search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
i2c: gpio: fault-injector: refactor incomplete transfer
[linux/fpc-iii.git] / drivers / net / wireless / intersil / orinoco / orinoco_usb.c
blob94ad6fe29e69bdf199157e78023e15595e22daa9
1 /*
2 * USB Orinoco driver
3 *
4 * Copyright (c) 2003 Manuel Estrada Sainz
5 *
6 * The contents of this file are subject to the Mozilla Public License
7 * Version 1.1 (the "License"); you may not use this file except in
8 * compliance with the License. You may obtain a copy of the License
9 * at http://www.mozilla.org/MPL/
10 *
11 * Software distributed under the License is distributed on an "AS IS"
12 * basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
13 * the License for the specific language governing rights and
14 * limitations under the License.
15 *
16 * Alternatively, the contents of this file may be used under the
17 * terms of the GNU General Public License version 2 (the "GPL"), in
18 * which case the provisions of the GPL are applicable instead of the
19 * above. If you wish to allow the use of your version of this file
20 * only under the terms of the GPL and not to allow others to use your
21 * version of this file under the MPL, indicate your decision by
22 * deleting the provisions above and replace them with the notice and
23 * other provisions required by the GPL. If you do not delete the
24 * provisions above, a recipient may use your version of this file
25 * under either the MPL or the GPL.
26 *
27 * Queueing code based on linux-wlan-ng 0.2.1-pre5
28 *
29 * Copyright (C) 1999 AbsoluteValue Systems, Inc. All Rights Reserved.
30 *
31 * The license is the same as above.
32 *
33 * Initialy based on USB Skeleton driver - 0.7
34 *
35 * Copyright (c) 2001 Greg Kroah-Hartman (greg@kroah.com)
36 *
37 * This program is free software; you can redistribute it and/or
38 * modify it under the terms of the GNU General Public License as
39 * published by the Free Software Foundation; either version 2 of
40 * the License, or (at your option) any later version.
41 *
42 * NOTE: The original USB Skeleton driver is GPL, but all that code is
43 * gone so MPL/GPL applies.
44 */
45
46 #define DRIVER_NAME "orinoco_usb"
47 #define PFX DRIVER_NAME ": "
48
49 #include <linux/module.h>
50 #include <linux/kernel.h>
51 #include <linux/sched.h>
52 #include <linux/signal.h>
53 #include <linux/errno.h>
54 #include <linux/poll.h>
55 #include <linux/slab.h>
56 #include <linux/fcntl.h>
57 #include <linux/spinlock.h>
58 #include <linux/list.h>
59 #include <linux/usb.h>
60 #include <linux/timer.h>
61
62 #include <linux/netdevice.h>
63 #include <linux/if_arp.h>
64 #include <linux/etherdevice.h>
65 #include <linux/wireless.h>
66 #include <linux/firmware.h>
67 #include <linux/refcount.h>
68
69 #include "mic.h"
70 #include "orinoco.h"
71
72 #ifndef URB_ASYNC_UNLINK
73 #define URB_ASYNC_UNLINK 0
74 #endif
75
76 /* 802.2 LLC/SNAP header used for Ethernet encapsulation over 802.11 */
77 static const u8 encaps_hdr[] = {0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00};
78 #define ENCAPS_OVERHEAD (sizeof(encaps_hdr) + 2)
79
80 struct header_struct {
81 /* 802.3 */
82 u8 dest[ETH_ALEN];
83 u8 src[ETH_ALEN];
84 __be16 len;
85 /* 802.2 */
86 u8 dsap;
87 u8 ssap;
88 u8 ctrl;
89 /* SNAP */
90 u8 oui[3];
91 __be16 ethertype;
92 } __packed;
93
94 struct ez_usb_fw {
95 u16 size;
96 const u8 *code;
97 };
98
99 static struct ez_usb_fw firmware = {
100 .size = 0,
101 .code = NULL,
102 };
103
104 /* Debugging macros */
105 #undef err
106 #define err(format, arg...) \
107 do { printk(KERN_ERR PFX format "\n", ## arg); } while (0)
108
109 MODULE_FIRMWARE("orinoco_ezusb_fw");
110
111 /*
112 * Under some conditions, the card gets stuck and stops paying attention
113 * to the world (i.e. data communication stalls) until we do something to
114 * it. Sending an INQ_TALLIES command seems to be enough and should be
115 * harmless otherwise. This behaviour has been observed when using the
116 * driver on a systemimager client during installation. In the past a
117 * timer was used to send INQ_TALLIES commands when there was no other
118 * activity, but it was troublesome and was removed.
119 */
120
121 #define USB_COMPAQ_VENDOR_ID 0x049f /* Compaq Computer Corp. */
122 #define USB_COMPAQ_WL215_ID 0x001f /* Compaq WL215 USB Adapter */
123 #define USB_COMPAQ_W200_ID 0x0076 /* Compaq W200 USB Adapter */
124 #define USB_HP_WL215_ID 0x0082 /* Compaq WL215 USB Adapter */
125
126 #define USB_MELCO_VENDOR_ID 0x0411
127 #define USB_BUFFALO_L11_ID 0x0006 /* BUFFALO WLI-USB-L11 */
128 #define USB_BUFFALO_L11G_WR_ID 0x000B /* BUFFALO WLI-USB-L11G-WR */
129 #define USB_BUFFALO_L11G_ID 0x000D /* BUFFALO WLI-USB-L11G */
130
131 #define USB_LUCENT_VENDOR_ID 0x047E /* Lucent Technologies */
132 #define USB_LUCENT_ORINOCO_ID 0x0300 /* Lucent/Agere Orinoco USB Client */
133
134 #define USB_AVAYA8_VENDOR_ID 0x0D98
135 #define USB_AVAYAE_VENDOR_ID 0x0D9E
136 #define USB_AVAYA_WIRELESS_ID 0x0300 /* Avaya Wireless USB Card */
137
138 #define USB_AGERE_VENDOR_ID 0x0D4E /* Agere Systems */
139 #define USB_AGERE_MODEL0801_ID 0x1000 /* Wireless USB Card Model 0801 */
140 #define USB_AGERE_MODEL0802_ID 0x1001 /* Wireless USB Card Model 0802 */
141 #define USB_AGERE_REBRANDED_ID 0x047A /* WLAN USB Card */
142
143 #define USB_ELSA_VENDOR_ID 0x05CC
144 #define USB_ELSA_AIRLANCER_ID 0x3100 /* ELSA AirLancer USB-11 */
145
146 #define USB_LEGEND_VENDOR_ID 0x0E7C
147 #define USB_LEGEND_JOYNET_ID 0x0300 /* Joynet WLAN USB Card */
148
149 #define USB_SAMSUNG_VENDOR_ID 0x04E8
150 #define USB_SAMSUNG_SEW2001U1_ID 0x5002 /* Samsung SEW-2001u Card */
151 #define USB_SAMSUNG_SEW2001U2_ID 0x5B11 /* Samsung SEW-2001u Card */
152 #define USB_SAMSUNG_SEW2003U_ID 0x7011 /* Samsung SEW-2003U Card */
153
154 #define USB_IGATE_VENDOR_ID 0x0681
155 #define USB_IGATE_IGATE_11M_ID 0x0012 /* I-GATE 11M USB Card */
156
157 #define USB_FUJITSU_VENDOR_ID 0x0BF8
158 #define USB_FUJITSU_E1100_ID 0x1002 /* connect2AIR WLAN E-1100 USB */
159
160 #define USB_2WIRE_VENDOR_ID 0x1630
161 #define USB_2WIRE_WIRELESS_ID 0xff81 /* 2Wire Wireless USB adapter */
162
163
164 #define EZUSB_REQUEST_FW_TRANS 0xA0
165 #define EZUSB_REQUEST_TRIGER 0xAA
166 #define EZUSB_REQUEST_TRIG_AC 0xAC
167 #define EZUSB_CPUCS_REG 0x7F92
168
169 #define EZUSB_RID_TX 0x0700
170 #define EZUSB_RID_RX 0x0701
171 #define EZUSB_RID_INIT1 0x0702
172 #define EZUSB_RID_ACK 0x0710
173 #define EZUSB_RID_READ_PDA 0x0800
174 #define EZUSB_RID_PROG_INIT 0x0852
175 #define EZUSB_RID_PROG_SET_ADDR 0x0853
176 #define EZUSB_RID_PROG_BYTES 0x0854
177 #define EZUSB_RID_PROG_END 0x0855
178 #define EZUSB_RID_DOCMD 0x0860
179
180 /* Recognize info frames */
181 #define EZUSB_IS_INFO(id) ((id >= 0xF000) && (id <= 0xF2FF))
182
183 #define EZUSB_MAGIC 0x0210
184
185 #define EZUSB_FRAME_DATA 1
186 #define EZUSB_FRAME_CONTROL 2
187
188 #define DEF_TIMEOUT (3 * HZ)
189
190 #define BULK_BUF_SIZE 2048
191
192 #define MAX_DL_SIZE (BULK_BUF_SIZE - sizeof(struct ezusb_packet))
193
194 #define FW_BUF_SIZE 64
195 #define FW_VAR_OFFSET_PTR 0x359
