_ADRS_HOST_INT_EN, cpu_to_le32(
326 SPI_HOST_INT_UPDATE | SPI_HOST_INT_SW_UPDATE));
328 switch (priv->fw_state) {
329 case FW_STATE_BOOTING:
330 priv->fw_state = FW_STATE_READY;
331 complete(&priv->fw_comp);
332 break;
333 case FW_STATE_RESETTING:
334 priv->fw_state = FW_STATE_READY;
335 /* TODO: reinitialize state */
336 break;
337 default:
338 break;
342 static int p54spi_rx(struct p54s_priv *priv)
344 struct sk_buff *skb;
345 u16 len;
346 u16 rx_head[2];
347 #define READAHEAD_SZ (sizeof(rx_head)-sizeof(u16))
349 if (p54spi_wakeup(priv) < 0)
350 return -EBUSY;
352 /* Read data size and first data word in one SPI transaction
353 * This is workaround for firmware/DMA bug,
354 * when first data word gets lost under high load.
356 p54spi_spi_read(priv, SPI_ADRS_DMA_DATA, rx_head, sizeof(rx_head));
357 len = rx_head[0];
359 if (len == 0) {
360 p54spi_sleep(priv);
361 dev_err(&priv->spi->dev, "rx request of zero bytes\n");
362 return 0;
365 /* Firmware may insert up to 4 padding bytes after the lmac header,
366 * but it does not amend the size of SPI data transfer.
367 * Such packets has correct data size in header, thus referencing
368 * past the end of allocated skb. Reserve extra 4 bytes for this case */
369 skb = dev_alloc_skb(len + 4);
370 if (!skb) {
371 p54spi_sleep(priv);
372 dev_err(&priv->spi->dev, "could not alloc skb");
373 return -ENOMEM;
376 if (len <= READAHEAD_SZ) {
377 memcpy(skb_put(skb, len), rx_head + 1, len);
378 } else {
379 memcpy(skb_put(skb, READAHEAD_SZ), rx_head + 1, READAHEAD_SZ);
380 p54spi_spi_read(priv, SPI_ADRS_DMA_DATA,
381 skb_put(skb, len - READAHEAD_SZ),
382 len - READAHEAD_SZ);
384 p54spi_sleep(priv);
385 /* Put additional bytes to compensate for the possible
386 * alignment-caused truncation */
387 skb_put(skb, 4);
389 if (p54_rx(priv->hw, skb) == 0)
390 dev_kfree_skb(skb);
392 return 0;
396 static irqreturn_t p54spi_interrupt(int irq, void *config)
398 struct spi_device *spi = config;
399 struct p54s_priv *priv = dev_get_drvdata(&spi->dev);
401 ieee80211_queue_work(priv->hw, &priv->work);
403 return IRQ_HANDLED;
406 static int p54spi_tx_frame(struct p54s_priv *priv, struct sk_buff *skb)
408 struct p54_hdr *hdr = (struct p54_hdr *) skb->data;
409 int ret = 0;
411 if (p54spi_wakeup(priv) < 0)
412 return -EBUSY;
414 ret = p54spi_spi_write_dma(priv, hdr->req_id, skb->data, skb->len);
415 if (ret < 0)
416 goto out;
418 if (!p54spi_wait_bit(priv, SPI_ADRS_HOST_INTERRUPTS,
419 SPI_HOST_INT_WR_READY)) {
420 dev_err(&priv->spi->dev, "WR_READY timeout\n");
421 ret = -EAGAIN;
422 goto out;
425 p54spi_int_ack(priv, SPI_HOST_INT_WR_READY);
427 if (FREE_AFTER_TX(skb))
428 p54_free_skb(priv->hw, skb);
429 out:
430 p54spi_sleep(priv);
431 return ret;
434 static int p54spi_wq_tx(struct p54s_priv *priv)
436 struct p54s_tx_info *entry;
437 struct sk_buff *skb;
438 struct ieee80211_tx_info *info;
439 struct p54_tx_info *minfo;
440 struct p54s_tx_info *dinfo;
441 unsigned long flags;
442 int ret = 0;
444 spin_lock_irqsave(&priv->tx_lock, flags);
446 while (!list_empty(&priv->tx_pending)) {
447 entry = list_entry(priv->tx_pending.next,
448 struct p54s_tx_info, tx_list);
450 list_del_init(&entry->tx_list);
452 spin_unlock_irqrestore(&priv->tx_lock, flags);
454 dinfo = container_of((void *) entry, struct p54s_tx_info,
