OMAPDSS: VENC: fix NULL pointer dereference in DSS2 VENC sysfs debug attr on OMAP4
[zen-stable.git] / drivers / net / wireless / libertas / if_usb.c
blobb5fbbc7947dfc89738f08a4d18663f739d1ef2a7
1 /*
2 * This file contains functions used in USB interface module.
3 */
5 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
7 #include <linux/delay.h>
8 #include <linux/module.h>
9 #include <linux/firmware.h>
10 #include <linux/netdevice.h>
11 #include <linux/slab.h>
12 #include <linux/usb.h>
14 #ifdef CONFIG_OLPC
15 #include <asm/olpc.h>
16 #endif
18 #define DRV_NAME "usb8xxx"
20 #include "host.h"
21 #include "decl.h"
22 #include "defs.h"
23 #include "dev.h"
24 #include "cmd.h"
25 #include "if_usb.h"
27 #define INSANEDEBUG 0
28 #define lbs_deb_usb2(...) do { if (INSANEDEBUG) lbs_deb_usbd(__VA_ARGS__); } while (0)
30 #define MESSAGE_HEADER_LEN 4
32 static char *lbs_fw_name = NULL;
33 module_param_named(fw_name, lbs_fw_name, charp, 0644);
35 MODULE_FIRMWARE("libertas/usb8388_v9.bin");
36 MODULE_FIRMWARE("libertas/usb8388_v5.bin");
37 MODULE_FIRMWARE("libertas/usb8388.bin");
38 MODULE_FIRMWARE("libertas/usb8682.bin");
39 MODULE_FIRMWARE("usb8388.bin");
41 enum {
42 MODEL_UNKNOWN = 0x0,
43 MODEL_8388 = 0x1,
44 MODEL_8682 = 0x2
47 static struct usb_device_id if_usb_table[] = {
48 /* Enter the device signature inside */
49 { USB_DEVICE(0x1286, 0x2001), .driver_info = MODEL_8388 },
50 { USB_DEVICE(0x05a3, 0x8388), .driver_info = MODEL_8388 },
51 {} /* Terminating entry */
54 MODULE_DEVICE_TABLE(usb, if_usb_table);
56 static void if_usb_receive(struct urb *urb);
57 static void if_usb_receive_fwload(struct urb *urb);
58 static int __if_usb_prog_firmware(struct if_usb_card *cardp,
59 const char *fwname, int cmd);
60 static int if_usb_prog_firmware(struct if_usb_card *cardp,
61 const char *fwname, int cmd);
62 static int if_usb_host_to_card(struct lbs_private *priv, uint8_t type,
63 uint8_t *payload, uint16_t nb);
64 static int usb_tx_block(struct if_usb_card *cardp, uint8_t *payload,
65 uint16_t nb);
66 static void if_usb_free(struct if_usb_card *cardp);
67 static int if_usb_submit_rx_urb(struct if_usb_card *cardp);
68 static int if_usb_reset_device(struct if_usb_card *cardp);
70 /* sysfs hooks */
73 * Set function to write firmware to device's persistent memory
75 static ssize_t if_usb_firmware_set(struct device *dev,
76 struct device_attribute *attr, const char *buf, size_t count)
78 struct lbs_private *priv = to_net_dev(dev)->ml_priv;
79 struct if_usb_card *cardp = priv->card;
80 int ret;
82 BUG_ON(buf == NULL);
84 ret = if_usb_prog_firmware(cardp, buf, BOOT_CMD_UPDATE_FW);
85 if (ret == 0)
86 return count;
88 return ret;
92 * lbs_flash_fw attribute to be exported per ethX interface through sysfs
93 * (/sys/class/net/ethX/lbs_flash_fw). Use this like so to write firmware to
94 * the device's persistent memory:
95 * echo usb8388-5.126.0.p5.bin > /sys/class/net/ethX/lbs_flash_fw
97 static DEVICE_ATTR(lbs_flash_fw, 0200, NULL, if_usb_firmware_set);
99 /**
100 * if_usb_boot2_set - write firmware to device's persistent memory
102 * @dev: target device
103 * @attr: device attributes
104 * @buf: firmware buffer to write
105 * @count: number of bytes to write
107 * returns: number of bytes written or negative error code
109 static ssize_t if_usb_boot2_set(struct device *dev,
110 struct device_attribute *attr, const char *buf, size_t count)
112 struct lbs_private *priv = to_net_dev(dev)->ml_priv;
113 struct if_usb_card *cardp = priv->card;
114 int ret;
116 BUG_ON(buf == NULL);
118 ret = if_usb_prog_firmware(cardp, buf, BOOT_CMD_UPDATE_BOOT2);
119 if (ret == 0)
120 return count;
122 return ret;
126 * lbs_flash_boot2 attribute to be exported per ethX interface through sysfs
127 * (/sys/class/net/ethX/lbs_flash_boot2). Use this like so to write firmware
128 * to the device's persistent memory:
129 * echo usb8388-5.126.0.p5.bin > /sys/class/net/ethX/lbs_flash_boot2
131 static DEVICE_ATTR(lbs_flash_boot2, 0200, NULL, if_usb_boot2_set);
134 * if_usb_write_bulk_callback - callback function to handle the status
135 * of the URB
136 * @urb: pointer to &urb structure
137 * returns: N/A
139 static void if_usb_write_bulk_callback(struct urb *urb)
141 struct if_usb_card *cardp = (struct if_usb_card *) urb->context;
143 /* handle the transmission complete validations */
145 if (urb->status == 0) {
146 struct lbs_private *priv = cardp->priv;
148 lbs_deb_usb2(&urb->dev->dev, "URB status is successful\n");
149 lbs_deb_usb2(&urb->dev->dev, "Actual length transmitted %d\n",
150 urb->actual_length);
152 /* Boot commands such as UPDATE_FW and UPDATE_BOOT2 are not
153 * passed up to the lbs level.
