search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
net: ptp: do not reimplement PTP/BPF classifier
[linux/fpc-iii.git] / drivers / net / wireless / orinoco / orinoco_usb.c
blobf9805c9353d2295f076d1f5cbe1eaaa5a1f0be72
1 /*
2 * USB Orinoco driver
3 *
4 * Copyright (c) 2003 Manuel Estrada Sainz
5 *
6 * The contents of this file are subject to the Mozilla Public License
7 * Version 1.1 (the "License"); you may not use this file except in
8 * compliance with the License. You may obtain a copy of the License
9 * at http://www.mozilla.org/MPL/
10 *
11 * Software distributed under the License is distributed on an "AS IS"
12 * basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
13 * the License for the specific language governing rights and
14 * limitations under the License.
15 *
16 * Alternatively, the contents of this file may be used under the
17 * terms of the GNU General Public License version 2 (the "GPL"), in
18 * which case the provisions of the GPL are applicable instead of the
19 * above. If you wish to allow the use of your version of this file
20 * only under the terms of the GPL and not to allow others to use your
21 * version of this file under the MPL, indicate your decision by
22 * deleting the provisions above and replace them with the notice and
23 * other provisions required by the GPL. If you do not delete the
24 * provisions above, a recipient may use your version of this file
25 * under either the MPL or the GPL.
26 *
27 * Queueing code based on linux-wlan-ng 0.2.1-pre5
28 *
29 * Copyright (C) 1999 AbsoluteValue Systems, Inc. All Rights Reserved.
30 *
31 * The license is the same as above.
32 *
33 * Initialy based on USB Skeleton driver - 0.7
34 *
35 * Copyright (c) 2001 Greg Kroah-Hartman (greg@kroah.com)
36 *
37 * This program is free software; you can redistribute it and/or
38 * modify it under the terms of the GNU General Public License as
39 * published by the Free Software Foundation; either version 2 of
40 * the License, or (at your option) any later version.
41 *
42 * NOTE: The original USB Skeleton driver is GPL, but all that code is
43 * gone so MPL/GPL applies.
44 */
45
46 #define DRIVER_NAME "orinoco_usb"
47 #define PFX DRIVER_NAME ": "
48
49 #include <linux/module.h>
50 #include <linux/kernel.h>
51 #include <linux/sched.h>
52 #include <linux/signal.h>
53 #include <linux/errno.h>
54 #include <linux/poll.h>
55 #include <linux/slab.h>
56 #include <linux/fcntl.h>
57 #include <linux/spinlock.h>
58 #include <linux/list.h>
59 #include <linux/usb.h>
60 #include <linux/timer.h>
61
62 #include <linux/netdevice.h>
63 #include <linux/if_arp.h>
64 #include <linux/etherdevice.h>
65 #include <linux/wireless.h>
66 #include <linux/firmware.h>
67
68 #include "mic.h"
69 #include "orinoco.h"
70
71 #ifndef URB_ASYNC_UNLINK
72 #define URB_ASYNC_UNLINK 0
73 #endif
74
75 /* 802.2 LLC/SNAP header used for Ethernet encapsulation over 802.11 */
76 static const u8 encaps_hdr[] = {0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00};
77 #define ENCAPS_OVERHEAD (sizeof(encaps_hdr) + 2)
78
79 struct header_struct {
80 /* 802.3 */
81 u8 dest[ETH_ALEN];
82 u8 src[ETH_ALEN];
83 __be16 len;
84 /* 802.2 */
85 u8 dsap;
86 u8 ssap;
87 u8 ctrl;
88 /* SNAP */
89 u8 oui[3];
90 __be16 ethertype;
91 } __packed;
92
93 struct ez_usb_fw {
94 u16 size;
95 const u8 *code;
96 };
97
98 static struct ez_usb_fw firmware = {
99 .size = 0,
100 .code = NULL,
101 };
102
103 #ifdef CONFIG_USB_DEBUG
104 static int debug = 1;
105 #else
106 static int debug;
107 #endif
108
109 /* Debugging macros */
110 #undef dbg
111 #define dbg(format, arg...) \
112 do { if (debug) printk(KERN_DEBUG PFX "%s: " format "\n", \
113 __func__ , ## arg); } while (0)
114 #undef err
115 #define err(format, arg...) \
116 do { printk(KERN_ERR PFX format "\n", ## arg); } while (0)
117
118 /* Module paramaters */
119 module_param(debug, int, 0644);
120 MODULE_PARM_DESC(debug, "Debug enabled or not");
121
122 MODULE_FIRMWARE("orinoco_ezusb_fw");
123
124 /*
125 * Under some conditions, the card gets stuck and stops paying attention
126 * to the world (i.e. data communication stalls) until we do something to
127 * it. Sending an INQ_TALLIES command seems to be enough and should be
128 * harmless otherwise. This behaviour has been observed when using the
129 * driver on a systemimager client during installation. In the past a
130 * timer was used to send INQ_TALLIES commands when there was no other
131 * activity, but it was troublesome and was removed.
132 */
133
134 #define USB_COMPAQ_VENDOR_ID 0x049f /* Compaq Computer Corp. */
135 #define USB_COMPAQ_WL215_ID 0x001f /* Compaq WL215 USB Adapter */
136 #define USB_COMPAQ_W200_ID 0x0076 /* Compaq W200 USB Adapter */
137 #define USB_HP_WL215_ID 0x0082 /* Compaq WL215 USB Adapter */
138
139 #define USB_MELCO_VENDOR_ID 0x0411
140 #define USB_BUFFALO_L11_ID 0x0006 /* BUFFALO WLI-USB-L11 */
141 #define USB_BUFFALO_L11G_WR_ID 0x000B /* BUFFALO WLI-USB-L11G-WR */
142 #define USB_BUFFALO_L11G_ID 0x000D /* BUFFALO WLI-USB-L11G */
143
144 #define USB_LUCENT_VENDOR_ID 0x047E /* Lucent Technologies */
145 #define USB_LUCENT_ORINOCO_ID 0x0300 /* Lucent/Agere Orinoco USB Client */
146
147 #define USB_AVAYA8_VENDOR_ID 0x0D98
148 #define USB_AVAYAE_VENDOR_ID 0x0D9E
149 #define USB_AVAYA_WIRELESS_ID 0x0300 /* Avaya Wireless USB Card */
150
151 #define USB_AGERE_VENDOR_ID 0x0D4E /* Agere Systems */
152 #define USB_AGERE_MODEL0801_ID 0x1000 /* Wireless USB Card Model 0801 */
153 #define USB_AGERE_MODEL0802_ID 0x1001 /* Wireless USB Card Model 0802 */
154 #define USB_AGERE_REBRANDED_ID 0x047A /* WLAN USB Card */
155
156 #define USB_ELSA_VENDOR_ID 0x05CC
157 #define USB_ELSA_AIRLANCER_ID 0x3100 /* ELSA AirLancer USB-11 */
158
159 #define USB_LEGEND_VENDOR_ID 0x0E7C
160 #define USB_LEGEND_JOYNET_ID 0x0300 /* Joynet WLAN USB Card */
161
162 #define USB_SAMSUNG_VENDOR_ID 0x04E8
163 #define USB_SAMSUNG_SEW2001U1_ID 0x5002 /* Samsung SEW-2001u Card */
164 #define USB_SAMSUNG_SEW2001U2_ID 0x5B11 /* Samsung SEW-2001u Card */
165 #define USB_SAMSUNG_SEW2003U_ID 0x7011 /* Samsung SEW-2003U Card */
166
167 #define USB_IGATE_VENDOR_ID 0x0681
168 #define USB_IGATE_IGATE_11M_ID 0x0012 /* I-GATE 11M USB Card */
169
170 #define USB_FUJITSU_VENDOR_ID 0x0BF8
171 #define USB_FUJITSU_E1100_ID 0x1002 /* connect2AIR WLAN E-1100 USB */
172
173 #define USB_2WIRE_VENDOR_ID 0x1630
174 #define USB_2WIRE_WIRELESS_ID 0xff81 /* 2Wire Wireless USB adapter */
175
176
177 #define EZUSB_REQUEST_FW_TRANS 0xA0
178 #define EZUSB_REQUEST_TRIGER 0xAA
179 #define EZUSB_REQUEST_TRIG_AC 0xAC
180 #define EZUSB_CPUCS_REG 0x7F92
181
182 #define EZUSB_RID_TX 0x0700
183 #define EZUSB_RID_RX 0x0701
184 #define EZUSB_RID_INIT1 0x0702
185 #define EZUSB_RID_ACK 0x0710
186 #define EZUSB_RID_READ_PDA 0x0800
187 #define EZUSB_RID_PROG_INIT 0x0852
188 #define EZUSB_RID_PROG_SET_ADDR 0x0853
189 #define EZUSB_RID_PROG_BYTES 0x0854
190 #define EZUSB_RID_PROG_END 0x0855
191 #define EZUSB_RID_DOCMD 0x0860
192
193 /* Recognize info frames */
194 #define EZUSB_IS_INFO(id) ((id >= 0xF000) && (id <= 0xF2FF))
195
196 #define EZUSB_MAGIC 0x0210
197
198 #define EZUSB_FRAME_DATA 1
199 #define EZUSB_FRAME_CONTROL 2
200
201 #define DEF_TIMEOUT (3 * HZ)
202
203 #define BULK_BUF_SIZE 2048
204
