50bc7e4190d9c8401155638d632def330df4497a
[linux-2.6.git] / drivers / net / wireless / bcmdhd / dhd_sdio.c
1 /*
2  * DHD Bus Module for SDIO
3  *
4  * Copyright (C) 1999-2011, Broadcom Corporation
5  * 
6  *         Unless you and Broadcom execute a separate written software license
7  * agreement governing use of this software, this software is licensed to you
8  * under the terms of the GNU General Public License version 2 (the "GPL"),
9  * available at http://www.broadcom.com/licenses/GPLv2.php, with the
10  * following added to such license:
11  * 
12  *      As a special exception, the copyright holders of this software give you
13  * permission to link this software with independent modules, and to copy and
14  * distribute the resulting executable under terms of your choice, provided that
15  * you also meet, for each linked independent module, the terms and conditions of
16  * the license of that module.  An independent module is a module which is not
17  * derived from this software.  The special exception does not apply to any
18  * modifications of the software.
19  * 
20  *      Notwithstanding the above, under no circumstances may you combine this
21  * software in any way with any other Broadcom software provided under a license
22  * other than the GPL, without Broadcom's express prior written consent.
23  *
24  * $Id: dhd_sdio.c,v 1.274.2.40 2011-02-09 22:42:44 Exp $
25  */
26
27 #include <typedefs.h>
28 #include <osl.h>
29 #include <bcmsdh.h>
30
31 #ifdef BCMEMBEDIMAGE
32 #include BCMEMBEDIMAGE
33 #endif /* BCMEMBEDIMAGE */
34
35 #include <bcmdefs.h>
36 #include <bcmutils.h>
37 #include <bcmendian.h>
38 #include <bcmdevs.h>
39
40 #include <siutils.h>
41 #include <hndpmu.h>
42 #include <hndsoc.h>
43 #include <bcmsdpcm.h>
44 #if defined(DHD_DEBUG)
45 #include <hndrte_armtrap.h>
46 #include <hndrte_cons.h>
47 #endif /* defined(DHD_DEBUG) */
48 #include <sbchipc.h>
49 #include <sbhnddma.h>
50
51 #include <sdio.h>
52 #include <sbsdio.h>
53 #include <sbsdpcmdev.h>
54 #include <bcmsdpcm.h>
55 #include <bcmsdbus.h>
56
57 #include <proto/ethernet.h>
58 #include <proto/802.1d.h>
59 #include <proto/802.11.h>
60
61 #include <dngl_stats.h>
62 #include <dhd.h>
63 #include <dhd_bus.h>
64 #include <dhd_proto.h>
65 #include <dhd_dbg.h>
66 #include <dhdioctl.h>
67 #include <sdiovar.h>
68
69 #ifndef DHDSDIO_MEM_DUMP_FNAME
70 #define DHDSDIO_MEM_DUMP_FNAME         "mem_dump"
71 #endif
72
73 #define QLEN            256     /* bulk rx and tx queue lengths */
74 #define FCHI            (QLEN - 10)
75 #define FCLOW           (FCHI / 2)
76 #define PRIOMASK        7
77
78 #define TXRETRIES       2       /* # of retries for tx frames */
79
80 #if defined(CONFIG_MACH_SANDGATE2G)
81 #define DHD_RXBOUND     250     /* Default for max rx frames in one scheduling */
82 #else
83 #define DHD_RXBOUND     50      /* Default for max rx frames in one scheduling */
84 #endif /* defined(CONFIG_MACH_SANDGATE2G) */
85
86 #define DHD_TXBOUND     20      /* Default for max tx frames in one scheduling */
87
88 #define DHD_TXMINMAX    1       /* Max tx frames if rx still pending */
89
90 #define MEMBLOCK        2048            /* Block size used for downloading of dongle image */
91 #define MAX_NVRAMBUF_SIZE       4096    /* max nvram buf size */
92 #define MAX_DATA_BUF    (32 * 1024)     /* Must be large enough to hold biggest possible glom */
93
94 /* Packet alignment for most efficient SDIO (can change based on platform) */
95 #ifndef DHD_SDALIGN
96 #define DHD_SDALIGN     32
97 #endif
98 #if !ISPOWEROF2(DHD_SDALIGN)
99 #error DHD_SDALIGN is not a power of 2!
100 #endif
101
102 #ifndef DHD_FIRSTREAD
103 #define DHD_FIRSTREAD   32
104 #endif
105 #if !ISPOWEROF2(DHD_FIRSTREAD)
106 #error DHD_FIRSTREAD is not a power of 2!
107 #endif
108
109 /* Total length of frame header for dongle protocol */
110 #define SDPCM_HDRLEN    (SDPCM_FRAMETAG_LEN + SDPCM_SWHEADER_LEN)
111 #ifdef SDTEST
112 #define SDPCM_RESERVE   (SDPCM_HDRLEN + SDPCM_TEST_HDRLEN + DHD_SDALIGN)
113 #else
114 #define SDPCM_RESERVE   (SDPCM_HDRLEN + DHD_SDALIGN)
115 #endif
116
117 /* Space for header read, limit for data packets */
118 #ifndef MAX_HDR_READ
119 #define MAX_HDR_READ    32
120 #endif
121 #if !ISPOWEROF2(MAX_HDR_READ)
122 #error MAX_HDR_READ is not a power of 2!
123 #endif
124
125 #define MAX_RX_DATASZ   2048
126
127 /* Maximum milliseconds to wait for F2 to come up */
128 #define DHD_WAIT_F2RDY  3000
129
130 /* Bump up limit on waiting for HT to account for first startup;
131  * if the image is doing a CRC calculation before programming the PMU
132  * for HT availability, it could take a couple hundred ms more, so
133  * max out at a 1 second (1000000us).
134  */
135 #if (PMU_MAX_TRANSITION_DLY <= 1000000)
136 #undef PMU_MAX_TRANSITION_DLY
137 #define PMU_MAX_TRANSITION_DLY 1000000
138 #endif
139
140 /* Value for ChipClockCSR during initial setup */
141 #define DHD_INIT_CLKCTL1        (SBSDIO_FORCE_HW_CLKREQ_OFF | SBSDIO_ALP_AVAIL_REQ)
142 #define DHD_INIT_CLKCTL2        (SBSDIO_FORCE_HW_CLKREQ_OFF | SBSDIO_FORCE_ALP)
143
144 /* Flags for SDH calls */
145 #define F2SYNC  (SDIO_REQ_4BYTE | SDIO_REQ_FIXED)
146
147 /* Packet free applicable unconditionally for sdio and sdspi.  Conditional if
148  * bufpool was present for gspi bus.
149  */
150 #define PKTFREE2()              if ((bus->bus != SPI_BUS) || bus->usebufpool) \
151                                         PKTFREE(bus->dhd->osh, pkt, FALSE);
152 DHD_SPINWAIT_SLEEP_INIT(sdioh_spinwait_sleep);
153 #if defined(OOB_INTR_ONLY)
154 extern void bcmsdh_set_irq(int flag);
155 #endif /* defined(OOB_INTR_ONLY) */
156 #ifdef PROP_TXSTATUS
157 extern void dhd_wlfc_txcomplete(dhd_pub_t *dhd, void *txp, bool success);
158 #endif
159
160 #ifdef DHD_DEBUG
161 /* Device console log buffer state */
162 typedef struct dhd_console {
163         uint            count;                  /* Poll interval msec counter */
164         uint            log_addr;               /* Log struct address (fixed) */
165         hndrte_log_t    log;                    /* Log struct (host copy) */
166         uint            bufsize;                /* Size of log buffer */
167         uint8           *buf;                   /* Log buffer (host copy) */
168         uint            last;                   /* Last buffer read index */
169 } dhd_console_t;
170 #endif /* DHD_DEBUG */
171
172 /* Private data for SDIO bus interaction */
173 typedef struct dhd_bus {
174         dhd_pub_t       *dhd;
175
176         bcmsdh_info_t   *sdh;                   /* Handle for BCMSDH calls */
177         si_t            *sih;                   /* Handle for SI calls */
178         char            *vars;                  /* Variables (from CIS and/or other) */
179         uint            varsz;                  /* Size of variables buffer */
180         uint32          sbaddr;                 /* Current SB window pointer (-1, invalid) */
181
182         sdpcmd_regs_t   *regs;                  /* Registers for SDIO core */
183         uint            sdpcmrev;               /* SDIO core revision */
184         uint            armrev;                 /* CPU core revision */
185         uint            ramrev;                 /* SOCRAM core revision */
186         uint32          ramsize;                /* Size of RAM in SOCRAM (bytes) */
187         uint32          orig_ramsize;           /* Size of RAM in SOCRAM (bytes) */
188
189         uint32          bus;                    /* gSPI or SDIO bus */
190         uint32          hostintmask;            /* Copy of Host Interrupt Mask */
191         uint32          intstatus;              /* Intstatus bits (events) pending */
192         bool            dpc_sched;              /* Indicates DPC schedule (intrpt rcvd) */
193         bool            fcstate;                /* State of dongle flow-control */
194
195         uint16          cl_devid;               /* cached devid for dhdsdio_probe_attach() */
196         char            *fw_path; /* module_param: path to firmware image */
197         char            *nv_path; /* module_param: path to nvram vars file */
198         const char      *nvram_params;          /* user specified nvram params. */
199
200         uint            blocksize;              /* Block size of SDIO transfers */
201         uint            roundup;                /* Max roundup limit */
202
203         struct pktq     txq;                    /* Queue length used for flow-control */
204         uint8           flowcontrol;            /* per prio flow control bitmask */
205         uint8           tx_seq;                 /* Transmit sequence number (next) */
206         uint8           tx_max;                 /* Maximum transmit sequence allowed */
207
208         uint8           hdrbuf[MAX_HDR_READ + DHD_SDALIGN];
209         uint8           *rxhdr;                 /* Header of current rx frame (in hdrbuf) */
210         uint16          nextlen;                /* Next Read Len from last header */
211         uint8           rx_seq;                 /* Receive sequence number (expected) */
212         bool            rxskip;                 /* Skip receive (awaiting NAK ACK) */
213
214         void            *glomd;                 /* Packet containing glomming descriptor */
215         void            *glom;                  /* Packet chain for glommed superframe */
216         uint            glomerr;                /* Glom packet read errors */
217
218         uint8           *rxbuf;                 /* Buffer for receiving control packets */
219         uint            rxblen;                 /* Allocated length of rxbuf */
220         uint8           *rxctl;                 /* Aligned pointer into rxbuf */
221         uint8           *databuf;               /* Buffer for receiving big glom packet */
222         uint8           *dataptr;               /* Aligned pointer into databuf */
223         uint            rxlen;                  /* Length of valid data in buffer */
224
225         uint8           sdpcm_ver;              /* Bus protocol reported by dongle */
226
227         bool            intr;                   /* Use interrupts */
228         bool            poll;                   /* Use polling */
229         bool            ipend;                  /* Device interrupt is pending */
230         bool            intdis;                 /* Interrupts disabled by isr */
231         uint            intrcount;              /* Count of device interrupt callbacks */
232         uint            lastintrs;              /* Count as of last watchdog timer */
233         uint            spurious;               /* Count of spurious interrupts */
234         uint            pollrate;               /* Ticks between device polls */
235         uint            polltick;               /* Tick counter */
236         uint            pollcnt;                /* Count of active polls */
237
238 #ifdef DHD_DEBUG
239         dhd_console_t   console;                /* Console output polling support */
240         uint            console_addr;           /* Console address from shared struct */
241 #endif /* DHD_DEBUG */
242
243         uint            regfails;               /* Count of R_REG/W_REG failures */
244
245         uint            clkstate;               /* State of sd and backplane clock(s) */
246         bool            activity;               /* Activity flag for clock down */
247         int32           idletime;               /* Control for activity timeout */
248         int32           idlecount;              /* Activity timeout counter */
249         int32           idleclock;              /* How to set bus driver when idle */
250         int32           sd_divisor;             /* Speed control to bus driver */
251         int32           sd_mode;                /* Mode control to bus driver */
252         int32           sd_rxchain;             /* If bcmsdh api accepts PKT chains */
253         bool            use_rxchain;            /* If dhd should use PKT chains */
254         bool            sleeping;               /* Is SDIO bus sleeping? */
255         bool            rxflow_mode;    /* Rx flow control mode */
256         bool            rxflow;                 /* Is rx flow control on */
257         uint            prev_rxlim_hit;         /* Is prev rx limit exceeded (per dpc schedule) */
258         bool            alp_only;               /* Don't use HT clock (ALP only) */
259         /* Field to decide if rx of control frames happen in rxbuf or lb-pool */
260         bool            usebufpool;
261
262 #ifdef SDTEST
263         /* external loopback */
264         bool            ext_loop;
265         uint8           loopid;
266
267         /* pktgen configuration */
268         uint            pktgen_freq;            /* Ticks between bursts */
269         uint            pktgen_count;           /* Packets to send each burst */
270         uint            pktgen_print;           /* Bursts between count displays */
271         uint            pktgen_total;           /* Stop after this many */
272         uint            pktgen_minlen;          /* Minimum packet data len */
273         uint            pktgen_maxlen;          /* Maximum packet data len */
274         uint            pktgen_mode;            /* Configured mode: tx, rx, or echo */
275         uint            pktgen_stop;            /* Number of tx failures causing stop */
276
277         /* active pktgen fields */
278         uint            pktgen_tick;            /* Tick counter for bursts */
279         uint            pktgen_ptick;           /* Burst counter for printing */
280         uint            pktgen_sent;            /* Number of test packets generated */
281         uint            pktgen_rcvd;            /* Number of test packets received */
282         uint            pktgen_fail;            /* Number of failed send attempts */
283         uint16          pktgen_len;             /* Length of next packet to send */
284 #define PKTGEN_RCV_IDLE     (0)
285 #define PKTGEN_RCV_ONGOING  (1)
286         uint16          pktgen_rcv_state;               /* receive state */
287         uint            pktgen_rcvd_rcvsession; /* test pkts rcvd per rcv session. */
288 #endif /* SDTEST */
289
290         /* Some additional counters */
291         uint            tx_sderrs;              /* Count of tx attempts with sd errors */
292         uint            fcqueued;               /* Tx packets that got queued */
293         uint            rxrtx;                  /* Count of rtx requests (NAK to dongle) */
294         uint            rx_toolong;             /* Receive frames too long to receive */
295         uint            rxc_errors;             /* SDIO errors when reading control frames */
296         uint            rx_hdrfail;             /* SDIO errors on header reads */
297         uint            rx_badhdr;              /* Bad received headers (roosync?) */
298         uint            rx_badseq;              /* Mismatched rx sequence number */
299         uint            fc_rcvd;                /* Number of flow-control events received */
300         uint            fc_xoff;                /* Number which turned on flow-control */
301         uint            fc_xon;                 /* Number which turned off flow-control */
302         uint            rxglomfail;             /* Failed deglom attempts */
303         uint            rxglomframes;           /* Number of glom frames (superframes) */
304         uint            rxglompkts;             /* Number of packets from glom frames */
305         uint            f2rxhdrs;               /* Number of header reads */
306         uint            f2rxdata;               /* Number of frame data reads */
307         uint            f2txdata;               /* Number of f2 frame writes */
308         uint            f1regdata;              /* Number of f1 register accesses */
309
310         uint8           *ctrl_frame_buf;
311         uint32          ctrl_frame_len;
312         bool            ctrl_frame_stat;
313         uint32          rxint_mode;     /* rx interrupt mode */
314 } dhd_bus_t;
315
316 /* clkstate */
317 #define CLK_NONE        0
318 #define CLK_SDONLY      1
319 #define CLK_PENDING     2       /* Not used yet */
320 #define CLK_AVAIL       3
321
322 #define DHD_NOPMU(dhd)  (FALSE)
323
324 #ifdef DHD_DEBUG
325 static int qcount[NUMPRIO];
326 static int tx_packets[NUMPRIO];
327 #endif /* DHD_DEBUG */
328
329 /* Deferred transmit */
330 const uint dhd_deferred_tx = 1;
331
332 extern uint dhd_watchdog_ms;
333 extern void dhd_os_wd_timer(void *bus, uint wdtick);
334
335 /* Tx/Rx bounds */
336 uint dhd_txbound;
337 uint dhd_rxbound;
338 uint dhd_txminmax = DHD_TXMINMAX;
339
340 /* override the RAM size if possible */
341 #define DONGLE_MIN_MEMSIZE (128 *1024)
342 int dhd_dongle_memsize;
343
344 static bool dhd_doflow;
345 static bool dhd_alignctl;
346
347 static bool sd1idle;
348
349 static bool retrydata;
350 #define RETRYCHAN(chan) (((chan) == SDPCM_EVENT_CHANNEL) || retrydata)
351
352 static const uint watermark = 8;
353 static const uint firstread = DHD_FIRSTREAD;
354
355 #define HDATLEN (firstread - (SDPCM_HDRLEN))
356
357 /* Retry count for register access failures */
358 static const uint retry_limit = 2;
359
360 /* Force even SD lengths (some host controllers mess up on odd bytes) */
361 static bool forcealign;
362
363 /* Flag to indicate if we should download firmware on driver load */
364 uint dhd_download_fw_on_driverload = FALSE;
365
366 #define ALIGNMENT  4
367
368 #if defined(OOB_INTR_ONLY) && defined(HW_OOB)
369 extern void bcmsdh_enable_hw_oob_intr(void *sdh, bool enable);
370 #endif
371
372 #if defined(OOB_INTR_ONLY) && defined(SDIO_ISR_THREAD)
373 #error OOB_INTR_ONLY is NOT working with SDIO_ISR_THREAD
374 #endif /* defined(OOB_INTR_ONLY) && defined(SDIO_ISR_THREAD) */
375 #define PKTALIGN(osh, p, len, align)                                    \
376         do {                                                            \
377                 uint datalign;                                          \
378                 datalign = (uintptr)PKTDATA((osh), (p));                \
379                 datalign = ROUNDUP(datalign, (align)) - datalign;       \
380                 ASSERT(datalign < (align));                             \
381                 ASSERT(PKTLEN((osh), (p)) >= ((len) + datalign));       \
382                 if (datalign)                                           \
383                         PKTPULL((osh), (p), datalign);                  \
384                 PKTSETLEN((osh), (p), (len));                           \
385         } while (0)
386
387 /* Limit on rounding up frames */
388 static const uint max_roundup = 512;
389
390 /* Try doing readahead */
391 static bool dhd_readahead;
392
393
394 /* To check if there's window offered */
395 #define DATAOK(bus) \
396         (((uint8)(bus->tx_max - bus->tx_seq) > 1) && \
397         (((uint8)(bus->tx_max - bus->tx_seq) & 0x80) == 0))
398
399 /* To check if there's window offered for ctrl frame */
400 #define TXCTLOK(bus) \
401         (((uint8)(bus->tx_max - bus->tx_seq) != 0) && \
402         (((uint8)(bus->tx_max - bus->tx_seq) & 0x80) == 0))
403
404 /* Macros to get register read/write status */
405 /* NOTE: these assume a local dhdsdio_bus_t *bus! */
406 #define R_SDREG(regvar, regaddr, retryvar) \
407 do { \
408         retryvar = 0; \
409         do { \
410                 regvar = R_REG(bus->dhd->osh, regaddr); \
411         } while (bcmsdh_regfail(bus->sdh) && (++retryvar <= retry_limit)); \
412         if (retryvar) { \
413                 bus->regfails += (retryvar-1); \
414                 if (retryvar > retry_limit) { \
415                         DHD_ERROR(("%s: FAILED" #regvar "READ, LINE %d\n", \
416                                    __FUNCTION__, __LINE__)); \
417                         regvar = 0; \
418                 } \
419         } \
420 } while (0)
421
422 #define W_SDREG(regval, regaddr, retryvar) \
423 do { \
424         retryvar = 0; \
425         do { \
426                 W_REG(bus->dhd->osh, regaddr, regval); \
427         } while (bcmsdh_regfail(bus->sdh) && (++retryvar <= retry_limit)); \
428         if (retryvar) { \
429                 bus->regfails += (retryvar-1); \
430                 if (retryvar > retry_limit) \
431                         DHD_ERROR(("%s: FAILED REGISTER WRITE, LINE %d\n", \
432                                    __FUNCTION__, __LINE__)); \
433         } \
434 } while (0)
435
436
437 /*
438  * pktavail interrupts from dongle to host can be managed in 3 different ways
439  * whenever there is a packet available in dongle to transmit to host.
440  *
441  * Mode 0:      Dongle writes the software host mailbox and host is interrupted.
442  * Mode 1:      (sdiod core rev >= 4)
443  *              Device sets a new bit in the intstatus whenever there is a packet
444  *              available in fifo.  Host can't clear this specific status bit until all the 
445  *              packets are read from the FIFO.  No need to ack dongle intstatus.
446  * Mode 2:      (sdiod core rev >= 4)
447  *              Device sets a bit in the intstatus, and host acks this by writing
448  *              one to this bit.  Dongle won't generate anymore packet interrupts
449  *              until host reads all the packets from the dongle and reads a zero to
450  *              figure that there are no more packets.  No need to disable host ints.
451  *              Need to ack the intstatus.
452  */
453
454 #define SDIO_DEVICE_HMB_RXINT           0       /* default old way */
455 #define SDIO_DEVICE_RXDATAINT_MODE_0    1       /* from sdiod rev 4 */
456 #define SDIO_DEVICE_RXDATAINT_MODE_1    2       /* from sdiod rev 4 */
457
458
459 #define FRAME_AVAIL_MASK(bus)   \
460         ((bus->rxint_mode == SDIO_DEVICE_HMB_RXINT) ? I_HMB_FRAME_IND : I_XMTDATA_AVAIL)
461
462 #define DHD_BUS                 SDIO_BUS
463
464 #define PKT_AVAILABLE(bus, intstatus)   ((intstatus) & (FRAME_AVAIL_MASK(bus)))
465
466 #define HOSTINTMASK             (I_HMB_SW_MASK | I_CHIPACTIVE)
467
468 #define GSPI_PR55150_BAILOUT
469
470
471 #ifdef SDTEST
472 static void dhdsdio_testrcv(dhd_bus_t *bus, void *pkt, uint seq);
473 static void dhdsdio_sdtest_set(dhd_bus_t *bus, uint8 count);
474 #endif
475
476 #ifdef DHD_DEBUG
477 static int dhdsdio_checkdied(dhd_bus_t *bus, uint8 *data, uint size);
478 static int dhdsdio_mem_dump(dhd_bus_t *bus);
479 static int dhd_serialconsole(dhd_bus_t *bus, bool get, bool enable, int *bcmerror);
480 #endif /* DHD_DEBUG */
481 static int dhdsdio_download_state(dhd_bus_t *bus, bool enter);
482
483 static void dhdsdio_release(dhd_bus_t *bus, osl_t *osh);
484 static void dhdsdio_release_malloc(dhd_bus_t *bus, osl_t *osh);
485 static void dhdsdio_disconnect(void *ptr);
486 static bool dhdsdio_chipmatch(uint16 chipid);
487 static bool dhdsdio_probe_attach(dhd_bus_t *bus, osl_t *osh, void *sdh,
488                                  void * regsva, uint16  devid);
489 static bool dhdsdio_probe_malloc(dhd_bus_t *bus, osl_t *osh, void *sdh);
490 static bool dhdsdio_probe_init(dhd_bus_t *bus, osl_t *osh, void *sdh);
491 static void dhdsdio_release_dongle(dhd_bus_t *bus, osl_t *osh, bool dongle_isolation,
492         bool reset_flag);
493
494 static void dhd_dongle_setmemsize(struct dhd_bus *bus, int mem_size);
495 static int dhd_bcmsdh_recv_buf(dhd_bus_t *bus, uint32 addr, uint fn, uint flags,
496         uint8 *buf, uint nbytes,
497         void *pkt, bcmsdh_cmplt_fn_t complete, void *handle);
498 static int dhd_bcmsdh_send_buf(dhd_bus_t *bus, uint32 addr, uint fn, uint flags,
499         uint8 *buf, uint nbytes,
500         void *pkt, bcmsdh_cmplt_fn_t complete, void *handle);
501
502 static bool dhdsdio_download_firmware(dhd_bus_t *bus, osl_t *osh, void *sdh);
503 static int _dhdsdio_download_firmware(dhd_bus_t *bus);
504
505 static int dhdsdio_download_code_file(dhd_bus_t *bus, char *image_path);
506 static int dhdsdio_download_nvram(dhd_bus_t *bus);
507 #ifdef BCMEMBEDIMAGE
508 static int dhdsdio_download_code_array(dhd_bus_t *bus);
509 #endif
510
511 #ifdef WLMEDIA_HTSF
512 #include <htsf.h>
513 extern uint32 dhd_get_htsf(void *dhd, int ifidx);
514 #endif /* WLMEDIA_HTSF */
515
516 static void
517 dhd_dongle_setmemsize(struct dhd_bus *bus, int mem_size)
518 {
519         int32 min_size =  DONGLE_MIN_MEMSIZE;
520         /* Restrict the memsize to user specified limit */
521         DHD_ERROR(("user: Restrict the dongle ram size to %d, min accepted %d\n",
522                 dhd_dongle_memsize, min_size));
523         if ((dhd_dongle_memsize > min_size) &&
524                 (dhd_dongle_memsize < (int32)bus->orig_ramsize))
525                 bus->ramsize = dhd_dongle_memsize;
526 }
527
528 static int
529 dhdsdio_set_siaddr_window(dhd_bus_t *bus, uint32 address)
530 {
531         int err = 0;
532         bcmsdh_cfg_write(bus->sdh, SDIO_FUNC_1, SBSDIO_FUNC1_SBADDRLOW,
533                          (address >> 8) & SBSDIO_SBADDRLOW_MASK, &err);
534         if (!err)
535                 bcmsdh_cfg_write(bus->sdh, SDIO_FUNC_1, SBSDIO_FUNC1_SBADDRMID,
536                                  (address >> 16) & SBSDIO_SBADDRMID_MASK, &err);
537         if (!err)
538                 bcmsdh_cfg_write(bus->sdh, SDIO_FUNC_1, SBSDIO_FUNC1_SBADDRHIGH,
539                                  (address >> 24) & SBSDIO_SBADDRHIGH_MASK, &err);
540         return err;
541 }
542
543
544 /* Turn backplane clock on or off */
545 static int
546 dhdsdio_htclk(dhd_bus_t *bus, bool on, bool pendok)
547 {
548         int err;
549         uint8 clkctl, clkreq, devctl;
550         bcmsdh_info_t *sdh;
551
552         DHD_TRACE(("%s: Enter\n", __FUNCTION__));
553
554 #if defined(OOB_INTR_ONLY)
555         pendok = FALSE;
556 #endif
557         clkctl = 0;
558         sdh = bus->sdh;
559
560
561         if (on) {
562                 /* Request HT Avail */
563                 clkreq = bus->alp_only ? SBSDIO_ALP_AVAIL_REQ : SBSDIO_HT_AVAIL_REQ;
564
565
566
567
568                 bcmsdh_cfg_write(sdh, SDIO_FUNC_1, SBSDIO_FUNC1_CHIPCLKCSR, clkreq, &err);
569                 if (err) {
570                         DHD_ERROR(("%s: HT Avail request error: %d\n", __FUNCTION__, err));
571                         return BCME_ERROR;
572                 }
573
574                 if (pendok &&