155 if (priv && priv->dnld_sent != DNLD_BOOTCMD_SENT)
156 lbs_host_to_card_done(priv);
157 } else {
158 /* print the failure status number for debug */
159 pr_info("URB in failure status: %d\n", urb->status);
164 * if_usb_free - free tx/rx urb, skb and rx buffer
165 * @cardp: pointer to &if_usb_card
166 * returns: N/A
168 static void if_usb_free(struct if_usb_card *cardp)
170 lbs_deb_enter(LBS_DEB_USB);
172 /* Unlink tx & rx urb */
173 usb_kill_urb(cardp->tx_urb);
174 usb_kill_urb(cardp->rx_urb);
176 usb_free_urb(cardp->tx_urb);
177 cardp->tx_urb = NULL;
179 usb_free_urb(cardp->rx_urb);
180 cardp->rx_urb = NULL;
182 kfree(cardp->ep_out_buf);
183 cardp->ep_out_buf = NULL;
185 lbs_deb_leave(LBS_DEB_USB);
188 static void if_usb_setup_firmware(struct lbs_private *priv)
190 struct if_usb_card *cardp = priv->card;
191 struct cmd_ds_set_boot2_ver b2_cmd;
192 struct cmd_ds_802_11_fw_wake_method wake_method;
194 b2_cmd.hdr.size = cpu_to_le16(sizeof(b2_cmd));
195 b2_cmd.action = 0;
196 b2_cmd.version = cardp->boot2_version;
198 if (lbs_cmd_with_response(priv, CMD_SET_BOOT2_VER, &b2_cmd))
199 lbs_deb_usb("Setting boot2 version failed\n");
201 priv->wol_gpio = 2; /* Wake via GPIO2... */
202 priv->wol_gap = 20; /* ... after 20ms */
203 lbs_host_sleep_cfg(priv, EHS_WAKE_ON_UNICAST_DATA,
204 (struct wol_config *) NULL);
206 wake_method.hdr.size = cpu_to_le16(sizeof(wake_method));
207 wake_method.action = cpu_to_le16(CMD_ACT_GET);
208 if (lbs_cmd_with_response(priv, CMD_802_11_FW_WAKE_METHOD, &wake_method)) {
209 netdev_info(priv->dev, "Firmware does not seem to support PS mode\n");
210 priv->fwcapinfo &= ~FW_CAPINFO_PS;
211 } else {
212 if (le16_to_cpu(wake_method.method) == CMD_WAKE_METHOD_COMMAND_INT) {
213 lbs_deb_usb("Firmware seems to support PS with wake-via-command\n");
214 } else {
215 /* The versions which boot up this way don't seem to
216 work even if we set it to the command interrupt */
217 priv->fwcapinfo &= ~FW_CAPINFO_PS;
218 netdev_info(priv->dev,
219 "Firmware doesn't wake via command interrupt; disabling PS mode\n");
224 static void if_usb_fw_timeo(unsigned long priv)
226 struct if_usb_card *cardp = (void *)priv;
228 if (cardp->fwdnldover) {
229 lbs_deb_usb("Download complete, no event. Assuming success\n");
230 } else {
231 pr_err("Download timed out\n");
232 cardp->surprise_removed = 1;
234 wake_up(&cardp->fw_wq);
237 #ifdef CONFIG_OLPC
238 static void if_usb_reset_olpc_card(struct lbs_private *priv)
240 printk(KERN_CRIT "Resetting OLPC wireless via EC...\n");
241 olpc_ec_cmd(0x25, NULL, 0, NULL, 0);
243 #endif
246 * if_usb_probe - sets the configuration values
247 * @intf: &usb_interface pointer
248 * @id: pointer to usb_device_id
249 * returns: 0 on success, error code on failure
251 static int if_usb_probe(struct usb_interface *intf,
252 const struct usb_device_id *id)
254 struct usb_device *udev;
255 struct usb_host_interface *iface_desc;
256 struct usb_endpoint_descriptor *endpoint;
257 struct lbs_private *priv;
258 struct if_usb_card *cardp;
259 int i;
261 udev = interface_to_usbdev(intf);
263 cardp = kzalloc(sizeof(struct if_usb_card), GFP_KERNEL);
264 if (!cardp) {
265 pr_err("Out of memory allocating private data\n");
266 goto error;
269 setup_timer(&cardp->fw_timeout, if_usb_fw_timeo, (unsigned long)cardp);
270 init_waitqueue_head(&cardp->fw_wq);
272 cardp->udev = udev;
273 cardp->model = (uint32_t) id->driver_info;
274 iface_desc = intf->cur_altsetting;
276 lbs_deb_usbd(&udev->dev, "bcdUSB = 0x%X bDeviceClass = 0x%X"
277 " bDeviceSubClass = 0x%X, bDeviceProtocol = 0x%X\n",
278 le16_to_cpu(udev->descriptor.bcdUSB),
279 udev->descriptor.bDeviceClass,
280 udev->descriptor.bDeviceSubClass,
281 udev->descriptor.bDeviceProtocol);
283 for (i = 0; i < iface_desc->desc.bNumEndpoints; ++i) {
284 endpoint = &iface_desc->endpoint[i].desc;
285 if (usb_endpoint_is_bulk_in(endpoint)) {
286 cardp->ep_in_size = le16_to_cpu(endpoint->wMaxPacketSize);
287 cardp->ep_in = usb_endpoint_num(endpoint);