205 #define MAX_DL_SIZE (BULK_BUF_SIZE - sizeof(struct ezusb_packet))
206
207 #define FW_BUF_SIZE 64
208 #define FW_VAR_OFFSET_PTR 0x359
209 #define FW_VAR_VALUE 0
210 #define FW_HOLE_START 0x100
211 #define FW_HOLE_END 0x300
212
213 struct ezusb_packet {
214 __le16 magic; /* 0x0210 */
215 u8 req_reply_count;
216 u8 ans_reply_count;
217 __le16 frame_type; /* 0x01 for data frames, 0x02 otherwise */
218 __le16 size; /* transport size */
219 __le16 crc; /* CRC up to here */
220 __le16 hermes_len;
221 __le16 hermes_rid;
222 u8 data[0];
223 } __packed;
224
225 /* Table of devices that work or may work with this driver */
226 static struct usb_device_id ezusb_table[] = {
227 {USB_DEVICE(USB_COMPAQ_VENDOR_ID, USB_COMPAQ_WL215_ID)},
228 {USB_DEVICE(USB_COMPAQ_VENDOR_ID, USB_HP_WL215_ID)},
229 {USB_DEVICE(USB_COMPAQ_VENDOR_ID, USB_COMPAQ_W200_ID)},
230 {USB_DEVICE(USB_MELCO_VENDOR_ID, USB_BUFFALO_L11_ID)},
231 {USB_DEVICE(USB_MELCO_VENDOR_ID, USB_BUFFALO_L11G_WR_ID)},
232 {USB_DEVICE(USB_MELCO_VENDOR_ID, USB_BUFFALO_L11G_ID)},
233 {USB_DEVICE(USB_LUCENT_VENDOR_ID, USB_LUCENT_ORINOCO_ID)},
234 {USB_DEVICE(USB_AVAYA8_VENDOR_ID, USB_AVAYA_WIRELESS_ID)},
235 {USB_DEVICE(USB_AVAYAE_VENDOR_ID, USB_AVAYA_WIRELESS_ID)},
236 {USB_DEVICE(USB_AGERE_VENDOR_ID, USB_AGERE_MODEL0801_ID)},
237 {USB_DEVICE(USB_AGERE_VENDOR_ID, USB_AGERE_MODEL0802_ID)},
238 {USB_DEVICE(USB_ELSA_VENDOR_ID, USB_ELSA_AIRLANCER_ID)},
239 {USB_DEVICE(USB_LEGEND_VENDOR_ID, USB_LEGEND_JOYNET_ID)},
240 {USB_DEVICE_VER(USB_SAMSUNG_VENDOR_ID, USB_SAMSUNG_SEW2001U1_ID,
241 0, 0)},
242 {USB_DEVICE(USB_SAMSUNG_VENDOR_ID, USB_SAMSUNG_SEW2001U2_ID)},
243 {USB_DEVICE(USB_SAMSUNG_VENDOR_ID, USB_SAMSUNG_SEW2003U_ID)},
244 {USB_DEVICE(USB_IGATE_VENDOR_ID, USB_IGATE_IGATE_11M_ID)},
245 {USB_DEVICE(USB_FUJITSU_VENDOR_ID, USB_FUJITSU_E1100_ID)},
246 {USB_DEVICE(USB_2WIRE_VENDOR_ID, USB_2WIRE_WIRELESS_ID)},
247 {USB_DEVICE(USB_AGERE_VENDOR_ID, USB_AGERE_REBRANDED_ID)},
248 {} /* Terminating entry */
249 };
250
251 MODULE_DEVICE_TABLE(usb, ezusb_table);
252
253 /* Structure to hold all of our device specific stuff */
254 struct ezusb_priv {
255 struct usb_device *udev;
256 struct net_device *dev;
257 struct mutex mtx;
258 spinlock_t req_lock;
259 struct list_head req_pending;
260 struct list_head req_active;
261 spinlock_t reply_count_lock;
262 u16 hermes_reg_fake[0x40];
263 u8 *bap_buf;
264 struct urb *read_urb;
265 int read_pipe;
266 int write_pipe;
267 u8 reply_count;
268 };
269
270 enum ezusb_state {
271 EZUSB_CTX_START,
272 EZUSB_CTX_QUEUED,
273 EZUSB_CTX_REQ_SUBMITTED,
274 EZUSB_CTX_REQ_COMPLETE,
275 EZUSB_CTX_RESP_RECEIVED,
276 EZUSB_CTX_REQ_TIMEOUT,
277 EZUSB_CTX_REQ_FAILED,
278 EZUSB_CTX_RESP_TIMEOUT,
279 EZUSB_CTX_REQSUBMIT_FAIL,
280 EZUSB_CTX_COMPLETE,
281 };
282
283 struct request_context {
284 struct list_head list;
285 atomic_t refcount;
286 struct completion done; /* Signals that CTX is dead */
287 int killed;
288 struct urb *outurb; /* OUT for req pkt */
289 struct ezusb_priv *upriv;
290 struct ezusb_packet *buf;
291 int buf_length;
292 struct timer_list timer; /* Timeout handling */
293 enum ezusb_state state; /* Current state */
294 /* the RID that we will wait for */
295 u16 out_rid;
296 u16 in_rid;
297 };
298
299
300 /* Forward declarations */
301 static void ezusb_ctx_complete(struct request_context *ctx);
302 static void ezusb_req_queue_run(struct ezusb_priv *upriv);
303 static void ezusb_bulk_in_callback(struct urb *urb);
304
305 static inline u8 ezusb_reply_inc(u8 count)
306 {
307 if (count < 0x7F)
308 return count + 1;
309 else
310 return 1;
311 }
312
313 static void ezusb_request_context_put(struct request_context *ctx)
314 {
315 if (!atomic_dec_and_test(&ctx->refcount))
316 return;
317
318 WARN_ON(!ctx->done.done);
319 BUG_ON(ctx->outurb->status == -EINPROGRESS);
320 BUG_ON(timer_pending(&ctx->timer));
321 usb_free_urb(ctx->outurb);
322 kfree(ctx->buf);
323 kfree(ctx);
324 }
325
326 static inline void ezusb_mod_timer(struct ezusb_priv *upriv,
327 struct timer_list *timer,
328 unsigned long expire)
329 {
330 if (!upriv->udev)
331 return;
332 mod_timer(timer, expire);
333 }
334
335 static void ezusb_request_timerfn(u_long _ctx)
336 {
337 struct request_context *ctx = (void *) _ctx;
338
339 ctx->outurb->transfer_flags |= URB_ASYNC_UNLINK;
340 if (usb_unlink_urb(ctx->outurb) == -EINPROGRESS) {
341 ctx->state = EZUSB_CTX_REQ_TIMEOUT;
342 } else {
343 ctx->state = EZUSB_CTX_RESP_TIMEOUT;
344 dbg("couldn't unlink");
345 atomic_inc(&ctx->refcount);
346 ctx->killed = 1;
347 ezusb_ctx_complete(ctx);
348 ezusb_request_context_put(ctx);
349 }
350 };
351
352 static struct request_context *ezusb_alloc_ctx(struct ezusb_priv *upriv,
353 u16 out_rid, u16 in_rid)
354 {
355 struct request_context *ctx;
356
357 ctx = kzalloc(sizeof(*ctx), GFP_ATOMIC);
358 if (!ctx)
359 return NULL;
360
361 ctx->buf = kmalloc(BULK_BUF_SIZE, GFP_ATOMIC);
362 if (!ctx->buf) {
363 kfree(ctx);
364 return NULL;
365 }
366 ctx->outurb = usb_alloc_urb(0, GFP_ATOMIC);
367 if (!ctx->outurb) {
368 kfree(ctx->buf);
369 kfree(ctx);
370 return NULL;
371 }
372
373 ctx->upriv = upriv;
374 ctx->state = EZUSB_CTX_START;
375 ctx->out_rid = out_rid;
376 ctx->in_rid = in_rid;
377
378 atomic_set(&ctx->refcount, 1);
379 init_completion(&ctx->done);
380
381 init_timer(&ctx->timer);
382 ctx->timer.function = ezusb_request_timerfn;
383 ctx->timer.data = (u_long) ctx;
384 return ctx;
385 }
386
387
388 /* Hopefully the real complete_all will soon be exported, in the mean
389 * while this should work. */
390 static inline void ezusb_complete_all(struct completion *comp)
391 {
392 complete(comp);
393 complete(comp);
394 complete(comp);
395 complete(comp);
396 }
397
398 static void ezusb_ctx_complete(struct request_context *ctx)
399 {
400 struct ezusb_priv *upriv = ctx->upriv;
401 unsigned long flags;
402
403 spin_lock_irqsave(&upriv->req_lock, flags);
404
405 list_del_init(&ctx->list);
406 if (upriv->udev) {
407 spin_unlock_irqrestore(&upriv->req_lock, flags);
408 ezusb_req_queue_run(upriv);
409 spin_lock_irqsave(&upriv->req_lock, flags);
410 }
411
412 switch (ctx->state) {
413 case EZUSB_CTX_COMPLETE:
414 case EZUSB_CTX_REQSUBMIT_FAIL:
415 case EZUSB_CTX_REQ_FAILED:
416 case EZUSB_CTX_REQ_TIMEOUT:
417 case EZUSB_CTX_RESP_TIMEOUT:
418 spin_unlock_irqrestore(&upriv->req_lock, flags);
419
420 if ((ctx->out_rid == EZUSB_RID_TX) && upriv->dev) {
421 struct net_device *dev = upriv->dev;
422 struct orinoco_private *priv = ndev_priv(dev);
423 struct net_device_stats *stats = &priv->stats;
424
425 if (ctx->state != EZUSB_CTX_COMPLETE)
426 stats->tx_errors++;
427 else
428 stats->tx_packets++;
429
430 netif_wake_queue(dev);
431 }
432 ezusb_complete_all(&ctx->done);
433 ezusb_request_context_put(ctx);
434 break;
435
436 default:
437 spin_unlock_irqrestore(&upriv->req_lock, flags);
438 if (!upriv->udev) {
439 /* This is normal, as all request contexts get flushed
440 * when the device is disconnected */
441 err("Called, CTX not terminating, but device gone");
442 ezusb_complete_all(&ctx->done);
443 ezusb_request_context_put(ctx);
444 break;
445 }
446
447 err("Called, CTX not in terminating state.");
448 /* Things are really bad if this happens. Just leak
449 * the CTX because it may still be linked to the
450 * queue or the OUT urb may still be active.
