search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
mm/zsmalloc: allocate exactly size of struct zs_pool
[linux/fpc-iii.git] / drivers / net / wireless / orinoco / orinoco_usb.c
blob995846422dc0a9e6176f70ad90927833d1b38614
1 /*
2 * USB Orinoco driver
3 *
4 * Copyright (c) 2003 Manuel Estrada Sainz
5 *
6 * The contents of this file are subject to the Mozilla Public License
7 * Version 1.1 (the "License"); you may not use this file except in
8 * compliance with the License. You may obtain a copy of the License
9 * at http://www.mozilla.org/MPL/
10 *
11 * Software distributed under the License is distributed on an "AS IS"
12 * basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
13 * the License for the specific language governing rights and
14 * limitations under the License.
15 *
16 * Alternatively, the contents of this file may be used under the
17 * terms of the GNU General Public License version 2 (the "GPL"), in
18 * which case the provisions of the GPL are applicable instead of the
19 * above. If you wish to allow the use of your version of this file
20 * only under the terms of the GPL and not to allow others to use your
21 * version of this file under the MPL, indicate your decision by
22 * deleting the provisions above and replace them with the notice and
23 * other provisions required by the GPL. If you do not delete the
24 * provisions above, a recipient may use your version of this file
25 * under either the MPL or the GPL.
26 *
27 * Queueing code based on linux-wlan-ng 0.2.1-pre5
28 *
29 * Copyright (C) 1999 AbsoluteValue Systems, Inc. All Rights Reserved.
30 *
31 * The license is the same as above.
32 *
33 * Initialy based on USB Skeleton driver - 0.7
34 *
35 * Copyright (c) 2001 Greg Kroah-Hartman (greg@kroah.com)
36 *
37 * This program is free software; you can redistribute it and/or
38 * modify it under the terms of the GNU General Public License as
39 * published by the Free Software Foundation; either version 2 of
40 * the License, or (at your option) any later version.
41 *
42 * NOTE: The original USB Skeleton driver is GPL, but all that code is
43 * gone so MPL/GPL applies.
44 */
45
46 #define DRIVER_NAME "orinoco_usb"
47 #define PFX DRIVER_NAME ": "
48
49 #include <linux/module.h>
50 #include <linux/kernel.h>
51 #include <linux/sched.h>
52 #include <linux/signal.h>
53 #include <linux/errno.h>
54 #include <linux/poll.h>
55 #include <linux/slab.h>
56 #include <linux/fcntl.h>
57 #include <linux/spinlock.h>
58 #include <linux/list.h>
59 #include <linux/usb.h>
60 #include <linux/timer.h>
61
62 #include <linux/netdevice.h>
63 #include <linux/if_arp.h>
64 #include <linux/etherdevice.h>
65 #include <linux/wireless.h>
66 #include <linux/firmware.h>
67
68 #include "mic.h"
69 #include "orinoco.h"
70
71 #ifndef URB_ASYNC_UNLINK
72 #define URB_ASYNC_UNLINK 0
73 #endif
74
75 /* 802.2 LLC/SNAP header used for Ethernet encapsulation over 802.11 */
76 static const u8 encaps_hdr[] = {0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00};
77 #define ENCAPS_OVERHEAD (sizeof(encaps_hdr) + 2)
78
79 struct header_struct {
80 /* 802.3 */
81 u8 dest[ETH_ALEN];
82 u8 src[ETH_ALEN];
83 __be16 len;
84 /* 802.2 */
85 u8 dsap;
86 u8 ssap;
87 u8 ctrl;
88 /* SNAP */
89 u8 oui[3];
90 __be16 ethertype;
91 } __packed;
92
93 struct ez_usb_fw {
94 u16 size;
95 const u8 *code;
96 };
97
98 static struct ez_usb_fw firmware = {
99 .size = 0,
100 .code = NULL,
101 };
102
103 /* Debugging macros */
104 #undef err
105 #define err(format, arg...) \
106 do { printk(KERN_ERR PFX format "\n", ## arg); } while (0)
107
108 MODULE_FIRMWARE("orinoco_ezusb_fw");
109
110 /*
111 * Under some conditions, the card gets stuck and stops paying attention
112 * to the world (i.e. data communication stalls) until we do something to
113 * it. Sending an INQ_TALLIES command seems to be enough and should be
114 * harmless otherwise. This behaviour has been observed when using the
115 * driver on a systemimager client during installation. In the past a
116 * timer was used to send INQ_TALLIES commands when there was no other
117 * activity, but it was troublesome and was removed.
118 */
119
120 #define USB_COMPAQ_VENDOR_ID 0x049f /* Compaq Computer Corp. */
121 #define USB_COMPAQ_WL215_ID 0x001f /* Compaq WL215 USB Adapter */
122 #define USB_COMPAQ_W200_ID 0x0076 /* Compaq W200 USB Adapter */
123 #define USB_HP_WL215_ID 0x0082 /* Compaq WL215 USB Adapter */
124
125 #define USB_MELCO_VENDOR_ID 0x0411
126 #define USB_BUFFALO_L11_ID 0x0006 /* BUFFALO WLI-USB-L11 */
127 #define USB_BUFFALO_L11G_WR_ID 0x000B /* BUFFALO WLI-USB-L11G-WR */
128 #define USB_BUFFALO_L11G_ID 0x000D /* BUFFALO WLI-USB-L11G */
129
130 #define USB_LUCENT_VENDOR_ID 0x047E /* Lucent Technologies */
131 #define USB_LUCENT_ORINOCO_ID 0x0300 /* Lucent/Agere Orinoco USB Client */
132
133 #define USB_AVAYA8_VENDOR_ID 0x0D98
134 #define USB_AVAYAE_VENDOR_ID 0x0D9E
135 #define USB_AVAYA_WIRELESS_ID 0x0300 /* Avaya Wireless USB Card */
136
137 #define USB_AGERE_VENDOR_ID 0x0D4E /* Agere Systems */
138 #define USB_AGERE_MODEL0801_ID 0x1000 /* Wireless USB Card Model 0801 */
139 #define USB_AGERE_MODEL0802_ID 0x1001 /* Wireless USB Card Model 0802 */
140 #define USB_AGERE_REBRANDED_ID 0x047A /* WLAN USB Card */
141
142 #define USB_ELSA_VENDOR_ID 0x05CC
143 #define USB_ELSA_AIRLANCER_ID 0x3100 /* ELSA AirLancer USB-11 */
144
145 #define USB_LEGEND_VENDOR_ID 0x0E7C
146 #define USB_LEGEND_JOYNET_ID 0x0300 /* Joynet WLAN USB Card */
147
148 #define USB_SAMSUNG_VENDOR_ID 0x04E8
149 #define USB_SAMSUNG_SEW2001U1_ID 0x5002 /* Samsung SEW-2001u Card */
150 #define USB_SAMSUNG_SEW2001U2_ID 0x5B11 /* Samsung SEW-2001u Card */
151 #define USB_SAMSUNG_SEW2003U_ID 0x7011 /* Samsung SEW-2003U Card */
152
153 #define USB_IGATE_VENDOR_ID 0x0681
154 #define USB_IGATE_IGATE_11M_ID 0x0012 /* I-GATE 11M USB Card */
155
156 #define USB_FUJITSU_VENDOR_ID 0x0BF8
157 #define USB_FUJITSU_E1100_ID 0x1002 /* connect2AIR WLAN E-1100 USB */
158
159 #define USB_2WIRE_VENDOR_ID 0x1630
160 #define USB_2WIRE_WIRELESS_ID 0xff81 /* 2Wire Wireless USB adapter */
161
162
163 #define EZUSB_REQUEST_FW_TRANS 0xA0
164 #define EZUSB_REQUEST_TRIGER 0xAA
165 #define EZUSB_REQUEST_TRIG_AC 0xAC
166 #define EZUSB_CPUCS_REG 0x7F92
167
168 #define EZUSB_RID_TX 0x0700
169 #define EZUSB_RID_RX 0x0701
170 #define EZUSB_RID_INIT1 0x0702
171 #define EZUSB_RID_ACK 0x0710
172 #define EZUSB_RID_READ_PDA 0x0800
173 #define EZUSB_RID_PROG_INIT 0x0852
174 #define EZUSB_RID_PROG_SET_ADDR 0x0853
175 #define EZUSB_RID_PROG_BYTES 0x0854
176 #define EZUSB_RID_PROG_END 0x0855
177 #define EZUSB_RID_DOCMD 0x0860
178
179 /* Recognize info frames */
180 #define EZUSB_IS_INFO(id) ((id >= 0xF000) && (id <= 0xF2FF))
181
182 #define EZUSB_MAGIC 0x0210
183
184 #define EZUSB_FRAME_DATA 1
185 #define EZUSB_FRAME_CONTROL 2
186
187 #define DEF_TIMEOUT (3 * HZ)
188
189 #define BULK_BUF_SIZE 2048
190
191 #define MAX_DL_SIZE (BULK_BUF_SIZE - sizeof(struct ezusb_packet))
192
193 #define FW_BUF_SIZE 64
194 #define FW_VAR_OFFSET_PTR 0x359
195 #define FW_VAR_VALUE 0
196 #define FW_HOLE_START 0x100