196 #define FW_VAR_VALUE 0
197 #define FW_HOLE_START 0x100
198 #define FW_HOLE_END 0x300
199
200 struct ezusb_packet {
201 __le16 magic; /* 0x0210 */
202 u8 req_reply_count;
203 u8 ans_reply_count;
204 __le16 frame_type; /* 0x01 for data frames, 0x02 otherwise */
205 __le16 size; /* transport size */
206 __le16 crc; /* CRC up to here */
207 __le16 hermes_len;
208 __le16 hermes_rid;
209 u8 data[0];
210 } __packed;
211
212 /* Table of devices that work or may work with this driver */
213 static const struct usb_device_id ezusb_table[] = {
214 {USB_DEVICE(USB_COMPAQ_VENDOR_ID, USB_COMPAQ_WL215_ID)},
215 {USB_DEVICE(USB_COMPAQ_VENDOR_ID, USB_HP_WL215_ID)},
216 {USB_DEVICE(USB_COMPAQ_VENDOR_ID, USB_COMPAQ_W200_ID)},
217 {USB_DEVICE(USB_MELCO_VENDOR_ID, USB_BUFFALO_L11_ID)},
218 {USB_DEVICE(USB_MELCO_VENDOR_ID, USB_BUFFALO_L11G_WR_ID)},
219 {USB_DEVICE(USB_MELCO_VENDOR_ID, USB_BUFFALO_L11G_ID)},
220 {USB_DEVICE(USB_LUCENT_VENDOR_ID, USB_LUCENT_ORINOCO_ID)},
221 {USB_DEVICE(USB_AVAYA8_VENDOR_ID, USB_AVAYA_WIRELESS_ID)},
222 {USB_DEVICE(USB_AVAYAE_VENDOR_ID, USB_AVAYA_WIRELESS_ID)},
223 {USB_DEVICE(USB_AGERE_VENDOR_ID, USB_AGERE_MODEL0801_ID)},
224 {USB_DEVICE(USB_AGERE_VENDOR_ID, USB_AGERE_MODEL0802_ID)},
225 {USB_DEVICE(USB_ELSA_VENDOR_ID, USB_ELSA_AIRLANCER_ID)},
226 {USB_DEVICE(USB_LEGEND_VENDOR_ID, USB_LEGEND_JOYNET_ID)},
227 {USB_DEVICE_VER(USB_SAMSUNG_VENDOR_ID, USB_SAMSUNG_SEW2001U1_ID,
228 0, 0)},
229 {USB_DEVICE(USB_SAMSUNG_VENDOR_ID, USB_SAMSUNG_SEW2001U2_ID)},
230 {USB_DEVICE(USB_SAMSUNG_VENDOR_ID, USB_SAMSUNG_SEW2003U_ID)},
231 {USB_DEVICE(USB_IGATE_VENDOR_ID, USB_IGATE_IGATE_11M_ID)},
232 {USB_DEVICE(USB_FUJITSU_VENDOR_ID, USB_FUJITSU_E1100_ID)},
233 {USB_DEVICE(USB_2WIRE_VENDOR_ID, USB_2WIRE_WIRELESS_ID)},
234 {USB_DEVICE(USB_AGERE_VENDOR_ID, USB_AGERE_REBRANDED_ID)},
235 {} /* Terminating entry */
236 };
237
238 MODULE_DEVICE_TABLE(usb, ezusb_table);
239
240 /* Structure to hold all of our device specific stuff */
241 struct ezusb_priv {
242 struct usb_device *udev;
243 struct net_device *dev;
244 struct mutex mtx;
245 spinlock_t req_lock;
246 struct list_head req_pending;
247 struct list_head req_active;
248 spinlock_t reply_count_lock;
249 u16 hermes_reg_fake[0x40];
250 u8 *bap_buf;
251 struct urb *read_urb;
252 int read_pipe;
253 int write_pipe;
254 u8 reply_count;
255 };
256
257 enum ezusb_state {
258 EZUSB_CTX_START,
259 EZUSB_CTX_QUEUED,
260 EZUSB_CTX_REQ_SUBMITTED,
261 EZUSB_CTX_REQ_COMPLETE,
262 EZUSB_CTX_RESP_RECEIVED,
263 EZUSB_CTX_REQ_TIMEOUT,
264 EZUSB_CTX_REQ_FAILED,
265 EZUSB_CTX_RESP_TIMEOUT,
266 EZUSB_CTX_REQSUBMIT_FAIL,
267 EZUSB_CTX_COMPLETE,
268 };
269
270 struct request_context {
271 struct list_head list;
272 refcount_t refcount;
273 struct completion done; /* Signals that CTX is dead */
274 int killed;
275 struct urb *outurb; /* OUT for req pkt */
276 struct ezusb_priv *upriv;
277 struct ezusb_packet *buf;
278 int buf_length;
279 struct timer_list timer; /* Timeout handling */
280 enum ezusb_state state; /* Current state */
281 /* the RID that we will wait for */
282 u16 out_rid;
283 u16 in_rid;
284 };
285
286
287 /* Forward declarations */
288 static void ezusb_ctx_complete(struct request_context *ctx);
289 static void ezusb_req_queue_run(struct ezusb_priv *upriv);
290 static void ezusb_bulk_in_callback(struct urb *urb);
291
292 static inline u8 ezusb_reply_inc(u8 count)
293 {
294 if (count < 0x7F)
295 return count + 1;
296 else
297 return 1;
298 }
299
300 static void ezusb_request_context_put(struct request_context *ctx)
301 {
302 if (!refcount_dec_and_test(&ctx->refcount))
303 return;
304
305 WARN_ON(!ctx->done.done);
306 BUG_ON(ctx->outurb->status == -EINPROGRESS);
307 BUG_ON(timer_pending(&ctx->timer));
308 usb_free_urb(ctx->outurb);
309 kfree(ctx->buf);
310 kfree(ctx);
311 }
312
313 static inline void ezusb_mod_timer(struct ezusb_priv *upriv,
314 struct timer_list *timer,
315 unsigned long expire)
316 {
317 if (!upriv->udev)
318 return;
319 mod_timer(timer, expire);
320 }
321
322 static void ezusb_request_timerfn(struct timer_list *t)
323 {
324 struct request_context *ctx = from_timer(ctx, t, timer);
325
326 ctx->outurb->transfer_flags |= URB_ASYNC_UNLINK;
327 if (usb_unlink_urb(ctx->outurb) == -EINPROGRESS) {
328 ctx->state = EZUSB_CTX_REQ_TIMEOUT;
329 } else {
330 ctx->state = EZUSB_CTX_RESP_TIMEOUT;
331 dev_dbg(&ctx->outurb->dev->dev, "couldn't unlink\n");
332 refcount_inc(&ctx->refcount);
333 ctx->killed = 1;
334 ezusb_ctx_complete(ctx);
335 ezusb_request_context_put(ctx);
336 }
337 };
338
339 static struct request_context *ezusb_alloc_ctx(struct ezusb_priv *upriv,
340 u16 out_rid, u16 in_rid)
341 {
342 struct request_context *ctx;
343
344 ctx = kzalloc(sizeof(*ctx), GFP_ATOMIC);
345 if (!ctx)
346 return NULL;
347
348 ctx->buf = kmalloc(BULK_BUF_SIZE, GFP_ATOMIC);
349 if (!ctx->buf) {
350 kfree(ctx);
351 return NULL;
352 }
353 ctx->outurb = usb_alloc_urb(0, GFP_ATOMIC);
354 if (!ctx->outurb) {
355 kfree(ctx->buf);
356 kfree(ctx);
357 return NULL;
358 }
359
360 ctx->upriv = upriv;
361 ctx->state = EZUSB_CTX_START;
362 ctx->out_rid = out_rid;
363 ctx->in_rid = in_rid;
364
365 refcount_set(&ctx->refcount, 1);
366 init_completion(&ctx->done);
367
368 timer_setup(&ctx->timer, ezusb_request_timerfn, 0);
369 return ctx;
370 }
371
372
373 /* Hopefully the real complete_all will soon be exported, in the mean
374 * while this should work. */
375 static inline void ezusb_complete_all(struct completion *comp)
376 {
377 complete(comp);
378 complete(comp);
379 complete(comp);
380 complete(comp);
381 }
382
383 static void ezusb_ctx_complete(struct request_context *ctx)
384 {
385 struct ezusb_priv *upriv = ctx->upriv;
386 unsigned long flags;
387
388 spin_lock_irqsave(&upriv->req_lock, flags);
389
390 list_del_init(&ctx->list);
391 if (upriv->udev) {
392 spin_unlock_irqrestore(&upriv->req_lock, flags);
393 ezusb_req_queue_run(upriv);
394 spin_lock_irqsave(&upriv->req_lock, flags);
395 }
396
397 switch (ctx->state) {
398 case EZUSB_CTX_COMPLETE:
399 case EZUSB_CTX_REQSUBMIT_FAIL:
400 case EZUSB_CTX_REQ_FAILED:
401 case EZUSB_CTX_REQ_TIMEOUT:
402 case EZUSB_CTX_RESP_TIMEOUT:
403 spin_unlock_irqrestore(&upriv->req_lock, flags);
404
405 if ((ctx->out_rid == EZUSB_RID_TX) && upriv->dev) {
406 struct net_device *dev = upriv->dev;
407 struct net_device_stats *stats = &dev->stats;
408
409 if (ctx->state != EZUSB_CTX_COMPLETE)
410 stats->tx_errors++;
411 else
412 stats->tx_packets++;
413
414 netif_wake_queue(dev);
415 }
416 ezusb_complete_all(&ctx->done);
417 ezusb_request_context_put(ctx);
418 break;
419
420 default:
421 spin_unlock_irqrestore(&upriv->req_lock, flags);
422 if (!upriv->udev) {
423 /* This is normal, as all request contexts get flushed
424 * when the device is disconnected */
425 err("Called, CTX not terminating, but device gone");
426 ezusb_complete_all(&ctx->done);
427 ezusb_request_context_put(ctx);
428 break;
429 }
430
431 err("Called, CTX not in terminating state.");
432 /* Things are really bad if this happens. Just leak
433 * the CTX because it may still be linked to the
434 * queue or the OUT urb may still be active.
