[Prism54-devel] XH8196 driver analysis

Tue Jan 25 15:30:39 UTC 2005

Hello Sebatien, dear list,

Sebastien B <sebastien.b at swissinfo.org> said :
> I've just sucessfully linked the Softmac library against an usermode program, 
> and it seems to work : there will be no need to go through kernel 
> development...
> I've simply implemented dummy functions that match the prototypes defined in 
> softmac2.h, and ran the following code :

Can you make this code available ? I couldn't put myself down to write
it :)

> static uint32_t context;
> static struct s_sm_setup setup;
> static struct s_sm_initdata data;
>
> int main(int argc, char *argv[])
> {
>   int32_t i;
>   i = prism_softmac_create(&context, &setup, NULL, &data);
>   printf("prism_softmac_create returned %i\n", i);
>   prism_softmac_destroy(&context);
>   return 0;
> }

Great ! However this is not how the function is called in situ :

( from http://gxaafoot.homelinux.org/cgi-bin/archzoom.cgi/jean-baptiste.note@m4x.org--libre/XH8196--devo--0--LATEST/module/usb_softmac.c)

initialization stack : 
sm_initdata is filled from the parsing of the first block of firmware
sent to the device /via/ prism_softmac_parse_bra

sm_descr is generated from sm_initdata /via/ prism_softmac_describe

then the sm_context is created from sm_initdata /via/ prism_softmac_create

You've got 2 functions to make work before it's OK...

For my part, i put the driver into shape, but the softmac
chokes when trying to parse the "bra", at the beginning of the data
sent to the device. I tried various offsets in the lib given with the
softmac code ; i also tried with the firmware for recent usb devices, to
no result. You may have a look at the pci driver, it seems that the
"bra" starts at offset 20 in the .arm files, and offset 20+16 in the
"x2" file format (refer to the logs of second-generation devices ; the
first large packet starts with :

00000000: 7e 7e 7e 7e 3c 0d|78 32 20 20 00 00 02 00 68 75
00000010: 00 00 35 0b 42 84|00 00 a0 e1 80 f3 9f e5 00 00
00000020: 00 00 00 00 00 00 00 00 00 00|01 00 00 80 01 00
00000030: 00 00 4c 4d 38 36 02 00 00 80 06 00 00 00 32 2e
00000040: 35 2e 38 2e 30 00 00 00 00 00 00 00 00 00 00 00
...

where the first 6 bytes are a reinitialization command
"\x7e\x7e\x7e\x7e<\r"; the following 16 bytes are a "X2" header, and the
data from 0x16 is the .arm file, with the "bra" starting, according to
the pci driver, at offset 42 in the packet, or 36 in the x2 file, or
20 in the arm file.

Could you try to make prism_softmac_parse_bra() return OK ? I haven't
tested it much, but i can't seem to get this to work. I've tried various
offsets, but i'm afraid that successive calls to the function could
meddle with the internal state, and i won't reboot 36 times to try 36
different offsets :).

> Why does the softmac library allocated that enormous amount of memory when 
> prism_softmac_create() is called ? 
> I haven't searched much about that for now.

I did, but couldn't get the initializing functions to do their job. see
above. I hope you'll be able to !

> But how different is the second-generation SoftMAC API used by that library ? 
> But maybe we will be able to work first-generation devices with the 
> second-generation firmware...

According to the logs, not much different. That's a pity we cannot get
it to work.

PS: as a decompiler, REC works but the output is not really good, alas...

-- 
Jean-Baptiste Note
+33 (0)6 83 03 42 38
jean-baptiste.note at wanadoo.fr