289 lbs_deb_usbd(&udev->dev, "in_endpoint = %d\n", cardp->ep_in);
290 lbs_deb_usbd(&udev->dev, "Bulk in size is %d\n", cardp->ep_in_size);
292 } else if (usb_endpoint_is_bulk_out(endpoint)) {
293 cardp->ep_out_size = le16_to_cpu(endpoint->wMaxPacketSize);
294 cardp->ep_out = usb_endpoint_num(endpoint);
296 lbs_deb_usbd(&udev->dev, "out_endpoint = %d\n", cardp->ep_out);
297 lbs_deb_usbd(&udev->dev, "Bulk out size is %d\n", cardp->ep_out_size);
300 if (!cardp->ep_out_size || !cardp->ep_in_size) {
301 lbs_deb_usbd(&udev->dev, "Endpoints not found\n");
302 goto dealloc;
304 if (!(cardp->rx_urb = usb_alloc_urb(0, GFP_KERNEL))) {
305 lbs_deb_usbd(&udev->dev, "Rx URB allocation failed\n");
306 goto dealloc;
308 if (!(cardp->tx_urb = usb_alloc_urb(0, GFP_KERNEL))) {
309 lbs_deb_usbd(&udev->dev, "Tx URB allocation failed\n");
310 goto dealloc;
312 cardp->ep_out_buf = kmalloc(MRVDRV_ETH_TX_PACKET_BUFFER_SIZE, GFP_KERNEL);
313 if (!cardp->ep_out_buf) {
314 lbs_deb_usbd(&udev->dev, "Could not allocate buffer\n");
315 goto dealloc;
318 /* Upload firmware */
319 kparam_block_sysfs_write(fw_name);
320 if (__if_usb_prog_firmware(cardp, lbs_fw_name, BOOT_CMD_FW_BY_USB)) {
321 kparam_unblock_sysfs_write(fw_name);
322 lbs_deb_usbd(&udev->dev, "FW upload failed\n");
323 goto err_prog_firmware;
325 kparam_unblock_sysfs_write(fw_name);
327 if (!(priv = lbs_add_card(cardp, &intf->dev)))
328 goto err_prog_firmware;
330 cardp->priv = priv;
331 cardp->priv->fw_ready = 1;
333 priv->hw_host_to_card = if_usb_host_to_card;
334 priv->enter_deep_sleep = NULL;
335 priv->exit_deep_sleep = NULL;
336 priv->reset_deep_sleep_wakeup = NULL;
337 #ifdef CONFIG_OLPC
338 if (machine_is_olpc())
339 priv->reset_card = if_usb_reset_olpc_card;
340 #endif
342 cardp->boot2_version = udev->descriptor.bcdDevice;
344 if_usb_submit_rx_urb(cardp);
346 if (lbs_start_card(priv))
347 goto err_start_card;
349 if_usb_setup_firmware(priv);
351 usb_get_dev(udev);
352 usb_set_intfdata(intf, cardp);
354 if (device_create_file(&priv->dev->dev, &dev_attr_lbs_flash_fw))
355 netdev_err(priv->dev,
356 "cannot register lbs_flash_fw attribute\n");
358 if (device_create_file(&priv->dev->dev, &dev_attr_lbs_flash_boot2))
359 netdev_err(priv->dev,
360 "cannot register lbs_flash_boot2 attribute\n");
363 * EHS_REMOVE_WAKEUP is not supported on all versions of the firmware.
365 priv->wol_criteria = EHS_REMOVE_WAKEUP;
366 if (lbs_host_sleep_cfg(priv, priv->wol_criteria, NULL))
367 priv->ehs_remove_supported = false;
369 return 0;
371 err_start_card:
372 lbs_remove_card(priv);
373 err_prog_firmware:
374 if_usb_reset_device(cardp);
375 dealloc:
376 if_usb_free(cardp);
378 error:
379 return -ENOMEM;
383 * if_usb_disconnect - free resource and cleanup
384 * @intf: USB interface structure
385 * returns: N/A
387 static void if_usb_disconnect(struct usb_interface *intf)
389 struct if_usb_card *cardp = usb_get_intfdata(intf);
390 struct lbs_private *priv = (struct lbs_private *) cardp->priv;
392 lbs_deb_enter(LBS_DEB_MAIN);
394 device_remove_file(&priv->dev->dev, &dev_attr_lbs_flash_boot2);
395 device_remove_file(&priv->dev->dev, &dev_attr_lbs_flash_fw);
397 cardp->surprise_removed = 1;
399 if (priv) {
400 priv->surpriseremoved = 1;
401 lbs_stop_card(priv);
402 lbs_remove_card(priv);
405 /* Unlink and free urb */
406 if_usb_free(cardp);
408 usb_set_intfdata(intf, NULL);
409 usb_put_dev(interface_to_usbdev(intf));
411 lbs_deb_leave(LBS_DEB_MAIN);
415 * if_usb_send_fw_pkt - download FW
416 * @cardp: pointer to &struct if_usb_card
417 * returns: 0
419 static int if_usb_send_fw_pkt(struct if_usb_card *cardp)
421 struct fwdata *fwdata = cardp->ep_out_buf;
422 const uint8_t *firmware = cardp->fw->data;
424 /* If we got a CRC failure on the last block, back
425 up and retry it */
426 if (!cardp->CRC_OK) {
427 cardp->totalbytes = cardp->fwlastblksent;
428 cardp->fwseqnum--;
431 lbs_deb_usb2(&cardp->udev->dev, "totalbytes = %d\n",
432 cardp->totalbytes);
434 /* struct fwdata (which we sent to the card) has an