575                     ((bus->sih->buscoretype == PCMCIA_CORE_ID) && (bus->sih->buscorerev == 9))) {
576                         uint32 dummy, retries;
577                         R_SDREG(dummy, &bus->regs->clockctlstatus, retries);
578                 }
579
580                 /* Check current status */
581                 clkctl = bcmsdh_cfg_read(sdh, SDIO_FUNC_1, SBSDIO_FUNC1_CHIPCLKCSR, &err);
582                 if (err) {
583                         DHD_ERROR(("%s: HT Avail read error: %d\n", __FUNCTION__, err));
584                         return BCME_ERROR;
585                 }
586
587                 /* Go to pending and await interrupt if appropriate */
588                 if (!SBSDIO_CLKAV(clkctl, bus->alp_only) && pendok) {
589                         /* Allow only clock-available interrupt */
590                         devctl = bcmsdh_cfg_read(sdh, SDIO_FUNC_1, SBSDIO_DEVICE_CTL, &err);
591                         if (err) {
592                                 DHD_ERROR(("%s: Devctl access error setting CA: %d\n",
593                                            __FUNCTION__, err));
594                                 return BCME_ERROR;
595                         }
596
597                         devctl |= SBSDIO_DEVCTL_CA_INT_ONLY;
598                         bcmsdh_cfg_write(sdh, SDIO_FUNC_1, SBSDIO_DEVICE_CTL, devctl, &err);
599                         DHD_INFO(("CLKCTL: set PENDING\n"));
600                         bus->clkstate = CLK_PENDING;
601                         return BCME_OK;
602                 } else if (bus->clkstate == CLK_PENDING) {
603                         /* Cancel CA-only interrupt filter */
604                         devctl = bcmsdh_cfg_read(sdh, SDIO_FUNC_1, SBSDIO_DEVICE_CTL, &err);
605                         devctl &= ~SBSDIO_DEVCTL_CA_INT_ONLY;
606                         bcmsdh_cfg_write(sdh, SDIO_FUNC_1, SBSDIO_DEVICE_CTL, devctl, &err);
607                 }
608
609                 /* Otherwise, wait here (polling) for HT Avail */
610                 if (!SBSDIO_CLKAV(clkctl, bus->alp_only)) {
611                         SPINWAIT_SLEEP(sdioh_spinwait_sleep,
612                                 ((clkctl = bcmsdh_cfg_read(sdh, SDIO_FUNC_1,
613                                                             SBSDIO_FUNC1_CHIPCLKCSR, &err)),
614                                   !SBSDIO_CLKAV(clkctl, bus->alp_only)), PMU_MAX_TRANSITION_DLY);
615                 }
616                 if (err) {
617                         DHD_ERROR(("%s: HT Avail request error: %d\n", __FUNCTION__, err));
618                         return BCME_ERROR;
619                 }
620                 if (!SBSDIO_CLKAV(clkctl, bus->alp_only)) {
621                         DHD_ERROR(("%s: HT Avail timeout (%d): clkctl 0x%02x\n",
622                                    __FUNCTION__, PMU_MAX_TRANSITION_DLY, clkctl));
623                         return BCME_ERROR;
624                 }
625
626
627                 /* Mark clock available */
628                 bus->clkstate = CLK_AVAIL;
629                 DHD_INFO(("CLKCTL: turned ON\n"));
630
631 #if defined(DHD_DEBUG)
632                 if (bus->alp_only == TRUE) {
633 #if !defined(BCMLXSDMMC)
634                         if (!SBSDIO_ALPONLY(clkctl)) {
635                                 DHD_ERROR(("%s: HT Clock, when ALP Only\n", __FUNCTION__));
636                         }
637 #endif /* !defined(BCMLXSDMMC) */
638                 } else {
639                         if (SBSDIO_ALPONLY(clkctl)) {
640                                 DHD_ERROR(("%s: HT Clock should be on.\n", __FUNCTION__));
641                         }
642                 }
643 #endif /* defined (DHD_DEBUG) */
644
645                 bus->activity = TRUE;
646         } else {
647                 clkreq = 0;
648
649                 if (bus->clkstate == CLK_PENDING) {
650                         /* Cancel CA-only interrupt filter */
651                         devctl = bcmsdh_cfg_read(sdh, SDIO_FUNC_1, SBSDIO_DEVICE_CTL, &err);
652                         devctl &= ~SBSDIO_DEVCTL_CA_INT_ONLY;
653                         bcmsdh_cfg_write(sdh, SDIO_FUNC_1, SBSDIO_DEVICE_CTL, devctl, &err);
654                 }
655
656                 bus->clkstate = CLK_SDONLY;
657                 bcmsdh_cfg_write(sdh, SDIO_FUNC_1, SBSDIO_FUNC1_CHIPCLKCSR, clkreq, &err);
658                 DHD_INFO(("CLKCTL: turned OFF\n"));
659                 if (err) {
660                         DHD_ERROR(("%s: Failed access turning clock off: %d\n",
661                                    __FUNCTION__, err));
662                         return BCME_ERROR;
663                 }
664         }
665         return BCME_OK;
666 }
667
668 /* Change idle/active SD state */
669 static int
670 dhdsdio_sdclk(dhd_bus_t *bus, bool on)
671 {
672         int err;
673         int32 iovalue;
674
675         DHD_TRACE(("%s: Enter\n", __FUNCTION__));
676
677         if (on) {
678                 if (bus->idleclock == DHD_IDLE_STOP) {
679                         /* Turn on clock and restore mode */
680                         iovalue = 1;
681                         err = bcmsdh_iovar_op(bus->sdh, "sd_clock", NULL, 0,
682                                               &iovalue, sizeof(iovalue), TRUE);
683                         if (err) {
684                                 DHD_ERROR(("%s: error enabling sd_clock: %d\n",
685                                            __FUNCTION__, err));
686                                 return BCME_ERROR;
687                         }
688
689                         iovalue = bus->sd_mode;
690                         err = bcmsdh_iovar_op(bus->sdh, "sd_mode", NULL, 0,
691                                               &iovalue, sizeof(iovalue), TRUE);
692                         if (err) {
693                                 DHD_ERROR(("%s: error changing sd_mode: %d\n",
694                                            __FUNCTION__, err));
695                                 return BCME_ERROR;
696                         }
697                 } else if (bus->idleclock != DHD_IDLE_ACTIVE) {
698                         /* Restore clock speed */
699                         iovalue = bus->sd_divisor;
700                         err = bcmsdh_iovar_op(bus->sdh, "sd_divisor", NULL, 0,
701                                               &iovalue, sizeof(iovalue), TRUE);
702                         if (err) {
703                                 DHD_ERROR(("%s: error restoring sd_divisor: %d\n",
704                                            __FUNCTION__, err));
705                                 return BCME_ERROR;
706                         }
707                 }
708                 bus->clkstate = CLK_SDONLY;
709         } else {
710                 /* Stop or slow the SD clock itself */
711                 if ((bus->sd_divisor == -1) || (bus->sd_mode == -1)) {
712                         DHD_TRACE(("%s: can't idle clock, divisor %d mode %d\n",
713                                    __FUNCTION__, bus->sd_divisor, bus->sd_mode));
714                         return BCME_ERROR;
715                 }
716                 if (bus->idleclock == DHD_IDLE_STOP) {
717                         if (sd1idle) {
718                                 /* Change to SD1 mode and turn off clock */
719                                 iovalue = 1;
720                                 err = bcmsdh_iovar_op(bus->sdh, "sd_mode", NULL, 0,
721                                                       &iovalue, sizeof(iovalue), TRUE);
722                                 if (err) {
723                                         DHD_ERROR(("%s: error changing sd_clock: %d\n",
724                                                    __FUNCTION__, err));
725                                         return BCME_ERROR;
726                                 }
727                         }
728
729                         iovalue = 0;
730                         err = bcmsdh_iovar_op(bus->sdh, "sd_clock", NULL, 0,
731                                               &iovalue, sizeof(iovalue), TRUE);
732                         if (err) {
733                                 DHD_ERROR(("%s: error disabling sd_clock: %d\n",
734                                            __FUNCTION__, err));
735                                 return BCME_ERROR;
736                         }
737                 } else if (bus->idleclock != DHD_IDLE_ACTIVE) {
738                         /* Set divisor to idle value */
739                         iovalue = bus->idleclock;
740                         err = bcmsdh_iovar_op(bus->sdh, "sd_divisor", NULL, 0,
741                                               &iovalue, sizeof(iovalue), TRUE);
742                         if (err) {
743                                 DHD_ERROR(("%s: error changing sd_divisor: %d\n",
744                                            __FUNCTION__, err));
745                                 return BCME_ERROR;
746                         }
747                 }
748                 bus->clkstate = CLK_NONE;
749         }
750
751         return BCME_OK;
752 }
753
754 /* Transition SD and backplane clock readiness */
755 static int
756 dhdsdio_clkctl(dhd_bus_t *bus, uint target, bool pendok)
757 {
758         int ret = BCME_OK;
759 #ifdef DHD_DEBUG
760         uint oldstate = bus->clkstate;
761 #endif /* DHD_DEBUG */
762
763         DHD_TRACE(("%s: Enter\n", __FUNCTION__));
764
765         /* Early exit if we're already there */
766         if (bus->clkstate == target) {
767                 if (target == CLK_AVAIL) {
768                         dhd_os_wd_timer(bus->dhd, dhd_watchdog_ms);
769                         bus->activity = TRUE;
770                 }
771                 return ret;
772         }
773
774         switch (target) {
775         case CLK_AVAIL:
776                 /* Make sure SD clock is available */
777                 if (bus->clkstate == CLK_NONE)
778                         dhdsdio_sdclk(bus, TRUE);
779                 /* Now request HT Avail on the backplane */
780                 ret = dhdsdio_htclk(bus, TRUE, pendok);
781                 if (ret == BCME_OK) {
782                         dhd_os_wd_timer(bus->dhd, dhd_watchdog_ms);
783                         bus->activity = TRUE;
784                 }
785                 break;
786
787         case CLK_SDONLY:
788                 /* Remove HT request, or bring up SD clock */
789                 if (bus->clkstate == CLK_NONE)
790                         ret = dhdsdio_sdclk(bus, TRUE);
791                 else if (bus->clkstate == CLK_AVAIL)
792                         ret = dhdsdio_htclk(bus, FALSE, FALSE);
793                 else
794                         DHD_ERROR(("dhdsdio_clkctl: request for %d -> %d\n",
795                                    bus->clkstate, target));
796                 if (ret == BCME_OK) {
797                         dhd_os_wd_timer(bus->dhd, dhd_watchdog_ms);
798                 }
799                 break;
800
801         case CLK_NONE:
802                 /* Make sure to remove HT request */
803                 if (bus->clkstate == CLK_AVAIL)
804                         ret = dhdsdio_htclk(bus, FALSE, FALSE);
805                 /* Now remove the SD clock */
806                 ret = dhdsdio_sdclk(bus, FALSE);
807 #ifdef DHD_DEBUG
808                 if (dhd_console_ms == 0)
809 #endif /* DHD_DEBUG */
810                 dhd_os_wd_timer(bus->dhd, 0);
811                 break;
812         }
813 #ifdef DHD_DEBUG
814         DHD_INFO(("dhdsdio_clkctl: %d -> %d\n", oldstate, bus->clkstate));
815 #endif /* DHD_DEBUG */
816
817         return ret;
818 }
819
820 static int
821 dhdsdio_bussleep(dhd_bus_t *bus, bool sleep)
822 {
823         bcmsdh_info_t *sdh = bus->sdh;
824         sdpcmd_regs_t *regs = bus->regs;
825         uint retries = 0;
826
827         DHD_INFO(("dhdsdio_bussleep: request %s (currently %s)\n",
828                   (sleep ? "SLEEP" : "WAKE"),
829                   (bus->sleeping ? "SLEEP" : "WAKE")));
830
831         /* Done if we're already in the requested state */
832         if (sleep == bus->sleeping)
833                 return BCME_OK;
834
835         /* Going to sleep: set the alarm and turn off the lights... */
836         if (sleep) {
837                 /* Don't sleep if something is pending */
838                 if (bus->dpc_sched || bus->rxskip || pktq_len(&bus->txq))
839                         return BCME_BUSY;
840
841
842                 /* Disable SDIO interrupts (no longer interested) */
843                 bcmsdh_intr_disable(bus->sdh);
844
845                 /* Make sure the controller has the bus up */
846                 dhdsdio_clkctl(bus, CLK_AVAIL, FALSE);
847
848                 /* Tell device to start using OOB wakeup */
849                 W_SDREG(SMB_USE_OOB, &regs->tosbmailbox, retries);
850                 if (retries > retry_limit)
851                         DHD_ERROR(("CANNOT SIGNAL CHIP, WILL NOT WAKE UP!!\n"));
852
853                 /* Turn off our contribution to the HT clock request */
854                 dhdsdio_clkctl(bus, CLK_SDONLY, FALSE);
855
856                 bcmsdh_cfg_write(sdh, SDIO_FUNC_1, SBSDIO_FUNC1_CHIPCLKCSR,
857                                  SBSDIO_FORCE_HW_CLKREQ_OFF, NULL);
858
859                 /* Isolate the bus */
860                 bcmsdh_cfg_write(sdh, SDIO_FUNC_1, SBSDIO_DEVICE_CTL,
861                                  SBSDIO_DEVCTL_PADS_ISO, NULL);
862
863                 /* Change state */
864                 bus->sleeping = TRUE;
865
866         } else {
867                 /* Waking up: bus power up is ok, set local state */
868
869                 bcmsdh_cfg_write(sdh, SDIO_FUNC_1, SBSDIO_FUNC1_CHIPCLKCSR,
870                                  0, NULL);
871
872                 /* Force pad isolation off if possible (in case power never toggled) */
873                 bcmsdh_cfg_write(sdh, SDIO_FUNC_1, SBSDIO_DEVICE_CTL, 0, NULL);
874
875
876                 /* Make sure the controller has the bus up */
877                 dhdsdio_clkctl(bus, CLK_AVAIL, FALSE);
878
879                 /* Send misc interrupt to indicate OOB not needed */
880                 W_SDREG(0, &regs->tosbmailboxdata, retries);
881                 if (retries <= retry_limit)
882                         W_SDREG(SMB_DEV_INT, &regs->tosbmailbox, retries);
883
884                 if (retries > retry_limit)
885                         DHD_ERROR(("CANNOT SIGNAL CHIP TO CLEAR OOB!!\n"));
886
887                 /* Make sure we have SD bus access */
888                 dhdsdio_clkctl(bus, CLK_SDONLY, FALSE);
889
890                 /* Change state */
891                 bus->sleeping = FALSE;
892
893                 /* Enable interrupts again */
894                 if (bus->intr && (bus->dhd->busstate == DHD_BUS_DATA)) {
895                         bus->intdis = FALSE;
896                         bcmsdh_intr_enable(bus->sdh);
897                 }
898         }
899
900         return BCME_OK;
901 }
902
903 #if defined(OOB_INTR_ONLY)
904 void
905 dhd_enable_oob_intr(struct dhd_bus *bus, bool enable)
906 {
907 #if defined(HW_OOB)
908         bcmsdh_enable_hw_oob_intr(bus->sdh, enable);
909 #else
910         sdpcmd_regs_t *regs = bus->regs;
911         uint retries = 0;
912
913         dhdsdio_clkctl(bus, CLK_AVAIL, FALSE);
914         if (enable == TRUE) {
915
916                 /* Tell device to start using OOB wakeup */
917                 W_SDREG(SMB_USE_OOB, &regs->tosbmailbox, retries);
918                 if (retries > retry_limit)
919                         DHD_ERROR(("CANNOT SIGNAL CHIP, WILL NOT WAKE UP!!\n"));
920
921         } else {
922                 /* Send misc interrupt to indicate OOB not needed */
923                 W_SDREG(0, &regs->tosbmailboxdata, retries);
924                 if (retries <= retry_limit)
925                         W_SDREG(SMB_DEV_INT, &regs->tosbmailbox, retries);
926         }
927
928         /* Turn off our contribution to the HT clock request */
929         dhdsdio_clkctl(bus, CLK_SDONLY, FALSE);
930 #endif /* !defined(HW_OOB) */
931 }
932 #endif /* defined(OOB_INTR_ONLY) */
933
934 #define BUS_WAKE(bus) \
935         do { \
936                 if ((bus)->sleeping) \
937                         dhdsdio_bussleep((bus), FALSE); \
938         } while (0);
939
940
941 /* Writes a HW/SW header into the packet and sends it. */
942 /* Assumes: (a) header space already there, (b) caller holds lock */
943 static int
944 dhdsdio_txpkt(dhd_bus_t *bus, void *pkt, uint chan, bool free_pkt)
945 {
946         int ret;
947         osl_t *osh;
948         uint8 *frame;
949         uint16 len, pad1 = 0;
950         uint32 swheader;
951         uint retries = 0;
952         bcmsdh_info_t *sdh;
953         void *new;
954         int i;
955 #ifdef WLMEDIA_HTSF
956         char *p;
957         htsfts_t *htsf_ts;
958 #endif
959
960
961         DHD_TRACE(("%s: Enter\n", __FUNCTION__));
962
963         sdh = bus->sdh;
964         osh = bus->dhd->osh;
965
966         if (bus->dhd->dongle_reset) {
967                 ret = BCME_NOTREADY;
968                 goto done;
969         }
970
971         frame = (uint8*)PKTDATA(osh, pkt);
972
973 #ifdef WLMEDIA_HTSF
974         if (PKTLEN(osh, pkt) >= 100) {
975                 p = PKTDATA(osh, pkt);
976                 htsf_ts = (htsfts_t*) (p + HTSF_HOSTOFFSET + 12);
977                 if (htsf_ts->magic == HTSFMAGIC) {
978                         htsf_ts->c20 = get_cycles();
979                         htsf_ts->t20 = dhd_get_htsf(bus->dhd->info, 0);
980                 }
981         }
982 #endif /* WLMEDIA_HTSF */
983
984         /* Add alignment padding, allocate new packet if needed */
985         if ((pad1 = ((uintptr)frame % DHD_SDALIGN))) {
986                 if (PKTHEADROOM(osh, pkt) < pad1) {
987                         DHD_INFO(("%s: insufficient headroom %d for %d pad1\n",
988                                   __FUNCTION__, (int)PKTHEADROOM(osh, pkt), pad1));
989                         bus->dhd->tx_realloc++;
990                         new = PKTGET(osh, (PKTLEN(osh, pkt) + DHD_SDALIGN), TRUE);
991                         if (!new) {
992                                 DHD_ERROR(("%s: couldn't allocate new %d-byte packet\n",
993                                            __FUNCTION__, PKTLEN(osh, pkt) + DHD_SDALIGN));
994                                 ret = BCME_NOMEM;
995                                 goto done;
996                         }
997
998                         PKTALIGN(osh, new, PKTLEN(osh, pkt), DHD_SDALIGN);
999                         bcopy(PKTDATA(osh, pkt), PKTDATA(osh, new), PKTLEN(osh, pkt));
1000                         if (free_pkt)
1001                                 PKTFREE(osh, pkt, TRUE);
1002                         /* free the pkt if canned one is not used */
1003                         free_pkt = TRUE;
1004                         pkt = new;
1005                         frame = (uint8*)PKTDATA(osh, pkt);
1006                         ASSERT(((uintptr)frame % DHD_SDALIGN) == 0);
1007                         pad1 = 0;
1008                 } else {
1009                         PKTPUSH(osh, pkt, pad1);
1010                         frame = (uint8*)PKTDATA(osh, pkt);
1011
1012                         ASSERT((pad1 + SDPCM_HDRLEN) <= (int) PKTLEN(osh, pkt));
1013                         bzero(frame, pad1 + SDPCM_HDRLEN);
1014                 }
1015         }
1016         ASSERT(pad1 < DHD_SDALIGN);
1017
1018         /* Hardware tag: 2 byte len followed by 2 byte ~len check (all LE) */
1019         len = (uint16)PKTLEN(osh, pkt);
1020         *(uint16*)frame = htol16(len);
1021         *(((uint16*)frame) + 1) = htol16(~len);
1022
1023         /* Software tag: channel, sequence number, data offset */
1024         swheader = ((chan << SDPCM_CHANNEL_SHIFT) & SDPCM_CHANNEL_MASK) | bus->tx_seq |
1025                 (((pad1 + SDPCM_HDRLEN) << SDPCM_DOFFSET_SHIFT) & SDPCM_DOFFSET_MASK);
1026         htol32_ua_store(swheader, frame + SDPCM_FRAMETAG_LEN);
1027         htol32_ua_store(0, frame + SDPCM_FRAMETAG_LEN + sizeof(swheader));
1028
1029 #ifdef DHD_DEBUG
1030         if (PKTPRIO(pkt) < ARRAYSIZE(tx_packets)) {
1031                 tx_packets[PKTPRIO(pkt)]++;
1032         }
1033         if (DHD_BYTES_ON() &&
1034             (((DHD_CTL_ON() && (chan == SDPCM_CONTROL_CHANNEL)) ||
1035               (DHD_DATA_ON() && (chan != SDPCM_CONTROL_CHANNEL))))) {
1036                 prhex("Tx Frame", frame, len);
1037         } else if (DHD_HDRS_ON()) {
1038                 prhex("TxHdr", frame, MIN(len, 16));
1039         }
1040 #endif
1041
1042         /* Raise len to next SDIO block to eliminate tail command */
1043         if (bus->roundup && bus->blocksize && (len > bus->blocksize)) {
1044                 uint16 pad2 = bus->blocksize - (len % bus->blocksize);
1045                 if ((pad2 <= bus->roundup) && (pad2 < bus->blocksize))
1046 #ifdef NOTUSED
1047                         if (pad2 <= PKTTAILROOM(osh, pkt))
1048 #endif /* NOTUSED */
1049                                 len += pad2;
1050         } else if (len % DHD_SDALIGN) {
1051                 len += DHD_SDALIGN - (len % DHD_SDALIGN);
1052         }
1053
1054         /* Some controllers have trouble with odd bytes -- round to even */
1055         if (forcealign && (len & (ALIGNMENT - 1))) {
1056 #ifdef NOTUSED
1057                 if (PKTTAILROOM(osh, pkt))
1058 #endif
1059                         len = ROUNDUP(len, ALIGNMENT);
1060 #ifdef NOTUSED
1061                 else
1062                         DHD_ERROR(("%s: sending unrounded %d-byte packet\n", __FUNCTION__, len));
1063 #endif
1064         }
1065
1066         do {
1067                 ret = dhd_bcmsdh_send_buf(bus, bcmsdh_cur_sbwad(sdh), SDIO_FUNC_2, F2SYNC,
1068                                           frame, len, pkt, NULL, NULL);
1069                 bus->f2txdata++;
1070                 ASSERT(ret != BCME_PENDING);
1071
1072                 if (ret < 0) {
1073                         /* On failure, abort the command and terminate the frame */
1074                         DHD_INFO(("%s: sdio error %d, abort command and terminate frame.\n",
1075                                   __FUNCTION__, ret));
1076                         bus->tx_sderrs++;
1077
1078                         bcmsdh_abort(sdh, SDIO_FUNC_2);
1079                         bcmsdh_cfg_write(sdh, SDIO_FUNC_1, SBSDIO_FUNC1_FRAMECTRL,
1080                                          SFC_WF_TERM, NULL);
1081                         bus->f1regdata++;
1082
1083                         for (i = 0; i < 3; i++) {
1084                                 uint8 hi, lo;
1085                                 hi = bcmsdh_cfg_read(sdh, SDIO_FUNC_1,
1086                                                      SBSDIO_FUNC1_WFRAMEBCHI, NULL);
1087                                 lo = bcmsdh_cfg_read(sdh, SDIO_FUNC_1,
1088                                                      SBSDIO_FUNC1_WFRAMEBCLO, NULL);
1089                                 bus->f1regdata += 2;
1090                                 if ((hi == 0) && (lo == 0))
1091                                         break;
1092                         }
1093
1094                 }
1095                 if (ret == 0) {
1096                         bus->tx_seq = (bus->tx_seq + 1) % SDPCM_SEQUENCE_WRAP;
1097                 }
1098         } while ((ret < 0) && retrydata && retries++ < TXRETRIES);
1099
1100 done:
1101         /* restore pkt buffer pointer before calling tx complete routine */
1102         PKTPULL(osh, pkt, SDPCM_HDRLEN + pad1);
1103 #ifdef PROP_TXSTATUS
1104         if (bus->dhd->wlfc_state) {
1105                 dhd_os_sdunlock(bus->dhd);
1106                 dhd_wlfc_txcomplete(bus->dhd, pkt, ret == 0);
1107                 dhd_os_sdlock(bus->dhd);
1108         } else {
1109 #endif /* PROP_TXSTATUS */
1110         dhd_txcomplete(bus->dhd, pkt, ret != 0);
1111         if (free_pkt)
1112                 PKTFREE(osh, pkt, TRUE);
1113
1114 #ifdef PROP_TXSTATUS
1115         }
1116 #endif
1117         return ret;
1118 }
1119
1120 int
1121 dhd_bus_txdata(struct dhd_bus *bus, void *pkt)
1122 {
1123         int ret = BCME_ERROR;
1124         osl_t *osh;
1125         uint datalen, prec;
1126
1127         DHD_TRACE(("%s: Enter\n", __FUNCTION__));
1128
1129         osh = bus->dhd->osh;
1130         datalen = PKTLEN(osh, pkt);
1131
1132 #ifdef SDTEST
1133         /* Push the test header if doing loopback */
1134         if (bus->ext_loop) {
1135                 uint8* data;
1136                 PKTPUSH(osh, pkt, SDPCM_TEST_HDRLEN);
1137                 data = PKTDATA(osh, pkt);
1138                 *data++ = SDPCM_TEST_ECHOREQ;
1139                 *data++ = (uint8)bus->loopid++;
1140                 *data++ = (datalen >> 0);
1141                 *data++ = (datalen >> 8);
1142                 datalen += SDPCM_TEST_HDRLEN;
1143         }
1144 #endif /* SDTEST */
1145
1146         /* Add space for the header */
1147         PKTPUSH(osh, pkt, SDPCM_HDRLEN);
1148         ASSERT(ISALIGNED((uintptr)PKTDATA(osh, pkt), 2));
1149
1150         prec = PRIO2PREC((PKTPRIO(pkt) & PRIOMASK));
1151 #ifndef DHDTHREAD
1152         /* Lock: we're about to use shared data/code (and SDIO) */
1153         dhd_os_sdlock(bus->dhd);
1154 #endif /* DHDTHREAD */
1155
1156         /* Check for existing queue, current flow-control, pending event, or pending clock */
1157         if (dhd_deferred_tx || bus->fcstate || pktq_len(&bus->txq) || bus->dpc_sched ||
1158             (!DATAOK(bus)) || (bus->flowcontrol & NBITVAL(prec)) ||
1159             (bus->clkstate != CLK_AVAIL)) {
1160                 DHD_TRACE(("%s: deferring pktq len %d\n", __FUNCTION__,
1161                         pktq_len(&bus->txq)));
1162                 bus->fcqueued++;
1163
1164                 /* Priority based enq */
1165                 dhd_os_sdlock_txq(bus->dhd);
1166                 if (dhd_prec_enq(bus->dhd, &bus->txq, pkt, prec) == FALSE) {
1167                         PKTPULL(osh, pkt, SDPCM_HDRLEN);
1168 #ifndef DHDTHREAD
1169                         /* Need to also release txqlock before releasing sdlock.
1170                          * This thread still has txqlock and releases sdlock.
1171                          * Deadlock happens when dpc() grabs sdlock first then
1172                          * attempts to grab txqlock.
