• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Intel Wireless WiMAX Connection 2400m
3  * Miscellaneous control functions for managing the device
4  *
5  *
6  * Copyright (C) 2007-2008 Intel Corporation. All rights reserved.
7  *
8  * Redistribution and use in source and binary forms, with or without
9  * modification, are permitted provided that the following conditions
10  * are met:
11  *
12  *   * Redistributions of source code must retain the above copyright
13  *     notice, this list of conditions and the following disclaimer.
14  *   * Redistributions in binary form must reproduce the above copyright
15  *     notice, this list of conditions and the following disclaimer in
16  *     the documentation and/or other materials provided with the
17  *     distribution.
18  *   * Neither the name of Intel Corporation nor the names of its
19  *     contributors may be used to endorse or promote products derived
20  *     from this software without specific prior written permission.
21  *
22  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
23  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
24  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
25  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
26  * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
27  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
28  * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
29  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
30  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
31  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
32  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
33  *
34  *
35  * Intel Corporation <linux-wimax@intel.com>
36  * Inaky Perez-Gonzalez <inaky.perez-gonzalez@intel.com>
37  *  - Initial implementation
38  *
39  * This is a collection of functions used to control the device (plus
40  * a few helpers).
41  *
42  * There are utilities for handling TLV buffers, hooks on the device's
43  * reports to act on device changes of state [i2400m_report_hook()],
44  * on acks to commands [i2400m_msg_ack_hook()], a helper for sending
45  * commands to the device and blocking until a reply arrives
46  * [i2400m_msg_to_dev()], a few high level commands for manipulating
47  * the device state, powersving mode and configuration plus the
48  * routines to setup the device once communication is stablished with
49  * it [i2400m_dev_initialize()].
50  *
51  * ROADMAP
52  *
53  * i2400m_dev_initalize()       Called by i2400m_dev_start()
54  *   i2400m_set_init_config()
55  *   i2400m_firmware_check()
56  *   i2400m_cmd_get_state()
57  * i2400m_dev_shutdown()        Called by i2400m_dev_stop()
58  *   i2400m->bus_reset()
59  *
60  * i2400m_{cmd,get,set}_*()
61  *   i2400m_msg_to_dev()
62  *   i2400m_msg_check_status()
63  *
64  * i2400m_report_hook()         Called on reception of an event
65  *   i2400m_report_state_hook()
66  *     i2400m_tlv_buffer_walk()
67  *     i2400m_tlv_match()
68  *     i2400m_report_tlv_system_state()
69  *     i2400m_report_tlv_rf_switches_status()
70  *     i2400m_report_tlv_media_status()
71  *   i2400m_cmd_enter_powersave()
72  *
73  * i2400m_msg_ack_hook()        Called on reception of a reply to a
74  *                              command, get or set
75  */
76 
77 #include <stdarg.h>
78 #include "i2400m.h"
79 #include <linux/kernel.h>
80 #include <linux/wimax/i2400m.h>
81 
82 
83 #define D_SUBMODULE control
84 #include "debug-levels.h"
85 
86 
87 /*
88  * Return if a TLV is of a give type and size
89  *
90  * @tlv_hdr: pointer to the TLV
91  * @tlv_type: type of the TLV we are looking for
92  * @tlv_size: expected size of the TLV we are looking for (if -1,
93  *            don't check the size). This includes the header
94  * Returns: 0 if the TLV matches
95  *          < 0 if it doesn't match at all
96  *          > 0 total TLV + payload size, if the type matches, but not
97  *              the size
98  */
99 static
i2400m_tlv_match(const struct i2400m_tlv_hdr * tlv,enum i2400m_tlv tlv_type,ssize_t tlv_size)100 ssize_t i2400m_tlv_match(const struct i2400m_tlv_hdr *tlv,
101 		     enum i2400m_tlv tlv_type, ssize_t tlv_size)
102 {
103 	if (le16_to_cpu(tlv->type) != tlv_type)	/* Not our type? skip */
104 		return -1;
105 	if (tlv_size != -1
106 	    && le16_to_cpu(tlv->length) + sizeof(*tlv) != tlv_size) {
107 		size_t size = le16_to_cpu(tlv->length) + sizeof(*tlv);
108 		printk(KERN_WARNING "W: tlv type 0x%x mismatched because of "
109 		       "size (got %zu vs %zu expected)\n",
110 		       tlv_type, size, tlv_size);
111 		return size;
112 	}
113 	return 0;
114 }
115 
116 
117 /*
118  * Given a buffer of TLVs, iterate over them
119  *
120  * @i2400m: device instance
121  * @tlv_buf: pointer to the beginning of the TLV buffer
122  * @buf_size: buffer size in bytes
123  * @tlv_pos: seek position; this is assumed to be a pointer returned
124  *           by i2400m_tlv_buffer_walk() [and thus, validated]. The
125  *           TLV returned will be the one following this one.
126  *
127  * Usage:
128  *
129  * tlv_itr = NULL;
130  * while (tlv_itr = i2400m_tlv_buffer_walk(i2400m, buf, size, tlv_itr))  {
131  *         ...
132  *         // Do stuff with tlv_itr, DON'T MODIFY IT
133  *         ...
134  * }
135  */
136 static
i2400m_tlv_buffer_walk(struct i2400m * i2400m,const void * tlv_buf,size_t buf_size,const struct i2400m_tlv_hdr * tlv_pos)137 const struct i2400m_tlv_hdr *i2400m_tlv_buffer_walk(
138 	struct i2400m *i2400m,
139 	const void *tlv_buf, size_t buf_size,
140 	const struct i2400m_tlv_hdr *tlv_pos)
141 {
142 	struct device *dev = i2400m_dev(i2400m);
143 	const struct i2400m_tlv_hdr *tlv_top = tlv_buf + buf_size;
144 	size_t offset, length, avail_size;
145 	unsigned type;
146 
147 	if (tlv_pos == NULL)	/* Take the first one? */
148 		tlv_pos = tlv_buf;
149 	else			/* Nope, the next one */
150 		tlv_pos = (void *) tlv_pos
151 			+ le16_to_cpu(tlv_pos->length) + sizeof(*tlv_pos);
152 	if (tlv_pos == tlv_top) {	/* buffer done */
153 		tlv_pos = NULL;
154 		goto error_beyond_end;
155 	}
156 	if (tlv_pos > tlv_top) {
157 		tlv_pos = NULL;
158 		WARN_ON(1);
159 		goto error_beyond_end;
160 	}
161 	offset = (void *) tlv_pos - (void *) tlv_buf;
162 	avail_size = buf_size - offset;
163 	if (avail_size < sizeof(*tlv_pos)) {
164 		dev_err(dev, "HW BUG? tlv_buf %p [%zu bytes], tlv @%zu: "
165 			"short header\n", tlv_buf, buf_size, offset);
166 		goto error_short_header;
167 	}
168 	type = le16_to_cpu(tlv_pos->type);
169 	length = le16_to_cpu(tlv_pos->length);
170 	if (avail_size < sizeof(*tlv_pos) + length) {
171 		dev_err(dev, "HW BUG? tlv_buf %p [%zu bytes], "
172 			"tlv type 0x%04x @%zu: "
173 			"short data (%zu bytes vs %zu needed)\n",
174 			tlv_buf, buf_size, type, offset, avail_size,
175 			sizeof(*tlv_pos) + length);
176 		goto error_short_header;
177 	}
178 error_short_header:
179 error_beyond_end:
180 	return tlv_pos;
181 }
182 
183 
184 /*
185  * Find a TLV in a buffer of sequential TLVs
186  *
187  * @i2400m: device descriptor
188  * @tlv_hdr: pointer to the first TLV in the sequence
189  * @size: size of the buffer in bytes; all TLVs are assumed to fit
190  *        fully in the buffer (otherwise we'll complain).
