projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
rtl8187: fix use after free on failure path in rtl8187_init_urbs()
[deliverable/linux.git] / drivers / net / wireless / rtl818x / rtl8187 / dev.c
CommitLineData
605bebe2
MW		 1/*
2 * Linux device driver for RTL8187
3 *
4 * Copyright 2007 Michael Wu <flamingice@sourmilk.net>
93ba2a85 5 * Copyright 2007 Andrea Merello <andrea.merello@gmail.com>
605bebe2
MW		 6 *
7 * Based on the r8187 driver, which is:
93ba2a85 8 * Copyright 2005 Andrea Merello <andrea.merello@gmail.com>, et al.
605bebe2 9 *
3461fc12 10 * The driver was extended to the RTL8187B in 2008 by:
41b58f18 11 * Herton Ronaldo Krzesinski <herton@mandriva.com.br>
3461fc12
LF		 12 * Hin-Tak Leung <htl10@users.sourceforge.net>
13 * Larry Finger <Larry.Finger@lwfinger.net>
14 *
0aec00ae
JL		 15 * Magic delays and register offsets below are taken from the original
16 * r8187 driver sources. Thanks to Realtek for their support!
605bebe2
MW		 17 *
18 * This program is free software; you can redistribute it and/or modify
19 * it under the terms of the GNU General Public License version 2 as
20 * published by the Free Software Foundation.
21 */
22
23#include <linux/init.h>
24#include <linux/usb.h>
5a0e3ad6 25#include <linux/slab.h>
605bebe2
MW		 26#include <linux/delay.h>
27#include <linux/etherdevice.h>
28#include <linux/eeprom_93cx6.h>
9d9779e7 29#include <linux/module.h>
605bebe2
MW		 30#include <net/mac80211.h>
31
32#include "rtl8187.h"
3cfeb0c3 33#include "rtl8225.h"
a027087a 34#ifdef CONFIG_RTL8187_LEDS
3cfeb0c3 35#include "leds.h"
a027087a 36#endif
3cfeb0c3 37#include "rfkill.h"
605bebe2
MW		 38
39MODULE_AUTHOR("Michael Wu <flamingice@sourmilk.net>");
93ba2a85 40MODULE_AUTHOR("Andrea Merello <andrea.merello@gmail.com>");
3461fc12
LF		 41MODULE_AUTHOR("Herton Ronaldo Krzesinski <herton@mandriva.com.br>");
42MODULE_AUTHOR("Hin-Tak Leung <htl10@users.sourceforge.net>");
43MODULE_AUTHOR("Larry Finger <Larry.Finger@lwfinger.net>");
f8a08c34 44MODULE_DESCRIPTION("RTL8187/RTL8187B USB wireless driver");
605bebe2
MW		 45MODULE_LICENSE("GPL");
46
a3433179 47static struct usb_device_id rtl8187_table[] = {
7c7e6af3
AM		 48 /* Asus */
49 {USB_DEVICE(0x0b05, 0x171d), .driver_info = DEVICE_RTL8187},
eaca90da
FF		 50 /* Belkin */
51 {USB_DEVICE(0x050d, 0x705e), .driver_info = DEVICE_RTL8187B},
605bebe2 52 /* Realtek */
f8a08c34
HTL		 53 {USB_DEVICE(0x0bda, 0x8187), .driver_info = DEVICE_RTL8187},
54 {USB_DEVICE(0x0bda, 0x8189), .driver_info = DEVICE_RTL8187B},
55 {USB_DEVICE(0x0bda, 0x8197), .driver_info = DEVICE_RTL8187B},
746db510 56 {USB_DEVICE(0x0bda, 0x8198), .driver_info = DEVICE_RTL8187B},
046ee5d2
LF		 57 /* Surecom */
58 {USB_DEVICE(0x0769, 0x11F2), .driver_info = DEVICE_RTL8187},
59 /* Logitech */
60 {USB_DEVICE(0x0789, 0x010C), .driver_info = DEVICE_RTL8187},
605bebe2 61 /* Netgear */
f8a08c34
HTL		 62 {USB_DEVICE(0x0846, 0x6100), .driver_info = DEVICE_RTL8187},
63 {USB_DEVICE(0x0846, 0x6a00), .driver_info = DEVICE_RTL8187},
fcd7cc14 64 {USB_DEVICE(0x0846, 0x4260), .driver_info = DEVICE_RTL8187B},
c3cf60a9 65 /* HP */
f8a08c34 66 {USB_DEVICE(0x03f0, 0xca02), .driver_info = DEVICE_RTL8187},
9934550d 67 /* Sitecom */
f8a08c34 68 {USB_DEVICE(0x0df6, 0x000d), .driver_info = DEVICE_RTL8187},
f3c76918 69 {USB_DEVICE(0x0df6, 0x0028), .driver_info = DEVICE_RTL8187B},
174b2496 70 {USB_DEVICE(0x0df6, 0x0029), .driver_info = DEVICE_RTL8187B},
046ee5d2
LF		 71 /* Sphairon Access Systems GmbH */
72 {USB_DEVICE(0x114B, 0x0150), .driver_info = DEVICE_RTL8187},
73 /* Dick Smith Electronics */
74 {USB_DEVICE(0x1371, 0x9401), .driver_info = DEVICE_RTL8187},
8f7c41d4
IK		 75 /* Abocom */
76 {USB_DEVICE(0x13d1, 0xabe6), .driver_info = DEVICE_RTL8187},
046ee5d2
LF		 77 /* Qcom */
78 {USB_DEVICE(0x18E8, 0x6232), .driver_info = DEVICE_RTL8187},
79 /* AirLive */
80 {USB_DEVICE(0x1b75, 0x8187), .driver_info = DEVICE_RTL8187},
aeeab4ff
JL		 81 /* Linksys */
82 {USB_DEVICE(0x1737, 0x0073), .driver_info = DEVICE_RTL8187B},
605bebe2
MW		 83 {}
84};
85
86MODULE_DEVICE_TABLE(usb, rtl8187_table);
87
8318d78a
JB		 88static const struct ieee80211_rate rtl818x_rates[] = {
89 { .bitrate = 10, .hw_value = 0, },
90 { .bitrate = 20, .hw_value = 1, },
91 { .bitrate = 55, .hw_value = 2, },
92 { .bitrate = 110, .hw_value = 3, },
93 { .bitrate = 60, .hw_value = 4, },
94 { .bitrate = 90, .hw_value = 5, },
95 { .bitrate = 120, .hw_value = 6, },
96 { .bitrate = 180, .hw_value = 7, },
97 { .bitrate = 240, .hw_value = 8, },
98 { .bitrate = 360, .hw_value = 9, },
99 { .bitrate = 480, .hw_value = 10, },
100 { .bitrate = 540, .hw_value = 11, },
101};
102
103static const struct ieee80211_channel rtl818x_channels[] = {
104 { .center_freq = 2412 },
105 { .center_freq = 2417 },
106 { .center_freq = 2422 },
107 { .center_freq = 2427 },
108 { .center_freq = 2432 },
109 { .center_freq = 2437 },
110 { .center_freq = 2442 },
111 { .center_freq = 2447 },
112 { .center_freq = 2452 },
113 { .center_freq = 2457 },
114 { .center_freq = 2462 },
115 { .center_freq = 2467 },
116 { .center_freq = 2472 },
117 { .center_freq = 2484 },
118};
119
4150c572
JB		 120static void rtl8187_iowrite_async_cb(struct urb *urb)
121{
122 kfree(urb->context);
4150c572
JB		 123}
124
125static void rtl8187_iowrite_async(struct rtl8187_priv *priv, __le16 addr,
126 void *data, u16 len)
127{
128 struct usb_ctrlrequest *dr;
129 struct urb *urb;
130 struct rtl8187_async_write_data {
131 u8 data[4];
132 struct usb_ctrlrequest dr;
133 } *buf;
ea8ee240 134 int rc;
4150c572
JB		 135
136 buf = kmalloc(sizeof(*buf), GFP_ATOMIC);
137 if (!buf)
138 return;
139
140 urb = usb_alloc_urb(0, GFP_ATOMIC);
141 if (!urb) {
142 kfree(buf);
143 return;
144 }
145
146 dr = &buf->dr;
147
148 dr->bRequestType = RTL8187_REQT_WRITE;
149 dr->bRequest = RTL8187_REQ_SET_REG;
150 dr->wValue = addr;
151 dr->wIndex = 0;
152 dr->wLength = cpu_to_le16(len);
153
154 memcpy(buf, data, len);
155
156 usb_fill_control_urb(urb, priv->udev, usb_sndctrlpipe(priv->udev, 0),
157 (unsigned char *)dr, buf, len,
158 rtl8187_iowrite_async_cb, buf);
c1db52b9 159 usb_anchor_urb(urb, &priv->anchored);
ea8ee240
ON		 160 rc = usb_submit_urb(urb, GFP_ATOMIC);
161 if (rc < 0) {
162 kfree(buf);
c1db52b9 163 usb_unanchor_urb(urb);
ea8ee240 164 }
c1db52b9 165 usb_free_urb(urb);
4150c572
JB		 166}
167
168static inline void rtl818x_iowrite32_async(struct rtl8187_priv *priv,
169 __le32 *addr, u32 val)
170{
171 __le32 buf = cpu_to_le32(val);
172
173 rtl8187_iowrite_async(priv, cpu_to_le16((unsigned long)addr),
174 &buf, sizeof(buf));
175}
176
605bebe2
MW		 177void rtl8187_write_phy(struct ieee80211_hw *dev, u8 addr, u32 data)
178{
179 struct rtl8187_priv *priv = dev->priv;
180
181 data <<= 8;
182 data |= addr | 0x80;
183
184 rtl818x_iowrite8(priv, &priv->map->PHY[3], (data >> 24) & 0xFF);
185 rtl818x_iowrite8(priv, &priv->map->PHY[2], (data >> 16) & 0xFF);
186 rtl818x_iowrite8(priv, &priv->map->PHY[1], (data >> 8) & 0xFF);
187 rtl818x_iowrite8(priv, &priv->map->PHY[0], data & 0xFF);
605bebe2
MW		 188}
189
190static void rtl8187_tx_cb(struct urb *urb)
191{
605bebe2 192 struct sk_buff *skb = (struct sk_buff *)urb->context;
e039fa4a 193 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
e6a9854b 194 struct ieee80211_hw *hw = info->rate_driver_data[0];
6f7853f3 195 struct rtl8187_priv *priv = hw->priv;
605bebe2 196
6f7853f3
HTL		 197 skb_pull(skb, priv->is_rtl8187b ? sizeof(struct rtl8187b_tx_hdr) :
198 sizeof(struct rtl8187_tx_hdr));
e6a9854b 199 ieee80211_tx_info_clear_status(info);
3517afde 200
2f47690e
LF		 201 if (!(urb->status) && !(info->flags & IEEE80211_TX_CTL_NO_ACK)) {
202 if (priv->is_rtl8187b) {
203 skb_queue_tail(&priv->b_tx_status.queue, skb);
204
205 /* queue is "full", discard last items */
206 while (skb_queue_len(&priv->b_tx_status.queue) > 5) {
207 struct sk_buff *old_skb;
208
209 dev_dbg(&priv->udev->dev,
210 "transmit status queue full\n");
211
212 old_skb = skb_dequeue(&priv->b_tx_status.queue);
213 ieee80211_tx_status_irqsafe(hw, old_skb);
214 }
215 return;
216 } else {
3517afde 217 info->flags |= IEEE80211_TX_STAT_ACK;
2f47690e
LF		 218 }
219 }
220 if (priv->is_rtl8187b)
3517afde 221 ieee80211_tx_status_irqsafe(hw, skb);
2f47690e
LF		 222 else {
223 /* Retry information for the RTI8187 is only available by
224 * reading a register in the device. We are in interrupt mode
225 * here, thus queue the skb and finish on a work queue. */
226 skb_queue_tail(&priv->b_tx_status.queue, skb);
42935eca 227 ieee80211_queue_delayed_work(hw, &priv->work, 0);
3517afde 228 }
605bebe2
MW		 229}
230
36323f81
TH		 231static void rtl8187_tx(struct ieee80211_hw *dev,
232 struct ieee80211_tx_control *control,
233 struct sk_buff *skb)
605bebe2
MW		 234{
235 struct rtl8187_priv *priv = dev->priv;
e039fa4a 236 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
41b58f18 237 struct ieee80211_hdr *tx_hdr = (struct ieee80211_hdr *)(skb->data);