1173                          */
1174                         dhd_os_sdunlock_txq(bus->dhd);
1175                         dhd_os_sdunlock(bus->dhd);
1176 #endif
1177 #ifdef PROP_TXSTATUS
1178                         if (bus->dhd->wlfc_state)
1179                                 dhd_wlfc_txcomplete(bus->dhd, pkt, FALSE);
1180                         else
1181 #endif
1182                         dhd_txcomplete(bus->dhd, pkt, FALSE);
1183 #ifndef DHDTHREAD
1184                         dhd_os_sdlock(bus->dhd);
1185                         dhd_os_sdlock_txq(bus->dhd);
1186 #endif
1187 #ifdef PROP_TXSTATUS
1188                         /* let the caller decide whether to free the packet */
1189                 if (!bus->dhd->wlfc_state)
1190 #endif
1191                         PKTFREE(osh, pkt, TRUE);
1192                         ret = BCME_NORESOURCE;
1193                 }
1194                 else
1195                         ret = BCME_OK;
1196                 dhd_os_sdunlock_txq(bus->dhd);
1197
1198                 if ((pktq_len(&bus->txq) >= FCHI) && dhd_doflow)
1199                         dhd_txflowcontrol(bus->dhd, ALL_INTERFACES, ON);
1200
1201 #ifdef DHD_DEBUG
1202                 if (pktq_plen(&bus->txq, prec) > qcount[prec])
1203                         qcount[prec] = pktq_plen(&bus->txq, prec);
1204 #endif
1205                 /* Schedule DPC if needed to send queued packet(s) */
1206                 if (dhd_deferred_tx && !bus->dpc_sched) {
1207                         bus->dpc_sched = TRUE;
1208                         dhd_sched_dpc(bus->dhd);
1209                 }
1210         } else {
1211 #ifdef DHDTHREAD
1212                 /* Lock: we're about to use shared data/code (and SDIO) */
1213                 dhd_os_sdlock(bus->dhd);
1214 #endif /* DHDTHREAD */
1215
1216                 /* Otherwise, send it now */
1217                 BUS_WAKE(bus);
1218                 /* Make sure back plane ht clk is on, no pending allowed */
1219                 dhdsdio_clkctl(bus, CLK_AVAIL, TRUE);
1220 #ifndef SDTEST
1221                 ret = dhdsdio_txpkt(bus, pkt, SDPCM_DATA_CHANNEL, TRUE);
1222 #else
1223                 ret = dhdsdio_txpkt(bus, pkt,
1224                         (bus->ext_loop ? SDPCM_TEST_CHANNEL : SDPCM_DATA_CHANNEL), TRUE);
1225 #endif
1226                 if (ret)
1227                         bus->dhd->tx_errors++;
1228                 else
1229                         bus->dhd->dstats.tx_bytes += datalen;
1230
1231                 if ((bus->idletime == DHD_IDLE_IMMEDIATE) && !bus->dpc_sched) {
1232                         bus->activity = FALSE;
1233                         dhdsdio_clkctl(bus, CLK_NONE, TRUE);
1234                 }
1235
1236 #ifdef DHDTHREAD
1237                 dhd_os_sdunlock(bus->dhd);
1238 #endif /* DHDTHREAD */
1239         }
1240
1241 #ifndef DHDTHREAD
1242         dhd_os_sdunlock(bus->dhd);
1243 #endif /* DHDTHREAD */
1244
1245         return ret;
1246 }
1247
1248 static uint
1249 dhdsdio_sendfromq(dhd_bus_t *bus, uint maxframes)
1250 {
1251         void *pkt;
1252         uint32 intstatus = 0;
1253         uint retries = 0;
1254         int ret = 0, prec_out;
1255         uint cnt = 0;
1256         uint datalen;
1257         uint8 tx_prec_map;
1258
1259         dhd_pub_t *dhd = bus->dhd;
1260         sdpcmd_regs_t *regs = bus->regs;
1261
1262         DHD_TRACE(("%s: Enter\n", __FUNCTION__));
1263
1264         tx_prec_map = ~bus->flowcontrol;
1265
1266         /* Send frames until the limit or some other event */
1267         for (cnt = 0; (cnt < maxframes) && DATAOK(bus); cnt++) {
1268                 dhd_os_sdlock_txq(bus->dhd);
1269                 if ((pkt = pktq_mdeq(&bus->txq, tx_prec_map, &prec_out)) == NULL) {
1270                         dhd_os_sdunlock_txq(bus->dhd);
1271                         break;
1272                 }
1273                 dhd_os_sdunlock_txq(bus->dhd);
1274                 datalen = PKTLEN(bus->dhd->osh, pkt) - SDPCM_HDRLEN;
1275
1276 #ifndef SDTEST
1277                 ret = dhdsdio_txpkt(bus, pkt, SDPCM_DATA_CHANNEL, TRUE);
1278 #else
1279                 ret = dhdsdio_txpkt(bus, pkt,
1280                         (bus->ext_loop ? SDPCM_TEST_CHANNEL : SDPCM_DATA_CHANNEL), TRUE);
1281 #endif
1282                 if (ret)
1283                         bus->dhd->tx_errors++;
1284                 else
1285                         bus->dhd->dstats.tx_bytes += datalen;
1286
1287                 /* In poll mode, need to check for other events */
1288                 if (!bus->intr && cnt)
1289                 {
1290                         /* Check device status, signal pending interrupt */
1291                         R_SDREG(intstatus, &regs->intstatus, retries);
1292                         bus->f2txdata++;
1293                         if (bcmsdh_regfail(bus->sdh))
1294                                 break;
1295                         if (intstatus & bus->hostintmask)
1296                                 bus->ipend = TRUE;
1297                 }
1298         }
1299
1300         /* Deflow-control stack if needed */
1301         if (dhd_doflow && dhd->up && (dhd->busstate == DHD_BUS_DATA) &&
1302             dhd->txoff && (pktq_len(&bus->txq) < FCLOW))
1303                 dhd_txflowcontrol(dhd, ALL_INTERFACES, OFF);
1304
1305         return cnt;
1306 }
1307
1308 int
1309 dhd_bus_txctl(struct dhd_bus *bus, uchar *msg, uint msglen)
1310 {
1311         uint8 *frame;
1312         uint16 len;
1313         uint32 swheader;
1314         uint retries = 0;
1315         bcmsdh_info_t *sdh = bus->sdh;
1316         uint8 doff = 0;
1317         int ret = -1;
1318         int i;
1319
1320         DHD_TRACE(("%s: Enter\n", __FUNCTION__));
1321
1322         if (bus->dhd->dongle_reset)
1323                 return -EIO;
1324
1325         /* Back the pointer to make a room for bus header */
1326         frame = msg - SDPCM_HDRLEN;
1327         len = (msglen += SDPCM_HDRLEN);
1328
1329         /* Add alignment padding (optional for ctl frames) */
1330         if (dhd_alignctl) {
1331                 if ((doff = ((uintptr)frame % DHD_SDALIGN))) {
1332                         frame -= doff;
1333                         len += doff;
1334                         msglen += doff;
1335                         bzero(frame, doff + SDPCM_HDRLEN);
1336                 }
1337                 ASSERT(doff < DHD_SDALIGN);
1338         }
1339         doff += SDPCM_HDRLEN;
1340
1341         /* Round send length to next SDIO block */
1342         if (bus->roundup && bus->blocksize && (len > bus->blocksize)) {
1343                 uint16 pad = bus->blocksize - (len % bus->blocksize);
1344                 if ((pad <= bus->roundup) && (pad < bus->blocksize))
1345                         len += pad;
1346         } else if (len % DHD_SDALIGN) {
1347                 len += DHD_SDALIGN - (len % DHD_SDALIGN);
1348         }
1349
1350         /* Satisfy length-alignment requirements */
1351         if (forcealign && (len & (ALIGNMENT - 1)))
1352                 len = ROUNDUP(len, ALIGNMENT);
1353
1354         ASSERT(ISALIGNED((uintptr)frame, 2));
1355
1356
1357         /* Need to lock here to protect txseq and SDIO tx calls */
1358         dhd_os_sdlock(bus->dhd);
1359
1360         BUS_WAKE(bus);
1361
1362         /* Make sure backplane clock is on */
1363         dhdsdio_clkctl(bus, CLK_AVAIL, FALSE);
1364
1365         /* Hardware tag: 2 byte len followed by 2 byte ~len check (all LE) */
1366         *(uint16*)frame = htol16((uint16)msglen);
1367         *(((uint16*)frame) + 1) = htol16(~msglen);
1368
1369         /* Software tag: channel, sequence number, data offset */
1370         swheader = ((SDPCM_CONTROL_CHANNEL << SDPCM_CHANNEL_SHIFT) & SDPCM_CHANNEL_MASK)
1371                 | bus->tx_seq | ((doff << SDPCM_DOFFSET_SHIFT) & SDPCM_DOFFSET_MASK);
1372         htol32_ua_store(swheader, frame + SDPCM_FRAMETAG_LEN);
1373         htol32_ua_store(0, frame + SDPCM_FRAMETAG_LEN + sizeof(swheader));
1374
1375         if (!TXCTLOK(bus)) {
1376                 DHD_INFO(("%s: No bus credit bus->tx_max %d, bus->tx_seq %d\n",
1377                         __FUNCTION__, bus->tx_max, bus->tx_seq));
1378                 bus->ctrl_frame_stat = TRUE;
1379                 /* Send from dpc */
1380                 bus->ctrl_frame_buf = frame;
1381                 bus->ctrl_frame_len = len;
1382
1383                 dhd_wait_for_event(bus->dhd, &bus->ctrl_frame_stat);
1384
1385                 if (bus->ctrl_frame_stat == FALSE) {
1386                         DHD_INFO(("%s: ctrl_frame_stat == FALSE\n", __FUNCTION__));
1387                         ret = 0;
1388                 } else {
1389                         DHD_ERROR(("%s: ctrl_frame_stat == TRUE\n", __FUNCTION__));
1390                         ret = -1;
1391                         bus->ctrl_frame_stat = FALSE;
1392                         goto done;
1393                 }
1394         }
1395
1396         if (ret == -1) {
1397 #ifdef DHD_DEBUG
1398                 if (DHD_BYTES_ON() && DHD_CTL_ON()) {
1399                         prhex("Tx Frame", frame, len);
1400                 } else if (DHD_HDRS_ON()) {
1401                         prhex("TxHdr", frame, MIN(len, 16));
1402                 }
1403 #endif
1404
1405                 do {
1406                         ret = dhd_bcmsdh_send_buf(bus, bcmsdh_cur_sbwad(sdh), SDIO_FUNC_2, F2SYNC,
1407                                                   frame, len, NULL, NULL, NULL);
1408                         ASSERT(ret != BCME_PENDING);
1409
1410                         if (ret < 0) {
1411                         /* On failure, abort the command and terminate the frame */
1412                                 DHD_INFO(("%s: sdio error %d, abort command and terminate frame.\n",
1413                                           __FUNCTION__, ret));
1414                                 bus->tx_sderrs++;
1415
1416                                 bcmsdh_abort(sdh, SDIO_FUNC_2);
1417
1418                                 bcmsdh_cfg_write(sdh, SDIO_FUNC_1, SBSDIO_FUNC1_FRAMECTRL,
1419                                                  SFC_WF_TERM, NULL);
1420                                 bus->f1regdata++;
1421
1422                                 for (i = 0; i < 3; i++) {
1423                                         uint8 hi, lo;
1424                                         hi = bcmsdh_cfg_read(sdh, SDIO_FUNC_1,
1425                                                              SBSDIO_FUNC1_WFRAMEBCHI, NULL);
1426                                         lo = bcmsdh_cfg_read(sdh, SDIO_FUNC_1,
1427                                                              SBSDIO_FUNC1_WFRAMEBCLO, NULL);
1428                                         bus->f1regdata += 2;
1429                                         if ((hi == 0) && (lo == 0))
1430                                                 break;
1431                                 }
1432
1433                         }
1434                         if (ret == 0) {
1435                                 bus->tx_seq = (bus->tx_seq + 1) % SDPCM_SEQUENCE_WRAP;
1436                         }
1437                 } while ((ret < 0) && retries++ < TXRETRIES);
1438         }
1439
1440 done:
1441         if ((bus->idletime == DHD_IDLE_IMMEDIATE) && !bus->dpc_sched) {
1442                 bus->activity = FALSE;
1443                 dhdsdio_clkctl(bus, CLK_NONE, TRUE);
1444         }
1445
1446         dhd_os_sdunlock(bus->dhd);
1447
1448         if (ret)
1449                 bus->dhd->tx_ctlerrs++;
1450         else
1451                 bus->dhd->tx_ctlpkts++;
1452
1453         return ret ? -EIO : 0;
1454 }
1455
1456 int
1457 dhd_bus_rxctl(struct dhd_bus *bus, uchar *msg, uint msglen)
1458 {
1459         int timeleft;
1460         uint rxlen = 0;
1461         bool pending;
1462
1463         DHD_TRACE(("%s: Enter\n", __FUNCTION__));
1464
1465         if (bus->dhd->dongle_reset)
1466                 return -EIO;
1467
1468         /* Wait until control frame is available */
1469         timeleft = dhd_os_ioctl_resp_wait(bus->dhd, &bus->rxlen, &pending);
1470
1471         dhd_os_sdlock(bus->dhd);
1472         rxlen = bus->rxlen;
1473         bcopy(bus->rxctl, msg, MIN(msglen, rxlen));
1474         bus->rxlen = 0;
1475         dhd_os_sdunlock(bus->dhd);
1476
1477         if (rxlen) {
1478                 DHD_CTL(("%s: resumed on rxctl frame, got %d expected %d\n",
1479                          __FUNCTION__, rxlen, msglen));
1480         } else if (timeleft == 0) {
1481                 DHD_ERROR(("%s: resumed on timeout\n", __FUNCTION__));
1482 #ifdef DHD_DEBUG
1483                 dhd_os_sdlock(bus->dhd);
1484                 dhdsdio_checkdied(bus, NULL, 0);
1485                 dhd_os_sdunlock(bus->dhd);
1486 #endif /* DHD_DEBUG */
1487         } else if (pending == TRUE) {
1488                 DHD_CTL(("%s: canceled\n", __FUNCTION__));
1489                 return -ERESTARTSYS;
1490         } else {
1491                 DHD_CTL(("%s: resumed for unknown reason?\n", __FUNCTION__));
1492 #ifdef DHD_DEBUG
1493                 dhd_os_sdlock(bus->dhd);
1494                 dhdsdio_checkdied(bus, NULL, 0);
1495                 dhd_os_sdunlock(bus->dhd);
1496 #endif /* DHD_DEBUG */
1497         }
1498
1499         if (rxlen)
1500                 bus->dhd->rx_ctlpkts++;
1501         else
1502                 bus->dhd->rx_ctlerrs++;
1503
1504         return rxlen ? (int)rxlen : -ETIMEDOUT;
1505 }
1506
1507 /* IOVar table */
1508 enum {
1509         IOV_INTR = 1,
1510         IOV_POLLRATE,
1511         IOV_SDREG,
1512         IOV_SBREG,
1513         IOV_SDCIS,
1514         IOV_MEMBYTES,
1515         IOV_MEMSIZE,
1516 #ifdef DHD_DEBUG
1517         IOV_CHECKDIED,
1518         IOV_SERIALCONS,
1519 #endif
1520         IOV_DOWNLOAD,
1521         IOV_SOCRAM_STATE,
1522         IOV_FORCEEVEN,
1523         IOV_SDIOD_DRIVE,
1524         IOV_READAHEAD,
1525         IOV_SDRXCHAIN,
1526         IOV_ALIGNCTL,
1527         IOV_SDALIGN,
1528         IOV_DEVRESET,
1529         IOV_CPU,
1530 #ifdef SDTEST
1531         IOV_PKTGEN,
1532         IOV_EXTLOOP,
1533 #endif /* SDTEST */
1534         IOV_SPROM,
1535         IOV_TXBOUND,
1536         IOV_RXBOUND,
1537         IOV_TXMINMAX,
1538         IOV_IDLETIME,
1539         IOV_IDLECLOCK,
1540         IOV_SD1IDLE,
1541         IOV_SLEEP,
1542         IOV_DONGLEISOLATION,
1543         IOV_VARS
1544 #ifdef SOFTAP
1545     , IOV_FWPATH
1546 #endif
1547 };
1548
1549 const bcm_iovar_t dhdsdio_iovars[] = {
1550         {"intr",        IOV_INTR,       0,      IOVT_BOOL,      0 },
1551         {"sleep",       IOV_SLEEP,      0,      IOVT_BOOL,      0 },
1552         {"pollrate",    IOV_POLLRATE,   0,      IOVT_UINT32,    0 },
1553         {"idletime",    IOV_IDLETIME,   0,      IOVT_INT32,     0 },
1554         {"idleclock",   IOV_IDLECLOCK,  0,      IOVT_INT32,     0 },
1555         {"sd1idle",     IOV_SD1IDLE,    0,      IOVT_BOOL,      0 },
1556         {"membytes",    IOV_MEMBYTES,   0,      IOVT_BUFFER,    2 * sizeof(int) },
1557         {"memsize",     IOV_MEMSIZE,    0,      IOVT_UINT32,    0 },
1558         {"download",    IOV_DOWNLOAD,   0,      IOVT_BOOL,      0 },
1559         {"socram_state",        IOV_SOCRAM_STATE,       0,      IOVT_BOOL,      0 },
1560         {"vars",        IOV_VARS,       0,      IOVT_BUFFER,    0 },
1561         {"sdiod_drive", IOV_SDIOD_DRIVE, 0,     IOVT_UINT32,    0 },
1562         {"readahead",   IOV_READAHEAD,  0,      IOVT_BOOL,      0 },
1563         {"sdrxchain",   IOV_SDRXCHAIN,  0,      IOVT_BOOL,      0 },
1564         {"alignctl",    IOV_ALIGNCTL,   0,      IOVT_BOOL,      0 },
1565         {"sdalign",     IOV_SDALIGN,    0,      IOVT_BOOL,      0 },
1566         {"devreset",    IOV_DEVRESET,   0,      IOVT_BOOL,      0 },
1567 #ifdef DHD_DEBUG
1568         {"sdreg",       IOV_SDREG,      0,      IOVT_BUFFER,    sizeof(sdreg_t) },
1569         {"sbreg",       IOV_SBREG,      0,      IOVT_BUFFER,    sizeof(sdreg_t) },
1570         {"sd_cis",      IOV_SDCIS,      0,      IOVT_BUFFER,    DHD_IOCTL_MAXLEN },
1571         {"forcealign",  IOV_FORCEEVEN,  0,      IOVT_BOOL,      0 },
1572         {"txbound",     IOV_TXBOUND,    0,      IOVT_UINT32,    0 },
1573         {"rxbound",     IOV_RXBOUND,    0,      IOVT_UINT32,    0 },
1574         {"txminmax",    IOV_TXMINMAX,   0,      IOVT_UINT32,    0 },
1575         {"cpu",         IOV_CPU,        0,      IOVT_BOOL,      0 },
1576 #ifdef DHD_DEBUG
1577         {"checkdied",   IOV_CHECKDIED,  0,      IOVT_BUFFER,    0 },
1578 #endif /* DHD_DEBUG  */
1579 #endif /* DHD_DEBUG */
1580 #ifdef SDTEST
1581         {"extloop",     IOV_EXTLOOP,    0,      IOVT_BOOL,      0 },
1582         {"pktgen",      IOV_PKTGEN,     0,      IOVT_BUFFER,    sizeof(dhd_pktgen_t) },
1583 #endif /* SDTEST */
1584         {"dngl_isolation", IOV_DONGLEISOLATION, 0,      IOVT_UINT32,    0 },
1585 #ifdef SOFTAP
1586         {"fwpath", IOV_FWPATH, 0, IOVT_BUFFER, 0 },
1587 #endif
1588         {NULL, 0, 0, 0, 0 }
1589 };
1590
1591 static void
1592 dhd_dump_pct(struct bcmstrbuf *strbuf, char *desc, uint num, uint div)
1593 {
1594         uint q1, q2;
1595
1596         if (!div) {
1597                 bcm_bprintf(strbuf, "%s N/A", desc);
1598         } else {
1599                 q1 = num / div;
1600                 q2 = (100 * (num - (q1 * div))) / div;
1601                 bcm_bprintf(strbuf, "%s %d.%02d", desc, q1, q2);
1602         }
1603 }
1604
1605 void
1606 dhd_bus_dump(dhd_pub_t *dhdp, struct bcmstrbuf *strbuf)
1607 {
1608         dhd_bus_t *bus = dhdp->bus;
1609
1610         bcm_bprintf(strbuf, "Bus SDIO structure:\n");
1611         bcm_bprintf(strbuf, "hostintmask 0x%08x intstatus 0x%08x sdpcm_ver %d\n",
1612                     bus->hostintmask, bus->intstatus, bus->sdpcm_ver);
1613         bcm_bprintf(strbuf, "fcstate %d qlen %d tx_seq %d, max %d, rxskip %d rxlen %d rx_seq %d\n",
1614                     bus->fcstate, pktq_len(&bus->txq), bus->tx_seq, bus->tx_max, bus->rxskip,
1615                     bus->rxlen, bus->rx_seq);
1616         bcm_bprintf(strbuf, "intr %d intrcount %d lastintrs %d spurious %d\n",
1617                     bus->intr, bus->intrcount, bus->lastintrs, bus->spurious);
1618         bcm_bprintf(strbuf, "pollrate %d pollcnt %d regfails %d\n",
1619                     bus->pollrate, bus->pollcnt, bus->regfails);
1620
1621         bcm_bprintf(strbuf, "\nAdditional counters:\n");
1622         bcm_bprintf(strbuf, "tx_sderrs %d fcqueued %d rxrtx %d rx_toolong %d rxc_errors %d\n",
1623                     bus->tx_sderrs, bus->fcqueued, bus->rxrtx, bus->rx_toolong,
1624                     bus->rxc_errors);
1625         bcm_bprintf(strbuf, "rx_hdrfail %d badhdr %d badseq %d\n",
1626                     bus->rx_hdrfail, bus->rx_badhdr, bus->rx_badseq);
1627         bcm_bprintf(strbuf, "fc_rcvd %d, fc_xoff %d, fc_xon %d\n",
1628                     bus->fc_rcvd, bus->fc_xoff, bus->fc_xon);
1629         bcm_bprintf(strbuf, "rxglomfail %d, rxglomframes %d, rxglompkts %d\n",
1630                     bus->rxglomfail, bus->rxglomframes, bus->rxglompkts);
1631         bcm_bprintf(strbuf, "f2rx (hdrs/data) %d (%d/%d), f2tx %d f1regs %d\n",
1632                     (bus->f2rxhdrs + bus->f2rxdata), bus->f2rxhdrs, bus->f2rxdata,
1633                     bus->f2txdata, bus->f1regdata);
1634         {
1635                 dhd_dump_pct(strbuf, "\nRx: pkts/f2rd", bus->dhd->rx_packets,
1636                              (bus->f2rxhdrs + bus->f2rxdata));
1637                 dhd_dump_pct(strbuf, ", pkts/f1sd", bus->dhd->rx_packets, bus->f1regdata);
1638                 dhd_dump_pct(strbuf, ", pkts/sd", bus->dhd->rx_packets,
1639                              (bus->f2rxhdrs + bus->f2rxdata + bus->f1regdata));
1640                 dhd_dump_pct(strbuf, ", pkts/int", bus->dhd->rx_packets, bus->intrcount);
1641                 bcm_bprintf(strbuf, "\n");
1642
1643                 dhd_dump_pct(strbuf, "Rx: glom pct", (100 * bus->rxglompkts),
1644                              bus->dhd->rx_packets);
1645                 dhd_dump_pct(strbuf, ", pkts/glom", bus->rxglompkts, bus->rxglomframes);
1646                 bcm_bprintf(strbuf, "\n");
1647
1648                 dhd_dump_pct(strbuf, "Tx: pkts/f2wr", bus->dhd->tx_packets, bus->f2txdata);
1649                 dhd_dump_pct(strbuf, ", pkts/f1sd", bus->dhd->tx_packets, bus->f1regdata);
1650                 dhd_dump_pct(strbuf, ", pkts/sd", bus->dhd->tx_packets,
1651                              (bus->f2txdata + bus->f1regdata));
1652                 dhd_dump_pct(strbuf, ", pkts/int", bus->dhd->tx_packets, bus->intrcount);
1653                 bcm_bprintf(strbuf, "\n");
1654
1655                 dhd_dump_pct(strbuf, "Total: pkts/f2rw",
1656                              (bus->dhd->tx_packets + bus->dhd->rx_packets),
1657                              (bus->f2txdata + bus->f2rxhdrs + bus->f2rxdata));
1658                 dhd_dump_pct(strbuf, ", pkts/f1sd",
1659                              (bus->dhd->tx_packets + bus->dhd->rx_packets), bus->f1regdata);
1660                 dhd_dump_pct(strbuf, ", pkts/sd",
1661                              (bus->dhd->tx_packets + bus->dhd->rx_packets),
1662                              (bus->f2txdata + bus->f2rxhdrs + bus->f2rxdata + bus->f1regdata));
1663                 dhd_dump_pct(strbuf, ", pkts/int",
1664                              (bus->dhd->tx_packets + bus->dhd->rx_packets), bus->intrcount);
1665                 bcm_bprintf(strbuf, "\n\n");
1666         }
1667
1668 #ifdef SDTEST
1669         if (bus->pktgen_count) {
1670                 bcm_bprintf(strbuf, "pktgen config and count:\n");
1671                 bcm_bprintf(strbuf, "freq %d count %d print %d total %d min %d len %d\n",
1672                             bus->pktgen_freq, bus->pktgen_count, bus->pktgen_print,
1673                             bus->pktgen_total, bus->pktgen_minlen, bus->pktgen_maxlen);
1674                 bcm_bprintf(strbuf, "send attempts %d rcvd %d fail %d\n",
1675                             bus->pktgen_sent, bus->pktgen_rcvd, bus->pktgen_fail);
1676         }
1677 #endif /* SDTEST */
1678 #ifdef DHD_DEBUG
1679         bcm_bprintf(strbuf, "dpc_sched %d host interrupt%spending\n",
1680                     bus->dpc_sched, (bcmsdh_intr_pending(bus->sdh) ? " " : " not "));
1681         bcm_bprintf(strbuf, "blocksize %d roundup %d\n", bus->blocksize, bus->roundup);
1682 #endif /* DHD_DEBUG */
1683         bcm_bprintf(strbuf, "clkstate %d activity %d idletime %d idlecount %d sleeping %d\n",
1684                     bus->clkstate, bus->activity, bus->idletime, bus->idlecount, bus->sleeping);
1685 }
1686
1687 void
1688 dhd_bus_clearcounts(dhd_pub_t *dhdp)
1689 {
1690         dhd_bus_t *bus = (dhd_bus_t *)dhdp->bus;
1691
1692         bus->intrcount = bus->lastintrs = bus->spurious = bus->regfails = 0;
1693         bus->rxrtx = bus->rx_toolong = bus->rxc_errors = 0;
1694         bus->rx_hdrfail = bus->rx_badhdr = bus->rx_badseq = 0;
1695         bus->tx_sderrs = bus->fc_rcvd = bus->fc_xoff = bus->fc_xon = 0;
1696         bus->rxglomfail = bus->rxglomframes = bus->rxglompkts = 0;
1697         bus->f2rxhdrs = bus->f2rxdata = bus->f2txdata = bus->f1regdata = 0;
1698 }
1699
1700 #ifdef SDTEST
1701 static int
1702 dhdsdio_pktgen_get(dhd_bus_t *bus, uint8 *arg)
1703 {
1704         dhd_pktgen_t pktgen;
1705
1706         pktgen.version = DHD_PKTGEN_VERSION;
1707         pktgen.freq = bus->pktgen_freq;
1708         pktgen.count = bus->pktgen_count;
1709         pktgen.print = bus->pktgen_print;
1710         pktgen.total = bus->pktgen_total;
1711         pktgen.minlen = bus->pktgen_minlen;
1712         pktgen.maxlen = bus->pktgen_maxlen;
1713         pktgen.numsent = bus->pktgen_sent;
1714         pktgen.numrcvd = bus->pktgen_rcvd;
1715         pktgen.numfail = bus->pktgen_fail;
1716         pktgen.mode = bus->pktgen_mode;
1717         pktgen.stop = bus->pktgen_stop;
1718
1719         bcopy(&pktgen, arg, sizeof(pktgen));
1720
1721         return 0;
1722 }
1723
1724 static int
1725 dhdsdio_pktgen_set(dhd_bus_t *bus, uint8 *arg)
1726 {
1727         dhd_pktgen_t pktgen;
1728         uint oldcnt, oldmode;
1729
1730         bcopy(arg, &pktgen, sizeof(pktgen));
1731         if (pktgen.version != DHD_PKTGEN_VERSION)
1732                 return BCME_BADARG;
1733
1734         oldcnt = bus->pktgen_count;
1735         oldmode = bus->pktgen_mode;
1736
1737         bus->pktgen_freq = pktgen.freq;
1738         bus->pktgen_count = pktgen.count;
1739         bus->pktgen_print = pktgen.print;
1740         bus->pktgen_total = pktgen.total;
1741         bus->pktgen_minlen = pktgen.minlen;
1742         bus->pktgen_maxlen = pktgen.maxlen;
1743         bus->pktgen_mode = pktgen.mode;
1744         bus->pktgen_stop = pktgen.stop;
1745
1746         bus->pktgen_tick = bus->pktgen_ptick = 0;
1747         bus->pktgen_len = MAX(bus->pktgen_len, bus->pktgen_minlen);
1748         bus->pktgen_len = MIN(bus->pktgen_len, bus->pktgen_maxlen);
1749
1750         /* Clear counts for a new pktgen (mode change, or was stopped) */
1751         if (bus->pktgen_count && (!oldcnt || oldmode != bus->pktgen_mode))
1752                 bus->pktgen_sent = bus->pktgen_rcvd = bus->pktgen_fail = 0;
1753
1754         return 0;
1755 }
1756 #endif /* SDTEST */
1757
1758 static int
1759 dhdsdio_membytes(dhd_bus_t *bus, bool write, uint32 address, uint8 *data, uint size)
1760 {
1761         int bcmerror = 0;
1762         uint32 sdaddr;
1763         uint dsize;
1764
1765         /* Determine initial transfer parameters */
1766         sdaddr = address & SBSDIO_SB_OFT_ADDR_MASK;
1767         if ((sdaddr + size) & SBSDIO_SBWINDOW_MASK)
1768                 dsize = (SBSDIO_SB_OFT_ADDR_LIMIT - sdaddr);
1769         else
1770                 dsize = size;
1771
1772         /* Set the backplane window to include the start address */
1773         if ((bcmerror = dhdsdio_set_siaddr_window(bus, address))) {
1774                 DHD_ERROR(("%s: window change failed\n", __FUNCTION__));
1775                 goto xfer_done;
1776         }
1777
1778         /* Do the transfer(s) */
1779         while (size) {
1780                 DHD_INFO(("%s: %s %d bytes at offset 0x%08x in window 0x%08x\n",
1781                           __FUNCTION__, (write ? "write" : "read"), dsize, sdaddr,
1782                           (address & SBSDIO_SBWINDOW_MASK)));
1783                 if ((bcmerror = bcmsdh_rwdata(bus->sdh, write, sdaddr, data, dsize))) {
1784                         DHD_ERROR(("%s: membytes transfer failed\n", __FUNCTION__));
1785                         break;
1786                 }
1787
1788                 /* Adjust for next transfer (if any) */
1789                 if ((size -= dsize)) {
1790                         data += dsize;
1791                         address += dsize;
1792                         if ((bcmerror = dhdsdio_set_siaddr_window(bus, address))) {
1793                                 DHD_ERROR(("%s: window change failed\n", __FUNCTION__));
1794                                 break;
1795                         }
1796                         sdaddr = 0;
1797                         dsize = MIN(SBSDIO_SB_OFT_ADDR_LIMIT, size);
1798                 }
1799
1800         }
1801
1802 xfer_done:
1803         /* Return the window to backplane enumeration space for core access */
1804         if (dhdsdio_set_siaddr_window(bus, bcmsdh_cur_sbwad(bus->sdh))) {
1805                 DHD_ERROR(("%s: FAILED to set window back to 0x%x\n", __FUNCTION__,
1806                         bcmsdh_cur_sbwad(bus->sdh)));
1807         }
1808
1809         return bcmerror;
1810 }
1811
1812 #ifdef DHD_DEBUG
1813 static int
1814 dhdsdio_readshared(dhd_bus_t *bus, sdpcm_shared_t *sh)
1815 {
1816         uint32 addr;
1817         int rv;
1818
1819         /* Read last word in memory to determine address of sdpcm_shared structure */
1820         if ((rv = dhdsdio_membytes(bus, FALSE, bus->ramsize - 4, (uint8 *)&addr, 4)) < 0)
1821                 return rv;
1822
1823         addr = ltoh32(addr);
1824
1825         DHD_INFO(("sdpcm_shared address 0x%08X\n", addr));
1826
1827         /*
1828          * Check if addr is valid.
1829          * NVRAM length at the end of memory should have been overwritten.
1830          */
1831         if (addr == 0 || ((~addr >> 16) & 0xffff) == (addr & 0xffff)) {
1832                 DHD_ERROR(("%s: address (0x%08x) of sdpcm_shared invalid\n", __FUNCTION__, addr));
1833                 return BCME_ERROR;
1834         }
1835
1836         /* Read hndrte_shared structure */
1837         if ((rv = dhdsdio_membytes(bus, FALSE, addr, (uint8 *)sh, sizeof(sdpcm_shared_t))) < 0)
1838                 return rv;
1839
1840         /* Endianness */
1841         sh->flags = ltoh32(sh->flags);
1842         sh->trap_addr = ltoh32(sh->trap_addr);
1843         sh->assert_exp_addr = ltoh32(sh->assert_exp_addr);
1844         sh->assert_file_addr = ltoh32(sh->assert_file_addr);
1845         sh->assert_line = ltoh32(sh->assert_line);
1846         sh->console_addr = ltoh32(sh->console_addr);
1847         sh->msgtrace_addr = ltoh32(sh->msgtrace_addr);
1848
1849         if ((sh->flags & SDPCM_SHARED_VERSION_MASK) != SDPCM_SHARED_VERSION) {
1850                 DHD_ERROR(("%s: sdpcm_shared version %d in dhd "
1851                            "is different than sdpcm_shared version %d in dongle\n",
1852                            __FUNCTION__, SDPCM_SHARED_VERSION,
1853                            sh->flags & SDPCM_SHARED_VERSION_MASK));
1854                 return BCME_ERROR;
1855         }
1856
1857         return BCME_OK;
1858 }
1859
1860 #define CONSOLE_LINE_MAX        192
1861
1862 static int
1863 dhdsdio_readconsole(dhd_bus_t *bus)
1864 {
1865         dhd_console_t *c = &bus->console;
1866         uint8 line[CONSOLE_LINE_MAX], ch;
1867         uint32 n, idx, addr;
1868         int rv;
1869
1870         /* Don't do anything until FWREADY updates console address */
1871         if (bus->console_addr == 0)
1872                 return 0;
1873
1874         /* Read console log struct */
1875         addr = bus->console_addr + OFFSETOF(hndrte_cons_t, log);
1876         if ((rv = dhdsdio_membytes(bus, FALSE, addr, (uint8 *)&c->log, sizeof(c->log))) < 0)
1877                 return rv;
1878
1879         /* Allocate console buffer (one time only) */
1880         if (c->buf == NULL) {
1881                 c->bufsize = ltoh32(c->log.buf_size);
1882                 if ((c->buf = MALLOC(bus->dhd->osh, c->bufsize)) == NULL)
1883                         return BCME_NOMEM;
1884         }
1885
1886         idx = ltoh32(c->log.idx);
1887
1888         /* Protect against corrupt value */
1889         if (idx > c->bufsize)
1890                 return BCME_ERROR;
1891
1892         /* Skip reading the console buffer if the index pointer has not moved */
1893         if (idx == c->last)
1894                 return BCME_OK;
1895
1896         /* Read the console buffer */
1897         addr = ltoh32(c->log.buf);
1898         if ((rv = dhdsdio_membytes(bus, FALSE, addr, c->buf, c->bufsize)) < 0)
1899                 return rv;
1900
1901         while (c->last != idx) {
1902                 for (n = 0; n < CONSOLE_LINE_MAX - 2; n++) {
1903                         if (c->last == idx) {
1904                                 /* This would output a partial line.  Instead, back up
1905                                  * the buffer pointer and output this line next time around.
1906                                  */
1907                                 if (c->last >= n)
1908                                         c->last -= n;
1909                                 else
1910                                         c->last = c->bufsize - n;
1911                                 goto break2;
1912                         }
1913                         ch = c->buf[c->last];
1914                         c->last = (c->last + 1) % c->bufsize;
1915                         if (ch == '\n')
1916                                 break;
1917                         line[n] = ch;
1918                 }
1919
1920                 if (n > 0) {
1921                         if (line[n - 1] == '\r')
1922                                 n--;
1923                         line[n] = 0;
1924                         printf("CONSOLE: %s\n", line);
1925                 }
1926         }
1927 break2:
1928
1929         return BCME_OK;
1930 }
1931
1932 static int
1933 dhdsdio_checkdied(dhd_bus_t *bus, uint8 *data, uint size)
1934 {
1935         int bcmerror = 0;
1936         uint msize = 512;
1937         char *mbuffer = NULL;
1938         uint maxstrlen = 256;
1939         char *str = NULL;
1940         trap_t tr;
1941         sdpcm_shared_t sdpcm_shared;
1942         struct bcmstrbuf strbuf;
1943
1944         DHD_TRACE(("%s: Enter\n", __FUNCTION__));
1945
1946         if (data == NULL) {
1947                 /*
1948                  * Called after a rx ctrl timeout. "data" is NULL.
