search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
pvrusb2: reduce stack usage pvr2_eeprom_analyze()
[linux/fpc-iii.git] / drivers / net / wireless / intersil / orinoco / orinoco_usb.c
blobbca6935a94db9a4bd767bfa0b7d2d7c82cd6b60c
1 /*
2 * USB Orinoco driver
3 *
4 * Copyright (c) 2003 Manuel Estrada Sainz
5 *
6 * The contents of this file are subject to the Mozilla Public License
7 * Version 1.1 (the "License"); you may not use this file except in
8 * compliance with the License. You may obtain a copy of the License
9 * at http://www.mozilla.org/MPL/
10 *
11 * Software distributed under the License is distributed on an "AS IS"
12 * basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
13 * the License for the specific language governing rights and
14 * limitations under the License.
15 *
16 * Alternatively, the contents of this file may be used under the
17 * terms of the GNU General Public License version 2 (the "GPL"), in
18 * which case the provisions of the GPL are applicable instead of the
19 * above. If you wish to allow the use of your version of this file
20 * only under the terms of the GPL and not to allow others to use your
21 * version of this file under the MPL, indicate your decision by
22 * deleting the provisions above and replace them with the notice and
23 * other provisions required by the GPL. If you do not delete the
24 * provisions above, a recipient may use your version of this file
25 * under either the MPL or the GPL.
26 *
27 * Queueing code based on linux-wlan-ng 0.2.1-pre5
28 *
29 * Copyright (C) 1999 AbsoluteValue Systems, Inc. All Rights Reserved.
30 *
31 * The license is the same as above.
32 *
33 * Initialy based on USB Skeleton driver - 0.7
34 *
35 * Copyright (c) 2001 Greg Kroah-Hartman (greg@kroah.com)
36 *
37 * This program is free software; you can redistribute it and/or
38 * modify it under the terms of the GNU General Public License as
39 * published by the Free Software Foundation; either version 2 of
40 * the License, or (at your option) any later version.
41 *
42 * NOTE: The original USB Skeleton driver is GPL, but all that code is
43 * gone so MPL/GPL applies.
44 */
45
46 #define DRIVER_NAME "orinoco_usb"
47 #define PFX DRIVER_NAME ": "
48
49 #include <linux/module.h>
50 #include <linux/kernel.h>
51 #include <linux/sched.h>
52 #include <linux/signal.h>
53 #include <linux/errno.h>
54 #include <linux/poll.h>
55 #include <linux/slab.h>
56 #include <linux/fcntl.h>
57 #include <linux/spinlock.h>
58 #include <linux/list.h>
59 #include <linux/usb.h>
60 #include <linux/timer.h>
61
62 #include <linux/netdevice.h>
63 #include <linux/if_arp.h>
64 #include <linux/etherdevice.h>
65 #include <linux/wireless.h>
66 #include <linux/firmware.h>
67
68 #include "mic.h"
69 #include "orinoco.h"
70
71 #ifndef URB_ASYNC_UNLINK
72 #define URB_ASYNC_UNLINK 0
73 #endif
74
75 /* 802.2 LLC/SNAP header used for Ethernet encapsulation over 802.11 */
76 static const u8 encaps_hdr[] = {0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00};
77 #define ENCAPS_OVERHEAD (sizeof(encaps_hdr) + 2)
78
79 struct header_struct {
80 /* 802.3 */
81 u8 dest[ETH_ALEN];
82 u8 src[ETH_ALEN];
83 __be16 len;
84 /* 802.2 */
85 u8 dsap;
86 u8 ssap;
87 u8 ctrl;
88 /* SNAP */
89 u8 oui[3];
90 __be16 ethertype;
91 } __packed;
92
93 struct ez_usb_fw {
94 u16 size;
95 const u8 *code;
96 };
97
98 static struct ez_usb_fw firmware = {
99 .size = 0,
100 .code = NULL,
101 };
102
103 /* Debugging macros */
104 #undef err
105 #define err(format, arg...) \
106 do { printk(KERN_ERR PFX format "\n", ## arg); } while (0)
107
108 MODULE_FIRMWARE("orinoco_ezusb_fw");
109
110 /*
111 * Under some conditions, the card gets stuck and stops paying attention
112 * to the world (i.e. data communication stalls) until we do something to
113 * it. Sending an INQ_TALLIES command seems to be enough and should be
114 * harmless otherwise. This behaviour has been observed when using the
115 * driver on a systemimager client during installation. In the past a
116 * timer was used to send INQ_TALLIES commands when there was no other
117 * activity, but it was troublesome and was removed.
118 */
119
120 #define USB_COMPAQ_VENDOR_ID 0x049f /* Compaq Computer Corp. */
121 #define USB_COMPAQ_WL215_ID 0x001f /* Compaq WL215 USB Adapter */
122 #define USB_COMPAQ_W200_ID 0x0076 /* Compaq W200 USB Adapter */
123 #define USB_HP_WL215_ID 0x0082 /* Compaq WL215 USB Adapter */
124
125 #define USB_MELCO_VENDOR_ID 0x0411
126 #define USB_BUFFALO_L11_ID 0x0006 /* BUFFALO WLI-USB-L11 */
127 #define USB_BUFFALO_L11G_WR_ID 0x000B /* BUFFALO WLI-USB-L11G-WR */
128 #define USB_BUFFALO_L11G_ID 0x000D /* BUFFALO WLI-USB-L11G */
129
130 #define USB_LUCENT_VENDOR_ID 0x047E /* Lucent Technologies */
131 #define USB_LUCENT_ORINOCO_ID 0x0300 /* Lucent/Agere Orinoco USB Client */
132
133 #define USB_AVAYA8_VENDOR_ID 0x0D98
134 #define USB_AVAYAE_VENDOR_ID 0x0D9E
135 #define USB_AVAYA_WIRELESS_ID 0x0300 /* Avaya Wireless USB Card */
136
137 #define USB_AGERE_VENDOR_ID 0x0D4E /* Agere Systems */
138 #define USB_AGERE_MODEL0801_ID 0x1000 /* Wireless USB Card Model 0801 */
139 #define USB_AGERE_MODEL0802_ID 0x1001 /* Wireless USB Card Model 0802 */
140 #define USB_AGERE_REBRANDED_ID 0x047A /* WLAN USB Card */
141
142 #define USB_ELSA_VENDOR_ID 0x05CC
143 #define USB_ELSA_AIRLANCER_ID 0x3100 /* ELSA AirLancer USB-11 */
144
145 #define USB_LEGEND_VENDOR_ID 0x0E7C
146 #define USB_LEGEND_JOYNET_ID 0x0300 /* Joynet WLAN USB Card */
147
148 #define USB_SAMSUNG_VENDOR_ID 0x04E8
149 #define USB_SAMSUNG_SEW2001U1_ID 0x5002 /* Samsung SEW-2001u Card */
150 #define USB_SAMSUNG_SEW2001U2_ID 0x5B11 /* Samsung SEW-2001u Card */
151 #define USB_SAMSUNG_SEW2003U_ID 0x7011 /* Samsung SEW-2003U Card */
152
153 #define USB_IGATE_VENDOR_ID 0x0681
154 #define USB_IGATE_IGATE_11M_ID 0x0012 /* I-GATE 11M USB Card */
155
156 #define USB_FUJITSU_VENDOR_ID 0x0BF8
157 #define USB_FUJITSU_E1100_ID 0x1002 /* connect2AIR WLAN E-1100 USB */
158
159 #define USB_2WIRE_VENDOR_ID 0x1630
160 #define USB_2WIRE_WIRELESS_ID 0xff81 /* 2Wire Wireless USB adapter */
161
162
163 #define EZUSB_REQUEST_FW_TRANS 0xA0
164 #define EZUSB_REQUEST_TRIGER 0xAA
165 #define EZUSB_REQUEST_TRIG_AC 0xAC
166 #define EZUSB_CPUCS_REG 0x7F92
167
168 #define EZUSB_RID_TX 0x0700
169 #define EZUSB_RID_RX 0x0701
170 #define EZUSB_RID_INIT1 0x0702
171 #define EZUSB_RID_ACK 0x0710
172 #define EZUSB_RID_READ_PDA 0x0800
173 #define EZUSB_RID_PROG_INIT 0x0852
174 #define EZUSB_RID_PROG_SET_ADDR 0x0853
175 #define EZUSB_RID_PROG_BYTES 0x0854
176 #define EZUSB_RID_PROG_END 0x0855
177 #define EZUSB_RID_DOCMD 0x0860
178
179 /* Recognize info frames */
180 #define EZUSB_IS_INFO(id) ((id >= 0xF000) && (id <= 0xF2FF))
181
182 #define EZUSB_MAGIC 0x0210
183
184 #define EZUSB_FRAME_DATA 1
185 #define EZUSB_FRAME_CONTROL 2
186
187 #define DEF_TIMEOUT (3 * HZ)
188
189 #define BULK_BUF_SIZE 2048
190
191 #define MAX_DL_SIZE (BULK_BUF_SIZE - sizeof(struct ezusb_packet))
192
193 #define FW_BUF_SIZE 64
194 #define FW_VAR_OFFSET_PTR 0x359
195 #define FW_VAR_VALUE 0
196 #define FW_HOLE_START 0x100