451 * Just leaking at least prevents an Oops or Panic.
452 */
453 break;
454 }
455 }
456
457 /**
458 * ezusb_req_queue_run:
459 * Description:
460 * Note: Only one active CTX at any one time, because there's no
461 * other (reliable) way to match the response URB to the correct
462 * CTX.
463 **/
464 static void ezusb_req_queue_run(struct ezusb_priv *upriv)
465 {
466 unsigned long flags;
467 struct request_context *ctx;
468 int result;
469
470 spin_lock_irqsave(&upriv->req_lock, flags);
471
472 if (!list_empty(&upriv->req_active))
473 goto unlock;
474
475 if (list_empty(&upriv->req_pending))
476 goto unlock;
477
478 ctx =
479 list_entry(upriv->req_pending.next, struct request_context,
480 list);
481
482 if (!ctx->upriv->udev)
483 goto unlock;
484
485 /* We need to split this off to avoid a race condition */
486 list_move_tail(&ctx->list, &upriv->req_active);
487
488 if (ctx->state == EZUSB_CTX_QUEUED) {
489 atomic_inc(&ctx->refcount);
490 result = usb_submit_urb(ctx->outurb, GFP_ATOMIC);
491 if (result) {
492 ctx->state = EZUSB_CTX_REQSUBMIT_FAIL;
493
494 spin_unlock_irqrestore(&upriv->req_lock, flags);
495
496 err("Fatal, failed to submit command urb."
497 " error=%d\n", result);
498
499 ezusb_ctx_complete(ctx);
500 ezusb_request_context_put(ctx);
501 goto done;
502 }
503
504 ctx->state = EZUSB_CTX_REQ_SUBMITTED;
505 ezusb_mod_timer(ctx->upriv, &ctx->timer,
506 jiffies + DEF_TIMEOUT);
507 }
508
509 unlock:
510 spin_unlock_irqrestore(&upriv->req_lock, flags);
511
512 done:
513 return;
514 }
515
516 static void ezusb_req_enqueue_run(struct ezusb_priv *upriv,
517 struct request_context *ctx)
518 {
519 unsigned long flags;
520
521 spin_lock_irqsave(&upriv->req_lock, flags);
522
523 if (!ctx->upriv->udev) {
524 spin_unlock_irqrestore(&upriv->req_lock, flags);
525 goto done;
526 }
527 atomic_inc(&ctx->refcount);
528 list_add_tail(&ctx->list, &upriv->req_pending);
529 spin_unlock_irqrestore(&upriv->req_lock, flags);
530
531 ctx->state = EZUSB_CTX_QUEUED;
532 ezusb_req_queue_run(upriv);
533
534 done:
535 return;
536 }
537
538 static void ezusb_request_out_callback(struct urb *urb)
539 {
540 unsigned long flags;
541 enum ezusb_state state;
542 struct request_context *ctx = urb->context;
543 struct ezusb_priv *upriv = ctx->upriv;
544
545 spin_lock_irqsave(&upriv->req_lock, flags);
546
547 del_timer(&ctx->timer);
548
549 if (ctx->killed) {
550 spin_unlock_irqrestore(&upriv->req_lock, flags);
551 pr_warning("interrupt called with dead ctx");
552 goto out;
553 }
554
555 state = ctx->state;
556
557 if (urb->status == 0) {
558 switch (state) {
559 case EZUSB_CTX_REQ_SUBMITTED:
560 if (ctx->in_rid) {
561 ctx->state = EZUSB_CTX_REQ_COMPLETE;
562 /* reply URB still pending */
563 ezusb_mod_timer(upriv, &ctx->timer,
564 jiffies + DEF_TIMEOUT);
565 spin_unlock_irqrestore(&upriv->req_lock,
566 flags);
567 break;
568 }
569 /* fall through */
570 case EZUSB_CTX_RESP_RECEIVED:
571 /* IN already received before this OUT-ACK */
572 ctx->state = EZUSB_CTX_COMPLETE;
573 spin_unlock_irqrestore(&upriv->req_lock, flags);
574 ezusb_ctx_complete(ctx);
575 break;
576
577 default:
578 spin_unlock_irqrestore(&upriv->req_lock, flags);
579 err("Unexpected state(0x%x, %d) in OUT URB",
580 state, urb->status);
581 break;
582 }
583 } else {
584 /* If someone cancels the OUT URB then its status
585 * should be either -ECONNRESET or -ENOENT.
586 */
587 switch (state) {
588 case EZUSB_CTX_REQ_SUBMITTED:
589 case EZUSB_CTX_RESP_RECEIVED:
590 ctx->state = EZUSB_CTX_REQ_FAILED;
591 /* fall through */
592
593 case EZUSB_CTX_REQ_FAILED:
594 case EZUSB_CTX_REQ_TIMEOUT:
595 spin_unlock_irqrestore(&upriv->req_lock, flags);
596
597 ezusb_ctx_complete(ctx);
598 break;
599
600 default:
601 spin_unlock_irqrestore(&upriv->req_lock, flags);
602
603 err("Unexpected state(0x%x, %d) in OUT URB",
604 state, urb->status);
605 break;
606 }
607 }
608 out:
609 ezusb_request_context_put(ctx);
610 }
611
612 static void ezusb_request_in_callback(struct ezusb_priv *upriv,
613 struct urb *urb)
614 {
615 struct ezusb_packet *ans = urb->transfer_buffer;
616 struct request_context *ctx = NULL;
617 enum ezusb_state state;
618 unsigned long flags;
619
620 /* Find the CTX on the active queue that requested this URB */
621 spin_lock_irqsave(&upriv->req_lock, flags);
622 if (upriv->udev) {
623 struct list_head *item;
624
625 list_for_each(item, &upriv->req_active) {
626 struct request_context *c;
627 int reply_count;
628
629 c = list_entry(item, struct request_context, list);
630 reply_count =
631 ezusb_reply_inc(c->buf->req_reply_count);
632 if ((ans->ans_reply_count == reply_count)
633 && (le16_to_cpu(ans->hermes_rid) == c->in_rid)) {
634 ctx = c;
635 break;
636 }
637 dbg("Skipped (0x%x/0x%x) (%d/%d)",
638 le16_to_cpu(ans->hermes_rid),
639 c->in_rid, ans->ans_reply_count, reply_count);
640 }
641 }
642
643 if (ctx == NULL) {
644 spin_unlock_irqrestore(&upriv->req_lock, flags);
645 err("%s: got unexpected RID: 0x%04X", __func__,
646 le16_to_cpu(ans->hermes_rid));
647 ezusb_req_queue_run(upriv);
648 return;
649 }
650
651 /* The data we want is in the in buffer, exchange */
652 urb->transfer_buffer = ctx->buf;
653 ctx->buf = (void *) ans;
654 ctx->buf_length = urb->actual_length;
655
656 state = ctx->state;
657 switch (state) {
658 case EZUSB_CTX_REQ_SUBMITTED:
659 /* We have received our response URB before
660 * our request has been acknowledged. Do NOT
661 * destroy our CTX yet, because our OUT URB
662 * is still alive ...