1949                  * allocate memory to trace the trap or assert.
1950                  */
1951                 size = msize;
1952                 mbuffer = data = MALLOC(bus->dhd->osh, msize);
1953                 if (mbuffer == NULL) {
1954                         DHD_ERROR(("%s: MALLOC(%d) failed \n", __FUNCTION__, msize));
1955                         bcmerror = BCME_NOMEM;
1956                         goto done;
1957                 }
1958         }
1959
1960         if ((str = MALLOC(bus->dhd->osh, maxstrlen)) == NULL) {
1961                 DHD_ERROR(("%s: MALLOC(%d) failed \n", __FUNCTION__, maxstrlen));
1962                 bcmerror = BCME_NOMEM;
1963                 goto done;
1964         }
1965
1966         if ((bcmerror = dhdsdio_readshared(bus, &sdpcm_shared)) < 0)
1967                 goto done;
1968
1969         bcm_binit(&strbuf, data, size);
1970
1971         bcm_bprintf(&strbuf, "msgtrace address : 0x%08X\nconsole address  : 0x%08X\n",
1972                     sdpcm_shared.msgtrace_addr, sdpcm_shared.console_addr);
1973
1974         if ((sdpcm_shared.flags & SDPCM_SHARED_ASSERT_BUILT) == 0) {
1975                 /* NOTE: Misspelled assert is intentional - DO NOT FIX.
1976                  * (Avoids conflict with real asserts for programmatic parsing of output.)
1977                  */
1978                 bcm_bprintf(&strbuf, "Assrt not built in dongle\n");
1979         }
1980
1981         if ((sdpcm_shared.flags & (SDPCM_SHARED_ASSERT|SDPCM_SHARED_TRAP)) == 0) {
1982                 /* NOTE: Misspelled assert is intentional - DO NOT FIX.
1983                  * (Avoids conflict with real asserts for programmatic parsing of output.)
1984                  */
1985                 bcm_bprintf(&strbuf, "No trap%s in dongle",
1986                           (sdpcm_shared.flags & SDPCM_SHARED_ASSERT_BUILT)
1987                           ?"/assrt" :"");
1988         } else {
1989                 if (sdpcm_shared.flags & SDPCM_SHARED_ASSERT) {
1990                         /* Download assert */
1991                         bcm_bprintf(&strbuf, "Dongle assert");
1992                         if (sdpcm_shared.assert_exp_addr != 0) {
1993                                 str[0] = '\0';
1994                                 if ((bcmerror = dhdsdio_membytes(bus, FALSE,
1995                                                                  sdpcm_shared.assert_exp_addr,
1996                                                                  (uint8 *)str, maxstrlen)) < 0)
1997                                         goto done;
1998
1999                                 str[maxstrlen - 1] = '\0';
2000                                 bcm_bprintf(&strbuf, " expr \"%s\"", str);
2001                         }
2002
2003                         if (sdpcm_shared.assert_file_addr != 0) {
2004                                 str[0] = '\0';
2005                                 if ((bcmerror = dhdsdio_membytes(bus, FALSE,
2006                                                                  sdpcm_shared.assert_file_addr,
2007                                                                  (uint8 *)str, maxstrlen)) < 0)
2008                                         goto done;
2009
2010                                 str[maxstrlen - 1] = '\0';
2011                                 bcm_bprintf(&strbuf, " file \"%s\"", str);
2012                         }
2013
2014                         bcm_bprintf(&strbuf, " line %d ", sdpcm_shared.assert_line);
2015                 }
2016
2017                 if (sdpcm_shared.flags & SDPCM_SHARED_TRAP) {
2018                         if ((bcmerror = dhdsdio_membytes(bus, FALSE,
2019                                                          sdpcm_shared.trap_addr,
2020                                                          (uint8*)&tr, sizeof(trap_t))) < 0)
2021                                 goto done;
2022
2023                         bcm_bprintf(&strbuf,
2024                         "Dongle trap type 0x%x @ epc 0x%x, cpsr 0x%x, spsr 0x%x, sp 0x%x,"
2025                         "lp 0x%x, rpc 0x%x Trap offset 0x%x, "
2026                         "r0 0x%x, r1 0x%x, r2 0x%x, r3 0x%x, r4 0x%x, r5 0x%x, r6 0x%x, r7 0x%x\n",
2027                         ltoh32(tr.type), ltoh32(tr.epc), ltoh32(tr.cpsr), ltoh32(tr.spsr),
2028                         ltoh32(tr.r13), ltoh32(tr.r14), ltoh32(tr.pc),
2029                         ltoh32(sdpcm_shared.trap_addr),
2030                         ltoh32(tr.r0), ltoh32(tr.r1), ltoh32(tr.r2), ltoh32(tr.r3),
2031                         ltoh32(tr.r4), ltoh32(tr.r5), ltoh32(tr.r6), ltoh32(tr.r7));
2032                 }
2033         }
2034
2035         if (sdpcm_shared.flags & (SDPCM_SHARED_ASSERT | SDPCM_SHARED_TRAP)) {
2036                 DHD_ERROR(("%s: %s\n", __FUNCTION__, strbuf.origbuf));
2037         }
2038
2039 #ifdef DHD_DEBUG
2040         if (sdpcm_shared.flags & SDPCM_SHARED_TRAP) {
2041                 /* Mem dump to a file on device */
2042                 dhdsdio_mem_dump(bus);
2043         }
2044 #endif /* DHD_DEBUG */
2045
2046 done:
2047         if (mbuffer)
2048                 MFREE(bus->dhd->osh, mbuffer, msize);
2049         if (str)
2050                 MFREE(bus->dhd->osh, str, maxstrlen);
2051
2052         return bcmerror;
2053 }
2054
2055 static int
2056 dhdsdio_mem_dump(dhd_bus_t *bus)
2057 {
2058         int ret = 0;
2059         int size; /* Full mem size */
2060         int start = 0; /* Start address */
2061         int read_size = 0; /* Read size of each iteration */
2062         uint8 *buf = NULL, *databuf = NULL;
2063
2064         /* Get full mem size */
2065         size = bus->ramsize;
2066         buf = MALLOC(bus->dhd->osh, size);
2067         if (!buf) {
2068                 printf("%s: Out of memory (%d bytes)\n", __FUNCTION__, size);
2069                 return -1;
2070         }
2071
2072         /* Read mem content */
2073         printf("Dump dongle memory");
2074         databuf = buf;
2075         while (size)
2076         {
2077                 read_size = MIN(MEMBLOCK, size);
2078                 if ((ret = dhdsdio_membytes(bus, FALSE, start, databuf, read_size)))
2079                 {
2080                         printf("%s: Error membytes %d\n", __FUNCTION__, ret);
2081                         if (buf) {
2082                                 MFREE(bus->dhd->osh, buf, size);
2083                         }
2084                         return -1;
2085                 }
2086                 printf(".");
2087
2088                 /* Decrement size and increment start address */
2089                 size -= read_size;
2090                 start += read_size;
2091                 databuf += read_size;
2092         }
2093         printf("Done\n");
2094
2095         /* free buf before return !!! */
2096         if (write_to_file(bus->dhd, buf, bus->ramsize))
2097         {
2098                 printf("%s: Error writing to files\n", __FUNCTION__);
2099                 return -1;
2100         }
2101
2102         /* buf free handled in write_to_file, not here */
2103         return 0;
2104 }
2105 #endif /* defined(DHD_DEBUG) */
2106
2107 int
2108 dhdsdio_downloadvars(dhd_bus_t *bus, void *arg, int len)
2109 {
2110         int bcmerror = BCME_OK;
2111
2112         DHD_TRACE(("%s: Enter\n", __FUNCTION__));
2113
2114         /* Basic sanity checks */
2115         if (bus->dhd->up) {
2116                 bcmerror = BCME_NOTDOWN;
2117                 goto err;
2118         }
2119         if (!len) {
2120                 bcmerror = BCME_BUFTOOSHORT;
2121                 goto err;
2122         }
2123
2124         /* Free the old ones and replace with passed variables */
2125         if (bus->vars)
2126                 MFREE(bus->dhd->osh, bus->vars, bus->varsz);
2127
2128         bus->vars = MALLOC(bus->dhd->osh, len);
2129         bus->varsz = bus->vars ? len : 0;
2130         if (bus->vars == NULL) {
2131                 bcmerror = BCME_NOMEM;
2132                 goto err;
2133         }
2134
2135         /* Copy the passed variables, which should include the terminating double-null */
2136         bcopy(arg, bus->vars, bus->varsz);
2137 err:
2138         return bcmerror;
2139 }
2140
2141 #ifdef DHD_DEBUG
2142
2143 #define CC_PLL_CHIPCTRL_SERIAL_ENAB     (1  << 24)
2144 static int
2145 dhd_serialconsole(dhd_bus_t *bus, bool set, bool enable, int *bcmerror)
2146 {
2147         int int_val;
2148         uint32 addr, data;
2149
2150
2151         addr = SI_ENUM_BASE + OFFSETOF(chipcregs_t, chipcontrol_addr);
2152         data = SI_ENUM_BASE + OFFSETOF(chipcregs_t, chipcontrol_data);
2153         *bcmerror = 0;
2154
2155         bcmsdh_reg_write(bus->sdh, addr, 4, 1);
2156         if (bcmsdh_regfail(bus->sdh)) {
2157                 *bcmerror = BCME_SDIO_ERROR;
2158                 return -1;
2159         }
2160         int_val = bcmsdh_reg_read(bus->sdh, data, 4);
2161         if (bcmsdh_regfail(bus->sdh)) {
2162                 *bcmerror = BCME_SDIO_ERROR;
2163                 return -1;
2164         }
2165         if (!set)
2166                 return (int_val & CC_PLL_CHIPCTRL_SERIAL_ENAB);
2167         if (enable)
2168                 int_val |= CC_PLL_CHIPCTRL_SERIAL_ENAB;
2169         else
2170                 int_val &= ~CC_PLL_CHIPCTRL_SERIAL_ENAB;
2171         bcmsdh_reg_write(bus->sdh, data, 4, int_val);
2172         if (bcmsdh_regfail(bus->sdh)) {
2173                 *bcmerror = BCME_SDIO_ERROR;
2174                 return -1;
2175         }
2176         if (bus->sih->chip == BCM4330_CHIP_ID) {
2177                 uint32 chipcontrol;
2178                 addr = SI_ENUM_BASE + OFFSETOF(chipcregs_t, chipcontrol);
2179                 chipcontrol = bcmsdh_reg_read(bus->sdh, addr, 4);
2180                 chipcontrol &= ~0x8;
2181                 if (enable) {
2182                         chipcontrol |=  0x8;
2183                         chipcontrol &= ~0x3;
2184                 }
2185                 bcmsdh_reg_write(bus->sdh, addr, 4, chipcontrol);
2186         }
2187
2188         return (int_val & CC_PLL_CHIPCTRL_SERIAL_ENAB);
2189 }
2190 #endif 
2191
2192 static int
2193 dhdsdio_doiovar(dhd_bus_t *bus, const bcm_iovar_t *vi, uint32 actionid, const char *name,
2194                 void *params, int plen, void *arg, int len, int val_size)
2195 {
2196         int bcmerror = 0;
2197         int32 int_val = 0;
2198         bool bool_val = 0;
2199
2200         DHD_TRACE(("%s: Enter, action %d name %s params %p plen %d arg %p len %d val_size %d\n",
2201                    __FUNCTION__, actionid, name, params, plen, arg, len, val_size));
2202
2203         if ((bcmerror = bcm_iovar_lencheck(vi, arg, len, IOV_ISSET(actionid))) != 0)
2204                 goto exit;
2205
2206         if (plen >= (int)sizeof(int_val))
2207                 bcopy(params, &int_val, sizeof(int_val));
2208
2209         bool_val = (int_val != 0) ? TRUE : FALSE;
2210
2211
2212         /* Some ioctls use the bus */
2213         dhd_os_sdlock(bus->dhd);
2214
2215         /* Check if dongle is in reset. If so, only allow DEVRESET iovars */
2216         if (bus->dhd->dongle_reset && !(actionid == IOV_SVAL(IOV_DEVRESET) ||
2217                                         actionid == IOV_GVAL(IOV_DEVRESET))) {
2218                 bcmerror = BCME_NOTREADY;
2219                 goto exit;
2220         }
2221
2222         /* Handle sleep stuff before any clock mucking */
2223         if (vi->varid == IOV_SLEEP) {
2224                 if (IOV_ISSET(actionid)) {
2225                         bcmerror = dhdsdio_bussleep(bus, bool_val);
2226                 } else {
2227                         int_val = (int32)bus->sleeping;
2228                         bcopy(&int_val, arg, val_size);
2229                 }
2230                 goto exit;
2231         }
2232
2233         /* Request clock to allow SDIO accesses */
2234         if (!bus->dhd->dongle_reset) {
2235                 BUS_WAKE(bus);
2236                 dhdsdio_clkctl(bus, CLK_AVAIL, FALSE);
2237         }
2238
2239         switch (actionid) {
2240         case IOV_GVAL(IOV_INTR):
2241                 int_val = (int32)bus->intr;
2242                 bcopy(&int_val, arg, val_size);
2243                 break;
2244
2245         case IOV_SVAL(IOV_INTR):
2246                 bus->intr = bool_val;
2247                 bus->intdis = FALSE;
2248                 if (bus->dhd->up) {
2249                         if (bus->intr) {
2250                                 DHD_INTR(("%s: enable SDIO device interrupts\n", __FUNCTION__));
2251                                 bcmsdh_intr_enable(bus->sdh);
2252                         } else {
2253                                 DHD_INTR(("%s: disable SDIO interrupts\n", __FUNCTION__));
2254                                 bcmsdh_intr_disable(bus->sdh);
2255                         }
2256                 }
2257                 break;
2258
2259         case IOV_GVAL(IOV_POLLRATE):
2260                 int_val = (int32)bus->pollrate;
2261                 bcopy(&int_val, arg, val_size);
2262                 break;
2263
2264         case IOV_SVAL(IOV_POLLRATE):
2265                 bus->pollrate = (uint)int_val;
2266                 bus->poll = (bus->pollrate != 0);
2267                 break;
2268
2269         case IOV_GVAL(IOV_IDLETIME):
2270                 int_val = bus->idletime;
2271                 bcopy(&int_val, arg, val_size);
2272                 break;
2273
2274         case IOV_SVAL(IOV_IDLETIME):
2275                 if ((int_val < 0) && (int_val != DHD_IDLE_IMMEDIATE)) {
2276                         bcmerror = BCME_BADARG;
2277                 } else {
2278                         bus->idletime = int_val;
2279                 }
2280                 break;
2281
2282         case IOV_GVAL(IOV_IDLECLOCK):
2283                 int_val = (int32)bus->idleclock;
2284                 bcopy(&int_val, arg, val_size);
2285                 break;
2286
2287         case IOV_SVAL(IOV_IDLECLOCK):
2288                 bus->idleclock = int_val;
2289                 break;
2290
2291         case IOV_GVAL(IOV_SD1IDLE):
2292                 int_val = (int32)sd1idle;
2293                 bcopy(&int_val, arg, val_size);
2294                 break;
2295
2296         case IOV_SVAL(IOV_SD1IDLE):
2297                 sd1idle = bool_val;
2298                 break;
2299
2300
2301         case IOV_SVAL(IOV_MEMBYTES):
2302         case IOV_GVAL(IOV_MEMBYTES):
2303         {
2304                 uint32 address;
2305                 uint size, dsize;
2306                 uint8 *data;
2307
2308                 bool set = (actionid == IOV_SVAL(IOV_MEMBYTES));
2309
2310                 ASSERT(plen >= 2*sizeof(int));
2311
2312                 address = (uint32)int_val;
2313                 bcopy((char *)params + sizeof(int_val), &int_val, sizeof(int_val));
2314                 size = (uint)int_val;
2315
2316                 /* Do some validation */
2317                 dsize = set ? plen - (2 * sizeof(int)) : len;
2318                 if (dsize < size) {
2319                         DHD_ERROR(("%s: error on %s membytes, addr 0x%08x size %d dsize %d\n",
2320                                    __FUNCTION__, (set ? "set" : "get"), address, size, dsize));
2321                         bcmerror = BCME_BADARG;
2322                         break;
2323                 }
2324
2325                 DHD_INFO(("%s: Request to %s %d bytes at address 0x%08x\n", __FUNCTION__,
2326                           (set ? "write" : "read"), size, address));
2327
2328                 /* If we know about SOCRAM, check for a fit */
2329                 if ((bus->orig_ramsize) &&
2330                     ((address > bus->orig_ramsize) || (address + size > bus->orig_ramsize)))
2331                 {
2332                         uint8 enable, protect;
2333                         si_socdevram(bus->sih, FALSE, &enable, &protect);
2334                         if (!enable || protect) {
2335                                 DHD_ERROR(("%s: ramsize 0x%08x doesn't have %d bytes at 0x%08x\n",
2336                                         __FUNCTION__, bus->orig_ramsize, size, address));
2337                                 DHD_ERROR(("%s: socram enable %d, protect %d\n",
2338                                         __FUNCTION__, enable, protect));
2339                                 bcmerror = BCME_BADARG;
2340                                 break;
2341                         }
2342                         if (enable && (bus->sih->chip == BCM4330_CHIP_ID)) {
2343                                 uint32 devramsize = si_socdevram_size(bus->sih);
2344                                 if ((address < SOCDEVRAM_4330_ARM_ADDR) ||
2345                                         (address + size > (SOCDEVRAM_4330_ARM_ADDR + devramsize))) {
2346                                         DHD_ERROR(("%s: bad address 0x%08x, size 0x%08x\n",
2347                                                 __FUNCTION__, address, size));
2348                                         DHD_ERROR(("%s: socram range 0x%08x,size 0x%08x\n",
2349                                                 __FUNCTION__, SOCDEVRAM_4330_ARM_ADDR, devramsize));
2350                                         bcmerror = BCME_BADARG;
2351                                         break;
2352                                 }
2353                                 /* move it such that address is real now */
2354                                 address -= SOCDEVRAM_4330_ARM_ADDR;
2355                                 address += SOCDEVRAM_4330_BP_ADDR;
2356                                 DHD_INFO(("%s: Request to %s %d bytes @ Mapped address 0x%08x\n",
2357                                         __FUNCTION__, (set ? "write" : "read"), size, address));
2358                         }
2359                 }
2360
2361                 /* Generate the actual data pointer */
2362                 data = set ? (uint8*)params + 2 * sizeof(int): (uint8*)arg;
2363
2364                 /* Call to do the transfer */
2365                 bcmerror = dhdsdio_membytes(bus, set, address, data, size);
2366
2367                 break;
2368         }
2369
2370         case IOV_GVAL(IOV_MEMSIZE):
2371                 int_val = (int32)bus->ramsize;
2372                 bcopy(&int_val, arg, val_size);
2373                 break;
2374
2375         case IOV_GVAL(IOV_SDIOD_DRIVE):
2376                 int_val = (int32)dhd_sdiod_drive_strength;
2377                 bcopy(&int_val, arg, val_size);
2378                 break;
2379
2380         case IOV_SVAL(IOV_SDIOD_DRIVE):
2381                 dhd_sdiod_drive_strength = int_val;
2382                 si_sdiod_drive_strength_init(bus->sih, bus->dhd->osh, dhd_sdiod_drive_strength);
2383                 break;
2384
2385         case IOV_SVAL(IOV_DOWNLOAD):
2386                 bcmerror = dhdsdio_download_state(bus, bool_val);
2387                 break;
2388
2389         case IOV_SVAL(IOV_SOCRAM_STATE):
2390                 bcmerror = dhdsdio_download_state(bus, bool_val);
2391                 break;
2392
2393         case IOV_SVAL(IOV_VARS):
2394                 bcmerror = dhdsdio_downloadvars(bus, arg, len);
2395                 break;
2396
2397         case IOV_GVAL(IOV_READAHEAD):
2398                 int_val = (int32)dhd_readahead;
2399                 bcopy(&int_val, arg, val_size);
2400                 break;
2401
2402         case IOV_SVAL(IOV_READAHEAD):
2403                 if (bool_val && !dhd_readahead)
2404                         bus->nextlen = 0;
2405                 dhd_readahead = bool_val;
2406                 break;
2407
2408         case IOV_GVAL(IOV_SDRXCHAIN):
2409                 int_val = (int32)bus->use_rxchain;
2410                 bcopy(&int_val, arg, val_size);
2411                 break;
2412
2413         case IOV_SVAL(IOV_SDRXCHAIN):
2414                 if (bool_val && !bus->sd_rxchain)
2415                         bcmerror = BCME_UNSUPPORTED;
2416                 else
2417                         bus->use_rxchain = bool_val;
2418                 break;
2419         case IOV_GVAL(IOV_ALIGNCTL):
2420                 int_val = (int32)dhd_alignctl;
2421                 bcopy(&int_val, arg, val_size);
2422                 break;
2423
2424         case IOV_SVAL(IOV_ALIGNCTL):
2425                 dhd_alignctl = bool_val;
2426                 break;
2427
2428         case IOV_GVAL(IOV_SDALIGN):
2429                 int_val = DHD_SDALIGN;
2430                 bcopy(&int_val, arg, val_size);
2431                 break;
2432
2433 #ifdef DHD_DEBUG
2434         case IOV_GVAL(IOV_VARS):
2435                 if (bus->varsz < (uint)len)
2436                         bcopy(bus->vars, arg, bus->varsz);
2437                 else
2438                         bcmerror = BCME_BUFTOOSHORT;
2439                 break;
2440 #endif /* DHD_DEBUG */
2441
2442 #ifdef DHD_DEBUG
2443         case IOV_GVAL(IOV_SDREG):
2444         {
2445                 sdreg_t *sd_ptr;
2446                 uint32 addr, size;
2447
2448                 sd_ptr = (sdreg_t *)params;
2449
2450                 addr = (uintptr)bus->regs + sd_ptr->offset;
2451                 size = sd_ptr->func;
2452                 int_val = (int32)bcmsdh_reg_read(bus->sdh, addr, size);
2453                 if (bcmsdh_regfail(bus->sdh))
2454                         bcmerror = BCME_SDIO_ERROR;
2455                 bcopy(&int_val, arg, sizeof(int32));
2456                 break;
2457         }
2458
2459         case IOV_SVAL(IOV_SDREG):
2460         {
2461                 sdreg_t *sd_ptr;
2462                 uint32 addr, size;
2463
2464                 sd_ptr = (sdreg_t *)params;
2465
2466                 addr = (uintptr)bus->regs + sd_ptr->offset;
2467                 size = sd_ptr->func;
2468                 bcmsdh_reg_write(bus->sdh, addr, size, sd_ptr->value);
2469                 if (bcmsdh_regfail(bus->sdh))
2470                         bcmerror = BCME_SDIO_ERROR;
2471                 break;
2472         }
2473
2474         /* Same as above, but offset is not backplane (not SDIO core) */
2475         case IOV_GVAL(IOV_SBREG):
2476         {
2477                 sdreg_t sdreg;
2478                 uint32 addr, size;
2479
2480                 bcopy(params, &sdreg, sizeof(sdreg));
2481
2482                 addr = SI_ENUM_BASE + sdreg.offset;
2483                 size = sdreg.func;
2484                 int_val = (int32)bcmsdh_reg_read(bus->sdh, addr, size);
2485                 if (bcmsdh_regfail(bus->sdh))
2486                         bcmerror = BCME_SDIO_ERROR;
2487                 bcopy(&int_val, arg, sizeof(int32));
2488                 break;
2489         }
2490
2491         case IOV_SVAL(IOV_SBREG):
2492         {
2493                 sdreg_t sdreg;
2494                 uint32 addr, size;
2495
2496                 bcopy(params, &sdreg, sizeof(sdreg));
2497
2498                 addr = SI_ENUM_BASE + sdreg.offset;
2499                 size = sdreg.func;
2500                 bcmsdh_reg_write(bus->sdh, addr, size, sdreg.value);
2501                 if (bcmsdh_regfail(bus->sdh))
2502                         bcmerror = BCME_SDIO_ERROR;
2503                 break;
2504         }
2505
2506         case IOV_GVAL(IOV_SDCIS):
2507         {
2508                 *(char *)arg = 0;
2509
2510                 bcmstrcat(arg, "\nFunc 0\n");
2511                 bcmsdh_cis_read(bus->sdh, 0x10, (uint8 *)arg + strlen(arg), SBSDIO_CIS_SIZE_LIMIT);
2512                 bcmstrcat(arg, "\nFunc 1\n");
2513                 bcmsdh_cis_read(bus->sdh, 0x11, (uint8 *)arg + strlen(arg), SBSDIO_CIS_SIZE_LIMIT);
2514                 bcmstrcat(arg, "\nFunc 2\n");
2515                 bcmsdh_cis_read(bus->sdh, 0x12, (uint8 *)arg + strlen(arg), SBSDIO_CIS_SIZE_LIMIT);
2516                 break;
2517         }
2518
2519         case IOV_GVAL(IOV_FORCEEVEN):
2520                 int_val = (int32)forcealign;
2521                 bcopy(&int_val, arg, val_size);
2522                 break;
2523
2524         case IOV_SVAL(IOV_FORCEEVEN):
2525                 forcealign = bool_val;
2526                 break;
2527
2528         case IOV_GVAL(IOV_TXBOUND):
2529                 int_val = (int32)dhd_txbound;
2530                 bcopy(&int_val, arg, val_size);
2531                 break;
2532
2533         case IOV_SVAL(IOV_TXBOUND):
2534                 dhd_txbound = (uint)int_val;
2535                 break;
2536
2537         case IOV_GVAL(IOV_RXBOUND):
2538                 int_val = (int32)dhd_rxbound;
2539                 bcopy(&int_val, arg, val_size);
2540                 break;
2541
2542         case IOV_SVAL(IOV_RXBOUND):
2543                 dhd_rxbound = (uint)int_val;
2544                 break;
2545
2546         case IOV_GVAL(IOV_TXMINMAX):
2547                 int_val = (int32)dhd_txminmax;
2548                 bcopy(&int_val, arg, val_size);
2549                 break;
2550
2551         case IOV_SVAL(IOV_TXMINMAX):
2552                 dhd_txminmax = (uint)int_val;
2553                 break;
2554
2555         case IOV_GVAL(IOV_SERIALCONS):
2556                 int_val = dhd_serialconsole(bus, FALSE, 0, &bcmerror);
2557                 if (bcmerror != 0)
2558                         break;
2559
2560                 bcopy(&int_val, arg, val_size);
2561                 break;
2562
2563         case IOV_SVAL(IOV_SERIALCONS):
2564                 dhd_serialconsole(bus, TRUE, bool_val, &bcmerror);
2565                 break;
2566
2567
2568
2569 #endif /* DHD_DEBUG */
2570
2571
2572 #ifdef SDTEST
2573         case IOV_GVAL(IOV_EXTLOOP):
2574                 int_val = (int32)bus->ext_loop;
2575                 bcopy(&int_val, arg, val_size);
2576                 break;
2577
2578         case IOV_SVAL(IOV_EXTLOOP):
2579                 bus->ext_loop = bool_val;
2580                 break;
2581
2582         case IOV_GVAL(IOV_PKTGEN):
2583                 bcmerror = dhdsdio_pktgen_get(bus, arg);
2584                 break;
2585
2586         case IOV_SVAL(IOV_PKTGEN):
2587                 bcmerror = dhdsdio_pktgen_set(bus, arg);
2588                 break;
2589 #endif /* SDTEST */
2590
2591
2592         case IOV_GVAL(IOV_DONGLEISOLATION):
2593                 int_val = bus->dhd->dongle_isolation;
2594                 bcopy(&int_val, arg, val_size);
2595                 break;
2596
2597         case IOV_SVAL(IOV_DONGLEISOLATION):
2598                 bus->dhd->dongle_isolation = bool_val;
2599                 break;
2600
2601         case IOV_SVAL(IOV_DEVRESET):
2602                 DHD_TRACE(("%s: Called set IOV_DEVRESET=%d dongle_reset=%d busstate=%d\n",
2603                            __FUNCTION__, bool_val, bus->dhd->dongle_reset,
2604                            bus->dhd->busstate));
2605
2606                 ASSERT(bus->dhd->osh);
2607                 /* ASSERT(bus->cl_devid); */
2608
2609                 dhd_bus_devreset(bus->dhd, (uint8)bool_val);
2610
2611                 break;
2612 #ifdef SOFTAP
2613         case IOV_GVAL(IOV_FWPATH):
2614         {
2615                 uint32  fw_path_len;
2616
2617                 fw_path_len = strlen(bus->fw_path);
2618                 DHD_INFO(("[softap] get fwpath, l=%d\n", len));
2619
2620                 if (fw_path_len > len-1) {
2621                         bcmerror = BCME_BUFTOOSHORT;
2622                         break;
2623                 }
2624
2625                 if (fw_path_len) {
2626                         bcopy(bus->fw_path, arg, fw_path_len);
2627                         ((uchar*)arg)[fw_path_len] = 0;
2628                 }
2629                 break;
2630         }
2631
2632         case IOV_SVAL(IOV_FWPATH):
2633                 DHD_INFO(("[softap] set fwpath, idx=%d\n", int_val));
2634
2635                 switch (int_val) {
2636                 case 1:
2637                         bus->fw_path = fw_path; /* ordinary one */
2638                         break;
2639                 case 2:
2640                         bus->fw_path = fw_path2;
2641                         break;
2642                 default:
2643                         bcmerror = BCME_BADARG;
2644                         break;
2645                 }
2646
2647                 DHD_INFO(("[softap] new fw path: %s\n", (bus->fw_path[0] ? bus->fw_path : "NULL")));
2648                 break;
2649
2650 #endif /* SOFTAP */
2651         case IOV_GVAL(IOV_DEVRESET):
2652                 DHD_TRACE(("%s: Called get IOV_DEVRESET\n", __FUNCTION__));
2653
2654                 /* Get its status */
2655                 int_val = (bool) bus->dhd->dongle_reset;
2656                 bcopy(&int_val, arg, val_size);
2657
2658                 break;
2659
2660         default:
2661                 bcmerror = BCME_UNSUPPORTED;
2662                 break;
2663         }
2664
2665 exit:
2666         if ((bus->idletime == DHD_IDLE_IMMEDIATE) && !bus->dpc_sched) {
2667                 bus->activity = FALSE;
2668                 dhdsdio_clkctl(bus, CLK_NONE, TRUE);
2669         }
2670
2671         dhd_os_sdunlock(bus->dhd);
2672
2673         if (actionid == IOV_SVAL(IOV_DEVRESET) && bool_val == FALSE)
2674                 dhd_preinit_ioctls((dhd_pub_t *) bus->dhd);
2675
2676         return bcmerror;
2677 }
2678
2679 static int
2680 dhdsdio_write_vars(dhd_bus_t *bus)
2681 {
2682         int bcmerror = 0;
2683         uint32 varsize;
2684         uint32 varaddr;
2685         uint8 *vbuffer;
2686         uint32 varsizew;
2687 #ifdef DHD_DEBUG
2688         uint8 *nvram_ularray;
2689 #endif /* DHD_DEBUG */
2690
2691         /* Even if there are no vars are to be written, we still need to set the ramsize. */
2692         varsize = bus->varsz ? ROUNDUP(bus->varsz, 4) : 0;
2693         varaddr = (bus->ramsize - 4) - varsize;
2694
2695         if (bus->vars) {
2696                 if ((bus->sih->buscoretype == SDIOD_CORE_ID) && (bus->sdpcmrev == 7)) {
2697                         if (((varaddr & 0x3C) == 0x3C) && (varsize > 4)) {
2698                                 DHD_ERROR(("PR85623WAR in place\n"));
2699                                 varsize += 4;
2700                                 varaddr -= 4;
2701                         }
2702                 }
2703
2704                 vbuffer = (uint8 *)MALLOC(bus->dhd->osh, varsize);
2705                 if (!vbuffer)
2706                         return BCME_NOMEM;
2707
2708                 bzero(vbuffer, varsize);
2709                 bcopy(bus->vars, vbuffer, bus->varsz);
2710
2711                 /* Write the vars list */
2712                 bcmerror = dhdsdio_membytes(bus, TRUE, varaddr, vbuffer, varsize);
2713 #ifdef DHD_DEBUG
2714                 /* Verify NVRAM bytes */
2715                 DHD_INFO(("Compare NVRAM dl & ul; varsize=%d\n", varsize));
2716                 nvram_ularray = (uint8*)MALLOC(bus->dhd->osh, varsize);
2717                 if (!nvram_ularray)
2718                         return BCME_NOMEM;
2719
2720                 /* Upload image to verify downloaded contents. */
2721                 memset(nvram_ularray, 0xaa, varsize);
2722
2723                 /* Read the vars list to temp buffer for comparison */
2724                 bcmerror = dhdsdio_membytes(bus, FALSE, varaddr, nvram_ularray, varsize);
2725                 if (bcmerror) {
2726                                 DHD_ERROR(("%s: error %d on reading %d nvram bytes at 0x%08x\n",
2727                                         __FUNCTION__, bcmerror, varsize, varaddr));
2728                 }
2729                 /* Compare the org NVRAM with the one read from RAM */
2730                 if (memcmp(vbuffer, nvram_ularray, varsize)) {
2731                         DHD_ERROR(("%s: Downloaded NVRAM image is corrupted.\n", __FUNCTION__));
2732                 } else
2733                         DHD_ERROR(("%s: Download, Upload and compare of NVRAM succeeded.\n",
2734                         __FUNCTION__));
2735
2736                 MFREE(bus->dhd->osh, nvram_ularray, varsize);
2737 #endif /* DHD_DEBUG */
2738
2739                 MFREE(bus->dhd->osh, vbuffer, varsize);
2740         }
2741
2742         /* adjust to the user specified RAM */
2743         DHD_INFO(("Physical memory size: %d, usable memory size: %d\n",
2744                 bus->orig_ramsize, bus->ramsize));
2745         DHD_INFO(("Vars are at %d, orig varsize is %d\n",
2746                 varaddr, varsize));
2747         varsize = ((bus->orig_ramsize - 4) - varaddr);
2748
2749         /*
2750          * Determine the length token:
2751          * Varsize, converted to words, in lower 16-bits, checksum in upper 16-bits.