191  * @tlv_type: type of the TLV we are looking for
192  * @tlv_size: expected size of the TLV we are looking for (if -1,
193  *            don't check the size). This includes the header
194  *
195  * Returns: NULL if the TLV is not found, otherwise a pointer to
196  *          it. If the sizes don't match, an error is printed and NULL
197  *          returned.
198  */
199 static
i2400m_tlv_find(struct i2400m * i2400m,const struct i2400m_tlv_hdr * tlv_hdr,size_t size,enum i2400m_tlv tlv_type,ssize_t tlv_size)200 const struct i2400m_tlv_hdr *i2400m_tlv_find(
201 	struct i2400m *i2400m,
202 	const struct i2400m_tlv_hdr *tlv_hdr, size_t size,
203 	enum i2400m_tlv tlv_type, ssize_t tlv_size)
204 {
205 	ssize_t match;
206 	struct device *dev = i2400m_dev(i2400m);
207 	const struct i2400m_tlv_hdr *tlv = NULL;
208 	while ((tlv = i2400m_tlv_buffer_walk(i2400m, tlv_hdr, size, tlv))) {
209 		match = i2400m_tlv_match(tlv, tlv_type, tlv_size);
210 		if (match == 0)		/* found it :) */
211 			break;
212 		if (match > 0)
213 			dev_warn(dev, "TLV type 0x%04x found with size "
214 				 "mismatch (%zu vs %zu needed)\n",
215 				 tlv_type, match, tlv_size);
216 	}
217 	return tlv;
218 }
219 
220 
221 static const struct
222 {
223 	char *msg;
224 	int errno;
225 } ms_to_errno[I2400M_MS_MAX] = {
226 	[I2400M_MS_DONE_OK] = { "", 0 },
227 	[I2400M_MS_DONE_IN_PROGRESS] = { "", 0 },
228 	[I2400M_MS_INVALID_OP] = { "invalid opcode", -ENOSYS },
229 	[I2400M_MS_BAD_STATE] = { "invalid state", -EILSEQ },
230 	[I2400M_MS_ILLEGAL_VALUE] = { "illegal value", -EINVAL },
231 	[I2400M_MS_MISSING_PARAMS] = { "missing parameters", -ENOMSG },
232 	[I2400M_MS_VERSION_ERROR] = { "bad version", -EIO },
233 	[I2400M_MS_ACCESSIBILITY_ERROR] = { "accesibility error", -EIO },
234 	[I2400M_MS_BUSY] = { "busy", -EBUSY },
235 	[I2400M_MS_CORRUPTED_TLV] = { "corrupted TLV", -EILSEQ },
236 	[I2400M_MS_UNINITIALIZED] = { "not unitialized", -EILSEQ },
237 	[I2400M_MS_UNKNOWN_ERROR] = { "unknown error", -EIO },
238 	[I2400M_MS_PRODUCTION_ERROR] = { "production error", -EIO },
239 	[I2400M_MS_NO_RF] = { "no RF", -EIO },
240 	[I2400M_MS_NOT_READY_FOR_POWERSAVE] =
241 		{ "not ready for powersave", -EACCES },
242 	[I2400M_MS_THERMAL_CRITICAL] = { "thermal critical", -EL3HLT },
243 };
244 
245 
246 /*
247  * i2400m_msg_check_status - translate a message's status code
248  *
249  * @i2400m: device descriptor
250  * @l3l4_hdr: message header
251  * @strbuf: buffer to place a formatted error message (unless NULL).
252  * @strbuf_size: max amount of available space; larger messages will
253  * be truncated.
254  *
255  * Returns: errno code corresponding to the status code in @l3l4_hdr
256  *          and a message in @strbuf describing the error.
257  */
i2400m_msg_check_status(const struct i2400m_l3l4_hdr * l3l4_hdr,char * strbuf,size_t strbuf_size)258 int i2400m_msg_check_status(const struct i2400m_l3l4_hdr *l3l4_hdr,
259 			    char *strbuf, size_t strbuf_size)
260 {
261 	int result;
262 	enum i2400m_ms status = le16_to_cpu(l3l4_hdr->status);
263 	const char *str;
264 
265 	if (status == 0)
266 		return 0;
267 	if (status > ARRAY_SIZE(ms_to_errno)) {
268 		str = "unknown status code";
269 		result = -EBADR;
270 	} else {
271 		str = ms_to_errno[status].msg;
272 		result = ms_to_errno[status].errno;
273 	}
274 	if (strbuf)
275 		snprintf(strbuf, strbuf_size, "%s (%d)", str, status);
276 	return result;
277 }
278 
279 
280 /*
281  * Act on a TLV System State reported by the device
282  *
283  * @i2400m: device descriptor
284  * @ss: validated System State TLV
285  */
286 static
i2400m_report_tlv_system_state(struct i2400m * i2400m,const struct i2400m_tlv_system_state * ss)287 void i2400m_report_tlv_system_state(struct i2400m *i2400m,
288 				    const struct i2400m_tlv_system_state *ss)
289 {
290 	struct device *dev = i2400m_dev(i2400m);
291 	struct wimax_dev *wimax_dev = &i2400m->wimax_dev;
292 	enum i2400m_system_state i2400m_state = le32_to_cpu(ss->state);
293 
294 	d_fnstart(3, dev, "(i2400m %p ss %p [%u])\n", i2400m, ss, i2400m_state);
295 
296 	if (unlikely(i2400m->ready == 0))	/* act if up */
297 		goto out;
298 	if (i2400m->state != i2400m_state) {
299 		i2400m->state = i2400m_state;
300 		wake_up_all(&i2400m->state_wq);
301 	}
302 	switch (i2400m_state) {
303 	case I2400M_SS_UNINITIALIZED:
304 	case I2400M_SS_INIT:
305 	case I2400M_SS_CONFIG:
306 	case I2400M_SS_PRODUCTION:
307 		wimax_state_change(wimax_dev, WIMAX_ST_UNINITIALIZED);
308 		break;
309 
310 	case I2400M_SS_RF_OFF:
311 	case I2400M_SS_RF_SHUTDOWN:
312 		wimax_state_change(wimax_dev, WIMAX_ST_RADIO_OFF);
313 		break;
314 
315 	case I2400M_SS_READY:
316 	case I2400M_SS_STANDBY:
317 	case I2400M_SS_SLEEPACTIVE:
318 		wimax_state_change(wimax_dev, WIMAX_ST_READY);
319 		break;
320 
321 	case I2400M_SS_CONNECTING:
322 	case I2400M_SS_WIMAX_CONNECTED:
323 		wimax_state_change(wimax_dev, WIMAX_ST_READY);
324 		break;
325 
326 	case I2400M_SS_SCAN:
327 	case I2400M_SS_OUT_OF_ZONE:
328 		wimax_state_change(wimax_dev, WIMAX_ST_SCANNING);
329 		break;
330 
331 	case I2400M_SS_IDLE:
332 		d_printf(1, dev, "entering BS-negotiated idle mode\n");
333 	case I2400M_SS_DISCONNECTING:
334 	case I2400M_SS_DATA_PATH_CONNECTED:
335 		wimax_state_change(wimax_dev, WIMAX_ST_CONNECTED);
336 		break;
337 
338 	default:
339 		/* Huh? just in case, shut it down */
340 		dev_err(dev, "HW BUG? unknown state %u: shutting down\n",
341 			i2400m_state);
342 		i2400m->bus_reset(i2400m, I2400M_RT_WARM);
343 		break;
344 	};
345 out:
346 	d_fnend(3, dev, "(i2400m %p ss %p [%u]) = void\n",
347 		i2400m, ss, i2400m_state);
348 }
349 
350 
351 /*
352  * Parse and act on a TLV Media Status sent by the device
353  *
354  * @i2400m: device descriptor
355  * @ms: validated Media Status TLV
356  *
357  * This will set the carrier up on down based on the device's link
358  * report. This is done asides of what the WiMAX stack does based on
359  * the device's state as sometimes we need to do a link-renew (the BS
360  * wants us to renew a DHCP lease, for example).
