bes2600: remove userspace /dev/bes2600 character device interface

bes_chardev.c implemented a custom character device at /dev/bes2600 with
its own parser and command-dispatch table, exposing operations such as
'wifi on|off', 'bt on|off', 'change_fw_type <n>', 'bt_wakeup',
'bt_sleep', and 'wakeup_read_flag'. None of these surfaces are used by
the in-tree driver - every kernel call site consumes the internal state
accessors (bes2600_chrdev_is_signal_mode, bes2600_chrdev_get_fw_type,
etc) directly, not through the cdev.

The cdev interface is a standing upstream blocker for two reasons:

  1. Drivers under drivers/staging/ and drivers/net/wireless/ are
     expected to expose tuning via the firmware/nl80211/debugfs
     infrastructure rather than a private /dev node with an ad-hoc
     parser.

  2. The cdev handlers keep a global bes_cdev singleton alive whose
     ->cdev, ->dev_id, ->class and ->device pointers exist only to be
     torn down; they add no functionality that nl80211 or rfkill do
     not already provide (wifi/bt on-off, module_param for fw_type).

Remove the userspace interface:

  - open / read / write / release file_operations handlers and the
    bes2600_chardev_fops instance
  - bes2600_op_* command handlers and bes2600_op_map_tab dispatcher
  - bes2600_get_cmd_and_ifname / bes2600_recyle_cmd_and_ifname_mem
    string helpers
  - bes2600_load_uevent (its only caller was
    bes2600_chrdev_wifi_force_close_work informing userspace of a
    state it already gates via rfkill; that snprintf +
    kobject_uevent_env block is gone too, the kernel-side
    halt_device + switch_wifi(0) + chrdev_check_system_close
    sequence remains)
  - alloc_chrdev_region / cdev_init / cdev_add / class_create /
    device_create in bes2600_chrdev_init plus the fail1/fail2/fail3
    unwind labels
  - cdev_del / unregister_chrdev_region / device_destroy /
    class_destroy in bes2600_chrdev_free
  - cdev/dev_id/major/minor/class/device fields in struct bes_cdev

What remains (unchanged behaviour):

  - fw_type module parameter - the primary user-facing knob for
    signal/no-signal/BT mode switch
  - All in-kernel bes2600_chrdev_* accessor functions called from
    bes2600_sdio.c, bes_pwr.c, sta.c, bh.c, main.c, wsm.c, and
    wifi_testmode_cmd.c (13 call sites)
  - bes2600_chrdev_init / bes2600_chrdev_free as state-init / teardown
    for the remaining bes_cdev state (waitqueues, workqueues, flags)
  - DPD management (bes2600_chrdev_get_dpd_buffer / update / free)
  - wifi_force_close worker, system-close logic, bus-probe state
    machine

Tested-on: PineTab2 (BES2600WM + RK3566) running linux-pinetab2
6.19.10-danctnix1-1. Driver continues to associate and pass traffic;
no kernel messages related to the cdev absence. Users that previously
wrote to /dev/bes2600 should switch to the fw_type module parameter
or (future patch c4) nl80211 testmode commands.

Follow-ups:

  - c3.1: thread struct device * through bes2600_chrdev_is_signal_mode
    and friends so the global bes2600_cdev singleton can be dropped
    and the accessors scale to multi-device scenarios.
  - c4:   enable CONFIG_BES2600_TESTMODE and route nl80211 testmode
    commands to the firmware's patch_wifi_testMode entry.

Signed-off-by: Markus Fritsche <fritsche.markus@gmail.com>

bes2600/Makefile

@@ -2,7 +2,7 @@ KERN_DIR = /lib/modules/$(KERNELRELEASE)/build
 # feature option
 BES2600                                 ?= m
 
-CONFIG_BES2600_TESTMODE                 ?= y
+CONFIG_BES2600_TESTMODE                 ?= n
 
 CONFIG_BES2600_ENABLE_DEVEL_LOGS        ?= n
 
@@ -65,8 +65,8 @@ BES2600_DRV_VERSION := bes2600_0.3.5_2024.0116
 
 ifeq ($(CONFIG_BES2600_CALIB_FROM_LINUX),y)
 FACTORY_CRC_CHECK                    ?= n
-STANDARD_FACTORY_EFUSE_FLAG          ?= n
+STANDARD_FACTORY_EFUSE_FLAG          ?= y
-FACTORY_PATH                 ?= bes2600/bes2600_factory.txt
+FACTORY_PATH                 ?= /lib/firmware/bes2600_factory.txt
 endif
 