6f7853f3
HTL		 238 unsigned int ep;
239 void *buf;
605bebe2 240 struct urb *urb;
98798f48
MW		 241 __le16 rts_dur = 0;
242 u32 flags;
ea8ee240 243 int rc;
605bebe2
MW		 244
245 urb = usb_alloc_urb(0, GFP_ATOMIC);
246 if (!urb) {
247 kfree_skb(skb);
7bb45683 248 return;
605bebe2
MW		 249 }
250
98798f48 251 flags = skb->len;
38e3b0d8 252 flags |= RTL818X_TX_DESC_FLAG_NO_ENC;
aa68cbfb 253
e039fa4a 254 flags |= ieee80211_get_tx_rate(dev, info)->hw_value << 24;
41b58f18 255 if (ieee80211_has_morefrags(tx_hdr->frame_control))
38e3b0d8 256 flags |= RTL818X_TX_DESC_FLAG_MOREFRAG;
e6a9854b 257 if (info->control.rates[0].flags & IEEE80211_TX_RC_USE_RTS_CTS) {
38e3b0d8 258 flags |= RTL818X_TX_DESC_FLAG_RTS;
e039fa4a 259 flags |= ieee80211_get_rts_cts_rate(dev, info)->hw_value << 19;
32bfd35d 260 rts_dur = ieee80211_rts_duration(dev, priv->vif,
e039fa4a 261 skb->len, info);
e6a9854b 262 } else if (info->control.rates[0].flags & IEEE80211_TX_RC_USE_CTS_PROTECT) {
38e3b0d8 263 flags |= RTL818X_TX_DESC_FLAG_CTS;
e039fa4a 264 flags |= ieee80211_get_rts_cts_rate(dev, info)->hw_value << 19;
aa68cbfb 265 }
98798f48 266
41b58f18
AF		 267 if (info->flags & IEEE80211_TX_CTL_ASSIGN_SEQ) {
268 if (info->flags & IEEE80211_TX_CTL_FIRST_FRAGMENT)
269 priv->seqno += 0x10;
270 tx_hdr->seq_ctrl &= cpu_to_le16(IEEE80211_SCTL_FRAG);
271 tx_hdr->seq_ctrl |= cpu_to_le16(priv->seqno);
272 }
273
6f7853f3
HTL		 274 if (!priv->is_rtl8187b) {
275 struct rtl8187_tx_hdr *hdr =
276 (struct rtl8187_tx_hdr *)skb_push(skb, sizeof(*hdr));
277 hdr->flags = cpu_to_le32(flags);
278 hdr->len = 0;
279 hdr->rts_duration = rts_dur;
d9a1f486 280 hdr->retry = cpu_to_le32((info->control.rates[0].count - 1) << 8);
6f7853f3
HTL		 281 buf = hdr;
282
283 ep = 2;
284 } else {
285 /* fc needs to be calculated before skb_push() */
286 unsigned int epmap[4] = { 6, 7, 5, 4 };
6f7853f3
HTL		 287 u16 fc = le16_to_cpu(tx_hdr->frame_control);
288
289 struct rtl8187b_tx_hdr *hdr =
290 (struct rtl8187b_tx_hdr *)skb_push(skb, sizeof(*hdr));
291 struct ieee80211_rate *txrate =
292 ieee80211_get_tx_rate(dev, info);
293 memset(hdr, 0, sizeof(*hdr));
294 hdr->flags = cpu_to_le32(flags);
295 hdr->rts_duration = rts_dur;
d9a1f486 296 hdr->retry = cpu_to_le32((info->control.rates[0].count - 1) << 8);
6f7853f3
HTL		 297 hdr->tx_duration =
298 ieee80211_generic_frame_duration(dev, priv->vif,
4ee73f33 299 info->band,
6f7853f3
HTL		 300 skb->len, txrate);
301 buf = hdr;
302
303 if ((fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_MGMT)
304 ep = 12;
305 else
306 ep = epmap[skb_get_queue_mapping(skb)];
307 }
605bebe2 308
e6a9854b
JB		 309 info->rate_driver_data[0] = dev;
310 info->rate_driver_data[1] = urb;
6f7853f3
HTL		 311
312 usb_fill_bulk_urb(urb, priv->udev, usb_sndbulkpipe(priv->udev, ep),
313 buf, skb->len, rtl8187_tx_cb, skb);
2fcbab04 314 urb->transfer_flags |= URB_ZERO_PACKET;
c1db52b9 315 usb_anchor_urb(urb, &priv->anchored);
ea8ee240
ON		 316 rc = usb_submit_urb(urb, GFP_ATOMIC);
317 if (rc < 0) {
c1db52b9 318 usb_unanchor_urb(urb);
ea8ee240
ON		 319 kfree_skb(skb);
320 }
c1db52b9 321 usb_free_urb(urb);
605bebe2
MW		 322}
323
324static void rtl8187_rx_cb(struct urb *urb)
325{
326 struct sk_buff *skb = (struct sk_buff *)urb->context;
327 struct rtl8187_rx_info *info = (struct rtl8187_rx_info *)skb->cb;
328 struct ieee80211_hw *dev = info->dev;
329 struct rtl8187_priv *priv = dev->priv;
605bebe2
MW		 330 struct ieee80211_rx_status rx_status = { 0 };
331 int rate, signal;
4150c572 332 u32 flags;
d8588227 333 unsigned long f;
605bebe2 334
d8588227 335 spin_lock_irqsave(&priv->rx_queue.lock, f);
46c37672 336 __skb_unlink(skb, &priv->rx_queue);
d8588227 337 spin_unlock_irqrestore(&priv->rx_queue.lock, f);
c1db52b9 338 skb_put(skb, urb->actual_length);
605bebe2
MW		 339
340 if (unlikely(urb->status)) {
605bebe2
MW		 341 dev_kfree_skb_irq(skb);
342 return;
343 }
344
6f7853f3
HTL		 345 if (!priv->is_rtl8187b) {
346 struct rtl8187_rx_hdr *hdr =
347 (typeof(hdr))(skb_tail_pointer(skb) - sizeof(*hdr));
348 flags = le32_to_cpu(hdr->flags);
a7db74f4 349 /* As with the RTL8187B below, the AGC is used to calculate
70d9f405 350 * signal strength. In this case, the scaling
a7db74f4
LF		 351 * constants are derived from the output of p54usb.
352 */
a7db74f4 353 signal = -4 - ((27 * hdr->agc) >> 6);
6f7853f3 354 rx_status.antenna = (hdr->signal >> 7) & 1;
6f7853f3 355 rx_status.mactime = le64_to_cpu(hdr->mac_time);
6f7853f3
HTL		 356 } else {
357 struct rtl8187b_rx_hdr *hdr =
358 (typeof(hdr))(skb_tail_pointer(skb) - sizeof(*hdr));
0ccd58fc
LF		 359 /* The Realtek datasheet for the RTL8187B shows that the RX
360 * header contains the following quantities: signal quality,
361 * RSSI, AGC, the received power in dB, and the measured SNR.
362 * In testing, none of these quantities show qualitative
363 * agreement with AP signal strength, except for the AGC,
364 * which is inversely proportional to the strength of the
70d9f405
LF		 365 * signal. In the following, the signal strength
366 * is derived from the AGC. The arbitrary scaling constants
0ccd58fc
LF		 367 * are chosen to make the results close to the values obtained
368 * for a BCM4312 using b43 as the driver. The noise is ignored
369 * for now.
370 */
6f7853f3 371 flags = le32_to_cpu(hdr->flags);
0ccd58fc 372 signal = 14 - hdr->agc / 2;
0ccd58fc 373 rx_status.antenna = (hdr->rssi >> 7) & 1;
6f7853f3 374 rx_status.mactime = le64_to_cpu(hdr->mac_time);
6f7853f3 375 }
605bebe2 376
a7db74f4
LF		 377 rx_status.signal = signal;
378 priv->signal = signal;
379 rate = (flags >> 20) & 0xF;
6f7853f3 380 skb_trim(skb, flags & 0x0FFF);
8318d78a 381 rx_status.rate_idx = rate;
675a0b04
KB		 382 rx_status.freq = dev->conf.chandef.chan->center_freq;
383 rx_status.band = dev->conf.chandef.chan->band;
f4bda337 384 rx_status.flag |= RX_FLAG_MACTIME_START;
38e3b0d8 385 if (flags & RTL818X_RX_DESC_FLAG_CRC32_ERR)
4150c572 386 rx_status.flag |= RX_FLAG_FAILED_FCS_CRC;
f1d58c25
JB		 387 memcpy(IEEE80211_SKB_RXCB(skb), &rx_status, sizeof(rx_status));
388 ieee80211_rx_irqsafe(dev, skb);
605bebe2
MW		 389
390 skb = dev_alloc_skb(RTL8187_MAX_RX);
391 if (unlikely(!skb)) {
605bebe2
MW		 392 /* TODO check rx queue length and refill *somewhere* */
393 return;
394 }
395
396 info = (struct rtl8187_rx_info *)skb->cb;
397 info->urb = urb;
398 info->dev = dev;
399 urb->transfer_buffer = skb_tail_pointer(skb);
400 urb->context = skb;
401 skb_queue_tail(&priv->rx_queue, skb);
402
c1db52b9
LF		 403 usb_anchor_urb(urb, &priv->anchored);
404 if (usb_submit_urb(urb, GFP_ATOMIC)) {
405 usb_unanchor_urb(urb);
406 skb_unlink(skb, &priv->rx_queue);
407 dev_kfree_skb_irq(skb);
408 }
605bebe2
MW		 409}
410
411static int rtl8187_init_urbs(struct ieee80211_hw *dev)
412{
413 struct rtl8187_priv *priv = dev->priv;
c1db52b9 414 struct urb *entry = NULL;
605bebe2
MW		 415 struct sk_buff *skb;
416 struct rtl8187_rx_info *info;
c1db52b9 417 int ret = 0;
605bebe2 418
2a57cf3e 419 while (skb_queue_len(&priv->rx_queue) < 16) {
605bebe2 420 skb = __dev_alloc_skb(RTL8187_MAX_RX, GFP_KERNEL);
c1db52b9
LF		 421 if (!skb) {
422 ret = -ENOMEM;
423 goto err;
424 }
605bebe2
MW		 425 entry = usb_alloc_urb(0, GFP_KERNEL);
426 if (!entry) {
c1db52b9
LF		 427 ret = -ENOMEM;
428 goto err;
605bebe2
MW		 429 }
430 usb_fill_bulk_urb(entry, priv->udev,
6f7853f3
HTL		 431 usb_rcvbulkpipe(priv->udev,
432 priv->is_rtl8187b ? 3 : 1),
605bebe2
MW		 433 skb_tail_pointer(skb),
434 RTL8187_MAX_RX, rtl8187_rx_cb, skb);
435 info = (struct rtl8187_rx_info *)skb->cb;
436 info->urb = entry;
437 info->dev = dev;
438 skb_queue_tail(&priv->rx_queue, skb);
c1db52b9
LF		 439 usb_anchor_urb(entry, &priv->anchored);
440 ret = usb_submit_urb(entry, GFP_KERNEL);
8a10da26 441 usb_put_urb(entry);
c1db52b9
LF		 442 if (ret) {
443 skb_unlink(skb, &priv->rx_queue);
444 usb_unanchor_urb(entry);
445 goto err;
446 }
605bebe2 447 }
c1db52b9 448 return ret;
605bebe2 449
c1db52b9 450err:
c1db52b9
LF		 451 kfree_skb(skb);
452 usb_kill_anchored_urbs(&priv->anchored);
453 return ret;
605bebe2
MW		 454}
455
3517afde
HRK		 456static void rtl8187b_status_cb(struct urb *urb)
457{
458 struct ieee80211_hw *hw = (struct ieee80211_hw *)urb->context;
459 struct rtl8187_priv *priv = hw->priv;
460 u64 val;
461 unsigned int cmd_type;
462
c1db52b9 463 if (unlikely(urb->status))
3517afde 464 return;
3517afde
HRK		 465
466 /*
467 * Read from status buffer:
468 *
469 * bits [30:31] = cmd type:
470 * - 0 indicates tx beacon interrupt
471 * - 1 indicates tx close descriptor
472 *
473 * In the case of tx beacon interrupt:
474 * [0:9] = Last Beacon CW
475 * [10:29] = reserved
476 * [30:31] = 00b
477 * [32:63] = Last Beacon TSF
478 *
479 * If it's tx close descriptor:
480 * [0:7] = Packet Retry Count
481 * [8:14] = RTS Retry Count
482 * [15] = TOK
483 * [16:27] = Sequence No
484 * [28] = LS
485 * [29] = FS
486 * [30:31] = 01b
487 * [32:47] = unused (reserved?)