361  *
362  * In fact, doc says that everytime we get a link-up, we should do a
363  * DHCP negotiation...
364  */
365 static
i2400m_report_tlv_media_status(struct i2400m * i2400m,const struct i2400m_tlv_media_status * ms)366 void i2400m_report_tlv_media_status(struct i2400m *i2400m,
367 				    const struct i2400m_tlv_media_status *ms)
368 {
369 	struct device *dev = i2400m_dev(i2400m);
370 	struct wimax_dev *wimax_dev = &i2400m->wimax_dev;
371 	struct net_device *net_dev = wimax_dev->net_dev;
372 	enum i2400m_media_status status = le32_to_cpu(ms->media_status);
373 
374 	d_fnstart(3, dev, "(i2400m %p ms %p [%u])\n", i2400m, ms, status);
375 
376 	if (unlikely(i2400m->ready == 0))	/* act if up */
377 		goto out;
378 	switch (status) {
379 	case I2400M_MEDIA_STATUS_LINK_UP:
380 		netif_carrier_on(net_dev);
381 		break;
382 	case I2400M_MEDIA_STATUS_LINK_DOWN:
383 		netif_carrier_off(net_dev);
384 		break;
385 	/*
386 	 * This is the network telling us we need to retrain the DHCP
387 	 * lease -- so far, we are trusting the WiMAX Network Service
388 	 * in user space to pick this up and poke the DHCP client.
389 	 */
390 	case I2400M_MEDIA_STATUS_LINK_RENEW:
391 		netif_carrier_on(net_dev);
392 		break;
393 	default:
394 		dev_err(dev, "HW BUG? unknown media status %u\n",
395 			status);
396 	};
397 out:
398 	d_fnend(3, dev, "(i2400m %p ms %p [%u]) = void\n",
399 		i2400m, ms, status);
400 }
401 
402 
403 /*
404  * Parse a 'state report' and extract carrier on/off information
405  *
406  * @i2400m: device descriptor
407  * @l3l4_hdr: pointer to message; it has been already validated for
408  *            consistent size.
409  * @size: size of the message (header + payload). The header length
410  *        declaration is assumed to be congruent with @size (as in
411  *        sizeof(*l3l4_hdr) + l3l4_hdr->length == size)
412  *
413  * Extract from the report state the system state TLV and infer from
414  * there if we have a carrier or not. Update our local state and tell
415  * netdev.
416  *
417  * When setting the carrier, it's fine to set OFF twice (for example),
418  * as netif_carrier_off() will not generate two OFF events (just on
419  * the transitions).
420  */
421 static
i2400m_report_state_hook(struct i2400m * i2400m,const struct i2400m_l3l4_hdr * l3l4_hdr,size_t size,const char * tag)422 void i2400m_report_state_hook(struct i2400m *i2400m,
423 			      const struct i2400m_l3l4_hdr *l3l4_hdr,
424 			      size_t size, const char *tag)
425 {
426 	struct device *dev = i2400m_dev(i2400m);
427 	const struct i2400m_tlv_hdr *tlv;
428 	const struct i2400m_tlv_system_state *ss;
429 	const struct i2400m_tlv_rf_switches_status *rfss;
430 	const struct i2400m_tlv_media_status *ms;
431 	size_t tlv_size = le16_to_cpu(l3l4_hdr->length);
432 
433 	d_fnstart(4, dev, "(i2400m %p, l3l4_hdr %p, size %zu, %s)\n",
434 		  i2400m, l3l4_hdr, size, tag);
435 	tlv = NULL;
436 
437 	while ((tlv = i2400m_tlv_buffer_walk(i2400m, &l3l4_hdr->pl,
438 					     tlv_size, tlv))) {
439 		if (0 == i2400m_tlv_match(tlv, I2400M_TLV_SYSTEM_STATE,
440 					  sizeof(*ss))) {
441 			ss = container_of(tlv, typeof(*ss), hdr);
442 			d_printf(2, dev, "%s: system state TLV "
443 				 "found (0x%04x), state 0x%08x\n",
444 				 tag, I2400M_TLV_SYSTEM_STATE,
445 				 le32_to_cpu(ss->state));
446 			i2400m_report_tlv_system_state(i2400m, ss);
447 		}
448 		if (0 == i2400m_tlv_match(tlv, I2400M_TLV_RF_STATUS,
449 					  sizeof(*rfss))) {
450 			rfss = container_of(tlv, typeof(*rfss), hdr);
451 			d_printf(2, dev, "%s: RF status TLV "
452 				 "found (0x%04x), sw 0x%02x hw 0x%02x\n",
453 				 tag, I2400M_TLV_RF_STATUS,
454 				 le32_to_cpu(rfss->sw_rf_switch),
455 				 le32_to_cpu(rfss->hw_rf_switch));
456 			i2400m_report_tlv_rf_switches_status(i2400m, rfss);
457 		}
458 		if (0 == i2400m_tlv_match(tlv, I2400M_TLV_MEDIA_STATUS,
459 					  sizeof(*ms))) {
460 			ms = container_of(tlv, typeof(*ms), hdr);
461 			d_printf(2, dev, "%s: Media Status TLV: %u\n",
462 				 tag, le32_to_cpu(ms->media_status));
463 			i2400m_report_tlv_media_status(i2400m, ms);
464 		}
465 	}
466 	d_fnend(4, dev, "(i2400m %p, l3l4_hdr %p, size %zu, %s) = void\n",
467 		i2400m, l3l4_hdr, size, tag);
468 }
469 
470 
471 /*
472  * i2400m_report_hook - (maybe) act on a report
473  *
474  * @i2400m: device descriptor
475  * @l3l4_hdr: pointer to message; it has been already validated for
476  *            consistent size.
477  * @size: size of the message (header + payload). The header length
478  *        declaration is assumed to be congruent with @size (as in
479  *        sizeof(*l3l4_hdr) + l3l4_hdr->length == size)
480  *
481  * Extract information we might need (like carrien on/off) from a
482  * device report.
