1 /* 2 * USB Orinoco driver 3 * 4 * Copyright (c) 2003 Manuel Estrada Sainz 5 * 6 * The contents of this file are subject to the Mozilla Public License 7 * Version 1.1 (the "License"); you may not use this file except in 8 * compliance with the License. You may obtain a copy of the License 9 * at http://www.mozilla.org/MPL/ 10 * 11 * Software distributed under the License is distributed on an "AS IS" 12 * basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See 13 * the License for the specific language governing rights and 14 * limitations under the License. 15 * 16 * Alternatively, the contents of this file may be used under the 17 * terms of the GNU General Public License version 2 (the "GPL"), in 18 * which case the provisions of the GPL are applicable instead of the 19 * above. If you wish to allow the use of your version of this file 20 * only under the terms of the GPL and not to allow others to use your 21 * version of this file under the MPL, indicate your decision by 22 * deleting the provisions above and replace them with the notice and 23 * other provisions required by the GPL. If you do not delete the 24 * provisions above, a recipient may use your version of this file 25 * under either the MPL or the GPL. 26 * 27 * Queueing code based on linux-wlan-ng 0.2.1-pre5 28 * 29 * Copyright (C) 1999 AbsoluteValue Systems, Inc. All Rights Reserved. 30 * 31 * The license is the same as above. 32 * 33 * Initialy based on USB Skeleton driver - 0.7 34 * 35 * Copyright (c) 2001 Greg Kroah-Hartman (greg@kroah.com) 36 * 37 * This program is free software; you can redistribute it and/or 38 * modify it under the terms of the GNU General Public License as 39 * published by the Free Software Foundation; either version 2 of 40 * the License, or (at your option) any later version. 41 * 42 * NOTE: The original USB Skeleton driver is GPL, but all that code is 43 * gone so MPL/GPL applies. 44 */ 45 46 #define DRIVER_NAME "orinoco_usb" 47 #define PFX DRIVER_NAME ": " 48 49 #include <linux/module.h> 50 #include <linux/kernel.h> 51 #include <linux/sched.h> 52 #include <linux/signal.h> 53 #include <linux/errno.h> 54 #include <linux/poll.h> 55 #include <linux/slab.h> 56 #include <linux/fcntl.h> 57 #include <linux/spinlock.h> 58 #include <linux/list.h> 59 #include <linux/usb.h> 60 #include <linux/timer.h> 61 62 #include <linux/netdevice.h> 63 #include <linux/if_arp.h> 64 #include <linux/etherdevice.h> 65 #include <linux/wireless.h> 66 #include <linux/firmware.h> 67 #include <linux/refcount.h> 68 69 #include "mic.h" 70 #include "orinoco.h" 71 72 #ifndef URB_ASYNC_UNLINK 73 #define URB_ASYNC_UNLINK 0 74 #endif 75 76 struct header_struct { 77 /* 802.3 */ 78 u8 dest[ETH_ALEN]; 79 u8 src[ETH_ALEN]; 80 __be16 len; 81 /* 802.2 */ 82 u8 dsap; 83 u8 ssap; 84 u8 ctrl; 85 /* SNAP */ 86 u8 oui[3]; 87 __be16 ethertype; 88 } __packed; 89 90 struct ez_usb_fw { 91 u16 size; 92 const u8 *code; 93 }; 94 95 static struct ez_usb_fw firmware = { 96 .size = 0, 97 .code = NULL, 98 }; 99 100 /* Debugging macros */ 101 #undef err 102 #define err(format, arg...) \ 103 do { printk(KERN_ERR PFX format "\n", ## arg); } while (0) 104 105 MODULE_FIRMWARE("orinoco_ezusb_fw"); 106 107 /* 108 * Under some conditions, the card gets stuck and stops paying attention 109 * to the world (i.e. data communication stalls) until we do something to 110 * it. Sending an INQ_TALLIES command seems to be enough and should be 111 * harmless otherwise. This behaviour has been observed when using the 112 * driver on a systemimager client during installation. In the past a 113 * timer was used to send INQ_TALLIES commands when there was no other 114 * activity, but it was troublesome and was removed. 115 */ 116 117 #define USB_COMPAQ_VENDOR_ID 0x049f /* Compaq Computer Corp. */ 118 #define USB_COMPAQ_WL215_ID 0x001f /* Compaq WL215 USB Adapter */ 119 #define USB_COMPAQ_W200_ID 0x0076 /* Compaq W200 USB Adapter */ 120 #define USB_HP_WL215_ID 0x0082 /* Compaq WL215 USB Adapter */ 121 122 #define USB_MELCO_VENDOR_ID 0x0411 123 #define USB_BUFFALO_L11_ID 0x0006 /* BUFFALO WLI-USB-L11 */ 124 #define USB_BUFFALO_L11G_WR_ID 0x000B /* BUFFALO WLI-USB-L11G-WR */ 125 #define USB_BUFFALO_L11G_ID 0x000D /* BUFFALO WLI-USB-L11G */ 126 127 #define USB_LUCENT_VENDOR_ID 0x047E /* Lucent Technologies */ 128 #define USB_LUCENT_ORINOCO_ID 0x0300 /* Lucent/Agere Orinoco USB Client */ 129 130 #define USB_AVAYA8_VENDOR_ID 0x0D98 131 #define USB_AVAYAE_VENDOR_ID 0x0D9E 132 #define USB_AVAYA_WIRELESS_ID 0x0300 /* Avaya USB Wireless Card */ 133 134 #define USB_AGERE_VENDOR_ID 0x0D4E /* Agere Systems */ 135 #define USB_AGERE_MODEL0801_ID 0x1000 /* USB Wireless Card Model 0801 */ 136 #define USB_AGERE_MODEL0802_ID 0x1001 /* USB Wireless Card Model 0802 */ 137 #define USB_AGERE_REBRANDED_ID 0x047A /* USB WLAN Card */ 138 139 #define USB_ELSA_VENDOR_ID 0x05CC 140 #define USB_ELSA_AIRLANCER_ID 0x3100 /* ELSA AirLancer USB-11 */ 141 142 #define USB_LEGEND_VENDOR_ID 0x0E7C 143 #define USB_LEGEND_JOYNET_ID 0x0300 /* Joynet USB WLAN Card */ 144 145 #define USB_SAMSUNG_VENDOR_ID 0x04E8 146 #define USB_SAMSUNG_SEW2001U1_ID 0x5002 /* Samsung SEW-2001u Card */ 147 #define USB_SAMSUNG_SEW2001U2_ID 0x5B11 /* Samsung SEW-2001u Card */ 148 #define USB_SAMSUNG_SEW2003U_ID 0x7011 /* Samsung SEW-2003U Card */ 149 150 #define USB_IGATE_VENDOR_ID 0x0681 151 #define USB_IGATE_IGATE_11M_ID 0x0012 /* I-GATE 11M USB Card */ 152 153 #define USB_FUJITSU_VENDOR_ID 0x0BF8 154 #define USB_FUJITSU_E1100_ID 0x1002 /* connect2AIR WLAN E-1100 USB */ 155 156 #define USB_2WIRE_VENDOR_ID 0x1630 157 #define USB_2WIRE_WIRELESS_ID 0xff81 /* 2Wire USB Wireless adapter */ 158 159 160 #define EZUSB_REQUEST_FW_TRANS 0xA0 161 #define EZUSB_REQUEST_TRIGGER 0xAA 162 #define EZUSB_REQUEST_TRIG_AC 0xAC 163 #define EZUSB_CPUCS_REG 0x7F92 164 165 #define EZUSB_RID_TX 0x0700 166 #define EZUSB_RID_RX 