197 #define FW_HOLE_END 0x300
198
199 struct ezusb_packet {
200 __le16 magic; /* 0x0210 */
201 u8 req_reply_count;
202 u8 ans_reply_count;
203 __le16 frame_type; /* 0x01 for data frames, 0x02 otherwise */
204 __le16 size; /* transport size */
205 __le16 crc; /* CRC up to here */
206 __le16 hermes_len;
207 __le16 hermes_rid;
208 u8 data[0];
209 } __packed;
210
211 /* Table of devices that work or may work with this driver */
212 static struct usb_device_id ezusb_table[] = {
213 {USB_DEVICE(USB_COMPAQ_VENDOR_ID, USB_COMPAQ_WL215_ID)},
214 {USB_DEVICE(USB_COMPAQ_VENDOR_ID, USB_HP_WL215_ID)},
215 {USB_DEVICE(USB_COMPAQ_VENDOR_ID, USB_COMPAQ_W200_ID)},
216 {USB_DEVICE(USB_MELCO_VENDOR_ID, USB_BUFFALO_L11_ID)},
217 {USB_DEVICE(USB_MELCO_VENDOR_ID, USB_BUFFALO_L11G_WR_ID)},
218 {USB_DEVICE(USB_MELCO_VENDOR_ID, USB_BUFFALO_L11G_ID)},
219 {USB_DEVICE(USB_LUCENT_VENDOR_ID, USB_LUCENT_ORINOCO_ID)},
220 {USB_DEVICE(USB_AVAYA8_VENDOR_ID, USB_AVAYA_WIRELESS_ID)},
221 {USB_DEVICE(USB_AVAYAE_VENDOR_ID, USB_AVAYA_WIRELESS_ID)},
222 {USB_DEVICE(USB_AGERE_VENDOR_ID, USB_AGERE_MODEL0801_ID)},
223 {USB_DEVICE(USB_AGERE_VENDOR_ID, USB_AGERE_MODEL0802_ID)},
224 {USB_DEVICE(USB_ELSA_VENDOR_ID, USB_ELSA_AIRLANCER_ID)},
225 {USB_DEVICE(USB_LEGEND_VENDOR_ID, USB_LEGEND_JOYNET_ID)},
226 {USB_DEVICE_VER(USB_SAMSUNG_VENDOR_ID, USB_SAMSUNG_SEW2001U1_ID,
227 0, 0)},
228 {USB_DEVICE(USB_SAMSUNG_VENDOR_ID, USB_SAMSUNG_SEW2001U2_ID)},
229 {USB_DEVICE(USB_SAMSUNG_VENDOR_ID, USB_SAMSUNG_SEW2003U_ID)},
230 {USB_DEVICE(USB_IGATE_VENDOR_ID, USB_IGATE_IGATE_11M_ID)},
231 {USB_DEVICE(USB_FUJITSU_VENDOR_ID, USB_FUJITSU_E1100_ID)},
232 {USB_DEVICE(USB_2WIRE_VENDOR_ID, USB_2WIRE_WIRELESS_ID)},
233 {USB_DEVICE(USB_AGERE_VENDOR_ID, USB_AGERE_REBRANDED_ID)},
234 {} /* Terminating entry */
235 };
236
237 MODULE_DEVICE_TABLE(usb, ezusb_table);
238
239 /* Structure to hold all of our device specific stuff */
240 struct ezusb_priv {
241 struct usb_device *udev;
242 struct net_device *dev;
243 struct mutex mtx;
244 spinlock_t req_lock;
245 struct list_head req_pending;
246 struct list_head req_active;
247 spinlock_t reply_count_lock;
248 u16 hermes_reg_fake[0x40];
249 u8 *bap_buf;
250 struct urb *read_urb;
251 int read_pipe;
252 int write_pipe;
253 u8 reply_count;
254 };
255
256 enum ezusb_state {
257 EZUSB_CTX_START,
258 EZUSB_CTX_QUEUED,
259 EZUSB_CTX_REQ_SUBMITTED,
260 EZUSB_CTX_REQ_COMPLETE,
261 EZUSB_CTX_RESP_RECEIVED,
262 EZUSB_CTX_REQ_TIMEOUT,
263 EZUSB_CTX_REQ_FAILED,
264 EZUSB_CTX_RESP_TIMEOUT,
265 EZUSB_CTX_REQSUBMIT_FAIL,
266 EZUSB_CTX_COMPLETE,
267 };
268
269 struct request_context {
270 struct list_head list;
271 atomic_t refcount;
272 struct completion done; /* Signals that CTX is dead */
273 int killed;
274 struct urb *outurb; /* OUT for req pkt */
275 struct ezusb_priv *upriv;
276 struct ezusb_packet *buf;
277 int buf_length;
278 struct timer_list timer; /* Timeout handling */
279 enum ezusb_state state; /* Current state */
280 /* the RID that we will wait for */
281 u16 out_rid;
282 u16 in_rid;
283 };
284
285
286 /* Forward declarations */
287 static void ezusb_ctx_complete(struct request_context *ctx);
288 static void ezusb_req_queue_run(struct ezusb_priv *upriv);
289 static void ezusb_bulk_in_callback(struct urb *urb);
290
291 static inline u8 ezusb_reply_inc(u8 count)
292 {
293 if (count < 0x7F)
294 return count + 1;
295 else
296 return 1;
297 }
298
299 static void ezusb_request_context_put(struct request_context *ctx)
300 {
301 if (!atomic_dec_and_test(&ctx->refcount))
302 return;
303
304 WARN_ON(!ctx->done.done);
305 BUG_ON(ctx->outurb->status == -EINPROGRESS);
306 BUG_ON(timer_pending(&ctx->timer));
307 usb_free_urb(ctx->outurb);
308 kfree(ctx->buf);
309 kfree(ctx);
310 }
311
312 static inline void ezusb_mod_timer(struct ezusb_priv *upriv,
313 struct timer_list *timer,
314 unsigned long expire)
315 {
316 if (!upriv->udev)
317 return;
318 mod_timer(timer, expire);
319 }
320
321 static void ezusb_request_timerfn(u_long _ctx)
322 {
323 struct request_context *ctx = (void *) _ctx;
324
325 ctx->outurb->transfer_flags |= URB_ASYNC_UNLINK;
326 if (usb_unlink_urb(ctx->outurb) == -EINPROGRESS) {
327 ctx->state = EZUSB_CTX_REQ_TIMEOUT;
328 } else {
329 ctx->state = EZUSB_CTX_RESP_TIMEOUT;
330 dev_dbg(&ctx->outurb->dev->dev, "couldn't unlink\n");
331 atomic_inc(&ctx->refcount);
332 ctx->killed = 1;
333 ezusb_ctx_complete(ctx);
334 ezusb_request_context_put(ctx);
335 }
336 };
337
338 static struct request_context *ezusb_alloc_ctx(struct ezusb_priv *upriv,
339 u16 out_rid, u16 in_rid)
340 {
341 struct request_context *ctx;
342
343 ctx = kzalloc(sizeof(*ctx), GFP_ATOMIC);
344 if (!ctx)
345 return NULL;
346
347 ctx->buf = kmalloc(BULK_BUF_SIZE, GFP_ATOMIC);
348 if (!ctx->buf) {
349 kfree(ctx);
350 return NULL;
351 }
352 ctx->outurb = usb_alloc_urb(0, GFP_ATOMIC);
353 if (!ctx->outurb) {
354 kfree(ctx->buf);
355 kfree(ctx);
356 return NULL;
357 }
358
359 ctx->upriv = upriv;
360 ctx->state = EZUSB_CTX_START;
361 ctx->out_rid = out_rid;
362 ctx->in_rid = in_rid;
363
364 atomic_set(&ctx->refcount, 1);
365 init_completion(&ctx->done);
366
367 setup_timer(&ctx->timer, ezusb_request_timerfn, (u_long)ctx);
368 return ctx;
369 }
370
371
372 /* Hopefully the real complete_all will soon be exported, in the mean
373 * while this should work. */
374 static inline void ezusb_complete_all(struct completion *comp)
375 {
376 complete(comp);
377 complete(comp);
378 complete(comp);
379 complete(comp);
380 }
381
382 static void ezusb_ctx_complete(struct request_context *ctx)
383 {
384 struct ezusb_priv *upriv = ctx->upriv;
385 unsigned long flags;
386
387 spin_lock_irqsave(&upriv->req_lock, flags);
388
389 list_del_init(&ctx->list);
390 if (upriv->udev) {
391 spin_unlock_irqrestore(&upriv->req_lock, flags);
392 ezusb_req_queue_run(upriv);
393 spin_lock_irqsave(&upriv->req_lock, flags);
394 }
395
396 switch (ctx->state) {
397 case EZUSB_CTX_COMPLETE:
398 case EZUSB_CTX_REQSUBMIT_FAIL:
399 case EZUSB_CTX_REQ_FAILED:
400 case EZUSB_CTX_REQ_TIMEOUT:
401 case EZUSB_CTX_RESP_TIMEOUT:
402 spin_unlock_irqrestore(&upriv->req_lock, flags);
403
404 if ((ctx->out_rid == EZUSB_RID_TX) && upriv->dev) {
405 struct net_device *dev = upriv->dev;
406 struct orinoco_private *priv = ndev_priv(dev);
407 struct net_device_stats *stats = &priv->stats;
408
409 if (ctx->state != EZUSB_CTX_COMPLETE)
410 stats->tx_errors++;
411 else
412 stats->tx_packets++;
413
414 netif_wake_queue(dev);
415 }
416 ezusb_complete_all(&ctx->done);
417 ezusb_request_context_put(ctx);
418 break;
419
420 default:
421 spin_unlock_irqrestore(&upriv->req_lock, flags);
422 if (!upriv->udev) {
423 /* This is normal, as all request contexts get flushed
424 * when the device is disconnected */
425 err("Called, CTX not terminating, but device gone");
426 ezusb_complete_all(&ctx->done);
427 ezusb_request_context_put(ctx);
428 break;
429 }
430
431 err("Called, CTX not in terminating state.");
432 /* Things are really bad if this happens. Just leak
433 * the CTX because it may still be linked to the
434 * queue or the OUT urb may still be active.