435 extra __le32 field in between the header and the data,
436 which is not in the struct fwheader in the actual
437 firmware binary. Insert the seqnum in the middle... */
438 memcpy(&fwdata->hdr, &firmware[cardp->totalbytes],
439 sizeof(struct fwheader));
441 cardp->fwlastblksent = cardp->totalbytes;
442 cardp->totalbytes += sizeof(struct fwheader);
444 memcpy(fwdata->data, &firmware[cardp->totalbytes],
445 le32_to_cpu(fwdata->hdr.datalength));
447 lbs_deb_usb2(&cardp->udev->dev, "Data length = %d\n",
448 le32_to_cpu(fwdata->hdr.datalength));
450 fwdata->seqnum = cpu_to_le32(++cardp->fwseqnum);
451 cardp->totalbytes += le32_to_cpu(fwdata->hdr.datalength);
453 usb_tx_block(cardp, cardp->ep_out_buf, sizeof(struct fwdata) +
454 le32_to_cpu(fwdata->hdr.datalength));
456 if (fwdata->hdr.dnldcmd == cpu_to_le32(FW_HAS_DATA_TO_RECV)) {
457 lbs_deb_usb2(&cardp->udev->dev, "There are data to follow\n");
458 lbs_deb_usb2(&cardp->udev->dev, "seqnum = %d totalbytes = %d\n",
459 cardp->fwseqnum, cardp->totalbytes);
460 } else if (fwdata->hdr.dnldcmd == cpu_to_le32(FW_HAS_LAST_BLOCK)) {
461 lbs_deb_usb2(&cardp->udev->dev, "Host has finished FW downloading\n");
462 lbs_deb_usb2(&cardp->udev->dev, "Donwloading FW JUMP BLOCK\n");
464 cardp->fwfinalblk = 1;
467 lbs_deb_usb2(&cardp->udev->dev, "Firmware download done; size %d\n",
468 cardp->totalbytes);
470 return 0;
473 static int if_usb_reset_device(struct if_usb_card *cardp)
475 struct cmd_header *cmd = cardp->ep_out_buf + 4;
476 int ret;
478 lbs_deb_enter(LBS_DEB_USB);
480 *(__le32 *)cardp->ep_out_buf = cpu_to_le32(CMD_TYPE_REQUEST);
482 cmd->command = cpu_to_le16(CMD_802_11_RESET);
483 cmd->size = cpu_to_le16(sizeof(cmd));
484 cmd->result = cpu_to_le16(0);
485 cmd->seqnum = cpu_to_le16(0x5a5a);
486 usb_tx_block(cardp, cardp->ep_out_buf, 4 + sizeof(struct cmd_header));
488 msleep(100);
489 ret = usb_reset_device(cardp->udev);
490 msleep(100);
492 #ifdef CONFIG_OLPC
493 if (ret && machine_is_olpc())
494 if_usb_reset_olpc_card(NULL);
495 #endif
497 lbs_deb_leave_args(LBS_DEB_USB, "ret %d", ret);
499 return ret;
503 * usb_tx_block - transfer the data to the device
504 * @cardp: pointer to &struct if_usb_card
505 * @payload: pointer to payload data
506 * @nb: data length
507 * returns: 0 for success or negative error code
509 static int usb_tx_block(struct if_usb_card *cardp, uint8_t *payload, uint16_t nb)
511 int ret;
513 /* check if device is removed */
514 if (cardp->surprise_removed) {
515 lbs_deb_usbd(&cardp->udev->dev, "Device removed\n");
516 ret = -ENODEV;
517 goto tx_ret;
520 usb_fill_bulk_urb(cardp->tx_urb, cardp->udev,
521 usb_sndbulkpipe(cardp->udev,
522 cardp->ep_out),
523 payload, nb, if_usb_write_bulk_callback, cardp);
525 cardp->tx_urb->transfer_flags |= URB_ZERO_PACKET;
527 if ((ret = usb_submit_urb(cardp->tx_urb, GFP_ATOMIC))) {
528 lbs_deb_usbd(&cardp->udev->dev, "usb_submit_urb failed: %d\n", ret);
529 } else {
530 lbs_deb_usb2(&cardp->udev->dev, "usb_submit_urb success\n");
531 ret = 0;
534 tx_ret:
535 return ret;
538 static int __if_usb_submit_rx_urb(struct if_usb_card *cardp,
539 void (*callbackfn)(struct urb *urb))
541 struct sk_buff *skb;
542 int ret = -1;
544 if (!(skb = dev_alloc_skb(MRVDRV_ETH_RX_PACKET_BUFFER_SIZE))) {
545 pr_err("No free skb\n");
546 goto rx_ret;
549 cardp->rx_skb = skb;
551 /* Fill the receive configuration URB and initialise the Rx call back */
552 usb_fill_bulk_urb(cardp->rx_urb, cardp->udev,
553 usb_rcvbulkpipe(cardp->udev, cardp->ep_in),
554 skb->data + IPFIELD_ALIGN_OFFSET,
555 MRVDRV_ETH_RX_PACKET_BUFFER_SIZE, callbackfn,
556 cardp);
558 cardp->rx_urb->transfer_flags |= URB_ZERO_PACKET;
560 lbs_deb_usb2(&cardp->udev->dev, "Pointer for rx_urb %p\n", cardp->rx_urb);
561 if ((ret = usb_submit_urb(cardp->rx_urb, GFP_ATOMIC))) {
562 lbs_deb_usbd(&cardp->udev->dev, "Submit Rx URB failed: %d\n", ret);
563 kfree_skb(skb);
564 cardp->rx_skb = NULL;
565 ret = -1;
566 } else {
567 lbs_deb_usb2(&cardp->udev->dev, "Submit Rx URB success\n");
568 ret = 0;
571 rx_ret:
572 return ret;
575 static int if_usb_submit_rx_urb_fwload(struct if_usb_card *cardp)
577 return __if_usb_submit_rx_urb(cardp, &if_usb_receive_fwload);
580 static int if_usb_submit_rx_urb(struct if_usb_card *cardp)
582 return __if_usb_submit_rx_urb(cardp, &if_usb_receive);
585 static void if_usb_receive_fwload(struct urb *urb)
587 struct if_usb_card *cardp = urb->context;
588 struct sk_buff *skb = cardp->rx_skb;
589 struct fwsyncheader *syncfwheader;
590 struct bootcmdresp bootcmdresp;
592 if (urb->status) {
593 lbs_deb_usbd(&cardp->udev->dev,
594 "URB status is failed during fw load\n");
595 kfree_skb(skb);
596 return;
599 if (cardp->fwdnldover) {
600 __le32 *tmp = (__le32 *)(skb->data + IPFIELD_ALIGN_OFFSET);
602 if (tmp[0] == cpu_to_le32(CMD_TYPE_INDICATION) &&
603 tmp[1] == cpu_to_le32(MACREG_INT_CODE_FIRMWARE_READY)) {
604 pr_info("Firmware ready event received\n");
605 wake_up(&cardp->fw_wq);
606 } else {
607 lbs_deb_usb("Waiting for confirmation; got %x %x\n",
608 le32_to_cpu(tmp[0]), le32_to_cpu(tmp[1]));
609 if_usb_submit_rx_urb_fwload(cardp);
611 kfree_skb(skb);
612 return;
614 if (cardp->bootcmdresp <= 0) {
615 memcpy (&bootcmdresp, skb->data + IPFIELD_ALIGN_OFFSET,
616 sizeof(bootcmdresp));
618 if (le16_to_cpu(cardp->udev->descriptor.bcdDevice) < 0x3106) {
619 kfree_skb(skb);
620 if_usb_submit_rx_urb_fwload(cardp);
621 cardp->bootcmdresp = BOOT_CMD_RESP_OK;
622 lbs_deb_usbd(&cardp->udev->dev,
623 "Received valid boot command response\n");
624 return;
626 if (bootcmdresp.magic != cpu_to_le32(BOOT_CMD_MAGIC_NUMBER)) {
627 if (bootcmdresp.magic == cpu_to_le32(CMD_TYPE_REQUEST) ||
628 bootcmdresp.magic == cpu_to_le32(CMD_TYPE_DATA) ||
629 bootcmdresp.magic == cpu_to_le32(CMD_TYPE_INDICATION)) {
630 if (!cardp->bootcmdresp)
631 pr_info("Firmware already seems alive; resetting\n");
632 cardp->bootcmdresp = -1;
633 } else {
634 pr_info("boot cmd response wrong magic number (0x%x)\n",
635 le32_to_cpu(bootcmdresp.magic));
637 } else if ((bootcmdresp.cmd != BOOT_CMD_FW_BY_USB) &&
638 (bootcmdresp.cmd != BOOT_CMD_UPDATE_FW) &&
639 (bootcmdresp.cmd != BOOT_CMD_UPDATE_BOOT2)) {
640 pr_info("boot cmd response cmd_tag error (%d)\n",
641 bootcmdresp.cmd);
642 } else if (bootcmdresp.result != BOOT_CMD_RESP_OK) {
643 pr_info("boot cmd response result error (%d)\n",
644 bootcmdresp.result);
645 } else {
646 cardp->bootcmdresp = 1;
647 lbs_deb_usbd(&cardp->udev->dev,
648 "Received valid boot command response\n");
650 kfree_skb(skb);
651 if_usb_submit_rx_urb_fwload(cardp);
652 return;
655 syncfwheader = kmemdup(skb->data + IPFIELD_ALIGN_OFFSET,
656 sizeof(struct fwsyncheader), GFP_ATOMIC);
657 if (!syncfwheader) {
658 lbs_deb_usbd(&cardp->udev->dev, "Failure to allocate syncfwheader\n");
659 kfree_skb(skb);
660 return;
663 if (!syncfwheader->cmd) {
664 lbs_deb_usb2(&cardp->udev->dev, "FW received Blk with correct CRC\n");
665 lbs_deb_usb2(&cardp->udev->dev, "FW received Blk seqnum = %d\n",
666 le32_to_cpu(syncfwheader->seqnum));
667 cardp->CRC_OK = 1;
668 } else {
669 lbs_deb_usbd(&cardp->udev->dev, "FW received Blk with CRC error\n");
670 cardp->CRC_OK = 0;
673 kfree_skb(skb);
675 /* Give device 5s to either write firmware to its RAM or eeprom */
676 mod_timer(&cardp->fw_timeout, jiffies + (HZ*5));
678 if (cardp->fwfinalblk) {
679 cardp->fwdnldover = 1;
680 goto exit;
683 if_usb_send_fw_pkt(cardp);
685 exit:
686 if_usb_submit_rx_urb_fwload(cardp);
688 kfree(syncfwheader);
691 #define MRVDRV_MIN_PKT_LEN 30
693 static inline void process_cmdtypedata(int recvlength, struct sk_buff *skb,
694 struct if_usb_card *cardp,
695 struct lbs_private *priv)
697 if (recvlength > MRVDRV_ETH_RX_PACKET_BUFFER_SIZE + MESSAGE_HEADER_LEN
698 || recvlength < MRVDRV_MIN_PKT_LEN) {
699 lbs_deb_usbd(&cardp->udev->dev, "Packet length is Invalid\n");
700 kfree_skb(skb);
701 return;
704 skb_reserve(skb, IPFIELD_ALIGN_OFFSET);
705 skb_put(skb, recvlength);
706 skb_pull(skb, MESSAGE_HEADER_LEN);
708 lbs_process_rxed_packet(priv, skb);