488 * [48:63] = MAC Used Time
489 */
490 val = le64_to_cpu(priv->b_tx_status.buf);
491
492 cmd_type = (val >> 30) & 0x3;
493 if (cmd_type == 1) {
494 unsigned int pkt_rc, seq_no;
495 bool tok;
496 struct sk_buff *skb;
497 struct ieee80211_hdr *ieee80211hdr;
498 unsigned long flags;
499
500 pkt_rc = val & 0xFF;
501 tok = val & (1 << 15);
502 seq_no = (val >> 16) & 0xFFF;
503
504 spin_lock_irqsave(&priv->b_tx_status.queue.lock, flags);
505 skb_queue_reverse_walk(&priv->b_tx_status.queue, skb) {
506 ieee80211hdr = (struct ieee80211_hdr *)skb->data;
507
508 /*
509 * While testing, it was discovered that the seq_no
510 * doesn't actually contains the sequence number.
511 * Instead of returning just the 12 bits of sequence
512 * number, hardware is returning entire sequence control
513 * (fragment number plus sequence number) in a 12 bit
514 * only field overflowing after some time. As a
515 * workaround, just consider the lower bits, and expect
516 * it's unlikely we wrongly ack some sent data
517 */
518 if ((le16_to_cpu(ieee80211hdr->seq_ctrl)
519 & 0xFFF) == seq_no)
520 break;
521 }
522 if (skb != (struct sk_buff *) &priv->b_tx_status.queue) {
523 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
524
525 __skb_unlink(skb, &priv->b_tx_status.queue);
526 if (tok)
527 info->flags |= IEEE80211_TX_STAT_ACK;
1548c86a 528 info->status.rates[0].count = pkt_rc + 1;
3517afde
HRK		 529
530 ieee80211_tx_status_irqsafe(hw, skb);
531 }
532 spin_unlock_irqrestore(&priv->b_tx_status.queue.lock, flags);
533 }
534
c1db52b9
LF		 535 usb_anchor_urb(urb, &priv->anchored);
536 if (usb_submit_urb(urb, GFP_ATOMIC))
537 usb_unanchor_urb(urb);
3517afde
HRK		 538}
539
540static int rtl8187b_init_status_urb(struct ieee80211_hw *dev)
541{
542 struct rtl8187_priv *priv = dev->priv;
543 struct urb *entry;
c1db52b9 544 int ret = 0;
3517afde
HRK		 545
546 entry = usb_alloc_urb(0, GFP_KERNEL);
547 if (!entry)
548 return -ENOMEM;
3517afde
HRK		 549
550 usb_fill_bulk_urb(entry, priv->udev, usb_rcvbulkpipe(priv->udev, 9),
551 &priv->b_tx_status.buf, sizeof(priv->b_tx_status.buf),
552 rtl8187b_status_cb, dev);
553
c1db52b9
LF		 554 usb_anchor_urb(entry, &priv->anchored);
555 ret = usb_submit_urb(entry, GFP_KERNEL);
556 if (ret)
557 usb_unanchor_urb(entry);
558 usb_free_urb(entry);
3517afde 559
c1db52b9 560 return ret;
3517afde
HRK		 561}
562
0bf198eb
HRK		 563static void rtl8187_set_anaparam(struct rtl8187_priv *priv, bool rfon)
564{
565 u32 anaparam, anaparam2;
566 u8 anaparam3, reg;
567
568 if (!priv->is_rtl8187b) {
569 if (rfon) {
570 anaparam = RTL8187_RTL8225_ANAPARAM_ON;
571 anaparam2 = RTL8187_RTL8225_ANAPARAM2_ON;
572 } else {
573 anaparam = RTL8187_RTL8225_ANAPARAM_OFF;
574 anaparam2 = RTL8187_RTL8225_ANAPARAM2_OFF;
575 }
576 } else {
577 if (rfon) {
578 anaparam = RTL8187B_RTL8225_ANAPARAM_ON;
579 anaparam2 = RTL8187B_RTL8225_ANAPARAM2_ON;
580 anaparam3 = RTL8187B_RTL8225_ANAPARAM3_ON;
581 } else {
582 anaparam = RTL8187B_RTL8225_ANAPARAM_OFF;
583 anaparam2 = RTL8187B_RTL8225_ANAPARAM2_OFF;
584 anaparam3 = RTL8187B_RTL8225_ANAPARAM3_OFF;
585 }
586 }
587
588 rtl818x_iowrite8(priv, &priv->map->EEPROM_CMD,
589 RTL818X_EEPROM_CMD_CONFIG);
590 reg = rtl818x_ioread8(priv, &priv->map->CONFIG3);
591 reg |= RTL818X_CONFIG3_ANAPARAM_WRITE;
592 rtl818x_iowrite8(priv, &priv->map->CONFIG3, reg);
593 rtl818x_iowrite32(priv, &priv->map->ANAPARAM, anaparam);
594 rtl818x_iowrite32(priv, &priv->map->ANAPARAM2, anaparam2);
595 if (priv->is_rtl8187b)
596 rtl818x_iowrite8(priv, &priv->map->ANAPARAM3, anaparam3);
597 reg &= ~RTL818X_CONFIG3_ANAPARAM_WRITE;
598 rtl818x_iowrite8(priv, &priv->map->CONFIG3, reg);
599 rtl818x_iowrite8(priv, &priv->map->EEPROM_CMD,
600 RTL818X_EEPROM_CMD_NORMAL);
601}
602
f8a08c34 603static int rtl8187_cmd_reset(struct ieee80211_hw *dev)
605bebe2
MW		 604{
605 struct rtl8187_priv *priv = dev->priv;
606 u8 reg;
607 int i;
608
605bebe2
MW		 609 reg = rtl818x_ioread8(priv, &priv->map->CMD);
610 reg &= (1 << 1);
611 reg |= RTL818X_CMD_RESET;
612 rtl818x_iowrite8(priv, &priv->map->CMD, reg);
613
614 i = 10;
615 do {
616 msleep(2);
617 if (!(rtl818x_ioread8(priv, &priv->map->CMD) &
618 RTL818X_CMD_RESET))
619 break;
620 } while (--i);
621
622 if (!i) {
5db55844 623 wiphy_err(dev->wiphy, "Reset timeout!\n");
605bebe2
MW		 624 return -ETIMEDOUT;
625 }
626
627 /* reload registers from eeprom */
628 rtl818x_iowrite8(priv, &priv->map->EEPROM_CMD, RTL818X_EEPROM_CMD_LOAD);
629
630 i = 10;
631 do {
632 msleep(4);
633 if (!(rtl818x_ioread8(priv, &priv->map->EEPROM_CMD) &
634 RTL818X_EEPROM_CMD_CONFIG))
635 break;
636 } while (--i);
637
638 if (!i) {
c96c31e4 639 wiphy_err(dev->wiphy, "eeprom reset timeout!\n");
605bebe2
MW		 640 return -ETIMEDOUT;
641 }
642
f8a08c34
HTL		 643 return 0;
644}
645
646static int rtl8187_init_hw(struct ieee80211_hw *dev)
647{
648 struct rtl8187_priv *priv = dev->priv;
649 u8 reg;
650 int res;
651
652 /* reset */
0bf198eb 653 rtl8187_set_anaparam(priv, true);
f8a08c34
HTL		 654
655 rtl818x_iowrite16(priv, &priv->map->INT_MASK, 0);
656
657 msleep(200);
658 rtl818x_iowrite8(priv, (u8 *)0xFE18, 0x10);
659 rtl818x_iowrite8(priv, (u8 *)0xFE18, 0x11);
660 rtl818x_iowrite8(priv, (u8 *)0xFE18, 0x00);
661 msleep(200);
662
663 res = rtl8187_cmd_reset(dev);
664 if (res)
665 return res;
666
0bf198eb 667 rtl8187_set_anaparam(priv, true);
605bebe2
MW		 668
669 /* setup card */
670 rtl818x_iowrite16(priv, &priv->map->RFPinsSelect, 0);
ca9152e3 671 rtl818x_iowrite8(priv, &priv->map->GPIO0, 0);
605bebe2
MW		 672
673 rtl818x_iowrite16(priv, &priv->map->RFPinsSelect, (4 << 8));
ca9152e3 674 rtl818x_iowrite8(priv, &priv->map->GPIO0, 1);
605bebe2
MW		 675 rtl818x_iowrite8(priv, &priv->map->GP_ENABLE, 0);
676
677 rtl818x_iowrite8(priv, &priv->map->EEPROM_CMD, RTL818X_EEPROM_CMD_CONFIG);
605bebe2
MW		 678
679 rtl818x_iowrite16(priv, (__le16 *)0xFFF4, 0xFFFF);
680 reg = rtl818x_ioread8(priv, &priv->map->CONFIG1);
681 reg &= 0x3F;
682 reg |= 0x80;
683 rtl818x_iowrite8(priv, &priv->map->CONFIG1, reg);
684
685 rtl818x_iowrite8(priv, &priv->map->EEPROM_CMD, RTL818X_EEPROM_CMD_NORMAL);
686
687 rtl818x_iowrite32(priv, &priv->map->INT_TIMEOUT, 0);
688 rtl818x_iowrite8(priv, &priv->map->WPA_CONF, 0);
2f47690e 689 rtl818x_iowrite8(priv, &priv->map->RATE_FALLBACK, 0);
605bebe2
MW		 690
691 // TODO: set RESP_RATE and BRSR properly