435 * Just leaking at least prevents an Oops or Panic.
436 */
437 break;
438 }
439 }
440
441 /**
442 * ezusb_req_queue_run:
443 * Description:
444 * Note: Only one active CTX at any one time, because there's no
445 * other (reliable) way to match the response URB to the correct
446 * CTX.
447 **/
448 static void ezusb_req_queue_run(struct ezusb_priv *upriv)
449 {
450 unsigned long flags;
451 struct request_context *ctx;
452 int result;
453
454 spin_lock_irqsave(&upriv->req_lock, flags);
455
456 if (!list_empty(&upriv->req_active))
457 goto unlock;
458
459 if (list_empty(&upriv->req_pending))
460 goto unlock;
461
462 ctx =
463 list_entry(upriv->req_pending.next, struct request_context,
464 list);
465
466 if (!ctx->upriv->udev)
467 goto unlock;
468
469 /* We need to split this off to avoid a race condition */
470 list_move_tail(&ctx->list, &upriv->req_active);
471
472 if (ctx->state == EZUSB_CTX_QUEUED) {
473 atomic_inc(&ctx->refcount);
474 result = usb_submit_urb(ctx->outurb, GFP_ATOMIC);
475 if (result) {
476 ctx->state = EZUSB_CTX_REQSUBMIT_FAIL;
477
478 spin_unlock_irqrestore(&upriv->req_lock, flags);
479
480 err("Fatal, failed to submit command urb."
481 " error=%d\n", result);
482
483 ezusb_ctx_complete(ctx);
484 ezusb_request_context_put(ctx);
485 goto done;
486 }
487
488 ctx->state = EZUSB_CTX_REQ_SUBMITTED;
489 ezusb_mod_timer(ctx->upriv, &ctx->timer,
490 jiffies + DEF_TIMEOUT);
491 }
492
493 unlock:
494 spin_unlock_irqrestore(&upriv->req_lock, flags);
495
496 done:
497 return;
498 }
499
500 static void ezusb_req_enqueue_run(struct ezusb_priv *upriv,
501 struct request_context *ctx)
502 {
503 unsigned long flags;
504
505 spin_lock_irqsave(&upriv->req_lock, flags);
506
507 if (!ctx->upriv->udev) {
508 spin_unlock_irqrestore(&upriv->req_lock, flags);
509 goto done;
510 }
511 atomic_inc(&ctx->refcount);
512 list_add_tail(&ctx->list, &upriv->req_pending);
513 spin_unlock_irqrestore(&upriv->req_lock, flags);
514
515 ctx->state = EZUSB_CTX_QUEUED;
516 ezusb_req_queue_run(upriv);
517
518 done:
519 return;
520 }
521
522 static void ezusb_request_out_callback(struct urb *urb)
523 {
524 unsigned long flags;
525 enum ezusb_state state;
526 struct request_context *ctx = urb->context;
527 struct ezusb_priv *upriv = ctx->upriv;
528
529 spin_lock_irqsave(&upriv->req_lock, flags);
530
531 del_timer(&ctx->timer);
532
533 if (ctx->killed) {
534 spin_unlock_irqrestore(&upriv->req_lock, flags);
535 pr_warn("interrupt called with dead ctx\n");
536 goto out;
537 }
538
539 state = ctx->state;
540
541 if (urb->status == 0) {
542 switch (state) {
543 case EZUSB_CTX_REQ_SUBMITTED:
544 if (ctx->in_rid) {
545 ctx->state = EZUSB_CTX_REQ_COMPLETE;
546 /* reply URB still pending */
547 ezusb_mod_timer(upriv, &ctx->timer,
548 jiffies + DEF_TIMEOUT);
549 spin_unlock_irqrestore(&upriv->req_lock,
550 flags);
551 break;
552 }
553 /* fall through */
554 case EZUSB_CTX_RESP_RECEIVED:
555 /* IN already received before this OUT-ACK */
556 ctx->state = EZUSB_CTX_COMPLETE;
557 spin_unlock_irqrestore(&upriv->req_lock, flags);
558 ezusb_ctx_complete(ctx);
559 break;
560
561 default:
562 spin_unlock_irqrestore(&upriv->req_lock, flags);
563 err("Unexpected state(0x%x, %d) in OUT URB",
564 state, urb->status);
565 break;
566 }
567 } else {
568 /* If someone cancels the OUT URB then its status
569 * should be either -ECONNRESET or -ENOENT.
570 */
571 switch (state) {
572 case EZUSB_CTX_REQ_SUBMITTED:
573 case EZUSB_CTX_RESP_RECEIVED:
574 ctx->state = EZUSB_CTX_REQ_FAILED;
575 /* fall through */
576
577 case EZUSB_CTX_REQ_FAILED:
578 case EZUSB_CTX_REQ_TIMEOUT:
579 spin_unlock_irqrestore(&upriv->req_lock, flags);
580
581 ezusb_ctx_complete(ctx);
582 break;
583
584 default:
585 spin_unlock_irqrestore(&upriv->req_lock, flags);
586
587 err("Unexpected state(0x%x, %d) in OUT URB",
588 state, urb->status);
589 break;
590 }
591 }
592 out:
593 ezusb_request_context_put(ctx);
594 }
595
596 static void ezusb_request_in_callback(struct ezusb_priv *upriv,
597 struct urb *urb)
598 {
599 struct ezusb_packet *ans = urb->transfer_buffer;
600 struct request_context *ctx = NULL;
601 enum ezusb_state state;
602 unsigned long flags;
603
604 /* Find the CTX on the active queue that requested this URB */
605 spin_lock_irqsave(&upriv->req_lock, flags);
606 if (upriv->udev) {
607 struct list_head *item;
608
609 list_for_each(item, &upriv->req_active) {
610 struct request_context *c;
611 int reply_count;
612
613 c = list_entry(item, struct request_context, list);
614 reply_count =
615 ezusb_reply_inc(c->buf->req_reply_count);
616 if ((ans->ans_reply_count == reply_count)
617 && (le16_to_cpu(ans->hermes_rid) == c->in_rid)) {
618 ctx = c;
619 break;
620 }
621 netdev_dbg(upriv->dev, "Skipped (0x%x/0x%x) (%d/%d)\n",
622 le16_to_cpu(ans->hermes_rid), c->in_rid,
623 ans->ans_reply_count, reply_count);
624 }
625 }
626
627 if (ctx == NULL) {
628 spin_unlock_irqrestore(&upriv->req_lock, flags);
629 err("%s: got unexpected RID: 0x%04X", __func__,
630 le16_to_cpu(ans->hermes_rid));
631 ezusb_req_queue_run(upriv);
632 return;
633 }
634
635 /* The data we want is in the in buffer, exchange */
636 urb->transfer_buffer = ctx->buf;
637 ctx->buf = (void *) ans;
638 ctx->buf_length = urb->actual_length;
639
640 state = ctx->state;
641 switch (state) {
642 case EZUSB_CTX_REQ_SUBMITTED:
643 /* We have received our response URB before
644 * our request has been acknowledged. Do NOT
645 * destroy our CTX yet, because our OUT URB
646 * is still alive ...