711 static inline void process_cmdrequest(int recvlength, uint8_t *recvbuff,
712 struct sk_buff *skb,
713 struct if_usb_card *cardp,
714 struct lbs_private *priv)
716 u8 i;
718 if (recvlength > LBS_CMD_BUFFER_SIZE) {
719 lbs_deb_usbd(&cardp->udev->dev,
720 "The receive buffer is too large\n");
721 kfree_skb(skb);
722 return;
725 BUG_ON(!in_interrupt());
727 spin_lock(&priv->driver_lock);
729 i = (priv->resp_idx == 0) ? 1 : 0;
730 BUG_ON(priv->resp_len[i]);
731 priv->resp_len[i] = (recvlength - MESSAGE_HEADER_LEN);
732 memcpy(priv->resp_buf[i], recvbuff + MESSAGE_HEADER_LEN,
733 priv->resp_len[i]);
734 kfree_skb(skb);
735 lbs_notify_command_response(priv, i);
737 spin_unlock(&priv->driver_lock);
739 lbs_deb_usbd(&cardp->udev->dev,
740 "Wake up main thread to handle cmd response\n");
744 * if_usb_receive - read the packet into the upload buffer,
745 * wake up the main thread and initialise the Rx callack
747 * @urb: pointer to &struct urb
748 * returns: N/A
750 static void if_usb_receive(struct urb *urb)
752 struct if_usb_card *cardp = urb->context;
753 struct sk_buff *skb = cardp->rx_skb;
754 struct lbs_private *priv = cardp->priv;
755 int recvlength = urb->actual_length;
756 uint8_t *recvbuff = NULL;
757 uint32_t recvtype = 0;
758 __le32 *pkt = (__le32 *)(skb->data + IPFIELD_ALIGN_OFFSET);
759 uint32_t event;
761 lbs_deb_enter(LBS_DEB_USB);
763 if (recvlength) {
764 if (urb->status) {
765 lbs_deb_usbd(&cardp->udev->dev, "RX URB failed: %d\n",
766 urb->status);
767 kfree_skb(skb);
768 goto setup_for_next;
771 recvbuff = skb->data + IPFIELD_ALIGN_OFFSET;
772 recvtype = le32_to_cpu(pkt[0]);
773 lbs_deb_usbd(&cardp->udev->dev,
774 "Recv length = 0x%x, Recv type = 0x%X\n",
775 recvlength, recvtype);
776 } else if (urb->status) {
777 kfree_skb(skb);
778 goto rx_exit;
781 switch (recvtype) {
782 case CMD_TYPE_DATA:
783 process_cmdtypedata(recvlength, skb, cardp, priv);
784 break;
786 case CMD_TYPE_REQUEST:
787 process_cmdrequest(recvlength, recvbuff, skb, cardp, priv);
788 break;
790 case CMD_TYPE_INDICATION:
791 /* Event handling */
792 event = le32_to_cpu(pkt[1]);
793 lbs_deb_usbd(&cardp->udev->dev, "**EVENT** 0x%X\n", event);
794 kfree_skb(skb);
796 /* Icky undocumented magic special case */
797 if (event & 0xffff0000) {
798 u32 trycount = (event & 0xffff0000) >> 16;
800 lbs_send_tx_feedback(priv, trycount);
801 } else
802 lbs_queue_event(priv, event & 0xFF);
803 break;
805 default:
806 lbs_deb_usbd(&cardp->udev->dev, "Unknown command type 0x%X\n",
807 recvtype);
808 kfree_skb(skb);
809 break;
812 setup_for_next:
813 if_usb_submit_rx_urb(cardp);
814 rx_exit:
815 lbs_deb_leave(LBS_DEB_USB);
819 * if_usb_host_to_card - downloads data to FW
820 * @priv: pointer to &struct lbs_private structure
821 * @type: type of data
822 * @payload: pointer to data buffer
823 * @nb: number of bytes
824 * returns: 0 for success or negative error code
826 static int if_usb_host_to_card(struct lbs_private *priv, uint8_t type,
827 uint8_t *payload, uint16_t nb)
829 struct if_usb_card *cardp = priv->card;
831 lbs_deb_usbd(&cardp->udev->dev,"*** type = %u\n", type);
832 lbs_deb_usbd(&cardp->udev->dev,"size after = %d\n", nb);
834 if (type == MVMS_CMD) {
835 *(__le32 *)cardp->ep_out_buf = cpu_to_le32(CMD_TYPE_REQUEST);
836 priv->dnld_sent = DNLD_CMD_SENT;
837 } else {
838 *(__le32 *)cardp->ep_out_buf = cpu_to_le32(CMD_TYPE_DATA);
839 priv->dnld_sent = DNLD_DATA_SENT;
842 memcpy((cardp->ep_out_buf + MESSAGE_HEADER_LEN), payload, nb);
844 return usb_tx_block(cardp, cardp->ep_out_buf, nb + MESSAGE_HEADER_LEN);
848 * if_usb_issue_boot_command - issues Boot command to the Boot2 code
849 * @cardp: pointer to &if_usb_card
850 * @ivalue: 1:Boot from FW by USB-Download
851 * 2:Boot from FW in EEPROM
852 * returns: 0 for success or negative error code
854 static int if_usb_issue_boot_command(struct if_usb_card *cardp, int ivalue)
856 struct bootcmd *bootcmd = cardp->ep_out_buf;
858 /* Prepare command */
859 bootcmd->magic = cpu_to_le32(BOOT_CMD_MAGIC_NUMBER);
860 bootcmd->cmd = ivalue;