2752          */
2753         if (bcmerror) {
2754                 varsizew = 0;
2755         } else {
2756                 varsizew = varsize / 4;
2757                 varsizew = (~varsizew << 16) | (varsizew & 0x0000FFFF);
2758                 varsizew = htol32(varsizew);
2759         }
2760
2761         DHD_INFO(("New varsize is %d, length token=0x%08x\n", varsize, varsizew));
2762
2763         /* Write the length token to the last word */
2764         bcmerror = dhdsdio_membytes(bus, TRUE, (bus->orig_ramsize - 4),
2765                 (uint8*)&varsizew, 4);
2766
2767         return bcmerror;
2768 }
2769
2770 static int
2771 dhdsdio_download_state(dhd_bus_t *bus, bool enter)
2772 {
2773         uint retries;
2774         int bcmerror = 0;
2775
2776         /* To enter download state, disable ARM and reset SOCRAM.
2777          * To exit download state, simply reset ARM (default is RAM boot).
2778          */
2779         if (enter) {
2780                 bus->alp_only = TRUE;
2781
2782                 if (!(si_setcore(bus->sih, ARM7S_CORE_ID, 0)) &&
2783                     !(si_setcore(bus->sih, ARMCM3_CORE_ID, 0))) {
2784                         DHD_ERROR(("%s: Failed to find ARM core!\n", __FUNCTION__));
2785                         bcmerror = BCME_ERROR;
2786                         goto fail;
2787                 }
2788
2789                 si_core_disable(bus->sih, 0);
2790                 if (bcmsdh_regfail(bus->sdh)) {
2791                         bcmerror = BCME_SDIO_ERROR;
2792                         goto fail;
2793                 }
2794
2795                 if (!(si_setcore(bus->sih, SOCRAM_CORE_ID, 0))) {
2796                         DHD_ERROR(("%s: Failed to find SOCRAM core!\n", __FUNCTION__));
2797                         bcmerror = BCME_ERROR;
2798                         goto fail;
2799                 }
2800
2801                 si_core_reset(bus->sih, 0, 0);
2802                 if (bcmsdh_regfail(bus->sdh)) {
2803                         DHD_ERROR(("%s: Failure trying reset SOCRAM core?\n", __FUNCTION__));
2804                         bcmerror = BCME_SDIO_ERROR;
2805                         goto fail;
2806                 }
2807
2808                 /* Clear the top bit of memory */
2809                 if (bus->ramsize) {
2810                         uint32 zeros = 0;
2811                         if (dhdsdio_membytes(bus, TRUE, bus->ramsize - 4, (uint8*)&zeros, 4) < 0) {
2812                                 bcmerror = BCME_SDIO_ERROR;
2813                                 goto fail;
2814                         }
2815                 }
2816         } else {
2817                 if (!(si_setcore(bus->sih, SOCRAM_CORE_ID, 0))) {
2818                         DHD_ERROR(("%s: Failed to find SOCRAM core!\n", __FUNCTION__));
2819                         bcmerror = BCME_ERROR;
2820                         goto fail;
2821                 }
2822
2823                 if (!si_iscoreup(bus->sih)) {
2824                         DHD_ERROR(("%s: SOCRAM core is down after reset?\n", __FUNCTION__));
2825                         bcmerror = BCME_ERROR;
2826                         goto fail;
2827                 }
2828
2829                 if ((bcmerror = dhdsdio_write_vars(bus))) {
2830                         DHD_ERROR(("%s: could not write vars to RAM\n", __FUNCTION__));
2831                         goto fail;
2832                 }
2833
2834                 if (!si_setcore(bus->sih, PCMCIA_CORE_ID, 0) &&
2835                     !si_setcore(bus->sih, SDIOD_CORE_ID, 0)) {
2836                         DHD_ERROR(("%s: Can't change back to SDIO core?\n", __FUNCTION__));
2837                         bcmerror = BCME_ERROR;
2838                         goto fail;
2839                 }
2840                 W_SDREG(0xFFFFFFFF, &bus->regs->intstatus, retries);
2841
2842
2843                 if (!(si_setcore(bus->sih, ARM7S_CORE_ID, 0)) &&
2844                     !(si_setcore(bus->sih, ARMCM3_CORE_ID, 0))) {
2845                         DHD_ERROR(("%s: Failed to find ARM core!\n", __FUNCTION__));
2846                         bcmerror = BCME_ERROR;
2847                         goto fail;
2848                 }
2849
2850                 si_core_reset(bus->sih, 0, 0);
2851                 if (bcmsdh_regfail(bus->sdh)) {
2852                         DHD_ERROR(("%s: Failure trying to reset ARM core?\n", __FUNCTION__));
2853                         bcmerror = BCME_SDIO_ERROR;
2854                         goto fail;
2855                 }
2856
2857                 /* Allow HT Clock now that the ARM is running. */
2858                 bus->alp_only = FALSE;
2859
2860                 bus->dhd->busstate = DHD_BUS_LOAD;
2861         }
2862
2863 fail:
2864         /* Always return to SDIOD core */
2865         if (!si_setcore(bus->sih, PCMCIA_CORE_ID, 0))
2866                 si_setcore(bus->sih, SDIOD_CORE_ID, 0);
2867
2868         return bcmerror;
2869 }
2870
2871 int
2872 dhd_bus_iovar_op(dhd_pub_t *dhdp, const char *name,
2873                  void *params, int plen, void *arg, int len, bool set)
2874 {
2875         dhd_bus_t *bus = dhdp->bus;
2876         const bcm_iovar_t *vi = NULL;
2877         int bcmerror = 0;
2878         int val_size;
2879         uint32 actionid;
2880
2881         DHD_TRACE(("%s: Enter\n", __FUNCTION__));
2882
2883         ASSERT(name);
2884         ASSERT(len >= 0);
2885
2886         /* Get MUST have return space */
2887         ASSERT(set || (arg && len));
2888
2889         /* Set does NOT take qualifiers */
2890         ASSERT(!set || (!params && !plen));
2891
2892         /* Look up var locally; if not found pass to host driver */
2893         if ((vi = bcm_iovar_lookup(dhdsdio_iovars, name)) == NULL) {
2894                 dhd_os_sdlock(bus->dhd);
2895
2896                 BUS_WAKE(bus);
2897
2898                 /* Turn on clock in case SD command needs backplane */
2899                 dhdsdio_clkctl(bus, CLK_AVAIL, FALSE);
2900
2901                 bcmerror = bcmsdh_iovar_op(bus->sdh, name, params, plen, arg, len, set);
2902
2903                 /* Check for bus configuration changes of interest */
2904
2905                 /* If it was divisor change, read the new one */
2906                 if (set && strcmp(name, "sd_divisor") == 0) {
2907                         if (bcmsdh_iovar_op(bus->sdh, "sd_divisor", NULL, 0,
2908                                             &bus->sd_divisor, sizeof(int32), FALSE) != BCME_OK) {
2909                                 bus->sd_divisor = -1;
2910                                 DHD_ERROR(("%s: fail on %s get\n", __FUNCTION__, name));
2911                         } else {
2912                                 DHD_INFO(("%s: noted %s update, value now %d\n",
2913                                           __FUNCTION__, name, bus->sd_divisor));
2914                         }
2915                 }
2916                 /* If it was a mode change, read the new one */
2917                 if (set && strcmp(name, "sd_mode") == 0) {
2918                         if (bcmsdh_iovar_op(bus->sdh, "sd_mode", NULL, 0,
2919                                             &bus->sd_mode, sizeof(int32), FALSE) != BCME_OK) {
2920                                 bus->sd_mode = -1;
2921                                 DHD_ERROR(("%s: fail on %s get\n", __FUNCTION__, name));
2922                         } else {
2923                                 DHD_INFO(("%s: noted %s update, value now %d\n",
2924                                           __FUNCTION__, name, bus->sd_mode));
2925                         }
2926                 }
2927                 /* Similar check for blocksize change */
2928                 if (set && strcmp(name, "sd_blocksize") == 0) {
2929                         int32 fnum = 2;
2930                         if (bcmsdh_iovar_op(bus->sdh, "sd_blocksize", &fnum, sizeof(int32),
2931                                             &bus->blocksize, sizeof(int32), FALSE) != BCME_OK) {
2932                                 bus->blocksize = 0;
2933                                 DHD_ERROR(("%s: fail on %s get\n", __FUNCTION__, "sd_blocksize"));
2934                         } else {
2935                                 DHD_INFO(("%s: noted %s update, value now %d\n",
2936                                           __FUNCTION__, "sd_blocksize", bus->blocksize));
2937                         }
2938                 }
2939                 bus->roundup = MIN(max_roundup, bus->blocksize);
2940
2941                 if ((bus->idletime == DHD_IDLE_IMMEDIATE) && !bus->dpc_sched) {
2942                         bus->activity = FALSE;
2943                         dhdsdio_clkctl(bus, CLK_NONE, TRUE);
2944                 }
2945
2946                 dhd_os_sdunlock(bus->dhd);
2947                 goto exit;
2948         }
2949
2950         DHD_CTL(("%s: %s %s, len %d plen %d\n", __FUNCTION__,
2951                  name, (set ? "set" : "get"), len, plen));
2952
2953         /* set up 'params' pointer in case this is a set command so that
2954          * the convenience int and bool code can be common to set and get
2955          */
2956         if (params == NULL) {
2957                 params = arg;
2958                 plen = len;
2959         }
2960
2961         if (vi->type == IOVT_VOID)
2962                 val_size = 0;
2963         else if (vi->type == IOVT_BUFFER)
2964                 val_size = len;
2965         else
2966                 /* all other types are integer sized */
2967                 val_size = sizeof(int);
2968
2969         actionid = set ? IOV_SVAL(vi->varid) : IOV_GVAL(vi->varid);
2970         bcmerror = dhdsdio_doiovar(bus, vi, actionid, name, params, plen, arg, len, val_size);
2971
2972 exit:
2973         return bcmerror;
2974 }
2975
2976 void
2977 dhd_bus_stop(struct dhd_bus *bus, bool enforce_mutex)
2978 {
2979         osl_t *osh;
2980         uint32 local_hostintmask;
2981         uint8 saveclk;
2982         uint retries;
2983         int err;
2984         if (!bus->dhd)
2985                 return;
2986
2987         osh = bus->dhd->osh;
2988         DHD_TRACE(("%s: Enter\n", __FUNCTION__));
2989
2990         bcmsdh_waitlockfree(NULL);
2991
2992         if (enforce_mutex)
2993                 dhd_os_sdlock(bus->dhd);
2994
2995         BUS_WAKE(bus);
2996
2997         /* Change our idea of bus state */
2998         bus->dhd->busstate = DHD_BUS_DOWN;
2999
3000         /* Enable clock for device interrupts */
3001         dhdsdio_clkctl(bus, CLK_AVAIL, FALSE);
3002
3003         /* Disable and clear interrupts at the chip level also */
3004         W_SDREG(0, &bus->regs->hostintmask, retries);
3005         local_hostintmask = bus->hostintmask;
3006         bus->hostintmask = 0;
3007
3008         /* Force clocks on backplane to be sure F2 interrupt propagates */
3009         saveclk = bcmsdh_cfg_read(bus->sdh, SDIO_FUNC_1, SBSDIO_FUNC1_CHIPCLKCSR, &err);
3010         if (!err) {
3011                 bcmsdh_cfg_write(bus->sdh, SDIO_FUNC_1, SBSDIO_FUNC1_CHIPCLKCSR,
3012                                  (saveclk | SBSDIO_FORCE_HT), &err);
3013         }
3014         if (err) {
3015                 DHD_ERROR(("%s: Failed to force clock for F2: err %d\n", __FUNCTION__, err));
3016         }
3017
3018         /* Turn off the bus (F2), free any pending packets */
3019         DHD_INTR(("%s: disable SDIO interrupts\n", __FUNCTION__));
3020         bcmsdh_intr_disable(bus->sdh);
3021         bcmsdh_cfg_write(bus->sdh, SDIO_FUNC_0, SDIOD_CCCR_IOEN, SDIO_FUNC_ENABLE_1, NULL);
3022
3023         /* Clear any pending interrupts now that F2 is disabled */
3024         W_SDREG(local_hostintmask, &bus->regs->intstatus, retries);
3025
3026         /* Turn off the backplane clock (only) */
3027         dhdsdio_clkctl(bus, CLK_SDONLY, FALSE);
3028
3029         /* Clear the data packet queues */
3030         pktq_flush(osh, &bus->txq, TRUE, NULL, 0);
3031
3032         /* Clear any held glomming stuff */
3033         if (bus->glomd)
3034                 PKTFREE(osh, bus->glomd, FALSE);
3035
3036         if (bus->glom)
3037                 PKTFREE(osh, bus->glom, FALSE);
3038
3039         bus->glom = bus->glomd = NULL;
3040
3041         /* Clear rx control and wake any waiters */
3042         bus->rxlen = 0;
3043         dhd_os_ioctl_resp_wake(bus->dhd);
3044
3045         /* Reset some F2 state stuff */
3046         bus->rxskip = FALSE;
3047         bus->tx_seq = bus->rx_seq = 0;
3048
3049         if (enforce_mutex)
3050                 dhd_os_sdunlock(bus->dhd);
3051 }
3052
3053 int
3054 dhd_bus_init(dhd_pub_t *dhdp, bool enforce_mutex)
3055 {
3056         dhd_bus_t *bus = dhdp->bus;
3057         dhd_timeout_t tmo;
3058         uint retries = 0;
3059         uint8 ready, enable;
3060         int err, ret = 0;
3061         uint8 saveclk;
3062
3063         DHD_TRACE(("%s: Enter\n", __FUNCTION__));
3064
3065         ASSERT(bus->dhd);
3066         if (!bus->dhd)
3067                 return 0;
3068
3069         if (enforce_mutex)
3070                 dhd_os_sdlock(bus->dhd);
3071
3072         /* Make sure backplane clock is on, needed to generate F2 interrupt */
3073         dhdsdio_clkctl(bus, CLK_AVAIL, FALSE);
3074         if (bus->clkstate != CLK_AVAIL) {
3075                 DHD_ERROR(("%s: clock state is wrong. state = %d\n", __FUNCTION__, bus->clkstate));
3076                 goto exit;
3077         }
3078
3079
3080         /* Force clocks on backplane to be sure F2 interrupt propagates */
3081         saveclk = bcmsdh_cfg_read(bus->sdh, SDIO_FUNC_1, SBSDIO_FUNC1_CHIPCLKCSR, &err);
3082         if (!err) {
3083                 bcmsdh_cfg_write(bus->sdh, SDIO_FUNC_1, SBSDIO_FUNC1_CHIPCLKCSR,
3084                                  (saveclk | SBSDIO_FORCE_HT), &err);
3085         }
3086         if (err) {
3087                 DHD_ERROR(("%s: Failed to force clock for F2: err %d\n", __FUNCTION__, err));
3088                 goto exit;
3089         }
3090
3091         /* Enable function 2 (frame transfers) */
3092         W_SDREG((SDPCM_PROT_VERSION << SMB_DATA_VERSION_SHIFT),
3093                 &bus->regs->tosbmailboxdata, retries);
3094         enable = (SDIO_FUNC_ENABLE_1 | SDIO_FUNC_ENABLE_2);
3095
3096         bcmsdh_cfg_write(bus->sdh, SDIO_FUNC_0, SDIOD_CCCR_IOEN, enable, NULL);
3097
3098         /* Give the dongle some time to do its thing and set IOR2 */
3099         dhd_timeout_start(&tmo, DHD_WAIT_F2RDY * 1000);
3100
3101         ready = 0;
3102         while (ready != enable && !dhd_timeout_expired(&tmo))
3103                 ready = bcmsdh_cfg_read(bus->sdh, SDIO_FUNC_0, SDIOD_CCCR_IORDY, NULL);
3104
3105
3106         DHD_INFO(("%s: enable 0x%02x, ready 0x%02x (waited %uus)\n",
3107                   __FUNCTION__, enable, ready, tmo.elapsed));
3108
3109
3110         /* If F2 successfully enabled, set core and enable interrupts */
3111         if (ready == enable) {
3112                 /* Make sure we're talking to the core. */
3113                 if (!(bus->regs = si_setcore(bus->sih, PCMCIA_CORE_ID, 0)))
3114                         bus->regs = si_setcore(bus->sih, SDIOD_CORE_ID, 0);
3115                 ASSERT(bus->regs != NULL);
3116
3117                 /* Set up the interrupt mask and enable interrupts */
3118                 bus->hostintmask = HOSTINTMASK;
3119                 /* corerev 4 could use the newer interrupt logic to detect the frames */
3120                 if ((bus->sih->buscoretype == SDIOD_CORE_ID) && (bus->sdpcmrev == 4) &&
3121                         (bus->rxint_mode != SDIO_DEVICE_HMB_RXINT)) {
3122                         bus->hostintmask &= ~I_HMB_FRAME_IND;
3123                         bus->hostintmask |= I_XMTDATA_AVAIL;
3124                 }
3125                 W_SDREG(bus->hostintmask, &bus->regs->hostintmask, retries);
3126
3127                 bcmsdh_cfg_write(bus->sdh, SDIO_FUNC_1, SBSDIO_WATERMARK, (uint8)watermark, &err);
3128
3129                 /* Set bus state according to enable result */
3130                 dhdp->busstate = DHD_BUS_DATA;
3131
3132                 /* bcmsdh_intr_unmask(bus->sdh); */
3133
3134                 bus->intdis = FALSE;
3135                 if (bus->intr) {
3136                         DHD_INTR(("%s: enable SDIO device interrupts\n", __FUNCTION__));
3137                         bcmsdh_intr_enable(bus->sdh);
3138                 } else {
3139                         DHD_INTR(("%s: disable SDIO interrupts\n", __FUNCTION__));
3140                         bcmsdh_intr_disable(bus->sdh);
3141                 }
3142
3143         }
3144
3145
3146         else {
3147                 /* Disable F2 again */
3148                 enable = SDIO_FUNC_ENABLE_1;
3149                 bcmsdh_cfg_write(bus->sdh, SDIO_FUNC_0, SDIOD_CCCR_IOEN, enable, NULL);
3150         }
3151
3152         /* Restore previous clock setting */
3153         bcmsdh_cfg_write(bus->sdh, SDIO_FUNC_1, SBSDIO_FUNC1_CHIPCLKCSR, saveclk, &err);
3154
3155
3156         /* If we didn't come up, turn off backplane clock */
3157         if (dhdp->busstate != DHD_BUS_DATA)
3158                 dhdsdio_clkctl(bus, CLK_NONE, FALSE);
3159
3160 exit:
3161         if (enforce_mutex)
3162                 dhd_os_sdunlock(bus->dhd);
3163
3164         return ret;
3165 }
3166
3167 static void
3168 dhdsdio_rxfail(dhd_bus_t *bus, bool abort, bool rtx)
3169 {
3170         bcmsdh_info_t *sdh = bus->sdh;
3171         sdpcmd_regs_t *regs = bus->regs;
3172         uint retries = 0;
3173         uint16 lastrbc;
3174         uint8 hi, lo;
3175         int err;
3176
3177         DHD_ERROR(("%s: %sterminate frame%s\n", __FUNCTION__,
3178                    (abort ? "abort command, " : ""), (rtx ? ", send NAK" : "")));
3179
3180         if (abort) {
3181                 bcmsdh_abort(sdh, SDIO_FUNC_2);
3182         }
3183
3184         bcmsdh_cfg_write(sdh, SDIO_FUNC_1, SBSDIO_FUNC1_FRAMECTRL, SFC_RF_TERM, &err);
3185         bus->f1regdata++;
3186
3187         /* Wait until the packet has been flushed (device/FIFO stable) */
3188         for (lastrbc = retries = 0xffff; retries > 0; retries--) {
3189                 hi = bcmsdh_cfg_read(sdh, SDIO_FUNC_1, SBSDIO_FUNC1_RFRAMEBCHI, NULL);
3190                 lo = bcmsdh_cfg_read(sdh, SDIO_FUNC_1, SBSDIO_FUNC1_RFRAMEBCLO, NULL);
3191                 bus->f1regdata += 2;
3192
3193                 if ((hi == 0) && (lo == 0))
3194                         break;
3195
3196                 if ((hi > (lastrbc >> 8)) && (lo > (lastrbc & 0x00ff))) {
3197                         DHD_ERROR(("%s: count growing: last 0x%04x now 0x%04x\n",
3198                                    __FUNCTION__, lastrbc, ((hi << 8) + lo)));
3199                 }
3200                 lastrbc = (hi << 8) + lo;
3201         }
3202
3203         if (!retries) {
3204                 DHD_ERROR(("%s: count never zeroed: last 0x%04x\n", __FUNCTION__, lastrbc));
3205         } else {
3206                 DHD_INFO(("%s: flush took %d iterations\n", __FUNCTION__, (0xffff - retries)));
3207         }
3208
3209         if (rtx) {
3210                 bus->rxrtx++;
3211                 W_SDREG(SMB_NAK, &regs->tosbmailbox, retries);
3212                 bus->f1regdata++;
3213                 if (retries <= retry_limit) {
3214                         bus->rxskip = TRUE;
3215                 }
3216         }
3217
3218         /* Clear partial in any case */
3219         bus->nextlen = 0;
3220
3221         /* If we can't reach the device, signal failure */
3222         if (err || bcmsdh_regfail(sdh))
3223                 bus->dhd->busstate = DHD_BUS_DOWN;
3224 }
3225
3226 static void
3227 dhdsdio_read_control(dhd_bus_t *bus, uint8 *hdr, uint len, uint doff)
3228 {
3229         bcmsdh_info_t *sdh = bus->sdh;
3230         uint rdlen, pad;
3231
3232         int sdret;
3233
3234         DHD_TRACE(("%s: Enter\n", __FUNCTION__));
3235
3236         /* Control data already received in aligned rxctl */
3237         if ((bus->bus == SPI_BUS) && (!bus->usebufpool))
3238                 goto gotpkt;
3239
3240         ASSERT(bus->rxbuf);
3241         /* Set rxctl for frame (w/optional alignment) */
3242         bus->rxctl = bus->rxbuf;
3243         if (dhd_alignctl) {
3244                 bus->rxctl += firstread;
3245                 if ((pad = ((uintptr)bus->rxctl % DHD_SDALIGN)))
3246                         bus->rxctl += (DHD_SDALIGN - pad);
3247                 bus->rxctl -= firstread;
3248         }
3249         ASSERT(bus->rxctl >= bus->rxbuf);
3250
3251         /* Copy the already-read portion over */
3252         bcopy(hdr, bus->rxctl, firstread);
3253         if (len <= firstread)
3254                 goto gotpkt;
3255
3256         /* Copy the full data pkt in gSPI case and process ioctl. */
3257         if (bus->bus == SPI_BUS) {
3258                 bcopy(hdr, bus->rxctl, len);
3259                 goto gotpkt;
3260         }
3261
3262         /* Raise rdlen to next SDIO block to avoid tail command */
3263         rdlen = len - firstread;
3264         if (bus->roundup && bus->blocksize && (rdlen > bus->blocksize)) {
3265                 pad = bus->blocksize - (rdlen % bus->blocksize);
3266                 if ((pad <= bus->roundup) && (pad < bus->blocksize) &&
3267                     ((len + pad) < bus->dhd->maxctl))
3268                         rdlen += pad;
3269         } else if (rdlen % DHD_SDALIGN) {
3270                 rdlen += DHD_SDALIGN - (rdlen % DHD_SDALIGN);
3271         }
3272
3273         /* Satisfy length-alignment requirements */
3274         if (forcealign && (rdlen & (ALIGNMENT - 1)))
3275                 rdlen = ROUNDUP(rdlen, ALIGNMENT);
3276
3277         /* Drop if the read is too big or it exceeds our maximum */
3278         if ((rdlen + firstread) > bus->dhd->maxctl) {
3279                 DHD_ERROR(("%s: %d-byte control read exceeds %d-byte buffer\n",
3280                            __FUNCTION__, rdlen, bus->dhd->maxctl));
3281                 bus->dhd->rx_errors++;
3282                 dhdsdio_rxfail(bus, FALSE, FALSE);
3283                 goto done;
3284         }
3285
3286         if ((len - doff) > bus->dhd->maxctl) {
3287                 DHD_ERROR(("%s: %d-byte ctl frame (%d-byte ctl data) exceeds %d-byte limit\n",
3288                            __FUNCTION__, len, (len - doff), bus->dhd->maxctl));
3289                 bus->dhd->rx_errors++; bus->rx_toolong++;
3290                 dhdsdio_rxfail(bus, FALSE, FALSE);
3291                 goto done;
3292         }
3293
3294
3295         /* Read remainder of frame body into the rxctl buffer */
3296         sdret = dhd_bcmsdh_recv_buf(bus, bcmsdh_cur_sbwad(sdh), SDIO_FUNC_2, F2SYNC,
3297                                     (bus->rxctl + firstread), rdlen, NULL, NULL, NULL);
3298         bus->f2rxdata++;
3299         ASSERT(sdret != BCME_PENDING);
3300
3301         /* Control frame failures need retransmission */
3302         if (sdret < 0) {
3303                 DHD_ERROR(("%s: read %d control bytes failed: %d\n", __FUNCTION__, rdlen, sdret));
3304                 bus->rxc_errors++; /* dhd.rx_ctlerrs is higher level */
3305                 dhdsdio_rxfail(bus, TRUE, TRUE);
3306                 goto done;
3307         }
3308
3309 gotpkt:
3310
3311 #ifdef DHD_DEBUG
3312         if (DHD_BYTES_ON() && DHD_CTL_ON()) {
3313                 prhex("RxCtrl", bus->rxctl, len);
3314         }
3315 #endif
3316
3317         /* Point to valid data and indicate its length */
3318         bus->rxctl += doff;
3319         bus->rxlen = len - doff;
3320
3321 done:
3322         /* Awake any waiters */
3323         dhd_os_ioctl_resp_wake(bus->dhd);
3324 }
3325
3326 static uint8
3327 dhdsdio_rxglom(dhd_bus_t *bus, uint8 rxseq)
3328 {
3329         uint16 dlen, totlen;
3330         uint8 *dptr, num = 0;
3331
3332         uint16 sublen, check;
3333         void *pfirst, *plast, *pnext, *save_pfirst;
3334         osl_t *osh = bus->dhd->osh;
3335
3336         int errcode;
3337         uint8 chan, seq, doff, sfdoff;
3338         uint8 txmax;
3339
3340         int ifidx = 0;
3341         bool usechain = bus->use_rxchain;
3342
3343         /* If packets, issue read(s) and send up packet chain */
3344         /* Return sequence numbers consumed? */
3345
3346         DHD_TRACE(("dhdsdio_rxglom: start: glomd %p glom %p\n", bus->glomd, bus->glom));
3347
3348         /* If there's a descriptor, generate the packet chain */
3349         if (bus->glomd) {
3350                 dhd_os_sdlock_rxq(bus->dhd);
3351
3352                 pfirst = plast = pnext = NULL;
3353                 dlen = (uint16)PKTLEN(osh, bus->glomd);
3354                 dptr = PKTDATA(osh, bus->glomd);
3355                 if (!dlen || (dlen & 1)) {
3356                         DHD_ERROR(("%s: bad glomd len (%d), ignore descriptor\n",
3357                                    __FUNCTION__, dlen));
3358                         dlen = 0;
3359                 }
3360
3361                 for (totlen = num = 0; dlen; num++) {
3362                         /* Get (and move past) next length */
3363                         sublen = ltoh16_ua(dptr);
3364                         dlen -= sizeof(uint16);
3365                         dptr += sizeof(uint16);
3366                         if ((sublen < SDPCM_HDRLEN) ||
3367                             ((num == 0) && (sublen < (2 * SDPCM_HDRLEN)))) {
3368                                 DHD_ERROR(("%s: descriptor len %d bad: %d\n",
3369                                            __FUNCTION__, num, sublen));
3370                                 pnext = NULL;
3371                                 break;
3372                         }
3373                         if (sublen % DHD_SDALIGN) {
3374                                 DHD_ERROR(("%s: sublen %d not a multiple of %d\n",
3375                                            __FUNCTION__, sublen, DHD_SDALIGN));
3376                                 usechain = FALSE;
3377                         }
3378                         totlen += sublen;
3379
3380                         /* For last frame, adjust read len so total is a block multiple */
3381                         if (!dlen) {
3382                                 sublen += (ROUNDUP(totlen, bus->blocksize) - totlen);
3383                                 totlen = ROUNDUP(totlen, bus->blocksize);
3384                         }
3385
3386                         /* Allocate/chain packet for next subframe */
3387                         if ((pnext = PKTGET(osh, sublen + DHD_SDALIGN, FALSE)) == NULL) {
3388                                 DHD_ERROR(("%s: PKTGET failed, num %d len %d\n",
3389                                            __FUNCTION__, num, sublen));
3390                                 break;
3391                         }
3392                         ASSERT(!PKTLINK(pnext));
3393                         if (!pfirst) {
3394                                 ASSERT(!plast);
3395                                 pfirst = plast = pnext;
3396                         } else {
3397                                 ASSERT(plast);
3398                                 PKTSETNEXT(osh, plast, pnext);
3399                                 plast = pnext;
3400                         }
3401
3402                         /* Adhere to start alignment requirements */
3403                         PKTALIGN(osh, pnext, sublen, DHD_SDALIGN);
3404                 }
3405
3406                 /* If all allocations succeeded, save packet chain in bus structure */
3407                 if (pnext) {
3408                         DHD_GLOM(("%s: allocated %d-byte packet chain for %d subframes\n",
3409                                   __FUNCTION__, totlen, num));
3410                         if (DHD_GLOM_ON() && bus->nextlen) {
3411                                 if (totlen != bus->nextlen) {
3412                                         DHD_GLOM(("%s: glomdesc mismatch: nextlen %d glomdesc %d "
3413                                                   "rxseq %d\n", __FUNCTION__, bus->nextlen,
3414                                                   totlen, rxseq));
3415                                 }
3416                         }
3417                         bus->glom = pfirst;
3418                         pfirst = pnext = NULL;
3419                 } else {
3420                         if (pfirst)
3421                                 PKTFREE(osh, pfirst, FALSE);
3422                         bus->glom = NULL;
3423                         num = 0;
3424                 }
3425
3426                 /* Done with descriptor packet */
3427                 PKTFREE(osh, bus->glomd, FALSE);
3428                 bus->glomd = NULL;
3429                 bus->nextlen = 0;
3430
3431                 dhd_os_sdunlock_rxq(bus->dhd);
3432         }
3433
3434         /* Ok -- either we just generated a packet chain, or had one from before */
3435         if (bus->glom) {
3436                 if (DHD_GLOM_ON()) {
3437                         DHD_GLOM(("%s: attempt superframe read, packet chain:\n", __FUNCTION__));
3438                         for (pnext = bus->glom; pnext; pnext = PKTNEXT(osh, pnext)) {
3439                                 DHD_GLOM(("    %p: %p len 0x%04x (%d)\n",
3440                                           pnext, (uint8*)PKTDATA(osh, pnext),
3441                                           PKTLEN(osh, pnext), PKTLEN(osh, pnext)));
3442                         }
3443                 }
3444
3445                 pfirst = bus->glom;
3446                 dlen = (uint16)pkttotlen(osh, pfirst);
3447
3448                 /* Do an SDIO read for the superframe.  Configurable iovar to
3449                  * read directly into the chained packet, or allocate a large
3450                  * packet and and copy into the chain.