435 * Just leaking at least prevents an Oops or Panic.
436 */
437 break;
438 }
439 }
440
441 /**
442 * ezusb_req_queue_run:
443 * Description:
444 * Note: Only one active CTX at any one time, because there's no
445 * other (reliable) way to match the response URB to the correct
446 * CTX.
447 **/
448 static void ezusb_req_queue_run(struct ezusb_priv *upriv)
449 {
450 unsigned long flags;
451 struct request_context *ctx;
452 int result;
453
454 spin_lock_irqsave(&upriv->req_lock, flags);
455
456 if (!list_empty(&upriv->req_active))
457 goto unlock;
458
459 if (list_empty(&upriv->req_pending))
460 goto unlock;
461
462 ctx =
463 list_entry(upriv->req_pending.next, struct request_context,
464 list);
465
466 if (!ctx->upriv->udev)
467 goto unlock;
468
469 /* We need to split this off to avoid a race condition */
470 list_move_tail(&ctx->list, &upriv->req_active);
471
472 if (ctx->state == EZUSB_CTX_QUEUED) {
473 refcount_inc(&ctx->refcount);
474 result = usb_submit_urb(ctx->outurb, GFP_ATOMIC);
475 if (result) {
476 ctx->state = EZUSB_CTX_REQSUBMIT_FAIL;
477
478 spin_unlock_irqrestore(&upriv->req_lock, flags);
479
480 err("Fatal, failed to submit command urb."
481 " error=%d\n", result);
482
483 ezusb_ctx_complete(ctx);
484 ezusb_request_context_put(ctx);
485 goto done;
486 }
487
488 ctx->state = EZUSB_CTX_REQ_SUBMITTED;
489 ezusb_mod_timer(ctx->upriv, &ctx->timer,
490 jiffies + DEF_TIMEOUT);
491 }
492
493 unlock:
494 spin_unlock_irqrestore(&upriv->req_lock, flags);
495
496 done:
497 return;
498 }
499
500 static void ezusb_req_enqueue_run(struct ezusb_priv *upriv,
501 struct request_context *ctx)
502 {
503 unsigned long flags;
504
505 spin_lock_irqsave(&upriv->req_lock, flags);
506
507 if (!ctx->upriv->udev) {
508 spin_unlock_irqrestore(&upriv->req_lock, flags);
509 goto done;
510 }
511 refcount_inc(&ctx->refcount);
512 list_add_tail(&ctx->list, &upriv->req_pending);
513 spin_unlock_irqrestore(&upriv->req_lock, flags);
514
515 ctx->state = EZUSB_CTX_QUEUED;
516 ezusb_req_queue_run(upriv);
517
518 done:
519 return;
520 }
521
522 static void ezusb_request_out_callback(struct urb *urb)
523 {
524 unsigned long flags;
525 enum ezusb_state state;
526 struct request_context *ctx = urb->context;
527 struct ezusb_priv *upriv = ctx->upriv;
528
529 spin_lock_irqsave(&upriv->req_lock, flags);
530
531 del_timer(&ctx->timer);
532
533 if (ctx->killed) {
534 spin_unlock_irqrestore(&upriv->req_lock, flags);
535 pr_warn("interrupt called with dead ctx\n");
536 goto out;
537 }
538
539 state = ctx->state;
540
541 if (urb->status == 0) {
542 switch (state) {
543 case EZUSB_CTX_REQ_SUBMITTED:
544 if (ctx->in_rid) {
545 ctx->state = EZUSB_CTX_REQ_COMPLETE;
546 /* reply URB still pending */
547 ezusb_mod_timer(upriv, &ctx->timer,
548 jiffies + DEF_TIMEOUT);
549 spin_unlock_irqrestore(&upriv->req_lock,
550 flags);
551 break;
552 }
553 /* fall through */
554 case EZUSB_CTX_RESP_RECEIVED:
555 /* IN already received before this OUT-ACK */
556 ctx->state = EZUSB_CTX_COMPLETE;
557 spin_unlock_irqrestore(&upriv->req_lock, flags);
558 ezusb_ctx_complete(ctx);
559 break;
560
561 default:
562 spin_unlock_irqrestore(&upriv->req_lock, flags);
563 err("Unexpected state(0x%x, %d) in OUT URB",
564 state, urb->status);
565 break;
566 }
567 } else {
568 /* If someone cancels the OUT URB then its status
569 * should be either -ECONNRESET or -ENOENT.
570 */
571 switch (state) {
572 case EZUSB_CTX_REQ_SUBMITTED:
573 case EZUSB_CTX_RESP_RECEIVED:
574 ctx->state = EZUSB_CTX_REQ_FAILED;
575 /* fall through */
576
577 case EZUSB_CTX_REQ_FAILED:
578 case EZUSB_CTX_REQ_TIMEOUT:
579 spin_unlock_irqrestore(&upriv->req_lock, flags);
580
581 ezusb_ctx_complete(ctx);
582 break;
583
584 default:
585 spin_unlock_irqrestore(&upriv->req_lock, flags);
586
587 err("Unexpected state(0x%x, %d) in OUT URB",
588 state, urb->status);
589 break;
590 }
591 }
592 out:
593 ezusb_request_context_put(ctx);
594 }
595
596 static void ezusb_request_in_callback(struct ezusb_priv *upriv,
597 struct urb *urb)
598 {
599 struct ezusb_packet *ans = urb->transfer_buffer;
600 struct request_context *ctx = NULL;
601 enum ezusb_state state;
602 unsigned long flags;
603
604 /* Find the CTX on the active queue that requested this URB */
605 spin_lock_irqsave(&upriv->req_lock, flags);
606 if (upriv->udev) {
607 struct list_head *item;
608
609 list_for_each(item, &upriv->req_active) {
610 struct request_context *c;
611 int reply_count;
612
613 c = list_entry(item, struct request_context, list);
614 reply_count =
615 ezusb_reply_inc(c->buf->req_reply_count);
616 if ((ans->ans_reply_count == reply_count)
617 && (le16_to_cpu(ans->hermes_rid) == c->in_rid)) {
618 ctx = c;
619 break;
620 }
621 netdev_dbg(upriv->dev, "Skipped (0x%x/0x%x) (%d/%d)\n",
622 le16_to_cpu(ans->hermes_rid), c->in_rid,
623 ans->ans_reply_count, reply_count);
624 }
625 }
626
627 if (ctx == NULL) {
628 spin_unlock_irqrestore(&upriv->req_lock, flags);
629 err("%s: got unexpected RID: 0x%04X", __func__,
630 le16_to_cpu(ans->hermes_rid));
631 ezusb_req_queue_run(upriv);
632 return;
633 }
634
635 /* The data we want is in the in buffer, exchange */
636 urb->transfer_buffer = ctx->buf;
637 ctx->buf = (void *) ans;
638 ctx->buf_length = urb->actual_length;
639
640 state = ctx->state;
641 switch (state) {
642 case EZUSB_CTX_REQ_SUBMITTED:
643 /* We have received our response URB before
644 * our request has been acknowledged. Do NOT
645 * destroy our CTX yet, because our OUT URB
646 * is still alive ...