647 */
648 ctx->state = EZUSB_CTX_RESP_RECEIVED;
649 spin_unlock_irqrestore(&upriv->req_lock, flags);
650
651 /* Let the machine continue running. */
652 break;
653
654 case EZUSB_CTX_REQ_COMPLETE:
655 /* This is the usual path: our request
656 * has already been acknowledged, and
657 * we have now received the reply.
658 */
659 ctx->state = EZUSB_CTX_COMPLETE;
660
661 /* Stop the intimer */
662 del_timer(&ctx->timer);
663 spin_unlock_irqrestore(&upriv->req_lock, flags);
664
665 /* Call the completion handler */
666 ezusb_ctx_complete(ctx);
667 break;
668
669 default:
670 spin_unlock_irqrestore(&upriv->req_lock, flags);
671
672 pr_warn("Matched IN URB, unexpected context state(0x%x)\n",
673 state);
674 /* Throw this CTX away and try submitting another */
675 del_timer(&ctx->timer);
676 ctx->outurb->transfer_flags |= URB_ASYNC_UNLINK;
677 usb_unlink_urb(ctx->outurb);
678 ezusb_req_queue_run(upriv);
679 break;
680 } /* switch */
681 }
682
683
684 static void ezusb_req_ctx_wait(struct ezusb_priv *upriv,
685 struct request_context *ctx)
686 {
687 switch (ctx->state) {
688 case EZUSB_CTX_QUEUED:
689 case EZUSB_CTX_REQ_SUBMITTED:
690 case EZUSB_CTX_REQ_COMPLETE:
691 case EZUSB_CTX_RESP_RECEIVED:
692 if (in_softirq()) {
693 /* If we get called from a timer, timeout timers don't
694 * get the chance to run themselves. So we make sure
695 * that we don't sleep for ever */
696 int msecs = DEF_TIMEOUT * (1000 / HZ);
697 while (!ctx->done.done && msecs--)
698 udelay(1000);
699 } else {
700 wait_event_interruptible(ctx->done.wait,
701 ctx->done.done);
702 }
703 break;
704 default:
705 /* Done or failed - nothing to wait for */
706 break;
707 }
708 }
709
710 static inline u16 build_crc(struct ezusb_packet *data)
711 {
712 u16 crc = 0;
713 u8 *bytes = (u8 *)data;
714 int i;
715
716 for (i = 0; i < 8; i++)
717 crc = (crc << 1) + bytes[i];
718
719 return crc;
720 }
721
722 /**
723 * ezusb_fill_req:
724 *
725 * if data == NULL and length > 0 the data is assumed to be already in
726 * the target buffer and only the header is filled.
727 *
728 */
729 static int ezusb_fill_req(struct ezusb_packet *req, u16 length, u16 rid,
730 const void *data, u16 frame_type, u8 reply_count)
731 {
732 int total_size = sizeof(*req) + length;
733
734 BUG_ON(total_size > BULK_BUF_SIZE);
735
736 req->magic = cpu_to_le16(EZUSB_MAGIC);
737 req->req_reply_count = reply_count;
738 req->ans_reply_count = 0;
739 req->frame_type = cpu_to_le16(frame_type);
740 req->size = cpu_to_le16(length + 4);
741 req->crc = cpu_to_le16(build_crc(req));
742 req->hermes_len = cpu_to_le16(HERMES_BYTES_TO_RECLEN(length));
743 req->hermes_rid = cpu_to_le16(rid);
744 if (data)
745 memcpy(req->data, data, length);
746 return total_size;
747 }
748
749 static int ezusb_submit_in_urb(struct ezusb_priv *upriv)
750 {
751 int retval = 0;
752 void *cur_buf = upriv->read_urb->transfer_buffer;
753
754 if (upriv->read_urb->status == -EINPROGRESS) {
755 netdev_dbg(upriv->dev, "urb busy, not resubmiting\n");
756 retval = -EBUSY;
757 goto exit;
758 }
759 usb_fill_bulk_urb(upriv->read_urb, upriv->udev, upriv->read_pipe,
760 cur_buf, BULK_BUF_SIZE,
761 ezusb_bulk_in_callback, upriv);
762 upriv->read_urb->transfer_flags = 0;
763 retval = usb_submit_urb(upriv->read_urb, GFP_ATOMIC);
764 if (retval)
765 err("%s submit failed %d", __func__, retval);
766
767 exit:
768 return retval;
769 }
770
771 static inline int ezusb_8051_cpucs(struct ezusb_priv *upriv, int reset)
772 {
773 u8 res_val = reset; /* avoid argument promotion */
774
775 if (!upriv->udev) {
776 err("%s: !upriv->udev", __func__);
777 return -EFAULT;
778 }
779 return usb_control_msg(upriv->udev,
780 usb_sndctrlpipe(upriv->udev, 0),
781 EZUSB_REQUEST_FW_TRANS,
782 USB_TYPE_VENDOR | USB_RECIP_DEVICE |
783 USB_DIR_OUT, EZUSB_CPUCS_REG, 0, &res_val,
784 sizeof(res_val), DEF_TIMEOUT);
785 }
786
787 static int ezusb_firmware_download(struct ezusb_priv *upriv,
788 struct ez_usb_fw *fw)
789 {
790 u8 *fw_buffer;
791 int retval, addr;
792 int variant_offset;
793
794 fw_buffer = kmalloc(FW_BUF_SIZE, GFP_KERNEL);
795 if (!fw_buffer) {
796 printk(KERN_ERR PFX "Out of memory for firmware buffer.\n");
797 return -ENOMEM;
798 }
799 /*
800 * This byte is 1 and should be replaced with 0. The offset is
801 * 0x10AD in version 0.0.6. The byte in question should follow
802 * the end of the code pointed to by the jump in the beginning
803 * of the firmware. Also, it is read by code located at 0x358.