 # basic function

bes2600/bes2600_factory.c

@@ -12,7 +12,6 @@
 #include <linux/module.h>
 #include <linux/sched.h>
 #include <linux/fs.h>
-#include <linux/firmware.h>
 #include <linux/slab.h>
 #include <linux/mutex.h>
 #include <linux/crc32.h>
@@ -31,18 +30,6 @@
 
 static DEFINE_MUTEX(factory_lock);
 
-/*
- * struct device * for request_firmware() context. Set once at SDIO
- * probe via bes2600_factory_set_dev(). NULL is tolerated (falls back
- * to the udev-less firmware-class path) but loses per-device logging.
- */
-static struct device *bes2600_factory_dev;
-
-void bes2600_factory_set_dev(struct device *dev)
-{
-	bes2600_factory_dev = dev;
-}
-
 /*
  * It is only used for temporary storage.
  * Every time get the factory, it will read from the
@@ -150,32 +137,66 @@ static int bes2600_factory_crc_check(struct factory_t *factory_data)
  */
 static int factory_section_read_file(char *path, void *buffer)
 {
-	const struct firmware *fw;
+	int ret = 0;
-	int ret;
+	struct file *fp;
 
 	if (!path || !buffer) {
 		bes_err("%s NULL pointer err\n", __func__);
 		return -1;
 	}
 
-	bes_devel("requesting firmware-class %s\n", path);
+	bes_devel("reading %s \n", path);
 
-	ret = request_firmware(&fw, path, bes2600_factory_dev);
+	fp = filp_open(path, O_RDONLY, 0); //S_IRUSR
-	if (ret) {
+	if (IS_ERR(fp)) {
-		bes_devel("BES2600: request_firmware(%s) failed: %d\n", path, ret);
+		bes_devel("BES2600 : can't open %s\n",path);
 		return -1;
 	}
 
-	if (fw->size == 0 || fw->size > FACTORY_MAX_SIZE) {
+	if (fp->f_inode->i_size <= 0 || fp->f_inode->i_size > FACTORY_MAX_SIZE) {
-		bes_err("bes2600_factory.txt size check failed, read_size: %zu max_size: %d\n",
+		bes_err(			"bes2600_factory.txt size check failed, read_size: %lld max_size: %d\n",
-			fw->size, FACTORY_MAX_SIZE);
+			fp->f_inode->i_size, FACTORY_MAX_SIZE);
-		release_firmware(fw);
+		filp_close(fp, NULL);
 		return -1;
 	}
 
-	memcpy(buffer, fw->data, fw->size);
+	ret = kernel_read(fp, buffer, fp->f_inode->i_size, &fp->f_pos);
-	ret = (int)fw->size;
+
-	release_firmware(fw);
+	filp_close(fp, NULL);
+
+	if (ret != fp->f_inode->i_size) {
+		bes_err("bes2600_factory.txt read fail\n");
+		ret = -1;
+	}
+
+	return ret;
+}
+
+/**
+ * factory_section_write_file - Write data of specified length to file
+ * @path:	path of the file
+ * @buffer:	storage of write data
+ * @size:	length of data to write
+ *
+ * Return: length on success, negative error code otherwise.
+ */
+static int factory_section_write_file(char *path, void *buffer, int size)
+{
+	int ret = 0;
+	struct file *fp;
+
+	bes_devel("writing %s \n", path);
+
+	fp = filp_open(path, O_TRUNC | O_CREAT | O_RDWR, S_IRUSR);
+	if (IS_ERR(fp)) {
+		bes_devel("BES2600 : can't open %s\n",path);
+		return -1;
+	}
+
+	ret = kernel_write(fp, buffer, size, &fp->f_pos);
+
+	filp_close(fp,NULL);
+
 	return ret;
 }
 
@@ -870,22 +891,9 @@ static inline int factory_build(uint8_t *dest_buf, struct factory_t *factory)
 #endif
 }
 