663 */
664 ctx->state = EZUSB_CTX_RESP_RECEIVED;
665 spin_unlock_irqrestore(&upriv->req_lock, flags);
666
667 /* Let the machine continue running. */
668 break;
669
670 case EZUSB_CTX_REQ_COMPLETE:
671 /* This is the usual path: our request
672 * has already been acknowledged, and
673 * we have now received the reply.
674 */
675 ctx->state = EZUSB_CTX_COMPLETE;
676
677 /* Stop the intimer */
678 del_timer(&ctx->timer);
679 spin_unlock_irqrestore(&upriv->req_lock, flags);
680
681 /* Call the completion handler */
682 ezusb_ctx_complete(ctx);
683 break;
684
685 default:
686 spin_unlock_irqrestore(&upriv->req_lock, flags);
687
688 pr_warning("Matched IN URB, unexpected context state(0x%x)",
689 state);
690 /* Throw this CTX away and try submitting another */
691 del_timer(&ctx->timer);
692 ctx->outurb->transfer_flags |= URB_ASYNC_UNLINK;
693 usb_unlink_urb(ctx->outurb);
694 ezusb_req_queue_run(upriv);
695 break;
696 } /* switch */
697 }
698
699
700 static void ezusb_req_ctx_wait(struct ezusb_priv *upriv,
701 struct request_context *ctx)
702 {
703 switch (ctx->state) {
704 case EZUSB_CTX_QUEUED:
705 case EZUSB_CTX_REQ_SUBMITTED:
706 case EZUSB_CTX_REQ_COMPLETE:
707 case EZUSB_CTX_RESP_RECEIVED:
708 if (in_softirq()) {
709 /* If we get called from a timer, timeout timers don't
710 * get the chance to run themselves. So we make sure
711 * that we don't sleep for ever */
712 int msecs = DEF_TIMEOUT * (1000 / HZ);
713 while (!ctx->done.done && msecs--)
714 udelay(1000);
715 } else {
716 wait_event_interruptible(ctx->done.wait,
717 ctx->done.done);
718 }
719 break;
720 default:
721 /* Done or failed - nothing to wait for */
722 break;
723 }
724 }
725
726 static inline u16 build_crc(struct ezusb_packet *data)
727 {
728 u16 crc = 0;
729 u8 *bytes = (u8 *)data;
730 int i;
731
732 for (i = 0; i < 8; i++)
733 crc = (crc << 1) + bytes[i];
734
735 return crc;
736 }
737
738 /**
739 * ezusb_fill_req:
740 *
741 * if data == NULL and length > 0 the data is assumed to be already in
742 * the target buffer and only the header is filled.
743 *
744 */
745 static int ezusb_fill_req(struct ezusb_packet *req, u16 length, u16 rid,
746 const void *data, u16 frame_type, u8 reply_count)
747 {
748 int total_size = sizeof(*req) + length;
749
750 BUG_ON(total_size > BULK_BUF_SIZE);
751
752 req->magic = cpu_to_le16(EZUSB_MAGIC);
753 req->req_reply_count = reply_count;
754 req->ans_reply_count = 0;
755 req->frame_type = cpu_to_le16(frame_type);
756 req->size = cpu_to_le16(length + 4);
757 req->crc = cpu_to_le16(build_crc(req));
758 req->hermes_len = cpu_to_le16(HERMES_BYTES_TO_RECLEN(length));
759 req->hermes_rid = cpu_to_le16(rid);
760 if (data)
761 memcpy(req->data, data, length);
762 return total_size;
763 }
764
765 static int ezusb_submit_in_urb(struct ezusb_priv *upriv)
766 {
767 int retval = 0;
768 void *cur_buf = upriv->read_urb->transfer_buffer;
769
770 if (upriv->read_urb->status == -EINPROGRESS) {
771 dbg("urb busy, not resubmiting");
772 retval = -EBUSY;
773 goto exit;
774 }
775 usb_fill_bulk_urb(upriv->read_urb, upriv->udev, upriv->read_pipe,
776 cur_buf, BULK_BUF_SIZE,
777 ezusb_bulk_in_callback, upriv);
778 upriv->read_urb->transfer_flags = 0;
779 retval = usb_submit_urb(upriv->read_urb, GFP_ATOMIC);
780 if (retval)
781 err("%s submit failed %d", __func__, retval);
782
783 exit:
784 return retval;
785 }
786
787 static inline int ezusb_8051_cpucs(struct ezusb_priv *upriv, int reset)
788 {
789 u8 res_val = reset; /* avoid argument promotion */
790
791 if (!upriv->udev) {
792 err("%s: !upriv->udev", __func__);
793 return -EFAULT;
794 }
795 return usb_control_msg(upriv->udev,
796 usb_sndctrlpipe(upriv->udev, 0),
797 EZUSB_REQUEST_FW_TRANS,
798 USB_TYPE_VENDOR | USB_RECIP_DEVICE |
799 USB_DIR_OUT, EZUSB_CPUCS_REG, 0, &res_val,
800 sizeof(res_val), DEF_TIMEOUT);
801 }
802
803 static int ezusb_firmware_download(struct ezusb_priv *upriv,
804 struct ez_usb_fw *fw)
805 {
806 u8 *fw_buffer;
807 int retval, addr;
808 int variant_offset;
809
810 fw_buffer = kmalloc(FW_BUF_SIZE, GFP_KERNEL);
811 if (!fw_buffer) {
812 printk(KERN_ERR PFX "Out of memory for firmware buffer.\n");
813 return -ENOMEM;
814 }
815 /*
816 * This byte is 1 and should be replaced with 0. The offset is
817 * 0x10AD in version 0.0.6. The byte in question should follow
818 * the end of the code pointed to by the jump in the beginning
819 * of the firmware. Also, it is read by code located at 0x358.