804 */
805 variant_offset = be16_to_cpup((__be16 *) &fw->code[FW_VAR_OFFSET_PTR]);
806 if (variant_offset >= fw->size) {
807 printk(KERN_ERR PFX "Invalid firmware variant offset: "
808 "0x%04x\n", variant_offset);
809 retval = -EINVAL;
810 goto fail;
811 }
812
813 retval = ezusb_8051_cpucs(upriv, 1);
814 if (retval < 0)
815 goto fail;
816 for (addr = 0; addr < fw->size; addr += FW_BUF_SIZE) {
817 /* 0x100-0x300 should be left alone, it contains card
818 * specific data, like USB enumeration information */
819 if ((addr >= FW_HOLE_START) && (addr < FW_HOLE_END))
820 continue;
821
822 memcpy(fw_buffer, &fw->code[addr], FW_BUF_SIZE);
823 if (variant_offset >= addr &&
824 variant_offset < addr + FW_BUF_SIZE) {
825 netdev_dbg(upriv->dev,
826 "Patching card_variant byte at 0x%04X\n",
827 variant_offset);
828 fw_buffer[variant_offset - addr] = FW_VAR_VALUE;
829 }
830 retval = usb_control_msg(upriv->udev,
831 usb_sndctrlpipe(upriv->udev, 0),
832 EZUSB_REQUEST_FW_TRANS,
833 USB_TYPE_VENDOR | USB_RECIP_DEVICE
834 | USB_DIR_OUT,
835 addr, 0x0,
836 fw_buffer, FW_BUF_SIZE,
837 DEF_TIMEOUT);
838
839 if (retval < 0)
840 goto fail;
841 }
842 retval = ezusb_8051_cpucs(upriv, 0);
843 if (retval < 0)
844 goto fail;
845
846 goto exit;
847 fail:
848 printk(KERN_ERR PFX "Firmware download failed, error %d\n",
849 retval);
850 exit:
851 kfree(fw_buffer);
852 return retval;
853 }
854
855 static int ezusb_access_ltv(struct ezusb_priv *upriv,
856 struct request_context *ctx,
857 u16 length, const void *data, u16 frame_type,
858 void *ans_buff, unsigned ans_size, u16 *ans_length)
859 {
860 int req_size;
861 int retval = 0;
862 enum ezusb_state state;
863
864 BUG_ON(in_irq());
865
866 if (!upriv->udev) {
867 retval = -ENODEV;
868 goto exit;
869 }
870
871 if (upriv->read_urb->status != -EINPROGRESS)
872 err("%s: in urb not pending", __func__);
873
874 /* protect upriv->reply_count, guarantee sequential numbers */
875 spin_lock_bh(&upriv->reply_count_lock);
876 req_size = ezusb_fill_req(ctx->buf, length, ctx->out_rid, data,
877 frame_type, upriv->reply_count);
878 usb_fill_bulk_urb(ctx->outurb, upriv->udev, upriv->write_pipe,
879 ctx->buf, req_size,
880 ezusb_request_out_callback, ctx);
881
882 if (ctx->in_rid)
883 upriv->reply_count = ezusb_reply_inc(upriv->reply_count);
884
885 ezusb_req_enqueue_run(upriv, ctx);
886
887 spin_unlock_bh(&upriv->reply_count_lock);
888
889 if (ctx->in_rid)
890 ezusb_req_ctx_wait(upriv, ctx);
891
892 state = ctx->state;
893 switch (state) {
894 case EZUSB_CTX_COMPLETE:
895 retval = ctx->outurb->status;
896 break;
897
898 case EZUSB_CTX_QUEUED:
899 case EZUSB_CTX_REQ_SUBMITTED:
900 if (!ctx->in_rid)
901 break;
902 default:
903 err("%s: Unexpected context state %d", __func__,
904 state);
905 /* fall though */
906 case EZUSB_CTX_REQ_TIMEOUT:
907 case EZUSB_CTX_REQ_FAILED:
908 case EZUSB_CTX_RESP_TIMEOUT:
909 case EZUSB_CTX_REQSUBMIT_FAIL:
910 printk(KERN_ERR PFX "Access failed, resetting (state %d,"
911 " reply_count %d)\n", state, upriv->reply_count);
912 upriv->reply_count = 0;
913 if (state == EZUSB_CTX_REQ_TIMEOUT
914 || state == EZUSB_CTX_RESP_TIMEOUT) {
915 printk(KERN_ERR PFX "ctx timed out\n");
916 retval = -ETIMEDOUT;
917 } else {
918 printk(KERN_ERR PFX "ctx failed\n");
919 retval = -EFAULT;
920 }
921 goto exit;
922 }
923 if (ctx->in_rid) {
924 struct ezusb_packet *ans = ctx->buf;
925 unsigned exp_len;
926
927 if (ans->hermes_len != 0)
928 exp_len = le16_to_cpu(ans->hermes_len) * 2 + 12;
929 else
930 exp_len = 14;
931
932 if (exp_len != ctx->buf_length) {
933 err("%s: length mismatch for RID 0x%04x: "
934 "expected %d, got %d", __func__,
935 ctx->in_rid, exp_len, ctx->buf_length);
936 retval = -EIO;
937 goto exit;
938 }
939
940 if (ans_buff)
941 memcpy(ans_buff, ans->data, min(exp_len, ans_size));
942 if (ans_length)
943 *ans_length = le16_to_cpu(ans->hermes_len);
944 }
945 exit:
946 ezusb_request_context_put(ctx);
947 return retval;
948 }
949
950 static int ezusb_write_ltv(struct hermes *hw, int bap, u16 rid,
951 u16 length, const void *data)
952 {
953 struct ezusb_priv *upriv = hw->priv;
954 u16 frame_type;
955 struct request_context *ctx;
956
957 if (length == 0)
958 return -EINVAL;
959
960 length = HERMES_RECLEN_TO_BYTES(length);
961
962 /* On memory mapped devices HERMES_RID_CNFGROUPADDRESSES can be
963 * set to be empty, but the USB bridge doesn't like it */
964 if (length == 0)
965 return 0;
966
967 ctx = ezusb_alloc_ctx(upriv, rid, EZUSB_RID_ACK);
968 if (!ctx)
969 return -ENOMEM;
970
971 if (rid == EZUSB_RID_TX)
972 frame_type = EZUSB_FRAME_DATA;
973 else
974 frame_type = EZUSB_FRAME_CONTROL;
975
976 return ezusb_access_ltv(upriv, ctx, length, data, frame_type,
977 NULL, 0, NULL);
978 }
979
980 static int ezusb_read_ltv(struct hermes *hw, int bap, u16 rid,
981 unsigned bufsize, u16 *length, void *buf)
982 {
983 struct ezusb_priv *upriv = hw->priv;
984 struct request_context *ctx;
985
986 if (bufsize % 2)
987 return -EINVAL;
988
989 ctx = ezusb_alloc_ctx(upriv, rid, rid);
990 if (!ctx)
991 return -ENOMEM;
992
993 return ezusb_access_ltv(upriv, ctx, 0, NULL, EZUSB_FRAME_CONTROL,
994 buf, bufsize, length);
995 }
996
997 static int ezusb_doicmd_wait(struct hermes *hw, u16 cmd, u16 parm0, u16 parm1,
998 u16 parm2, struct hermes_response *resp)
999 {
1000 struct ezusb_priv *upriv = hw->priv;
1001 struct request_context *ctx;
1002
1003 __le16 data[4] = {
1004 cpu_to_le16(cmd),
1005 cpu_to_le16(parm0),
1006 cpu_to_le16(parm1),
1007 cpu_to_le16(parm2),
1008 };
1009 netdev_dbg(upriv->dev,
1010 "0x%04X, parm0 0x%04X, parm1 0x%04X, parm2 0x%04X\n", cmd,
1011 parm0, parm1, parm2);
1012 ctx = ezusb_alloc_ctx(upriv, EZUSB_RID_DOCMD, EZUSB_RID_ACK);
1013 if (!ctx)
1014 return -ENOMEM;
1015
1016 return ezusb_access_ltv(upriv, ctx, sizeof(data), &data,
1017 EZUSB_FRAME_CONTROL, NULL, 0, NULL);
1018 }
1019
1020 static int ezusb_docmd_wait(struct hermes *hw, u16 cmd, u16 parm0,
1021 struct hermes_response *resp)
1022 {
1023 struct ezusb_priv *upriv = hw->priv;
1024 struct request_context *ctx;
1025
1026 __le16 data[4] = {
1027 cpu_to_le16(cmd),
1028 cpu_to_le16(parm0),
1029 0,
1030 0,
1031 };
1032 netdev_dbg(upriv->dev, "0x%04X, parm0 0x%04X\n", cmd, parm0);
1033 ctx = ezusb_alloc_ctx(upriv, EZUSB_RID_DOCMD, EZUSB_RID_ACK);
1034 if (!ctx)
1035 return -ENOMEM;
1036
1037 return ezusb_access_ltv(upriv, ctx, sizeof(data), &data,
1038 EZUSB_FRAME_CONTROL, NULL, 0, NULL);
1039 }
1040
1041 static int ezusb_bap_pread(struct hermes *hw, int bap,
1042 void *buf, int len, u16 id, u16 offset)
1043 {
1044 struct ezusb_priv *upriv = hw->priv;
1045 struct ezusb_packet *ans = (void *) upriv->read_urb->transfer_buffer;
1046 int actual_length = upriv->read_urb->actual_length;
1047
1048 if (id == EZUSB_RID_RX) {
1049 if ((sizeof(*ans) + offset + len) > actual_length) {
1050 printk(KERN_ERR PFX "BAP read beyond buffer end "
1051 "in rx frame\n");
1052 return -EINVAL;
1053 }
1054 memcpy(buf, ans->data + offset, len);
1055 return 0;
1056 }
1057
1058 if (EZUSB_IS_INFO(id)) {
1059 /* Include 4 bytes for length/type */
1060 if ((sizeof(*ans) + offset + len - 4) > actual_length) {
1061 printk(KERN_ERR PFX "BAP read beyond buffer end "
1062 "in info frame\n");
1063 return -EFAULT;
1064 }
1065 memcpy(buf, ans->data + offset - 4, len);
1066 } else {
1067 printk(KERN_ERR PFX "Unexpected fid 0x%04x\n", id);
1068 return -EINVAL;
1069 }
1070
1071 return 0;
1072 }
1073
1074 static int ezusb_read_pda(struct hermes *hw, __le16 *pda,
1075 u32 pda_addr, u16 pda_len)
1076 {
1077 struct ezusb_priv *upriv = hw->priv;
1078 struct request_context *ctx;
1079 __le16 data[] = {
1080 cpu_to_le16(pda_addr & 0xffff),
1081 cpu_to_le16(pda_len - 4)
1082 };
1083 ctx = ezusb_alloc_ctx(upriv, EZUSB_RID_READ_PDA, EZUSB_RID_READ_PDA);
1084 if (!ctx)
1085 return -ENOMEM;
1086
1087 /* wl_lkm does not include PDA size in the PDA area.