647 */
648 ctx->state = EZUSB_CTX_RESP_RECEIVED;
649 spin_unlock_irqrestore(&upriv->req_lock, flags);
650
651 /* Let the machine continue running. */
652 break;
653
654 case EZUSB_CTX_REQ_COMPLETE:
655 /* This is the usual path: our request
656 * has already been acknowledged, and
657 * we have now received the reply.
658 */
659 ctx->state = EZUSB_CTX_COMPLETE;
660
661 /* Stop the intimer */
662 del_timer(&ctx->timer);
663 spin_unlock_irqrestore(&upriv->req_lock, flags);
664
665 /* Call the completion handler */
666 ezusb_ctx_complete(ctx);
667 break;
668
669 default:
670 spin_unlock_irqrestore(&upriv->req_lock, flags);
671
672 pr_warn("Matched IN URB, unexpected context state(0x%x)\n",
673 state);
674 /* Throw this CTX away and try submitting another */
675 del_timer(&ctx->timer);
676 ctx->outurb->transfer_flags |= URB_ASYNC_UNLINK;
677 usb_unlink_urb(ctx->outurb);
678 ezusb_req_queue_run(upriv);
679 break;
680 } /* switch */
681 }
682
683
684 static void ezusb_req_ctx_wait(struct ezusb_priv *upriv,
685 struct request_context *ctx)
686 {
687 switch (ctx->state) {
688 case EZUSB_CTX_QUEUED:
689 case EZUSB_CTX_REQ_SUBMITTED:
690 case EZUSB_CTX_REQ_COMPLETE:
691 case EZUSB_CTX_RESP_RECEIVED:
692 if (in_softirq()) {
693 /* If we get called from a timer, timeout timers don't
694 * get the chance to run themselves. So we make sure
695 * that we don't sleep for ever */
696 int msecs = DEF_TIMEOUT * (1000 / HZ);
697 while (!ctx->done.done && msecs--)
698 udelay(1000);
699 } else {
700 wait_event_interruptible(ctx->done.wait,
701 ctx->done.done);
702 }
703 break;
704 default:
705 /* Done or failed - nothing to wait for */
706 break;
707 }
708 }
709
710 static inline u16 build_crc(struct ezusb_packet *data)
711 {
712 u16 crc = 0;
713 u8 *bytes = (u8 *)data;
714 int i;
715
716 for (i = 0; i < 8; i++)
717 crc = (crc << 1) + bytes[i];
718
719 return crc;
720 }
721
722 /**
723 * ezusb_fill_req:
724 *
725 * if data == NULL and length > 0 the data is assumed to be already in
726 * the target buffer and only the header is filled.
727 *
728 */
729 static int ezusb_fill_req(struct ezusb_packet *req, u16 length, u16 rid,
730 const void *data, u16 frame_type, u8 reply_count)
731 {
732 int total_size = sizeof(*req) + length;
733
734 BUG_ON(total_size > BULK_BUF_SIZE);
735
736 req->magic = cpu_to_le16(EZUSB_MAGIC);
737 req->req_reply_count = reply_count;
738 req->ans_reply_count = 0;
739 req->frame_type = cpu_to_le16(frame_type);
740 req->size = cpu_to_le16(length + 4);
741 req->crc = cpu_to_le16(build_crc(req));
742 req->hermes_len = cpu_to_le16(HERMES_BYTES_TO_RECLEN(length));
743 req->hermes_rid = cpu_to_le16(rid);
744 if (data)
745 memcpy(req->data, data, length);
746 return total_size;
747 }
748
749 static int ezusb_submit_in_urb(struct ezusb_priv *upriv)
750 {
751 int retval = 0;
752 void *cur_buf = upriv->read_urb->transfer_buffer;
753
754 if (upriv->read_urb->status == -EINPROGRESS) {
755 netdev_dbg(upriv->dev, "urb busy, not resubmiting\n");
756 retval = -EBUSY;
757 goto exit;
758 }
759 usb_fill_bulk_urb(upriv->read_urb, upriv->udev, upriv->read_pipe,
760 cur_buf, BULK_BUF_SIZE,
761 ezusb_bulk_in_callback, upriv);
762 upriv->read_urb->transfer_flags = 0;
763 retval = usb_submit_urb(upriv->read_urb, GFP_ATOMIC);
764 if (retval)
765 err("%s submit failed %d", __func__, retval);
766
767 exit:
768 return retval;
769 }
770
771 static inline int ezusb_8051_cpucs(struct ezusb_priv *upriv, int reset)
772 {
773 int ret;
774 u8 *res_val = NULL;
775
776 if (!upriv->udev) {
777 err("%s: !upriv->udev", __func__);
778 return -EFAULT;
779 }
780
781 res_val = kmalloc(sizeof(*res_val), GFP_KERNEL);
782
783 if (!res_val)
784 return -ENOMEM;
785
786 *res_val = reset; /* avoid argument promotion */
787
788 ret = usb_control_msg(upriv->udev,
789 usb_sndctrlpipe(upriv->udev, 0),
790 EZUSB_REQUEST_FW_TRANS,
791 USB_TYPE_VENDOR | USB_RECIP_DEVICE |
792 USB_DIR_OUT, EZUSB_CPUCS_REG, 0, res_val,
793 sizeof(*res_val), DEF_TIMEOUT);
794
795 kfree(res_val);
796
797 return ret;
798 }
799
800 static int ezusb_firmware_download(struct ezusb_priv *upriv,
801 struct ez_usb_fw *fw)
802 {
803 u8 *fw_buffer;
804 int retval, addr;
805 int variant_offset;
806
807 fw_buffer = kmalloc(FW_BUF_SIZE, GFP_KERNEL);
808 if (!fw_buffer) {
809 printk(KERN_ERR PFX "Out of memory for firmware buffer.\n");
810 return -ENOMEM;
811 }
812 /*
813 * This byte is 1 and should be replaced with 0. The offset is
814 * 0x10AD in version 0.0.6. The byte in question should follow
815 * the end of the code pointed to by the jump in the beginning
816 * of the firmware. Also, it is read by code located at 0x358.