0x0701 167 #define EZUSB_RID_INIT1 0x0702 168 #define EZUSB_RID_ACK 0x0710 169 #define EZUSB_RID_READ_PDA 0x0800 170 #define EZUSB_RID_PROG_INIT 0x0852 171 #define EZUSB_RID_PROG_SET_ADDR 0x0853 172 #define EZUSB_RID_PROG_BYTES 0x0854 173 #define EZUSB_RID_PROG_END 0x0855 174 #define EZUSB_RID_DOCMD 0x0860 175 176 /* Recognize info frames */ 177 #define EZUSB_IS_INFO(id) ((id >= 0xF000) && (id <= 0xF2FF)) 178 179 #define EZUSB_MAGIC 0x0210 180 181 #define EZUSB_FRAME_DATA 1 182 #define EZUSB_FRAME_CONTROL 2 183 184 #define DEF_TIMEOUT (3 * HZ) 185 186 #define BULK_BUF_SIZE 2048 187 188 #define MAX_DL_SIZE (BULK_BUF_SIZE - sizeof(struct ezusb_packet)) 189 190 #define FW_BUF_SIZE 64 191 #define FW_VAR_OFFSET_PTR 0x359 192 #define FW_VAR_VALUE 0 193 #define FW_HOLE_START 0x100 194 #define FW_HOLE_END 0x300 195 196 struct ezusb_packet { 197 __le16 magic; /* 0x0210 */ 198 u8 req_reply_count; 199 u8 ans_reply_count; 200 __le16 frame_type; /* 0x01 for data frames, 0x02 otherwise */ 201 __le16 size; /* transport size */ 202 __le16 crc; /* CRC up to here */ 203 __le16 hermes_len; 204 __le16 hermes_rid; 205 u8 data[]; 206 } __packed; 207 208 /* Table of devices that work or may work with this driver */ 209 static const struct usb_device_id ezusb_table[] = { 210 {USB_DEVICE(USB_COMPAQ_VENDOR_ID, USB_COMPAQ_WL215_ID)}, 211 {USB_DEVICE(USB_COMPAQ_VENDOR_ID, USB_HP_WL215_ID)}, 212 {USB_DEVICE(USB_COMPAQ_VENDOR_ID, USB_COMPAQ_W200_ID)}, 213 {USB_DEVICE(USB_MELCO_VENDOR_ID, USB_BUFFALO_L11_ID)}, 214 {USB_DEVICE(USB_MELCO_VENDOR_ID, USB_BUFFALO_L11G_WR_ID)}, 215 {USB_DEVICE(USB_MELCO_VENDOR_ID, USB_BUFFALO_L11G_ID)}, 216 {USB_DEVICE(USB_LUCENT_VENDOR_ID, USB_LUCENT_ORINOCO_ID)}, 217 {USB_DEVICE(USB_AVAYA8_VENDOR_ID, USB_AVAYA_WIRELESS_ID)}, 218 {USB_DEVICE(USB_AVAYAE_VENDOR_ID, USB_AVAYA_WIRELESS_ID)}, 219 {USB_DEVICE(USB_AGERE_VENDOR_ID, USB_AGERE_MODEL0801_ID)}, 220 {USB_DEVICE(USB_AGERE_VENDOR_ID, USB_AGERE_MODEL0802_ID)}, 221 {USB_DEVICE(USB_ELSA_VENDOR_ID, USB_ELSA_AIRLANCER_ID)}, 222 {USB_DEVICE(USB_LEGEND_VENDOR_ID, USB_LEGEND_JOYNET_ID)}, 223 {USB_DEVICE_VER(USB_SAMSUNG_VENDOR_ID, USB_SAMSUNG_SEW2001U1_ID, 224 0, 0)}, 225 {USB_DEVICE(USB_SAMSUNG_VENDOR_ID, USB_SAMSUNG_SEW2001U2_ID)}, 226 {USB_DEVICE(USB_SAMSUNG_VENDOR_ID, USB_SAMSUNG_SEW2003U_ID)}, 227 {USB_DEVICE(USB_IGATE_VENDOR_ID, USB_IGATE_IGATE_11M_ID)}, 228 {USB_DEVICE(USB_FUJITSU_VENDOR_ID, USB_FUJITSU_E1100_ID)}, 229 {USB_DEVICE(USB_2WIRE_VENDOR_ID, USB_2WIRE_WIRELESS_ID)}, 230 {USB_DEVICE(USB_AGERE_VENDOR_ID, USB_AGERE_REBRANDED_ID)}, 231 {} /* Terminating entry */ 232 }; 233 234 MODULE_DEVICE_TABLE(usb, ezusb_table); 235 236 /* Structure to hold all of our device specific stuff */ 237 struct ezusb_priv { 238 struct usb_device *udev; 239 struct net_device *dev; 240 struct mutex mtx; 241 spinlock_t req_lock; 242 struct list_head req_pending; 243 struct list_head req_active; 244 spinlock_t reply_count_lock; 245 u16 hermes_reg_fake[0x40]; 246 u8 *bap_buf; 247 struct urb *read_urb; 248 int read_pipe; 249 int write_pipe; 250 u8 reply_count; 251 }; 252 253 enum ezusb_state { 254 EZUSB_CTX_START, 255 EZUSB_CTX_QUEUED, 256 EZUSB_CTX_REQ_SUBMITTED, 257 EZUSB_CTX_REQ_COMPLETE, 258 EZUSB_CTX_RESP_RECEIVED, 259 EZUSB_CTX_REQ_TIMEOUT, 260 EZUSB_CTX_REQ_FAILED, 261 EZUSB_CTX_RESP_TIMEOUT, 262 EZUSB_CTX_REQSUBMIT_FAIL, 263 EZUSB_CTX_COMPLETE, 264 }; 265 266 struct request_context { 267 struct list_head list; 268 refcount_t refcount; 269 struct completion done; /* Signals that CTX is dead */ 270 int killed; 271 struct urb *outurb; /* OUT for req pkt */ 272 struct ezusb_priv *upriv; 273 struct ezusb_packet *buf; 274 int buf_length; 275 struct timer_list timer; /* Timeout handling */ 276 enum ezusb_state state; /* Current state */ 277 /* the RID that we will wait for */ 278 u16 out_rid; 279 u16 in_rid; 280 }; 281 282 283 /* Forward declarations */ 284 static void ezusb_ctx_complete(struct request_context *ctx); 285 static void ezusb_req_queue_run(struct ezusb_priv *upriv); 286 static void ezusb_bulk_in_callback(struct urb *urb); 287 ezusb_reply_inc(u8 count)288 static inline u8 ezusb_reply_inc(u8 count) 289 { 290 if (count < 0x7F) 291 return count + 1; 292 else 293 return 1; 294 } 295 ezusb_request_context_put(struct request_context * ctx)296 static void ezusb_request_context_put(struct request_context *ctx) 297 { 298 if (!refcount_dec_and_test(&ctx->refcount)) 299 return; 300 301 WARN_ON(!ctx->done.done); 302 BUG_ON(ctx->outurb->status == -EINPROGRESS); 303 BUG_ON(timer_pending(&ctx->timer)); 304 usb_free_urb(ctx->outurb); 305 kfree(ctx->buf); 306 kfree(ctx); 307 } 308 ezusb_mod_timer(struct ezusb_priv * upriv,struct timer_list * timer,unsigned long expire)309 static inline void ezusb_mod_timer(struct ezusb_priv *upriv, 310 struct timer_list *timer, 311 unsigned long expire) 312 { 313 if (!upriv->udev) 314 return; 315 mod_timer(timer, expire); 316 } 317 ezusb_request_timerfn(struct timer_list * t)318 static void ezusb_request_timerfn(struct timer_list *t) 319 { 320 struct request_context *ctx = from_timer(ctx, t, timer); 321 322 ctx->outurb->transfer_flags |= URB_ASYNC_UNLINK; 323 if (usb_unlink_urb(ctx->outurb) == -EINPROGRESS) { 324 ctx->state = EZUSB_CTX_REQ_TIMEOUT; 325 } else { 326 ctx->state = EZUSB_CTX_RESP_TIMEOUT; 327 dev_dbg(&ctx->outurb->dev->dev, "couldn't unlink\n"); 328 refcount_inc(&ctx->refcount); 329 ctx->killed = 1; 330 ezusb_ctx_complete(ctx); 331 ezusb_request_context_put(ctx); 332 } 333 }; 334 ezusb_alloc_ctx(struct ezusb_priv * upriv,u16 out_rid,u16 in_rid)335 static struct request_context *ezusb_alloc_ctx(struct ezusb_priv *upriv, 336 u16 out_rid, u16 in_rid) 337 { 338 struct request_context *ctx; 339 340 ctx = kzalloc(sizeof(*ctx), GFP_ATOMIC); 341 if (!ctx) 342 return NULL; 343 344 ctx->buf = kmalloc(BULK_BUF_SIZE, GFP_ATOMIC); 345 if (!ctx->buf) { 346 kfree(ctx); 347 return NULL; 348 } 