197 #define FW_HOLE_END 0x300
198
199 struct ezusb_packet {
200 __le16 magic; /* 0x0210 */
201 u8 req_reply_count;
202 u8 ans_reply_count;
203 __le16 frame_type; /* 0x01 for data frames, 0x02 otherwise */
204 __le16 size; /* transport size */
205 __le16 crc; /* CRC up to here */
206 __le16 hermes_len;
207 __le16 hermes_rid;
208 u8 data[0];
209 } __packed;
210
211 /* Table of devices that work or may work with this driver */
212 static struct usb_device_id ezusb_table[] = {
213 {USB_DEVICE(USB_COMPAQ_VENDOR_ID, USB_COMPAQ_WL215_ID)},
214 {USB_DEVICE(USB_COMPAQ_VENDOR_ID, USB_HP_WL215_ID)},
215 {USB_DEVICE(USB_COMPAQ_VENDOR_ID, USB_COMPAQ_W200_ID)},
216 {USB_DEVICE(USB_MELCO_VENDOR_ID, USB_BUFFALO_L11_ID)},
217 {USB_DEVICE(USB_MELCO_VENDOR_ID, USB_BUFFALO_L11G_WR_ID)},
218 {USB_DEVICE(USB_MELCO_VENDOR_ID, USB_BUFFALO_L11G_ID)},
219 {USB_DEVICE(USB_LUCENT_VENDOR_ID, USB_LUCENT_ORINOCO_ID)},
220 {USB_DEVICE(USB_AVAYA8_VENDOR_ID, USB_AVAYA_WIRELESS_ID)},
221 {USB_DEVICE(USB_AVAYAE_VENDOR_ID, USB_AVAYA_WIRELESS_ID)},
222 {USB_DEVICE(USB_AGERE_VENDOR_ID, USB_AGERE_MODEL0801_ID)},
223 {USB_DEVICE(USB_AGERE_VENDOR_ID, USB_AGERE_MODEL0802_ID)},
224 {USB_DEVICE(USB_ELSA_VENDOR_ID, USB_ELSA_AIRLANCER_ID)},
225 {USB_DEVICE(USB_LEGEND_VENDOR_ID, USB_LEGEND_JOYNET_ID)},
226 {USB_DEVICE_VER(USB_SAMSUNG_VENDOR_ID, USB_SAMSUNG_SEW2001U1_ID,
227 0, 0)},
228 {USB_DEVICE(USB_SAMSUNG_VENDOR_ID, USB_SAMSUNG_SEW2001U2_ID)},
229 {USB_DEVICE(USB_SAMSUNG_VENDOR_ID, USB_SAMSUNG_SEW2003U_ID)},
230 {USB_DEVICE(USB_IGATE_VENDOR_ID, USB_IGATE_IGATE_11M_ID)},
231 {USB_DEVICE(USB_FUJITSU_VENDOR_ID, USB_FUJITSU_E1100_ID)},
232 {USB_DEVICE(USB_2WIRE_VENDOR_ID, USB_2WIRE_WIRELESS_ID)},
233 {USB_DEVICE(USB_AGERE_VENDOR_ID, USB_AGERE_REBRANDED_ID)},
234 {} /* Terminating entry */
235 };
236
237 MODULE_DEVICE_TABLE(usb, ezusb_table);
238
239 /* Structure to hold all of our device specific stuff */
240 struct ezusb_priv {
241 struct usb_device *udev;
242 struct net_device *dev;
243 struct mutex mtx;
244 spinlock_t req_lock;
245 struct list_head req_pending;
246 struct list_head req_active;
247 spinlock_t reply_count_lock;
248 u16 hermes_reg_fake[0x40];
249 u8 *bap_buf;
250 struct urb *read_urb;
251 int read_pipe;
252 int write_pipe;
253 u8 reply_count;
254 };
255
256 enum ezusb_state {
257 EZUSB_CTX_START,
258 EZUSB_CTX_QUEUED,
259 EZUSB_CTX_REQ_SUBMITTED,
260 EZUSB_CTX_REQ_COMPLETE,
261 EZUSB_CTX_RESP_RECEIVED,
262 EZUSB_CTX_REQ_TIMEOUT,
263 EZUSB_CTX_REQ_FAILED,
264 EZUSB_CTX_RESP_TIMEOUT,
265 EZUSB_CTX_REQSUBMIT_FAIL,
266 EZUSB_CTX_COMPLETE,
267 };
268
269 struct request_context {
270 struct list_head list;
271 atomic_t refcount;
272 struct completion done; /* Signals that CTX is dead */
273 int killed;
274 struct urb *outurb; /* OUT for req pkt */
275 struct ezusb_priv *upriv;
276 struct ezusb_packet *buf;
277 int buf_length;
278 struct timer_list timer; /* Timeout handling */
279 enum ezusb_state state; /* Current state */
280 /* the RID that we will wait for */
281 u16 out_rid;
282 u16 in_rid;
283 };
284
285
286 /* Forward declarations */
287 static void ezusb_ctx_complete(struct request_context *ctx);
288 static void ezusb_req_queue_run(struct ezusb_priv *upriv);
289 static void ezusb_bulk_in_callback(struct urb *urb);
290
291 static inline u8 ezusb_reply_inc(u8 count)
292 {
293 if (count < 0x7F)
294 return count + 1;
295 else
296 return 1;
297 }
298
299 static void ezusb_request_context_put(struct request_context *ctx)
300 {
301 if (!atomic_dec_and_test(&ctx->refcount))
302 return;
303
304 WARN_ON(!ctx->done.done);
305 BUG_ON(ctx->outurb->status == -EINPROGRESS);
306 BUG_ON(timer_pending(&ctx->timer));
307 usb_free_urb(ctx->outurb);
308 kfree(ctx->buf);
309 kfree(ctx);
310 }
311
312 static inline void ezusb_mod_timer(struct ezusb_priv *upriv,
313 struct timer_list *timer,
314 unsigned long expire)
315 {
316 if (!upriv->udev)
317 return;
318 mod_timer(timer, expire);
319 }
320
321 static void ezusb_request_timerfn(u_long _ctx)
322 {
323 struct request_context *ctx = (void *) _ctx;
324
325 ctx->outurb->transfer_flags |= URB_ASYNC_UNLINK;
326 if (usb_unlink_urb(ctx->outurb) == -EINPROGRESS) {
327 ctx->state = EZUSB_CTX_REQ_TIMEOUT;
328 } else {
329 ctx->state = EZUSB_CTX_RESP_TIMEOUT;
330 dev_dbg(&ctx->outurb->dev->dev, "couldn't unlink\n");
331 atomic_inc(&ctx->refcount);
332 ctx->killed = 1;
333 ezusb_ctx_complete(ctx);
334 ezusb_request_context_put(ctx);
335 }
336 };
337
338 static struct request_context *ezusb_alloc_ctx(struct ezusb_priv *upriv,
339 u16 out_rid, u16 in_rid)
340 {
341 struct request_context *ctx;
342
343 ctx = kzalloc(sizeof(*ctx), GFP_ATOMIC);
344 if (!ctx)
345 return NULL;
346
347 ctx->buf = kmalloc(BULK_BUF_SIZE, GFP_ATOMIC);
348 if (!ctx->buf) {
349 kfree(ctx);
350 return NULL;
351 }
352 ctx->outurb = usb_alloc_urb(0, GFP_ATOMIC);
353 if (!ctx->outurb) {
354 kfree(ctx->buf);
355 kfree(ctx);
356 return NULL;
357 }
358
359 ctx->upriv = upriv;
360 ctx->state = EZUSB_CTX_START;
361 ctx->out_rid = out_rid;
362 ctx->in_rid = in_rid;
363
364 atomic_set(&ctx->refcount, 1);
365 init_completion(&ctx->done);
366
367 init_timer(&ctx->timer);
368 ctx->timer.function = ezusb_request_timerfn;
369 ctx->timer.data = (u_long) ctx;
370 return ctx;
371 }
372
373
374 /* Hopefully the real complete_all will soon be exported, in the mean
375 * while this should work. */
376 static inline void ezusb_complete_all(struct completion *comp)
377 {
378 complete(comp);
379 complete(comp);
380 complete(comp);
381 complete(comp);
382 }
383
384 static void ezusb_ctx_complete(struct request_context *ctx)
385 {
386 struct ezusb_priv *upriv = ctx->upriv;
387 unsigned long flags;
388
389 spin_lock_irqsave(&upriv->req_lock, flags);
390
391 list_del_init(&ctx->list);
392 if (upriv->udev) {
393 spin_unlock_irqrestore(&upriv->req_lock, flags);
394 ezusb_req_queue_run(upriv);
395 spin_lock_irqsave(&upriv->req_lock, flags);
396 }
397
398 switch (ctx->state) {
399 case EZUSB_CTX_COMPLETE:
400 case EZUSB_CTX_REQSUBMIT_FAIL:
401 case EZUSB_CTX_REQ_FAILED:
402 case EZUSB_CTX_REQ_TIMEOUT:
403 case EZUSB_CTX_RESP_TIMEOUT:
404 spin_unlock_irqrestore(&upriv->req_lock, flags);
405
406 if ((ctx->out_rid == EZUSB_RID_TX) && upriv->dev) {
407 struct net_device *dev = upriv->dev;
408 struct orinoco_private *priv = ndev_priv(dev);
409 struct net_device_stats *stats = &priv->stats;
410
411 if (ctx->state != EZUSB_CTX_COMPLETE)
412 stats->tx_errors++;
413 else
414 stats->tx_packets++;
415
416 netif_wake_queue(dev);
417 }
418 ezusb_complete_all(&ctx->done);
419 ezusb_request_context_put(ctx);
420 break;
421
422 default:
423 spin_unlock_irqrestore(&upriv->req_lock, flags);
424 if (!upriv->udev) {
425 /* This is normal, as all request contexts get flushed
426 * when the device is disconnected */
427 err("Called, CTX not terminating, but device gone");
428 ezusb_complete_all(&ctx->done);
429 ezusb_request_context_put(ctx);
430 break;
431 }
432
433 err("Called, CTX not in terminating state.");
434 /* Things are really bad if this happens. Just leak
435 * the CTX because it may still be linked to the
436 * queue or the OUT urb may still be active.