1088 * We will pad the information into pda, so other routines
1089 * don't have to be modified */
1090 pda[0] = cpu_to_le16(pda_len - 2);
1091 /* Includes CFG_PROD_DATA but not itself */
1092 pda[1] = cpu_to_le16(0x0800); /* CFG_PROD_DATA */
1093
1094 return ezusb_access_ltv(upriv, ctx, sizeof(data), &data,
1095 EZUSB_FRAME_CONTROL, &pda[2], pda_len - 4,
1096 NULL);
1097 }
1098
1099 static int ezusb_program_init(struct hermes *hw, u32 entry_point)
1100 {
1101 struct ezusb_priv *upriv = hw->priv;
1102 struct request_context *ctx;
1103 __le32 data = cpu_to_le32(entry_point);
1104
1105 ctx = ezusb_alloc_ctx(upriv, EZUSB_RID_PROG_INIT, EZUSB_RID_ACK);
1106 if (!ctx)
1107 return -ENOMEM;
1108
1109 return ezusb_access_ltv(upriv, ctx, sizeof(data), &data,
1110 EZUSB_FRAME_CONTROL, NULL, 0, NULL);
1111 }
1112
1113 static int ezusb_program_end(struct hermes *hw)
1114 {
1115 struct ezusb_priv *upriv = hw->priv;
1116 struct request_context *ctx;
1117
1118 ctx = ezusb_alloc_ctx(upriv, EZUSB_RID_PROG_END, EZUSB_RID_ACK);
1119 if (!ctx)
1120 return -ENOMEM;
1121
1122 return ezusb_access_ltv(upriv, ctx, 0, NULL,
1123 EZUSB_FRAME_CONTROL, NULL, 0, NULL);
1124 }
1125
1126 static int ezusb_program_bytes(struct hermes *hw, const char *buf,
1127 u32 addr, u32 len)
1128 {
1129 struct ezusb_priv *upriv = hw->priv;
1130 struct request_context *ctx;
1131 __le32 data = cpu_to_le32(addr);
1132 int err;
1133
1134 ctx = ezusb_alloc_ctx(upriv, EZUSB_RID_PROG_SET_ADDR, EZUSB_RID_ACK);
1135 if (!ctx)
1136 return -ENOMEM;
1137
1138 err = ezusb_access_ltv(upriv, ctx, sizeof(data), &data,
1139 EZUSB_FRAME_CONTROL, NULL, 0, NULL);
1140 if (err)
1141 return err;
1142
1143 ctx = ezusb_alloc_ctx(upriv, EZUSB_RID_PROG_BYTES, EZUSB_RID_ACK);
1144 if (!ctx)
1145 return -ENOMEM;
1146
1147 return ezusb_access_ltv(upriv, ctx, len, buf,
1148 EZUSB_FRAME_CONTROL, NULL, 0, NULL);
1149 }
1150
1151 static int ezusb_program(struct hermes *hw, const char *buf,
1152 u32 addr, u32 len)
1153 {
1154 u32 ch_addr;
1155 u32 ch_len;
1156 int err = 0;
1157
1158 /* We can only send 2048 bytes out of the bulk xmit at a time,
1159 * so we have to split any programming into chunks of <2048
1160 * bytes. */
1161
1162 ch_len = (len < MAX_DL_SIZE) ? len : MAX_DL_SIZE;
1163 ch_addr = addr;
1164
1165 while (ch_addr < (addr + len)) {
1166 pr_debug("Programming subblock of length %d "
1167 "to address 0x%08x. Data @ %p\n",
1168 ch_len, ch_addr, &buf[ch_addr - addr]);
1169
1170 err = ezusb_program_bytes(hw, &buf[ch_addr - addr],
1171 ch_addr, ch_len);
1172 if (err)
1173 break;
1174
1175 ch_addr += ch_len;
1176 ch_len = ((addr + len - ch_addr) < MAX_DL_SIZE) ?
1177 (addr + len - ch_addr) : MAX_DL_SIZE;
1178 }
1179
1180 return err;
1181 }
1182
1183 static netdev_tx_t ezusb_xmit(struct sk_buff *skb, struct net_device *dev)
1184 {
1185 struct orinoco_private *priv = ndev_priv(dev);
1186 struct net_device_stats *stats = &priv->stats;
1187 struct ezusb_priv *upriv = priv->card;
1188 u8 mic[MICHAEL_MIC_LEN + 1];
1189 int err = 0;
1190 int tx_control;
1191 unsigned long flags;
1192 struct request_context *ctx;
1193 u8 *buf;
1194 int tx_size;
1195
1196 if (!netif_running(dev)) {
1197 printk(KERN_ERR "%s: Tx on stopped device!\n",
1198 dev->name);
1199 return NETDEV_TX_BUSY;
1200 }
1201
1202 if (netif_queue_stopped(dev)) {
1203 printk(KERN_DEBUG "%s: Tx while transmitter busy!\n",
1204 dev->name);
1205 return NETDEV_TX_BUSY;
1206 }
1207
1208 if (orinoco_lock(priv, &flags) != 0) {
1209 printk(KERN_ERR
1210 "%s: ezusb_xmit() called while hw_unavailable\n",
1211 dev->name);
1212 return NETDEV_TX_BUSY;
1213 }
1214
1215 if (!netif_carrier_ok(dev) ||
1216 (priv->iw_mode == NL80211_IFTYPE_MONITOR)) {
1217 /* Oops, the firmware hasn't established a connection,
1218 silently drop the packet (this seems to be the
1219 safest approach). */
1220 goto drop;
1221 }
1222
1223 /* Check packet length */
1224 if (skb->len < ETH_HLEN)
1225 goto drop;
1226
1227 ctx = ezusb_alloc_ctx(upriv, EZUSB_RID_TX, 0);
1228 if (!ctx)
1229 goto busy;
1230
1231 memset(ctx->buf, 0, BULK_BUF_SIZE);
1232 buf = ctx->buf->data;
1233
1234 tx_control = 0;
1235
1236 err = orinoco_process_xmit_skb(skb, dev, priv, &tx_control,
1237 &mic[0]);
1238 if (err)
1239 goto drop;
1240
1241 {
1242 __le16 *tx_cntl = (__le16 *)buf;
1243 *tx_cntl = cpu_to_le16(tx_control);
1244 buf += sizeof(*tx_cntl);
1245 }
1246
1247 memcpy(buf, skb->data, skb->len);
1248 buf += skb->len;
1249
1250 if (tx_control & HERMES_TXCTRL_MIC) {
1251 u8 *m = mic;
1252 /* Mic has been offset so it can be copied to an even
1253 * address. We're copying eveything anyway, so we
1254 * don't need to copy that first byte. */
1255 if (skb->len % 2)
1256 m++;
1257 memcpy(buf, m, MICHAEL_MIC_LEN);
1258 buf += MICHAEL_MIC_LEN;
1259 }
1260
1261 /* Finally, we actually initiate the send */
1262 netif_stop_queue(dev);
1263
1264 /* The card may behave better if we send evenly sized usb transfers */
1265 tx_size = ALIGN(buf - ctx->buf->data, 2);
1266
1267 err = ezusb_access_ltv(upriv, ctx, tx_size, NULL,
1268 EZUSB_FRAME_DATA, NULL, 0, NULL);
1269
1270 if (err) {
1271 netif_start_queue(dev);
1272 if (net_ratelimit())
1273 printk(KERN_ERR "%s: Error %d transmitting packet\n",
1274 dev->name, err);
1275 goto busy;
1276 }
1277
1278 netif_trans_update(dev);
1279 stats->tx_bytes += skb->len;
1280 goto ok;
1281
1282 drop:
1283 stats->tx_errors++;
1284 stats->tx_dropped++;
1285
1286 ok:
1287 orinoco_unlock(priv, &flags);
1288 dev_kfree_skb(skb);
1289 return NETDEV_TX_OK;
1290
1291 busy:
1292 orinoco_unlock(priv, &flags);
1293 return NETDEV_TX_BUSY;
1294 }
1295
1296 static int ezusb_allocate(struct hermes *hw, u16 size, u16 *fid)
1297 {
1298 *fid = EZUSB_RID_TX;
1299 return 0;
1300 }
1301
1302
1303 static int ezusb_hard_reset(struct orinoco_private *priv)
1304 {
1305 struct ezusb_priv *upriv = priv->card;
1306 int retval = ezusb_8051_cpucs(upriv, 1);
1307
1308 if (retval < 0) {
1309 err("Failed to reset");
1310 return retval;
1311 }
1312
1313 retval = ezusb_8051_cpucs(upriv, 0);
1314 if (retval < 0) {
1315 err("Failed to unreset");
1316 return retval;
1317 }
1318
1319 netdev_dbg(upriv->dev, "sending control message\n");
1320 retval = usb_control_msg(upriv->udev,
