OMAPDSS: VENC: fix NULL pointer dereference in DSS2 VENC sysfs debug attr on OMAP4
[zen-stable.git] / drivers / net / wireless / wl1251 / cmd.c
blobd14d69d733a07fc9bd9e77c4e2192e42ea8f83c9
1 #include "cmd.h"
3 #include <linux/module.h>
4 #include <linux/slab.h>
5 #include <linux/crc7.h>
7 #include "wl1251.h"
8 #include "reg.h"
9 #include "io.h"
10 #include "ps.h"
11 #include "acx.h"
13 /**
14 * send command to firmware
16 * @wl: wl struct
17 * @id: command id
18 * @buf: buffer containing the command, must work with dma
19 * @len: length of the buffer
21 int wl1251_cmd_send(struct wl1251 *wl, u16 id, void *buf, size_t len)
23 struct wl1251_cmd_header *cmd;
24 unsigned long timeout;
25 u32 intr;
26 int ret = 0;
28 cmd = buf;
29 cmd->id = id;
30 cmd->status = 0;
32 WARN_ON(len % 4 != 0);
34 wl1251_mem_write(wl, wl->cmd_box_addr, buf, len);
36 wl1251_reg_write32(wl, ACX_REG_INTERRUPT_TRIG, INTR_TRIG_CMD);
38 timeout = jiffies + msecs_to_jiffies(WL1251_COMMAND_TIMEOUT);
40 intr = wl1251_reg_read32(wl, ACX_REG_INTERRUPT_NO_CLEAR);
41 while (!(intr & WL1251_ACX_INTR_CMD_COMPLETE)) {
42 if (time_after(jiffies, timeout)) {
43 wl1251_error("command complete timeout");
44 ret = -ETIMEDOUT;
45 goto out;
48 msleep(1);
50 intr = wl1251_reg_read32(wl, ACX_REG_INTERRUPT_NO_CLEAR);
53 wl1251_reg_write32(wl, ACX_REG_INTERRUPT_ACK,
54 WL1251_ACX_INTR_CMD_COMPLETE);
56 out:
57 return ret;
60 /**
61 * send test command to firmware
63 * @wl: wl struct
64 * @buf: buffer containing the command, with all headers, must work with dma
65 * @len: length of the buffer
66 * @answer: is answer needed
68 int wl1251_cmd_test(struct wl1251 *wl, void *buf, size_t buf_len, u8 answer)
70 int ret;
72 wl1251_debug(DEBUG_CMD, "cmd test");
74 ret = wl1251_cmd_send(wl, CMD_TEST, buf, buf_len);
76 if (ret < 0) {
77 wl1251_warning("TEST command failed");
78 return ret;
81 if (answer) {
82 struct wl1251_command *cmd_answer;
85 * The test command got in, we can read the answer.
86 * The answer would be a wl1251_command, where the
87 * parameter array contains the actual answer.