3451                  */
3452                 if (usechain) {
3453                         errcode = dhd_bcmsdh_recv_buf(bus,
3454                                                       bcmsdh_cur_sbwad(bus->sdh), SDIO_FUNC_2,
3455                                                       F2SYNC, (uint8*)PKTDATA(osh, pfirst),
3456                                                       dlen, pfirst, NULL, NULL);
3457                 } else if (bus->dataptr) {
3458                         errcode = dhd_bcmsdh_recv_buf(bus,
3459                                                       bcmsdh_cur_sbwad(bus->sdh), SDIO_FUNC_2,
3460                                                       F2SYNC, bus->dataptr,
3461                                                       dlen, NULL, NULL, NULL);
3462                         sublen = (uint16)pktfrombuf(osh, pfirst, 0, dlen, bus->dataptr);
3463                         if (sublen != dlen) {
3464                                 DHD_ERROR(("%s: FAILED TO COPY, dlen %d sublen %d\n",
3465                                            __FUNCTION__, dlen, sublen));
3466                                 errcode = -1;
3467                         }
3468                         pnext = NULL;
3469                 } else {
3470                         DHD_ERROR(("COULDN'T ALLOC %d-BYTE GLOM, FORCE FAILURE\n", dlen));
3471                         errcode = -1;
3472                 }
3473                 bus->f2rxdata++;
3474                 ASSERT(errcode != BCME_PENDING);
3475
3476                 /* On failure, kill the superframe, allow a couple retries */
3477                 if (errcode < 0) {
3478                         DHD_ERROR(("%s: glom read of %d bytes failed: %d\n",
3479                                    __FUNCTION__, dlen, errcode));
3480                         bus->dhd->rx_errors++;
3481
3482                         if (bus->glomerr++ < 3) {
3483                                 dhdsdio_rxfail(bus, TRUE, TRUE);
3484                         } else {
3485                                 bus->glomerr = 0;
3486                                 dhdsdio_rxfail(bus, TRUE, FALSE);
3487                                 dhd_os_sdlock_rxq(bus->dhd);
3488                                 PKTFREE(osh, bus->glom, FALSE);
3489                                 dhd_os_sdunlock_rxq(bus->dhd);
3490                                 bus->rxglomfail++;
3491                                 bus->glom = NULL;
3492                         }
3493                         return 0;
3494                 }
3495
3496 #ifdef DHD_DEBUG
3497                 if (DHD_GLOM_ON()) {
3498                         prhex("SUPERFRAME", PKTDATA(osh, pfirst),
3499                               MIN(PKTLEN(osh, pfirst), 48));
3500                 }
3501 #endif
3502
3503
3504                 /* Validate the superframe header */
3505                 dptr = (uint8 *)PKTDATA(osh, pfirst);
3506                 sublen = ltoh16_ua(dptr);
3507                 check = ltoh16_ua(dptr + sizeof(uint16));
3508
3509                 chan = SDPCM_PACKET_CHANNEL(&dptr[SDPCM_FRAMETAG_LEN]);
3510                 seq = SDPCM_PACKET_SEQUENCE(&dptr[SDPCM_FRAMETAG_LEN]);
3511                 bus->nextlen = dptr[SDPCM_FRAMETAG_LEN + SDPCM_NEXTLEN_OFFSET];
3512                 if ((bus->nextlen << 4) > MAX_RX_DATASZ) {
3513                         DHD_INFO(("%s: got frame w/nextlen too large (%d) seq %d\n",
3514                                   __FUNCTION__, bus->nextlen, seq));
3515                         bus->nextlen = 0;
3516                 }
3517                 doff = SDPCM_DOFFSET_VALUE(&dptr[SDPCM_FRAMETAG_LEN]);
3518                 txmax = SDPCM_WINDOW_VALUE(&dptr[SDPCM_FRAMETAG_LEN]);
3519
3520                 errcode = 0;
3521                 if ((uint16)~(sublen^check)) {
3522                         DHD_ERROR(("%s (superframe): HW hdr error: len/check 0x%04x/0x%04x\n",
3523                                    __FUNCTION__, sublen, check));
3524                         errcode = -1;
3525                 } else if (ROUNDUP(sublen, bus->blocksize) != dlen) {
3526                         DHD_ERROR(("%s (superframe): len 0x%04x, rounded 0x%04x, expect 0x%04x\n",
3527                                    __FUNCTION__, sublen, ROUNDUP(sublen, bus->blocksize), dlen));
3528                         errcode = -1;
3529                 } else if (SDPCM_PACKET_CHANNEL(&dptr[SDPCM_FRAMETAG_LEN]) != SDPCM_GLOM_CHANNEL) {
3530                         DHD_ERROR(("%s (superframe): bad channel %d\n", __FUNCTION__,
3531                                    SDPCM_PACKET_CHANNEL(&dptr[SDPCM_FRAMETAG_LEN])));
3532                         errcode = -1;
3533                 } else if (SDPCM_GLOMDESC(&dptr[SDPCM_FRAMETAG_LEN])) {
3534                         DHD_ERROR(("%s (superframe): got second descriptor?\n", __FUNCTION__));
3535                         errcode = -1;
3536                 } else if ((doff < SDPCM_HDRLEN) ||
3537                            (doff > (PKTLEN(osh, pfirst) - SDPCM_HDRLEN))) {
3538                         DHD_ERROR(("%s (superframe): Bad data offset %d: HW %d pkt %d min %d\n",
3539                                    __FUNCTION__, doff, sublen, PKTLEN(osh, pfirst), SDPCM_HDRLEN));
3540                         errcode = -1;
3541                 }
3542
3543                 /* Check sequence number of superframe SW header */
3544                 if (rxseq != seq) {
3545                         DHD_INFO(("%s: (superframe) rx_seq %d, expected %d\n",
3546                                   __FUNCTION__, seq, rxseq));
3547                         bus->rx_badseq++;
3548                         rxseq = seq;
3549                 }
3550
3551                 /* Check window for sanity */
3552                 if ((uint8)(txmax - bus->tx_seq) > 0x40) {
3553                         DHD_ERROR(("%s: got unlikely tx max %d with tx_seq %d\n",
3554                                    __FUNCTION__, txmax, bus->tx_seq));
3555                         txmax = bus->tx_seq + 2;
3556                 }
3557                 bus->tx_max = txmax;
3558
3559                 /* Remove superframe header, remember offset */
3560                 PKTPULL(osh, pfirst, doff);
3561                 sfdoff = doff;
3562
3563                 /* Validate all the subframe headers */
3564                 for (num = 0, pnext = pfirst; pnext && !errcode;
3565                      num++, pnext = PKTNEXT(osh, pnext)) {
3566                         dptr = (uint8 *)PKTDATA(osh, pnext);
3567                         dlen = (uint16)PKTLEN(osh, pnext);
3568                         sublen = ltoh16_ua(dptr);
3569                         check = ltoh16_ua(dptr + sizeof(uint16));
3570                         chan = SDPCM_PACKET_CHANNEL(&dptr[SDPCM_FRAMETAG_LEN]);
3571                         doff = SDPCM_DOFFSET_VALUE(&dptr[SDPCM_FRAMETAG_LEN]);
3572 #ifdef DHD_DEBUG
3573                         if (DHD_GLOM_ON()) {
3574                                 prhex("subframe", dptr, 32);
3575                         }
3576 #endif
3577
3578                         if ((uint16)~(sublen^check)) {
3579                                 DHD_ERROR(("%s (subframe %d): HW hdr error: "
3580                                            "len/check 0x%04x/0x%04x\n",
3581                                            __FUNCTION__, num, sublen, check));
3582                                 errcode = -1;
3583                         } else if ((sublen > dlen) || (sublen < SDPCM_HDRLEN)) {
3584                                 DHD_ERROR(("%s (subframe %d): length mismatch: "
3585                                            "len 0x%04x, expect 0x%04x\n",
3586                                            __FUNCTION__, num, sublen, dlen));
3587                                 errcode = -1;
3588                         } else if ((chan != SDPCM_DATA_CHANNEL) &&
3589                                    (chan != SDPCM_EVENT_CHANNEL)) {
3590                                 DHD_ERROR(("%s (subframe %d): bad channel %d\n",
3591                                            __FUNCTION__, num, chan));
3592                                 errcode = -1;
3593                         } else if ((doff < SDPCM_HDRLEN) || (doff > sublen)) {
3594                                 DHD_ERROR(("%s (subframe %d): Bad data offset %d: HW %d min %d\n",
3595                                            __FUNCTION__, num, doff, sublen, SDPCM_HDRLEN));
3596                                 errcode = -1;
3597                         }
3598                 }
3599
3600                 if (errcode) {
3601                         /* Terminate frame on error, request a couple retries */
3602                         if (bus->glomerr++ < 3) {
3603                                 /* Restore superframe header space */
3604                                 PKTPUSH(osh, pfirst, sfdoff);
3605                                 dhdsdio_rxfail(bus, TRUE, TRUE);
3606                         } else {
3607                                 bus->glomerr = 0;
3608                                 dhdsdio_rxfail(bus, TRUE, FALSE);
3609                                 dhd_os_sdlock_rxq(bus->dhd);
3610                                 PKTFREE(osh, bus->glom, FALSE);
3611                                 dhd_os_sdunlock_rxq(bus->dhd);
3612                                 bus->rxglomfail++;
3613                                 bus->glom = NULL;
3614                         }
3615                         bus->nextlen = 0;
3616                         return 0;
3617                 }
3618
3619                 /* Basic SD framing looks ok - process each packet (header) */
3620                 save_pfirst = pfirst;
3621                 bus->glom = NULL;
3622                 plast = NULL;
3623
3624                 dhd_os_sdlock_rxq(bus->dhd);
3625                 for (num = 0; pfirst; rxseq++, pfirst = pnext) {
3626                         pnext = PKTNEXT(osh, pfirst);
3627                         PKTSETNEXT(osh, pfirst, NULL);
3628
3629                         dptr = (uint8 *)PKTDATA(osh, pfirst);
3630                         sublen = ltoh16_ua(dptr);
3631                         chan = SDPCM_PACKET_CHANNEL(&dptr[SDPCM_FRAMETAG_LEN]);
3632                         seq = SDPCM_PACKET_SEQUENCE(&dptr[SDPCM_FRAMETAG_LEN]);
3633                         doff = SDPCM_DOFFSET_VALUE(&dptr[SDPCM_FRAMETAG_LEN]);
3634
3635                         DHD_GLOM(("%s: Get subframe %d, %p(%p/%d), sublen %d chan %d seq %d\n",
3636                                   __FUNCTION__, num, pfirst, PKTDATA(osh, pfirst),
3637                                   PKTLEN(osh, pfirst), sublen, chan, seq));
3638
3639                         ASSERT((chan == SDPCM_DATA_CHANNEL) || (chan == SDPCM_EVENT_CHANNEL));
3640
3641                         if (rxseq != seq) {
3642                                 DHD_GLOM(("%s: rx_seq %d, expected %d\n",
3643                                           __FUNCTION__, seq, rxseq));
3644                                 bus->rx_badseq++;
3645                                 rxseq = seq;
3646                         }
3647
3648 #ifdef DHD_DEBUG
3649                         if (DHD_BYTES_ON() && DHD_DATA_ON()) {
3650                                 prhex("Rx Subframe Data", dptr, dlen);
3651                         }
3652 #endif
3653
3654                         PKTSETLEN(osh, pfirst, sublen);
3655                         PKTPULL(osh, pfirst, doff);
3656
3657                         if (PKTLEN(osh, pfirst) == 0) {
3658                                 PKTFREE(bus->dhd->osh, pfirst, FALSE);
3659                                 if (plast) {
3660                                         PKTSETNEXT(osh, plast, pnext);
3661                                 } else {
3662                                         ASSERT(save_pfirst == pfirst);
3663                                         save_pfirst = pnext;
3664                                 }
3665                                 continue;
3666                         } else if (dhd_prot_hdrpull(bus->dhd, &ifidx, pfirst) != 0) {
3667                                 DHD_ERROR(("%s: rx protocol error\n", __FUNCTION__));
3668                                 bus->dhd->rx_errors++;
3669                                 PKTFREE(osh, pfirst, FALSE);
3670                                 if (plast) {
3671                                         PKTSETNEXT(osh, plast, pnext);
3672                                 } else {
3673                                         ASSERT(save_pfirst == pfirst);
3674                                         save_pfirst = pnext;
3675                                 }
3676                                 continue;
3677                         }
3678
3679                         /* this packet will go up, link back into chain and count it */
3680                         PKTSETNEXT(osh, pfirst, pnext);
3681                         plast = pfirst;
3682                         num++;
3683
3684 #ifdef DHD_DEBUG
3685                         if (DHD_GLOM_ON()) {
3686                                 DHD_GLOM(("%s subframe %d to stack, %p(%p/%d) nxt/lnk %p/%p\n",
3687                                           __FUNCTION__, num, pfirst,
3688                                           PKTDATA(osh, pfirst), PKTLEN(osh, pfirst),
3689                                           PKTNEXT(osh, pfirst), PKTLINK(pfirst)));
3690                                 prhex("", (uint8 *)PKTDATA(osh, pfirst),
3691                                       MIN(PKTLEN(osh, pfirst), 32));
3692                         }
3693 #endif /* DHD_DEBUG */
3694                 }
3695                 dhd_os_sdunlock_rxq(bus->dhd);
3696                 if (num) {
3697                         dhd_os_sdunlock(bus->dhd);
3698                         dhd_rx_frame(bus->dhd, ifidx, save_pfirst, num, 0);
3699                         dhd_os_sdlock(bus->dhd);
3700                 }
3701
3702                 bus->rxglomframes++;
3703                 bus->rxglompkts += num;
3704         }
3705         return num;
3706 }
3707
3708 /* Return TRUE if there may be more frames to read */
3709 static uint
3710 dhdsdio_readframes(dhd_bus_t *bus, uint maxframes, bool *finished)
3711 {
3712         osl_t *osh = bus->dhd->osh;
3713         bcmsdh_info_t *sdh = bus->sdh;
3714
3715         uint16 len, check;      /* Extracted hardware header fields */
3716         uint8 chan, seq, doff;  /* Extracted software header fields */
3717         uint8 fcbits;           /* Extracted fcbits from software header */
3718         uint8 delta;
3719
3720         void *pkt;      /* Packet for event or data frames */
3721         uint16 pad;     /* Number of pad bytes to read */
3722         uint16 rdlen;   /* Total number of bytes to read */
3723         uint8 rxseq;    /* Next sequence number to expect */
3724         uint rxleft = 0;        /* Remaining number of frames allowed */
3725         int sdret;      /* Return code from bcmsdh calls */
3726         uint8 txmax;    /* Maximum tx sequence offered */
3727         bool len_consistent; /* Result of comparing readahead len and len from hw-hdr */
3728         uint8 *rxbuf;
3729         int ifidx = 0;
3730         uint rxcount = 0; /* Total frames read */
3731
3732 #if defined(DHD_DEBUG) || defined(SDTEST)
3733         bool sdtest = FALSE;    /* To limit message spew from test mode */
3734 #endif
3735
3736         DHD_TRACE(("%s: Enter\n", __FUNCTION__));
3737
3738         ASSERT(maxframes);
3739
3740 #ifdef SDTEST
3741         /* Allow pktgen to override maxframes */
3742         if (bus->pktgen_count && (bus->pktgen_mode == DHD_PKTGEN_RECV)) {
3743                 maxframes = bus->pktgen_count;
3744                 sdtest = TRUE;
3745         }
3746 #endif
3747
3748         /* Not finished unless we encounter no more frames indication */
3749         *finished = FALSE;
3750
3751
3752         for (rxseq = bus->rx_seq, rxleft = maxframes;
3753              !bus->rxskip && rxleft && bus->dhd->busstate != DHD_BUS_DOWN;
3754              rxseq++, rxleft--) {
3755
3756                 /* Handle glomming separately */
3757                 if (bus->glom || bus->glomd) {
3758                         uint8 cnt;
3759                         DHD_GLOM(("%s: calling rxglom: glomd %p, glom %p\n",
3760                                   __FUNCTION__, bus->glomd, bus->glom));
3761                         cnt = dhdsdio_rxglom(bus, rxseq);
3762                         DHD_GLOM(("%s: rxglom returned %d\n", __FUNCTION__, cnt));
3763                         rxseq += cnt - 1;
3764                         rxleft = (rxleft > cnt) ? (rxleft - cnt) : 1;
3765                         continue;
3766                 }
3767
3768                 /* Try doing single read if we can */
3769                 if (dhd_readahead && bus->nextlen) {
3770                         uint16 nextlen = bus->nextlen;
3771                         bus->nextlen = 0;
3772
3773                         if (bus->bus == SPI_BUS) {
3774                                 rdlen = len = nextlen;
3775                         }
3776                         else {
3777                                 rdlen = len = nextlen << 4;
3778
3779                                 /* Pad read to blocksize for efficiency */
3780                                 if (bus->roundup && bus->blocksize && (rdlen > bus->blocksize)) {
3781                                         pad = bus->blocksize - (rdlen % bus->blocksize);
3782                                         if ((pad <= bus->roundup) && (pad < bus->blocksize) &&
3783                                                 ((rdlen + pad + firstread) < MAX_RX_DATASZ))
3784                                                 rdlen += pad;
3785                                 } else if (rdlen % DHD_SDALIGN) {
3786                                         rdlen += DHD_SDALIGN - (rdlen % DHD_SDALIGN);
3787                                 }
3788                         }
3789
3790                         /* We use bus->rxctl buffer in WinXP for initial control pkt receives.
3791                          * Later we use buffer-poll for data as well as control packets.
3792                          * This is required because dhd receives full frame in gSPI unlike SDIO.
3793                          * After the frame is received we have to distinguish whether it is data
3794                          * or non-data frame.