692 rtl818x_iowrite8(priv, &priv->map->RESP_RATE, (8 << 4) | 0);
693 rtl818x_iowrite16(priv, &priv->map->BRSR, 0x01F3);
694
695 /* host_usb_init */
696 rtl818x_iowrite16(priv, &priv->map->RFPinsSelect, 0);
ca9152e3 697 rtl818x_iowrite8(priv, &priv->map->GPIO0, 0);
605bebe2
MW		 698 reg = rtl818x_ioread8(priv, (u8 *)0xFE53);
699 rtl818x_iowrite8(priv, (u8 *)0xFE53, reg | (1 << 7));
700 rtl818x_iowrite16(priv, &priv->map->RFPinsSelect, (4 << 8));
ca9152e3 701 rtl818x_iowrite8(priv, &priv->map->GPIO0, 0x20);
605bebe2
MW		 702 rtl818x_iowrite8(priv, &priv->map->GP_ENABLE, 0);
703 rtl818x_iowrite16(priv, &priv->map->RFPinsOutput, 0x80);
704 rtl818x_iowrite16(priv, &priv->map->RFPinsSelect, 0x80);
705 rtl818x_iowrite16(priv, &priv->map->RFPinsEnable, 0x80);
706 msleep(100);
707
708 rtl818x_iowrite32(priv, &priv->map->RF_TIMING, 0x000a8008);
709 rtl818x_iowrite16(priv, &priv->map->BRSR, 0xFFFF);
710 rtl818x_iowrite32(priv, &priv->map->RF_PARA, 0x00100044);
f8a08c34
HTL		 711 rtl818x_iowrite8(priv, &priv->map->EEPROM_CMD,
712 RTL818X_EEPROM_CMD_CONFIG);
605bebe2 713 rtl818x_iowrite8(priv, &priv->map->CONFIG3, 0x44);
f8a08c34
HTL		 714 rtl818x_iowrite8(priv, &priv->map->EEPROM_CMD,
715 RTL818X_EEPROM_CMD_NORMAL);
605bebe2
MW		 716 rtl818x_iowrite16(priv, &priv->map->RFPinsEnable, 0x1FF7);
717 msleep(100);
718
f6532111 719 priv->rf->init(dev);
605bebe2
MW		 720
721 rtl818x_iowrite16(priv, &priv->map->BRSR, 0x01F3);
f6532111
MW		 722 reg = rtl818x_ioread8(priv, &priv->map->PGSELECT) & ~1;
723 rtl818x_iowrite8(priv, &priv->map->PGSELECT, reg | 1);
605bebe2
MW		 724 rtl818x_iowrite16(priv, (__le16 *)0xFFFE, 0x10);
725 rtl818x_iowrite8(priv, &priv->map->TALLY_SEL, 0x80);
726 rtl818x_iowrite8(priv, (u8 *)0xFFFF, 0x60);
f6532111 727 rtl818x_iowrite8(priv, &priv->map->PGSELECT, reg);
605bebe2
MW		 728
729 return 0;
730}
731
f8a08c34
HTL		 732static const u8 rtl8187b_reg_table[][3] = {
733 {0xF0, 0x32, 0}, {0xF1, 0x32, 0}, {0xF2, 0x00, 0}, {0xF3, 0x00, 0},
734 {0xF4, 0x32, 0}, {0xF5, 0x43, 0}, {0xF6, 0x00, 0}, {0xF7, 0x00, 0},
735 {0xF8, 0x46, 0}, {0xF9, 0xA4, 0}, {0xFA, 0x00, 0}, {0xFB, 0x00, 0},
736 {0xFC, 0x96, 0}, {0xFD, 0xA4, 0}, {0xFE, 0x00, 0}, {0xFF, 0x00, 0},
737
738 {0x58, 0x4B, 1}, {0x59, 0x00, 1}, {0x5A, 0x4B, 1}, {0x5B, 0x00, 1},
739 {0x60, 0x4B, 1}, {0x61, 0x09, 1}, {0x62, 0x4B, 1}, {0x63, 0x09, 1},
327571ea
HRK		 740 {0xCE, 0x0F, 1}, {0xCF, 0x00, 1}, {0xF0, 0x4E, 1}, {0xF1, 0x01, 1},
741 {0xF2, 0x02, 1}, {0xF3, 0x03, 1}, {0xF4, 0x04, 1}, {0xF5, 0x05, 1},
742 {0xF6, 0x06, 1}, {0xF7, 0x07, 1}, {0xF8, 0x08, 1},
f8a08c34
HTL		 743
744 {0x4E, 0x00, 2}, {0x0C, 0x04, 2}, {0x21, 0x61, 2}, {0x22, 0x68, 2},
745 {0x23, 0x6F, 2}, {0x24, 0x76, 2}, {0x25, 0x7D, 2}, {0x26, 0x84, 2},
746 {0x27, 0x8D, 2}, {0x4D, 0x08, 2}, {0x50, 0x05, 2}, {0x51, 0xF5, 2},
747 {0x52, 0x04, 2}, {0x53, 0xA0, 2}, {0x54, 0x1F, 2}, {0x55, 0x23, 2},
748 {0x56, 0x45, 2}, {0x57, 0x67, 2}, {0x58, 0x08, 2}, {0x59, 0x08, 2},
749 {0x5A, 0x08, 2}, {0x5B, 0x08, 2}, {0x60, 0x08, 2}, {0x61, 0x08, 2},
a8ff34e3 750 {0x62, 0x08, 2}, {0x63, 0x08, 2}, {0x64, 0xCF, 2},
f8a08c34 751
60f58914
HRK		 752 {0x5B, 0x40, 0}, {0x84, 0x88, 0}, {0x85, 0x24, 0}, {0x88, 0x54, 0},
753 {0x8B, 0xB8, 0}, {0x8C, 0x07, 0}, {0x8D, 0x00, 0}, {0x94, 0x1B, 0},
754 {0x95, 0x12, 0}, {0x96, 0x00, 0}, {0x97, 0x06, 0}, {0x9D, 0x1A, 0},
755 {0x9F, 0x10, 0}, {0xB4, 0x22, 0}, {0xBE, 0x80, 0}, {0xDB, 0x00, 0},
756 {0xEE, 0x00, 0}, {0x4C, 0x00, 2},
f8a08c34 757
a027087a
LF		 758 {0x9F, 0x00, 3}, {0x8C, 0x01, 0}, {0x8D, 0x10, 0}, {0x8E, 0x08, 0},
759 {0x8F, 0x00, 0}
f8a08c34
HTL		 760};
761
762static int rtl8187b_init_hw(struct ieee80211_hw *dev)
763{
764 struct rtl8187_priv *priv = dev->priv;
765 int res, i;
766 u8 reg;
767
0bf198eb 768 rtl8187_set_anaparam(priv, true);
f8a08c34 769
896cae65
HRK		 770 /* Reset PLL sequence on 8187B. Realtek note: reduces power
771 * consumption about 30 mA */
772 rtl818x_iowrite8(priv, (u8 *)0xFF61, 0x10);
773 reg = rtl818x_ioread8(priv, (u8 *)0xFF62);
774 rtl818x_iowrite8(priv, (u8 *)0xFF62, reg & ~(1 << 5));
775 rtl818x_iowrite8(priv, (u8 *)0xFF62, reg | (1 << 5));
776
f8a08c34
HTL		 777 res = rtl8187_cmd_reset(dev);
778 if (res)
779 return res;
780
daeeb074
HRK		 781 rtl8187_set_anaparam(priv, true);
782
60f58914
HRK		 783 /* BRSR (Basic Rate Set Register) on 8187B looks to be the same as
784 * RESP_RATE on 8187L in Realtek sources: each bit should be each
785 * one of the 12 rates, all are enabled */
786 rtl818x_iowrite16(priv, (__le16 *)0xFF34, 0x0FFF);
787
f8a08c34
HTL		 788 reg = rtl818x_ioread8(priv, &priv->map->CW_CONF);
789 reg |= RTL818X_CW_CONF_PERPACKET_RETRY_SHIFT;
790 rtl818x_iowrite8(priv, &priv->map->CW_CONF, reg);
f8a08c34 791
327571ea 792 /* Auto Rate Fallback Register (ARFR): 1M-54M setting */
f8a08c34 793 rtl818x_iowrite16_idx(priv, (__le16 *)0xFFE0, 0x0FFF, 1);
327571ea 794 rtl818x_iowrite8_idx(priv, (u8 *)0xFFE2, 0x00, 1);
f8a08c34 795
f8a08c34
HTL		 796 rtl818x_iowrite16_idx(priv, (__le16 *)0xFFD4, 0xFFFF, 1);
797
798 rtl818x_iowrite8(priv, &priv->map->EEPROM_CMD,
799 RTL818X_EEPROM_CMD_CONFIG);
800 reg = rtl818x_ioread8(priv, &priv->map->CONFIG1);
801 rtl818x_iowrite8(priv, &priv->map->CONFIG1, (reg & 0x3F) | 0x80);
802 rtl818x_iowrite8(priv, &priv->map->EEPROM_CMD,
803 RTL818X_EEPROM_CMD_NORMAL);
804
805 rtl818x_iowrite8(priv, &priv->map->WPA_CONF, 0);
806 for (i = 0; i < ARRAY_SIZE(rtl8187b_reg_table); i++) {
807 rtl818x_iowrite8_idx(priv,
808 (u8 *)(uintptr_t)
809 (rtl8187b_reg_table[i][0] | 0xFF00),
810 rtl8187b_reg_table[i][1],
811 rtl8187b_reg_table[i][2]);
812 }
813
814 rtl818x_iowrite16(priv, &priv->map->TID_AC_MAP, 0xFA50);
815 rtl818x_iowrite16(priv, &priv->map->INT_MIG, 0);
816
817 rtl818x_iowrite32_idx(priv, (__le32 *)0xFFF0, 0, 1);
818 rtl818x_iowrite32_idx(priv, (__le32 *)0xFFF4, 0, 1);
819 rtl818x_iowrite8_idx(priv, (u8 *)0xFFF8, 0, 1);
820
821 rtl818x_iowrite32(priv, &priv->map->RF_TIMING, 0x00004001);
822
a8ff34e3 823 /* RFSW_CTRL register */
f8a08c34
HTL		 824 rtl818x_iowrite16_idx(priv, (__le16 *)0xFF72, 0x569A, 2);
825
f8a08c34
HTL		 826 rtl818x_iowrite16(priv, &priv->map->RFPinsOutput, 0x0480);
827 rtl818x_iowrite16(priv, &priv->map->RFPinsSelect, 0x2488);
828 rtl818x_iowrite16(priv, &priv->map->RFPinsEnable, 0x1FFF);
2f20596b 829 msleep(100);
f8a08c34
HTL		 830
831 priv->rf->init(dev);