483  */
i2400m_report_hook(struct i2400m * i2400m,const struct i2400m_l3l4_hdr * l3l4_hdr,size_t size)484 void i2400m_report_hook(struct i2400m *i2400m,
485 			const struct i2400m_l3l4_hdr *l3l4_hdr, size_t size)
486 {
487 	struct device *dev = i2400m_dev(i2400m);
488 	unsigned msg_type;
489 
490 	d_fnstart(3, dev, "(i2400m %p l3l4_hdr %p size %zu)\n",
491 		  i2400m, l3l4_hdr, size);
492 	/* Chew on the message, we might need some information from
493 	 * here */
494 	msg_type = le16_to_cpu(l3l4_hdr->type);
495 	switch (msg_type) {
496 	case I2400M_MT_REPORT_STATE:	/* carrier detection... */
497 		i2400m_report_state_hook(i2400m,
498 					 l3l4_hdr, size, "REPORT STATE");
499 		break;
500 	/* If the device is ready for power save, then ask it to do
501 	 * it. */
502 	case I2400M_MT_REPORT_POWERSAVE_READY:	/* zzzzz */
503 		if (l3l4_hdr->status == cpu_to_le16(I2400M_MS_DONE_OK)) {
504 			d_printf(1, dev, "ready for powersave, requesting\n");
505 			i2400m_cmd_enter_powersave(i2400m);
506 		}
507 		break;
508 	};
509 	d_fnend(3, dev, "(i2400m %p l3l4_hdr %p size %zu) = void\n",
510 		i2400m, l3l4_hdr, size);
511 }
512 
513 
514 /*
515  * i2400m_msg_ack_hook - process cmd/set/get ack for internal status
516  *
517  * @i2400m: device descriptor
518  * @l3l4_hdr: pointer to message; it has been already validated for
519  *            consistent size.
520  * @size: size of the message
521  *
522  * Extract information we might need from acks to commands and act on
523  * it. This is akin to i2400m_report_hook(). Note most of this
524  * processing should be done in the function that calls the
525  * command. This is here for some cases where it can't happen...
526  */
i2400m_msg_ack_hook(struct i2400m * i2400m,const struct i2400m_l3l4_hdr * l3l4_hdr,size_t size)527 void i2400m_msg_ack_hook(struct i2400m *i2400m,
528 			 const struct i2400m_l3l4_hdr *l3l4_hdr, size_t size)
529 {
530 	int result;
531 	struct device *dev = i2400m_dev(i2400m);
532 	unsigned ack_type, ack_status;
533 	char strerr[32];
534 
535 	/* Chew on the message, we might need some information from
536 	 * here */
537 	ack_type = le16_to_cpu(l3l4_hdr->type);
538 	ack_status = le16_to_cpu(l3l4_hdr->status);
539 	switch (ack_type) {
540 	case I2400M_MT_CMD_ENTER_POWERSAVE:
541 		/* This is just left here for the sake of example, as
542 		 * the processing is done somewhere else. */
543 		if (0) {
544 			result = i2400m_msg_check_status(
545 				l3l4_hdr, strerr, sizeof(strerr));
546 			if (result >= 0)
547 				d_printf(1, dev, "ready for power save: %zd\n",
548 					 size);
549 		}
550 		break;
551 	};
552 	return;
553 }
554 
555 
556 /*
557  * i2400m_msg_size_check() - verify message size and header are congruent
558  *
559  * It is ok if the total message size is larger than the expected
560  * size, as there can be padding.
561  */
i2400m_msg_size_check(struct i2400m * i2400m,const struct i2400m_l3l4_hdr * l3l4_hdr,size_t msg_size)562 int i2400m_msg_size_check(struct i2400m *i2400m,
563 			  const struct i2400m_l3l4_hdr *l3l4_hdr,
564 			  size_t msg_size)
565 {
566 	int result;
567 	struct device *dev = i2400m_dev(i2400m);
568 	size_t expected_size;
569 	d_fnstart(4, dev, "(i2400m %p l3l4_hdr %p msg_size %zu)\n",
570 		  i2400m, l3l4_hdr, msg_size);
571 	if (msg_size < sizeof(*l3l4_hdr)) {
572 		dev_err(dev, "bad size for message header "
573 			"(expected at least %zu, got %zu)\n",
574 			(size_t) sizeof(*l3l4_hdr), msg_size);
575 		result = -EIO;
576 		goto error_hdr_size;
577 	}
578 	expected_size = le16_to_cpu(l3l4_hdr->length) + sizeof(*l3l4_hdr);
579 	if (msg_size < expected_size) {
580 		dev_err(dev, "bad size for message code 0x%04x (expected %zu, "
581 			"got %zu)\n", le16_to_cpu(l3l4_hdr->type),
582 			expected_size, msg_size);
583 		result = -EIO;
584 	} else
585 		result = 0;
586 error_hdr_size:
587 	d_fnend(4, dev,
588 		"(i2400m %p l3l4_hdr %p msg_size %zu) = %d\n",
589 		i2400m, l3l4_hdr, msg_size, result);
590 	return result;
591 }
592 
593 
594 
595 /*
596  * Cancel a wait for a command ACK
597  *
598  * @i2400m: device descriptor
599  * @code: [negative] errno code to cancel with (don't use
600  *     -EINPROGRESS)
601  *
602  * If there is an ack already filled out, free it.
603  */
i2400m_msg_to_dev_cancel_wait(struct i2400m * i2400m,int code)604 void i2400m_msg_to_dev_cancel_wait(struct i2400m *i2400m, int code)
605 {
606 	struct sk_buff *ack_skb;
607 	unsigned long flags;
608 
609 	spin_lock_irqsave(&i2400m->rx_lock, flags);
610 	ack_skb = i2400m->ack_skb;
611 	if (ack_skb && !IS_ERR(ack_skb))
612 		kfree_skb(ack_skb);
613 	i2400m->ack_skb = ERR_PTR(code);
614 	spin_unlock_irqrestore(&i2400m->rx_lock, flags);
615 }
616 
617 
618 /**
619  * i2400m_msg_to_dev - Send a control message to the device and get a response
620  *
621  * @i2400m: device descriptor
622  *
623  * @msg_skb: an skb  *
624  *
625  * @buf: pointer to the buffer containing the message to be sent; it
626  *           has to start with a &struct i2400M_l3l4_hdr and then
627  *           followed by the payload. Once this function returns, the
628  *           buffer can be reused.
629  *
630  * @buf_len: buffer size
631  *
632  * Returns:
633  *
634  * Pointer to skb containing the ack message. You need to check the
635  * pointer with IS_ERR(), as it might be an error code. Error codes
636  * could happen because:
637  *
638  *  - the message wasn't formatted correctly
639  *  - couldn't send the message
640  *  - failed waiting for a response
641  *  - the ack message wasn't formatted correctly
642  *
643  * The returned skb has been allocated with wimax_msg_to_user_alloc(),
644  * it contains the reponse in a netlink attribute and is ready to be
645  * passed up to user space with wimax_msg_to_user_send(). To access
646  * the payload and its length, use wimax_msg_{data,len}() on the skb.