437 * Just leaking at least prevents an Oops or Panic.
438 */
439 break;
440 }
441 }
442
443 /**
444 * ezusb_req_queue_run:
445 * Description:
446 * Note: Only one active CTX at any one time, because there's no
447 * other (reliable) way to match the response URB to the correct
448 * CTX.
449 **/
450 static void ezusb_req_queue_run(struct ezusb_priv *upriv)
451 {
452 unsigned long flags;
453 struct request_context *ctx;
454 int result;
455
456 spin_lock_irqsave(&upriv->req_lock, flags);
457
458 if (!list_empty(&upriv->req_active))
459 goto unlock;
460
461 if (list_empty(&upriv->req_pending))
462 goto unlock;
463
464 ctx =
465 list_entry(upriv->req_pending.next, struct request_context,
466 list);
467
468 if (!ctx->upriv->udev)
469 goto unlock;
470
471 /* We need to split this off to avoid a race condition */
472 list_move_tail(&ctx->list, &upriv->req_active);
473
474 if (ctx->state == EZUSB_CTX_QUEUED) {
475 atomic_inc(&ctx->refcount);
476 result = usb_submit_urb(ctx->outurb, GFP_ATOMIC);
477 if (result) {
478 ctx->state = EZUSB_CTX_REQSUBMIT_FAIL;
479
480 spin_unlock_irqrestore(&upriv->req_lock, flags);
481
482 err("Fatal, failed to submit command urb."
483 " error=%d\n", result);
484
485 ezusb_ctx_complete(ctx);
486 ezusb_request_context_put(ctx);
487 goto done;
488 }
489
490 ctx->state = EZUSB_CTX_REQ_SUBMITTED;
491 ezusb_mod_timer(ctx->upriv, &ctx->timer,
492 jiffies + DEF_TIMEOUT);
493 }
494
495 unlock:
496 spin_unlock_irqrestore(&upriv->req_lock, flags);
497
498 done:
499 return;
500 }
501
502 static void ezusb_req_enqueue_run(struct ezusb_priv *upriv,
503 struct request_context *ctx)
504 {
505 unsigned long flags;
506
507 spin_lock_irqsave(&upriv->req_lock, flags);
508
509 if (!ctx->upriv->udev) {
510 spin_unlock_irqrestore(&upriv->req_lock, flags);
511 goto done;
512 }
513 atomic_inc(&ctx->refcount);
514 list_add_tail(&ctx->list, &upriv->req_pending);
515 spin_unlock_irqrestore(&upriv->req_lock, flags);
516
517 ctx->state = EZUSB_CTX_QUEUED;
518 ezusb_req_queue_run(upriv);
519
520 done:
521 return;
522 }
523
524 static void ezusb_request_out_callback(struct urb *urb)
525 {
526 unsigned long flags;
527 enum ezusb_state state;
528 struct request_context *ctx = urb->context;
529 struct ezusb_priv *upriv = ctx->upriv;
530
531 spin_lock_irqsave(&upriv->req_lock, flags);
532
533 del_timer(&ctx->timer);
534
535 if (ctx->killed) {
536 spin_unlock_irqrestore(&upriv->req_lock, flags);
537 pr_warn("interrupt called with dead ctx\n");
538 goto out;
539 }
540
541 state = ctx->state;
542
543 if (urb->status == 0) {
544 switch (state) {
545 case EZUSB_CTX_REQ_SUBMITTED:
546 if (ctx->in_rid) {
547 ctx->state = EZUSB_CTX_REQ_COMPLETE;
548 /* reply URB still pending */
549 ezusb_mod_timer(upriv, &ctx->timer,
550 jiffies + DEF_TIMEOUT);
551 spin_unlock_irqrestore(&upriv->req_lock,
552 flags);
553 break;
554 }
555 /* fall through */
556 case EZUSB_CTX_RESP_RECEIVED:
557 /* IN already received before this OUT-ACK */
558 ctx->state = EZUSB_CTX_COMPLETE;
559 spin_unlock_irqrestore(&upriv->req_lock, flags);
560 ezusb_ctx_complete(ctx);
561 break;
562
563 default:
564 spin_unlock_irqrestore(&upriv->req_lock, flags);
565 err("Unexpected state(0x%x, %d) in OUT URB",
566 state, urb->status);
567 break;
568 }
569 } else {
570 /* If someone cancels the OUT URB then its status
571 * should be either -ECONNRESET or -ENOENT.
572 */
573 switch (state) {
574 case EZUSB_CTX_REQ_SUBMITTED:
575 case EZUSB_CTX_RESP_RECEIVED:
576 ctx->state = EZUSB_CTX_REQ_FAILED;
577 /* fall through */
578
579 case EZUSB_CTX_REQ_FAILED:
580 case EZUSB_CTX_REQ_TIMEOUT:
581 spin_unlock_irqrestore(&upriv->req_lock, flags);
582
583 ezusb_ctx_complete(ctx);
584 break;
585
586 default:
587 spin_unlock_irqrestore(&upriv->req_lock, flags);
588
589 err("Unexpected state(0x%x, %d) in OUT URB",
590 state, urb->status);
591 break;
592 }
593 }
594 out:
595 ezusb_request_context_put(ctx);
596 }
597
598 static void ezusb_request_in_callback(struct ezusb_priv *upriv,
599 struct urb *urb)
600 {
601 struct ezusb_packet *ans = urb->transfer_buffer;
602 struct request_context *ctx = NULL;
603 enum ezusb_state state;
604 unsigned long flags;
605
606 /* Find the CTX on the active queue that requested this URB */
607 spin_lock_irqsave(&upriv->req_lock, flags);
608 if (upriv->udev) {
609 struct list_head *item;
610
611 list_for_each(item, &upriv->req_active) {
612 struct request_context *c;
613 int reply_count;
614
615 c = list_entry(item, struct request_context, list);
616 reply_count =
617 ezusb_reply_inc(c->buf->req_reply_count);
618 if ((ans->ans_reply_count == reply_count)
619 && (le16_to_cpu(ans->hermes_rid) == c->in_rid)) {
620 ctx = c;
621 break;
622 }
623 netdev_dbg(upriv->dev, "Skipped (0x%x/0x%x) (%d/%d)\n",
624 le16_to_cpu(ans->hermes_rid), c->in_rid,
625 ans->ans_reply_count, reply_count);
626 }
627 }
628
629 if (ctx == NULL) {
630 spin_unlock_irqrestore(&upriv->req_lock, flags);
631 err("%s: got unexpected RID: 0x%04X", __func__,
632 le16_to_cpu(ans->hermes_rid));
633 ezusb_req_queue_run(upriv);
634 return;
635 }
636
637 /* The data we want is in the in buffer, exchange */
638 urb->transfer_buffer = ctx->buf;
639 ctx->buf = (void *) ans;
640 ctx->buf_length = urb->actual_length;
641
642 state = ctx->state;
643 switch (state) {
644 case EZUSB_CTX_REQ_SUBMITTED:
645 /* We have received our response URB before
646 * our request has been acknowledged. Do NOT
647 * destroy our CTX yet, because our OUT URB
648 * is still alive ...