817 */
818 variant_offset = be16_to_cpup((__be16 *) &fw->code[FW_VAR_OFFSET_PTR]);
819 if (variant_offset >= fw->size) {
820 printk(KERN_ERR PFX "Invalid firmware variant offset: "
821 "0x%04x\n", variant_offset);
822 retval = -EINVAL;
823 goto fail;
824 }
825
826 retval = ezusb_8051_cpucs(upriv, 1);
827 if (retval < 0)
828 goto fail;
829 for (addr = 0; addr < fw->size; addr += FW_BUF_SIZE) {
830 /* 0x100-0x300 should be left alone, it contains card
831 * specific data, like USB enumeration information */
832 if ((addr >= FW_HOLE_START) && (addr < FW_HOLE_END))
833 continue;
834
835 memcpy(fw_buffer, &fw->code[addr], FW_BUF_SIZE);
836 if (variant_offset >= addr &&
837 variant_offset < addr + FW_BUF_SIZE) {
838 netdev_dbg(upriv->dev,
839 "Patching card_variant byte at 0x%04X\n",
840 variant_offset);
841 fw_buffer[variant_offset - addr] = FW_VAR_VALUE;
842 }
843 retval = usb_control_msg(upriv->udev,
844 usb_sndctrlpipe(upriv->udev, 0),
845 EZUSB_REQUEST_FW_TRANS,
846 USB_TYPE_VENDOR | USB_RECIP_DEVICE
847 | USB_DIR_OUT,
848 addr, 0x0,
849 fw_buffer, FW_BUF_SIZE,
850 DEF_TIMEOUT);
851
852 if (retval < 0)
853 goto fail;
854 }
855 retval = ezusb_8051_cpucs(upriv, 0);
856 if (retval < 0)
857 goto fail;
858
859 goto exit;
860 fail:
861 printk(KERN_ERR PFX "Firmware download failed, error %d\n",
862 retval);
863 exit:
864 kfree(fw_buffer);
865 return retval;
866 }
867
868 static int ezusb_access_ltv(struct ezusb_priv *upriv,
869 struct request_context *ctx,
870 u16 length, const void *data, u16 frame_type,
871 void *ans_buff, unsigned ans_size, u16 *ans_length)
872 {
873 int req_size;
874 int retval = 0;
875 enum ezusb_state state;
876
877 BUG_ON(in_irq());
878
879 if (!upriv->udev) {
880 retval = -ENODEV;
881 goto exit;
882 }
883
884 if (upriv->read_urb->status != -EINPROGRESS)
885 err("%s: in urb not pending", __func__);
886
887 /* protect upriv->reply_count, guarantee sequential numbers */
888 spin_lock_bh(&upriv->reply_count_lock);
889 req_size = ezusb_fill_req(ctx->buf, length, ctx->out_rid, data,
890 frame_type, upriv->reply_count);
891 usb_fill_bulk_urb(ctx->outurb, upriv->udev, upriv->write_pipe,
892 ctx->buf, req_size,
893 ezusb_request_out_callback, ctx);
894
895 if (ctx->in_rid)
896 upriv->reply_count = ezusb_reply_inc(upriv->reply_count);
897
898 ezusb_req_enqueue_run(upriv, ctx);
899
900 spin_unlock_bh(&upriv->reply_count_lock);
901
902 if (ctx->in_rid)
903 ezusb_req_ctx_wait(upriv, ctx);
904
905 state = ctx->state;
906 switch (state) {
907 case EZUSB_CTX_COMPLETE:
908 retval = ctx->outurb->status;
909 break;
910
911 case EZUSB_CTX_QUEUED:
912 case EZUSB_CTX_REQ_SUBMITTED:
913 if (!ctx->in_rid)
914 break;
915 default:
916 err("%s: Unexpected context state %d", __func__,
917 state);
918 /* fall though */
919 case EZUSB_CTX_REQ_TIMEOUT:
920 case EZUSB_CTX_REQ_FAILED:
921 case EZUSB_CTX_RESP_TIMEOUT:
922 case EZUSB_CTX_REQSUBMIT_FAIL:
923 printk(KERN_ERR PFX "Access failed, resetting (state %d,"
924 " reply_count %d)\n", state, upriv->reply_count);
925 upriv->reply_count = 0;
926 if (state == EZUSB_CTX_REQ_TIMEOUT
927 || state == EZUSB_CTX_RESP_TIMEOUT) {
928 printk(KERN_ERR PFX "ctx timed out\n");
929 retval = -ETIMEDOUT;
930 } else {
931 printk(KERN_ERR PFX "ctx failed\n");
932 retval = -EFAULT;
933 }
934 goto exit;
935 }
936 if (ctx->in_rid) {
937 struct ezusb_packet *ans = ctx->buf;
938 unsigned exp_len;
939
940 if (ans->hermes_len != 0)
941 exp_len = le16_to_cpu(ans->hermes_len) * 2 + 12;
942 else
943 exp_len = 14;
944
945 if (exp_len != ctx->buf_length) {
946 err("%s: length mismatch for RID 0x%04x: "
947 "expected %d, got %d", __func__,
948 ctx->in_rid, exp_len, ctx->buf_length);
949 retval = -EIO;
950 goto exit;
951 }
952
953 if (ans_buff)
954 memcpy(ans_buff, ans->data, min(exp_len, ans_size));
955 if (ans_length)
956 *ans_length = le16_to_cpu(ans->hermes_len);
957 }
958 exit:
959 ezusb_request_context_put(ctx);
960 return retval;
961 }
962
963 static int ezusb_write_ltv(struct hermes *hw, int bap, u16 rid,
964 u16 length, const void *data)
965 {
966 struct ezusb_priv *upriv = hw->priv;
967 u16 frame_type;
968 struct request_context *ctx;
969
970 if (length == 0)
971 return -EINVAL;
972
973 length = HERMES_RECLEN_TO_BYTES(length);
974
975 /* On memory mapped devices HERMES_RID_CNFGROUPADDRESSES can be
976 * set to be empty, but the USB bridge doesn't like it */
977 if (length == 0)
978 return 0;
979
980 ctx = ezusb_alloc_ctx(upriv, rid, EZUSB_RID_ACK);
981 if (!ctx)
982 return -ENOMEM;
983
984 if (rid == EZUSB_RID_TX)
985 frame_type = EZUSB_FRAME_DATA;
986 else
987 frame_type = EZUSB_FRAME_CONTROL;
988
989 return ezusb_access_ltv(upriv, ctx, length, data, frame_type,
990 NULL, 0, NULL);
991 }
992
993 static int ezusb_read_ltv(struct hermes *hw, int bap, u16 rid,
994 unsigned bufsize, u16 *length, void *buf)
995 {
996 struct ezusb_priv *upriv = hw->priv;
997 struct request_context *ctx;
998
999 if (bufsize % 2)
1000 return -EINVAL;
1001
1002 ctx = ezusb_alloc_ctx(upriv, rid, rid);
1003 if (!ctx)
1004 return -ENOMEM;
1005
1006 return ezusb_access_ltv(upriv, ctx, 0, NULL, EZUSB_FRAME_CONTROL,
1007 buf, bufsize, length);
1008 }
1009
1010 static int ezusb_doicmd_wait(struct hermes *hw, u16 cmd, u16 parm0, u16 parm1,
1011 u16 parm2, struct hermes_response *resp)
1012 {
1013 struct ezusb_priv *upriv = hw->priv;
1014 struct request_context *ctx;
1015
1016 __le16 data[4] = {
1017 cpu_to_le16(cmd),
1018 cpu_to_le16(parm0),
1019 cpu_to_le16(parm1),
1020 cpu_to_le16(parm2),
1021 };
1022 netdev_dbg(upriv->dev,
1023 "0x%04X, parm0 0x%04X, parm1 0x%04X, parm2 0x%04X\n", cmd,
1024 parm0, parm1, parm2);
1025 ctx = ezusb_alloc_ctx(upriv, EZUSB_RID_DOCMD, EZUSB_RID_ACK);
1026 if (!ctx)
1027 return -ENOMEM;
1028
1029 return ezusb_access_ltv(upriv, ctx, sizeof(data), &data,
1030 EZUSB_FRAME_CONTROL, NULL, 0, NULL);
1031 }
1032
1033 static int ezusb_docmd_wait(struct hermes *hw, u16 cmd, u16 parm0,
1034 struct hermes_response *resp)
1035 {
1036 struct ezusb_priv *upriv = hw->priv;
1037 struct request_context *ctx;
1038
1039 __le16 data[4] = {
1040 cpu_to_le16(cmd),
1041 cpu_to_le16(parm0),
1042 0,
1043 0,
1044 };
1045 netdev_dbg(upriv->dev, "0x%04X, parm0 0x%04X\n", cmd, parm0);
1046 ctx = ezusb_alloc_ctx(upriv, EZUSB_RID_DOCMD, EZUSB_RID_ACK);
1047 if (!ctx)
1048 return -ENOMEM;
1049
1050 return ezusb_access_ltv(upriv, ctx, sizeof(data), &data,
1051 EZUSB_FRAME_CONTROL, NULL, 0, NULL);
1052 }
1053
1054 static int ezusb_bap_pread(struct hermes *hw, int bap,
1055 void *buf, int len, u16 id, u16 offset)
1056 {
1057 struct ezusb_priv *upriv = hw->priv;
1058 struct ezusb_packet *ans = (void *) upriv->read_urb->transfer_buffer;
1059 int actual_length = upriv->read_urb->actual_length;
1060
1061 if (id == EZUSB_RID_RX) {
1062 if ((sizeof(*ans) + offset + len) > actual_length) {
1063 printk(KERN_ERR PFX "BAP read beyond buffer end "
1064 "in rx frame\n");
1065 return -EINVAL;
1066 }
1067 memcpy(buf, ans->data + offset, len);
1068 return 0;
1069 }
1070
1071 if (EZUSB_IS_INFO(id)) {
1072 /* Include 4 bytes for length/type */
1073 if ((sizeof(*ans) + offset + len - 4) > actual_length) {
1074 printk(KERN_ERR PFX "BAP read beyond buffer end "
1075 "in info frame\n");
1076 return -EFAULT;
1077 }
1078 memcpy(buf, ans->data + offset - 4, len);
1079 } else {
1080 printk(KERN_ERR PFX "Unexpected fid 0x%04x\n", id);
1081 return -EINVAL;
1082 }
1083
1084 return 0;
1085 }
1086
1087 static int ezusb_read_pda(struct hermes *hw, __le16 *pda,
1088 u32 pda_addr, u16 pda_len)
1089 {
1090 struct ezusb_priv *upriv = hw->priv;
1091 struct request_context *ctx;
1092 __le16 data[] = {
1093 cpu_to_le16(pda_addr & 0xffff),
1094 cpu_to_le16(pda_len - 4)
1095 };
1096 ctx = ezusb_alloc_ctx(upriv, EZUSB_RID_READ_PDA, EZUSB_RID_READ_PDA);
1097 if (!ctx)
1098 return -ENOMEM;
1099
1100 /* wl_lkm does not include PDA size in the PDA area.