89 wl1251_mem_read(wl, wl->cmd_box_addr, buf, buf_len);
91 cmd_answer = buf;
93 if (cmd_answer->header.status != CMD_STATUS_SUCCESS)
94 wl1251_error("TEST command answer error: %d",
95 cmd_answer->header.status);
98 return 0;
102 * read acx from firmware
104 * @wl: wl struct
105 * @id: acx id
106 * @buf: buffer for the response, including all headers, must work with dma
107 * @len: length of buf
109 int wl1251_cmd_interrogate(struct wl1251 *wl, u16 id, void *buf, size_t len)
111 struct acx_header *acx = buf;
112 int ret;
114 wl1251_debug(DEBUG_CMD, "cmd interrogate");
116 acx->id = id;
118 /* payload length, does not include any headers */
119 acx->len = len - sizeof(*acx);
121 ret = wl1251_cmd_send(wl, CMD_INTERROGATE, acx, sizeof(*acx));
122 if (ret < 0) {
123 wl1251_error("INTERROGATE command failed");
124 goto out;
127 /* the interrogate command got in, we can read the answer */
128 wl1251_mem_read(wl, wl->cmd_box_addr, buf, len);
130 acx = buf;
131 if (acx->cmd.status != CMD_STATUS_SUCCESS)
132 wl1251_error("INTERROGATE command error: %d",
133 acx->cmd.status);
135 out:
136 return ret;
140 * write acx value to firmware
142 * @wl: wl struct
143 * @id: acx id
144 * @buf: buffer containing acx, including all headers, must work with dma
145 * @len: length of buf
147 int wl1251_cmd_configure(struct wl1251 *wl, u16 id, void *buf, size_t len)
149 struct acx_header *acx = buf;
150 int ret;
152 wl1251_debug(DEBUG_CMD, "cmd configure");
154 acx->id = id;
156 /* payload length, does not include any headers */
157 acx->len = len - sizeof(*acx);
159 ret = wl1251_cmd_send(wl, CMD_CONFIGURE, acx, len);
160 if (ret < 0) {
161 wl1251_warning("CONFIGURE command NOK");
162 return ret;
165 return 0;
168 int wl1251_cmd_vbm(struct wl1251 *wl, u8 identity,
169 void *bitmap, u16 bitmap_len, u8 bitmap_control)
171 struct wl1251_cmd_vbm_update *vbm;
172 int ret;
174 wl1251_debug(DEBUG_CMD, "cmd vbm");
176 vbm = kzalloc(sizeof(*vbm), GFP_KERNEL);
177 if (!vbm) {
178 ret = -ENOMEM;
179 goto out;
182 /* Count and period will be filled by the target */
183 vbm->tim.bitmap_ctrl = bitmap_control;
184 if (bitmap_len > PARTIAL_VBM_MAX) {
185 wl1251_warning("cmd vbm len is %d B, truncating to %d",
186 bitmap_len, PARTIAL_VBM_MAX);
187 bitmap_len = PARTIAL_VBM_MAX;
189 memcpy(vbm->tim.pvb_field, bitmap, bitmap_len);
190 vbm->tim.identity = identity;
191 vbm->tim.length = bitmap_len + 3;
193 vbm->len = cpu_to_le16(bitmap_len + 5);
195 ret = wl1251_cmd_send(wl, CMD_VBM, vbm, sizeof(*vbm));
196 if (ret < 0) {
197 wl1251_error("VBM command failed");
198 goto out;
201 out:
202 kfree(vbm);
203 return ret;
206 int wl1251_cmd_data_path(struct wl1251 *wl, u8 channel, bool enable)
208 struct cmd_enabledisable_path *cmd;
209 int ret;
210 u16 cmd_rx, cmd_tx;
212 wl1251_debug(DEBUG_CMD, "cmd data path");
214 cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
215 if (!cmd) {
216 ret = -ENOMEM;
217 goto out;
220 cmd->channel = channel;
222 if (enable) {
223 cmd_rx = CMD_ENABLE_RX;
224 cmd_tx = CMD_ENABLE_TX;
225 } else {
226 cmd_rx = CMD_DISABLE_RX;
227 cmd_tx = CMD_DISABLE_TX;
230 ret = wl1251_cmd_send(wl, cmd_rx, cmd, sizeof(*cmd));
231 if (ret < 0) {
232 wl1251_error("rx %s cmd for channel %d failed",
233 enable ? "start" : "stop", channel);
234 goto out;
237 wl1251_debug(DEBUG_BOOT, "rx %s cmd channel %d",
238 enable ? "start" : "stop", channel);
240 ret = wl1251_cmd_send(wl, cmd_tx, cmd, sizeof(*cmd));
241 if (ret < 0) {
242 wl1251_error("tx %s cmd for channel %d failed",
243 enable ? "start" : "stop", channel);
244 goto out;
247 wl1251_debug(DEBUG_BOOT, "tx %s cmd channel %d",
248 enable ? "start" : "stop", channel);
250 out:
251 kfree(cmd);
252 return ret;
255 int wl1251_cmd_join(struct wl1251 *wl, u8 bss_type, u8 channel,
256 u16 beacon_interval, u8 dtim_interval)
258 struct cmd_join *join;
259 int ret, i;
260 u8 *bssid;
262 join = kzalloc(sizeof(*join), GFP_KERNEL);
263 if (!join) {
264 ret = -ENOMEM;
265 goto out;
268 wl1251_debug(DEBUG_CMD, "cmd join%s ch %d %d/%d",
269 bss_type == BSS_TYPE_IBSS ? " ibss" : "",
270 channel, beacon_interval, dtim_interval);
272 /* Reverse order BSSID */
273 bssid = (u8 *) &join->bssid_lsb;
274 for (i = 0; i < ETH_ALEN; i++)
275 bssid[i] = wl->bssid[ETH_ALEN - i - 1];
277 join->rx_config_options = wl->rx_config;
278 join->rx_filter_options = wl->rx_filter;
281 * FIXME: disable temporarily all filters because after commit
282 * 9cef8737 "mac80211: fix managed mode BSSID handling" broke
283 * association. The filter logic needs to be implemented properly
284 * and once that is done, this hack can be removed.