861 memset(bootcmd->pad, 0, sizeof(bootcmd->pad));
863 /* Issue command */
864 usb_tx_block(cardp, cardp->ep_out_buf, sizeof(*bootcmd));
866 return 0;
871 * check_fwfile_format - check the validity of Boot2/FW image
873 * @data: pointer to image
874 * @totlen: image length
875 * returns: 0 (good) or 1 (failure)
877 static int check_fwfile_format(const uint8_t *data, uint32_t totlen)
879 uint32_t bincmd, exit;
880 uint32_t blksize, offset, len;
881 int ret;
883 ret = 1;
884 exit = len = 0;
886 do {
887 struct fwheader *fwh = (void *)data;
889 bincmd = le32_to_cpu(fwh->dnldcmd);
890 blksize = le32_to_cpu(fwh->datalength);
891 switch (bincmd) {
892 case FW_HAS_DATA_TO_RECV:
893 offset = sizeof(struct fwheader) + blksize;
894 data += offset;
895 len += offset;
896 if (len >= totlen)
897 exit = 1;
898 break;
899 case FW_HAS_LAST_BLOCK:
900 exit = 1;
901 ret = 0;
902 break;
903 default:
904 exit = 1;
905 break;
907 } while (!exit);
909 if (ret)
910 pr_err("firmware file format check FAIL\n");
911 else
912 lbs_deb_fw("firmware file format check PASS\n");
914 return ret;
919 * if_usb_prog_firmware - programs the firmware subject to cmd
921 * @cardp: the if_usb_card descriptor
922 * @fwname: firmware or boot2 image file name
923 * @cmd: either BOOT_CMD_FW_BY_USB, BOOT_CMD_UPDATE_FW,
924 * or BOOT_CMD_UPDATE_BOOT2.
925 * returns: 0 or error code
927 static int if_usb_prog_firmware(struct if_usb_card *cardp,
928 const char *fwname, int cmd)
930 struct lbs_private *priv = cardp->priv;
931 unsigned long flags, caps;
932 int ret;
934 caps = priv->fwcapinfo;
935 if (((cmd == BOOT_CMD_UPDATE_FW) && !(caps & FW_CAPINFO_FIRMWARE_UPGRADE)) ||
936 ((cmd == BOOT_CMD_UPDATE_BOOT2) && !(caps & FW_CAPINFO_BOOT2_UPGRADE)))
937 return -EOPNOTSUPP;
939 /* Ensure main thread is idle. */
940 spin_lock_irqsave(&priv->driver_lock, flags);
941 while (priv->cur_cmd != NULL || priv->dnld_sent != DNLD_RES_RECEIVED) {
942 spin_unlock_irqrestore(&priv->driver_lock, flags);
943 if (wait_event_interruptible(priv->waitq,
944 (priv->cur_cmd == NULL &&
945 priv->dnld_sent == DNLD_RES_RECEIVED))) {
946 return -ERESTARTSYS;
948 spin_lock_irqsave(&priv->driver_lock, flags);
950 priv->dnld_sent = DNLD_BOOTCMD_SENT;
951 spin_unlock_irqrestore(&priv->driver_lock, flags);
953 ret = __if_usb_prog_firmware(cardp, fwname, cmd);
955 spin_lock_irqsave(&priv->driver_lock, flags);
956 priv->dnld_sent = DNLD_RES_RECEIVED;
957 spin_unlock_irqrestore(&priv->driver_lock, flags);
959 wake_up(&priv->waitq);
961 return ret;
964 /* table of firmware file names */
965 static const struct {
966 u32 model;
967 const char *fwname;
968 } fw_table[] = {
969 { MODEL_8388, "libertas/usb8388_v9.bin" },
970 { MODEL_8388, "libertas/usb8388_v5.bin" },
971 { MODEL_8388, "libertas/usb8388.bin" },
972 { MODEL_8388, "usb8388.bin" },
973 { MODEL_8682, "libertas/usb8682.bin" }
976 #ifdef CONFIG_OLPC
978 static int try_olpc_fw(struct if_usb_card *cardp)
980 int retval = -ENOENT;
982 /* try the OLPC firmware first; fall back to fw_table list */
983 if (machine_is_olpc() && cardp->model == MODEL_8388)
984 retval = request_firmware(&cardp->fw,
985 "libertas/usb8388_olpc.bin", &cardp->udev->dev);
986 return retval;
989 #else
990 static int try_olpc_fw(struct if_usb_card *cardp) { return -ENOENT; }
991 #endif /* !CONFIG_OLPC */
993 static int get_fw(struct if_usb_card *cardp, const char *fwname)
995 int i;
997 /* Try user-specified firmware first */
998 if (fwname)
999 return request_firmware(&cardp->fw, fwname, &cardp->udev->dev);
1001 /* Handle OLPC firmware */
1002 if (try_olpc_fw(cardp) == 0)
1003 return 0;
1005 /* Otherwise search for firmware to use */
1006 for (i = 0; i < ARRAY_SIZE(fw_table); i++) {
1007 if (fw_table[i].model != cardp->model)
1008 continue;
1009 if (request_firmware(&cardp->fw, fw_table[i].fwname,
1010 &cardp->udev->dev) == 0)
1011 return 0;
1014 return -ENOENT;
1017 static int __if_usb_prog_firmware(struct if_usb_card *cardp,
1018 const char *fwname, int cmd)