1321 usb_sndctrlpipe(upriv->udev, 0),
1322 EZUSB_REQUEST_TRIGER,
1323 USB_TYPE_VENDOR | USB_RECIP_DEVICE |
1324 USB_DIR_OUT, 0x0, 0x0, NULL, 0,
1325 DEF_TIMEOUT);
1326 if (retval < 0) {
1327 err("EZUSB_REQUEST_TRIGER failed retval %d", retval);
1328 return retval;
1329 }
1330 #if 0
1331 dbg("Sending EZUSB_REQUEST_TRIG_AC");
1332 retval = usb_control_msg(upriv->udev,
1333 usb_sndctrlpipe(upriv->udev, 0),
1334 EZUSB_REQUEST_TRIG_AC,
1335 USB_TYPE_VENDOR | USB_RECIP_DEVICE |
1336 USB_DIR_OUT, 0x00FA, 0x0, NULL, 0,
1337 DEF_TIMEOUT);
1338 if (retval < 0) {
1339 err("EZUSB_REQUEST_TRIG_AC failed retval %d", retval);
1340 return retval;
1341 }
1342 #endif
1343
1344 return 0;
1345 }
1346
1347
1348 static int ezusb_init(struct hermes *hw)
1349 {
1350 struct ezusb_priv *upriv = hw->priv;
1351 int retval;
1352
1353 BUG_ON(in_interrupt());
1354 BUG_ON(!upriv);
1355
1356 upriv->reply_count = 0;
1357 /* Write the MAGIC number on the simulated registers to keep
1358 * orinoco.c happy */
1359 hermes_write_regn(hw, SWSUPPORT0, HERMES_MAGIC);
1360 hermes_write_regn(hw, RXFID, EZUSB_RID_RX);
1361
1362 usb_kill_urb(upriv->read_urb);
1363 ezusb_submit_in_urb(upriv);
1364
1365 retval = ezusb_write_ltv(hw, 0, EZUSB_RID_INIT1,
1366 HERMES_BYTES_TO_RECLEN(2), "\x10\x00");
1367 if (retval < 0) {
1368 printk(KERN_ERR PFX "EZUSB_RID_INIT1 error %d\n", retval);
1369 return retval;
1370 }
1371
1372 retval = ezusb_docmd_wait(hw, HERMES_CMD_INIT, 0, NULL);
1373 if (retval < 0) {
1374 printk(KERN_ERR PFX "HERMES_CMD_INIT error %d\n", retval);
1375 return retval;
1376 }
1377
1378 return 0;
1379 }
1380
1381 static void ezusb_bulk_in_callback(struct urb *urb)
1382 {
1383 struct ezusb_priv *upriv = (struct ezusb_priv *) urb->context;
1384 struct ezusb_packet *ans = urb->transfer_buffer;
1385 u16 crc;
1386 u16 hermes_rid;
1387
1388 if (upriv->udev == NULL)
1389 return;
1390
1391 if (urb->status == -ETIMEDOUT) {
1392 /* When a device gets unplugged we get this every time
1393 * we resubmit, flooding the logs. Since we don't use
1394 * USB timeouts, it shouldn't happen any other time*/
1395 pr_warn("%s: urb timed out, not resubmitting\n", __func__);
1396 return;
1397 }
1398 if (urb->status == -ECONNABORTED) {
1399 pr_warn("%s: connection abort, resubmitting urb\n",
1400 __func__);
1401 goto resubmit;
1402 }
1403 if ((urb->status == -EILSEQ)
1404 || (urb->status == -ENOENT)
1405 || (urb->status == -ECONNRESET)) {
1406 netdev_dbg(upriv->dev, "status %d, not resubmiting\n",
1407 urb->status);
1408 return;
1409 }
1410 if (urb->status)
1411 netdev_dbg(upriv->dev, "status: %d length: %d\n",
1412 urb->status, urb->actual_length);
1413 if (urb->actual_length < sizeof(*ans)) {
1414 err("%s: short read, ignoring", __func__);
1415 goto resubmit;
1416 }
1417 crc = build_crc(ans);
1418 if (le16_to_cpu(ans->crc) != crc) {
1419 err("CRC error, ignoring packet");
1420 goto resubmit;
1421 }
1422
1423 hermes_rid = le16_to_cpu(ans->hermes_rid);
1424 if ((hermes_rid != EZUSB_RID_RX) && !EZUSB_IS_INFO(hermes_rid)) {
1425 ezusb_request_in_callback(upriv, urb);
1426 } else if (upriv->dev) {
1427 struct net_device *dev = upriv->dev;
1428 struct orinoco_private *priv = ndev_priv(dev);
1429 struct hermes *hw = &priv->hw;
1430
1431 if (hermes_rid == EZUSB_RID_RX) {
1432 __orinoco_ev_rx(dev, hw);
1433 } else {
1434 hermes_write_regn(hw, INFOFID,
1435 le16_to_cpu(ans->hermes_rid));
1436 __orinoco_ev_info(dev, hw);
1437 }
1438 }
1439
1440 resubmit:
1441 if (upriv->udev)
1442 ezusb_submit_in_urb(upriv);
1443 }
1444
1445 static inline void ezusb_delete(struct ezusb_priv *upriv)
1446 {
1447 struct net_device *dev;
1448 struct list_head *item;
1449 struct list_head *tmp_item;
1450 unsigned long flags;
1451
1452 BUG_ON(in_interrupt());
1453 BUG_ON(!upriv);
1454
1455 dev = upriv->dev;
1456 mutex_lock(&upriv->mtx);
1457
1458 upriv->udev = NULL; /* No timer will be rearmed from here */
1459
1460 usb_kill_urb(upriv->read_urb);
1461
1462 spin_lock_irqsave(&upriv->req_lock, flags);
1463 list_for_each_safe(item, tmp_item, &upriv->req_active) {
1464 struct request_context *ctx;
1465 int err;
1466
1467 ctx = list_entry(item, struct request_context, list);
1468 atomic_inc(&ctx->refcount);
1469
1470 ctx->outurb->transfer_flags |= URB_ASYNC_UNLINK;
1471 err = usb_unlink_urb(ctx->outurb);
1472
1473 spin_unlock_irqrestore(&upriv->req_lock, flags);
1474 if (err == -EINPROGRESS)
1475 wait_for_completion(&ctx->done);
1476
1477 del_timer_sync(&ctx->timer);
1478 /* FIXME: there is an slight chance for the irq handler to
1479 * be running */
1480 if (!list_empty(&ctx->list))
1481 ezusb_ctx_complete(ctx);
1482
1483 ezusb_request_context_put(ctx);
1484 spin_lock_irqsave(&upriv->req_lock, flags);
1485 }
1486 spin_unlock_irqrestore(&upriv->req_lock, flags);
1487
1488 list_for_each_safe(item, tmp_item, &upriv->req_pending)
1489 ezusb_ctx_complete(list_entry(item,
1490 struct request_context, list));
1491
1492 if (upriv->read_urb && upriv->read_urb->status == -EINPROGRESS)
1493 printk(KERN_ERR PFX "Some URB in progress\n");
1494
1495 mutex_unlock(&upriv->mtx);
1496
1497 if (upriv->read_urb) {
1498 kfree(upriv->read_urb->transfer_buffer);
1499 usb_free_urb(upriv->read_urb);
1500 }
1501 kfree(upriv->bap_buf);
1502 if (upriv->dev) {
1503 struct orinoco_private *priv = ndev_priv(upriv->dev);
1504 orinoco_if_del(priv);
1505 wiphy_unregister(priv_to_wiphy(upriv));
1506 free_orinocodev(priv);
1507 }
1508 }
1509
1510 static void ezusb_lock_irqsave(spinlock_t *lock,
1511 unsigned long *flags) __acquires(lock)
1512 {
1513 spin_lock_bh(lock);
1514 }
1515
1516 static void ezusb_unlock_irqrestore(spinlock_t *lock,
1517 unsigned long *flags) __releases(lock)
1518 {
1519 spin_unlock_bh(lock);
1520 }
1521
1522 static void ezusb_lock_irq(spinlock_t *lock) __acquires(lock)
1523 {
1524 spin_lock_bh(lock);
1525 }
1526
1527 static void ezusb_unlock_irq(spinlock_t *lock) __releases(lock)
1528 {
1529 spin_unlock_bh(lock);
1530 }
1531
1532 static const struct hermes_ops ezusb_ops = {
1533 .init = ezusb_init,
1534 .cmd_wait = ezusb_docmd_wait,
1535 .init_cmd_wait = ezusb_doicmd_wait,
1536 .allocate = ezusb_allocate,
1537 .read_ltv = ezusb_read_ltv,
1538 .write_ltv = ezusb_write_ltv,