349 ctx->outurb = usb_alloc_urb(0, GFP_ATOMIC); 350 if (!ctx->outurb) { 351 kfree(ctx->buf); 352 kfree(ctx); 353 return NULL; 354 } 355 356 ctx->upriv = upriv; 357 ctx->state = EZUSB_CTX_START; 358 ctx->out_rid = out_rid; 359 ctx->in_rid = in_rid; 360 361 refcount_set(&ctx->refcount, 1); 362 init_completion(&ctx->done); 363 364 timer_setup(&ctx->timer, ezusb_request_timerfn, 0); 365 return ctx; 366 } 367 ezusb_ctx_complete(struct request_context * ctx)368 static void ezusb_ctx_complete(struct request_context *ctx) 369 { 370 struct ezusb_priv *upriv = ctx->upriv; 371 unsigned long flags; 372 373 spin_lock_irqsave(&upriv->req_lock, flags); 374 375 list_del_init(&ctx->list); 376 if (upriv->udev) { 377 spin_unlock_irqrestore(&upriv->req_lock, flags); 378 ezusb_req_queue_run(upriv); 379 spin_lock_irqsave(&upriv->req_lock, flags); 380 } 381 382 switch (ctx->state) { 383 case EZUSB_CTX_COMPLETE: 384 case EZUSB_CTX_REQSUBMIT_FAIL: 385 case EZUSB_CTX_REQ_FAILED: 386 case EZUSB_CTX_REQ_TIMEOUT: 387 case EZUSB_CTX_RESP_TIMEOUT: 388 spin_unlock_irqrestore(&upriv->req_lock, flags); 389 390 if ((ctx->out_rid == EZUSB_RID_TX) && upriv->dev) { 391 struct net_device *dev = upriv->dev; 392 struct net_device_stats *stats = &dev->stats; 393 394 if (ctx->state != EZUSB_CTX_COMPLETE) 395 stats->tx_errors++; 396 else 397 stats->tx_packets++; 398 399 netif_wake_queue(dev); 400 } 401 complete_all(&ctx->done); 402 ezusb_request_context_put(ctx); 403 break; 404 405 default: 406 spin_unlock_irqrestore(&upriv->req_lock, flags); 407 if (!upriv->udev) { 408 /* This is normal, as all request contexts get flushed 409 * when the device is disconnected */ 410 err("Called, CTX not terminating, but device gone"); 411 complete_all(&ctx->done); 412 ezusb_request_context_put(ctx); 413 break; 414 } 415 416 err("Called, CTX not in terminating state."); 417 /* Things are really bad if this happens. Just leak 418 * the CTX because it may still be linked to the 419 * queue or the OUT urb may still be active. 420 * Just leaking at least prevents an Oops or Panic. 421 */ 422 break; 423 } 424 } 425 426 /* 427 * ezusb_req_queue_run: 428 * Description: 429 * Note: Only one active CTX at any one time, because there's no 430 * other (reliable) way to match the response URB to the correct 431 * CTX. 432 */ ezusb_req_queue_run(struct ezusb_priv * upriv)433 static void ezusb_req_queue_run(struct ezusb_priv *upriv) 434 { 435 unsigned long flags; 436 struct request_context *ctx; 437 int result; 438 439 spin_lock_irqsave(&upriv->req_lock, flags); 440 441 if (!list_empty(&upriv->req_active)) 442 goto unlock; 443 444 if (list_empty(&upriv->req_pending)) 445 goto unlock; 446 447 ctx = 448 list_entry(upriv->req_pending.next, struct request_context, 449 list); 450 451 if (!ctx->upriv->udev) 452 goto unlock; 453 454 /* We need to split this off to avoid a race condition */ 455 list_move_tail(&ctx->list, &upriv->req_active); 456 457 if (ctx->state == EZUSB_CTX_QUEUED) { 458 refcount_inc(&ctx->refcount); 459 result = usb_submit_urb(ctx->outurb, GFP_ATOMIC); 460 if (result) { 461 ctx->state = EZUSB_CTX_REQSUBMIT_FAIL; 462 463 spin_unlock_irqrestore(&upriv->req_lock, flags); 464 465 err("Fatal, failed to submit command urb." 466 " error=%d\n", result); 467 468 ezusb_ctx_complete(ctx); 469 ezusb_request_context_put(ctx); 470 goto done; 471 } 472 473 ctx->state = EZUSB_CTX_REQ_SUBMITTED; 474 ezusb_mod_timer(ctx->upriv, &ctx->timer, 475 jiffies + DEF_TIMEOUT); 476 } 477 478 unlock: 479 spin_unlock_irqrestore(&upriv->req_lock, flags); 480 481 done: 482 return; 483 } 484 ezusb_req_enqueue_run(struct ezusb_priv * upriv,struct request_context * ctx)485 static void ezusb_req_enqueue_run(struct ezusb_priv *upriv, 486 struct request_context *ctx) 487 { 488 unsigned long flags; 489 490 spin_lock_irqsave(&upriv->req_lock, flags); 491 492 if (!ctx->upriv->udev) { 493 spin_unlock_irqrestore(&upriv->req_lock, flags); 494 goto done; 495 } 496 refcount_inc(&ctx->refcount); 497 list_add_tail(&ctx->list, &upriv->req_pending); 498 spin_unlock_irqrestore(&upriv->req_lock, flags); 499 500 ctx->state = EZUSB_CTX_QUEUED; 501 ezusb_req_queue_run(upriv); 502 503 done: 504 return; 505 } 506 ezusb_request_out_callback(struct urb * urb)507 static void ezusb_request_out_callback(struct urb *urb) 508 { 509 unsigned long flags; 510 enum ezusb_state state; 511 struct request_context *ctx = urb->context; 512 struct ezusb_priv *upriv = ctx->upriv; 513 514 spin_lock_irqsave(&upriv->req_lock, flags); 515 516 del_timer(&ctx->timer); 517 518 if (ctx->killed) { 519 spin_unlock_irqrestore(&upriv->req_lock, flags); 520 pr_warn("interrupt called with dead ctx\n"); 521 goto out; 522 } 523 524 state = ctx->state; 525 526 if (urb->status == 0) { 527 switch (state) { 528 case EZUSB_CTX_REQ_SUBMITTED: 529 if (ctx->in_rid) { 530 ctx->state = EZUSB_CTX_REQ_COMPLETE; 531 /* reply URB still pending */ 532 ezusb_mod_timer(upriv, &ctx->timer, 533 jiffies + DEF_TIMEOUT); 534 spin_unlock_irqrestore(&upriv->req_lock, 535 flags); 536 break; 537 } 538 fallthrough; 539 case EZUSB_CTX_RESP_RECEIVED: 540 /* IN already received before this OUT-ACK */ 541 ctx->state = EZUSB_CTX_COMPLETE; 542 spin_unlock_irqrestore(&upriv->req_lock, flags); 543 ezusb_ctx_complete(ctx); 544 break; 545 546 default: 547 spin_unlock_irqrestore(&upriv->req_lock, flags); 548 err("Unexpected state(0x%x, %d) in OUT URB", 549 state, urb->status); 550 break; 551 } 552 } else { 553 /* If someone cancels the OUT URB then its status 554 * should be either -ECONNRESET or -ENOENT. 