-/*
- * Rebuild the serialised calibration blob in file_buffer from the live
- * in-memory factory_save_p. Previously this function also persisted the
- * blob back to FACTORY_PATH via filp_open(O_CREAT) + kernel_write(); that
- * is not acceptable in mainline, so the persistence step has been removed.
- *
- * The in-memory factory_save_p remains authoritative for the duration of
- * the session; on the next probe the firmware-class file is read back
- * read-only via request_firmware(). If cross-reboot persistence of runtime
- * calibration updates becomes a requirement, the expected route is a
- * userspace-facing dump interface (debugfs read-only blob, or nl80211
- * vendor command) that lets userspace read the serialised form and store
- * it under its own privileges.
- */
 static int bes2600_wifi_cali_table_save(u8 *file_buffer, struct factory_t *factory_save_p)
 {
+	int ret = 0;
 	int w_size;
 	u32 crc_len = sizeof(factory_data_t);
 #ifndef STANDARD_FACTORY_EFUSE_FLAG
@@ -894,11 +902,13 @@ static int bes2600_wifi_cali_table_save(u8 *file_buffer, struct factory_t *facto
 
 	bes_devel("enter %s\n", __func__);
 
-	if (!file_buffer)
+	if (!file_buffer) {
 		return -ENOMEM;
+	}
 
-	if (!factory_save_p)
+	if (!factory_save_p) {
 		return -ENOENT;
+	}
 
 	/* All initialized to space */
 	memset(file_buffer, 32, FACTORY_MAX_SIZE);
@@ -910,10 +920,22 @@ static int bes2600_wifi_cali_table_save(u8 *file_buffer, struct factory_t *facto
 	w_size = factory_build(file_buffer, factory_save_p);
 
 	if (w_size < 0 || w_size > FACTORY_MAX_SIZE) {
-		bes_err("%s: build failed! w_size = %d.", __func__, w_size);
+		bes_err("%s: build failed! ret = %d.", __func__, ret);
 		return -ETXTBSY;
 	}
 
+#ifdef FACTORY_SAVE_MULTI_PATH
+	/* avoid trailing characters '\0' */
+	file_buffer[w_size] = 32;
+	ret = factory_section_write_file(FACTORY_PATH, file_buffer, FACTORY_MAX_SIZE);
+#else
+	ret = factory_section_write_file(FACTORY_PATH, file_buffer, w_size);
+#endif
+	if(ret < 0) {
+		bes_err("%s: write failed! ret = %d.", __func__, ret);
+		return ret;
+	}
+
 	return 0;
 }
 

bes2600/bes2600_factory.h

@@ -199,9 +199,6 @@ enum factory_cali_status {
 /* just calibrate 11n, other protocols are automatically mapped */
 #define WIFI_RF_11N_MODE 0x15
 
-/* set the struct device * used for request_firmware() context */
-void bes2600_factory_set_dev(struct device *dev);
-
 /* read wifi & bt factory cali value*/
 u8* bes2600_get_factory_cali_data(u8 *file_buffer, u32 *data_len, char *path);
 void factory_little_endian_cvrt(u8 *data);

bes2600/bes2600_sdio.c

@@ -30,7 +30,6 @@
 #include "bes2600.h"
 #include "sbus.h"
 #include "bes2600_plat.h"
-#include "bes2600_factory.h"
 #include "hwio.h"
 #include "bes_chardev.h"
 #include "bes_log.h"
@@ -95,7 +94,6 @@ struct sbus_priv {
 	struct work_struct tx_work;
 	struct scatterlist tx_sg[BES_SDIO_TX_MULTIPLE_NUM + 1];
 	struct scatterlist tx_sg_nosignal[BES_SDIO_TX_MULTIPLE_NUM_NOSIGNAL + 1];
-	u8 *tx_bounce;
 	u32 tx_data_cnt;
 	u32 tx_xfer_cnt;
 	u32 tx_proc_cnt;
@@ -1137,26 +1135,7 @@ static void sdio_tx_work(struct work_struct *work)
 				}
 			}
 