649 */
650 ctx->state = EZUSB_CTX_RESP_RECEIVED;
651 spin_unlock_irqrestore(&upriv->req_lock, flags);
652
653 /* Let the machine continue running. */
654 break;
655
656 case EZUSB_CTX_REQ_COMPLETE:
657 /* This is the usual path: our request
658 * has already been acknowledged, and
659 * we have now received the reply.
660 */
661 ctx->state = EZUSB_CTX_COMPLETE;
662
663 /* Stop the intimer */
664 del_timer(&ctx->timer);
665 spin_unlock_irqrestore(&upriv->req_lock, flags);
666
667 /* Call the completion handler */
668 ezusb_ctx_complete(ctx);
669 break;
670
671 default:
672 spin_unlock_irqrestore(&upriv->req_lock, flags);
673
674 pr_warn("Matched IN URB, unexpected context state(0x%x)\n",
675 state);
676 /* Throw this CTX away and try submitting another */
677 del_timer(&ctx->timer);
678 ctx->outurb->transfer_flags |= URB_ASYNC_UNLINK;
679 usb_unlink_urb(ctx->outurb);
680 ezusb_req_queue_run(upriv);
681 break;
682 } /* switch */
683 }
684
685
686 static void ezusb_req_ctx_wait(struct ezusb_priv *upriv,
687 struct request_context *ctx)
688 {
689 switch (ctx->state) {
690 case EZUSB_CTX_QUEUED:
691 case EZUSB_CTX_REQ_SUBMITTED:
692 case EZUSB_CTX_REQ_COMPLETE:
693 case EZUSB_CTX_RESP_RECEIVED:
694 if (in_softirq()) {
695 /* If we get called from a timer, timeout timers don't
696 * get the chance to run themselves. So we make sure
697 * that we don't sleep for ever */
698 int msecs = DEF_TIMEOUT * (1000 / HZ);
699 while (!ctx->done.done && msecs--)
700 udelay(1000);
701 } else {
702 wait_event_interruptible(ctx->done.wait,
703 ctx->done.done);
704 }
705 break;
706 default:
707 /* Done or failed - nothing to wait for */
708 break;
709 }
710 }
711
712 static inline u16 build_crc(struct ezusb_packet *data)
713 {
714 u16 crc = 0;
715 u8 *bytes = (u8 *)data;
716 int i;
717
718 for (i = 0; i < 8; i++)
719 crc = (crc << 1) + bytes[i];
720
721 return crc;
722 }
723
724 /**
725 * ezusb_fill_req:
726 *
727 * if data == NULL and length > 0 the data is assumed to be already in
728 * the target buffer and only the header is filled.
729 *
730 */
731 static int ezusb_fill_req(struct ezusb_packet *req, u16 length, u16 rid,
732 const void *data, u16 frame_type, u8 reply_count)
733 {
734 int total_size = sizeof(*req) + length;
735
736 BUG_ON(total_size > BULK_BUF_SIZE);
737
738 req->magic = cpu_to_le16(EZUSB_MAGIC);
739 req->req_reply_count = reply_count;
740 req->ans_reply_count = 0;
741 req->frame_type = cpu_to_le16(frame_type);
742 req->size = cpu_to_le16(length + 4);
743 req->crc = cpu_to_le16(build_crc(req));
744 req->hermes_len = cpu_to_le16(HERMES_BYTES_TO_RECLEN(length));
745 req->hermes_rid = cpu_to_le16(rid);
746 if (data)
747 memcpy(req->data, data, length);
748 return total_size;
749 }
750
751 static int ezusb_submit_in_urb(struct ezusb_priv *upriv)
752 {
753 int retval = 0;
754 void *cur_buf = upriv->read_urb->transfer_buffer;
755
756 if (upriv->read_urb->status == -EINPROGRESS) {
757 netdev_dbg(upriv->dev, "urb busy, not resubmiting\n");
758 retval = -EBUSY;
759 goto exit;
760 }
761 usb_fill_bulk_urb(upriv->read_urb, upriv->udev, upriv->read_pipe,
762 cur_buf, BULK_BUF_SIZE,
763 ezusb_bulk_in_callback, upriv);
764 upriv->read_urb->transfer_flags = 0;
765 retval = usb_submit_urb(upriv->read_urb, GFP_ATOMIC);
766 if (retval)
767 err("%s submit failed %d", __func__, retval);
768
769 exit:
770 return retval;
771 }
772
773 static inline int ezusb_8051_cpucs(struct ezusb_priv *upriv, int reset)
774 {
775 u8 res_val = reset; /* avoid argument promotion */
776
777 if (!upriv->udev) {
778 err("%s: !upriv->udev", __func__);
779 return -EFAULT;
780 }
781 return usb_control_msg(upriv->udev,
782 usb_sndctrlpipe(upriv->udev, 0),
783 EZUSB_REQUEST_FW_TRANS,
784 USB_TYPE_VENDOR | USB_RECIP_DEVICE |
785 USB_DIR_OUT, EZUSB_CPUCS_REG, 0, &res_val,
786 sizeof(res_val), DEF_TIMEOUT);
787 }
788
789 static int ezusb_firmware_download(struct ezusb_priv *upriv,
790 struct ez_usb_fw *fw)
791 {
792 u8 *fw_buffer;
793 int retval, addr;
794 int variant_offset;
795
796 fw_buffer = kmalloc(FW_BUF_SIZE, GFP_KERNEL);
797 if (!fw_buffer) {
798 printk(KERN_ERR PFX "Out of memory for firmware buffer.\n");
799 return -ENOMEM;
800 }
801 /*
802 * This byte is 1 and should be replaced with 0. The offset is
803 * 0x10AD in version 0.0.6. The byte in question should follow
804 * the end of the code pointed to by the jump in the beginning
805 * of the firmware. Also, it is read by code located at 0x358.