647  *
648  * The skb has to be freed with kfree_skb() once done.
649  *
650  * Description:
651  *
652  * This function delivers a message/command to the device and waits
653  * for an ack to be received. The format is described in
654  * linux/wimax/i2400m.h. In summary, a command/get/set is followed by an
655  * ack.
656  *
657  * This function will not check the ack status, that's left up to the
658  * caller.  Once done with the ack skb, it has to be kfree_skb()ed.
659  *
660  * The i2400m handles only one message at the same time, thus we need
661  * the mutex to exclude other players.
662  *
663  * We write the message and then wait for an answer to come back. The
664  * RX path intercepts control messages and handles them in
665  * i2400m_rx_ctl(). Reports (notifications) are (maybe) processed
666  * locally and then forwarded (as needed) to user space on the WiMAX
667  * stack message pipe. Acks are saved and passed back to us through an
668  * skb in i2400m->ack_skb which is ready to be given to generic
669  * netlink if need be.
670  */
i2400m_msg_to_dev(struct i2400m * i2400m,const void * buf,size_t buf_len)671 struct sk_buff *i2400m_msg_to_dev(struct i2400m *i2400m,
672 				  const void *buf, size_t buf_len)
673 {
674 	int result;
675 	struct device *dev = i2400m_dev(i2400m);
676 	const struct i2400m_l3l4_hdr *msg_l3l4_hdr;
677 	struct sk_buff *ack_skb;
678 	const struct i2400m_l3l4_hdr *ack_l3l4_hdr;
679 	size_t ack_len;
680 	int ack_timeout;
681 	unsigned msg_type;
682 	unsigned long flags;
683 
684 	d_fnstart(3, dev, "(i2400m %p buf %p len %zu)\n",
685 		  i2400m, buf, buf_len);
686 
687 	if (i2400m->boot_mode)
688 		return ERR_PTR(-ENODEV);
689 
690 	msg_l3l4_hdr = buf;
691 	/* Check msg & payload consistency */
692 	result = i2400m_msg_size_check(i2400m, msg_l3l4_hdr, buf_len);
693 	if (result < 0)
694 		goto error_bad_msg;
695 	msg_type = le16_to_cpu(msg_l3l4_hdr->type);
696 	d_printf(1, dev, "CMD/GET/SET 0x%04x %zu bytes\n",
697 		 msg_type, buf_len);
698 	d_dump(2, dev, buf, buf_len);
699 
700 	/* Setup the completion, ack_skb ("we are waiting") and send
701 	 * the message to the device */
702 	mutex_lock(&i2400m->msg_mutex);
703 	spin_lock_irqsave(&i2400m->rx_lock, flags);
704 	i2400m->ack_skb = ERR_PTR(-EINPROGRESS);
705 	spin_unlock_irqrestore(&i2400m->rx_lock, flags);
706 	init_completion(&i2400m->msg_completion);
707 	result = i2400m_tx(i2400m, buf, buf_len, I2400M_PT_CTRL);
708 	if (result < 0) {
709 		dev_err(dev, "can't send message 0x%04x: %d\n",
710 			le16_to_cpu(msg_l3l4_hdr->type), result);
711 		goto error_tx;
712 	}
713 
714 	/* Some commands take longer to execute because of crypto ops,
715 	 * so we give them some more leeway on timeout */
716 	switch (msg_type) {
717 	case I2400M_MT_GET_TLS_OPERATION_RESULT:
718 	case I2400M_MT_CMD_SEND_EAP_RESPONSE:
719 		ack_timeout = 5 * HZ;
720 		break;
721 	default:
722 		ack_timeout = HZ;
723 	};
724 
725 	/* The RX path in rx.c will put any response for this message
726 	 * in i2400m->ack_skb and wake us up. If we cancel the wait,
727 	 * we need to change the value of i2400m->ack_skb to something
728 	 * not -EINPROGRESS so RX knows there is no one waiting. */
729 	result = wait_for_completion_interruptible_timeout(
730 		&i2400m->msg_completion, ack_timeout);
731 	if (result == 0) {
732 		dev_err(dev, "timeout waiting for reply to message 0x%04x\n",
733 			msg_type);
734 		result = -ETIMEDOUT;
735 		i2400m_msg_to_dev_cancel_wait(i2400m, result);
736 		goto error_wait_for_completion;
737 	} else if (result < 0) {
738 		dev_err(dev, "error waiting for reply to message 0x%04x: %d\n",
739 			msg_type, result);
740 		i2400m_msg_to_dev_cancel_wait(i2400m, result);
741 		goto error_wait_for_completion;
742 	}
743 
744 	/* Pull out the ack data from i2400m->ack_skb -- see if it is
745 	 * an error and act accordingly */
746 	spin_lock_irqsave(&i2400m->rx_lock, flags);
747 	ack_skb = i2400m->ack_skb;
748 	if (IS_ERR(ack_skb))
749 		result = PTR_ERR(ack_skb);
750 	else
751 		result = 0;
752 	i2400m->ack_skb = NULL;
753 	spin_unlock_irqrestore(&i2400m->rx_lock, flags);
754 	if (result < 0)
755 		goto error_ack_status;
756 	ack_l3l4_hdr = wimax_msg_data_len(ack_skb, &ack_len);
757 
758 	/* Check the ack and deliver it if it is ok */
759 	result = i2400m_msg_size_check(i2400m, ack_l3l4_hdr, ack_len);
760 	if (result < 0) {
761 		dev_err(dev, "HW BUG? reply to message 0x%04x: %d\n",
762 			msg_type, result);
763 		goto error_bad_ack_len;
764 	}
765 	if (msg_type != le16_to_cpu(ack_l3l4_hdr->type)) {
766 		dev_err(dev, "HW BUG? bad reply 0x%04x to message 0x%04x\n",
767 			le16_to_cpu(ack_l3l4_hdr->type), msg_type);
768 		result = -EIO;
769 		goto error_bad_ack_type;
770 	}
771 	i2400m_msg_ack_hook(i2400m, ack_l3l4_hdr, ack_len);
772 	mutex_unlock(&i2400m->msg_mutex);
773 	d_fnend(3, dev, "(i2400m %p buf %p len %zu) = %p\n",
774 		i2400m, buf, buf_len, ack_skb);
775 	return ack_skb;
776 
777 error_bad_ack_type:
778 error_bad_ack_len:
779 	kfree_skb(ack_skb);
780 error_ack_status:
781 error_wait_for_completion:
782 error_tx:
783 	mutex_unlock(&i2400m->msg_mutex);
784 error_bad_msg:
785 	d_fnend(3, dev, "(i2400m %p buf %p len %zu) = %d\n",
786 		i2400m, buf, buf_len, result);
787 	return ERR_PTR(result);
788 }
789 
790 
791 /*
792  * Definitions for the Enter Power Save command
793  *
794  * The Enter Power Save command requests the device to go into power
795  * saving mode. The device will ack or nak the command depending on it
796  * being ready for it. If it acks, we tell the USB subsystem to
797  *
798  * As well, the device might request to go into power saving mode by
799  * sending a report (REPORT_POWERSAVE_READY), in which case, we issue
800  * this command. The hookups in the RX coder allow
801  */
802 enum {
803 	I2400M_WAKEUP_ENABLED  = 0x01,
804 	I2400M_WAKEUP_DISABLED = 0x02,
805 	I2400M_TLV_TYPE_WAKEUP_MODE = 144,
806 };
807 
808 struct i2400m_cmd_enter_power_save {
809 	struct i2400m_l3l4_hdr hdr;
810 	struct i2400m_tlv_hdr tlv;
811 	__le32 val;
812 } __attribute__((packed));
813 
814 
815 /*
816  * Request entering power save
817  *
818  * This command is (mainly) executed when the device indicates that it
819  * is ready to go into powersave mode via a REPORT_POWERSAVE_READY.