-			/*
+			sg_set_buf(&sg[scatters], tx_buffer->buf, align);
-			 * The transfer length is rounded up to the SDIO block
-			 * size, but tx_buffer->buf is only tx_buffer->len bytes
-			 * long (it usually aliases into an skb linear head).
-			 * Copy into a driver-owned bounce buffer and zero-pad
-			 * to the aligned size; otherwise DMA reads past the
-			 * skb and leaks adjacent kernel memory on the wire --
-			 * observed as KFENCE OOB reads from
-			 * bes_sdio_memcpy_to_io_helper via dma_map_sg.
-			 */
-			if (WARN_ON_ONCE(total_len + align > MAX_SDIO_TRANSFER_LEN))
-				goto flush_previous;
-			memcpy(self->tx_bounce + total_len,
-			       tx_buffer->buf, tx_buffer->len);
-			if (align > tx_buffer->len)
-				memset(self->tx_bounce + total_len +
-				       tx_buffer->len, 0,
-				       align - tx_buffer->len);
-			sg_set_buf(&sg[scatters],
-				   self->tx_bounce + total_len, align);
 			total_len += align;
 			++scatters;
 /*del_node:*/
@@ -1855,9 +1834,6 @@ static int bes2600_sdio_probe(struct sdio_func *func,
 	if (ret)
 		goto err;
 
-	/* wire struct device into factory.c for request_firmware() context */
-	bes2600_factory_set_dev(dev);
-
 	self->pdata = bes2600_get_platform_data();
 	self->func = func;
 	self->dev = &func->dev;
@@ -1877,17 +1853,6 @@ static int bes2600_sdio_probe(struct sdio_func *func,
 	if (!self->single_gathered_buffer)
 		return -ENOMEM;
 #endif
-#ifdef BES_SDIO_TX_MULTIPLE_ENABLE
-	self->tx_bounce = (u8 *)__get_dma_pages(GFP_KERNEL,
-					get_order(MAX_SDIO_TRANSFER_LEN));
-	if (!self->tx_bounce) {
-#ifndef SDIO_HOST_ADMA_SUPPORT
-		free_pages((unsigned long)self->single_gathered_buffer,
-			   get_order(MAX_SDIO_TRANSFER_LEN));
-#endif
-		return -ENOMEM;
-	}
-#endif
 #ifdef BES_SDIO_RXTX_TOGGLE
 	self->fw_started = false;
 #endif
@@ -2016,12 +1981,6 @@ static void bes2600_sdio_remove(struct sdio_func *func)
 		if (self->single_gathered_buffer) {
 			free_pages((unsigned long)self->single_gathered_buffer, get_order(MAX_SDIO_TRANSFER_LEN));
 		}
-#endif
-#ifdef BES_SDIO_TX_MULTIPLE_ENABLE
-		if (self->tx_bounce) {
-			free_pages((unsigned long)self->tx_bounce,
-				   get_order(MAX_SDIO_TRANSFER_LEN));
-		}
 #endif
 		kfree(self);
 	}

bes2600/bes_log.h

@@ -8,26 +8,3 @@ extern struct device *global_dev;
 #define bes_info(fmt, ...) dev_info(global_dev, fmt, ##__VA_ARGS__)
 #define bes_warn(fmt, ...) dev_warn(global_dev, fmt, ##__VA_ARGS__)
 #define bes_err(fmt, ...) dev_err(global_dev, fmt, ##__VA_ARGS__)
-
-/*
- * Legacy debug-subsystem-tagged log macros. The per-subsystem filtering
- * was never implemented in-tree; these shims let code paths gated by
- * CONFIG_BES2600_TESTMODE / CONFIG_BES2600_ITP / BES2600_DETECTION_LOGIC
- * build when their conditions are enabled. The first argument is
- * currently unused; pick one of the BES2600_DBG_* constants below for
- * documentation.
- */
-#define BES2600_DBG_SBUS       0
-#define BES2600_DBG_DOWNLOAD   0
-#define BES2600_DBG_ITP        0
-#define BES2600_DBG_TEST_MODE  0
-
-#define bes2600_info(_dbg, fmt, ...) bes_info(fmt, ##__VA_ARGS__)
-#define bes2600_err(_dbg, fmt, ...) bes_err(fmt, ##__VA_ARGS__)
-#define bes2600_warn(_dbg, fmt, ...) bes_warn(fmt, ##__VA_ARGS__)
-#define bes2600_dbg(_dbg, fmt, ...) bes_devel(fmt, ##__VA_ARGS__)
-#define bes2600_err_with_cond(_cond, _dbg, fmt, ...)		\
-	do {							\
-		if (_cond)					\
-			bes_err(fmt, ##__VA_ARGS__);		\
-	} while (0)

bes2600/bes_pwr.c

@@ -472,7 +472,6 @@ static int bes2600_pwr_enter_lp_mode(struct bes2600_common *hw_priv)
 	int i = 0;
 	struct bes2600_vif *priv;
 	int ret = 0;
-	int timeouts = 0;
 	char ip_str[20];
 	unsigned long status = 0;
 