820 */
821 variant_offset = be16_to_cpup((__be16 *) &fw->code[FW_VAR_OFFSET_PTR]);
822 if (variant_offset >= fw->size) {
823 printk(KERN_ERR PFX "Invalid firmware variant offset: "
824 "0x%04x\n", variant_offset);
825 retval = -EINVAL;
826 goto fail;
827 }
828
829 retval = ezusb_8051_cpucs(upriv, 1);
830 if (retval < 0)
831 goto fail;
832 for (addr = 0; addr < fw->size; addr += FW_BUF_SIZE) {
833 /* 0x100-0x300 should be left alone, it contains card
834 * specific data, like USB enumeration information */
835 if ((addr >= FW_HOLE_START) && (addr < FW_HOLE_END))
836 continue;
837
838 memcpy(fw_buffer, &fw->code[addr], FW_BUF_SIZE);
839 if (variant_offset >= addr &&
840 variant_offset < addr + FW_BUF_SIZE) {
841 dbg("Patching card_variant byte at 0x%04X",
842 variant_offset);
843 fw_buffer[variant_offset - addr] = FW_VAR_VALUE;
844 }
845 retval = usb_control_msg(upriv->udev,
846 usb_sndctrlpipe(upriv->udev, 0),
847 EZUSB_REQUEST_FW_TRANS,
848 USB_TYPE_VENDOR | USB_RECIP_DEVICE
849 | USB_DIR_OUT,
850 addr, 0x0,
851 fw_buffer, FW_BUF_SIZE,
852 DEF_TIMEOUT);
853
854 if (retval < 0)
855 goto fail;
856 }
857 retval = ezusb_8051_cpucs(upriv, 0);
858 if (retval < 0)
859 goto fail;
860
861 goto exit;
862 fail:
863 printk(KERN_ERR PFX "Firmware download failed, error %d\n",
864 retval);
865 exit:
866 kfree(fw_buffer);
867 return retval;
868 }
869
870 static int ezusb_access_ltv(struct ezusb_priv *upriv,
871 struct request_context *ctx,
872 u16 length, const void *data, u16 frame_type,
873 void *ans_buff, unsigned ans_size, u16 *ans_length)
874 {
875 int req_size;
876 int retval = 0;
877 enum ezusb_state state;
878
879 BUG_ON(in_irq());
880
881 if (!upriv->udev) {
882 dbg("Device disconnected");
883 retval = -ENODEV;
884 goto exit;
885 }
886
887 if (upriv->read_urb->status != -EINPROGRESS)
888 err("%s: in urb not pending", __func__);
889
890 /* protect upriv->reply_count, guarantee sequential numbers */
891 spin_lock_bh(&upriv->reply_count_lock);
892 req_size = ezusb_fill_req(ctx->buf, length, ctx->out_rid, data,
893 frame_type, upriv->reply_count);
894 usb_fill_bulk_urb(ctx->outurb, upriv->udev, upriv->write_pipe,
895 ctx->buf, req_size,
896 ezusb_request_out_callback, ctx);
897
898 if (ctx->in_rid)
899 upriv->reply_count = ezusb_reply_inc(upriv->reply_count);
900
901 ezusb_req_enqueue_run(upriv, ctx);
902
903 spin_unlock_bh(&upriv->reply_count_lock);
904
905 if (ctx->in_rid)
906 ezusb_req_ctx_wait(upriv, ctx);
907
908 state = ctx->state;
909 switch (state) {
910 case EZUSB_CTX_COMPLETE:
911 retval = ctx->outurb->status;
912 break;
913
914 case EZUSB_CTX_QUEUED:
915 case EZUSB_CTX_REQ_SUBMITTED:
916 if (!ctx->in_rid)
917 break;
918 default:
919 err("%s: Unexpected context state %d", __func__,
920 state);
921 /* fall though */
922 case EZUSB_CTX_REQ_TIMEOUT:
923 case EZUSB_CTX_REQ_FAILED:
924 case EZUSB_CTX_RESP_TIMEOUT:
925 case EZUSB_CTX_REQSUBMIT_FAIL:
926 printk(KERN_ERR PFX "Access failed, resetting (state %d,"
927 " reply_count %d)\n", state, upriv->reply_count);
928 upriv->reply_count = 0;
929 if (state == EZUSB_CTX_REQ_TIMEOUT
930 || state == EZUSB_CTX_RESP_TIMEOUT) {
931 printk(KERN_ERR PFX "ctx timed out\n");
932 retval = -ETIMEDOUT;
933 } else {
934 printk(KERN_ERR PFX "ctx failed\n");
935 retval = -EFAULT;
936 }
937 goto exit;
938 break;
939 }
940 if (ctx->in_rid) {
941 struct ezusb_packet *ans = ctx->buf;
942 unsigned exp_len;
943
944 if (ans->hermes_len != 0)
945 exp_len = le16_to_cpu(ans->hermes_len) * 2 + 12;
946 else
947 exp_len = 14;
948
949 if (exp_len != ctx->buf_length) {
950 err("%s: length mismatch for RID 0x%04x: "
951 "expected %d, got %d", __func__,
952 ctx->in_rid, exp_len, ctx->buf_length);
953 retval = -EIO;
954 goto exit;
955 }
956
957 if (ans_buff)
958 memcpy(ans_buff, ans->data, min(exp_len, ans_size));
959 if (ans_length)
960 *ans_length = le16_to_cpu(ans->hermes_len);
961 }
962 exit:
963 ezusb_request_context_put(ctx);
964 return retval;
965 }
966
967 static int ezusb_write_ltv(struct hermes *hw, int bap, u16 rid,
968 u16 length, const void *data)
969 {
970 struct ezusb_priv *upriv = hw->priv;
971 u16 frame_type;
972 struct request_context *ctx;
973
974 if (length == 0)
975 return -EINVAL;
976
977 length = HERMES_RECLEN_TO_BYTES(length);
978
979 /* On memory mapped devices HERMES_RID_CNFGROUPADDRESSES can be
980 * set to be empty, but the USB bridge doesn't like it */
981 if (length == 0)
982 return 0;
983
984 ctx = ezusb_alloc_ctx(upriv, rid, EZUSB_RID_ACK);
985 if (!ctx)
986 return -ENOMEM;
987
988 if (rid == EZUSB_RID_TX)
989 frame_type = EZUSB_FRAME_DATA;
990 else
991 frame_type = EZUSB_FRAME_CONTROL;
992
993 return ezusb_access_ltv(upriv, ctx, length, data, frame_type,
994 NULL, 0, NULL);
995 }
996
997 static int ezusb_read_ltv(struct hermes *hw, int bap, u16 rid,
998 unsigned bufsize, u16 *length, void *buf)
999 {
1000 struct ezusb_priv *upriv = hw->priv;
1001 struct request_context *ctx;
1002
1003 if (bufsize % 2)
1004 return -EINVAL;
1005
1006 ctx = ezusb_alloc_ctx(upriv, rid, rid);
1007 if (!ctx)
1008 return -ENOMEM;
1009
1010 return ezusb_access_ltv(upriv, ctx, 0, NULL, EZUSB_FRAME_CONTROL,
1011 buf, bufsize, length);
1012 }
1013
1014 static int ezusb_doicmd_wait(struct hermes *hw, u16 cmd, u16 parm0, u16 parm1,
1015 u16 parm2, struct hermes_response *resp)
1016 {
1017 struct ezusb_priv *upriv = hw->priv;
1018 struct request_context *ctx;
1019
1020 __le16 data[4] = {
1021 cpu_to_le16(cmd),
1022 cpu_to_le16(parm0),
1023 cpu_to_le16(parm1),
1024 cpu_to_le16(parm2),
1025 };
1026 dbg("0x%04X, parm0 0x%04X, parm1 0x%04X, parm2 0x%04X",
1027 cmd, parm0, parm1, parm2);
1028 ctx = ezusb_alloc_ctx(upriv, EZUSB_RID_DOCMD, EZUSB_RID_ACK);
1029 if (!ctx)
1030 return -ENOMEM;
1031
1032 return ezusb_access_ltv(upriv, ctx, sizeof(data), &data,
1033 EZUSB_FRAME_CONTROL, NULL, 0, NULL);
1034 }
1035
1036 static int ezusb_docmd_wait(struct hermes *hw, u16 cmd, u16 parm0,
1037 struct hermes_response *resp)
1038 {
1039 struct ezusb_priv *upriv = hw->priv;
1040 struct request_context *ctx;
1041
1042 __le16 data[4] = {
1043 cpu_to_le16(cmd),
1044 cpu_to_le16(parm0),
1045 0,
1046 0,
1047 };
1048 dbg("0x%04X, parm0 0x%04X", cmd, parm0);
1049 ctx = ezusb_alloc_ctx(upriv, EZUSB_RID_DOCMD, EZUSB_RID_ACK);
1050 if (!ctx)
1051 return -ENOMEM;
1052
1053 return ezusb_access_ltv(upriv, ctx, sizeof(data), &data,
1054 EZUSB_FRAME_CONTROL, NULL, 0, NULL);
1055 }
1056
1057 static int ezusb_bap_pread(struct hermes *hw, int bap,
1058 void *buf, int len, u16 id, u16 offset)
1059 {
1060 struct ezusb_priv *upriv = hw->priv;
1061 struct ezusb_packet *ans = (void *) upriv->read_urb->transfer_buffer;
1062 int actual_length = upriv->read_urb->actual_length;
1063
1064 if (id == EZUSB_RID_RX) {
1065 if ((sizeof(*ans) + offset + len) > actual_length) {
1066 printk(KERN_ERR PFX "BAP read beyond buffer end "
1067 "in rx frame\n");
1068 return -EINVAL;
1069 }
1070 memcpy(buf, ans->data + offset, len);
1071 return 0;
1072 }
1073
1074 if (EZUSB_IS_INFO(id)) {
1075 /* Include 4 bytes for length/type */
1076 if ((sizeof(*ans) + offset + len - 4) > actual_length) {
1077 printk(KERN_ERR PFX "BAP read beyond buffer end "
1078 "in info frame\n");
1079 return -EFAULT;
1080 }
1081 memcpy(buf, ans->data + offset - 4, len);
1082 } else {
1083 printk(KERN_ERR PFX "Unexpected fid 0x%04x\n", id);
1084 return -EINVAL;
1085 }
1086
1087 return 0;
1088 }
1089
1090 static int ezusb_read_pda(struct hermes *hw, __le16 *pda,
1091 u32 pda_addr, u16 pda_len)
1092 {
1093 struct ezusb_priv *upriv = hw->priv;
1094 struct request_context *ctx;
1095 __le16 data[] = {
1096 cpu_to_le16(pda_addr & 0xffff),
1097 cpu_to_le16(pda_len - 4)
1098 };
1099 ctx = ezusb_alloc_ctx(upriv, EZUSB_RID_READ_PDA, EZUSB_RID_READ_PDA);
1100 if (!ctx)
1101 return -ENOMEM;
1102
1103 /* wl_lkm does not include PDA size in the PDA area.