820  */
i2400m_cmd_enter_powersave(struct i2400m * i2400m)821 int i2400m_cmd_enter_powersave(struct i2400m *i2400m)
822 {
823 	int result;
824 	struct device *dev = i2400m_dev(i2400m);
825 	struct sk_buff *ack_skb;
826 	struct i2400m_cmd_enter_power_save *cmd;
827 	char strerr[32];
828 
829 	result = -ENOMEM;
830 	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
831 	if (cmd == NULL)
832 		goto error_alloc;
833 	cmd->hdr.type = cpu_to_le16(I2400M_MT_CMD_ENTER_POWERSAVE);
834 	cmd->hdr.length = cpu_to_le16(sizeof(*cmd) - sizeof(cmd->hdr));
835 	cmd->hdr.version = cpu_to_le16(I2400M_L3L4_VERSION);
836 	cmd->tlv.type = cpu_to_le16(I2400M_TLV_TYPE_WAKEUP_MODE);
837 	cmd->tlv.length = cpu_to_le16(sizeof(cmd->val));
838 	cmd->val = cpu_to_le32(I2400M_WAKEUP_ENABLED);
839 
840 	ack_skb = i2400m_msg_to_dev(i2400m, cmd, sizeof(*cmd));
841 	result = PTR_ERR(ack_skb);
842 	if (IS_ERR(ack_skb)) {
843 		dev_err(dev, "Failed to issue 'Enter power save' command: %d\n",
844 			result);
845 		goto error_msg_to_dev;
846 	}
847 	result = i2400m_msg_check_status(wimax_msg_data(ack_skb),
848 					 strerr, sizeof(strerr));
849 	if (result == -EACCES)
850 		d_printf(1, dev, "Cannot enter power save mode\n");
851 	else if (result < 0)
852 		dev_err(dev, "'Enter power save' (0x%04x) command failed: "
853 			"%d - %s\n", I2400M_MT_CMD_ENTER_POWERSAVE,
854 			result, strerr);
855 	else
856 		d_printf(1, dev, "device ready to power save\n");
857 	kfree_skb(ack_skb);
858 error_msg_to_dev:
859 	kfree(cmd);
860 error_alloc:
861 	return result;
862 }
863 EXPORT_SYMBOL_GPL(i2400m_cmd_enter_powersave);
864 
865 
866 /*
867  * Definitions for getting device information
868  */
869 enum {
870 	I2400M_TLV_DETAILED_DEVICE_INFO = 140
871 };
872 
873 /**
874  * i2400m_get_device_info - Query the device for detailed device information
875  *
876  * @i2400m: device descriptor
877  *
878  * Returns: an skb whose skb->data points to a 'struct
879  *    i2400m_tlv_detailed_device_info'. When done, kfree_skb() it. The
880  *    skb is *guaranteed* to contain the whole TLV data structure.
881  *
882  *    On error, IS_ERR(skb) is true and ERR_PTR(skb) is the error
883  *    code.
884  */
i2400m_get_device_info(struct i2400m * i2400m)885 struct sk_buff *i2400m_get_device_info(struct i2400m *i2400m)
886 {
887 	int result;
888 	struct device *dev = i2400m_dev(i2400m);
889 	struct sk_buff *ack_skb;
890 	struct i2400m_l3l4_hdr *cmd;
891 	const struct i2400m_l3l4_hdr *ack;
892 	size_t ack_len;
893 	const struct i2400m_tlv_hdr *tlv;
894 	const struct i2400m_tlv_detailed_device_info *ddi;
895 	char strerr[32];
896 
897 	ack_skb = ERR_PTR(-ENOMEM);
898 	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
899 	if (cmd == NULL)
900 		goto error_alloc;
901 	cmd->type = cpu_to_le16(I2400M_MT_GET_DEVICE_INFO);
902 	cmd->length = 0;
903 	cmd->version = cpu_to_le16(I2400M_L3L4_VERSION);
904 
905 	ack_skb = i2400m_msg_to_dev(i2400m, cmd, sizeof(*cmd));
906 	if (IS_ERR(ack_skb)) {
907 		dev_err(dev, "Failed to issue 'get device info' command: %ld\n",
908 			PTR_ERR(ack_skb));
909 		goto error_msg_to_dev;
910 	}
911 	ack = wimax_msg_data_len(ack_skb, &ack_len);
912 	result = i2400m_msg_check_status(ack, strerr, sizeof(strerr));
913 	if (result < 0) {
914 		dev_err(dev, "'get device info' (0x%04x) command failed: "
915 			"%d - %s\n", I2400M_MT_GET_DEVICE_INFO, result,
916 			strerr);
917 		goto error_cmd_failed;
918 	}
919 	tlv = i2400m_tlv_find(i2400m, ack->pl, ack_len - sizeof(*ack),
920 			      I2400M_TLV_DETAILED_DEVICE_INFO, sizeof(*ddi));
921 	if (tlv == NULL) {
922 		dev_err(dev, "GET DEVICE INFO: "
923 			"detailed device info TLV not found (0x%04x)\n",
924 			I2400M_TLV_DETAILED_DEVICE_INFO);
925 		result = -EIO;
926 		goto error_no_tlv;
927 	}
928 	skb_pull(ack_skb, (void *) tlv - (void *) ack_skb->data);
929 error_msg_to_dev:
930 	kfree(cmd);
931 error_alloc:
932 	return ack_skb;
933 
934 error_no_tlv:
935 error_cmd_failed:
936 	kfree_skb(ack_skb);
937 	kfree(cmd);
938 	return ERR_PTR(result);
939 }
940 
941 
942 /* Firmware interface versions we support */
943 enum {
944 	I2400M_HDIv_MAJOR = 9,
945 	I2400M_HDIv_MAJOR_2 = 8,
946 	I2400M_HDIv_MINOR = 1,
947 };
948 
949 
950 /**
951  * i2400m_firmware_check - check firmware versions are compatible with
952  * the driver
953  *
954  * @i2400m: device descriptor
955  *
956  * Returns: 0 if ok, < 0 errno code an error and a message in the
957  *    kernel log.
958  *
959  * Long function, but quite simple; first chunk launches the command
960  * and double checks the reply for the right TLV. Then we process the
961  * TLV (where the meat is).