455 tx_list);
456 minfo = container_of((void *) dinfo, struct p54_tx_info,
457 data);
458 info = container_of((void *) minfo, struct ieee80211_tx_info,
459 rate_driver_data);
460 skb = container_of((void *) info, struct sk_buff, cb);
462 ret = p54spi_tx_frame(priv, skb);
464 if (ret < 0) {
465 p54_free_skb(priv->hw, skb);
466 return ret;
469 spin_lock_irqsave(&priv->tx_lock, flags);
471 spin_unlock_irqrestore(&priv->tx_lock, flags);
472 return ret;
475 static void p54spi_op_tx(struct ieee80211_hw *dev, struct sk_buff *skb)
477 struct p54s_priv *priv = dev->priv;
478 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
479 struct p54_tx_info *mi = (struct p54_tx_info *) info->rate_driver_data;
480 struct p54s_tx_info *di = (struct p54s_tx_info *) mi->data;
481 unsigned long flags;
483 BUILD_BUG_ON(sizeof(*di) > sizeof((mi->data)));
485 spin_lock_irqsave(&priv->tx_lock, flags);
486 list_add_tail(&di->tx_list, &priv->tx_pending);
487 spin_unlock_irqrestore(&priv->tx_lock, flags);
489 ieee80211_queue_work(priv->hw, &priv->work);
492 static void p54spi_work(struct work_struct *work)
494 struct p54s_priv *priv = container_of(work, struct p54s_priv, work);
495 u32 ints;
496 int ret;
498 mutex_lock(&priv->mutex);
500 if (priv->fw_state == FW_STATE_OFF)
501 goto out;
503 ints = p54spi_read32(priv, SPI_ADRS_HOST_INTERRUPTS);
505 if (ints & SPI_HOST_INT_READY) {
506 p54spi_int_ready(priv);
507 p54spi_int_ack(priv, SPI_HOST_INT_READY);
510 if (priv->fw_state != FW_STATE_READY)
511 goto out;
513 if (ints & SPI_HOST_INT_UPDATE) {
514 p54spi_int_ack(priv, SPI_HOST_INT_UPDATE);
515 ret = p54spi_rx(priv);
516 if (ret < 0)
517 goto out;
519 if (ints & SPI_HOST_INT_SW_UPDATE) {
520 p54spi_int_ack(priv, SPI_HOST_INT_SW_UPDATE);
521 ret = p54spi_rx(priv);
522 if (ret < 0)
523 goto out;
526 ret = p54spi_wq_tx(priv);
527 out:
528 mutex_unlock(&priv->mutex);
531 static int p54spi_op_start(struct ieee80211_hw *dev)
533 struct p54s_priv *priv = dev->priv;
534 unsigned long timeout;
535 int ret = 0;
537 if (mutex_lock_interruptible(&priv->mutex)) {
538 ret = -EINTR;
539 goto out;
542 priv->fw_state = FW_STATE_BOOTING;
544 p54spi_power_on(priv);
546 ret = p54spi_upload_firmware(dev);
547 if (ret < 0) {
548 p54spi_power_off(priv);
549 goto out_unlock;
552 mutex_unlock(&priv->mutex);
554 timeout = msecs_to_jiffies(2000);
555 timeout = wait_for_completion_interruptible_timeout(&priv->fw_comp,
556 timeout);
557 if (!timeout) {
558 dev_err(&priv->spi->dev, "firmware boot failed");
559 p54spi_power_off(priv);
560 ret = -1;
561 goto out;
564 if (mutex_lock_interruptible(&priv->mutex)) {
565 ret = -EINTR;
566 p54spi_power_off(priv);
567 goto out;
570 WARN_ON(priv->fw_state != FW_STATE_READY);
572 out_unlock:
573 mutex_unlock(&priv->mutex);
575 out:
576 return ret;
579 static void p54spi_op_stop(struct ieee80211_hw *dev)
581 struct p54s_priv *priv = dev->priv;
582 unsigned long flags;
584 mutex_lock(&priv->mutex);
585 WARN_ON(priv->fw_state != FW_STATE_READY);
587 p54spi_power_off(priv);
588 spin_lock_irqsave(&priv->tx_lock, flags);
589 INIT_LIST_HEAD(&priv->tx_pending);
590 spin_unlock_irqrestore(&priv->tx_lock, flags);
592 priv->fw_state = FW_STATE_OFF;
593 mutex_unlock(&priv->mutex);
595 cancel_work_sync(&priv->work);