286 join->rx_config_options = 0;
287 join->rx_filter_options = WL1251_DEFAULT_RX_FILTER;
289 join->basic_rate_set = RATE_MASK_1MBPS | RATE_MASK_2MBPS |
290 RATE_MASK_5_5MBPS | RATE_MASK_11MBPS;
292 join->beacon_interval = beacon_interval;
293 join->dtim_interval = dtim_interval;
294 join->bss_type = bss_type;
295 join->channel = channel;
296 join->ctrl = JOIN_CMD_CTRL_TX_FLUSH;
298 ret = wl1251_cmd_send(wl, CMD_START_JOIN, join, sizeof(*join));
299 if (ret < 0) {
300 wl1251_error("failed to initiate cmd join");
301 goto out;
304 out:
305 kfree(join);
306 return ret;
309 int wl1251_cmd_ps_mode(struct wl1251 *wl, u8 ps_mode)
311 struct wl1251_cmd_ps_params *ps_params = NULL;
312 int ret = 0;
314 wl1251_debug(DEBUG_CMD, "cmd set ps mode");
316 ps_params = kzalloc(sizeof(*ps_params), GFP_KERNEL);
317 if (!ps_params) {
318 ret = -ENOMEM;
319 goto out;
322 ps_params->ps_mode = ps_mode;
323 ps_params->send_null_data = 1;
324 ps_params->retries = 5;
325 ps_params->hang_over_period = 128;
326 ps_params->null_data_rate = 1; /* 1 Mbps */
328 ret = wl1251_cmd_send(wl, CMD_SET_PS_MODE, ps_params,
329 sizeof(*ps_params));
330 if (ret < 0) {
331 wl1251_error("cmd set_ps_mode failed");
332 goto out;
335 out:
336 kfree(ps_params);
337 return ret;
340 int wl1251_cmd_read_memory(struct wl1251 *wl, u32 addr, void *answer,
341 size_t len)
343 struct cmd_read_write_memory *cmd;
344 int ret = 0;
346 wl1251_debug(DEBUG_CMD, "cmd read memory");
348 cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
349 if (!cmd) {
350 ret = -ENOMEM;
351 goto out;
354 WARN_ON(len > MAX_READ_SIZE);
355 len = min_t(size_t, len, MAX_READ_SIZE);
357 cmd->addr = addr;
358 cmd->size = len;
360 ret = wl1251_cmd_send(wl, CMD_READ_MEMORY, cmd, sizeof(*cmd));
361 if (ret < 0) {
362 wl1251_error("read memory command failed: %d", ret);
363 goto out;
366 /* the read command got in, we can now read the answer */
367 wl1251_mem_read(wl, wl->cmd_box_addr, cmd, sizeof(*cmd));
369 if (cmd->header.status != CMD_STATUS_SUCCESS)
370 wl1251_error("error in read command result: %d",
371 cmd->header.status);
373 memcpy(answer, cmd->value, len);
375 out:
376 kfree(cmd);
377 return ret;
380 int wl1251_cmd_template_set(struct wl1251 *wl, u16 cmd_id,
381 void *buf, size_t buf_len)
383 struct wl1251_cmd_packet_template *cmd;
384 size_t cmd_len;
385 int ret = 0;
387 wl1251_debug(DEBUG_CMD, "cmd template %d", cmd_id);
389 WARN_ON(buf_len > WL1251_MAX_TEMPLATE_SIZE);
390 buf_len = min_t(size_t, buf_len, WL1251_MAX_TEMPLATE_SIZE);
391 cmd_len = ALIGN(sizeof(*cmd) + buf_len, 4);