1020 int i = 0;
1021 static int reset_count = 10;
1022 int ret = 0;
1024 lbs_deb_enter(LBS_DEB_USB);
1026 ret = get_fw(cardp, fwname);
1027 if (ret) {
1028 pr_err("failed to find firmware (%d)\n", ret);
1029 goto done;
1032 if (check_fwfile_format(cardp->fw->data, cardp->fw->size)) {
1033 ret = -EINVAL;
1034 goto release_fw;
1037 /* Cancel any pending usb business */
1038 usb_kill_urb(cardp->rx_urb);
1039 usb_kill_urb(cardp->tx_urb);
1041 cardp->fwlastblksent = 0;
1042 cardp->fwdnldover = 0;
1043 cardp->totalbytes = 0;
1044 cardp->fwfinalblk = 0;
1045 cardp->bootcmdresp = 0;
1047 restart:
1048 if (if_usb_submit_rx_urb_fwload(cardp) < 0) {
1049 lbs_deb_usbd(&cardp->udev->dev, "URB submission is failed\n");
1050 ret = -EIO;
1051 goto release_fw;
1054 cardp->bootcmdresp = 0;
1055 do {
1056 int j = 0;
1057 i++;
1058 if_usb_issue_boot_command(cardp, cmd);
1059 /* wait for command response */
1060 do {
1061 j++;
1062 msleep_interruptible(100);
1063 } while (cardp->bootcmdresp == 0 && j < 10);
1064 } while (cardp->bootcmdresp == 0 && i < 5);
1066 if (cardp->bootcmdresp == BOOT_CMD_RESP_NOT_SUPPORTED) {
1067 /* Return to normal operation */
1068 ret = -EOPNOTSUPP;
1069 usb_kill_urb(cardp->rx_urb);
1070 usb_kill_urb(cardp->tx_urb);
1071 if (if_usb_submit_rx_urb(cardp) < 0)
1072 ret = -EIO;
1073 goto release_fw;
1074 } else if (cardp->bootcmdresp <= 0) {
1075 if (--reset_count >= 0) {
1076 if_usb_reset_device(cardp);
1077 goto restart;
1079 ret = -EIO;
1080 goto release_fw;
1083 i = 0;
1085 cardp->totalbytes = 0;
1086 cardp->fwlastblksent = 0;
1087 cardp->CRC_OK = 1;
1088 cardp->fwdnldover = 0;
1089 cardp->fwseqnum = -1;
1090 cardp->totalbytes = 0;
1091 cardp->fwfinalblk = 0;
1093 /* Send the first firmware packet... */
1094 if_usb_send_fw_pkt(cardp);
1096 /* ... and wait for the process to complete */
1097 wait_event_interruptible(cardp->fw_wq, cardp->surprise_removed || cardp->fwdnldover);
1099 del_timer_sync(&cardp->fw_timeout);
1100 usb_kill_urb(cardp->rx_urb);
1102 if (!cardp->fwdnldover) {
1103 pr_info("failed to load fw, resetting device!\n");
1104 if (--reset_count >= 0) {
1105 if_usb_reset_device(cardp);
1106 goto restart;
1109 pr_info("FW download failure, time = %d ms\n", i * 100);
1110 ret = -EIO;
1111 goto release_fw;
1114 release_fw:
1115 release_firmware(cardp->fw);
1116 cardp->fw = NULL;
1118 done:
1119 lbs_deb_leave_args(LBS_DEB_USB, "ret %d", ret);
1120 return ret;
1124 #ifdef CONFIG_PM
1125 static int if_usb_suspend(struct usb_interface *intf, pm_message_t message)
1127 struct if_usb_card *cardp = usb_get_intfdata(intf);
1128 struct lbs_private *priv = cardp->priv;
1129 int ret;
1131 lbs_deb_enter(LBS_DEB_USB);
1133 if (priv->psstate != PS_STATE_FULL_POWER)
1134 return -1;
1136 #ifdef CONFIG_OLPC
1137 if (machine_is_olpc()) {
1138 if (priv->wol_criteria == EHS_REMOVE_WAKEUP)
1139 olpc_ec_wakeup_clear(EC_SCI_SRC_WLAN);
1140 else
1141 olpc_ec_wakeup_set(EC_SCI_SRC_WLAN);
1143 #endif
1145 ret = lbs_suspend(priv);
1146 if (ret)
1147 goto out;
1149 /* Unlink tx & rx urb */
1150 usb_kill_urb(cardp->tx_urb);
1151 usb_kill_urb(cardp->rx_urb);
1153 out:
1154 lbs_deb_leave(LBS_DEB_USB);
1155 return ret;
1158 static int if_usb_resume(struct usb_interface *intf)
1160 struct if_usb_card *cardp = usb_get_intfdata(intf);
1161 struct lbs_private *priv = cardp->priv;
1163 lbs_deb_enter(LBS_DEB_USB);
1165 if_usb_submit_rx_urb(cardp);
1167 lbs_resume(priv);
1169 lbs_deb_leave(LBS_DEB_USB);
1170 return 0;
1172 #else
1173 #define if_usb_suspend NULL
1174 #define if_usb_resume NULL
1175 #endif
1177 static struct usb_driver if_usb_driver = {
1178 .name = DRV_NAME,
1179 .probe = if_usb_probe,
1180 .disconnect = if_usb_disconnect,
1181 .id_table = if_usb_table,
1182 .suspend = if_usb_suspend,
1183 .resume = if_usb_resume,
1184 .reset_resume = if_usb_resume,
1187 module_usb_driver(if_usb_driver);
1189 MODULE_DESCRIPTION("8388 USB WLAN Driver");
1190 MODULE_AUTHOR("Marvell International Ltd. and Red Hat, Inc.");
1191 MODULE_LICENSE("GPL");