962  */
i2400m_firmware_check(struct i2400m * i2400m)963 int i2400m_firmware_check(struct i2400m *i2400m)
964 {
965 	int result;
966 	struct device *dev = i2400m_dev(i2400m);
967 	struct sk_buff *ack_skb;
968 	struct i2400m_l3l4_hdr *cmd;
969 	const struct i2400m_l3l4_hdr *ack;
970 	size_t ack_len;
971 	const struct i2400m_tlv_hdr *tlv;
972 	const struct i2400m_tlv_l4_message_versions *l4mv;
973 	char strerr[32];
974 	unsigned major, minor, branch;
975 
976 	result = -ENOMEM;
977 	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
978 	if (cmd == NULL)
979 		goto error_alloc;
980 	cmd->type = cpu_to_le16(I2400M_MT_GET_LM_VERSION);
981 	cmd->length = 0;
982 	cmd->version = cpu_to_le16(I2400M_L3L4_VERSION);
983 
984 	ack_skb = i2400m_msg_to_dev(i2400m, cmd, sizeof(*cmd));
985 	if (IS_ERR(ack_skb)) {
986 		result = PTR_ERR(ack_skb);
987 		dev_err(dev, "Failed to issue 'get lm version' command: %-d\n",
988 			result);
989 		goto error_msg_to_dev;
990 	}
991 	ack = wimax_msg_data_len(ack_skb, &ack_len);
992 	result = i2400m_msg_check_status(ack, strerr, sizeof(strerr));
993 	if (result < 0) {
994 		dev_err(dev, "'get lm version' (0x%04x) command failed: "
995 			"%d - %s\n", I2400M_MT_GET_LM_VERSION, result,
996 			strerr);
997 		goto error_cmd_failed;
998 	}
999 	tlv = i2400m_tlv_find(i2400m, ack->pl, ack_len - sizeof(*ack),
1000 			      I2400M_TLV_L4_MESSAGE_VERSIONS, sizeof(*l4mv));
1001 	if (tlv == NULL) {
1002 		dev_err(dev, "get lm version: TLV not found (0x%04x)\n",
1003 			I2400M_TLV_L4_MESSAGE_VERSIONS);
1004 		result = -EIO;
1005 		goto error_no_tlv;
1006 	}
1007 	l4mv = container_of(tlv, typeof(*l4mv), hdr);
1008 	major = le16_to_cpu(l4mv->major);
1009 	minor = le16_to_cpu(l4mv->minor);
1010 	branch = le16_to_cpu(l4mv->branch);
1011 	result = -EINVAL;
1012 	if (major != I2400M_HDIv_MAJOR
1013 	    && major != I2400M_HDIv_MAJOR_2) {
1014 		dev_err(dev, "unsupported major fw interface version "
1015 			"%u.%u.%u\n", major, minor, branch);
1016 		goto error_bad_major;
1017 	}
1018 	if (major == I2400M_HDIv_MAJOR_2)
1019 		dev_err(dev, "deprecated major fw interface version "
1020 			"%u.%u.%u\n", major, minor, branch);
1021 	result = 0;
1022 	if (minor != I2400M_HDIv_MINOR)
1023 		dev_warn(dev, "untested minor fw firmware version %u.%u.%u\n",
1024 			 major, minor, branch);
1025 error_bad_major:
1026 	dev_info(dev, "firmware interface version %u.%u.%u\n",
1027 		 major, minor, branch);
1028 error_no_tlv:
1029 error_cmd_failed:
1030 	kfree_skb(ack_skb);
1031 error_msg_to_dev:
1032 	kfree(cmd);
1033 error_alloc:
1034 	return result;
1035 }
1036 
1037 
1038 /*
1039  * Send an DoExitIdle command to the device to ask it to go out of
1040  * basestation-idle mode.
1041  *
1042  * @i2400m: device descriptor
1043  *
1044  * This starts a renegotiation with the basestation that might involve
1045  * another crypto handshake with user space.
1046  *
1047  * Returns: 0 if ok, < 0 errno code on error.
1048  */
i2400m_cmd_exit_idle(struct i2400m * i2400m)1049 int i2400m_cmd_exit_idle(struct i2400m *i2400m)
1050 {
1051 	int result;
1052 	struct device *dev = i2400m_dev(i2400m);
1053 	struct sk_buff *ack_skb;
1054 	struct i2400m_l3l4_hdr *cmd;
1055 	char strerr[32];
1056 
1057 	result = -ENOMEM;
1058 	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
1059 	if (cmd == NULL)
1060 		goto error_alloc;
1061 	cmd->type = cpu_to_le16(I2400M_MT_CMD_EXIT_IDLE);
1062 	cmd->length = 0;
1063 	cmd->version = cpu_to_le16(I2400M_L3L4_VERSION);
1064 
1065 	ack_skb = i2400m_msg_to_dev(i2400m, cmd, sizeof(*cmd));
1066 	result = PTR_ERR(ack_skb);
1067 	if (IS_ERR(ack_skb)) {
1068 		dev_err(dev, "Failed to issue 'exit idle' command: %d\n",
1069 			result);
1070 		goto error_msg_to_dev;
1071 	}
1072 	result = i2400m_msg_check_status(wimax_msg_data(ack_skb),
1073 					 strerr, sizeof(strerr));
1074 	kfree_skb(ack_skb);
1075 error_msg_to_dev:
1076 	kfree(cmd);
1077 error_alloc:
1078 	return result;
1079 
1080 }
1081 
1082 
1083 /*
1084  * Query the device for its state, update the WiMAX stack's idea of it
1085  *
1086  * @i2400m: device descriptor
1087  *
1088  * Returns: 0 if ok, < 0 errno code on error.
1089  *
1090  * Executes a 'Get State' command and parses the returned
1091  * TLVs.
1092  *
1093  * Because this is almost identical to a 'Report State', we use
1094  * i2400m_report_state_hook() to parse the answer. This will set the
1095  * carrier state, as well as the RF Kill switches state.
1096  */
i2400m_cmd_get_state(struct i2400m * i2400m)1097 int i2400m_cmd_get_state(struct i2400m *i2400m)
1098 {
1099 	int result;
1100 	struct device *dev = i2400m_dev(i2400m);
1101 	struct sk_buff *ack_skb;
1102 	struct i2400m_l3l4_hdr *cmd;
1103 	const struct i2400m_l3l4_hdr *ack;
1104 	size_t ack_len;
1105 	char strerr[32];
1106 
1107 	result = -ENOMEM;
1108 	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
1109 	if (cmd == NULL)
1110 		goto error_alloc;
1111 	cmd->type = cpu_to_le16(I2400M_MT_GET_STATE);
1112 	cmd->length = 0;
1113 	cmd->version = cpu_to_le16(I2400M_L3L4_VERSION);
1114 
1115 	ack_skb = i2400m_msg_to_dev(i2400m, cmd, sizeof(*cmd));
1116 	if (IS_ERR(ack_skb)) {
1117 		dev_err(dev, "Failed to issue 'get state' command: %ld\n",
1118 			PTR_ERR(ack_skb));
1119 		result = PTR_ERR(ack_skb);
1120 		goto error_msg_to_dev;
1121 	}
1122 	ack = wimax_msg_data_len(ack_skb, &ack_len);
1123 	result = i2400m_msg_check_status(ack, strerr, sizeof(strerr));
1124 	if (result < 0) {
1125 		dev_err(dev, "'get state' (0x%04x) command failed: "
1126 			"%d - %s\n", I2400M_MT_GET_STATE, result, strerr);
1127 		goto error_cmd_failed;
1128 	}
1129 	i2400m_report_state_hook(i2400m, ack, ack_len - sizeof(*ack),
1130 				 "GET STATE");
1131 	result = 0;
1132 	kfree_skb(ack_skb);
1133 error_cmd_failed:
1134 error_msg_to_dev:
1135 	kfree(cmd);
1136 error_alloc:
1137 	return result;
1138 }
1139 EXPORT_SYMBOL_GPL(i2400m_cmd_get_state);
1140 
1141 
1142 /**
1143  * Set basic configuration settings
1144  *
1145  * @i2400m: device descriptor
1146  * @args: array of pointers to the TLV headers to send for
1147  *     configuration (each followed by its payload).