1104 * We will pad the information into pda, so other routines
1105 * don't have to be modified */
1106 pda[0] = cpu_to_le16(pda_len - 2);
1107 /* Includes CFG_PROD_DATA but not itself */
1108 pda[1] = cpu_to_le16(0x0800); /* CFG_PROD_DATA */
1109
1110 return ezusb_access_ltv(upriv, ctx, sizeof(data), &data,
1111 EZUSB_FRAME_CONTROL, &pda[2], pda_len - 4,
1112 NULL);
1113 }
1114
1115 static int ezusb_program_init(struct hermes *hw, u32 entry_point)
1116 {
1117 struct ezusb_priv *upriv = hw->priv;
1118 struct request_context *ctx;
1119 __le32 data = cpu_to_le32(entry_point);
1120
1121 ctx = ezusb_alloc_ctx(upriv, EZUSB_RID_PROG_INIT, EZUSB_RID_ACK);
1122 if (!ctx)
1123 return -ENOMEM;
1124
1125 return ezusb_access_ltv(upriv, ctx, sizeof(data), &data,
1126 EZUSB_FRAME_CONTROL, NULL, 0, NULL);
1127 }
1128
1129 static int ezusb_program_end(struct hermes *hw)
1130 {
1131 struct ezusb_priv *upriv = hw->priv;
1132 struct request_context *ctx;
1133
1134 ctx = ezusb_alloc_ctx(upriv, EZUSB_RID_PROG_END, EZUSB_RID_ACK);
1135 if (!ctx)
1136 return -ENOMEM;
1137
1138 return ezusb_access_ltv(upriv, ctx, 0, NULL,
1139 EZUSB_FRAME_CONTROL, NULL, 0, NULL);
1140 }
1141
1142 static int ezusb_program_bytes(struct hermes *hw, const char *buf,
1143 u32 addr, u32 len)
1144 {
1145 struct ezusb_priv *upriv = hw->priv;
1146 struct request_context *ctx;
1147 __le32 data = cpu_to_le32(addr);
1148 int err;
1149
1150 ctx = ezusb_alloc_ctx(upriv, EZUSB_RID_PROG_SET_ADDR, EZUSB_RID_ACK);
1151 if (!ctx)
1152 return -ENOMEM;
1153
1154 err = ezusb_access_ltv(upriv, ctx, sizeof(data), &data,
1155 EZUSB_FRAME_CONTROL, NULL, 0, NULL);
1156 if (err)
1157 return err;
1158
1159 ctx = ezusb_alloc_ctx(upriv, EZUSB_RID_PROG_BYTES, EZUSB_RID_ACK);
1160 if (!ctx)
1161 return -ENOMEM;
1162
1163 return ezusb_access_ltv(upriv, ctx, len, buf,
1164 EZUSB_FRAME_CONTROL, NULL, 0, NULL);
1165 }
1166
1167 static int ezusb_program(struct hermes *hw, const char *buf,
1168 u32 addr, u32 len)
1169 {
1170 u32 ch_addr;
1171 u32 ch_len;
1172 int err = 0;
1173
1174 /* We can only send 2048 bytes out of the bulk xmit at a time,
1175 * so we have to split any programming into chunks of <2048
1176 * bytes. */
1177
1178 ch_len = (len < MAX_DL_SIZE) ? len : MAX_DL_SIZE;
1179 ch_addr = addr;
1180
1181 while (ch_addr < (addr + len)) {
1182 pr_debug("Programming subblock of length %d "
1183 "to address 0x%08x. Data @ %p\n",
1184 ch_len, ch_addr, &buf[ch_addr - addr]);
1185
1186 err = ezusb_program_bytes(hw, &buf[ch_addr - addr],
1187 ch_addr, ch_len);
1188 if (err)
1189 break;
1190
1191 ch_addr += ch_len;
1192 ch_len = ((addr + len - ch_addr) < MAX_DL_SIZE) ?
1193 (addr + len - ch_addr) : MAX_DL_SIZE;
1194 }
1195
1196 return err;
1197 }
1198
1199 static netdev_tx_t ezusb_xmit(struct sk_buff *skb, struct net_device *dev)
1200 {
1201 struct orinoco_private *priv = ndev_priv(dev);
1202 struct net_device_stats *stats = &priv->stats;
1203 struct ezusb_priv *upriv = priv->card;
1204 u8 mic[MICHAEL_MIC_LEN + 1];
1205 int err = 0;
1206 int tx_control;
1207 unsigned long flags;
1208 struct request_context *ctx;
1209 u8 *buf;
1210 int tx_size;
1211
1212 if (!netif_running(dev)) {
1213 printk(KERN_ERR "%s: Tx on stopped device!\n",
1214 dev->name);
1215 return NETDEV_TX_BUSY;
1216 }
1217
1218 if (netif_queue_stopped(dev)) {
1219 printk(KERN_DEBUG "%s: Tx while transmitter busy!\n",
1220 dev->name);
1221 return NETDEV_TX_BUSY;
1222 }
1223
1224 if (orinoco_lock(priv, &flags) != 0) {
1225 printk(KERN_ERR
1226 "%s: ezusb_xmit() called while hw_unavailable\n",
1227 dev->name);
1228 return NETDEV_TX_BUSY;
1229 }
1230
1231 if (!netif_carrier_ok(dev) ||
1232 (priv->iw_mode == NL80211_IFTYPE_MONITOR)) {
1233 /* Oops, the firmware hasn't established a connection,
1234 silently drop the packet (this seems to be the
1235 safest approach). */
1236 goto drop;
1237 }
1238
1239 /* Check packet length */
1240 if (skb->len < ETH_HLEN)
1241 goto drop;
1242
1243 ctx = ezusb_alloc_ctx(upriv, EZUSB_RID_TX, 0);
1244 if (!ctx)
1245 goto busy;
1246
1247 memset(ctx->buf, 0, BULK_BUF_SIZE);
1248 buf = ctx->buf->data;
1249
1250 tx_control = 0;
1251
1252 err = orinoco_process_xmit_skb(skb, dev, priv, &tx_control,
1253 &mic[0]);
1254 if (err)
1255 goto drop;
1256
1257 {
1258 __le16 *tx_cntl = (__le16 *)buf;
1259 *tx_cntl = cpu_to_le16(tx_control);
1260 buf += sizeof(*tx_cntl);
1261 }
1262
1263 memcpy(buf, skb->data, skb->len);
1264 buf += skb->len;
1265
1266 if (tx_control & HERMES_TXCTRL_MIC) {
1267 u8 *m = mic;
1268 /* Mic has been offset so it can be copied to an even
1269 * address. We're copying eveything anyway, so we
1270 * don't need to copy that first byte. */
1271 if (skb->len % 2)
1272 m++;
1273 memcpy(buf, m, MICHAEL_MIC_LEN);
1274 buf += MICHAEL_MIC_LEN;
1275 }
1276
1277 /* Finally, we actually initiate the send */
1278 netif_stop_queue(dev);
1279
1280 /* The card may behave better if we send evenly sized usb transfers */
1281 tx_size = ALIGN(buf - ctx->buf->data, 2);
1282
1283 err = ezusb_access_ltv(upriv, ctx, tx_size, NULL,
1284 EZUSB_FRAME_DATA, NULL, 0, NULL);
1285
1286 if (err) {
1287 netif_start_queue(dev);
1288 if (net_ratelimit())
1289 printk(KERN_ERR "%s: Error %d transmitting packet\n",
1290 dev->name, err);
1291 goto busy;
1292 }
1293
1294 dev->trans_start = jiffies;
1295 stats->tx_bytes += skb->len;
1296 goto ok;
1297
1298 drop:
1299 stats->tx_errors++;
1300 stats->tx_dropped++;
1301
1302 ok:
1303 orinoco_unlock(priv, &flags);
1304 dev_kfree_skb(skb);
1305 return NETDEV_TX_OK;
1306
1307 busy:
1308 orinoco_unlock(priv, &flags);
1309 return NETDEV_TX_BUSY;
1310 }
1311
1312 static int ezusb_allocate(struct hermes *hw, u16 size, u16 *fid)
1313 {
1314 *fid = EZUSB_RID_TX;
1315 return 0;
1316 }
1317
1318
1319 static int ezusb_hard_reset(struct orinoco_private *priv)
1320 {
1321 struct ezusb_priv *upriv = priv->card;
1322 int retval = ezusb_8051_cpucs(upriv, 1);
1323
1324 if (retval < 0) {
1325 err("Failed to reset");
1326 return retval;
1327 }
1328
1329 retval = ezusb_8051_cpucs(upriv, 0);
1330 if (retval < 0) {
1331 err("Failed to unreset");
1332 return retval;
1333 }
1334
1335 dbg("sending control message");
1336 retval = usb_control_msg(upriv->udev,
1337 usb_sndctrlpipe(upriv->udev, 0),
1338 EZUSB_REQUEST_TRIGER,