598 static int __devinit p54spi_probe(struct spi_device *spi)
600 struct p54s_priv *priv = NULL;
601 struct ieee80211_hw *hw;
602 int ret = -EINVAL;
604 hw = p54_init_common(sizeof(*priv));
605 if (!hw) {
606 dev_err(&spi->dev, "could not alloc ieee80211_hw");
607 return -ENOMEM;
610 priv = hw->priv;
611 priv->hw = hw;
612 dev_set_drvdata(&spi->dev, priv);
613 priv->spi = spi;
615 spi->bits_per_word = 16;
616 spi->max_speed_hz = 24000000;
618 ret = spi_setup(spi);
619 if (ret < 0) {
620 dev_err(&priv->spi->dev, "spi_setup failed");
621 goto err_free;
624 ret = gpio_request(p54spi_gpio_power, "p54spi power");
625 if (ret < 0) {
626 dev_err(&priv->spi->dev, "power GPIO request failed: %d", ret);
627 goto err_free;
630 ret = gpio_request(p54spi_gpio_irq, "p54spi irq");
631 if (ret < 0) {
632 dev_err(&priv->spi->dev, "irq GPIO request failed: %d", ret);
633 goto err_free_gpio_power;
636 gpio_direction_output(p54spi_gpio_power, 0);
637 gpio_direction_input(p54spi_gpio_irq);
639 ret = request_irq(gpio_to_irq(p54spi_gpio_irq),
640 p54spi_interrupt, IRQF_DISABLED, "p54spi",
641 priv->spi);
642 if (ret < 0) {
643 dev_err(&priv->spi->dev, "request_irq() failed");
644 goto err_free_gpio_irq;
647 irq_set_irq_type(gpio_to_irq(p54spi_gpio_irq), IRQ_TYPE_EDGE_RISING);
649 disable_irq(gpio_to_irq(p54spi_gpio_irq));
651 INIT_WORK(&priv->work, p54spi_work);
652 init_completion(&priv->fw_comp);
653 INIT_LIST_HEAD(&priv->tx_pending);
654 mutex_init(&priv->mutex);
655 spin_lock_init(&priv->tx_lock);
656 SET_IEEE80211_DEV(hw, &spi->dev);
657 priv->common.open = p54spi_op_start;
658 priv->common.stop = p54spi_op_stop;
659 priv->common.tx = p54spi_op_tx;
661 ret = p54spi_request_firmware(hw);
662 if (ret < 0)
663 goto err_free_common;
665 ret = p54spi_request_eeprom(hw);
666 if (ret)
667 goto err_free_common;
669 ret = p54_register_common(hw, &priv->spi->dev);
670 if (ret)
671 goto err_free_common;
673 return 0;
675 err_free_common:
676 free_irq(gpio_to_irq(p54spi_gpio_irq), spi);
677 err_free_gpio_irq:
678 gpio_free(p54spi_gpio_irq);
679 err_free_gpio_power:
680 gpio_free(p54spi_gpio_power);
681 err_free:
682 p54_free_common(priv->hw);
683 return ret;
686 static int __devexit p54spi_remove(struct spi_device *spi)
688 struct p54s_priv *priv = dev_get_drvdata(&spi->dev);
690 p54_unregister_common(priv->hw);
692 free_irq(gpio_to_irq(p54spi_gpio_irq), spi);
694 gpio_free(p54spi_gpio_power);
695 gpio_free(p54spi_gpio_irq);
696 release_firmware(priv->firmware);
698 mutex_destroy(&priv->mutex);
700 p54_free_common(priv->hw);
702 return 0;
706 static struct spi_driver p54spi_driver = {
707 .driver = {
708 .name = "p54spi",
709 .owner = THIS_MODULE,
712 .probe = p54spi_probe,
713 .remove = __devexit_p(p54spi_remove),
716 static int __init p54spi_init(void)
718 int ret;
720 ret = spi_register_driver(&p54spi_driver);
721 if (ret < 0) {
722 printk(KERN_ERR "failed to register SPI driver: %d", ret);
723 goto out;
726 out:
727 return ret;
730 static void __exit p54spi_exit(void)
732 spi_unregister_driver(&p54spi_driver);
735 module_init(p54spi_init);
736 module_exit(p54spi_exit);
738 MODULE_LICENSE("GPL");
739 MODULE_AUTHOR("Christian Lamparter <chunkeey@web.de>");
740 MODULE_ALIAS("spi:cx3110x");
741 MODULE_ALIAS("spi:p54spi");
742 MODULE_ALIAS("spi:stlc45xx");