3795                          */
3796                         /* Allocate a packet buffer */
3797                         dhd_os_sdlock_rxq(bus->dhd);
3798                         if (!(pkt = PKTGET(osh, rdlen + DHD_SDALIGN, FALSE))) {
3799                                 if (bus->bus == SPI_BUS) {
3800                                         bus->usebufpool = FALSE;
3801                                         bus->rxctl = bus->rxbuf;
3802                                         if (dhd_alignctl) {
3803                                                 bus->rxctl += firstread;
3804                                                 if ((pad = ((uintptr)bus->rxctl % DHD_SDALIGN)))
3805                                                         bus->rxctl += (DHD_SDALIGN - pad);
3806                                                 bus->rxctl -= firstread;
3807                                         }
3808                                         ASSERT(bus->rxctl >= bus->rxbuf);
3809                                         rxbuf = bus->rxctl;
3810                                         /* Read the entire frame */
3811                                         sdret = dhd_bcmsdh_recv_buf(bus,
3812                                                                     bcmsdh_cur_sbwad(sdh),
3813                                                                     SDIO_FUNC_2,
3814                                                                     F2SYNC, rxbuf, rdlen,
3815                                                                     NULL, NULL, NULL);
3816                                         bus->f2rxdata++;
3817                                         ASSERT(sdret != BCME_PENDING);
3818
3819
3820                                         /* Control frame failures need retransmission */
3821                                         if (sdret < 0) {
3822                                                 DHD_ERROR(("%s: read %d control bytes failed: %d\n",
3823                                                    __FUNCTION__, rdlen, sdret));
3824                                                 /* dhd.rx_ctlerrs is higher level */
3825                                                 bus->rxc_errors++;
3826                                                 dhd_os_sdunlock_rxq(bus->dhd);
3827                                                 dhdsdio_rxfail(bus, TRUE,
3828                                                     (bus->bus == SPI_BUS) ? FALSE : TRUE);
3829                                                 continue;
3830                                         }
3831                                 } else {
3832                                         /* Give up on data, request rtx of events */
3833                                         DHD_ERROR(("%s (nextlen): PKTGET failed: len %d rdlen %d "
3834                                                    "expected rxseq %d\n",
3835                                                    __FUNCTION__, len, rdlen, rxseq));
3836                                         /* Just go try again w/normal header read */
3837                                         dhd_os_sdunlock_rxq(bus->dhd);
3838                                         continue;
3839                                 }
3840                         } else {
3841                                 if (bus->bus == SPI_BUS)
3842                                         bus->usebufpool = TRUE;
3843
3844                                 ASSERT(!PKTLINK(pkt));
3845                                 PKTALIGN(osh, pkt, rdlen, DHD_SDALIGN);
3846                                 rxbuf = (uint8 *)PKTDATA(osh, pkt);
3847                                 /* Read the entire frame */
3848                                 sdret = dhd_bcmsdh_recv_buf(bus, bcmsdh_cur_sbwad(sdh),
3849                                                             SDIO_FUNC_2,
3850                                                             F2SYNC, rxbuf, rdlen,
3851                                                             pkt, NULL, NULL);
3852                                 bus->f2rxdata++;
3853                                 ASSERT(sdret != BCME_PENDING);
3854
3855                                 if (sdret < 0) {
3856                                         DHD_ERROR(("%s (nextlen): read %d bytes failed: %d\n",
3857                                            __FUNCTION__, rdlen, sdret));
3858                                         PKTFREE(bus->dhd->osh, pkt, FALSE);
3859                                         bus->dhd->rx_errors++;
3860                                         dhd_os_sdunlock_rxq(bus->dhd);
3861                                         /* Force retry w/normal header read.  Don't attempt NAK for
3862                                          * gSPI
3863                                          */
3864                                         dhdsdio_rxfail(bus, TRUE,
3865                                               (bus->bus == SPI_BUS) ? FALSE : TRUE);
3866                                         continue;
3867                                 }
3868                         }
3869                         dhd_os_sdunlock_rxq(bus->dhd);
3870
3871                         /* Now check the header */
3872                         bcopy(rxbuf, bus->rxhdr, SDPCM_HDRLEN);
3873
3874                         /* Extract hardware header fields */
3875                         len = ltoh16_ua(bus->rxhdr);
3876                         check = ltoh16_ua(bus->rxhdr + sizeof(uint16));
3877
3878                         /* All zeros means readahead info was bad */
3879                         if (!(len|check)) {
3880                                 DHD_INFO(("%s (nextlen): read zeros in HW header???\n",
3881                                            __FUNCTION__));
3882                                 dhd_os_sdlock_rxq(bus->dhd);
3883                                 PKTFREE2();
3884                                 dhd_os_sdunlock_rxq(bus->dhd);
3885                                 GSPI_PR55150_BAILOUT;
3886                                 continue;
3887                         }
3888
3889                         /* Validate check bytes */
3890                         if ((uint16)~(len^check)) {
3891                                 DHD_ERROR(("%s (nextlen): HW hdr error: nextlen/len/check"
3892                                            " 0x%04x/0x%04x/0x%04x\n", __FUNCTION__, nextlen,
3893                                            len, check));
3894                                 dhd_os_sdlock_rxq(bus->dhd);
3895                                 PKTFREE2();
3896                                 dhd_os_sdunlock_rxq(bus->dhd);
3897                                 bus->rx_badhdr++;
3898                                 dhdsdio_rxfail(bus, FALSE, FALSE);
3899                                 GSPI_PR55150_BAILOUT;
3900                                 continue;
3901                         }
3902
3903                         /* Validate frame length */
3904                         if (len < SDPCM_HDRLEN) {
3905                                 DHD_ERROR(("%s (nextlen): HW hdr length invalid: %d\n",
3906                                            __FUNCTION__, len));
3907                                 dhd_os_sdlock_rxq(bus->dhd);
3908                                 PKTFREE2();
3909                                 dhd_os_sdunlock_rxq(bus->dhd);
3910                                 GSPI_PR55150_BAILOUT;
3911                                 continue;
3912                         }
3913
3914                         /* Check for consistency with readahead info */
3915                                 len_consistent = (nextlen != (ROUNDUP(len, 16) >> 4));
3916                         if (len_consistent) {
3917                                 /* Mismatch, force retry w/normal header (may be >4K) */
3918                                 DHD_ERROR(("%s (nextlen): mismatch, nextlen %d len %d rnd %d; "
3919                                            "expected rxseq %d\n",
3920                                            __FUNCTION__, nextlen, len, ROUNDUP(len, 16), rxseq));
3921                                 dhd_os_sdlock_rxq(bus->dhd);
3922                                 PKTFREE2();
3923                                 dhd_os_sdunlock_rxq(bus->dhd);
3924                                 dhdsdio_rxfail(bus, TRUE, (bus->bus == SPI_BUS) ? FALSE : TRUE);
3925                                 GSPI_PR55150_BAILOUT;
3926                                 continue;
3927                         }
3928
3929
3930                         /* Extract software header fields */
3931                         chan = SDPCM_PACKET_CHANNEL(&bus->rxhdr[SDPCM_FRAMETAG_LEN]);
3932                         seq = SDPCM_PACKET_SEQUENCE(&bus->rxhdr[SDPCM_FRAMETAG_LEN]);
3933                         doff = SDPCM_DOFFSET_VALUE(&bus->rxhdr[SDPCM_FRAMETAG_LEN]);
3934                         txmax = SDPCM_WINDOW_VALUE(&bus->rxhdr[SDPCM_FRAMETAG_LEN]);
3935
3936                                 bus->nextlen =
3937                                          bus->rxhdr[SDPCM_FRAMETAG_LEN + SDPCM_NEXTLEN_OFFSET];
3938                                 if ((bus->nextlen << 4) > MAX_RX_DATASZ) {
3939                                         DHD_INFO(("%s (nextlen): got frame w/nextlen too large"
3940                                                   " (%d), seq %d\n", __FUNCTION__, bus->nextlen,
3941                                                   seq));
3942                                         bus->nextlen = 0;
3943                                 }
3944
3945                                 bus->dhd->rx_readahead_cnt ++;
3946                         /* Handle Flow Control */
3947                         fcbits = SDPCM_FCMASK_VALUE(&bus->rxhdr[SDPCM_FRAMETAG_LEN]);
3948
3949                         delta = 0;
3950                         if (~bus->flowcontrol & fcbits) {
3951                                 bus->fc_xoff++;
3952                                 delta = 1;
3953                         }
3954                         if (bus->flowcontrol & ~fcbits) {
3955                                 bus->fc_xon++;
3956                                 delta = 1;
3957                         }
3958
3959                         if (delta) {
3960                                 bus->fc_rcvd++;
3961                                 bus->flowcontrol = fcbits;
3962                         }
3963
3964                         /* Check and update sequence number */
3965                         if (rxseq != seq) {
3966                                 DHD_INFO(("%s (nextlen): rx_seq %d, expected %d\n",
3967                                           __FUNCTION__, seq, rxseq));
3968                                 bus->rx_badseq++;
3969                                 rxseq = seq;
3970                         }
3971
3972                         /* Check window for sanity */
3973                         if ((uint8)(txmax - bus->tx_seq) > 0x40) {
3974                                         DHD_ERROR(("%s: got unlikely tx max %d with tx_seq %d\n",
3975                                                 __FUNCTION__, txmax, bus->tx_seq));
3976                                         txmax = bus->tx_seq + 2;
3977                         }
3978                         bus->tx_max = txmax;
3979
3980 #ifdef DHD_DEBUG
3981                         if (DHD_BYTES_ON() && DHD_DATA_ON()) {
3982                                 prhex("Rx Data", rxbuf, len);
3983                         } else if (DHD_HDRS_ON()) {
3984                                 prhex("RxHdr", bus->rxhdr, SDPCM_HDRLEN);
3985                         }
3986 #endif
3987
3988                         if (chan == SDPCM_CONTROL_CHANNEL) {
3989                                 if (bus->bus == SPI_BUS) {
3990                                         dhdsdio_read_control(bus, rxbuf, len, doff);
3991                                         if (bus->usebufpool) {
3992                                                 dhd_os_sdlock_rxq(bus->dhd);
3993                                                 PKTFREE(bus->dhd->osh, pkt, FALSE);
3994                                                 dhd_os_sdunlock_rxq(bus->dhd);
3995                                         }
3996                                         continue;
3997                                 } else {
3998                                         DHD_ERROR(("%s (nextlen): readahead on control"
3999                                                    " packet %d?\n", __FUNCTION__, seq));
4000                                         /* Force retry w/normal header read */
4001                                         bus->nextlen = 0;
4002                                         dhdsdio_rxfail(bus, FALSE, TRUE);
4003                                         dhd_os_sdlock_rxq(bus->dhd);
4004                                         PKTFREE2();
4005                                         dhd_os_sdunlock_rxq(bus->dhd);
4006                                         continue;
4007                                 }
4008                         }
4009
4010                         if ((bus->bus == SPI_BUS) && !bus->usebufpool) {
4011                                 DHD_ERROR(("Received %d bytes on %d channel. Running out of "
4012                                            "rx pktbuf's or not yet malloced.\n", len, chan));
4013                                 continue;
4014                         }
4015
4016                         /* Validate data offset */
4017                         if ((doff < SDPCM_HDRLEN) || (doff > len)) {
4018                                 DHD_ERROR(("%s (nextlen): bad data offset %d: HW len %d min %d\n",
4019                                            __FUNCTION__, doff, len, SDPCM_HDRLEN));
4020                                 dhd_os_sdlock_rxq(bus->dhd);
4021                                 PKTFREE2();
4022                                 dhd_os_sdunlock_rxq(bus->dhd);
4023                                 ASSERT(0);
4024                                 dhdsdio_rxfail(bus, FALSE, FALSE);
4025                                 continue;
4026                         }
4027
4028                         /* All done with this one -- now deliver the packet */
4029                         goto deliver;
4030                 }
4031                 /* gSPI frames should not be handled in fractions */
4032                 if (bus->bus == SPI_BUS) {
4033                         break;
4034                 }
4035
4036                 /* Read frame header (hardware and software) */
4037                 sdret = dhd_bcmsdh_recv_buf(bus, bcmsdh_cur_sbwad(sdh), SDIO_FUNC_2, F2SYNC,
4038                                             bus->rxhdr, firstread, NULL, NULL, NULL);
4039                 bus->f2rxhdrs++;
4040                 ASSERT(sdret != BCME_PENDING);
4041
4042                 if (sdret < 0) {
4043                         DHD_ERROR(("%s: RXHEADER FAILED: %d\n", __FUNCTION__, sdret));
4044                         bus->rx_hdrfail++;
4045                         dhdsdio_rxfail(bus, TRUE, TRUE);
4046                         continue;
4047                 }
4048
4049 #ifdef DHD_DEBUG
4050                 if (DHD_BYTES_ON() || DHD_HDRS_ON()) {
4051                         prhex("RxHdr", bus->rxhdr, SDPCM_HDRLEN);
4052                 }
4053 #endif
4054
4055                 /* Extract hardware header fields */
4056                 len = ltoh16_ua(bus->rxhdr);
4057                 check = ltoh16_ua(bus->rxhdr + sizeof(uint16));
4058
4059                 /* All zeros means no more frames */
4060                 if (!(len|check)) {
4061                         *finished = TRUE;
4062                         break;
4063                 }
4064
4065                 /* Validate check bytes */
4066                 if ((uint16)~(len^check)) {
4067                         DHD_ERROR(("%s: HW hdr error: len/check 0x%04x/0x%04x\n",
4068                                    __FUNCTION__, len, check));
4069                         bus->rx_badhdr++;
4070                         dhdsdio_rxfail(bus, FALSE, FALSE);
4071                         continue;
4072                 }
4073
4074                 /* Validate frame length */
4075                 if (len < SDPCM_HDRLEN) {
4076                         DHD_ERROR(("%s: HW hdr length invalid: %d\n", __FUNCTION__, len));
4077                         continue;
4078                 }
4079
4080                 /* Extract software header fields */
4081                 chan = SDPCM_PACKET_CHANNEL(&bus->rxhdr[SDPCM_FRAMETAG_LEN]);
4082                 seq = SDPCM_PACKET_SEQUENCE(&bus->rxhdr[SDPCM_FRAMETAG_LEN]);
4083                 doff = SDPCM_DOFFSET_VALUE(&bus->rxhdr[SDPCM_FRAMETAG_LEN]);
4084                 txmax = SDPCM_WINDOW_VALUE(&bus->rxhdr[SDPCM_FRAMETAG_LEN]);
4085
4086                 /* Validate data offset */
4087                 if ((doff < SDPCM_HDRLEN) || (doff > len)) {
4088                         DHD_ERROR(("%s: Bad data offset %d: HW len %d, min %d seq %d\n",
4089                                    __FUNCTION__, doff, len, SDPCM_HDRLEN, seq));
4090                         bus->rx_badhdr++;
4091                         ASSERT(0);
4092                         dhdsdio_rxfail(bus, FALSE, FALSE);
4093                         continue;
4094                 }
4095
4096                 /* Save the readahead length if there is one */
4097                 bus->nextlen = bus->rxhdr[SDPCM_FRAMETAG_LEN + SDPCM_NEXTLEN_OFFSET];
4098                 if ((bus->nextlen << 4) > MAX_RX_DATASZ) {
4099                         DHD_INFO(("%s (nextlen): got frame w/nextlen too large (%d), seq %d\n",
4100                                   __FUNCTION__, bus->nextlen, seq));
4101                         bus->nextlen = 0;
4102                 }
4103
4104                 /* Handle Flow Control */
4105                 fcbits = SDPCM_FCMASK_VALUE(&bus->rxhdr[SDPCM_FRAMETAG_LEN]);
4106
4107                 delta = 0;
4108                 if (~bus->flowcontrol & fcbits) {
4109                         bus->fc_xoff++;
4110                         delta = 1;
4111                 }
4112                 if (bus->flowcontrol & ~fcbits) {
4113                         bus->fc_xon++;
4114                         delta = 1;
4115                 }
4116
4117                 if (delta) {
4118                         bus->fc_rcvd++;
4119                         bus->flowcontrol = fcbits;
4120                 }
4121
4122                 /* Check and update sequence number */
4123                 if (rxseq != seq) {
4124                         DHD_INFO(("%s: rx_seq %d, expected %d\n", __FUNCTION__, seq, rxseq));
4125                         bus->rx_badseq++;
4126                         rxseq = seq;
4127                 }
4128
4129                 /* Check window for sanity */
4130                 if ((uint8)(txmax - bus->tx_seq) > 0x40) {
4131                         DHD_ERROR(("%s: got unlikely tx max %d with tx_seq %d\n",
4132                                    __FUNCTION__, txmax, bus->tx_seq));
4133                         txmax = bus->tx_seq + 2;
4134                 }
4135                 bus->tx_max = txmax;
4136
4137                 /* Call a separate function for control frames */
4138                 if (chan == SDPCM_CONTROL_CHANNEL) {
4139                         dhdsdio_read_control(bus, bus->rxhdr, len, doff);
4140                         continue;
4141                 }
4142
4143                 ASSERT((chan == SDPCM_DATA_CHANNEL) || (chan == SDPCM_EVENT_CHANNEL) ||
4144                        (chan == SDPCM_TEST_CHANNEL) || (chan == SDPCM_GLOM_CHANNEL));
4145
4146                 /* Length to read */
4147                 rdlen = (len > firstread) ? (len - firstread) : 0;
4148
4149                 /* May pad read to blocksize for efficiency */
4150                 if (bus->roundup && bus->blocksize && (rdlen > bus->blocksize)) {
4151                         pad = bus->blocksize - (rdlen % bus->blocksize);
4152                         if ((pad <= bus->roundup) && (pad < bus->blocksize) &&
4153                             ((rdlen + pad + firstread) < MAX_RX_DATASZ))
4154                                 rdlen += pad;
4155                 } else if (rdlen % DHD_SDALIGN) {
4156                         rdlen += DHD_SDALIGN - (rdlen % DHD_SDALIGN);
4157                 }
4158
4159                 /* Satisfy length-alignment requirements */
4160                 if (forcealign && (rdlen & (ALIGNMENT - 1)))
4161                         rdlen = ROUNDUP(rdlen, ALIGNMENT);
4162
4163                 if ((rdlen + firstread) > MAX_RX_DATASZ) {
4164                         /* Too long -- skip this frame */
4165                         DHD_ERROR(("%s: too long: len %d rdlen %d\n", __FUNCTION__, len, rdlen));
4166                         bus->dhd->rx_errors++; bus->rx_toolong++;
4167                         dhdsdio_rxfail(bus, FALSE, FALSE);
4168                         continue;
4169                 }
4170
4171                 dhd_os_sdlock_rxq(bus->dhd);
4172                 if (!(pkt = PKTGET(osh, (rdlen + firstread + DHD_SDALIGN), FALSE))) {
4173                         /* Give up on data, request rtx of events */
4174                         DHD_ERROR(("%s: PKTGET failed: rdlen %d chan %d\n",
4175                                    __FUNCTION__, rdlen, chan));
4176                         bus->dhd->rx_dropped++;
4177                         dhd_os_sdunlock_rxq(bus->dhd);
4178                         dhdsdio_rxfail(bus, FALSE, RETRYCHAN(chan));
4179                         continue;
4180                 }
4181                 dhd_os_sdunlock_rxq(bus->dhd);
4182
4183                 ASSERT(!PKTLINK(pkt));
4184
4185                 /* Leave room for what we already read, and align remainder */
4186                 ASSERT(firstread < (PKTLEN(osh, pkt)));
4187                 PKTPULL(osh, pkt, firstread);
4188                 PKTALIGN(osh, pkt, rdlen, DHD_SDALIGN);
4189
4190                 /* Read the remaining frame data */
4191                 sdret = dhd_bcmsdh_recv_buf(bus, bcmsdh_cur_sbwad(sdh), SDIO_FUNC_2, F2SYNC,
4192                                             ((uint8 *)PKTDATA(osh, pkt)), rdlen, pkt, NULL, NULL);
4193                 bus->f2rxdata++;
4194                 ASSERT(sdret != BCME_PENDING);
4195
4196                 if (sdret < 0) {
4197                         DHD_ERROR(("%s: read %d %s bytes failed: %d\n", __FUNCTION__, rdlen,
4198                                    ((chan == SDPCM_EVENT_CHANNEL) ? "event" :
4199                                     ((chan == SDPCM_DATA_CHANNEL) ? "data" : "test")), sdret));
4200                         dhd_os_sdlock_rxq(bus->dhd);
4201                         PKTFREE(bus->dhd->osh, pkt, FALSE);
4202                         dhd_os_sdunlock_rxq(bus->dhd);
4203                         bus->dhd->rx_errors++;
4204                         dhdsdio_rxfail(bus, TRUE, RETRYCHAN(chan));
4205                         continue;
4206                 }
4207
4208                 /* Copy the already-read portion */
4209                 PKTPUSH(osh, pkt, firstread);
4210                 bcopy(bus->rxhdr, PKTDATA(osh, pkt), firstread);
4211
4212 #ifdef DHD_DEBUG
4213                 if (DHD_BYTES_ON() && DHD_DATA_ON()) {
4214                         prhex("Rx Data", PKTDATA(osh, pkt), len);
4215                 }
4216 #endif
4217
4218 deliver:
4219                 /* Save superframe descriptor and allocate packet frame */
4220                 if (chan == SDPCM_GLOM_CHANNEL) {
4221                         if (SDPCM_GLOMDESC(&bus->rxhdr[SDPCM_FRAMETAG_LEN])) {
4222                                 DHD_GLOM(("%s: got glom descriptor, %d bytes:\n",
4223                                           __FUNCTION__, len));
4224 #ifdef DHD_DEBUG
4225                                 if (DHD_GLOM_ON()) {
4226                                         prhex("Glom Data", PKTDATA(osh, pkt), len);
4227                                 }
4228 #endif
4229                                 PKTSETLEN(osh, pkt, len);
4230                                 ASSERT(doff == SDPCM_HDRLEN);
4231                                 PKTPULL(osh, pkt, SDPCM_HDRLEN);
4232                                 bus->glomd = pkt;
4233                         } else {
4234                                 DHD_ERROR(("%s: glom superframe w/o descriptor!\n", __FUNCTION__));
4235                                 dhdsdio_rxfail(bus, FALSE, FALSE);
4236                         }
4237                         continue;
4238                 }
4239
4240                 /* Fill in packet len and prio, deliver upward */
4241                 PKTSETLEN(osh, pkt, len);
4242                 PKTPULL(osh, pkt, doff);
4243
4244 #ifdef SDTEST
4245                 /* Test channel packets are processed separately */
4246                 if (chan == SDPCM_TEST_CHANNEL) {
4247                         dhdsdio_testrcv(bus, pkt, seq);
4248                         continue;
4249                 }
4250 #endif /* SDTEST */
4251
4252                 if (PKTLEN(osh, pkt) == 0) {
4253                         dhd_os_sdlock_rxq(bus->dhd);
4254                         PKTFREE(bus->dhd->osh, pkt, FALSE);
4255                         dhd_os_sdunlock_rxq(bus->dhd);
4256                         continue;
4257                 } else if (dhd_prot_hdrpull(bus->dhd, &ifidx, pkt) != 0) {
4258                         DHD_ERROR(("%s: rx protocol error\n", __FUNCTION__));
4259                         dhd_os_sdlock_rxq(bus->dhd);
4260                         PKTFREE(bus->dhd->osh, pkt, FALSE);
4261                         dhd_os_sdunlock_rxq(bus->dhd);
4262                         bus->dhd->rx_errors++;
4263                         continue;
4264                 }
4265
4266
4267                 /* Unlock during rx call */
4268                 dhd_os_sdunlock(bus->dhd);
4269                 dhd_rx_frame(bus->dhd, ifidx, pkt, 1, chan);
4270                 dhd_os_sdlock(bus->dhd);
4271         }
4272         rxcount = maxframes - rxleft;
4273 #ifdef DHD_DEBUG
4274         /* Message if we hit the limit */
4275         if (!rxleft && !sdtest)
4276                 DHD_DATA(("%s: hit rx limit of %d frames\n", __FUNCTION__, maxframes));
4277         else
4278 #endif /* DHD_DEBUG */
4279         DHD_DATA(("%s: processed %d frames\n", __FUNCTION__, rxcount));
4280         /* Back off rxseq if awaiting rtx, update rx_seq */
4281         if (bus->rxskip)
4282                 rxseq--;
4283         bus->rx_seq = rxseq;
4284
4285         return rxcount;
4286 }
4287
4288 static uint32
4289 dhdsdio_hostmail(dhd_bus_t *bus)
4290 {
4291         sdpcmd_regs_t *regs = bus->regs;
4292         uint32 intstatus = 0;
4293         uint32 hmb_data;
4294         uint8 fcbits;
4295         uint retries = 0;
4296
4297         DHD_TRACE(("%s: Enter\n", __FUNCTION__));
4298
4299         /* Read mailbox data and ack that we did so */
4300         R_SDREG(hmb_data, &regs->tohostmailboxdata, retries);
4301         if (retries <= retry_limit)
4302                 W_SDREG(SMB_INT_ACK, &regs->tosbmailbox, retries);
4303         bus->f1regdata += 2;
4304
4305         /* Dongle recomposed rx frames, accept them again */
4306         if (hmb_data & HMB_DATA_NAKHANDLED) {
4307                 DHD_INFO(("Dongle reports NAK handled, expect rtx of %d\n", bus->rx_seq));
4308                 if (!bus->rxskip) {
4309                         DHD_ERROR(("%s: unexpected NAKHANDLED!\n", __FUNCTION__));
4310                 }
4311                 bus->rxskip = FALSE;
4312                 intstatus |= FRAME_AVAIL_MASK(bus);
4313         }
4314
4315         /*
4316          * DEVREADY does not occur with gSPI.
4317          */
4318         if (hmb_data & (HMB_DATA_DEVREADY | HMB_DATA_FWREADY)) {
4319                 bus->sdpcm_ver = (hmb_data & HMB_DATA_VERSION_MASK) >> HMB_DATA_VERSION_SHIFT;
4320                 if (bus->sdpcm_ver != SDPCM_PROT_VERSION)
4321                         DHD_ERROR(("Version mismatch, dongle reports %d, expecting %d\n",
4322                                    bus->sdpcm_ver, SDPCM_PROT_VERSION));
4323                 else
4324                         DHD_INFO(("Dongle ready, protocol version %d\n", bus->sdpcm_ver));
4325                 /* make sure for the SDIO_DEVICE_RXDATAINT_MODE_1 corecontrol is proper */
4326                 if ((bus->sih->buscoretype == SDIOD_CORE_ID) && (bus->sdpcmrev >= 4) &&
4327                     (bus->rxint_mode  == SDIO_DEVICE_RXDATAINT_MODE_1)) {
4328                         uint32 val;
4329
4330                         val = R_REG(bus->dhd->osh, &bus->regs->corecontrol);
4331                         val &= ~CC_XMTDATAAVAIL_MODE;
4332                         val |= CC_XMTDATAAVAIL_CTRL;
4333                         W_REG(bus->dhd->osh, &bus->regs->corecontrol, val);
4334
4335                         val = R_REG(bus->dhd->osh, &bus->regs->corecontrol);
4336                 }
4337
4338 #ifdef DHD_DEBUG
4339                 /* Retrieve console state address now that firmware should have updated it */
4340                 {
4341                         sdpcm_shared_t shared;
4342                         if (dhdsdio_readshared(bus, &shared) == 0)
4343                                 bus->console_addr = shared.console_addr;
4344                 }
4345 #endif /* DHD_DEBUG */
4346         }
4347
4348         /*
4349          * Flow Control has been moved into the RX headers and this out of band
4350          * method isn't used any more.  Leave this here for possibly remaining backward
4351          * compatible with older dongles
4352          */
4353         if (hmb_data & HMB_DATA_FC) {
4354                 fcbits = (hmb_data & HMB_DATA_FCDATA_MASK) >> HMB_DATA_FCDATA_SHIFT;
4355
4356                 if (fcbits & ~bus->flowcontrol)
4357                         bus->fc_xoff++;
4358                 if (bus->flowcontrol & ~fcbits)
4359                         bus->fc_xon++;
4360
4361                 bus->fc_rcvd++;
4362                 bus->flowcontrol = fcbits;
4363         }
4364
4365
4366         /* Shouldn't be any others */
4367         if (hmb_data & ~(HMB_DATA_DEVREADY |
4368                          HMB_DATA_FWHALT |
4369                          HMB_DATA_NAKHANDLED |
4370                          HMB_DATA_FC |
4371                          HMB_DATA_FWREADY |
4372                          HMB_DATA_FCDATA_MASK |
4373                          HMB_DATA_VERSION_MASK)) {
4374                 DHD_ERROR(("Unknown mailbox data content: 0x%02x\n", hmb_data));
4375         }
4376
4377         return intstatus;
4378 }
4379
4380 static bool
4381 dhdsdio_dpc(dhd_bus_t *bus)
4382 {
4383         bcmsdh_info_t *sdh = bus->sdh;
4384         sdpcmd_regs_t *regs = bus->regs;
4385         uint32 intstatus, newstatus = 0;
4386         uint retries = 0;
4387         uint rxlimit = dhd_rxbound; /* Rx frames to read before resched */
4388         uint txlimit = dhd_txbound; /* Tx frames to send before resched */
4389         uint framecnt = 0;                /* Temporary counter of tx/rx frames */
4390         bool rxdone = TRUE;               /* Flag for no more read data */
4391         bool resched = FALSE;     /* Flag indicating resched wanted */
4392
4393         DHD_TRACE(("%s: Enter\n", __FUNCTION__));
4394
4395         if (bus->dhd->busstate == DHD_BUS_DOWN) {
4396                 DHD_ERROR(("%s: Bus down, ret\n", __FUNCTION__));
4397                 bus->intstatus = 0;
4398                 return 0;
4399         }
4400
4401         /* Start with leftover status bits */
4402         intstatus = bus->intstatus;
4403
4404         dhd_os_sdlock(bus->dhd);
4405
4406         /* If waiting for HTAVAIL, check status */
4407         if (bus->clkstate == CLK_PENDING) {
4408                 int err;
4409                 uint8 clkctl, devctl = 0;
4410
4411 #ifdef DHD_DEBUG
4412                 /* Check for inconsistent device control */
4413                 devctl = bcmsdh_cfg_read(sdh, SDIO_FUNC_1, SBSDIO_DEVICE_CTL, &err);
4414                 if (err) {
4415                         DHD_ERROR(("%s: error reading DEVCTL: %d\n", __FUNCTION__, err));
4416                         bus->dhd->busstate = DHD_BUS_DOWN;
4417                 } else {
4418                         ASSERT(devctl & SBSDIO_DEVCTL_CA_INT_ONLY);
4419                 }
4420 #endif /* DHD_DEBUG */
4421
4422                 /* Read CSR, if clock on switch to AVAIL, else ignore */
4423                 clkctl = bcmsdh_cfg_read(sdh, SDIO_FUNC_1, SBSDIO_FUNC1_CHIPCLKCSR, &err);
4424                 if (err) {
4425                         DHD_ERROR(("%s: error reading CSR: %d\n", __FUNCTION__, err));
4426                         bus->dhd->busstate = DHD_BUS_DOWN;
4427                 }
4428
4429                 DHD_INFO(("DPC: PENDING, devctl 0x%02x clkctl 0x%02x\n", devctl, clkctl));
4430
4431                 if (SBSDIO_HTAV(clkctl)) {
4432                         devctl = bcmsdh_cfg_read(sdh, SDIO_FUNC_1, SBSDIO_DEVICE_CTL, &err);
4433                         if (err) {
4434                                 DHD_ERROR(("%s: error reading DEVCTL: %d\n",
4435                                            __FUNCTION__, err));
4436                                 bus->dhd->busstate = DHD_BUS_DOWN;
4437                         }
4438                         devctl &= ~SBSDIO_DEVCTL_CA_INT_ONLY;
4439                         bcmsdh_cfg_write(sdh, SDIO_FUNC_1, SBSDIO_DEVICE_CTL, devctl, &err);
4440                         if (err) {
4441                                 DHD_ERROR(("%s: error writing DEVCTL: %d\n",
4442                                            __FUNCTION__, err));
4443                                 bus->dhd->busstate = DHD_BUS_DOWN;
4444                         }
4445                         bus->clkstate = CLK_AVAIL;
4446                 } else {
4447                         goto clkwait;
4448                 }
4449         }
4450
4451         BUS_WAKE(bus);
4452
4453         /* Make sure backplane clock is on */
4454         dhdsdio_clkctl(bus, CLK_AVAIL, TRUE);
4455         if (bus->clkstate != CLK_AVAIL)
4456                 goto clkwait;
4457
4458         /* Pending interrupt indicates new device status */
4459         if (bus->ipend) {
4460                 bus->ipend = FALSE;
4461                 R_SDREG(newstatus, &regs->intstatus, retries);
4462                 bus->f1regdata++;
4463                 if (bcmsdh_regfail(bus->sdh))
4464                         newstatus = 0;
4465                 newstatus &= bus->hostintmask;
4466                 bus->fcstate = !!(newstatus & I_HMB_FC_STATE);
4467                 if (newstatus) {
4468                         bus->f1regdata++;
4469                         if ((bus->rxint_mode == SDIO_DEVICE_RXDATAINT_MODE_0) &&
4470                                 (newstatus == I_XMTDATA_AVAIL)) {
4471                         }
4472                         else
4473                                 W_SDREG(newstatus, &regs->intstatus, retries);
4474                 }
4475         }
4476
4477         /* Merge new bits with previous */
4478         intstatus |= newstatus;
4479         bus->intstatus = 0;
4480
4481         /* Handle flow-control change: read new state in case our ack
4482          * crossed another change interrupt.  If change still set, assume
4483          * FC ON for safety, let next loop through do the debounce.
4484          */
4485         if (intstatus & I_HMB_FC_CHANGE) {
4486                 intstatus &= ~I_HMB_FC_CHANGE;
4487                 W_SDREG(I_HMB_FC_CHANGE, &regs->intstatus, retries);
4488                 R_SDREG(newstatus, &regs->intstatus, retries);
4489                 bus->f1regdata += 2;
4490                 bus->fcstate = !!(newstatus & (I_HMB_FC_STATE | I_HMB_FC_CHANGE));
4491                 intstatus |= (newstatus & bus->hostintmask);
4492         }
4493
4494         /* Just being here means nothing more to do for chipactive */
4495         if (intstatus & I_CHIPACTIVE) {
4496                 /* ASSERT(bus->clkstate == CLK_AVAIL); */
4497                 intstatus &= ~I_CHIPACTIVE;
4498         }
4499
4500         /* Handle host mailbox indication */
4501         if (intstatus & I_HMB_HOST_INT) {
4502                 intstatus &= ~I_HMB_HOST_INT;
4503                 intstatus |= dhdsdio_hostmail(bus);
4504         }
4505
4506         /* Generally don't ask for these, can get CRC errors... */
4507         if (intstatus & I_WR_OOSYNC) {
4508                 DHD_ERROR(("Dongle reports WR_OOSYNC\n"));
4509                 intstatus &= ~I_WR_OOSYNC;
4510         }
4511
4512         if (intstatus & I_RD_OOSYNC) {
4513                 DHD_ERROR(("Dongle reports RD_OOSYNC\n"));
4514                 intstatus &= ~I_RD_OOSYNC;
4515         }
4516
4517         if (intstatus & I_SBINT) {
4518                 DHD_ERROR(("Dongle reports SBINT\n"));
4519                 intstatus &= ~I_SBINT;
4520         }
4521
4522         /* Would be active due to wake-wlan in gSPI */
4523         if (intstatus & I_CHIPACTIVE) {
4524                 DHD_INFO(("Dongle reports CHIPACTIVE\n"));
4525                 intstatus &= ~I_CHIPACTIVE;
4526         }
4527
4528         /* Ignore frame indications if rxskip is set */
4529         if (bus->rxskip) {
4530                 intstatus &= ~FRAME_AVAIL_MASK(bus);
4531         }
4532
4533         /* On frame indication, read available frames */
4534         if (PKT_AVAILABLE(bus, intstatus)) {
4535                 framecnt = dhdsdio_readframes(bus, rxlimit, &rxdone);
4536                 if (rxdone || bus->rxskip)
4537                         intstatus  &= ~FRAME_AVAIL_MASK(bus);
4538                 rxlimit -= MIN(framecnt, rxlimit);
4539         }
4540
4541         /* Keep still-pending events for next scheduling */
4542         bus->intstatus = intstatus;
4543
4544 clkwait:
4545         /* Re-enable interrupts to detect new device events (mailbox, rx frame)
4546          * or clock availability.  (Allows tx loop to check ipend if desired.)
4547          * (Unless register access seems hosed, as we may not be able to ACK...)