1101 * We will pad the information into pda, so other routines
1102 * don't have to be modified */
1103 pda[0] = cpu_to_le16(pda_len - 2);
1104 /* Includes CFG_PROD_DATA but not itself */
1105 pda[1] = cpu_to_le16(0x0800); /* CFG_PROD_DATA */
1106
1107 return ezusb_access_ltv(upriv, ctx, sizeof(data), &data,
1108 EZUSB_FRAME_CONTROL, &pda[2], pda_len - 4,
1109 NULL);
1110 }
1111
1112 static int ezusb_program_init(struct hermes *hw, u32 entry_point)
1113 {
1114 struct ezusb_priv *upriv = hw->priv;
1115 struct request_context *ctx;
1116 __le32 data = cpu_to_le32(entry_point);
1117
1118 ctx = ezusb_alloc_ctx(upriv, EZUSB_RID_PROG_INIT, EZUSB_RID_ACK);
1119 if (!ctx)
1120 return -ENOMEM;
1121
1122 return ezusb_access_ltv(upriv, ctx, sizeof(data), &data,
1123 EZUSB_FRAME_CONTROL, NULL, 0, NULL);
1124 }
1125
1126 static int ezusb_program_end(struct hermes *hw)
1127 {
1128 struct ezusb_priv *upriv = hw->priv;
1129 struct request_context *ctx;
1130
1131 ctx = ezusb_alloc_ctx(upriv, EZUSB_RID_PROG_END, EZUSB_RID_ACK);
1132 if (!ctx)
1133 return -ENOMEM;
1134
1135 return ezusb_access_ltv(upriv, ctx, 0, NULL,
1136 EZUSB_FRAME_CONTROL, NULL, 0, NULL);
1137 }
1138
1139 static int ezusb_program_bytes(struct hermes *hw, const char *buf,
1140 u32 addr, u32 len)
1141 {
1142 struct ezusb_priv *upriv = hw->priv;
1143 struct request_context *ctx;
1144 __le32 data = cpu_to_le32(addr);
1145 int err;
1146
1147 ctx = ezusb_alloc_ctx(upriv, EZUSB_RID_PROG_SET_ADDR, EZUSB_RID_ACK);
1148 if (!ctx)
1149 return -ENOMEM;
1150
1151 err = ezusb_access_ltv(upriv, ctx, sizeof(data), &data,
1152 EZUSB_FRAME_CONTROL, NULL, 0, NULL);
1153 if (err)
1154 return err;
1155
1156 ctx = ezusb_alloc_ctx(upriv, EZUSB_RID_PROG_BYTES, EZUSB_RID_ACK);
1157 if (!ctx)
1158 return -ENOMEM;
1159
1160 return ezusb_access_ltv(upriv, ctx, len, buf,
1161 EZUSB_FRAME_CONTROL, NULL, 0, NULL);
1162 }
1163
1164 static int ezusb_program(struct hermes *hw, const char *buf,
1165 u32 addr, u32 len)
1166 {
1167 u32 ch_addr;
1168 u32 ch_len;
1169 int err = 0;
1170
1171 /* We can only send 2048 bytes out of the bulk xmit at a time,
1172 * so we have to split any programming into chunks of <2048
1173 * bytes. */
1174
1175 ch_len = (len < MAX_DL_SIZE) ? len : MAX_DL_SIZE;
1176 ch_addr = addr;
1177
1178 while (ch_addr < (addr + len)) {
1179 pr_debug("Programming subblock of length %d "
1180 "to address 0x%08x. Data @ %p\n",
1181 ch_len, ch_addr, &buf[ch_addr - addr]);
1182
1183 err = ezusb_program_bytes(hw, &buf[ch_addr - addr],
1184 ch_addr, ch_len);
1185 if (err)
1186 break;
1187
1188 ch_addr += ch_len;
1189 ch_len = ((addr + len - ch_addr) < MAX_DL_SIZE) ?
1190 (addr + len - ch_addr) : MAX_DL_SIZE;
1191 }
1192
1193 return err;
1194 }
1195
1196 static netdev_tx_t ezusb_xmit(struct sk_buff *skb, struct net_device *dev)
1197 {
1198 struct orinoco_private *priv = ndev_priv(dev);
1199 struct net_device_stats *stats = &dev->stats;
1200 struct ezusb_priv *upriv = priv->card;
1201 u8 mic[MICHAEL_MIC_LEN + 1];
1202 int err = 0;
1203 int tx_control;
1204 unsigned long flags;
1205 struct request_context *ctx;
1206 u8 *buf;
1207 int tx_size;
1208
1209 if (!netif_running(dev)) {
1210 printk(KERN_ERR "%s: Tx on stopped device!\n",
1211 dev->name);
1212 return NETDEV_TX_BUSY;
1213 }
1214
1215 if (netif_queue_stopped(dev)) {
1216 printk(KERN_DEBUG "%s: Tx while transmitter busy!\n",
1217 dev->name);
1218 return NETDEV_TX_BUSY;
1219 }
1220
1221 if (orinoco_lock(priv, &flags) != 0) {
1222 printk(KERN_ERR
1223 "%s: ezusb_xmit() called while hw_unavailable\n",
1224 dev->name);
1225 return NETDEV_TX_BUSY;
1226 }
1227
1228 if (!netif_carrier_ok(dev) ||
1229 (priv->iw_mode == NL80211_IFTYPE_MONITOR)) {
1230 /* Oops, the firmware hasn't established a connection,
1231 silently drop the packet (this seems to be the
1232 safest approach). */
1233 goto drop;
1234 }
1235
1236 /* Check packet length */
1237 if (skb->len < ETH_HLEN)
1238 goto drop;
1239
1240 ctx = ezusb_alloc_ctx(upriv, EZUSB_RID_TX, 0);
1241 if (!ctx)
1242 goto busy;
1243
1244 memset(ctx->buf, 0, BULK_BUF_SIZE);
1245 buf = ctx->buf->data;
1246
1247 tx_control = 0;
1248
1249 err = orinoco_process_xmit_skb(skb, dev, priv, &tx_control,
1250 &mic[0]);
1251 if (err)
1252 goto drop;
1253
1254 {
1255 __le16 *tx_cntl = (__le16 *)buf;
1256 *tx_cntl = cpu_to_le16(tx_control);
1257 buf += sizeof(*tx_cntl);
1258 }
1259
1260 memcpy(buf, skb->data, skb->len);
1261 buf += skb->len;
1262
1263 if (tx_control & HERMES_TXCTRL_MIC) {
1264 u8 *m = mic;
1265 /* Mic has been offset so it can be copied to an even
1266 * address. We're copying eveything anyway, so we
1267 * don't need to copy that first byte. */
1268 if (skb->len % 2)
1269 m++;
1270 memcpy(buf, m, MICHAEL_MIC_LEN);
1271 buf += MICHAEL_MIC_LEN;
1272 }
1273
1274 /* Finally, we actually initiate the send */
1275 netif_stop_queue(dev);
1276
1277 /* The card may behave better if we send evenly sized usb transfers */
1278 tx_size = ALIGN(buf - ctx->buf->data, 2);
1279
1280 err = ezusb_access_ltv(upriv, ctx, tx_size, NULL,
1281 EZUSB_FRAME_DATA, NULL, 0, NULL);
1282
1283 if (err) {
1284 netif_start_queue(dev);
1285 if (net_ratelimit())
1286 printk(KERN_ERR "%s: Error %d transmitting packet\n",
1287 dev->name, err);
1288 goto busy;
1289 }
1290
1291 netif_trans_update(dev);
1292 stats->tx_bytes += skb->len;
1293 goto ok;
1294
1295 drop:
1296 stats->tx_errors++;
1297 stats->tx_dropped++;
1298
1299 ok:
1300 orinoco_unlock(priv, &flags);
1301 dev_kfree_skb(skb);
1302 return NETDEV_TX_OK;
1303
1304 busy:
1305 orinoco_unlock(priv, &flags);
1306 return NETDEV_TX_BUSY;
1307 }
1308
1309 static int ezusb_allocate(struct hermes *hw, u16 size, u16 *fid)
1310 {
1311 *fid = EZUSB_RID_TX;
1312 return 0;
1313 }
1314
1315
1316 static int ezusb_hard_reset(struct orinoco_private *priv)
1317 {
1318 struct ezusb_priv *upriv = priv->card;
1319 int retval = ezusb_8051_cpucs(upriv, 1);
1320
1321 if (retval < 0) {
1322 err("Failed to reset");
1323 return retval;
1324 }
1325
1326 retval = ezusb_8051_cpucs(upriv, 0);
1327 if (retval < 0) {
1328 err("Failed to unreset");
1329 return retval;
1330 }
1331
1332 netdev_dbg(upriv->dev, "sending control message\n");