@@ -529,35 +528,22 @@ static int bes2600_pwr_enter_lp_mode(struct bes2600_common *hw_priv)
 				if (ret) {
 					atomic_set(&hw_priv->bes_power.pm_set_in_process, 0);
 					bes_err("%s, set operation mode fail\n", __func__);
-					timeouts++;
-					continue;
 				}
 
 				/* wait power save mode changed indication */
 				status = wait_for_completion_timeout(&hw_priv->bes_power.pm_enter_cmpl, 5 * HZ);
 				atomic_set(&hw_priv->bes_power.pm_set_in_process, 0);
 				reinit_completion(&hw_priv->bes_power.pm_enter_cmpl);
-				if (!status) {
+				if (!status)
 					bes_err("%s, wait pm ind timeout\n", __func__);
-					timeouts++;
-				}
 			} else {
 				bes_devel("skip enter lp mode\n");
 			}
 		}
 	}
 
-	/*
+	/* set device low power configuration */
-	 * Enter the device-end of the LP transition only if every per-VIF
+	bes2600_pwr_device_enter_lp_mode(hw_priv);
-	 * mac80211 handshake reached firmware-ACKed completion. Doing the
-	 * device-LP setup while any VIF is still pending leaves the driver
-	 * in an inconsistent state that cascades into SDIO TX errors on
-	 * the BES2600.
-	 */
-	if (timeouts == 0)
-		bes2600_pwr_device_enter_lp_mode(hw_priv);
-	else
-		ret = -ETIMEDOUT;
 
 	return ret;
 }

bes2600/sta.c

@@ -3633,7 +3633,7 @@ static int bes2600_set_power_save(struct ieee80211_hw *hw,
  *
  * Returns: 0 on success or non zero value on failure
  */
-static int bes2600_start_stop_tsm(struct ieee80211_hw *hw, void *data)
+int bes2600_start_stop_tsm(struct ieee80211_hw *hw, void *data)
 {
 	struct bes_msg_start_stop_tsm *start_stop_tsm =
 		(struct bes_msg_start_stop_tsm *) data;
@@ -3663,7 +3663,7 @@ static int bes2600_start_stop_tsm(struct ieee80211_hw *hw, void *data)
  *
  * Returns: TSM parameters collected
  */
-static int bes2600_get_tsm_params(struct ieee80211_hw *hw)
+int bes2600_get_tsm_params(struct ieee80211_hw *hw)
 {
 	struct bes2600_common *hw_priv = hw->priv;
 	struct bes_tsm_stats tsm_stats;
@@ -3703,7 +3703,7 @@ static int bes2600_get_tsm_params(struct ieee80211_hw *hw)
  *
  * Returns: Returns the last measured roam delay
  */
-static int bes2600_get_roam_delay(struct ieee80211_hw *hw)
+int bes2600_get_roam_delay(struct ieee80211_hw *hw)
 {
 	struct bes2600_common *hw_priv = hw->priv;
 	u16 roam_delay = hw_priv->tsm_info.roam_delay / 1000;

bes2600/wsm.h

@@ -2236,5 +2236,7 @@ int wsm_cpu_usage_cmd(struct bes2600_common *hw_priv);
 
 int wsm_wifi_status_cmd(struct bes2600_common *hw_priv, uint32_t status);
 
+#if defined(STANDARD_FACTORY_EFUSE_FLAG)
 int wsm_save_factory_txt_to_mcu(struct bes2600_common *hw_priv, const u8 *data, int if_id, enum bes2600_rf_cmd_type cmd_type);
+#endif
 #endif /* BES2600_HWIO_H_INCLUDED */