1339 USB_TYPE_VENDOR | USB_RECIP_DEVICE |
1340 USB_DIR_OUT, 0x0, 0x0, NULL, 0,
1341 DEF_TIMEOUT);
1342 if (retval < 0) {
1343 err("EZUSB_REQUEST_TRIGER failed retval %d", retval);
1344 return retval;
1345 }
1346 #if 0
1347 dbg("Sending EZUSB_REQUEST_TRIG_AC");
1348 retval = usb_control_msg(upriv->udev,
1349 usb_sndctrlpipe(upriv->udev, 0),
1350 EZUSB_REQUEST_TRIG_AC,
1351 USB_TYPE_VENDOR | USB_RECIP_DEVICE |
1352 USB_DIR_OUT, 0x00FA, 0x0, NULL, 0,
1353 DEF_TIMEOUT);
1354 if (retval < 0) {
1355 err("EZUSB_REQUEST_TRIG_AC failed retval %d", retval);
1356 return retval;
1357 }
1358 #endif
1359
1360 return 0;
1361 }
1362
1363
1364 static int ezusb_init(struct hermes *hw)
1365 {
1366 struct ezusb_priv *upriv = hw->priv;
1367 int retval;
1368
1369 BUG_ON(in_interrupt());
1370 BUG_ON(!upriv);
1371
1372 upriv->reply_count = 0;
1373 /* Write the MAGIC number on the simulated registers to keep
1374 * orinoco.c happy */
1375 hermes_write_regn(hw, SWSUPPORT0, HERMES_MAGIC);
1376 hermes_write_regn(hw, RXFID, EZUSB_RID_RX);
1377
1378 usb_kill_urb(upriv->read_urb);
1379 ezusb_submit_in_urb(upriv);
1380
1381 retval = ezusb_write_ltv(hw, 0, EZUSB_RID_INIT1,
1382 HERMES_BYTES_TO_RECLEN(2), "\x10\x00");
1383 if (retval < 0) {
1384 printk(KERN_ERR PFX "EZUSB_RID_INIT1 error %d\n", retval);
1385 return retval;
1386 }
1387
1388 retval = ezusb_docmd_wait(hw, HERMES_CMD_INIT, 0, NULL);
1389 if (retval < 0) {
1390 printk(KERN_ERR PFX "HERMES_CMD_INIT error %d\n", retval);
1391 return retval;
1392 }
1393
1394 return 0;
1395 }
1396
1397 static void ezusb_bulk_in_callback(struct urb *urb)
1398 {
1399 struct ezusb_priv *upriv = (struct ezusb_priv *) urb->context;
1400 struct ezusb_packet *ans = urb->transfer_buffer;
1401 u16 crc;
1402 u16 hermes_rid;
1403
1404 if (upriv->udev == NULL) {
1405 dbg("disconnected");
1406 return;
1407 }
1408
1409 if (urb->status == -ETIMEDOUT) {
1410 /* When a device gets unplugged we get this every time
1411 * we resubmit, flooding the logs. Since we don't use
1412 * USB timeouts, it shouldn't happen any other time*/
1413 pr_warning("%s: urb timed out, not resubmiting", __func__);
1414 return;
1415 }
1416 if (urb->status == -ECONNABORTED) {
1417 pr_warning("%s: connection abort, resubmiting urb",
1418 __func__);
1419 goto resubmit;
1420 }
1421 if ((urb->status == -EILSEQ)
1422 || (urb->status == -ENOENT)
1423 || (urb->status == -ECONNRESET)) {
1424 dbg("status %d, not resubmiting", urb->status);
1425 return;
1426 }
1427 if (urb->status)
1428 dbg("status: %d length: %d",
1429 urb->status, urb->actual_length);
1430 if (urb->actual_length < sizeof(*ans)) {
1431 err("%s: short read, ignoring", __func__);
1432 goto resubmit;
1433 }
1434 crc = build_crc(ans);
1435 if (le16_to_cpu(ans->crc) != crc) {
1436 err("CRC error, ignoring packet");
1437 goto resubmit;
1438 }
1439
1440 hermes_rid = le16_to_cpu(ans->hermes_rid);
1441 if ((hermes_rid != EZUSB_RID_RX) && !EZUSB_IS_INFO(hermes_rid)) {
1442 ezusb_request_in_callback(upriv, urb);
1443 } else if (upriv->dev) {
1444 struct net_device *dev = upriv->dev;
1445 struct orinoco_private *priv = ndev_priv(dev);
1446 struct hermes *hw = &priv->hw;
1447
1448 if (hermes_rid == EZUSB_RID_RX) {
1449 __orinoco_ev_rx(dev, hw);
1450 } else {
1451 hermes_write_regn(hw, INFOFID,
1452 le16_to_cpu(ans->hermes_rid));
1453 __orinoco_ev_info(dev, hw);
1454 }
1455 }
1456
1457 resubmit:
1458 if (upriv->udev)
1459 ezusb_submit_in_urb(upriv);
1460 }
1461
1462 static inline void ezusb_delete(struct ezusb_priv *upriv)
1463 {
1464 struct net_device *dev;
1465 struct list_head *item;
1466 struct list_head *tmp_item;
1467 unsigned long flags;
1468
1469 BUG_ON(in_interrupt());
1470 BUG_ON(!upriv);
1471
1472 dev = upriv->dev;
1473 mutex_lock(&upriv->mtx);
1474
1475 upriv->udev = NULL; /* No timer will be rearmed from here */
1476
1477 usb_kill_urb(upriv->read_urb);
1478
1479 spin_lock_irqsave(&upriv->req_lock, flags);
1480 list_for_each_safe(item, tmp_item, &upriv->req_active) {
1481 struct request_context *ctx;
1482 int err;
1483
1484 ctx = list_entry(item, struct request_context, list);
1485 atomic_inc(&ctx->refcount);
1486
1487 ctx->outurb->transfer_flags |= URB_ASYNC_UNLINK;
1488 err = usb_unlink_urb(ctx->outurb);
1489
1490 spin_unlock_irqrestore(&upriv->req_lock, flags);
1491 if (err == -EINPROGRESS)
1492 wait_for_completion(&ctx->done);
1493
1494 del_timer_sync(&ctx->timer);
1495 /* FIXME: there is an slight chance for the irq handler to
1496 * be running */
1497 if (!list_empty(&ctx->list))
1498 ezusb_ctx_complete(ctx);
1499
1500 ezusb_request_context_put(ctx);
1501 spin_lock_irqsave(&upriv->req_lock, flags);
1502 }
1503 spin_unlock_irqrestore(&upriv->req_lock, flags);
1504
1505 list_for_each_safe(item, tmp_item, &upriv->req_pending)
1506 ezusb_ctx_complete(list_entry(item,
1507 struct request_context, list));
1508
1509 if (upriv->read_urb && upriv->read_urb->status == -EINPROGRESS)
1510 printk(KERN_ERR PFX "Some URB in progress\n");
1511
1512 mutex_unlock(&upriv->mtx);
1513
1514 if (upriv->read_urb) {
1515 kfree(upriv->read_urb->transfer_buffer);
1516 usb_free_urb(upriv->read_urb);
1517 }
1518 kfree(upriv->bap_buf);
1519 if (upriv->dev) {
1520 struct orinoco_private *priv = ndev_priv(upriv->dev);
1521 orinoco_if_del(priv);
1522 free_orinocodev(priv);
1523 }
1524 }
1525
1526 static void ezusb_lock_irqsave(spinlock_t *lock,
1527 unsigned long *flags) __acquires(lock)
1528 {
1529 spin_lock_bh(lock);
1530 }
1531
1532 static void ezusb_unlock_irqrestore(spinlock_t *lock,
1533 unsigned long *flags) __releases(lock)
1534 {
1535 spin_unlock_bh(lock);
1536 }
1537
1538 static void ezusb_lock_irq(spinlock_t *lock) __acquires(lock)
1539 {
1540 spin_lock_bh(lock);
1541 }
1542
1543 static void ezusb_unlock_irq(spinlock_t *lock) __releases(lock)
1544 {
1545 spin_unlock_bh(lock);
1546 }
1547
1548 static const struct hermes_ops ezusb_ops = {
1549 .init = ezusb_init,
1550 .cmd_wait = ezusb_docmd_wait,
1551 .init_cmd_wait = ezusb_doicmd_wait,
1552 .allocate = ezusb_allocate,
1553 .read_ltv = ezusb_read_ltv,
1554 .write_ltv = ezusb_write_ltv,
1555 .bap_pread = ezusb_bap_pread,
1556 .read_pda = ezusb_read_pda,
1557 .program_init = ezusb_program_init,
1558 .program_end = ezusb_program_end,
1559 .program = ezusb_program,