1539 .bap_pread = ezusb_bap_pread,
1540 .read_pda = ezusb_read_pda,
1541 .program_init = ezusb_program_init,
1542 .program_end = ezusb_program_end,
1543 .program = ezusb_program,
1544 .lock_irqsave = ezusb_lock_irqsave,
1545 .unlock_irqrestore = ezusb_unlock_irqrestore,
1546 .lock_irq = ezusb_lock_irq,
1547 .unlock_irq = ezusb_unlock_irq,
1548 };
1549
1550 static const struct net_device_ops ezusb_netdev_ops = {
1551 .ndo_open = orinoco_open,
1552 .ndo_stop = orinoco_stop,
1553 .ndo_start_xmit = ezusb_xmit,
1554 .ndo_set_rx_mode = orinoco_set_multicast_list,
1555 .ndo_change_mtu = orinoco_change_mtu,
1556 .ndo_set_mac_address = eth_mac_addr,
1557 .ndo_validate_addr = eth_validate_addr,
1558 .ndo_tx_timeout = orinoco_tx_timeout,
1559 .ndo_get_stats = orinoco_get_stats,
1560 };
1561
1562 static int ezusb_probe(struct usb_interface *interface,
1563 const struct usb_device_id *id)
1564 {
1565 struct usb_device *udev = interface_to_usbdev(interface);
1566 struct orinoco_private *priv;
1567 struct hermes *hw;
1568 struct ezusb_priv *upriv = NULL;
1569 struct usb_interface_descriptor *iface_desc;
1570 struct usb_endpoint_descriptor *ep;
1571 const struct firmware *fw_entry = NULL;
1572 int retval = 0;
1573 int i;
1574
1575 priv = alloc_orinocodev(sizeof(*upriv), &udev->dev,
1576 ezusb_hard_reset, NULL);
1577 if (!priv) {
1578 err("Couldn't allocate orinocodev");
1579 retval = -ENOMEM;
1580 goto exit;
1581 }
1582
1583 hw = &priv->hw;
1584
1585 upriv = priv->card;
1586
1587 mutex_init(&upriv->mtx);
1588 spin_lock_init(&upriv->reply_count_lock);
1589
1590 spin_lock_init(&upriv->req_lock);
1591 INIT_LIST_HEAD(&upriv->req_pending);
1592 INIT_LIST_HEAD(&upriv->req_active);
1593
1594 upriv->udev = udev;
1595
1596 hw->iobase = (void __force __iomem *) &upriv->hermes_reg_fake;
1597 hw->reg_spacing = HERMES_16BIT_REGSPACING;
1598 hw->priv = upriv;
1599 hw->ops = &ezusb_ops;
1600
1601 /* set up the endpoint information */
1602 /* check out the endpoints */
1603
1604 iface_desc = &interface->altsetting[0].desc;
1605 for (i = 0; i < iface_desc->bNumEndpoints; ++i) {
1606 ep = &interface->altsetting[0].endpoint[i].desc;
1607
1608 if (usb_endpoint_is_bulk_in(ep)) {
1609 /* we found a bulk in endpoint */
1610 if (upriv->read_urb != NULL) {
1611 pr_warn("Found a second bulk in ep, ignored\n");
1612 continue;
1613 }
1614
1615 upriv->read_urb = usb_alloc_urb(0, GFP_KERNEL);
1616 if (!upriv->read_urb)
1617 goto error;
1618 if (le16_to_cpu(ep->wMaxPacketSize) != 64)
1619 pr_warn("bulk in: wMaxPacketSize!= 64\n");
1620 if (ep->bEndpointAddress != (2 | USB_DIR_IN))
1621 pr_warn("bulk in: bEndpointAddress: %d\n",
1622 ep->bEndpointAddress);
1623 upriv->read_pipe = usb_rcvbulkpipe(udev,
1624 ep->
1625 bEndpointAddress);
1626 upriv->read_urb->transfer_buffer =
1627 kmalloc(BULK_BUF_SIZE, GFP_KERNEL);
1628 if (!upriv->read_urb->transfer_buffer) {
1629 err("Couldn't allocate IN buffer");
1630 goto error;
1631 }
1632 }
1633
1634 if (usb_endpoint_is_bulk_out(ep)) {
1635 /* we found a bulk out endpoint */
1636 if (upriv->bap_buf != NULL) {
1637 pr_warn("Found a second bulk out ep, ignored\n");
1638 continue;
1639 }
1640
1641 if (le16_to_cpu(ep->wMaxPacketSize) != 64)
1642 pr_warn("bulk out: wMaxPacketSize != 64\n");
1643 if (ep->bEndpointAddress != 2)
1644 pr_warn("bulk out: bEndpointAddress: %d\n",
1645 ep->bEndpointAddress);
1646 upriv->write_pipe = usb_sndbulkpipe(udev,
1647 ep->
1648 bEndpointAddress);
1649 upriv->bap_buf = kmalloc(BULK_BUF_SIZE, GFP_KERNEL);
1650 if (!upriv->bap_buf) {
1651 err("Couldn't allocate bulk_out_buffer");
1652 goto error;
1653 }
1654 }
1655 }
1656 if (!upriv->bap_buf || !upriv->read_urb) {
1657 err("Didn't find the required bulk endpoints");
1658 goto error;
1659 }
1660
1661 if (request_firmware(&fw_entry, "orinoco_ezusb_fw",
1662 &interface->dev) == 0) {
1663 firmware.size = fw_entry->size;
1664 firmware.code = fw_entry->data;
1665 }
1666 if (firmware.size && firmware.code) {
1667 if (ezusb_firmware_download(upriv, &firmware) < 0)
1668 goto error;
1669 } else {
1670 err("No firmware to download");
1671 goto error;
1672 }
1673
1674 if (ezusb_hard_reset(priv) < 0) {
1675 err("Cannot reset the device");
1676 goto error;
1677 }
1678
1679 /* If the firmware is already downloaded orinoco.c will call
1680 * ezusb_init but if the firmware is not already there, that will make
1681 * the kernel very unstable, so we try initializing here and quit in
1682 * case of error */
1683 if (ezusb_init(hw) < 0) {
1684 err("Couldn't initialize the device");
1685 err("Firmware may not be downloaded or may be wrong.");
1686 goto error;
1687 }
1688
1689 /* Initialise the main driver */
1690 if (orinoco_init(priv) != 0) {
1691 err("orinoco_init() failed\n");
1692 goto error;
1693 }
1694
1695 if (orinoco_if_add(priv, 0, 0, &ezusb_netdev_ops) != 0) {
1696 upriv->dev = NULL;
1697 err("%s: orinoco_if_add() failed", __func__);
1698 wiphy_unregister(priv_to_wiphy(priv));
1699 goto error;
1700 }
1701 upriv->dev = priv->ndev;
1702
1703 goto exit;
1704
1705 error:
1706 ezusb_delete(upriv);
1707 if (upriv->dev) {
1708 /* upriv->dev was 0, so ezusb_delete() didn't free it */
1709 free_orinocodev(priv);
1710 }
1711 upriv = NULL;
1712 retval = -EFAULT;
1713 exit:
1714 if (fw_entry) {
1715 firmware.code = NULL;
1716 firmware.size = 0;
1717 release_firmware(fw_entry);
1718 }
1719 usb_set_intfdata(interface, upriv);
1720 return retval;
1721 }
1722
1723
1724 static void ezusb_disconnect(struct usb_interface *intf)
1725 {
1726 struct ezusb_priv *upriv = usb_get_intfdata(intf);
1727 usb_set_intfdata(intf, NULL);
1728 ezusb_delete(upriv);
1729 printk(KERN_INFO PFX "Disconnected\n");
1730 }
1731
1732
1733 /* usb specific object needed to register this driver with the usb subsystem */
1734 static struct usb_driver orinoco_driver = {
1735 .name = DRIVER_NAME,
1736 .probe = ezusb_probe,
1737 .disconnect = ezusb_disconnect,
1738 .id_table = ezusb_table,
1739 .disable_hub_initiated_lpm = 1,
1740 };
1741
1742 module_usb_driver(orinoco_driver);
1743
1744 MODULE_AUTHOR("Manuel Estrada Sainz");
1745 MODULE_DESCRIPTION("Driver for Orinoco wireless LAN cards using EZUSB bridge");
1746 MODULE_LICENSE("Dual MPL/GPL");
Linux with added FPC-III support