1333 retval = usb_control_msg(upriv->udev,
1334 usb_sndctrlpipe(upriv->udev, 0),
1335 EZUSB_REQUEST_TRIGER,
1336 USB_TYPE_VENDOR | USB_RECIP_DEVICE |
1337 USB_DIR_OUT, 0x0, 0x0, NULL, 0,
1338 DEF_TIMEOUT);
1339 if (retval < 0) {
1340 err("EZUSB_REQUEST_TRIGER failed retval %d", retval);
1341 return retval;
1342 }
1343 #if 0
1344 dbg("Sending EZUSB_REQUEST_TRIG_AC");
1345 retval = usb_control_msg(upriv->udev,
1346 usb_sndctrlpipe(upriv->udev, 0),
1347 EZUSB_REQUEST_TRIG_AC,
1348 USB_TYPE_VENDOR | USB_RECIP_DEVICE |
1349 USB_DIR_OUT, 0x00FA, 0x0, NULL, 0,
1350 DEF_TIMEOUT);
1351 if (retval < 0) {
1352 err("EZUSB_REQUEST_TRIG_AC failed retval %d", retval);
1353 return retval;
1354 }
1355 #endif
1356
1357 return 0;
1358 }
1359
1360
1361 static int ezusb_init(struct hermes *hw)
1362 {
1363 struct ezusb_priv *upriv = hw->priv;
1364 int retval;
1365
1366 BUG_ON(in_interrupt());
1367 BUG_ON(!upriv);
1368
1369 upriv->reply_count = 0;
1370 /* Write the MAGIC number on the simulated registers to keep
1371 * orinoco.c happy */
1372 hermes_write_regn(hw, SWSUPPORT0, HERMES_MAGIC);
1373 hermes_write_regn(hw, RXFID, EZUSB_RID_RX);
1374
1375 usb_kill_urb(upriv->read_urb);
1376 ezusb_submit_in_urb(upriv);
1377
1378 retval = ezusb_write_ltv(hw, 0, EZUSB_RID_INIT1,
1379 HERMES_BYTES_TO_RECLEN(2), "\x10\x00");
1380 if (retval < 0) {
1381 printk(KERN_ERR PFX "EZUSB_RID_INIT1 error %d\n", retval);
1382 return retval;
1383 }
1384
1385 retval = ezusb_docmd_wait(hw, HERMES_CMD_INIT, 0, NULL);
1386 if (retval < 0) {
1387 printk(KERN_ERR PFX "HERMES_CMD_INIT error %d\n", retval);
1388 return retval;
1389 }
1390
1391 return 0;
1392 }
1393
1394 static void ezusb_bulk_in_callback(struct urb *urb)
1395 {
1396 struct ezusb_priv *upriv = (struct ezusb_priv *) urb->context;
1397 struct ezusb_packet *ans = urb->transfer_buffer;
1398 u16 crc;
1399 u16 hermes_rid;
1400
1401 if (upriv->udev == NULL)
1402 return;
1403
1404 if (urb->status == -ETIMEDOUT) {
1405 /* When a device gets unplugged we get this every time
1406 * we resubmit, flooding the logs. Since we don't use
1407 * USB timeouts, it shouldn't happen any other time*/
1408 pr_warn("%s: urb timed out, not resubmitting\n", __func__);
1409 return;
1410 }
1411 if (urb->status == -ECONNABORTED) {
1412 pr_warn("%s: connection abort, resubmitting urb\n",
1413 __func__);
1414 goto resubmit;
1415 }
1416 if ((urb->status == -EILSEQ)
1417 || (urb->status == -ENOENT)
1418 || (urb->status == -ECONNRESET)) {
1419 netdev_dbg(upriv->dev, "status %d, not resubmiting\n",
1420 urb->status);
1421 return;
1422 }
1423 if (urb->status)
1424 netdev_dbg(upriv->dev, "status: %d length: %d\n",
1425 urb->status, urb->actual_length);
1426 if (urb->actual_length < sizeof(*ans)) {
1427 err("%s: short read, ignoring", __func__);
1428 goto resubmit;
1429 }
1430 crc = build_crc(ans);
1431 if (le16_to_cpu(ans->crc) != crc) {
1432 err("CRC error, ignoring packet");
1433 goto resubmit;
1434 }
1435
1436 hermes_rid = le16_to_cpu(ans->hermes_rid);
1437 if ((hermes_rid != EZUSB_RID_RX) && !EZUSB_IS_INFO(hermes_rid)) {
1438 ezusb_request_in_callback(upriv, urb);
1439 } else if (upriv->dev) {
1440 struct net_device *dev = upriv->dev;
1441 struct orinoco_private *priv = ndev_priv(dev);
1442 struct hermes *hw = &priv->hw;
1443
1444 if (hermes_rid == EZUSB_RID_RX) {
1445 __orinoco_ev_rx(dev, hw);
1446 } else {
1447 hermes_write_regn(hw, INFOFID,
1448 le16_to_cpu(ans->hermes_rid));
1449 __orinoco_ev_info(dev, hw);
1450 }
1451 }
1452
1453 resubmit:
1454 if (upriv->udev)
1455 ezusb_submit_in_urb(upriv);
1456 }
1457
1458 static inline void ezusb_delete(struct ezusb_priv *upriv)
1459 {
1460 struct list_head *item;
1461 struct list_head *tmp_item;
1462 unsigned long flags;
1463
1464 BUG_ON(in_interrupt());
1465 BUG_ON(!upriv);
1466
1467 mutex_lock(&upriv->mtx);
1468
1469 upriv->udev = NULL; /* No timer will be rearmed from here */
1470
1471 usb_kill_urb(upriv->read_urb);
1472
1473 spin_lock_irqsave(&upriv->req_lock, flags);
1474 list_for_each_safe(item, tmp_item, &upriv->req_active) {
1475 struct request_context *ctx;
1476 int err;
1477
1478 ctx = list_entry(item, struct request_context, list);
1479 refcount_inc(&ctx->refcount);
1480
1481 ctx->outurb->transfer_flags |= URB_ASYNC_UNLINK;
1482 err = usb_unlink_urb(ctx->outurb);
1483
1484 spin_unlock_irqrestore(&upriv->req_lock, flags);
1485 if (err == -EINPROGRESS)
1486 wait_for_completion(&ctx->done);
1487
1488 del_timer_sync(&ctx->timer);
1489 /* FIXME: there is an slight chance for the irq handler to
1490 * be running */
1491 if (!list_empty(&ctx->list))
1492 ezusb_ctx_complete(ctx);
1493
1494 ezusb_request_context_put(ctx);
1495 spin_lock_irqsave(&upriv->req_lock, flags);
1496 }
1497 spin_unlock_irqrestore(&upriv->req_lock, flags);
1498
1499 list_for_each_safe(item, tmp_item, &upriv->req_pending)
1500 ezusb_ctx_complete(list_entry(item,
1501 struct request_context, list));
1502
1503 if (upriv->read_urb && upriv->read_urb->status == -EINPROGRESS)
1504 printk(KERN_ERR PFX "Some URB in progress\n");
1505
1506 mutex_unlock(&upriv->mtx);
1507
1508 if (upriv->read_urb) {
1509 kfree(upriv->read_urb->transfer_buffer);
1510 usb_free_urb(upriv->read_urb);
1511 }
1512 kfree(upriv->bap_buf);
1513 if (upriv->dev) {
1514 struct orinoco_private *priv = ndev_priv(upriv->dev);
1515 orinoco_if_del(priv);
1516 wiphy_unregister(priv_to_wiphy(upriv));
1517 free_orinocodev(priv);
1518 }
1519 }
1520
1521 static void ezusb_lock_irqsave(spinlock_t *lock,
1522 unsigned long *flags) __acquires(lock)
1523 {
1524 spin_lock_bh(lock);
1525 }
1526
1527 static void ezusb_unlock_irqrestore(spinlock_t *lock,
1528 unsigned long *flags) __releases(lock)
1529 {
1530 spin_unlock_bh(lock);
1531 }
1532
1533 static void ezusb_lock_irq(spinlock_t *lock) __acquires(lock)
1534 {
1535 spin_lock_bh(lock);
1536 }
1537
1538 static void ezusb_unlock_irq(spinlock_t *lock) __releases(lock)
1539 {
1540 spin_unlock_bh(lock);
1541 }
1542
1543 static const struct hermes_ops ezusb_ops = {
1544 .init = ezusb_init,
1545 .cmd_wait = ezusb_docmd_wait,
1546 .init_cmd_wait = ezusb_doicmd_wait,
1547 .allocate = ezusb_allocate,
1548 .read_ltv = ezusb_read_ltv,
1549 .write_ltv = ezusb_write_ltv,