832
833 reg = RTL818X_CMD_TX_ENABLE | RTL818X_CMD_RX_ENABLE;
834 rtl818x_iowrite8(priv, &priv->map->CMD, reg);
835 rtl818x_iowrite16(priv, &priv->map->INT_MASK, 0xFFFF);
836
837 rtl818x_iowrite8(priv, (u8 *)0xFE41, 0xF4);
838 rtl818x_iowrite8(priv, (u8 *)0xFE40, 0x00);
839 rtl818x_iowrite8(priv, (u8 *)0xFE42, 0x00);
840 rtl818x_iowrite8(priv, (u8 *)0xFE42, 0x01);
841 rtl818x_iowrite8(priv, (u8 *)0xFE40, 0x0F);
842 rtl818x_iowrite8(priv, (u8 *)0xFE42, 0x00);
843 rtl818x_iowrite8(priv, (u8 *)0xFE42, 0x01);
844
845 reg = rtl818x_ioread8(priv, (u8 *)0xFFDB);
846 rtl818x_iowrite8(priv, (u8 *)0xFFDB, reg | (1 << 2));
847 rtl818x_iowrite16_idx(priv, (__le16 *)0xFF72, 0x59FA, 3);
848 rtl818x_iowrite16_idx(priv, (__le16 *)0xFF74, 0x59D2, 3);
849 rtl818x_iowrite16_idx(priv, (__le16 *)0xFF76, 0x59D2, 3);
850 rtl818x_iowrite16_idx(priv, (__le16 *)0xFF78, 0x19FA, 3);
851 rtl818x_iowrite16_idx(priv, (__le16 *)0xFF7A, 0x19FA, 3);
852 rtl818x_iowrite16_idx(priv, (__le16 *)0xFF7C, 0x00D0, 3);
853 rtl818x_iowrite8(priv, (u8 *)0xFF61, 0);
854 rtl818x_iowrite8_idx(priv, (u8 *)0xFF80, 0x0F, 1);
855 rtl818x_iowrite8_idx(priv, (u8 *)0xFF83, 0x03, 1);
856 rtl818x_iowrite8(priv, (u8 *)0xFFDA, 0x10);
857 rtl818x_iowrite8_idx(priv, (u8 *)0xFF4D, 0x08, 2);
858
859 rtl818x_iowrite32(priv, &priv->map->HSSI_PARA, 0x0600321B);
860
861 rtl818x_iowrite16_idx(priv, (__le16 *)0xFFEC, 0x0800, 1);
862
b4572a92
HRK		 863 priv->slot_time = 0x9;
864 priv->aifsn[0] = 2; /* AIFSN[AC_VO] */
865 priv->aifsn[1] = 2; /* AIFSN[AC_VI] */
866 priv->aifsn[2] = 7; /* AIFSN[AC_BK] */
867 priv->aifsn[3] = 3; /* AIFSN[AC_BE] */
868 rtl818x_iowrite8(priv, &priv->map->ACM_CONTROL, 0);
869
1a9937b7
HRK		 870 /* ENEDCA flag must always be set, transmit issues? */
871 rtl818x_iowrite8(priv, &priv->map->MSR, RTL818X_MSR_ENEDCA);
872
f8a08c34
HTL		 873 return 0;
874}
875
2f47690e
LF		 876static void rtl8187_work(struct work_struct *work)
877{
878 /* The RTL8187 returns the retry count through register 0xFFFA. In
879 * addition, it appears to be a cumulative retry count, not the
880 * value for the current TX packet. When multiple TX entries are
6410db59
LF		 881 * waiting in the queue, the retry count will be the total for all.
882 * The "error" may matter for purposes of rate setting, but there is
883 * no other choice with this hardware.
884 */
2f47690e
LF		 885 struct rtl8187_priv *priv = container_of(work, struct rtl8187_priv,
886 work.work);
887 struct ieee80211_tx_info *info;
888 struct ieee80211_hw *dev = priv->dev;
889 static u16 retry;
890 u16 tmp;
6410db59
LF		 891 u16 avg_retry;
892 int length;
2f47690e
LF		 893
894 mutex_lock(&priv->conf_mutex);
895 tmp = rtl818x_ioread16(priv, (__le16 *)0xFFFA);
6410db59
LF		 896 length = skb_queue_len(&priv->b_tx_status.queue);
897 if (unlikely(!length))
898 length = 1;
899 if (unlikely(tmp < retry))
900 tmp = retry;
901 avg_retry = (tmp - retry) / length;
2f47690e
LF		 902 while (skb_queue_len(&priv->b_tx_status.queue) > 0) {
903 struct sk_buff *old_skb;
904
905 old_skb = skb_dequeue(&priv->b_tx_status.queue);
906 info = IEEE80211_SKB_CB(old_skb);
6410db59
LF		 907 info->status.rates[0].count = avg_retry + 1;
908 if (info->status.rates[0].count > RETRY_COUNT)
909 info->flags &= ~IEEE80211_TX_STAT_ACK;
2f47690e
LF		 910 ieee80211_tx_status_irqsafe(dev, old_skb);
911 }
912 retry = tmp;
913 mutex_unlock(&priv->conf_mutex);
914}
915
4150c572 916static int rtl8187_start(struct ieee80211_hw *dev)
605bebe2
MW		 917{
918 struct rtl8187_priv *priv = dev->priv;
919 u32 reg;
920 int ret;
921
ca9152e3
HRK		 922 mutex_lock(&priv->conf_mutex);
923
f8a08c34
HTL		 924 ret = (!priv->is_rtl8187b) ? rtl8187_init_hw(dev) :
925 rtl8187b_init_hw(dev);
605bebe2 926 if (ret)
ca9152e3 927 goto rtl8187_start_exit;
c1db52b9
LF		 928
929 init_usb_anchor(&priv->anchored);
2f47690e 930 priv->dev = dev;
c1db52b9 931
f8a08c34
HTL		 932 if (priv->is_rtl8187b) {
933 reg = RTL818X_RX_CONF_MGMT |
934 RTL818X_RX_CONF_DATA |
935 RTL818X_RX_CONF_BROADCAST |
936 RTL818X_RX_CONF_NICMAC |
937 RTL818X_RX_CONF_BSSID |
938 (7 << 13 /* RX FIFO threshold NONE */) |
939 (7 << 10 /* MAX RX DMA */) |
940 RTL818X_RX_CONF_RX_AUTORESETPHY |
941 RTL818X_RX_CONF_ONLYERLPKT |
942 RTL818X_RX_CONF_MULTICAST;
943 priv->rx_conf = reg;
944 rtl818x_iowrite32(priv, &priv->map->RX_CONF, reg);
945
19999792
TLSC		 946 reg = rtl818x_ioread8(priv, &priv->map->TX_AGC_CTL);
947 reg &= ~RTL818X_TX_AGC_CTL_PERPACKET_GAIN_SHIFT;
948 reg &= ~RTL818X_TX_AGC_CTL_PERPACKET_ANTSEL_SHIFT;
949 reg &= ~RTL818X_TX_AGC_CTL_FEEDBACK_ANT;
950 rtl818x_iowrite8(priv, &priv->map->TX_AGC_CTL, reg);
951
f8a08c34
HTL		 952 rtl818x_iowrite32(priv, &priv->map->TX_CONF,
953 RTL818X_TX_CONF_HW_SEQNUM |
954 RTL818X_TX_CONF_DISREQQSIZE |
6410db59
LF		 955 (RETRY_COUNT << 8 /* short retry limit */) |
956 (RETRY_COUNT << 0 /* long retry limit */) |
f8a08c34 957 (7 << 21 /* MAX TX DMA */));
8a10da26
AK		 958 ret = rtl8187_init_urbs(dev);
959 if (ret)
960 goto rtl8187_start_exit;
961 ret = rtl8187b_init_status_urb(dev);
962 if (ret)
963 usb_kill_anchored_urbs(&priv->anchored);
ca9152e3 964 goto rtl8187_start_exit;
f8a08c34
HTL		 965 }
966
605bebe2
MW		 967 rtl818x_iowrite16(priv, &priv->map->INT_MASK, 0xFFFF);
968
2fe14263
MW		 969 rtl818x_iowrite32(priv, &priv->map->MAR[0], ~0);
970 rtl818x_iowrite32(priv, &priv->map->MAR[1], ~0);
971
8a10da26
AK		 972 ret = rtl8187_init_urbs(dev);
973 if (ret)
974 goto rtl8187_start_exit;
605bebe2
MW		 975
976 reg = RTL818X_RX_CONF_ONLYERLPKT |
977 RTL818X_RX_CONF_RX_AUTORESETPHY |
978 RTL818X_RX_CONF_BSSID |
979 RTL818X_RX_CONF_MGMT |
605bebe2
MW		 980 RTL818X_RX_CONF_DATA |
981 (7 << 13 /* RX FIFO threshold NONE */) |
982 (7 << 10 /* MAX RX DMA */) |
983 RTL818X_RX_CONF_BROADCAST |
605bebe2 984 RTL818X_RX_CONF_NICMAC;
605bebe2 985
4150c572 986 priv->rx_conf = reg;
605bebe2
MW		 987 rtl818x_iowrite32(priv, &priv->map->RX_CONF, reg);
988
989 reg = rtl818x_ioread8(priv, &priv->map->CW_CONF);
990 reg &= ~RTL818X_CW_CONF_PERPACKET_CW_SHIFT;
991 reg |= RTL818X_CW_CONF_PERPACKET_RETRY_SHIFT;
992 rtl818x_iowrite8(priv, &priv->map->CW_CONF, reg);
993
994 reg = rtl818x_ioread8(priv, &priv->map->TX_AGC_CTL);
995 reg &= ~RTL818X_TX_AGC_CTL_PERPACKET_GAIN_SHIFT;
996 reg &= ~RTL818X_TX_AGC_CTL_PERPACKET_ANTSEL_SHIFT;
997 reg &= ~RTL818X_TX_AGC_CTL_FEEDBACK_ANT;