1560 .lock_irqsave = ezusb_lock_irqsave,
1561 .unlock_irqrestore = ezusb_unlock_irqrestore,
1562 .lock_irq = ezusb_lock_irq,
1563 .unlock_irq = ezusb_unlock_irq,
1564 };
1565
1566 static const struct net_device_ops ezusb_netdev_ops = {
1567 .ndo_open = orinoco_open,
1568 .ndo_stop = orinoco_stop,
1569 .ndo_start_xmit = ezusb_xmit,
1570 .ndo_set_rx_mode = orinoco_set_multicast_list,
1571 .ndo_change_mtu = orinoco_change_mtu,
1572 .ndo_set_mac_address = eth_mac_addr,
1573 .ndo_validate_addr = eth_validate_addr,
1574 .ndo_tx_timeout = orinoco_tx_timeout,
1575 .ndo_get_stats = orinoco_get_stats,
1576 };
1577
1578 static int ezusb_probe(struct usb_interface *interface,
1579 const struct usb_device_id *id)
1580 {
1581 struct usb_device *udev = interface_to_usbdev(interface);
1582 struct orinoco_private *priv;
1583 struct hermes *hw;
1584 struct ezusb_priv *upriv = NULL;
1585 struct usb_interface_descriptor *iface_desc;
1586 struct usb_endpoint_descriptor *ep;
1587 const struct firmware *fw_entry = NULL;
1588 int retval = 0;
1589 int i;
1590
1591 priv = alloc_orinocodev(sizeof(*upriv), &udev->dev,
1592 ezusb_hard_reset, NULL);
1593 if (!priv) {
1594 err("Couldn't allocate orinocodev");
1595 goto exit;
1596 }
1597
1598 hw = &priv->hw;
1599
1600 upriv = priv->card;
1601
1602 mutex_init(&upriv->mtx);
1603 spin_lock_init(&upriv->reply_count_lock);
1604
1605 spin_lock_init(&upriv->req_lock);
1606 INIT_LIST_HEAD(&upriv->req_pending);
1607 INIT_LIST_HEAD(&upriv->req_active);
1608
1609 upriv->udev = udev;
1610
1611 hw->iobase = (void __force __iomem *) &upriv->hermes_reg_fake;
1612 hw->reg_spacing = HERMES_16BIT_REGSPACING;
1613 hw->priv = upriv;
1614 hw->ops = &ezusb_ops;
1615
1616 /* set up the endpoint information */
1617 /* check out the endpoints */
1618
1619 iface_desc = &interface->altsetting[0].desc;
1620 for (i = 0; i < iface_desc->bNumEndpoints; ++i) {
1621 ep = &interface->altsetting[0].endpoint[i].desc;
1622
1623 if (((ep->bEndpointAddress & USB_ENDPOINT_DIR_MASK)
1624 == USB_DIR_IN) &&
1625 ((ep->bmAttributes & USB_ENDPOINT_XFERTYPE_MASK)
1626 == USB_ENDPOINT_XFER_BULK)) {
1627 /* we found a bulk in endpoint */
1628 if (upriv->read_urb != NULL) {
1629 pr_warning("Found a second bulk in ep, ignored");
1630 continue;
1631 }
1632
1633 upriv->read_urb = usb_alloc_urb(0, GFP_KERNEL);
1634 if (!upriv->read_urb) {
1635 err("No free urbs available");
1636 goto error;
1637 }
1638 if (le16_to_cpu(ep->wMaxPacketSize) != 64)
1639 pr_warning("bulk in: wMaxPacketSize!= 64");
1640 if (ep->bEndpointAddress != (2 | USB_DIR_IN))
1641 pr_warning("bulk in: bEndpointAddress: %d",
1642 ep->bEndpointAddress);
1643 upriv->read_pipe = usb_rcvbulkpipe(udev,
1644 ep->
1645 bEndpointAddress);
1646 upriv->read_urb->transfer_buffer =
1647 kmalloc(BULK_BUF_SIZE, GFP_KERNEL);
1648 if (!upriv->read_urb->transfer_buffer) {
1649 err("Couldn't allocate IN buffer");
1650 goto error;
1651 }
1652 }
1653
1654 if (((ep->bEndpointAddress & USB_ENDPOINT_DIR_MASK)
1655 == USB_DIR_OUT) &&
1656 ((ep->bmAttributes & USB_ENDPOINT_XFERTYPE_MASK)
1657 == USB_ENDPOINT_XFER_BULK)) {
1658 /* we found a bulk out endpoint */
1659 if (upriv->bap_buf != NULL) {
1660 pr_warning("Found a second bulk out ep, ignored");
1661 continue;
1662 }
1663
1664 if (le16_to_cpu(ep->wMaxPacketSize) != 64)
1665 pr_warning("bulk out: wMaxPacketSize != 64");
1666 if (ep->bEndpointAddress != 2)
1667 pr_warning("bulk out: bEndpointAddress: %d",
1668 ep->bEndpointAddress);
1669 upriv->write_pipe = usb_sndbulkpipe(udev,
1670 ep->
1671 bEndpointAddress);
1672 upriv->bap_buf = kmalloc(BULK_BUF_SIZE, GFP_KERNEL);
1673 if (!upriv->bap_buf) {
1674 err("Couldn't allocate bulk_out_buffer");
1675 goto error;
1676 }
1677 }
1678 }
1679 if (!upriv->bap_buf || !upriv->read_urb) {
1680 err("Didn't find the required bulk endpoints");
1681 goto error;
1682 }
1683
1684 if (request_firmware(&fw_entry, "orinoco_ezusb_fw",
1685 &interface->dev) == 0) {
1686 firmware.size = fw_entry->size;
1687 firmware.code = fw_entry->data;
1688 }
1689 if (firmware.size && firmware.code) {
1690 if (ezusb_firmware_download(upriv, &firmware))
1691 goto error;
1692 } else {
1693 err("No firmware to download");
1694 goto error;
1695 }
1696
1697 if (ezusb_hard_reset(priv) < 0) {
1698 err("Cannot reset the device");
1699 goto error;
1700 }
1701
1702 /* If the firmware is already downloaded orinoco.c will call
1703 * ezusb_init but if the firmware is not already there, that will make
1704 * the kernel very unstable, so we try initializing here and quit in
1705 * case of error */
1706 if (ezusb_init(hw) < 0) {
1707 err("Couldn't initialize the device");
1708 err("Firmware may not be downloaded or may be wrong.");
1709 goto error;
1710 }
1711
1712 /* Initialise the main driver */
1713 if (orinoco_init(priv) != 0) {
1714 err("orinoco_init() failed\n");
1715 goto error;
1716 }
1717
1718 if (orinoco_if_add(priv, 0, 0, &ezusb_netdev_ops) != 0) {
1719 upriv->dev = NULL;
1720 err("%s: orinoco_if_add() failed", __func__);
1721 goto error;
1722 }
1723 upriv->dev = priv->ndev;
1724
1725 goto exit;
1726
1727 error:
1728 ezusb_delete(upriv);
1729 if (upriv->dev) {
1730 /* upriv->dev was 0, so ezusb_delete() didn't free it */
1731 free_orinocodev(priv);
1732 }
1733 upriv = NULL;
1734 retval = -EFAULT;
1735 exit:
1736 if (fw_entry) {
1737 firmware.code = NULL;
1738 firmware.size = 0;
1739 release_firmware(fw_entry);
1740 }
1741 usb_set_intfdata(interface, upriv);
1742 return retval;
1743 }
1744
1745
1746 static void ezusb_disconnect(struct usb_interface *intf)
1747 {
1748 struct ezusb_priv *upriv = usb_get_intfdata(intf);
1749 usb_set_intfdata(intf, NULL);
1750 ezusb_delete(upriv);
1751 printk(KERN_INFO PFX "Disconnected\n");
1752 }
1753
1754
1755 /* usb specific object needed to register this driver with the usb subsystem */
1756 static struct usb_driver orinoco_driver = {
1757 .name = DRIVER_NAME,
1758 .probe = ezusb_probe,
1759 .disconnect = ezusb_disconnect,
1760 .id_table = ezusb_table,
1761 .disable_hub_initiated_lpm = 1,
1762 };
1763
1764 module_usb_driver(orinoco_driver);
1765
1766 MODULE_AUTHOR("Manuel Estrada Sainz");
1767 MODULE_DESCRIPTION("Driver for Orinoco wireless LAN cards using EZUSB bridge");
1768 MODULE_LICENSE("Dual MPL/GPL");
Linux with added FPC-III support