806 */
807 variant_offset = be16_to_cpup((__be16 *) &fw->code[FW_VAR_OFFSET_PTR]);
808 if (variant_offset >= fw->size) {
809 printk(KERN_ERR PFX "Invalid firmware variant offset: "
810 "0x%04x\n", variant_offset);
811 retval = -EINVAL;
812 goto fail;
813 }
814
815 retval = ezusb_8051_cpucs(upriv, 1);
816 if (retval < 0)
817 goto fail;
818 for (addr = 0; addr < fw->size; addr += FW_BUF_SIZE) {
819 /* 0x100-0x300 should be left alone, it contains card
820 * specific data, like USB enumeration information */
821 if ((addr >= FW_HOLE_START) && (addr < FW_HOLE_END))
822 continue;
823
824 memcpy(fw_buffer, &fw->code[addr], FW_BUF_SIZE);
825 if (variant_offset >= addr &&
826 variant_offset < addr + FW_BUF_SIZE) {
827 netdev_dbg(upriv->dev,
828 "Patching card_variant byte at 0x%04X\n",
829 variant_offset);
830 fw_buffer[variant_offset - addr] = FW_VAR_VALUE;
831 }
832 retval = usb_control_msg(upriv->udev,
833 usb_sndctrlpipe(upriv->udev, 0),
834 EZUSB_REQUEST_FW_TRANS,
835 USB_TYPE_VENDOR | USB_RECIP_DEVICE
836 | USB_DIR_OUT,
837 addr, 0x0,
838 fw_buffer, FW_BUF_SIZE,
839 DEF_TIMEOUT);
840
841 if (retval < 0)
842 goto fail;
843 }
844 retval = ezusb_8051_cpucs(upriv, 0);
845 if (retval < 0)
846 goto fail;
847
848 goto exit;
849 fail:
850 printk(KERN_ERR PFX "Firmware download failed, error %d\n",
851 retval);
852 exit:
853 kfree(fw_buffer);
854 return retval;
855 }
856
857 static int ezusb_access_ltv(struct ezusb_priv *upriv,
858 struct request_context *ctx,
859 u16 length, const void *data, u16 frame_type,
860 void *ans_buff, unsigned ans_size, u16 *ans_length)
861 {
862 int req_size;
863 int retval = 0;
864 enum ezusb_state state;
865
866 BUG_ON(in_irq());
867
868 if (!upriv->udev) {
869 retval = -ENODEV;
870 goto exit;
871 }
872
873 if (upriv->read_urb->status != -EINPROGRESS)
874 err("%s: in urb not pending", __func__);
875
876 /* protect upriv->reply_count, guarantee sequential numbers */
877 spin_lock_bh(&upriv->reply_count_lock);
878 req_size = ezusb_fill_req(ctx->buf, length, ctx->out_rid, data,
879 frame_type, upriv->reply_count);
880 usb_fill_bulk_urb(ctx->outurb, upriv->udev, upriv->write_pipe,
881 ctx->buf, req_size,
882 ezusb_request_out_callback, ctx);
883
884 if (ctx->in_rid)
885 upriv->reply_count = ezusb_reply_inc(upriv->reply_count);
886
887 ezusb_req_enqueue_run(upriv, ctx);
888
889 spin_unlock_bh(&upriv->reply_count_lock);
890
891 if (ctx->in_rid)
892 ezusb_req_ctx_wait(upriv, ctx);
893
894 state = ctx->state;
895 switch (state) {
896 case EZUSB_CTX_COMPLETE:
897 retval = ctx->outurb->status;
898 break;
899
900 case EZUSB_CTX_QUEUED:
901 case EZUSB_CTX_REQ_SUBMITTED:
902 if (!ctx->in_rid)
903 break;
904 default:
905 err("%s: Unexpected context state %d", __func__,
906 state);
907 /* fall though */
908 case EZUSB_CTX_REQ_TIMEOUT:
909 case EZUSB_CTX_REQ_FAILED:
910 case EZUSB_CTX_RESP_TIMEOUT:
911 case EZUSB_CTX_REQSUBMIT_FAIL:
912 printk(KERN_ERR PFX "Access failed, resetting (state %d,"
913 " reply_count %d)\n", state, upriv->reply_count);
914 upriv->reply_count = 0;
915 if (state == EZUSB_CTX_REQ_TIMEOUT
916 || state == EZUSB_CTX_RESP_TIMEOUT) {
917 printk(KERN_ERR PFX "ctx timed out\n");
918 retval = -ETIMEDOUT;
919 } else {
920 printk(KERN_ERR PFX "ctx failed\n");
921 retval = -EFAULT;
922 }
923 goto exit;
924 }
925 if (ctx->in_rid) {
926 struct ezusb_packet *ans = ctx->buf;
927 unsigned exp_len;
928
929 if (ans->hermes_len != 0)
930 exp_len = le16_to_cpu(ans->hermes_len) * 2 + 12;
931 else
932 exp_len = 14;
933
934 if (exp_len != ctx->buf_length) {
935 err("%s: length mismatch for RID 0x%04x: "
936 "expected %d, got %d", __func__,
937 ctx->in_rid, exp_len, ctx->buf_length);
938 retval = -EIO;
939 goto exit;
940 }
941
942 if (ans_buff)
943 memcpy(ans_buff, ans->data, min(exp_len, ans_size));
944 if (ans_length)
945 *ans_length = le16_to_cpu(ans->hermes_len);
946 }
947 exit:
948 ezusb_request_context_put(ctx);
949 return retval;
950 }
951
952 static int ezusb_write_ltv(struct hermes *hw, int bap, u16 rid,
953 u16 length, const void *data)
954 {
955 struct ezusb_priv *upriv = hw->priv;
956 u16 frame_type;
957 struct request_context *ctx;
958
959 if (length == 0)
960 return -EINVAL;
961
962 length = HERMES_RECLEN_TO_BYTES(length);
963
964 /* On memory mapped devices HERMES_RID_CNFGROUPADDRESSES can be
965 * set to be empty, but the USB bridge doesn't like it */
966 if (length == 0)
967 return 0;
968
969 ctx = ezusb_alloc_ctx(upriv, rid, EZUSB_RID_ACK);
970 if (!ctx)
971 return -ENOMEM;
972
973 if (rid == EZUSB_RID_TX)
974 frame_type = EZUSB_FRAME_DATA;
975 else
976 frame_type = EZUSB_FRAME_CONTROL;
977
978 return ezusb_access_ltv(upriv, ctx, length, data, frame_type,
979 NULL, 0, NULL);
980 }
981
982 static int ezusb_read_ltv(struct hermes *hw, int bap, u16 rid,
983 unsigned bufsize, u16 *length, void *buf)
984 {
985 struct ezusb_priv *upriv = hw->priv;
986 struct request_context *ctx;
987
988 if (bufsize % 2)
989 return -EINVAL;
990
991 ctx = ezusb_alloc_ctx(upriv, rid, rid);
992 if (!ctx)
993 return -ENOMEM;
994
995 return ezusb_access_ltv(upriv, ctx, 0, NULL, EZUSB_FRAME_CONTROL,
996 buf, bufsize, length);
997 }
998
999 static int ezusb_doicmd_wait(struct hermes *hw, u16 cmd, u16 parm0, u16 parm1,
1000 u16 parm2, struct hermes_response *resp)
1001 {
1002 struct ezusb_priv *upriv = hw->priv;
1003 struct request_context *ctx;
1004
1005 __le16 data[4] = {
1006 cpu_to_le16(cmd),
1007 cpu_to_le16(parm0),
1008 cpu_to_le16(parm1),
1009 cpu_to_le16(parm2),
1010 };
1011 netdev_dbg(upriv->dev,
1012 "0x%04X, parm0 0x%04X, parm1 0x%04X, parm2 0x%04X\n", cmd,
1013 parm0, parm1, parm2);
1014 ctx = ezusb_alloc_ctx(upriv, EZUSB_RID_DOCMD, EZUSB_RID_ACK);
1015 if (!ctx)
1016 return -ENOMEM;
1017
1018 return ezusb_access_ltv(upriv, ctx, sizeof(data), &data,
1019 EZUSB_FRAME_CONTROL, NULL, 0, NULL);
1020 }
1021
1022 static int ezusb_docmd_wait(struct hermes *hw, u16 cmd, u16 parm0,
1023 struct hermes_response *resp)
1024 {
1025 struct ezusb_priv *upriv = hw->priv;
1026 struct request_context *ctx;
1027
1028 __le16 data[4] = {
1029 cpu_to_le16(cmd),
1030 cpu_to_le16(parm0),
1031 0,
1032 0,
1033 };
1034 netdev_dbg(upriv->dev, "0x%04X, parm0 0x%04X\n", cmd, parm0);
1035 ctx = ezusb_alloc_ctx(upriv, EZUSB_RID_DOCMD, EZUSB_RID_ACK);
1036 if (!ctx)
1037 return -ENOMEM;
1038
1039 return ezusb_access_ltv(upriv, ctx, sizeof(data), &data,
1040 EZUSB_FRAME_CONTROL, NULL, 0, NULL);
1041 }
1042
1043 static int ezusb_bap_pread(struct hermes *hw, int bap,
1044 void *buf, int len, u16 id, u16 offset)
1045 {
1046 struct ezusb_priv *upriv = hw->priv;
1047 struct ezusb_packet *ans = (void *) upriv->read_urb->transfer_buffer;
1048 int actual_length = upriv->read_urb->actual_length;
1049
1050 if (id == EZUSB_RID_RX) {
1051 if ((sizeof(*ans) + offset + len) > actual_length) {
1052 printk(KERN_ERR PFX "BAP read beyond buffer end "
1053 "in rx frame\n");
1054 return -EINVAL;
1055 }
1056 memcpy(buf, ans->data + offset, len);
1057 return 0;
1058 }
1059
1060 if (EZUSB_IS_INFO(id)) {
1061 /* Include 4 bytes for length/type */
1062 if ((sizeof(*ans) + offset + len - 4) > actual_length) {
1063 printk(KERN_ERR PFX "BAP read beyond buffer end "
1064 "in info frame\n");
1065 return -EFAULT;
1066 }
1067 memcpy(buf, ans->data + offset - 4, len);
1068 } else {
1069 printk(KERN_ERR PFX "Unexpected fid 0x%04x\n", id);
1070 return -EINVAL;
1071 }
1072
1073 return 0;
1074 }
1075
1076 static int ezusb_read_pda(struct hermes *hw, __le16 *pda,
1077 u32 pda_addr, u16 pda_len)
1078 {
1079 struct ezusb_priv *upriv = hw->priv;
1080 struct request_context *ctx;
1081 __le16 data[] = {
1082 cpu_to_le16(pda_addr & 0xffff),
1083 cpu_to_le16(pda_len - 4)
1084 };
1085 ctx = ezusb_alloc_ctx(upriv, EZUSB_RID_READ_PDA, EZUSB_RID_READ_PDA);
1086 if (!ctx)
1087 return -ENOMEM;
1088
1089 /* wl_lkm does not include PDA size in the PDA area.