998 rtl818x_iowrite8(priv, &priv->map->TX_AGC_CTL, reg);
999
1000 reg = RTL818X_TX_CONF_CW_MIN |
1001 (7 << 21 /* MAX TX DMA */) |
1002 RTL818X_TX_CONF_NO_ICV;
1003 rtl818x_iowrite32(priv, &priv->map->TX_CONF, reg);
1004
1005 reg = rtl818x_ioread8(priv, &priv->map->CMD);
1006 reg |= RTL818X_CMD_TX_ENABLE;
1007 reg |= RTL818X_CMD_RX_ENABLE;
1008 rtl818x_iowrite8(priv, &priv->map->CMD, reg);
2f47690e 1009 INIT_DELAYED_WORK(&priv->work, rtl8187_work);
605bebe2 1010
ca9152e3
HRK		 1011rtl8187_start_exit:
1012 mutex_unlock(&priv->conf_mutex);
1013 return ret;
605bebe2
MW		 1014}
1015
4150c572 1016static void rtl8187_stop(struct ieee80211_hw *dev)
605bebe2
MW		 1017{
1018 struct rtl8187_priv *priv = dev->priv;
605bebe2
MW		 1019 struct sk_buff *skb;
1020 u32 reg;
1021
7dcdd073 1022 mutex_lock(&priv->conf_mutex);
605bebe2
MW		 1023 rtl818x_iowrite16(priv, &priv->map->INT_MASK, 0);
1024
1025 reg = rtl818x_ioread8(priv, &priv->map->CMD);
1026 reg &= ~RTL818X_CMD_TX_ENABLE;
1027 reg &= ~RTL818X_CMD_RX_ENABLE;
1028 rtl818x_iowrite8(priv, &priv->map->CMD, reg);
1029
f6532111 1030 priv->rf->stop(dev);
0bf198eb 1031 rtl8187_set_anaparam(priv, false);
605bebe2
MW		 1032
1033 rtl818x_iowrite8(priv, &priv->map->EEPROM_CMD, RTL818X_EEPROM_CMD_CONFIG);
1034 reg = rtl818x_ioread8(priv, &priv->map->CONFIG4);
1035 rtl818x_iowrite8(priv, &priv->map->CONFIG4, reg | RTL818X_CONFIG4_VCOOFF);
1036 rtl818x_iowrite8(priv, &priv->map->EEPROM_CMD, RTL818X_EEPROM_CMD_NORMAL);
1037
3517afde
HRK		 1038 while ((skb = skb_dequeue(&priv->b_tx_status.queue)))
1039 dev_kfree_skb_any(skb);
c1db52b9
LF		 1040
1041 usb_kill_anchored_urbs(&priv->anchored);
6a8171f2
HRK		 1042 mutex_unlock(&priv->conf_mutex);
1043
2f47690e
LF		 1044 if (!priv->is_rtl8187b)
1045 cancel_delayed_work_sync(&priv->work);
605bebe2
MW		 1046}
1047
41b58f18
AF		 1048static u64 rtl8187_get_tsf(struct ieee80211_hw *dev, struct ieee80211_vif *vif)
1049{
1050 struct rtl8187_priv *priv = dev->priv;
1051
1052 return rtl818x_ioread32(priv, &priv->map->TSFT[0]) |
1053 (u64)(rtl818x_ioread32(priv, &priv->map->TSFT[1])) << 32;
1054}
1055
1056
1057static void rtl8187_beacon_work(struct work_struct *work)
1058{
1059 struct rtl8187_vif *vif_priv =
1060 container_of(work, struct rtl8187_vif, beacon_work.work);
1061 struct ieee80211_vif *vif =
1062 container_of((void *)vif_priv, struct ieee80211_vif, drv_priv);
1063 struct ieee80211_hw *dev = vif_priv->dev;
1064 struct ieee80211_mgmt *mgmt;
1065 struct sk_buff *skb;
1066
1067 /* don't overflow the tx ring */
1068 if (ieee80211_queue_stopped(dev, 0))
1069 goto resched;
1070
1071 /* grab a fresh beacon */
1072 skb = ieee80211_beacon_get(dev, vif);
1073 if (!skb)
1074 goto resched;
1075
1076 /*
1077 * update beacon timestamp w/ TSF value
1078 * TODO: make hardware update beacon timestamp
1079 */
1080 mgmt = (struct ieee80211_mgmt *)skb->data;
1081 mgmt->u.beacon.timestamp = cpu_to_le64(rtl8187_get_tsf(dev, vif));
1082
1083 /* TODO: use actual beacon queue */
1084 skb_set_queue_mapping(skb, 0);
1085
36323f81 1086 rtl8187_tx(dev, NULL, skb);
41b58f18
AF		 1087
1088resched:
1089 /*
1090 * schedule next beacon
1091 * TODO: use hardware support for beacon timing
1092 */
1093 schedule_delayed_work(&vif_priv->beacon_work,
1094 usecs_to_jiffies(1024 * vif->bss_conf.beacon_int));
1095}
1096
1097
605bebe2 1098static int rtl8187_add_interface(struct ieee80211_hw *dev,
1ed32e4f 1099 struct ieee80211_vif *vif)
605bebe2
MW		 1100{
1101 struct rtl8187_priv *priv = dev->priv;
41b58f18 1102 struct rtl8187_vif *vif_priv;
4150c572 1103 int i;
66aafd9a 1104 int ret = -EOPNOTSUPP;
605bebe2 1105
66aafd9a 1106 mutex_lock(&priv->conf_mutex);
d30506e0 1107 if (priv->vif)
66aafd9a 1108 goto exit;
605bebe2 1109
1ed32e4f 1110 switch (vif->type) {
05c914fe 1111 case NL80211_IFTYPE_STATION:
41b58f18 1112 case NL80211_IFTYPE_ADHOC:
605bebe2
MW		 1113 break;
1114 default:
66aafd9a 1115 goto exit;
605bebe2
MW		 1116 }
1117
66aafd9a 1118 ret = 0;
1ed32e4f 1119 priv->vif = vif;
aa979a6a 1120
41b58f18
AF		 1121 /* Initialize driver private area */
1122 vif_priv = (struct rtl8187_vif *)&vif->drv_priv;
1123 vif_priv->dev = dev;
1124 INIT_DELAYED_WORK(&vif_priv->beacon_work, rtl8187_beacon_work);
1125 vif_priv->enable_beacon = false;
1126
1127
4150c572
JB		 1128 rtl818x_iowrite8(priv, &priv->map->EEPROM_CMD, RTL818X_EEPROM_CMD_CONFIG);
1129 for (i = 0; i < ETH_ALEN; i++)
1130 rtl818x_iowrite8(priv, &priv->map->MAC[i],
1ed32e4f 1131 ((u8 *)vif->addr)[i]);
4150c572 1132 rtl818x_iowrite8(priv, &priv->map->EEPROM_CMD, RTL818X_EEPROM_CMD_NORMAL);
605bebe2 1133
66aafd9a 1134exit:
7dcdd073 1135 mutex_unlock(&priv->conf_mutex);
66aafd9a 1136 return ret;
605bebe2
MW		 1137}
1138
1139static void rtl8187_remove_interface(struct ieee80211_hw *dev,
1ed32e4f 1140 struct ieee80211_vif *vif)
605bebe2
MW		 1141{
1142 struct rtl8187_priv *priv = dev->priv;
7dcdd073 1143 mutex_lock(&priv->conf_mutex);
aa979a6a 1144 priv->vif = NULL;
7dcdd073 1145 mutex_unlock(&priv->conf_mutex);
605bebe2
MW		 1146}
1147
e8975581 1148static int rtl8187_config(struct ieee80211_hw *dev, u32 changed)
605bebe2
MW		 1149{
1150 struct rtl8187_priv *priv = dev->priv;
e8975581 1151 struct ieee80211_conf *conf = &dev->conf;
f6532111
MW		 1152 u32 reg;
1153
7dcdd073 1154 mutex_lock(&priv->conf_mutex);
f6532111
MW		 1155 reg = rtl818x_ioread32(priv, &priv->map->TX_CONF);
1156 /* Enable TX loopback on MAC level to avoid TX during channel
1157 * changes, as this has be seen to causes problems and the
1158 * card will stop work until next reset
1159 */
1160 rtl818x_iowrite32(priv, &priv->map->TX_CONF,
1161 reg | RTL818X_TX_CONF_LOOPBACK_MAC);
f6532111
MW		 1162 priv->rf->set_chan(dev, conf);
1163 msleep(10);
1164 rtl818x_iowrite32(priv, &priv->map->TX_CONF, reg);
605bebe2 1165
605bebe2
MW		 1166 rtl818x_iowrite16(priv, &priv->map->ATIM_WND, 2);
1167 rtl818x_iowrite16(priv, &priv->map->ATIMTR_INTERVAL, 100);
1168 rtl818x_iowrite16(priv, &priv->map->BEACON_INTERVAL, 100);
1169 rtl818x_iowrite16(priv, &priv->map->BEACON_INTERVAL_TIME, 100);
7dcdd073 1170 mutex_unlock(&priv->conf_mutex);
605bebe2
MW		 1171 return 0;
1172}
1173
b4572a92
HRK		 1174/*
1175 * With 8187B, AC_*_PARAM clashes with FEMR definition in struct rtl818x_csr for
1176 * example. Thus we have to use raw values for AC_*_PARAM register addresses.