555 */ 556 switch (state) { 557 case EZUSB_CTX_REQ_SUBMITTED: 558 case EZUSB_CTX_RESP_RECEIVED: 559 ctx->state = EZUSB_CTX_REQ_FAILED; 560 fallthrough; 561 562 case EZUSB_CTX_REQ_FAILED: 563 case EZUSB_CTX_REQ_TIMEOUT: 564 spin_unlock_irqrestore(&upriv->req_lock, flags); 565 566 ezusb_ctx_complete(ctx); 567 break; 568 569 default: 570 spin_unlock_irqrestore(&upriv->req_lock, flags); 571 572 err("Unexpected state(0x%x, %d) in OUT URB", 573 state, urb->status); 574 break; 575 } 576 } 577 out: 578 ezusb_request_context_put(ctx); 579 } 580 ezusb_request_in_callback(struct ezusb_priv * upriv,struct urb * urb)581 static void ezusb_request_in_callback(struct ezusb_priv *upriv, 582 struct urb *urb) 583 { 584 struct ezusb_packet *ans = urb->transfer_buffer; 585 struct request_context *ctx = NULL; 586 enum ezusb_state state; 587 unsigned long flags; 588 589 /* Find the CTX on the active queue that requested this URB */ 590 spin_lock_irqsave(&upriv->req_lock, flags); 591 if (upriv->udev) { 592 struct list_head *item; 593 594 list_for_each(item, &upriv->req_active) { 595 struct request_context *c; 596 int reply_count; 597 598 c = list_entry(item, struct request_context, list); 599 reply_count = 600 ezusb_reply_inc(c->buf->req_reply_count); 601 if ((ans->ans_reply_count == reply_count) 602 && (le16_to_cpu(ans->hermes_rid) == c->in_rid)) { 603 ctx = c; 604 break; 605 } 606 netdev_dbg(upriv->dev, "Skipped (0x%x/0x%x) (%d/%d)\n", 607 le16_to_cpu(ans->hermes_rid), c->in_rid, 608 ans->ans_reply_count, reply_count); 609 } 610 } 611 612 if (ctx == NULL) { 613 spin_unlock_irqrestore(&upriv->req_lock, flags); 614 err("%s: got unexpected RID: 0x%04X", __func__, 615 le16_to_cpu(ans->hermes_rid)); 616 ezusb_req_queue_run(upriv); 617 return; 618 } 619 620 /* The data we want is in the in buffer, exchange */ 621 urb->transfer_buffer = ctx->buf; 622 ctx->buf = (void *) ans; 623 ctx->buf_length = urb->actual_length; 624 625 state = ctx->state; 626 switch (state) { 627 case EZUSB_CTX_REQ_SUBMITTED: 628 /* We have received our response URB before 629 * our request has been acknowledged. Do NOT 630 * destroy our CTX yet, because our OUT URB 631 * is still alive ... 632 */ 633 ctx->state = EZUSB_CTX_RESP_RECEIVED; 634 spin_unlock_irqrestore(&upriv->req_lock, flags); 635 636 /* Let the machine continue running. */ 637 break; 638 639 case EZUSB_CTX_REQ_COMPLETE: 640 /* This is the usual path: our request 641 * has already been acknowledged, and 642 * we have now received the reply. 643 */ 644 ctx->state = EZUSB_CTX_COMPLETE; 645 646 /* Stop the intimer */ 647 del_timer(&ctx->timer); 648 spin_unlock_irqrestore(&upriv->req_lock, flags); 649 650 /* Call the completion handler */ 651 ezusb_ctx_complete(ctx); 652 break; 653 654 default: 655 spin_unlock_irqrestore(&upriv->req_lock, flags); 656 657 pr_warn("Matched IN URB, unexpected context state(0x%x)\n", 658 state); 659 /* Throw this CTX away and try submitting another */ 660 del_timer(&ctx->timer); 661 ctx->outurb->transfer_flags |= URB_ASYNC_UNLINK; 662 usb_unlink_urb(ctx->outurb); 663 ezusb_req_queue_run(upriv); 664 break; 665 } /* switch */ 666 } 667 668 typedef void (*ezusb_ctx_wait)(struct ezusb_priv *, struct request_context *); 669 ezusb_req_ctx_wait_compl(struct ezusb_priv * upriv,struct request_context * ctx)670 static void ezusb_req_ctx_wait_compl(struct ezusb_priv *upriv, 671 struct request_context *ctx) 672 { 673 switch (ctx->state) { 674 case EZUSB_CTX_QUEUED: 675 case EZUSB_CTX_REQ_SUBMITTED: 676 case EZUSB_CTX_REQ_COMPLETE: 677 case EZUSB_CTX_RESP_RECEIVED: 678 wait_for_completion(&ctx->done); 679 break; 680 default: 681 /* Done or failed - nothing to wait for */ 682 break; 683 } 684 } 685 ezusb_req_ctx_wait_poll(struct ezusb_priv * upriv,struct request_context * ctx)686 static void ezusb_req_ctx_wait_poll(struct ezusb_priv *upriv, 687 struct request_context *ctx) 688 { 689 int msecs; 690 691 switch (ctx->state) { 692 case EZUSB_CTX_QUEUED: 693 case EZUSB_CTX_REQ_SUBMITTED: 694 case EZUSB_CTX_REQ_COMPLETE: 695 case EZUSB_CTX_RESP_RECEIVED: 696 /* If we get called from a timer or with our lock acquired, then 697 * we can't wait for the completion and have to poll. This won't 698 * happen if the USB controller completes the URB requests in 699 * BH. 700 */ 701 msecs = DEF_TIMEOUT * (1000 / HZ); 702 703 while (!try_wait_for_completion(&ctx->done) && msecs--) 704 udelay(1000); 705 break; 706 default: 707 /* Done or failed - nothing to wait for */ 708 break; 709 } 710 } 711 ezusb_req_ctx_wait_skip(struct ezusb_priv * upriv,struct request_context * ctx)712 static void ezusb_req_ctx_wait_skip(struct ezusb_priv *upriv, 713 struct request_context *ctx) 714 { 715 WARN(1, "Shouldn't be invoked for in_rid\n"); 716 } 717 build_crc(struct ezusb_packet * data)718 static inline u16 build_crc(struct ezusb_packet *data) 719 { 720 u16 crc = 0; 721 u8 *bytes = (u8 *)data; 722 int i; 723 724 for (i = 0; i < 8; i++) 725 crc = (crc << 1) + bytes[i]; 726 727 return crc; 728 } 729 730 /* 731 * ezusb_fill_req: 732 * 733 * if data == NULL and length > 0 the data is assumed to be already in 734 * the target buffer and only the header is filled. 735 * 736 */ ezusb_fill_req(struct ezusb_packet * req,u16 length,u16 rid,const void * data,u16 frame_type,u8 reply_count)737 static int ezusb_fill_req(struct ezusb_packet *req, u16 length, u16 rid, 738 const void *data, u16 frame_type, u8 reply_count) 739 { 740 int total_size = sizeof(*req) + length; 741 742 BUG_ON(total_size > BULK_BUF_SIZE); 743 744 req->magic = cpu_to_le16(EZUSB_MAGIC); 745 req->req_reply_count = reply_count; 746 req->ans_reply_count = 0; 747 req->frame_type = cpu_to_le16(frame_type); 748 req->size = cpu_to_le16(length + 4); 749 req->crc = cpu_to_le16(build_crc(req)); 750 req->hermes_len = cpu_to_le16(HERMES_BYTES_TO_RECLEN(length)); 751 req->hermes_rid = cpu_to_le16(rid); 752 if (data) 753 memcpy(req->data, data, length); 754 return total_size; 755 } 756 ezusb_submit_in_urb(struct ezusb_priv * upriv)757 static int ezusb_submit_in_urb(struct ezusb_priv *upriv) 758 { 759 int retval = 0; 760 void *cur_buf = upriv->read_urb->transfer_buffer; 761 762 if (upriv->read_urb->status == -EINPROGRESS) { 763 netdev_dbg(upriv->dev, "urb