393 cmd = kzalloc(cmd_len, GFP_KERNEL);
394 if (!cmd) {
395 ret = -ENOMEM;
396 goto out;
399 cmd->size = cpu_to_le16(buf_len);
401 if (buf)
402 memcpy(cmd->data, buf, buf_len);
404 ret = wl1251_cmd_send(wl, cmd_id, cmd, cmd_len);
405 if (ret < 0) {
406 wl1251_warning("cmd set_template failed: %d", ret);
407 goto out;
410 out:
411 kfree(cmd);
412 return ret;
415 int wl1251_cmd_scan(struct wl1251 *wl, u8 *ssid, size_t ssid_len,
416 struct ieee80211_channel *channels[],
417 unsigned int n_channels, unsigned int n_probes)
419 struct wl1251_cmd_scan *cmd;
420 int i, ret = 0;
422 wl1251_debug(DEBUG_CMD, "cmd scan");
424 cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
425 if (!cmd)
426 return -ENOMEM;
428 cmd->params.rx_config_options = cpu_to_le32(CFG_RX_ALL_GOOD);
429 cmd->params.rx_filter_options = cpu_to_le32(CFG_RX_PRSP_EN |
430 CFG_RX_MGMT_EN |
431 CFG_RX_BCN_EN);
432 cmd->params.scan_options = 0;
433 cmd->params.num_channels = n_channels;
434 cmd->params.num_probe_requests = n_probes;
435 cmd->params.tx_rate = cpu_to_le16(1 << 1); /* 2 Mbps */
436 cmd->params.tid_trigger = 0;
438 for (i = 0; i < n_channels; i++) {
439 cmd->channels[i].min_duration =
440 cpu_to_le32(WL1251_SCAN_MIN_DURATION);
441 cmd->channels[i].max_duration =
442 cpu_to_le32(WL1251_SCAN_MAX_DURATION);
443 memset(&cmd->channels[i].bssid_lsb, 0xff, 4);
444 memset(&cmd->channels[i].bssid_msb, 0xff, 2);
445 cmd->channels[i].early_termination = 0;
446 cmd->channels[i].tx_power_att = 0;
447 cmd->channels[i].channel = channels[i]->hw_value;
450 cmd->params.ssid_len = ssid_len;
451 if (ssid)
452 memcpy(cmd->params.ssid, ssid, ssid_len);
454 ret = wl1251_cmd_send(wl, CMD_SCAN, cmd, sizeof(*cmd));
455 if (ret < 0) {
456 wl1251_error("cmd scan failed: %d", ret);
457 goto out;
460 wl1251_mem_read(wl, wl->cmd_box_addr, cmd, sizeof(*cmd));
462 if (cmd->header.status != CMD_STATUS_SUCCESS) {
463 wl1251_error("cmd scan status wasn't success: %d",
464 cmd->header.status);
465 ret = -EIO;
466 goto out;
469 out:
470 kfree(cmd);
471 return ret;
474 int wl1251_cmd_trigger_scan_to(struct wl1251 *wl, u32 timeout)
476 struct wl1251_cmd_trigger_scan_to *cmd;
477 int ret;
479 wl1251_debug(DEBUG_CMD, "cmd trigger scan to");
481 cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
482 if (!cmd)
483 return -ENOMEM;
485 cmd->timeout = timeout;
487 ret = wl1251_cmd_send(wl, CMD_TRIGGER_SCAN_TO, cmd, sizeof(*cmd));
488 if (ret < 0) {
489 wl1251_error("cmd trigger scan to failed: %d", ret);
490 goto out;
493 out:
494 kfree(cmd);
495 return ret;