1148  *     TLV headers and payloads must be properly initialized, with the
1149  *     right endianess (LE).
1150  * @arg_size: number of pointers in the @args array
1151  */
i2400m_set_init_config(struct i2400m * i2400m,const struct i2400m_tlv_hdr ** arg,size_t args)1152 int i2400m_set_init_config(struct i2400m *i2400m,
1153 			   const struct i2400m_tlv_hdr **arg, size_t args)
1154 {
1155 	int result;
1156 	struct device *dev = i2400m_dev(i2400m);
1157 	struct sk_buff *ack_skb;
1158 	struct i2400m_l3l4_hdr *cmd;
1159 	char strerr[32];
1160 	unsigned argc, argsize, tlv_size;
1161 	const struct i2400m_tlv_hdr *tlv_hdr;
1162 	void *buf, *itr;
1163 
1164 	d_fnstart(3, dev, "(i2400m %p arg %p args %zu)\n", i2400m, arg, args);
1165 	result = 0;
1166 	if (args == 0)
1167 		goto none;
1168 	/* Compute the size of all the TLVs, so we can alloc a
1169 	 * contiguous command block to copy them. */
1170 	argsize = 0;
1171 	for (argc = 0; argc < args; argc++) {
1172 		tlv_hdr = arg[argc];
1173 		argsize += sizeof(*tlv_hdr) + le16_to_cpu(tlv_hdr->length);
1174 	}
1175 	WARN_ON(argc >= 9);	/* As per hw spec */
1176 
1177 	/* Alloc the space for the command and TLVs*/
1178 	result = -ENOMEM;
1179 	buf = kzalloc(sizeof(*cmd) + argsize, GFP_KERNEL);
1180 	if (buf == NULL)
1181 		goto error_alloc;
1182 	cmd = buf;
1183 	cmd->type = cpu_to_le16(I2400M_MT_SET_INIT_CONFIG);
1184 	cmd->length = cpu_to_le16(argsize);
1185 	cmd->version = cpu_to_le16(I2400M_L3L4_VERSION);
1186 
1187 	/* Copy the TLVs */
1188 	itr = buf + sizeof(*cmd);
1189 	for (argc = 0; argc < args; argc++) {
1190 		tlv_hdr = arg[argc];
1191 		tlv_size = sizeof(*tlv_hdr) + le16_to_cpu(tlv_hdr->length);
1192 		memcpy(itr, tlv_hdr, tlv_size);
1193 		itr += tlv_size;
1194 	}
1195 
1196 	/* Send the message! */
1197 	ack_skb = i2400m_msg_to_dev(i2400m, buf, sizeof(*cmd) + argsize);
1198 	result = PTR_ERR(ack_skb);
1199 	if (IS_ERR(ack_skb)) {
1200 		dev_err(dev, "Failed to issue 'init config' command: %d\n",
1201 			result);
1202 
1203 		goto error_msg_to_dev;
1204 	}
1205 	result = i2400m_msg_check_status(wimax_msg_data(ack_skb),
1206 					 strerr, sizeof(strerr));
1207 	if (result < 0)
1208 		dev_err(dev, "'init config' (0x%04x) command failed: %d - %s\n",
1209 			I2400M_MT_SET_INIT_CONFIG, result, strerr);
1210 	kfree_skb(ack_skb);
1211 error_msg_to_dev:
1212 	kfree(buf);
1213 error_alloc:
1214 none:
1215 	d_fnend(3, dev, "(i2400m %p arg %p args %zu) = %d\n",
1216 		i2400m, arg, args, result);
1217 	return result;
1218 
1219 }
1220 EXPORT_SYMBOL_GPL(i2400m_set_init_config);
1221 
1222 
1223 /**
1224  * i2400m_dev_initialize - Initialize the device once communications are ready
1225  *
1226  * @i2400m: device descriptor
1227  *
1228  * Returns: 0 if ok, < 0 errno code on error.
1229  *
1230  * Configures the device to work the way we like it.
1231  *
1232  * At the point of this call, the device is registered with the WiMAX
1233  * and netdev stacks, firmware is uploaded and we can talk to the
1234  * device normally.
1235  */
i2400m_dev_initialize(struct i2400m * i2400m)1236 int i2400m_dev_initialize(struct i2400m *i2400m)
1237 {
1238 	int result;
1239 	struct device *dev = i2400m_dev(i2400m);
1240 	struct i2400m_tlv_config_idle_parameters idle_params;
1241 	const struct i2400m_tlv_hdr *args[9];
1242 	unsigned argc = 0;
1243 
1244 	d_fnstart(3, dev, "(i2400m %p)\n", i2400m);
1245 	/* Useless for now...might change */
1246 	if (i2400m_idle_mode_disabled) {
1247 		idle_params.hdr.type =
1248 			cpu_to_le16(I2400M_TLV_CONFIG_IDLE_PARAMETERS);
1249 		idle_params.hdr.length = cpu_to_le16(
1250 			sizeof(idle_params) - sizeof(idle_params.hdr));
1251 		idle_params.idle_timeout = 0;
1252 		idle_params.idle_paging_interval = 0;
1253 		args[argc++] = &idle_params.hdr;
1254 	}
1255 	result = i2400m_set_init_config(i2400m, args, argc);
1256 	if (result < 0)
1257 		goto error;
1258 	result = i2400m_firmware_check(i2400m);	/* fw versions ok? */
1259 	if (result < 0)
1260 		goto error;
1261 	/*
1262 	 * Update state: Here it just calls a get state; parsing the
1263 	 * result (System State TLV and RF Status TLV [done in the rx
1264 	 * path hooks]) will set the hardware and software RF-Kill
1265 	 * status.
1266 	 */
1267 	result = i2400m_cmd_get_state(i2400m);
1268 error:
1269 	d_fnend(3, dev, "(i2400m %p) = %d\n", i2400m, result);
1270 	return result;
1271 }
1272 
1273 
1274 /**
1275  * i2400m_dev_shutdown - Shutdown a running device
1276  *
1277  * @i2400m: device descriptor
1278  *
1279  * Gracefully stops the device, moving it to the lowest power
1280  * consumption state possible.
1281  */
i2400m_dev_shutdown(struct i2400m * i2400m)1282 void i2400m_dev_shutdown(struct i2400m *i2400m)
1283 {
1284 	int result = -ENODEV;
1285 	struct device *dev = i2400m_dev(i2400m);
1286 
1287 	d_fnstart(3, dev, "(i2400m %p)\n", i2400m);
1288 	result = i2400m->bus_reset(i2400m, I2400M_RT_WARM);
1289 	d_fnend(3, dev, "(i2400m %p) = void [%d]\n", i2400m, result);
1290 	return;
1291 }
1292