busy, not resubmiting\n"); 764 retval = -EBUSY; 765 goto exit; 766 } 767 usb_fill_bulk_urb(upriv->read_urb, upriv->udev, upriv->read_pipe, 768 cur_buf, BULK_BUF_SIZE, 769 ezusb_bulk_in_callback, upriv); 770 upriv->read_urb->transfer_flags = 0; 771 retval = usb_submit_urb(upriv->read_urb, GFP_ATOMIC); 772 if (retval) 773 err("%s submit failed %d", __func__, retval); 774 775 exit: 776 return retval; 777 } 778 ezusb_8051_cpucs(struct ezusb_priv * upriv,int reset)779 static inline int ezusb_8051_cpucs(struct ezusb_priv *upriv, int reset) 780 { 781 int ret; 782 u8 *res_val = NULL; 783 784 if (!upriv->udev) { 785 err("%s: !upriv->udev", __func__); 786 return -EFAULT; 787 } 788 789 res_val = kmalloc(sizeof(*res_val), GFP_KERNEL); 790 791 if (!res_val) 792 return -ENOMEM; 793 794 *res_val = reset; /* avoid argument promotion */ 795 796 ret = usb_control_msg(upriv->udev, 797 usb_sndctrlpipe(upriv->udev, 0), 798 EZUSB_REQUEST_FW_TRANS, 799 USB_TYPE_VENDOR | USB_RECIP_DEVICE | 800 USB_DIR_OUT, EZUSB_CPUCS_REG, 0, res_val, 801 sizeof(*res_val), DEF_TIMEOUT); 802 803 kfree(res_val); 804 805 return ret; 806 } 807 ezusb_firmware_download(struct ezusb_priv * upriv,struct ez_usb_fw * fw)808 static int ezusb_firmware_download(struct ezusb_priv *upriv, 809 struct ez_usb_fw *fw) 810 { 811 u8 *fw_buffer; 812 int retval, addr; 813 int variant_offset; 814 815 fw_buffer = kmalloc(FW_BUF_SIZE, GFP_KERNEL); 816 if (!fw_buffer) { 817 printk(KERN_ERR PFX "Out of memory for firmware buffer.\n"); 818 return -ENOMEM; 819 } 820 /* 821 * This byte is 1 and should be replaced with 0. The offset is 822 * 0x10AD in version 0.0.6. The byte in question should follow 823 * the end of the code pointed to by the jump in the beginning 824 * of the firmware. Also, it is read by code located at 0x358. 825 */ 826 variant_offset = be16_to_cpup((__be16 *) &fw->code[FW_VAR_OFFSET_PTR]); 827 if (variant_offset >= fw->size) { 828 printk(KERN_ERR PFX "Invalid firmware variant offset: " 829 "0x%04x\n", variant_offset); 830 retval = -EINVAL; 831 goto fail; 832 } 833 834 retval = ezusb_8051_cpucs(upriv, 1); 835 if (retval < 0) 836 goto fail; 837 for (addr = 0; addr < fw->size; addr += FW_BUF_SIZE) { 838 /* 0x100-0x300 should be left alone, it contains card 839 * specific data, like USB enumeration information */ 840 if ((addr >= FW_HOLE_START) && (addr < FW_HOLE_END)) 841 continue; 842 843 memcpy(fw_buffer, &fw->code[addr], FW_BUF_SIZE); 844 if (variant_offset >= addr && 845 variant_offset < addr + FW_BUF_SIZE) { 846 netdev_dbg(upriv->dev, 847 "Patching card_variant byte at 0x%04X\n", 848 variant_offset); 849 fw_buffer[variant_offset - addr] = FW_VAR_VALUE; 850 } 851 retval = usb_control_msg(upriv->udev, 852 usb_sndctrlpipe(upriv->udev, 0), 853 EZUSB_REQUEST_FW_TRANS, 854 USB_TYPE_VENDOR | USB_RECIP_DEVICE 855 | USB_DIR_OUT, 856 addr, 0x0, 857 fw_buffer, FW_BUF_SIZE, 858 DEF_TIMEOUT); 859 860 if (retval < 0) 861 goto fail; 862 } 863 retval = ezusb_8051_cpucs(upriv, 0); 864 if (retval < 0) 865 goto fail; 866 867 goto exit; 868 fail: 869 printk(KERN_ERR PFX "Firmware download failed, error %d\n", 870 retval); 871 exit: 872 kfree(fw_buffer); 873 return retval; 874 } 875 ezusb_access_ltv(struct ezusb_priv * upriv,struct request_context * ctx,u16 length,const void * data,u16 frame_type,void * ans_buff,unsigned ans_size,u16 * ans_length,ezusb_ctx_wait ezusb_ctx_wait_func)876 static int ezusb_access_ltv(struct ezusb_priv *upriv, 877 struct request_context *ctx, 878 u16 length, const void *data, u16 frame_type, 879 void *ans_buff, unsigned ans_size, u16 *ans_length, 880 ezusb_ctx_wait ezusb_ctx_wait_func) 881 { 882 int req_size; 883 int retval = 0; 884 enum ezusb_state state; 885 886 if (!upriv->udev) { 887 retval = -ENODEV; 888 goto exit; 889 } 890 891 if (upriv->read_urb->status != -EINPROGRESS) 892 err("%s: in urb not pending", __func__); 893 894 /* protect upriv->reply_count, guarantee sequential numbers */ 895 spin_lock_bh(&upriv->reply_count_lock); 896 req_size = ezusb_fill_req(ctx->buf, length, ctx->out_rid, data, 897 frame_type, upriv->reply_count); 898 usb_fill_bulk_urb(ctx->outurb, upriv->udev, upriv->write_pipe, 899 ctx->buf, req_size, 900 ezusb_request_out_callback, ctx); 901 902 if (ctx->in_rid) 903 upriv->reply_count = ezusb_reply_inc(upriv->reply_count); 904 905 ezusb_req_enqueue_run(upriv, ctx); 906 907 spin_unlock_bh(&upriv->reply_count_lock); 908 909 if (ctx->in_rid) 910 ezusb_ctx_wait_func(upriv, ctx); 911 912 state = ctx->state; 913 switch (state) { 914 case EZUSB_CTX_COMPLETE: 915 retval = ctx->outurb->status; 916 break; 917 918 case EZUSB_CTX_QUEUED: 919 case EZUSB_CTX_REQ_SUBMITTED: 920 if (!ctx->in_rid) 921 break; 922 fallthrough; 923 default: 924 err("%s: Unexpected context state %d", __func__, 925 state); 926 fallthrough; 927 case EZUSB_CTX_REQ_TIMEOUT: 928 case EZUSB_CTX_REQ_FAILED: 929 case EZUSB_CTX_RESP_TIMEOUT: 930 case EZUSB_CTX_REQSUBMIT_FAIL: 931 printk(KERN_ERR PFX "Access failed, resetting (state %d," 932 " reply_count %d)\n", state, upriv->reply_count); 933 upriv->reply_count = 0; 934 if (state == EZUSB_CTX_REQ_TIMEOUT 935 || state == EZUSB_CTX_RESP_TIMEOUT) { 936 printk(KERN_ERR PFX "ctx timed out\n"); 937 retval = -ETIMEDOUT; 938 } else { 939 printk(KERN_ERR PFX "ctx failed\n"); 940 retval = -EFAULT; 941 } 942 goto exit; 943 } 944 if (ctx->in_rid) { 945 struct ezusb_packet *ans = ctx->buf; 946 unsigned exp_len; 947 948 if (ans->hermes_len != 0) 949 exp_len = le16_to_cpu(ans->hermes_len) * 2 + 12; 950 else 951 exp_len = 14; 952 953 if (exp_len != ctx->buf_length) { 954 err("%s: length mismatch for RID 0x%04x: " 955 "expected %d, got %d", __func__, 956 ctx->in_rid, exp_len, ctx->buf_length); 957 retval = -EIO; 958 goto exit; 959 } 960 961 if (ans_buff) 962 memcpy(ans_buff, ans->data, min(exp_len, ans_size)); 963 if (ans_length) 964 *ans_length = le16_to_cpu(ans->hermes_len); 965 } 966 exit: 967 ezusb_request_context_put(ctx); 968 return retval; 969 } 970 __ezusb_write_ltv(struct hermes * hw,int bap,u16 rid,u16 length,const void * data,ezusb_ctx_wait ezusb_ctx_wait_func)971 static int __ezusb_write_ltv(struct hermes *hw, int bap, u16 rid, 972 u16 length, const void *data, 973 ezusb_ctx_wait ezusb_ctx_wait_func) 974 { 975 struct ezusb_priv *upriv = hw->priv; 976 u16 frame_type; 977 struct request_context *ctx; 978 979 if (length == 0) 980 return -EINVAL; 981 982 length = HERMES_RECLEN_TO_BYTES(length); 983 984 /* On memory mapped devices HERMES_RID_CNFGROUPADDRESSES can be 985 * set to be empty, but the USB bridge doesn't like it */ 986 if (length == 0) 987 return 0; 988 989 ctx = ezusb_alloc_ctx(upriv, rid, EZUSB_RID_ACK); 990 if (!ctx) 991 return -ENOMEM; 992 993 if (rid == EZUSB_RID_TX) 994 frame_type = EZUSB_FRAME_DATA; 995 else 996 frame_type = EZUSB_FRAME_CONTROL; 997 998 return ezusb_access_ltv(upriv, ctx, length, data, frame_type, 999 NULL, 0, NULL, ezusb_ctx_wait_func); 1000 } 1001 ezusb_write_ltv(struct hermes * hw,int bap,u16 rid,u16 length,const void * data)1002 static int ezusb_write_ltv(struct hermes *hw, int bap, u16 rid, 1003 u16 length, const void *data) 1004 { 1005 return __ezusb_write_ltv(hw, bap, rid, length, data, 1006 ezusb_req_ctx_wait_poll); 1007 } 1008 __ezusb_read_ltv(struct hermes * hw,int bap,u16 rid,unsigned bufsize,u16 * length,void * buf,ezusb_ctx_wait ezusb_ctx_wait_func)1009 static int __ezusb_read_ltv(struct hermes *hw, int bap, u16 rid, 1010 unsigned bufsize, u16 *length, void *buf, 1011 ezusb_ctx_wait ezusb_ctx_wait_func) 1012 1013 { 1014 struct ezusb_priv *upriv = hw->priv; 1015 struct request_context *ctx; 1016 1017 if (bufsize % 2) 1018 return -EINVAL; 1019 1020 ctx = ezusb_alloc_ctx(upriv, rid, rid); 1021 if (!ctx) 1022 return -ENOMEM; 1023 1024 return ezusb_access_ltv(upriv, ctx, 0, NULL, EZUSB_FRAME_CONTROL, 1025 buf, bufsize, length, ezusb_req_ctx_wait_poll); 1026 } 1027 ezusb_read_ltv(struct hermes * hw,int bap,u16 rid,unsigned bufsize,u16 * length,void * buf)1028 static int ezusb_read_ltv(struct hermes *hw, int bap, u16 rid, 1029 unsigned bufsize, u16 *length, void *buf) 1030 { 1031 return __ezusb_read_ltv(hw, bap, rid, bufsize, length, buf, 1032 ezusb_req_ctx_wait_poll); 1033 } 1034 ezusb_read_ltv_preempt(struct hermes * hw,int bap,u16 rid,unsigned bufsize,u16 * length,void * buf)1035 static int ezusb_read_ltv_preempt(struct hermes *hw, int bap, u16 rid, 1036 unsigned bufsize, u16 *length, void *buf) 1037 { 1038 return __ezusb_read_ltv(hw, bap, rid, bufsize, length, buf, 1039 ezusb_req_ctx_wait_compl); 1040 } 1041 ezusb_doicmd_wait(struct hermes * hw,u16 cmd,u16 parm0,u16 parm1,u16 parm2,struct hermes_response * resp)1042 static int ezusb_doicmd_wait(struct hermes *hw, u16 cmd, u16 parm0, u16 parm1, 1043 u16 parm2, struct hermes_response *resp) 1044 { 1045 WARN_ON_ONCE(1); 1046 return -EINVAL; 1047 } 1048 __ezusb_docmd_wait(struct hermes * hw,u16 cmd,u16 parm0,struct hermes_response * resp,ezusb_ctx_wait ezusb_ctx_wait_func)1049 static int __ezusb_docmd_wait(struct hermes *hw, u16 cmd, u16 parm0, 1050 struct hermes_response *resp, 1051 ezusb_ctx_wait ezusb_ctx_wait_func) 1052 { 1053 struct ezusb_priv *upriv = hw->priv; 1054 struct request_context *ctx; 1055 1056 __le16 data[4] = { 1057 cpu_to_le16(cmd), 1058 cpu_to_le16(parm0), 1059 0, 1060 0, 1061 }; 1062 netdev_dbg(upriv->dev, "0x%04X, parm0 0x%04X\n", cmd, parm0); 1063 ctx = ezusb_alloc_ctx(upriv, EZUSB_RID_DOCMD, EZUSB_RID_ACK); 1064 if (!ctx) 1065 return -ENOMEM; 1066 1067 return ezusb_access_ltv(upriv, ctx, sizeof(data), &data, 1068 EZUSB_FRAME_CONTROL, NULL, 0, NULL, 1069 ezusb_ctx_wait_func); 1070 } 1071 ezusb_docmd_wait(struct hermes * hw,u16 cmd,u16 parm0,struct hermes_response * resp)1072 static int ezusb_docmd_wait(struct hermes *hw, u16 cmd, u16 parm0, 1073 struct hermes_response *resp) 1074 { 1075 return __ezusb_docmd_wait(hw, cmd, parm0, resp, ezusb_req_ctx_wait_poll); 1076 } 1077 ezusb_bap_pread(struct hermes * hw,int bap,void * buf,int len,u16 id,u16 offset)1078 static int ezusb_bap_pread(struct hermes *hw, int bap, 1079 void *buf, int len, u16 id, u16 offset) 1080 { 1081 struct ezusb_priv *upriv = hw->priv; 1082 struct ezusb_packet *ans = (void *) upriv->read_urb->transfer_buffer; 1083 int actual_length = upriv->read_urb->actual_length; 1084 1085 if (id == EZUSB_RID_RX) { 1086 if ((sizeof(*ans) + offset + len) > actual_length) { 1087 printk(KERN_ERR PFX "BAP read beyond buffer end " 1088 "in rx frame\n"); 1089 return -EINVAL; 1090 } 1091 memcpy(buf, ans->data + offset, len); 1092 return 0; 1093 } 1094 1095 if (EZUSB_IS_INFO(id)) { 1096 /* Include 4 bytes for length/type */ 1097 if ((sizeof(*ans) + offset + len - 4) > actual_length) { 1098 printk(KERN_ERR PFX "BAP read beyond buffer end " 1099 "in info frame\n"); 1100 return -EFAULT; 1101 } 1102 memcpy(buf, ans->data + offset - 4, len); 1103 } else { 1104 printk(KERN_ERR PFX "Unexpected fid 0x%04x\n", id); 1105 return -EINVAL; 1106 } 1107 1108 return 0; 1109 } 1110 ezusb_read_pda(struct hermes * hw,__le16 * pda,u32 pda_addr,u16 pda_len)1111 static int ezusb_read_pda(struct hermes *hw, __le16 *pda, 1112 u32 pda_addr, u16 pda_len) 1113 { 1114 struct ezusb_priv *upriv = hw->priv; 1115 struct request_context *ctx; 1116 __le16 data[] = { 1117 cpu_to_le16(pda_addr & 0xffff), 1118 cpu_to_le16(pda_len - 4) 1119 }; 1120 ctx = ezusb_alloc_ctx(upriv, EZUSB_RID_READ_PDA, EZUSB_RID_READ_PDA); 1121 if (!ctx) 1122 return -ENOMEM; 1123 1124 /* wl_lkm does not include PDA size in the PDA area. 1125 * We will pad the information into pda, so other routines 1126 * don't have to be modified */ 1127 pda[0] = cpu_to_le16(pda_len - 2); 1128 /* Includes CFG_PROD_DATA but not itself */ 1129 pda[1] = cpu_to_le16(0x0800); /* CFG_PROD_DATA */ 1130 1131 return ezusb_access_ltv(upriv, ctx, sizeof(data), &data, 