1090 * We will pad the information into pda, so other routines
1091 * don't have to be modified */
1092 pda[0] = cpu_to_le16(pda_len - 2);
1093 /* Includes CFG_PROD_DATA but not itself */
1094 pda[1] = cpu_to_le16(0x0800); /* CFG_PROD_DATA */
1095
1096 return ezusb_access_ltv(upriv, ctx, sizeof(data), &data,
1097 EZUSB_FRAME_CONTROL, &pda[2], pda_len - 4,
1098 NULL);
1099 }
1100
1101 static int ezusb_program_init(struct hermes *hw, u32 entry_point)
1102 {
1103 struct ezusb_priv *upriv = hw->priv;
1104 struct request_context *ctx;
1105 __le32 data = cpu_to_le32(entry_point);
1106
1107 ctx = ezusb_alloc_ctx(upriv, EZUSB_RID_PROG_INIT, EZUSB_RID_ACK);
1108 if (!ctx)
1109 return -ENOMEM;
1110
1111 return ezusb_access_ltv(upriv, ctx, sizeof(data), &data,
1112 EZUSB_FRAME_CONTROL, NULL, 0, NULL);
1113 }
1114
1115 static int ezusb_program_end(struct hermes *hw)
1116 {
1117 struct ezusb_priv *upriv = hw->priv;
1118 struct request_context *ctx;
1119
1120 ctx = ezusb_alloc_ctx(upriv, EZUSB_RID_PROG_END, EZUSB_RID_ACK);
1121 if (!ctx)
1122 return -ENOMEM;
1123
1124 return ezusb_access_ltv(upriv, ctx, 0, NULL,
1125 EZUSB_FRAME_CONTROL, NULL, 0, NULL);
1126 }
1127
1128 static int ezusb_program_bytes(struct hermes *hw, const char *buf,
1129 u32 addr, u32 len)
1130 {
1131 struct ezusb_priv *upriv = hw->priv;
1132 struct request_context *ctx;
1133 __le32 data = cpu_to_le32(addr);
1134 int err;
1135
1136 ctx = ezusb_alloc_ctx(upriv, EZUSB_RID_PROG_SET_ADDR, EZUSB_RID_ACK);
1137 if (!ctx)
1138 return -ENOMEM;
1139
1140 err = ezusb_access_ltv(upriv, ctx, sizeof(data), &data,
1141 EZUSB_FRAME_CONTROL, NULL, 0, NULL);
1142 if (err)
1143 return err;
1144
1145 ctx = ezusb_alloc_ctx(upriv, EZUSB_RID_PROG_BYTES, EZUSB_RID_ACK);
1146 if (!ctx)
1147 return -ENOMEM;
1148
1149 return ezusb_access_ltv(upriv, ctx, len, buf,
1150 EZUSB_FRAME_CONTROL, NULL, 0, NULL);
1151 }
1152
1153 static int ezusb_program(struct hermes *hw, const char *buf,
1154 u32 addr, u32 len)
1155 {
1156 u32 ch_addr;
1157 u32 ch_len;
1158 int err = 0;
1159
1160 /* We can only send 2048 bytes out of the bulk xmit at a time,
1161 * so we have to split any programming into chunks of <2048
1162 * bytes. */
1163
1164 ch_len = (len < MAX_DL_SIZE) ? len : MAX_DL_SIZE;
1165 ch_addr = addr;
1166
1167 while (ch_addr < (addr + len)) {
1168 pr_debug("Programming subblock of length %d "
1169 "to address 0x%08x. Data @ %p\n",
1170 ch_len, ch_addr, &buf[ch_addr - addr]);
1171
1172 err = ezusb_program_bytes(hw, &buf[ch_addr - addr],
1173 ch_addr, ch_len);
1174 if (err)
1175 break;
1176
1177 ch_addr += ch_len;
1178 ch_len = ((addr + len - ch_addr) < MAX_DL_SIZE) ?
1179 (addr + len - ch_addr) : MAX_DL_SIZE;
1180 }
1181
1182 return err;
1183 }
1184
1185 static netdev_tx_t ezusb_xmit(struct sk_buff *skb, struct net_device *dev)
1186 {
1187 struct orinoco_private *priv = ndev_priv(dev);
1188 struct net_device_stats *stats = &priv->stats;
1189 struct ezusb_priv *upriv = priv->card;
1190 u8 mic[MICHAEL_MIC_LEN + 1];
1191 int err = 0;
1192 int tx_control;
1193 unsigned long flags;
1194 struct request_context *ctx;
1195 u8 *buf;
1196 int tx_size;
1197
1198 if (!netif_running(dev)) {
1199 printk(KERN_ERR "%s: Tx on stopped device!\n",
1200 dev->name);
1201 return NETDEV_TX_BUSY;
1202 }
1203
1204 if (netif_queue_stopped(dev)) {
1205 printk(KERN_DEBUG "%s: Tx while transmitter busy!\n",
1206 dev->name);
1207 return NETDEV_TX_BUSY;
1208 }
1209
1210 if (orinoco_lock(priv, &flags) != 0) {
1211 printk(KERN_ERR
1212 "%s: ezusb_xmit() called while hw_unavailable\n",
1213 dev->name);
1214 return NETDEV_TX_BUSY;
1215 }
1216
1217 if (!netif_carrier_ok(dev) ||
1218 (priv->iw_mode == NL80211_IFTYPE_MONITOR)) {
1219 /* Oops, the firmware hasn't established a connection,
1220 silently drop the packet (this seems to be the
1221 safest approach). */
1222 goto drop;
1223 }
1224
1225 /* Check packet length */
1226 if (skb->len < ETH_HLEN)
1227 goto drop;
1228
1229 ctx = ezusb_alloc_ctx(upriv, EZUSB_RID_TX, 0);
1230 if (!ctx)
1231 goto busy;
1232
1233 memset(ctx->buf, 0, BULK_BUF_SIZE);
1234 buf = ctx->buf->data;
1235
1236 tx_control = 0;
1237
1238 err = orinoco_process_xmit_skb(skb, dev, priv, &tx_control,
1239 &mic[0]);
1240 if (err)
1241 goto drop;
1242
1243 {
1244 __le16 *tx_cntl = (__le16 *)buf;
1245 *tx_cntl = cpu_to_le16(tx_control);
1246 buf += sizeof(*tx_cntl);
1247 }
1248
1249 memcpy(buf, skb->data, skb->len);
1250 buf += skb->len;
1251
1252 if (tx_control & HERMES_TXCTRL_MIC) {
1253 u8 *m = mic;
1254 /* Mic has been offset so it can be copied to an even
1255 * address. We're copying eveything anyway, so we
1256 * don't need to copy that first byte. */
1257 if (skb->len % 2)
1258 m++;
1259 memcpy(buf, m, MICHAEL_MIC_LEN);
1260 buf += MICHAEL_MIC_LEN;
1261 }
1262
1263 /* Finally, we actually initiate the send */
1264 netif_stop_queue(dev);
1265
1266 /* The card may behave better if we send evenly sized usb transfers */
1267 tx_size = ALIGN(buf - ctx->buf->data, 2);
1268
1269 err = ezusb_access_ltv(upriv, ctx, tx_size, NULL,
1270 EZUSB_FRAME_DATA, NULL, 0, NULL);
1271
1272 if (err) {
1273 netif_start_queue(dev);
1274 if (net_ratelimit())
1275 printk(KERN_ERR "%s: Error %d transmitting packet\n",
1276 dev->name, err);
1277 goto busy;
1278 }
1279
1280 dev->trans_start = jiffies;
1281 stats->tx_bytes += skb->len;
1282 goto ok;
1283
1284 drop:
1285 stats->tx_errors++;
1286 stats->tx_dropped++;
1287
1288 ok:
1289 orinoco_unlock(priv, &flags);
1290 dev_kfree_skb(skb);
1291 return NETDEV_TX_OK;
1292
1293 busy:
1294 orinoco_unlock(priv, &flags);
1295 return NETDEV_TX_BUSY;
1296 }
1297
1298 static int ezusb_allocate(struct hermes *hw, u16 size, u16 *fid)
1299 {
1300 *fid = EZUSB_RID_TX;
1301 return 0;
1302 }
1303
1304
1305 static int ezusb_hard_reset(struct orinoco_private *priv)
1306 {
1307 struct ezusb_priv *upriv = priv->card;
1308 int retval = ezusb_8051_cpucs(upriv, 1);
1309
1310 if (retval < 0) {
1311 err("Failed to reset");
1312 return retval;
1313 }
1314
1315 retval = ezusb_8051_cpucs(upriv, 0);
1316 if (retval < 0) {
1317 err("Failed to unreset");
1318 return retval;
1319 }
1320
1321 netdev_dbg(upriv->dev, "sending control message\n");