1177 */
1178static __le32 *rtl8187b_ac_addr[4] = {
1179 (__le32 *) 0xFFF0, /* AC_VO */
1180 (__le32 *) 0xFFF4, /* AC_VI */
1181 (__le32 *) 0xFFFC, /* AC_BK */
1182 (__le32 *) 0xFFF8, /* AC_BE */
1183};
1184
1185#define SIFS_TIME 0xa
1186
f8288317
HRK		 1187static void rtl8187_conf_erp(struct rtl8187_priv *priv, bool use_short_slot,
1188 bool use_short_preamble)
64761077 1189{
f8288317 1190 if (priv->is_rtl8187b) {
b4572a92 1191 u8 difs, eifs;
f8288317 1192 u16 ack_timeout;
b4572a92 1193 int queue;
f8288317
HRK		 1194
1195 if (use_short_slot) {
b4572a92 1196 priv->slot_time = 0x9;
f8288317
HRK		 1197 difs = 0x1c;
1198 eifs = 0x53;
1199 } else {
b4572a92 1200 priv->slot_time = 0x14;
f8288317
HRK		 1201 difs = 0x32;
1202 eifs = 0x5b;
1203 }
54ac218a 1204 rtl818x_iowrite8(priv, &priv->map->SIFS, 0x22);
b4572a92 1205 rtl818x_iowrite8(priv, &priv->map->SLOT, priv->slot_time);
f8288317
HRK		 1206 rtl818x_iowrite8(priv, &priv->map->DIFS, difs);
1207
1208 /*
1209 * BRSR+1 on 8187B is in fact EIFS register
1210 * Value in units of 4 us
1211 */
1212 rtl818x_iowrite8(priv, (u8 *)&priv->map->BRSR + 1, eifs);
1213
1214 /*
1215 * For 8187B, CARRIER_SENSE_COUNTER is in fact ack timeout
1216 * register. In units of 4 us like eifs register
1217 * ack_timeout = ack duration + plcp + difs + preamble
1218 */
1219 ack_timeout = 112 + 48 + difs;
1220 if (use_short_preamble)
1221 ack_timeout += 72;
1222 else
1223 ack_timeout += 144;
1224 rtl818x_iowrite8(priv, &priv->map->CARRIER_SENSE_COUNTER,
1225 DIV_ROUND_UP(ack_timeout, 4));
b4572a92
HRK		 1226
1227 for (queue = 0; queue < 4; queue++)
1228 rtl818x_iowrite8(priv, (u8 *) rtl8187b_ac_addr[queue],
1229 priv->aifsn[queue] * priv->slot_time +
1230 SIFS_TIME);
f8288317 1231 } else {
64761077
HRK		 1232 rtl818x_iowrite8(priv, &priv->map->SIFS, 0x22);
1233 if (use_short_slot) {
1234 rtl818x_iowrite8(priv, &priv->map->SLOT, 0x9);
1235 rtl818x_iowrite8(priv, &priv->map->DIFS, 0x14);
1236 rtl818x_iowrite8(priv, &priv->map->EIFS, 91 - 0x14);
64761077
HRK		 1237 } else {
1238 rtl818x_iowrite8(priv, &priv->map->SLOT, 0x14);
1239 rtl818x_iowrite8(priv, &priv->map->DIFS, 0x24);
1240 rtl818x_iowrite8(priv, &priv->map->EIFS, 91 - 0x24);
64761077
HRK		 1241 }
1242 }
1243}
1244
1245static void rtl8187_bss_info_changed(struct ieee80211_hw *dev,
1246 struct ieee80211_vif *vif,
1247 struct ieee80211_bss_conf *info,
1248 u32 changed)
1249{
1250 struct rtl8187_priv *priv = dev->priv;
41b58f18 1251 struct rtl8187_vif *vif_priv;
2d0ddec5
JB		 1252 int i;
1253 u8 reg;
1254
41b58f18
AF		 1255 vif_priv = (struct rtl8187_vif *)&vif->drv_priv;
1256
2d0ddec5
JB		 1257 if (changed & BSS_CHANGED_BSSID) {
1258 mutex_lock(&priv->conf_mutex);
1259 for (i = 0; i < ETH_ALEN; i++)
1260 rtl818x_iowrite8(priv, &priv->map->BSSID[i],
1261 info->bssid[i]);
1262
1a9937b7
HRK		 1263 if (priv->is_rtl8187b)
1264 reg = RTL818X_MSR_ENEDCA;
1265 else
1266 reg = 0;
1267
41b58f18
AF		 1268 if (is_valid_ether_addr(info->bssid)) {
1269 if (vif->type == NL80211_IFTYPE_ADHOC)
1270 reg |= RTL818X_MSR_ADHOC;
1271 else
1272 reg |= RTL818X_MSR_INFRA;
1273 }
31a5cdda 1274 else
1a9937b7 1275 reg |= RTL818X_MSR_NO_LINK;
31a5cdda
JL		 1276
1277 rtl818x_iowrite8(priv, &priv->map->MSR, reg);
2d0ddec5
JB		 1278
1279 mutex_unlock(&priv->conf_mutex);
1280 }
64761077 1281
f8288317
HRK		 1282 if (changed & (BSS_CHANGED_ERP_SLOT | BSS_CHANGED_ERP_PREAMBLE))
1283 rtl8187_conf_erp(priv, info->use_short_slot,
1284 info->use_short_preamble);
41b58f18
AF		 1285
1286 if (changed & BSS_CHANGED_BEACON_ENABLED)
1287 vif_priv->enable_beacon = info->enable_beacon;
1288
1289 if (changed & (BSS_CHANGED_BEACON_ENABLED | BSS_CHANGED_BEACON)) {
1290 cancel_delayed_work_sync(&vif_priv->beacon_work);
1291 if (vif_priv->enable_beacon)
1292 schedule_work(&vif_priv->beacon_work.work);
1293 }
1294
64761077
HRK		 1295}
1296
3ac64bee 1297static u64 rtl8187_prepare_multicast(struct ieee80211_hw *dev,
22bedad3 1298 struct netdev_hw_addr_list *mc_list)
3ac64bee 1299{
22bedad3 1300 return netdev_hw_addr_list_count(mc_list);
3ac64bee
JB		 1301}
1302
4150c572
JB		 1303static void rtl8187_configure_filter(struct ieee80211_hw *dev,
1304 unsigned int changed_flags,
1305 unsigned int *total_flags,
3ac64bee 1306 u64 multicast)
4150c572
JB		 1307{
1308 struct rtl8187_priv *priv = dev->priv;
1309
4150c572
JB		 1310 if (changed_flags & FIF_FCSFAIL)
1311 priv->rx_conf ^= RTL818X_RX_CONF_FCS;
1312 if (changed_flags & FIF_CONTROL)
1313 priv->rx_conf ^= RTL818X_RX_CONF_CTRL;
1314 if (changed_flags & FIF_OTHER_BSS)
1315 priv->rx_conf ^= RTL818X_RX_CONF_MONITOR;
3ac64bee 1316 if (*total_flags & FIF_ALLMULTI || multicast > 0)
4150c572 1317 priv->rx_conf |= RTL818X_RX_CONF_MULTICAST;
2fe14263
MW		 1318 else
1319 priv->rx_conf &= ~RTL818X_RX_CONF_MULTICAST;
1320
1321 *total_flags = 0;
4150c572 1322
4150c572
JB		 1323 if (priv->rx_conf & RTL818X_RX_CONF_FCS)
1324 *total_flags |= FIF_FCSFAIL;
1325 if (priv->rx_conf & RTL818X_RX_CONF_CTRL)
1326 *total_flags |= FIF_CONTROL;
1327 if (priv->rx_conf & RTL818X_RX_CONF_MONITOR)
1328 *total_flags |= FIF_OTHER_BSS;
2fe14263
MW		 1329 if (priv->rx_conf & RTL818X_RX_CONF_MULTICAST)
1330 *total_flags |= FIF_ALLMULTI;
4150c572
JB		 1331
1332 rtl818x_iowrite32_async(priv, &priv->map->RX_CONF, priv->rx_conf);
1333}
1334
8a3a3c85
EP		 1335static int rtl8187_conf_tx(struct ieee80211_hw *dev,
1336 struct ieee80211_vif *vif, u16 queue,
b4572a92
HRK		 1337 const struct ieee80211_tx_queue_params *params)
1338{
1339 struct rtl8187_priv *priv = dev->priv;
1340 u8 cw_min, cw_max;
1341
1342 if (queue > 3)
1343 return -EINVAL;
1344
1345 cw_min = fls(params->cw_min);
1346 cw_max = fls(params->cw_max);
1347
1348 if (priv->is_rtl8187b) {
1349 priv->aifsn[queue] = params->aifs;
1350
1351 /*
1352 * This is the structure of AC_*_PARAM registers in 8187B:
1353 * - TXOP limit field, bit offset = 16
1354 * - ECWmax, bit offset = 12
1355 * - ECWmin, bit offset = 8
1356 * - AIFS, bit offset = 0
1357 */
1358 rtl818x_iowrite32(priv, rtl8187b_ac_addr[queue],
1359 (params->txop << 16) | (cw_max << 12) |
1360 (cw_min << 8) | (params->aifs *
1361 priv->slot_time + SIFS_TIME));
1362 } else {
1363 if (queue != 0)
1364 return -EINVAL;
1365
1366 rtl818x_iowrite8(priv, &priv->map->CW_VAL,
1367 cw_min | (cw_max << 4));
1368 }
1369 return 0;
1370}
1371
22e16e55 1372
605bebe2
MW		 1373static const struct ieee80211_ops rtl8187_ops = {
1374 .tx = rtl8187_tx,
4150c572 1375 .start = rtl8187_start,
605bebe2
MW		 1376 .stop = rtl8187_stop,
1377 .add_interface = rtl8187_add_interface,
1378 .remove_interface = rtl8187_remove_interface,
1379 .config = rtl8187_config,
64761077 1380 .bss_info_changed = rtl8187_bss_info_changed,
3ac64bee 1381 .prepare_multicast = rtl8187_prepare_multicast,
4150c572 1382 .configure_filter = rtl8187_configure_filter,
ca9152e3 1383 .conf_tx = rtl8187_conf_tx,
22e16e55
LF		 1384 .rfkill_poll = rtl8187_rfkill_poll,
1385 .get_tsf = rtl8187_get_tsf,
605bebe2
MW		 1386};
1387
1388static void rtl8187_eeprom_register_read(struct eeprom_93cx6 *eeprom)
1389{
1390 struct ieee80211_hw *dev = eeprom->data;
1391 struct rtl8187_priv *priv = dev->priv;
1392 u8 reg = rtl818x_ioread8(priv, &priv->map->EEPROM_CMD);
1393
1394 eeprom->reg_data_in = reg & RTL818X_EEPROM_CMD_WRITE;
1395 eeprom->reg_data_out = reg & RTL818X_EEPROM_CMD_READ;
1396 eeprom->reg_data_clock = reg & RTL818X_EEPROM_CMD_CK;
1397 eeprom->reg_chip_select = reg & RTL818X_EEPROM_CMD_CS;
1398}
1399
1400static void rtl8187_eeprom_register_write(struct eeprom_93cx6 *eeprom)
1401{
1402 struct ieee80211_hw *dev = eeprom->data;
1403 struct rtl8187_priv *priv = dev->priv;
1404 u8 reg = RTL818X_EEPROM_CMD_PROGRAM;
1405
1406 if (eeprom->reg_data_in)
1407 reg |= RTL818X_EEPROM_CMD_WRITE;
1408 if (eeprom->reg_data_out)
1409 reg |= RTL818X_EEPROM_CMD_READ;
1410 if (eeprom->reg_data_clock)
1411 reg |= RTL818X_EEPROM_CMD_CK;
1412 if (eeprom->reg_chip_select)
1413 reg |= RTL818X_EEPROM_CMD_CS;
1414
1415 rtl818x_iowrite8(priv, &priv->map->EEPROM_CMD, reg);
1416 udelay(10);
1417}
1418
fd549f13 1419static int rtl8187_probe(struct usb_interface *intf,
605bebe2
MW		 1420 const struct usb_device_id *id)
1421{
1422 struct usb_device *udev = interface_to_usbdev(intf);
1423 struct ieee80211_hw *dev;
1424 struct rtl8187_priv *priv;
1425 struct eeprom_93cx6 eeprom;
1426 struct ieee80211_channel *channel;
6f7853f3 1427 const char *chip_name;
605bebe2 1428 u16 txpwr, reg;
70d57139 1429 u16 product_id = le16_to_cpu(udev->descriptor.idProduct);
605bebe2 1430 int err, i;
f2c98382 1431 u8 mac_addr[ETH_ALEN];
605bebe2
MW		 1432