1132 EZUSB_FRAME_CONTROL, &pda[2], pda_len - 4, 1133 NULL, ezusb_req_ctx_wait_compl); 1134 } 1135 ezusb_program_init(struct hermes * hw,u32 entry_point)1136 static int ezusb_program_init(struct hermes *hw, u32 entry_point) 1137 { 1138 struct ezusb_priv *upriv = hw->priv; 1139 struct request_context *ctx; 1140 __le32 data = cpu_to_le32(entry_point); 1141 1142 ctx = ezusb_alloc_ctx(upriv, EZUSB_RID_PROG_INIT, EZUSB_RID_ACK); 1143 if (!ctx) 1144 return -ENOMEM; 1145 1146 return ezusb_access_ltv(upriv, ctx, sizeof(data), &data, 1147 EZUSB_FRAME_CONTROL, NULL, 0, NULL, 1148 ezusb_req_ctx_wait_compl); 1149 } 1150 ezusb_program_end(struct hermes * hw)1151 static int ezusb_program_end(struct hermes *hw) 1152 { 1153 struct ezusb_priv *upriv = hw->priv; 1154 struct request_context *ctx; 1155 1156 ctx = ezusb_alloc_ctx(upriv, EZUSB_RID_PROG_END, EZUSB_RID_ACK); 1157 if (!ctx) 1158 return -ENOMEM; 1159 1160 return ezusb_access_ltv(upriv, ctx, 0, NULL, 1161 EZUSB_FRAME_CONTROL, NULL, 0, NULL, 1162 ezusb_req_ctx_wait_compl); 1163 } 1164 ezusb_program_bytes(struct hermes * hw,const char * buf,u32 addr,u32 len)1165 static int ezusb_program_bytes(struct hermes *hw, const char *buf, 1166 u32 addr, u32 len) 1167 { 1168 struct ezusb_priv *upriv = hw->priv; 1169 struct request_context *ctx; 1170 __le32 data = cpu_to_le32(addr); 1171 int err; 1172 1173 ctx = ezusb_alloc_ctx(upriv, EZUSB_RID_PROG_SET_ADDR, EZUSB_RID_ACK); 1174 if (!ctx) 1175 return -ENOMEM; 1176 1177 err = ezusb_access_ltv(upriv, ctx, sizeof(data), &data, 1178 EZUSB_FRAME_CONTROL, NULL, 0, NULL, 1179 ezusb_req_ctx_wait_compl); 1180 if (err) 1181 return err; 1182 1183 ctx = ezusb_alloc_ctx(upriv, EZUSB_RID_PROG_BYTES, EZUSB_RID_ACK); 1184 if (!ctx) 1185 return -ENOMEM; 1186 1187 return ezusb_access_ltv(upriv, ctx, len, buf, 1188 EZUSB_FRAME_CONTROL, NULL, 0, NULL, 1189 ezusb_req_ctx_wait_compl); 1190 } 1191 ezusb_program(struct hermes * hw,const char * buf,u32 addr,u32 len)1192 static int ezusb_program(struct hermes *hw, const char *buf, 1193 u32 addr, u32 len) 1194 { 1195 u32 ch_addr; 1196 u32 ch_len; 1197 int err = 0; 1198 1199 /* We can only send 2048 bytes out of the bulk xmit at a time, 1200 * so we have to split any programming into chunks of <2048 1201 * bytes. */ 1202 1203 ch_len = (len < MAX_DL_SIZE) ? len : MAX_DL_SIZE; 1204 ch_addr = addr; 1205 1206 while (ch_addr < (addr + len)) { 1207 pr_debug("Programming subblock of length %d " 1208 "to address 0x%08x. Data @ %p\n", 1209 ch_len, ch_addr, &buf[ch_addr - addr]); 1210 1211 err = ezusb_program_bytes(hw, &buf[ch_addr - addr], 1212 ch_addr, ch_len); 1213 if (err) 1214 break; 1215 1216 ch_addr += ch_len; 1217 ch_len = ((addr + len - ch_addr) < MAX_DL_SIZE) ? 1218 (addr + len - ch_addr) : MAX_DL_SIZE; 1219 } 1220 1221 return err; 1222 } 1223 ezusb_xmit(struct sk_buff * skb,struct net_device * dev)1224 static netdev_tx_t ezusb_xmit(struct sk_buff *skb, struct net_device *dev) 1225 { 1226 struct orinoco_private *priv = ndev_priv(dev); 1227 struct net_device_stats *stats = &dev->stats; 1228 struct ezusb_priv *upriv = priv->card; 1229 u8 mic[MICHAEL_MIC_LEN + 1]; 1230 int err = 0; 1231 int tx_control; 1232 unsigned long flags; 1233 struct request_context *ctx; 1234 u8 *buf; 1235 int tx_size; 1236 1237 if (!netif_running(dev)) { 1238 printk(KERN_ERR "%s: Tx on stopped device!\n", 1239 dev->name); 1240 return NETDEV_TX_BUSY; 1241 } 1242 1243 if (netif_queue_stopped(dev)) { 1244 printk(KERN_DEBUG "%s: Tx while transmitter busy!\n", 1245 dev->name); 1246 return NETDEV_TX_BUSY; 1247 } 1248 1249 if (orinoco_lock(priv, &flags) != 0) { 1250 printk(KERN_ERR 1251 "%s: ezusb_xmit() called while hw_unavailable\n", 1252 dev->name); 1253 return NETDEV_TX_BUSY; 1254 } 1255 1256 if (!netif_carrier_ok(dev) || 1257 (priv->iw_mode == NL80211_IFTYPE_MONITOR)) { 1258 /* Oops, the firmware hasn't established a connection, 1259 silently drop the packet (this seems to be the 1260 safest approach). */ 1261 goto drop; 1262 } 1263 1264 /* Check packet length */ 1265 if (skb->len < ETH_HLEN) 1266 goto drop; 1267 1268 tx_control = 0; 1269 1270 err = orinoco_process_xmit_skb(skb, dev, priv, &tx_control, 1271 &mic[0]); 1272 if (err) 1273 goto drop; 1274 1275 ctx = ezusb_alloc_ctx(upriv, EZUSB_RID_TX, 0); 1276 if (!ctx) 1277 goto drop; 1278 1279 memset(ctx->buf, 0, BULK_BUF_SIZE); 1280 buf = ctx->buf->data; 1281 1282 { 1283 __le16 *tx_cntl = (__le16 *)buf; 1284 *tx_cntl = cpu_to_le16(tx_control); 1285 buf += sizeof(*tx_cntl); 1286 } 1287 1288 memcpy(buf, skb->data, skb->len); 1289 buf += skb->len; 1290 1291 if (tx_control & HERMES_TXCTRL_MIC) { 1292 u8 *m = mic; 1293 /* Mic has been offset so it can be copied to an even 1294 * address. We're copying eveything anyway, so we 1295 * don't need to copy that first byte. */ 1296 if (skb->len % 2) 1297 m++; 1298 memcpy(buf, m, MICHAEL_MIC_LEN); 1299 buf += MICHAEL_MIC_LEN; 1300 } 1301 1302 /* Finally, we actually initiate the send */ 1303 netif_stop_queue(dev); 1304 1305 /* The card may behave better if we send evenly sized usb transfers */ 1306 tx_size = ALIGN(buf - ctx->buf->data, 2); 1307 1308 err = ezusb_access_ltv(upriv, ctx, tx_size, NULL, 1309 EZUSB_FRAME_DATA, NULL, 0, NULL, 1310 ezusb_req_ctx_wait_skip); 1311 1312 if (err) { 1313 netif_start_queue(dev); 1314 if (net_ratelimit()) 1315 printk(KERN_ERR "%s: Error %d transmitting packet\n", 1316 dev->name, err); 1317 goto busy; 1318 } 1319 1320 netif_trans_update(dev); 1321 stats->tx_bytes += skb->len; 1322 goto ok; 1323 1324 drop: 1325 stats->tx_errors++; 1326 stats->tx_dropped++; 1327 1328 ok: 1329 orinoco_unlock(priv, &flags); 1330 dev_kfree_skb(skb); 1331 return NETDEV_TX_OK; 1332 1333 busy: 1334 orinoco_unlock(priv, &flags); 1335 return NETDEV_TX_BUSY; 1336 } 1337 ezusb_allocate(struct hermes * hw,u16 size,u16 * fid)1338 static int ezusb_allocate(struct hermes *hw, u16 