1322 retval = usb_control_msg(upriv->udev,
1323 usb_sndctrlpipe(upriv->udev, 0),
1324 EZUSB_REQUEST_TRIGER,
1325 USB_TYPE_VENDOR | USB_RECIP_DEVICE |
1326 USB_DIR_OUT, 0x0, 0x0, NULL, 0,
1327 DEF_TIMEOUT);
1328 if (retval < 0) {
1329 err("EZUSB_REQUEST_TRIGER failed retval %d", retval);
1330 return retval;
1331 }
1332 #if 0
1333 dbg("Sending EZUSB_REQUEST_TRIG_AC");
1334 retval = usb_control_msg(upriv->udev,
1335 usb_sndctrlpipe(upriv->udev, 0),
1336 EZUSB_REQUEST_TRIG_AC,
1337 USB_TYPE_VENDOR | USB_RECIP_DEVICE |
1338 USB_DIR_OUT, 0x00FA, 0x0, NULL, 0,
1339 DEF_TIMEOUT);
1340 if (retval < 0) {
1341 err("EZUSB_REQUEST_TRIG_AC failed retval %d", retval);
1342 return retval;
1343 }
1344 #endif
1345
1346 return 0;
1347 }
1348
1349
1350 static int ezusb_init(struct hermes *hw)
1351 {
1352 struct ezusb_priv *upriv = hw->priv;
1353 int retval;
1354
1355 BUG_ON(in_interrupt());
1356 BUG_ON(!upriv);
1357
1358 upriv->reply_count = 0;
1359 /* Write the MAGIC number on the simulated registers to keep
1360 * orinoco.c happy */
1361 hermes_write_regn(hw, SWSUPPORT0, HERMES_MAGIC);
1362 hermes_write_regn(hw, RXFID, EZUSB_RID_RX);
1363
1364 usb_kill_urb(upriv->read_urb);
1365 ezusb_submit_in_urb(upriv);
1366
1367 retval = ezusb_write_ltv(hw, 0, EZUSB_RID_INIT1,
1368 HERMES_BYTES_TO_RECLEN(2), "\x10\x00");
1369 if (retval < 0) {
1370 printk(KERN_ERR PFX "EZUSB_RID_INIT1 error %d\n", retval);
1371 return retval;
1372 }
1373
1374 retval = ezusb_docmd_wait(hw, HERMES_CMD_INIT, 0, NULL);
1375 if (retval < 0) {
1376 printk(KERN_ERR PFX "HERMES_CMD_INIT error %d\n", retval);
1377 return retval;
1378 }
1379
1380 return 0;
1381 }
1382
1383 static void ezusb_bulk_in_callback(struct urb *urb)
1384 {
1385 struct ezusb_priv *upriv = (struct ezusb_priv *) urb->context;
1386 struct ezusb_packet *ans = urb->transfer_buffer;
1387 u16 crc;
1388 u16 hermes_rid;
1389
1390 if (upriv->udev == NULL)
1391 return;
1392
1393 if (urb->status == -ETIMEDOUT) {
1394 /* When a device gets unplugged we get this every time
1395 * we resubmit, flooding the logs. Since we don't use
1396 * USB timeouts, it shouldn't happen any other time*/
1397 pr_warn("%s: urb timed out, not resubmitting\n", __func__);
1398 return;
1399 }
1400 if (urb->status == -ECONNABORTED) {
1401 pr_warn("%s: connection abort, resubmitting urb\n",
1402 __func__);
1403 goto resubmit;
1404 }
1405 if ((urb->status == -EILSEQ)
1406 || (urb->status == -ENOENT)
1407 || (urb->status == -ECONNRESET)) {
1408 netdev_dbg(upriv->dev, "status %d, not resubmiting\n",
1409 urb->status);
1410 return;
1411 }
1412 if (urb->status)
1413 netdev_dbg(upriv->dev, "status: %d length: %d\n",
1414 urb->status, urb->actual_length);
1415 if (urb->actual_length < sizeof(*ans)) {
1416 err("%s: short read, ignoring", __func__);
1417 goto resubmit;
1418 }
1419 crc = build_crc(ans);
1420 if (le16_to_cpu(ans->crc) != crc) {
1421 err("CRC error, ignoring packet");
1422 goto resubmit;
1423 }
1424
1425 hermes_rid = le16_to_cpu(ans->hermes_rid);
1426 if ((hermes_rid != EZUSB_RID_RX) && !EZUSB_IS_INFO(hermes_rid)) {
1427 ezusb_request_in_callback(upriv, urb);
1428 } else if (upriv->dev) {
1429 struct net_device *dev = upriv->dev;
1430 struct orinoco_private *priv = ndev_priv(dev);
1431 struct hermes *hw = &priv->hw;
1432
1433 if (hermes_rid == EZUSB_RID_RX) {
1434 __orinoco_ev_rx(dev, hw);
1435 } else {
1436 hermes_write_regn(hw, INFOFID,
1437 le16_to_cpu(ans->hermes_rid));
1438 __orinoco_ev_info(dev, hw);
1439 }
1440 }
1441
1442 resubmit:
1443 if (upriv->udev)
1444 ezusb_submit_in_urb(upriv);
1445 }
1446
1447 static inline void ezusb_delete(struct ezusb_priv *upriv)
1448 {
1449 struct net_device *dev;
1450 struct list_head *item;
1451 struct list_head *tmp_item;
1452 unsigned long flags;
1453
1454 BUG_ON(in_interrupt());
1455 BUG_ON(!upriv);
1456
1457 dev = upriv->dev;
1458 mutex_lock(&upriv->mtx);
1459
1460 upriv->udev = NULL; /* No timer will be rearmed from here */
1461
1462 usb_kill_urb(upriv->read_urb);
1463
1464 spin_lock_irqsave(&upriv->req_lock, flags);
1465 list_for_each_safe(item, tmp_item, &upriv->req_active) {
1466 struct request_context *ctx;
1467 int err;
1468
1469 ctx = list_entry(item, struct request_context, list);
1470 atomic_inc(&ctx->refcount);
1471
1472 ctx->outurb->transfer_flags |= URB_ASYNC_UNLINK;
1473 err = usb_unlink_urb(ctx->outurb);
1474
1475 spin_unlock_irqrestore(&upriv->req_lock, flags);
1476 if (err == -EINPROGRESS)
1477 wait_for_completion(&ctx->done);
1478
1479 del_timer_sync(&ctx->timer);
1480 /* FIXME: there is an slight chance for the irq handler to
1481 * be running */
1482 if (!list_empty(&ctx->list))
1483 ezusb_ctx_complete(ctx);
1484
1485 ezusb_request_context_put(ctx);
1486 spin_lock_irqsave(&upriv->req_lock, flags);
1487 }
1488 spin_unlock_irqrestore(&upriv->req_lock, flags);
1489
1490 list_for_each_safe(item, tmp_item, &upriv->req_pending)
1491 ezusb_ctx_complete(list_entry(item,
1492 struct request_context, list));
1493
1494 if (upriv->read_urb && upriv->read_urb->status == -EINPROGRESS)
1495 printk(KERN_ERR PFX "Some URB in progress\n");
1496
1497 mutex_unlock(&upriv->mtx);
1498
1499 if (upriv->read_urb) {
1500 kfree(upriv->read_urb->transfer_buffer);
1501 usb_free_urb(upriv->read_urb);
1502 }
1503 kfree(upriv->bap_buf);
1504 if (upriv->dev) {
1505 struct orinoco_private *priv = ndev_priv(upriv->dev);
1506 orinoco_if_del(priv);
1507 free_orinocodev(priv);
1508 }
1509 }
1510
1511 static void ezusb_lock_irqsave(spinlock_t *lock,
1512 unsigned long *flags) __acquires(lock)
1513 {
1514 spin_lock_bh(lock);
1515 }
1516
1517 static void ezusb_unlock_irqrestore(spinlock_t *lock,
1518 unsigned long *flags) __releases(lock)
1519 {
1520 spin_unlock_bh(lock);
1521 }
1522
1523 static void ezusb_lock_irq(spinlock_t *lock) __acquires(lock)
1524 {
1525 spin_lock_bh(lock);
1526 }
1527
1528 static void ezusb_unlock_irq(spinlock_t *lock) __releases(lock)
1529 {
1530 spin_unlock_bh(lock);
1531 }
1532
1533 static const struct hermes_ops ezusb_ops = {
1534 .init = ezusb_init,
1535 .cmd_wait = ezusb_docmd_wait,
1536 .init_cmd_wait = ezusb_doicmd_wait,
1537 .allocate = ezusb_allocate,
1538 .read_ltv = ezusb_read_ltv,
1539 .write_ltv = ezusb_write_ltv,