1550 .bap_pread = ezusb_bap_pread,
1551 .read_pda = ezusb_read_pda,
1552 .program_init = ezusb_program_init,
1553 .program_end = ezusb_program_end,
1554 .program = ezusb_program,
1555 .lock_irqsave = ezusb_lock_irqsave,
1556 .unlock_irqrestore = ezusb_unlock_irqrestore,
1557 .lock_irq = ezusb_lock_irq,
1558 .unlock_irq = ezusb_unlock_irq,
1559 };
1560
1561 static const struct net_device_ops ezusb_netdev_ops = {
1562 .ndo_open = orinoco_open,
1563 .ndo_stop = orinoco_stop,
1564 .ndo_start_xmit = ezusb_xmit,
1565 .ndo_set_rx_mode = orinoco_set_multicast_list,
1566 .ndo_change_mtu = orinoco_change_mtu,
1567 .ndo_set_mac_address = eth_mac_addr,
1568 .ndo_validate_addr = eth_validate_addr,
1569 .ndo_tx_timeout = orinoco_tx_timeout,
1570 };
1571
1572 static int ezusb_probe(struct usb_interface *interface,
1573 const struct usb_device_id *id)
1574 {
1575 struct usb_device *udev = interface_to_usbdev(interface);
1576 struct orinoco_private *priv;
1577 struct hermes *hw;
1578 struct ezusb_priv *upriv = NULL;
1579 struct usb_interface_descriptor *iface_desc;
1580 struct usb_endpoint_descriptor *ep;
1581 const struct firmware *fw_entry = NULL;
1582 int retval = 0;
1583 int i;
1584
1585 priv = alloc_orinocodev(sizeof(*upriv), &udev->dev,
1586 ezusb_hard_reset, NULL);
1587 if (!priv) {
1588 err("Couldn't allocate orinocodev");
1589 retval = -ENOMEM;
1590 goto exit;
1591 }
1592
1593 hw = &priv->hw;
1594
1595 upriv = priv->card;
1596
1597 mutex_init(&upriv->mtx);
1598 spin_lock_init(&upriv->reply_count_lock);
1599
1600 spin_lock_init(&upriv->req_lock);
1601 INIT_LIST_HEAD(&upriv->req_pending);
1602 INIT_LIST_HEAD(&upriv->req_active);
1603
1604 upriv->udev = udev;
1605
1606 hw->iobase = (void __force __iomem *) &upriv->hermes_reg_fake;
1607 hw->reg_spacing = HERMES_16BIT_REGSPACING;
1608 hw->priv = upriv;
1609 hw->ops = &ezusb_ops;
1610
1611 /* set up the endpoint information */
1612 /* check out the endpoints */
1613
1614 iface_desc = &interface->altsetting[0].desc;
1615 for (i = 0; i < iface_desc->bNumEndpoints; ++i) {
1616 ep = &interface->altsetting[0].endpoint[i].desc;
1617
1618 if (usb_endpoint_is_bulk_in(ep)) {
1619 /* we found a bulk in endpoint */
1620 if (upriv->read_urb != NULL) {
1621 pr_warn("Found a second bulk in ep, ignored\n");
1622 continue;
1623 }
1624
1625 upriv->read_urb = usb_alloc_urb(0, GFP_KERNEL);
1626 if (!upriv->read_urb)
1627 goto error;
1628 if (le16_to_cpu(ep->wMaxPacketSize) != 64)
1629 pr_warn("bulk in: wMaxPacketSize!= 64\n");
1630 if (ep->bEndpointAddress != (2 | USB_DIR_IN))
1631 pr_warn("bulk in: bEndpointAddress: %d\n",
1632 ep->bEndpointAddress);
1633 upriv->read_pipe = usb_rcvbulkpipe(udev,
1634 ep->
1635 bEndpointAddress);
1636 upriv->read_urb->transfer_buffer =
1637 kmalloc(BULK_BUF_SIZE, GFP_KERNEL);
1638 if (!upriv->read_urb->transfer_buffer) {
1639 err("Couldn't allocate IN buffer");
1640 goto error;
1641 }
1642 }
1643
1644 if (usb_endpoint_is_bulk_out(ep)) {
1645 /* we found a bulk out endpoint */
1646 if (upriv->bap_buf != NULL) {
1647 pr_warn("Found a second bulk out ep, ignored\n");
1648 continue;
1649 }
1650
1651 if (le16_to_cpu(ep->wMaxPacketSize) != 64)
1652 pr_warn("bulk out: wMaxPacketSize != 64\n");
1653 if (ep->bEndpointAddress != 2)
1654 pr_warn("bulk out: bEndpointAddress: %d\n",
1655 ep->bEndpointAddress);
1656 upriv->write_pipe = usb_sndbulkpipe(udev,
1657 ep->
1658 bEndpointAddress);
1659 upriv->bap_buf = kmalloc(BULK_BUF_SIZE, GFP_KERNEL);
1660 if (!upriv->bap_buf) {
1661 err("Couldn't allocate bulk_out_buffer");
1662 goto error;
1663 }
1664 }
1665 }
1666 if (!upriv->bap_buf || !upriv->read_urb) {
1667 err("Didn't find the required bulk endpoints");
1668 goto error;
1669 }
1670
1671 if (request_firmware(&fw_entry, "orinoco_ezusb_fw",
1672 &interface->dev) == 0) {
1673 firmware.size = fw_entry->size;
1674 firmware.code = fw_entry->data;
1675 }
1676 if (firmware.size && firmware.code) {
1677 if (ezusb_firmware_download(upriv, &firmware) < 0)
1678 goto error;
1679 } else {
1680 err("No firmware to download");
1681 goto error;
1682 }
1683
1684 if (ezusb_hard_reset(priv) < 0) {
1685 err("Cannot reset the device");
1686 goto error;
1687 }
1688
1689 /* If the firmware is already downloaded orinoco.c will call
1690 * ezusb_init but if the firmware is not already there, that will make
1691 * the kernel very unstable, so we try initializing here and quit in
1692 * case of error */
1693 if (ezusb_init(hw) < 0) {
1694 err("Couldn't initialize the device");
1695 err("Firmware may not be downloaded or may be wrong.");
1696 goto error;
1697 }
1698
1699 /* Initialise the main driver */
1700 if (orinoco_init(priv) != 0) {
1701 err("orinoco_init() failed\n");
1702 goto error;
1703 }
1704
1705 if (orinoco_if_add(priv, 0, 0, &ezusb_netdev_ops) != 0) {
1706 upriv->dev = NULL;
1707 err("%s: orinoco_if_add() failed", __func__);
1708 wiphy_unregister(priv_to_wiphy(priv));
1709 goto error;
1710 }
1711 upriv->dev = priv->ndev;
1712
1713 goto exit;
1714
1715 error:
1716 ezusb_delete(upriv);
1717 if (upriv->dev) {
1718 /* upriv->dev was 0, so ezusb_delete() didn't free it */
1719 free_orinocodev(priv);
1720 }
1721 upriv = NULL;
1722 retval = -EFAULT;
1723 exit:
1724 if (fw_entry) {
1725 firmware.code = NULL;
1726 firmware.size = 0;
1727 release_firmware(fw_entry);
1728 }
1729 usb_set_intfdata(interface, upriv);
1730 return retval;
1731 }
1732
1733
1734 static void ezusb_disconnect(struct usb_interface *intf)
1735 {
1736 struct ezusb_priv *upriv = usb_get_intfdata(intf);
1737 usb_set_intfdata(intf, NULL);
1738 ezusb_delete(upriv);
1739 printk(KERN_INFO PFX "Disconnected\n");
1740 }
1741
1742
1743 /* usb specific object needed to register this driver with the usb subsystem */
1744 static struct usb_driver orinoco_driver = {
1745 .name = DRIVER_NAME,
1746 .probe = ezusb_probe,
1747 .disconnect = ezusb_disconnect,
1748 .id_table = ezusb_table,
1749 .disable_hub_initiated_lpm = 1,
1750 };
1751
1752 module_usb_driver(orinoco_driver);
1753
1754 MODULE_AUTHOR("Manuel Estrada Sainz");
1755 MODULE_DESCRIPTION("Driver for Orinoco wireless LAN cards using EZUSB bridge");
1756 MODULE_LICENSE("Dual MPL/GPL");
Linux with added FPC-III support