4548          */
4549         if (bus->intr && bus->intdis && !bcmsdh_regfail(sdh)) {
4550                 DHD_INTR(("%s: enable SDIO interrupts, rxdone %d framecnt %d\n",
4551                           __FUNCTION__, rxdone, framecnt));
4552                 bus->intdis = FALSE;
4553 #if defined(OOB_INTR_ONLY)
4554         bcmsdh_oob_intr_set(1);
4555 #endif /* (OOB_INTR_ONLY) */
4556                 bcmsdh_intr_enable(sdh);
4557         }
4558
4559         if (TXCTLOK(bus) && bus->ctrl_frame_stat && (bus->clkstate == CLK_AVAIL))  {
4560                 int ret, i;
4561
4562                 ret = dhd_bcmsdh_send_buf(bus, bcmsdh_cur_sbwad(sdh), SDIO_FUNC_2, F2SYNC,
4563                                       (uint8 *)bus->ctrl_frame_buf, (uint32)bus->ctrl_frame_len,
4564                         NULL, NULL, NULL);
4565                 ASSERT(ret != BCME_PENDING);
4566
4567                 if (ret < 0) {
4568                         /* On failure, abort the command and terminate the frame */
4569                         DHD_INFO(("%s: sdio error %d, abort command and terminate frame.\n",
4570                                   __FUNCTION__, ret));
4571                         bus->tx_sderrs++;
4572
4573                         bcmsdh_abort(sdh, SDIO_FUNC_2);
4574
4575                         bcmsdh_cfg_write(sdh, SDIO_FUNC_1, SBSDIO_FUNC1_FRAMECTRL,
4576                                          SFC_WF_TERM, NULL);
4577                         bus->f1regdata++;
4578
4579                         for (i = 0; i < 3; i++) {
4580                                 uint8 hi, lo;
4581                                 hi = bcmsdh_cfg_read(sdh, SDIO_FUNC_1,
4582                                                      SBSDIO_FUNC1_WFRAMEBCHI, NULL);
4583                                 lo = bcmsdh_cfg_read(sdh, SDIO_FUNC_1,
4584                                                      SBSDIO_FUNC1_WFRAMEBCLO, NULL);
4585                                 bus->f1regdata += 2;
4586                                 if ((hi == 0) && (lo == 0))
4587                                         break;
4588                         }
4589                 }
4590                 if (ret == 0) {
4591                         bus->tx_seq = (bus->tx_seq + 1) % SDPCM_SEQUENCE_WRAP;
4592                 }
4593
4594                 bus->ctrl_frame_stat = FALSE;
4595                 dhd_wait_event_wakeup(bus->dhd);
4596         }
4597         /* Send queued frames (limit 1 if rx may still be pending) */
4598         else if ((bus->clkstate == CLK_AVAIL) && !bus->fcstate &&
4599             pktq_mlen(&bus->txq, ~bus->flowcontrol) && txlimit && DATAOK(bus)) {
4600                 framecnt = rxdone ? txlimit : MIN(txlimit, dhd_txminmax);
4601                 framecnt = dhdsdio_sendfromq(bus, framecnt);
4602                 txlimit -= framecnt;
4603         }
4604         /* Resched the DPC if ctrl cmd is pending on bus credit */
4605         if (bus->ctrl_frame_stat)
4606                 resched = TRUE;
4607
4608         /* Resched if events or tx frames are pending, else await next interrupt */
4609         /* On failed register access, all bets are off: no resched or interrupts */
4610         if ((bus->dhd->busstate == DHD_BUS_DOWN) || bcmsdh_regfail(sdh)) {
4611                 DHD_ERROR(("%s: failed backplane access over SDIO, halting operation %d \n",
4612                            __FUNCTION__, bcmsdh_regfail(sdh)));
4613                 bus->dhd->busstate = DHD_BUS_DOWN;
4614                 bus->intstatus = 0;
4615         } else if (bus->clkstate == CLK_PENDING) {
4616                 /* Awaiting I_CHIPACTIVE; don't resched */
4617         } else if (bus->intstatus || bus->ipend ||
4618                    (!bus->fcstate && pktq_mlen(&bus->txq, ~bus->flowcontrol) && DATAOK(bus)) ||
4619                         PKT_AVAILABLE(bus, bus->intstatus)) {  /* Read multiple frames */
4620                 resched = TRUE;
4621         }
4622
4623         bus->dpc_sched = resched;
4624
4625         /* If we're done for now, turn off clock request. */
4626         if ((bus->idletime == DHD_IDLE_IMMEDIATE) && (bus->clkstate != CLK_PENDING)) {
4627                 bus->activity = FALSE;
4628                 dhdsdio_clkctl(bus, CLK_NONE, FALSE);
4629         }
4630
4631         dhd_os_sdunlock(bus->dhd);
4632         return resched;
4633 }
4634
4635 bool
4636 dhd_bus_dpc(struct dhd_bus *bus)
4637 {
4638         bool resched;
4639
4640         /* Call the DPC directly. */
4641         DHD_TRACE(("Calling dhdsdio_dpc() from %s\n", __FUNCTION__));
4642         resched = dhdsdio_dpc(bus);
4643
4644         return resched;
4645 }
4646
4647 void
4648 dhdsdio_isr(void *arg)
4649 {
4650         dhd_bus_t *bus = (dhd_bus_t*)arg;
4651         bcmsdh_info_t *sdh;
4652
4653         DHD_TRACE(("%s: Enter\n", __FUNCTION__));
4654
4655         if (!bus) {
4656                 DHD_ERROR(("%s : bus is null pointer , exit \n", __FUNCTION__));
4657                 return;
4658         }
4659         sdh = bus->sdh;
4660
4661         if (bus->dhd->busstate == DHD_BUS_DOWN) {
4662                 DHD_ERROR(("%s : bus is down. we have nothing to do\n", __FUNCTION__));
4663                 return;
4664         }
4665
4666         DHD_TRACE(("%s: Enter\n", __FUNCTION__));
4667
4668         /* Count the interrupt call */
4669         bus->intrcount++;
4670         bus->ipend = TRUE;
4671
4672         /* Shouldn't get this interrupt if we're sleeping? */
4673         if (bus->sleeping) {
4674                 DHD_ERROR(("INTERRUPT WHILE SLEEPING??\n"));
4675                 return;
4676         }
4677
4678         /* Disable additional interrupts (is this needed now)? */
4679         if (bus->intr) {
4680                 DHD_INTR(("%s: disable SDIO interrupts\n", __FUNCTION__));
4681         } else {
4682                 DHD_ERROR(("dhdsdio_isr() w/o interrupt configured!\n"));
4683         }
4684
4685         bcmsdh_intr_disable(sdh);
4686         bus->intdis = TRUE;
4687
4688 #if defined(SDIO_ISR_THREAD)
4689         DHD_TRACE(("Calling dhdsdio_dpc() from %s\n", __FUNCTION__));
4690         DHD_OS_WAKE_LOCK(bus->dhd);
4691         while (dhdsdio_dpc(bus));
4692         DHD_OS_WAKE_UNLOCK(bus->dhd);
4693 #else
4694         bus->dpc_sched = TRUE;
4695         dhd_sched_dpc(bus->dhd);
4696 #endif 
4697
4698 }
4699
4700 #ifdef SDTEST
4701 static void
4702 dhdsdio_pktgen_init(dhd_bus_t *bus)
4703 {
4704         /* Default to specified length, or full range */
4705         if (dhd_pktgen_len) {
4706                 bus->pktgen_maxlen = MIN(dhd_pktgen_len, MAX_PKTGEN_LEN);
4707                 bus->pktgen_minlen = bus->pktgen_maxlen;
4708         } else {
4709                 bus->pktgen_maxlen = MAX_PKTGEN_LEN;
4710                 bus->pktgen_minlen = 0;
4711         }
4712         bus->pktgen_len = (uint16)bus->pktgen_minlen;
4713
4714         /* Default to per-watchdog burst with 10s print time */
4715         bus->pktgen_freq = 1;
4716         bus->pktgen_print = 10000 / dhd_watchdog_ms;
4717         bus->pktgen_count = (dhd_pktgen * dhd_watchdog_ms + 999) / 1000;
4718
4719         /* Default to echo mode */
4720         bus->pktgen_mode = DHD_PKTGEN_ECHO;
4721         bus->pktgen_stop = 1;
4722 }
4723
4724 static void
4725 dhdsdio_pktgen(dhd_bus_t *bus)
4726 {
4727         void *pkt;
4728         uint8 *data;
4729         uint pktcount;
4730         uint fillbyte;
4731         osl_t *osh = bus->dhd->osh;
4732         uint16 len;
4733
4734         /* Display current count if appropriate */
4735         if (bus->pktgen_print && (++bus->pktgen_ptick >= bus->pktgen_print)) {
4736                 bus->pktgen_ptick = 0;
4737                 printf("%s: send attempts %d rcvd %d\n",
4738                        __FUNCTION__, bus->pktgen_sent, bus->pktgen_rcvd);
4739         }
4740
4741         /* For recv mode, just make sure dongle has started sending */
4742         if (bus->pktgen_mode == DHD_PKTGEN_RECV) {
4743                 if (bus->pktgen_rcv_state == PKTGEN_RCV_IDLE) {
4744                         bus->pktgen_rcv_state = PKTGEN_RCV_ONGOING;
4745                         dhdsdio_sdtest_set(bus, (uint8)bus->pktgen_total);
4746                 }
4747                 return;
4748         }
4749
4750         /* Otherwise, generate or request the specified number of packets */
4751         for (pktcount = 0; pktcount < bus->pktgen_count; pktcount++) {
4752                 /* Stop if total has been reached */
4753                 if (bus->pktgen_total && (bus->pktgen_sent >= bus->pktgen_total)) {
4754                         bus->pktgen_count = 0;
4755                         break;
4756                 }
4757
4758                 /* Allocate an appropriate-sized packet */
4759                 len = bus->pktgen_len;
4760                 if (!(pkt = PKTGET(osh, (len + SDPCM_HDRLEN + SDPCM_TEST_HDRLEN + DHD_SDALIGN),
4761                                    TRUE))) {;
4762                         DHD_ERROR(("%s: PKTGET failed!\n", __FUNCTION__));
4763                         break;
4764                 }
4765                 PKTALIGN(osh, pkt, (len + SDPCM_HDRLEN + SDPCM_TEST_HDRLEN), DHD_SDALIGN);
4766                 data = (uint8*)PKTDATA(osh, pkt) + SDPCM_HDRLEN;
4767
4768                 /* Write test header cmd and extra based on mode */
4769                 switch (bus->pktgen_mode) {
4770                 case DHD_PKTGEN_ECHO:
4771                         *data++ = SDPCM_TEST_ECHOREQ;
4772                         *data++ = (uint8)bus->pktgen_sent;
4773                         break;
4774
4775                 case DHD_PKTGEN_SEND:
4776                         *data++ = SDPCM_TEST_DISCARD;
4777                         *data++ = (uint8)bus->pktgen_sent;
4778                         break;
4779
4780                 case DHD_PKTGEN_RXBURST:
4781                         *data++ = SDPCM_TEST_BURST;
4782                         *data++ = (uint8)bus->pktgen_count;
4783                         break;
4784
4785                 default:
4786                         DHD_ERROR(("Unrecognized pktgen mode %d\n", bus->pktgen_mode));
4787                         PKTFREE(osh, pkt, TRUE);
4788                         bus->pktgen_count = 0;
4789                         return;
4790                 }
4791
4792                 /* Write test header length field */
4793                 *data++ = (len >> 0);
4794                 *data++ = (len >> 8);
4795
4796                 /* Then fill in the remainder -- N/A for burst, but who cares... */
4797                 for (fillbyte = 0; fillbyte < len; fillbyte++)
4798                         *data++ = SDPCM_TEST_FILL(fillbyte, (uint8)bus->pktgen_sent);
4799
4800 #ifdef DHD_DEBUG
4801                 if (DHD_BYTES_ON() && DHD_DATA_ON()) {
4802                         data = (uint8*)PKTDATA(osh, pkt) + SDPCM_HDRLEN;
4803                         prhex("dhdsdio_pktgen: Tx Data", data, PKTLEN(osh, pkt) - SDPCM_HDRLEN);
4804                 }
4805 #endif
4806
4807                 /* Send it */
4808                 if (dhdsdio_txpkt(bus, pkt, SDPCM_TEST_CHANNEL, TRUE)) {
4809                         bus->pktgen_fail++;
4810                         if (bus->pktgen_stop && bus->pktgen_stop == bus->pktgen_fail)
4811                                 bus->pktgen_count = 0;
4812                 }
4813                 bus->pktgen_sent++;
4814
4815                 /* Bump length if not fixed, wrap at max */
4816                 if (++bus->pktgen_len > bus->pktgen_maxlen)
4817                         bus->pktgen_len = (uint16)bus->pktgen_minlen;
4818
4819                 /* Special case for burst mode: just send one request! */
4820                 if (bus->pktgen_mode == DHD_PKTGEN_RXBURST)
4821                         break;
4822         }
4823 }
4824
4825 static void
4826 dhdsdio_sdtest_set(dhd_bus_t *bus, uint8 count)
4827 {
4828         void *pkt;
4829         uint8 *data;
4830         osl_t *osh = bus->dhd->osh;
4831
4832         /* Allocate the packet */
4833         if (!(pkt = PKTGET(osh, SDPCM_HDRLEN + SDPCM_TEST_HDRLEN + DHD_SDALIGN, TRUE))) {
4834                 DHD_ERROR(("%s: PKTGET failed!\n", __FUNCTION__));
4835                 return;
4836         }
4837         PKTALIGN(osh, pkt, (SDPCM_HDRLEN + SDPCM_TEST_HDRLEN), DHD_SDALIGN);
4838         data = (uint8*)PKTDATA(osh, pkt) + SDPCM_HDRLEN;
4839
4840         /* Fill in the test header */
4841         *data++ = SDPCM_TEST_SEND;
4842         *data++ = count;
4843         *data++ = (bus->pktgen_maxlen >> 0);
4844         *data++ = (bus->pktgen_maxlen >> 8);
4845
4846         /* Send it */
4847         if (dhdsdio_txpkt(bus, pkt, SDPCM_TEST_CHANNEL, TRUE))
4848                 bus->pktgen_fail++;
4849 }
4850
4851
4852 static void
4853 dhdsdio_testrcv(dhd_bus_t *bus, void *pkt, uint seq)
4854 {
4855         osl_t *osh = bus->dhd->osh;
4856         uint8 *data;
4857         uint pktlen;
4858
4859         uint8 cmd;
4860         uint8 extra;
4861         uint16 len;
4862         uint16 offset;
4863
4864         /* Check for min length */
4865         if ((pktlen = PKTLEN(osh, pkt)) < SDPCM_TEST_HDRLEN) {
4866                 DHD_ERROR(("dhdsdio_restrcv: toss runt frame, pktlen %d\n", pktlen));
4867                 PKTFREE(osh, pkt, FALSE);
4868                 return;
4869         }
4870
4871         /* Extract header fields */
4872         data = PKTDATA(osh, pkt);
4873         cmd = *data++;
4874         extra = *data++;
4875         len = *data++; len += *data++ << 8;
4876         DHD_TRACE(("%s:cmd:%d, xtra:%d,len:%d\n", __FUNCTION__, cmd, extra, len));
4877         /* Check length for relevant commands */
4878         if (cmd == SDPCM_TEST_DISCARD || cmd == SDPCM_TEST_ECHOREQ || cmd == SDPCM_TEST_ECHORSP) {
4879                 if (pktlen != len + SDPCM_TEST_HDRLEN) {
4880                         DHD_ERROR(("dhdsdio_testrcv: frame length mismatch, pktlen %d seq %d"
4881                                    " cmd %d extra %d len %d\n", pktlen, seq, cmd, extra, len));
4882                         PKTFREE(osh, pkt, FALSE);
4883                         return;
4884                 }
4885         }
4886
4887         /* Process as per command */
4888         switch (cmd) {
4889         case SDPCM_TEST_ECHOREQ:
4890                 /* Rx->Tx turnaround ok (even on NDIS w/current implementation) */
4891                 *(uint8 *)(PKTDATA(osh, pkt)) = SDPCM_TEST_ECHORSP;
4892                 if (dhdsdio_txpkt(bus, pkt, SDPCM_TEST_CHANNEL, TRUE) == 0) {
4893                         bus->pktgen_sent++;
4894                 } else {
4895                         bus->pktgen_fail++;
4896                         PKTFREE(osh, pkt, FALSE);
4897                 }
4898                 bus->pktgen_rcvd++;
4899                 break;
4900
4901         case SDPCM_TEST_ECHORSP:
4902                 if (bus->ext_loop) {
4903                         PKTFREE(osh, pkt, FALSE);
4904                         bus->pktgen_rcvd++;
4905                         break;
4906                 }
4907
4908                 for (offset = 0; offset < len; offset++, data++) {
4909                         if (*data != SDPCM_TEST_FILL(offset, extra)) {
4910                                 DHD_ERROR(("dhdsdio_testrcv: echo data mismatch: "
4911                                            "offset %d (len %d) expect 0x%02x rcvd 0x%02x\n",
4912                                            offset, len, SDPCM_TEST_FILL(offset, extra), *data));
4913                                 break;
4914                         }
4915                 }
4916                 PKTFREE(osh, pkt, FALSE);
4917                 bus->pktgen_rcvd++;
4918                 break;
4919
4920         case SDPCM_TEST_DISCARD:
4921                 {
4922                         int i = 0;
4923                         uint8 *prn = data;
4924                         uint8 testval = extra;
4925                         for (i = 0; i < len; i++) {
4926                                 if (*prn != testval) {
4927                                         DHD_ERROR(("DIErr@Pkt#:%d,Ix:%d, expected:0x%x, got:0x%x\n",
4928                                                 i, bus->pktgen_rcvd_rcvsession, testval, *prn));
4929                                         prn++; testval++;
4930                                 }
4931                         }
4932                 }
4933                 PKTFREE(osh, pkt, FALSE);
4934                 bus->pktgen_rcvd++;
4935                 break;
4936
4937         case SDPCM_TEST_BURST:
4938         case SDPCM_TEST_SEND:
4939         default:
4940                 DHD_INFO(("dhdsdio_testrcv: unsupported or unknown command, pktlen %d seq %d"
4941                           " cmd %d extra %d len %d\n", pktlen, seq, cmd, extra, len));
4942                 PKTFREE(osh, pkt, FALSE);
4943                 break;
4944         }
4945
4946         /* For recv mode, stop at limit (and tell dongle to stop sending) */
4947         if (bus->pktgen_mode == DHD_PKTGEN_RECV) {
4948                 if (bus->pktgen_rcv_state != PKTGEN_RCV_IDLE) {
4949                         bus->pktgen_rcvd_rcvsession++;
4950
4951                         if (bus->pktgen_total &&
4952                                 (bus->pktgen_rcvd_rcvsession >= bus->pktgen_total)) {
4953                         bus->pktgen_count = 0;
4954                     DHD_ERROR(("Pktgen:rcv test complete!\n"));
4955                     bus->pktgen_rcv_state = PKTGEN_RCV_IDLE;
4956                         dhdsdio_sdtest_set(bus, FALSE);
4957                                 bus->pktgen_rcvd_rcvsession = 0;
4958                         }
4959                 }
4960         }
4961 }
4962 #endif /* SDTEST */
4963
4964 extern void
4965 dhd_disable_intr(dhd_pub_t *dhdp)
4966 {
4967         dhd_bus_t *bus;
4968         bus = dhdp->bus;
4969         bcmsdh_intr_disable(bus->sdh);
4970 }
4971
4972 extern bool
4973 dhd_bus_watchdog(dhd_pub_t *dhdp)
4974 {
4975         dhd_bus_t *bus;
4976
4977         DHD_TIMER(("%s: Enter\n", __FUNCTION__));
4978
4979         bus = dhdp->bus;
4980
4981         if (bus->dhd->dongle_reset)
4982                 return FALSE;
4983
4984         /* Ignore the timer if simulating bus down */
4985         if (bus->sleeping)
4986                 return FALSE;
4987
4988         if (dhdp->busstate == DHD_BUS_DOWN)
4989                 return FALSE;
4990
4991         /* Poll period: check device if appropriate. */
4992         if (bus->poll && (++bus->polltick >= bus->pollrate)) {
4993                 uint32 intstatus = 0;
4994
4995                 /* Reset poll tick */
4996                 bus->polltick = 0;
4997
4998                 /* Check device if no interrupts */
4999                 if (!bus->intr || (bus->intrcount == bus->lastintrs)) {
5000
5001                         if (!bus->dpc_sched) {
5002                                 uint8 devpend;
5003                                 devpend = bcmsdh_cfg_read(bus->sdh, SDIO_FUNC_0,
5004                                                           SDIOD_CCCR_INTPEND, NULL);
5005                                 intstatus = devpend & (INTR_STATUS_FUNC1 | INTR_STATUS_FUNC2);
5006                         }
5007
5008                         /* If there is something, make like the ISR and schedule the DPC */
5009                         if (intstatus) {
5010                                 bus->pollcnt++;
5011                                 bus->ipend = TRUE;
5012                                 if (bus->intr) {
5013                                         bcmsdh_intr_disable(bus->sdh);
5014                                 }
5015                                 bus->dpc_sched = TRUE;
5016                                 dhd_sched_dpc(bus->dhd);
5017
5018                         }
5019                 }
5020
5021                 /* Update interrupt tracking */
5022                 bus->lastintrs = bus->intrcount;
5023         }
5024
5025 #ifdef DHD_DEBUG
5026         /* Poll for console output periodically */
5027         if (dhdp->busstate == DHD_BUS_DATA && dhd_console_ms != 0) {
5028                 bus->console.count += dhd_watchdog_ms;
5029                 if (bus->console.count >= dhd_console_ms) {
5030                         bus->console.count -= dhd_console_ms;
5031                         /* Make sure backplane clock is on */
5032                         dhdsdio_clkctl(bus, CLK_AVAIL, FALSE);
5033                         if (dhdsdio_readconsole(bus) < 0)
5034                                 dhd_console_ms = 0;     /* On error, stop trying */
5035                 }
5036         }
5037 #endif /* DHD_DEBUG */
5038
5039 #ifdef SDTEST
5040         /* Generate packets if configured */
5041         if (bus->pktgen_count && (++bus->pktgen_tick >= bus->pktgen_freq)) {
5042                 /* Make sure backplane clock is on */
5043                 dhdsdio_clkctl(bus, CLK_AVAIL, FALSE);
5044                 bus->pktgen_tick = 0;
5045                 dhdsdio_pktgen(bus);
5046         }
5047 #endif
5048
5049         /* On idle timeout clear activity flag and/or turn off clock */
5050         if ((bus->idletime > 0) && (bus->clkstate == CLK_AVAIL)) {
5051                 if (++bus->idlecount >= bus->idletime) {
5052                         bus->idlecount = 0;
5053                         if (bus->activity) {
5054                                 bus->activity = FALSE;
5055                                 dhdsdio_clkctl(bus, CLK_NONE, FALSE);
5056                         }
5057                 }
5058         }
5059
5060         return bus->ipend;
5061 }
5062
5063 #ifdef DHD_DEBUG
5064 extern int
5065 dhd_bus_console_in(dhd_pub_t *dhdp, uchar *msg, uint msglen)
5066 {
5067         dhd_bus_t *bus = dhdp->bus;
5068         uint32 addr, val;
5069         int rv;
5070         void *pkt;
5071
5072         /* Address could be zero if CONSOLE := 0 in dongle Makefile */
5073         if (bus->console_addr == 0)
5074                 return BCME_UNSUPPORTED;
5075
5076         /* Exclusive bus access */
5077         dhd_os_sdlock(bus->dhd);
5078
5079         /* Don't allow input if dongle is in reset */
5080         if (bus->dhd->dongle_reset) {
5081                 dhd_os_sdunlock(bus->dhd);
5082                 return BCME_NOTREADY;
5083         }
5084
5085         /* Request clock to allow SDIO accesses */
5086         BUS_WAKE(bus);
5087         /* No pend allowed since txpkt is called later, ht clk has to be on */
5088         dhdsdio_clkctl(bus, CLK_AVAIL, FALSE);
5089
5090         /* Zero cbuf_index */
5091         addr = bus->console_addr + OFFSETOF(hndrte_cons_t, cbuf_idx);
5092         val = htol32(0);
5093         if ((rv = dhdsdio_membytes(bus, TRUE, addr, (uint8 *)&val, sizeof(val))) < 0)
5094                 goto done;
5095
5096         /* Write message into cbuf */
5097         addr = bus->console_addr + OFFSETOF(hndrte_cons_t, cbuf);
5098         if ((rv = dhdsdio_membytes(bus, TRUE, addr, (uint8 *)msg, msglen)) < 0)
5099                 goto done;
5100
5101         /* Write length into vcons_in */
5102         addr = bus->console_addr + OFFSETOF(hndrte_cons_t, vcons_in);
5103         val = htol32(msglen);
5104         if ((rv = dhdsdio_membytes(bus, TRUE, addr, (uint8 *)&val, sizeof(val))) < 0)
5105                 goto done;
5106
5107         /* Bump dongle by sending an empty packet on the event channel.
5108          * sdpcm_sendup (RX) checks for virtual console input.
5109          */
5110         if ((pkt = PKTGET(bus->dhd->osh, 4 + SDPCM_RESERVE, TRUE)) != NULL)
5111                 dhdsdio_txpkt(bus, pkt, SDPCM_EVENT_CHANNEL, TRUE);
5112
5113 done:
5114         if ((bus->idletime == DHD_IDLE_IMMEDIATE) && !bus->dpc_sched) {
5115                 bus->activity = FALSE;
5116                 dhdsdio_clkctl(bus, CLK_NONE, TRUE);
5117         }
5118
5119         dhd_os_sdunlock(bus->dhd);
5120
5121         return rv;
5122 }
5123 #endif /* DHD_DEBUG */
5124
5125 #ifdef DHD_DEBUG
5126 static void
5127 dhd_dump_cis(uint fn, uint8 *cis)
5128 {
5129         uint byte, tag, tdata;
5130         DHD_INFO(("Function %d CIS:\n", fn));
5131
5132         for (tdata = byte = 0; byte < SBSDIO_CIS_SIZE_LIMIT; byte++) {
5133                 if ((byte % 16) == 0)
5134                         DHD_INFO(("    "));
5135                 DHD_INFO(("%02x ", cis[byte]));
5136                 if ((byte % 16) == 15)
5137                         DHD_INFO(("\n"));
5138                 if (!tdata--) {
5139                         tag = cis[byte];
5140                         if (tag == 0xff)
5141                                 break;
5142                         else if (!tag)
5143                                 tdata = 0;
5144                         else if ((byte + 1) < SBSDIO_CIS_SIZE_LIMIT)
5145                                 tdata = cis[byte + 1] + 1;
5146                         else
5147                                 DHD_INFO(("]"));
5148                 }
5149         }
5150         if ((byte % 16) != 15)
5151                 DHD_INFO(("\n"));
5152 }
5153 #endif /* DHD_DEBUG */
5154
5155 static bool
5156 dhdsdio_chipmatch(uint16 chipid)
5157 {
5158         if (chipid == BCM4325_CHIP_ID)
5159                 return TRUE;
5160         if (chipid == BCM4329_CHIP_ID)
5161                 return TRUE;
5162         if (chipid == BCM4315_CHIP_ID)
5163                 return TRUE;
5164         if (chipid == BCM4319_CHIP_ID)
5165                 return TRUE;
5166         if (chipid == BCM4336_CHIP_ID)
5167                 return TRUE;
5168         if (chipid == BCM4330_CHIP_ID)
5169                 return TRUE;
5170         if (chipid == BCM43237_CHIP_ID)
5171                 return TRUE;
5172         if (chipid == BCM43362_CHIP_ID)
5173                 return TRUE;
5174         if (chipid == BCM43239_CHIP_ID)
5175                 return TRUE;
5176         return FALSE;
5177 }
5178
5179 static void *
5180 dhdsdio_probe(uint16 venid, uint16 devid, uint16 bus_no, uint16 slot,
5181         uint16 func, uint bustype, void *regsva, osl_t * osh, void *sdh)
5182 {
5183         int ret;
5184         dhd_bus_t *bus;
5185         dhd_cmn_t *cmn;
5186 #ifdef GET_CUSTOM_MAC_ENABLE
5187         struct ether_addr ea_addr;
5188 #endif /* GET_CUSTOM_MAC_ENABLE */
5189
5190         /* Init global variables at run-time, not as part of the declaration.
5191          * This is required to support init/de-init of the driver. Initialization
5192          * of globals as part of the declaration results in non-deterministic
5193          * behavior since the value of the globals may be different on the
5194          * first time that the driver is initialized vs subsequent initializations.
5195          */
5196         dhd_txbound = DHD_TXBOUND;
5197         dhd_rxbound = DHD_RXBOUND;
5198         dhd_alignctl = TRUE;
5199         sd1idle = TRUE;
5200         dhd_readahead = TRUE;
5201         retrydata = FALSE;
5202         dhd_doflow = FALSE;
5203         dhd_dongle_memsize = 0;
5204         dhd_txminmax = DHD_TXMINMAX;
5205
5206         forcealign = TRUE;
5207
5208
5209         DHD_TRACE(("%s: Enter\n", __FUNCTION__));
5210         DHD_INFO(("%s: venid 0x%04x devid 0x%04x\n", __FUNCTION__, venid, devid));
5211
5212         /* We make assumptions about address window mappings */
5213         ASSERT((uintptr)regsva == SI_ENUM_BASE);
5214
5215         /* BCMSDH passes venid and devid based on CIS parsing -- but low-power start
5216          * means early parse could fail, so here we should get either an ID
5217          * we recognize OR (-1) indicating we must request power first.
5218          */
5219         /* Check the Vendor ID */
5220         switch (venid) {
5221                 case 0x0000:
5222                 case VENDOR_BROADCOM:
5223                         break;
5224                 default:
5225                         DHD_ERROR(("%s: unknown vendor: 0x%04x\n",
5226                                    __FUNCTION__, venid));
5227                         return NULL;
5228         }
5229
5230         /* Check the Device ID and make sure it's one that we support */
5231         switch (devid) {
5232                 case BCM4325_D11DUAL_ID:                /* 4325 802.11a/g id */
5233                 case BCM4325_D11G_ID:                   /* 4325 802.11g 2.4Ghz band id */
5234                 case BCM4325_D11A_ID:                   /* 4325 802.11a 5Ghz band id */
5235                         DHD_INFO(("%s: found 4325 Dongle\n", __FUNCTION__));
5236                         break;
5237                 case BCM4329_D11N_ID:           /* 4329 802.11n dualband device */
5238                 case BCM4329_D11N2G_ID:         /* 4329 802.11n 2.4G device */
5239                 case BCM4329_D11N5G_ID:         /* 4329 802.11n 5G device */
5240                 case 0x4329:
5241                         DHD_INFO(("%s: found 4329 Dongle\n", __FUNCTION__));
5242                         break;
5243                 case BCM4315_D11DUAL_ID:                /* 4315 802.11a/g id */
5244                 case BCM4315_D11G_ID:                   /* 4315 802.11g id */
5245                 case BCM4315_D11A_ID:                   /* 4315 802.11a id */
5246                         DHD_INFO(("%s: found 4315 Dongle\n", __FUNCTION__));
5247                         break;
5248                 case BCM4319_D11N_ID:                   /* 4319 802.11n id */
5249                 case BCM4319_D11N2G_ID:                 /* 4319 802.11n2g id */
5250                 case BCM4319_D11N5G_ID:                 /* 4319 802.11n5g id */
5251                         DHD_INFO(("%s: found 4319 Dongle\n", __FUNCTION__));
5252                         break;
5253                 case 0:
5254                         DHD_INFO(("%s: allow device id 0, will check chip internals\n",
5255                                   __FUNCTION__));
5256                         break;
5257
5258                 default:
5259                         DHD_ERROR(("%s: skipping 0x%04x/0x%04x, not a dongle\n",
5260                                    __FUNCTION__, venid, devid));
5261                         return NULL;
5262         }
5263
5264         if (osh == NULL) {
5265                 /* Ask the OS interface part for an OSL handle */
5266                 if (!(osh = dhd_osl_attach(sdh, DHD_BUS))) {
5267                         DHD_ERROR(("%s: osl_attach failed!\n", __FUNCTION__));
5268                         return NULL;
5269                 }
5270         }
5271
5272         /* Allocate private bus interface state */
5273         if (!(bus = MALLOC(osh, sizeof(dhd_bus_t)))) {
5274                 DHD_ERROR(("%s: MALLOC of dhd_bus_t failed\n", __FUNCTION__));
5275                 goto fail;
5276         }
5277         bzero(bus, sizeof(dhd_bus_t));
5278         bus->sdh = sdh;
5279         bus->cl_devid = (uint16)devid;
5280         bus->bus = DHD_BUS;
5281         bus->tx_seq = SDPCM_SEQUENCE_WRAP - 1;
5282         bus->usebufpool = FALSE; /* Use bufpool if allocated, els