1540 .bap_pread = ezusb_bap_pread,
1541 .read_pda = ezusb_read_pda,
1542 .program_init = ezusb_program_init,
1543 .program_end = ezusb_program_end,
1544 .program = ezusb_program,
1545 .lock_irqsave = ezusb_lock_irqsave,
1546 .unlock_irqrestore = ezusb_unlock_irqrestore,
1547 .lock_irq = ezusb_lock_irq,
1548 .unlock_irq = ezusb_unlock_irq,
1549 };
1550
1551 static const struct net_device_ops ezusb_netdev_ops = {
1552 .ndo_open = orinoco_open,
1553 .ndo_stop = orinoco_stop,
1554 .ndo_start_xmit = ezusb_xmit,
1555 .ndo_set_rx_mode = orinoco_set_multicast_list,
1556 .ndo_change_mtu = orinoco_change_mtu,
1557 .ndo_set_mac_address = eth_mac_addr,
1558 .ndo_validate_addr = eth_validate_addr,
1559 .ndo_tx_timeout = orinoco_tx_timeout,
1560 .ndo_get_stats = orinoco_get_stats,
1561 };
1562
1563 static int ezusb_probe(struct usb_interface *interface,
1564 const struct usb_device_id *id)
1565 {
1566 struct usb_device *udev = interface_to_usbdev(interface);
1567 struct orinoco_private *priv;
1568 struct hermes *hw;
1569 struct ezusb_priv *upriv = NULL;
1570 struct usb_interface_descriptor *iface_desc;
1571 struct usb_endpoint_descriptor *ep;
1572 const struct firmware *fw_entry = NULL;
1573 int retval = 0;
1574 int i;
1575
1576 priv = alloc_orinocodev(sizeof(*upriv), &udev->dev,
1577 ezusb_hard_reset, NULL);
1578 if (!priv) {
1579 err("Couldn't allocate orinocodev");
1580 goto exit;
1581 }
1582
1583 hw = &priv->hw;
1584
1585 upriv = priv->card;
1586
1587 mutex_init(&upriv->mtx);
1588 spin_lock_init(&upriv->reply_count_lock);
1589
1590 spin_lock_init(&upriv->req_lock);
1591 INIT_LIST_HEAD(&upriv->req_pending);
1592 INIT_LIST_HEAD(&upriv->req_active);
1593
1594 upriv->udev = udev;
1595
1596 hw->iobase = (void __force __iomem *) &upriv->hermes_reg_fake;
1597 hw->reg_spacing = HERMES_16BIT_REGSPACING;
1598 hw->priv = upriv;
1599 hw->ops = &ezusb_ops;
1600
1601 /* set up the endpoint information */
1602 /* check out the endpoints */
1603
1604 iface_desc = &interface->altsetting[0].desc;
1605 for (i = 0; i < iface_desc->bNumEndpoints; ++i) {
1606 ep = &interface->altsetting[0].endpoint[i].desc;
1607
1608 if (usb_endpoint_is_bulk_in(ep)) {
1609 /* we found a bulk in endpoint */
1610 if (upriv->read_urb != NULL) {
1611 pr_warn("Found a second bulk in ep, ignored\n");
1612 continue;
1613 }
1614
1615 upriv->read_urb = usb_alloc_urb(0, GFP_KERNEL);
1616 if (!upriv->read_urb) {
1617 err("No free urbs available");
1618 goto error;
1619 }
1620 if (le16_to_cpu(ep->wMaxPacketSize) != 64)
1621 pr_warn("bulk in: wMaxPacketSize!= 64\n");
1622 if (ep->bEndpointAddress != (2 | USB_DIR_IN))
1623 pr_warn("bulk in: bEndpointAddress: %d\n",
1624 ep->bEndpointAddress);
1625 upriv->read_pipe = usb_rcvbulkpipe(udev,
1626 ep->
1627 bEndpointAddress);
1628 upriv->read_urb->transfer_buffer =
1629 kmalloc(BULK_BUF_SIZE, GFP_KERNEL);
1630 if (!upriv->read_urb->transfer_buffer) {
1631 err("Couldn't allocate IN buffer");
1632 goto error;
1633 }
1634 }
1635
1636 if (usb_endpoint_is_bulk_out(ep)) {
1637 /* we found a bulk out endpoint */
1638 if (upriv->bap_buf != NULL) {
1639 pr_warn("Found a second bulk out ep, ignored\n");
1640 continue;
1641 }
1642
1643 if (le16_to_cpu(ep->wMaxPacketSize) != 64)
1644 pr_warn("bulk out: wMaxPacketSize != 64\n");
1645 if (ep->bEndpointAddress != 2)
1646 pr_warn("bulk out: bEndpointAddress: %d\n",
1647 ep->bEndpointAddress);
1648 upriv->write_pipe = usb_sndbulkpipe(udev,
1649 ep->
1650 bEndpointAddress);
1651 upriv->bap_buf = kmalloc(BULK_BUF_SIZE, GFP_KERNEL);
1652 if (!upriv->bap_buf) {
1653 err("Couldn't allocate bulk_out_buffer");
1654 goto error;
1655 }
1656 }
1657 }
1658 if (!upriv->bap_buf || !upriv->read_urb) {
1659 err("Didn't find the required bulk endpoints");
1660 goto error;
1661 }
1662
1663 if (request_firmware(&fw_entry, "orinoco_ezusb_fw",
1664 &interface->dev) == 0) {
1665 firmware.size = fw_entry->size;
1666 firmware.code = fw_entry->data;
1667 }
1668 if (firmware.size && firmware.code) {
1669 if (ezusb_firmware_download(upriv, &firmware) < 0)
1670 goto error;
1671 } else {
1672 err("No firmware to download");
1673 goto error;
1674 }
1675
1676 if (ezusb_hard_reset(priv) < 0) {
1677 err("Cannot reset the device");
1678 goto error;
1679 }
1680
1681 /* If the firmware is already downloaded orinoco.c will call
1682 * ezusb_init but if the firmware is not already there, that will make
1683 * the kernel very unstable, so we try initializing here and quit in
1684 * case of error */
1685 if (ezusb_init(hw) < 0) {
1686 err("Couldn't initialize the device");
1687 err("Firmware may not be downloaded or may be wrong.");
1688 goto error;
1689 }
1690
1691 /* Initialise the main driver */
1692 if (orinoco_init(priv) != 0) {
1693 err("orinoco_init() failed\n");
1694 goto error;
1695 }
1696
1697 if (orinoco_if_add(priv, 0, 0, &ezusb_netdev_ops) != 0) {
1698 upriv->dev = NULL;
1699 err("%s: orinoco_if_add() failed", __func__);
1700 goto error;
1701 }
1702 upriv->dev = priv->ndev;
1703
1704 goto exit;
1705
1706 error:
1707 ezusb_delete(upriv);
1708 if (upriv->dev) {
1709 /* upriv->dev was 0, so ezusb_delete() didn't free it */
1710 free_orinocodev(priv);
1711 }
1712 upriv = NULL;
1713 retval = -EFAULT;
1714 exit:
1715 if (fw_entry) {
1716 firmware.code = NULL;
1717 firmware.size = 0;
1718 release_firmware(fw_entry);
1719 }
1720 usb_set_intfdata(interface, upriv);
1721 return retval;
1722 }
1723
1724
1725 static void ezusb_disconnect(struct usb_interface *intf)
1726 {
1727 struct ezusb_priv *upriv = usb_get_intfdata(intf);
1728 usb_set_intfdata(intf, NULL);
1729 ezusb_delete(upriv);
1730 printk(KERN_INFO PFX "Disconnected\n");
1731 }
1732
1733
1734 /* usb specific object needed to register this driver with the usb subsystem */
1735 static struct usb_driver orinoco_driver = {
1736 .name = DRIVER_NAME,
1737 .probe = ezusb_probe,
1738 .disconnect = ezusb_disconnect,
1739 .id_table = ezusb_table,
1740 .disable_hub_initiated_lpm = 1,
1741 };
1742
1743 module_usb_driver(orinoco_driver);
1744
1745 MODULE_AUTHOR("Manuel Estrada Sainz");
1746 MODULE_DESCRIPTION("Driver for Orinoco wireless LAN cards using EZUSB bridge");
1747 MODULE_LICENSE("Dual MPL/GPL");
Linux with added FPC-III support