1433 dev = ieee80211_alloc_hw(sizeof(*priv), &rtl8187_ops);
1434 if (!dev) {
1435 printk(KERN_ERR "rtl8187: ieee80211 alloc failed\n");
1436 return -ENOMEM;
1437 }
1438
1439 priv = dev->priv;
0e25b4ef 1440 priv->is_rtl8187b = (id->driver_info == DEVICE_RTL8187B);
605bebe2 1441
9be6f0d4
JL		 1442 /* allocate "DMA aware" buffer for register accesses */
1443 priv->io_dmabuf = kmalloc(sizeof(*priv->io_dmabuf), GFP_KERNEL);
1444 if (!priv->io_dmabuf) {
1445 err = -ENOMEM;
1446 goto err_free_dev;
1447 }
1448 mutex_init(&priv->io_mutex);
1449
605bebe2
MW		 1450 SET_IEEE80211_DEV(dev, &intf->dev);
1451 usb_set_intfdata(intf, dev);
1452 priv->udev = udev;
1453
1454 usb_get_dev(udev);
1455
1456 skb_queue_head_init(&priv->rx_queue);
8318d78a
JB		 1457
1458 BUILD_BUG_ON(sizeof(priv->channels) != sizeof(rtl818x_channels));
1459 BUILD_BUG_ON(sizeof(priv->rates) != sizeof(rtl818x_rates));
1460
605bebe2
MW		 1461 memcpy(priv->channels, rtl818x_channels, sizeof(rtl818x_channels));
1462 memcpy(priv->rates, rtl818x_rates, sizeof(rtl818x_rates));
1463 priv->map = (struct rtl818x_csr *)0xFF00;
8318d78a
JB		 1464
1465 priv->band.band = IEEE80211_BAND_2GHZ;
1466 priv->band.channels = priv->channels;
1467 priv->band.n_channels = ARRAY_SIZE(rtl818x_channels);
1468 priv->band.bitrates = priv->rates;
1469 priv->band.n_bitrates = ARRAY_SIZE(rtl818x_rates);
1470 dev->wiphy->bands[IEEE80211_BAND_2GHZ] = &priv->band;
1471
1472
605bebe2 1473 dev->flags = IEEE80211_HW_HOST_BROADCAST_PS_BUFFERING |
a7db74f4 1474 IEEE80211_HW_SIGNAL_DBM |
0ccd58fc 1475 IEEE80211_HW_RX_INCLUDES_FCS;
6410db59
LF		 1476 /* Initialize rate-control variables */
1477 dev->max_rates = 1;
1478 dev->max_rate_tries = RETRY_COUNT;
605bebe2 1479
605bebe2
MW		 1480 eeprom.data = dev;
1481 eeprom.register_read = rtl8187_eeprom_register_read;
1482 eeprom.register_write = rtl8187_eeprom_register_write;
1483 if (rtl818x_ioread32(priv, &priv->map->RX_CONF) & (1 << 6))
1484 eeprom.width = PCI_EEPROM_WIDTH_93C66;
1485 else
1486 eeprom.width = PCI_EEPROM_WIDTH_93C46;
1487
1488 rtl818x_iowrite8(priv, &priv->map->EEPROM_CMD, RTL818X_EEPROM_CMD_CONFIG);
1489 udelay(10);
1490
1491 eeprom_93cx6_multiread(&eeprom, RTL8187_EEPROM_MAC_ADDR,
f2c98382
JL		 1492 (__le16 __force *)mac_addr, 3);
1493 if (!is_valid_ether_addr(mac_addr)) {
605bebe2
MW		 1494 printk(KERN_WARNING "rtl8187: Invalid hwaddr! Using randomly "
1495 "generated MAC address\n");
f4f7f414 1496 eth_random_addr(mac_addr);
605bebe2 1497 }
f2c98382 1498 SET_IEEE80211_PERM_ADDR(dev, mac_addr);
605bebe2
MW		 1499
1500 channel = priv->channels;
1501 for (i = 0; i < 3; i++) {
1502 eeprom_93cx6_read(&eeprom, RTL8187_EEPROM_TXPWR_CHAN_1 + i,
1503 &txpwr);
8318d78a
JB		 1504 (*channel++).hw_value = txpwr & 0xFF;
1505 (*channel++).hw_value = txpwr >> 8;
605bebe2
MW		 1506 }
1507 for (i = 0; i < 2; i++) {
1508 eeprom_93cx6_read(&eeprom, RTL8187_EEPROM_TXPWR_CHAN_4 + i,
1509 &txpwr);
8318d78a
JB		 1510 (*channel++).hw_value = txpwr & 0xFF;
1511 (*channel++).hw_value = txpwr >> 8;
605bebe2 1512 }
605bebe2
MW		 1513
1514 eeprom_93cx6_read(&eeprom, RTL8187_EEPROM_TXPWR_BASE,
1515 &priv->txpwr_base);
1516
f6532111
MW		 1517 reg = rtl818x_ioread8(priv, &priv->map->PGSELECT) & ~1;
1518 rtl818x_iowrite8(priv, &priv->map->PGSELECT, reg | 1);
605bebe2
MW		 1519 /* 0 means asic B-cut, we should use SW 3 wire
1520 * bit-by-bit banging for radio. 1 means we can use
1521 * USB specific request to write radio registers */
1522 priv->asic_rev = rtl818x_ioread8(priv, (u8 *)0xFFFE) & 0x3;
f6532111 1523 rtl818x_iowrite8(priv, &priv->map->PGSELECT, reg);
605bebe2
MW		 1524 rtl818x_iowrite8(priv, &priv->map->EEPROM_CMD, RTL818X_EEPROM_CMD_NORMAL);
1525
6f7853f3
HTL		 1526 if (!priv->is_rtl8187b) {
1527 u32 reg32;
1528 reg32 = rtl818x_ioread32(priv, &priv->map->TX_CONF);
1529 reg32 &= RTL818X_TX_CONF_HWVER_MASK;
1530 switch (reg32) {
0e25b4ef
LF		 1531 case RTL818X_TX_CONF_R8187vD_B:
1532 /* Some RTL8187B devices have a USB ID of 0x8187
1533 * detect them here */
1534 chip_name = "RTL8187BvB(early)";
1535 priv->is_rtl8187b = 1;
1536 priv->hw_rev = RTL8187BvB;
1537 break;
1538 case RTL818X_TX_CONF_R8187vD:
6f7853f3
HTL		 1539 chip_name = "RTL8187vD";
1540 break;
1541 default:
1542 chip_name = "RTL8187vB (default)";
1543 }
1544 } else {
6f7853f3
HTL		 1545 /*
1546 * Force USB request to write radio registers for 8187B, Realtek
1547 * only uses it in their sources
1548 */
1549 /*if (priv->asic_rev == 0) {
1550 printk(KERN_WARNING "rtl8187: Forcing use of USB "
1551 "requests to write to radio registers\n");
1552 priv->asic_rev = 1;
1553 }*/
1554 switch (rtl818x_ioread8(priv, (u8 *)0xFFE1)) {
1555 case RTL818X_R8187B_B:
1556 chip_name = "RTL8187BvB";
1557 priv->hw_rev = RTL8187BvB;
1558 break;
1559 case RTL818X_R8187B_D:
1560 chip_name = "RTL8187BvD";
1561 priv->hw_rev = RTL8187BvD;
1562 break;
1563 case RTL818X_R8187B_E:
1564 chip_name = "RTL8187BvE";
1565 priv->hw_rev = RTL8187BvE;
1566 break;
1567 default:
1568 chip_name = "RTL8187BvB (default)";
1569 priv->hw_rev = RTL8187BvB;
1570 }
1571 }
1572
0e25b4ef
LF		 1573 if (!priv->is_rtl8187b) {
1574 for (i = 0; i < 2; i++) {
1575 eeprom_93cx6_read(&eeprom,
1576 RTL8187_EEPROM_TXPWR_CHAN_6 + i,
1577 &txpwr);
1578 (*channel++).hw_value = txpwr & 0xFF;
1579 (*channel++).hw_value = txpwr >> 8;
1580 }
1581 } else {
1582 eeprom_93cx6_read(&eeprom, RTL8187_EEPROM_TXPWR_CHAN_6,
1583 &txpwr);
1584 (*channel++).hw_value = txpwr & 0xFF;
1585
1586 eeprom_93cx6_read(&eeprom, 0x0A, &txpwr);
1587 (*channel++).hw_value = txpwr & 0xFF;
1588
1589 eeprom_93cx6_read(&eeprom, 0x1C, &txpwr);
1590 (*channel++).hw_value = txpwr & 0xFF;
1591 (*channel++).hw_value = txpwr >> 8;
1592 }
70d57139
LF		 1593 /* Handle the differing rfkill GPIO bit in different models */
1594 priv->rfkill_mask = RFKILL_MASK_8187_89_97;
1595 if (product_id == 0x8197 || product_id == 0x8198) {
1596 eeprom_93cx6_read(&eeprom, RTL8187_EEPROM_SELECT_GPIO, &reg);
1597 if (reg & 0xFF00)
1598 priv->rfkill_mask = RFKILL_MASK_8198;
1599 }
41b58f18
AF		 1600 dev->vif_data_size = sizeof(struct rtl8187_vif);
1601 dev->wiphy->interface_modes = BIT(NL80211_IFTYPE_STATION) |
1602 BIT(NL80211_IFTYPE_ADHOC) ;
f59ac048 1603
0e25b4ef
LF		 1604 if ((id->driver_info == DEVICE_RTL8187) && priv->is_rtl8187b)
1605 printk(KERN_INFO "rtl8187: inconsistency between id with OEM"
1606 " info!\n");
1607
f6532111 1608 priv->rf = rtl8187_detect_rf(dev);
0e25b4ef
LF		 1609 dev->extra_tx_headroom = (!priv->is_rtl8187b) ?
1610 sizeof(struct rtl8187_tx_hdr) :
1611 sizeof(struct rtl8187b_tx_hdr);
1612 if (!priv->is_rtl8187b)
1613 dev->queues = 1;
1614 else
1615 dev->queues = 4;
605bebe2
MW		 1616
1617 err = ieee80211_register_hw(dev);
1618 if (err) {
1619 printk(KERN_ERR "rtl8187: Cannot register device\n");
9be6f0d4 1620 goto err_free_dmabuf;
605bebe2 1621 }
7dcdd073 1622 mutex_init(&priv->conf_mutex);
3517afde 1623 skb_queue_head_init(&priv->b_tx_status.queue);
605bebe2 1624
5db55844 1625 wiphy_info(dev->wiphy, "hwaddr %pM, %s V%d + %s, rfkill mask %d\n",
c96c31e4
JP		 1626 mac_addr, chip_name, priv->asic_rev, priv->rf->name,
1627 priv->rfkill_mask);
605bebe2 1628
a027087a
LF		 1629#ifdef CONFIG_RTL8187_LEDS
1630 eeprom_93cx6_read(&eeprom, 0x3F, &reg);
1631 reg &= 0xFF;
1632 rtl8187_leds_init(dev, reg);
1633#endif
ca9152e3 1634 rtl8187_rfkill_init(dev);
a027087a 1635
605bebe2
MW		 1636 return 0;
1637
9be6f0d4
JL		 1638 err_free_dmabuf:
1639 kfree(priv->io_dmabuf);
605bebe2
MW		 1640 err_free_dev:
1641 ieee80211_free_hw(dev);
1642 usb_set_intfdata(intf, NULL);
1643 usb_put_dev(udev);
1644 return err;
1645}
1646
fd549f13 1647static void rtl8187_disconnect(struct usb_interface *intf)
605bebe2
MW		 1648{
1649 struct ieee80211_hw *dev = usb_get_intfdata(intf);
1650 struct rtl8187_priv *priv;
1651
1652 if (!dev)
1653 return;
1654
a027087a
LF		 1655#ifdef CONFIG_RTL8187_LEDS
1656 rtl8187_leds_exit(dev);
1657#endif
ca9152e3 1658 rtl8187_rfkill_exit(dev);
605bebe2
MW		 1659 ieee80211_unregister_hw(dev);
1660
1661 priv = dev->priv;
d6e2be98 1662 usb_reset_device(priv->udev);
605bebe2 1663 usb_put_dev(interface_to_usbdev(intf));
9be6f0d4 1664 kfree(priv->io_dmabuf);
605bebe2
MW		 1665 ieee80211_free_hw(dev);
1666}
1667
1668static struct usb_driver rtl8187_driver = {
1669 .name = KBUILD_MODNAME,
1670 .id_table = rtl8187_table,
1671 .probe = rtl8187_probe,
fd549f13 1672 .disconnect = rtl8187_disconnect,
e1f12eb6 1673 .disable_hub_initiated_lpm = 1,
605bebe2
MW		 1674};
1675
d632eb1b 1676module_usb_driver(rtl8187_driver);
Linux kernel - Deliverables
This page took 0.938688 seconds and 5 git commands to generate.