size, u16 *fid) 1339 { 1340 *fid = EZUSB_RID_TX; 1341 return 0; 1342 } 1343 1344 ezusb_hard_reset(struct orinoco_private * priv)1345 static int ezusb_hard_reset(struct orinoco_private *priv) 1346 { 1347 struct ezusb_priv *upriv = priv->card; 1348 int retval = ezusb_8051_cpucs(upriv, 1); 1349 1350 if (retval < 0) { 1351 err("Failed to reset"); 1352 return retval; 1353 } 1354 1355 retval = ezusb_8051_cpucs(upriv, 0); 1356 if (retval < 0) { 1357 err("Failed to unreset"); 1358 return retval; 1359 } 1360 1361 netdev_dbg(upriv->dev, "sending control message\n"); 1362 retval = usb_control_msg(upriv->udev, 1363 usb_sndctrlpipe(upriv->udev, 0), 1364 EZUSB_REQUEST_TRIGGER, 1365 USB_TYPE_VENDOR | USB_RECIP_DEVICE | 1366 USB_DIR_OUT, 0x0, 0x0, NULL, 0, 1367 DEF_TIMEOUT); 1368 if (retval < 0) { 1369 err("EZUSB_REQUEST_TRIGGER failed retval %d", retval); 1370 return retval; 1371 } 1372 #if 0 1373 dbg("Sending EZUSB_REQUEST_TRIG_AC"); 1374 retval = usb_control_msg(upriv->udev, 1375 usb_sndctrlpipe(upriv->udev, 0), 1376 EZUSB_REQUEST_TRIG_AC, 1377 USB_TYPE_VENDOR | USB_RECIP_DEVICE | 1378 USB_DIR_OUT, 0x00FA, 0x0, NULL, 0, 1379 DEF_TIMEOUT); 1380 if (retval < 0) { 1381 err("EZUSB_REQUEST_TRIG_AC failed retval %d", retval); 1382 return retval; 1383 } 1384 #endif 1385 1386 return 0; 1387 } 1388 1389 ezusb_init(struct hermes * hw)1390 static int ezusb_init(struct hermes *hw) 1391 { 1392 struct ezusb_priv *upriv = hw->priv; 1393 int retval; 1394 1395 if (!upriv) 1396 return -EINVAL; 1397 1398 upriv->reply_count = 0; 1399 /* Write the MAGIC number on the simulated registers to keep 1400 * orinoco.c happy */ 1401 hermes_write_regn(hw, SWSUPPORT0, HERMES_MAGIC); 1402 hermes_write_regn(hw, RXFID, EZUSB_RID_RX); 1403 1404 usb_kill_urb(upriv->read_urb); 1405 ezusb_submit_in_urb(upriv); 1406 1407 retval = __ezusb_write_ltv(hw, 0, EZUSB_RID_INIT1, 1408 HERMES_BYTES_TO_RECLEN(2), "\x10\x00", 1409 ezusb_req_ctx_wait_compl); 1410 if (retval < 0) { 1411 printk(KERN_ERR PFX "EZUSB_RID_INIT1 error %d\n", retval); 1412 return retval; 1413 } 1414 1415 retval = __ezusb_docmd_wait(hw, HERMES_CMD_INIT, 0, NULL, 1416 ezusb_req_ctx_wait_compl); 1417 if (retval < 0) { 1418 printk(KERN_ERR PFX "HERMES_CMD_INIT error %d\n", retval); 1419 return retval; 1420 } 1421 1422 return 0; 1423 } 1424 ezusb_bulk_in_callback(struct urb * urb)1425 static void ezusb_bulk_in_callback(struct urb *urb) 1426 { 1427 struct ezusb_priv *upriv = (struct ezusb_priv *) urb->context; 1428 struct ezusb_packet *ans = urb->transfer_buffer; 1429 u16 crc; 1430 u16 hermes_rid; 1431 1432 if (upriv->udev == NULL) 1433 return; 1434 1435 if (urb->status == -ETIMEDOUT) { 1436 /* When a device gets unplugged we get this every time 1437 * we resubmit, flooding the logs. Since we don't use 1438 * USB timeouts, it shouldn't happen any other time*/ 1439 pr_warn("%s: urb timed out, not resubmitting\n", __func__); 1440 return; 1441 } 1442 if (urb->status == -ECONNABORTED) { 1443 pr_warn("%s: connection abort, resubmitting urb\n", 1444 __func__); 1445 goto resubmit; 1446 } 1447 if ((urb->status == -EILSEQ) 1448 || (urb->status == -ENOENT) 1449 || (urb->status == -ECONNRESET)) { 1450 netdev_dbg(upriv->dev, "status %d, not resubmiting\n", 1451 urb->status); 1452 return; 1453 } 1454 if (urb->status) 1455 netdev_dbg(upriv->dev, "status: %d length: %d\n", 1456 urb->status, urb->actual_length); 1457 if (urb->actual_length < sizeof(*ans)) { 1458 err("%s: short read, ignoring", __func__); 1459 goto resubmit; 1460 } 1461 crc = build_crc(ans); 1462 if (le16_to_cpu(ans->crc) != crc) { 1463 err("CRC error, ignoring packet"); 1464 goto resubmit; 1465 } 1466 1467 hermes_rid = le16_to_cpu(ans->hermes_rid); 1468 if ((hermes_rid != EZUSB_RID_RX) && !EZUSB_IS_INFO(hermes_rid)) { 1469 ezusb_request_in_callback(upriv, urb); 1470 } else if (upriv->dev) { 1471 struct net_device *dev = upriv->dev; 1472 struct orinoco_private *priv = ndev_priv(dev); 1473 struct hermes *hw = &priv->hw; 1474 1475 if (hermes_rid == EZUSB_RID_RX) { 1476 __orinoco_ev_rx(dev, hw); 1477 } else { 1478 hermes_write_regn(hw, INFOFID, 1479 le16_to_cpu(ans->hermes_rid)); 1480 __orinoco_ev_info(dev, hw); 1481 } 1482 } 1483 1484 resubmit: 1485 if (upriv->udev) 1486 ezusb_submit_in_urb(upriv); 1487 } 1488 ezusb_delete(struct ezusb_priv * upriv)1489 static inline void ezusb_delete(struct ezusb_priv *upriv) 1490 { 1491 struct list_head *item; 1492 struct list_head *tmp_item; 1493 unsigned long flags; 1494 1495 BUG_ON(!upriv); 1496 1497 mutex_lock(&upriv->mtx); 1498 1499 upriv->udev = NULL; /* No timer will be rearmed from here */ 1500 1501 usb_kill_urb(upriv->read_urb); 1502 1503 spin_lock_irqsave(&upriv->req_lock, flags); 1504 list_for_each_safe(item, tmp_item, &upriv->req_active) { 1505 struct request_context *ctx; 1506 int err; 1507 1508 ctx = list_entry(item, struct request_context, list); 1509 refcount_inc(&ctx->refcount); 1510 1511 ctx->outurb->transfer_flags |= URB_ASYNC_UNLINK; 1512 err = usb_unlink_urb(ctx->outurb); 1513 1514 spin_unlock_irqrestore(&upriv->req_lock, flags); 1515 if (err == -EINPROGRESS) 1516 wait_for_completion(&ctx->done); 1517 1518 del_timer_sync(&ctx->timer); 1519 /* FIXME: there is an slight chance for the irq handler to 1520 * be running */ 1521 if (!list_empty(&ctx->list)) 1522 ezusb_ctx_complete(ctx); 1523 1524 ezusb_request_context_put(ctx); 1525 spin_lock_irqsave(&upriv->req_lock, flags); 1526 } 1527 spin_unlock_irqrestore(&upriv->req_lock, flags); 1528 1529 list_for_each_safe(item, tmp_item, &upriv->req_pending) 1530 ezusb_ctx_complete(list_entry(item, 1531 struct request_context, list)); 1532 1533 if (upriv->read_urb && upriv->read_urb->status == -EINPROGRESS) 1534 printk(KERN_ERR PFX "Some URB in progress\n"); 1535 1536 mutex_unlock(&upriv->mtx); 1537 1538 if (upriv->read_urb) { 1539 kfree(upriv->read_urb->transfer_buffer); 1540 usb_free_urb(upriv->read_urb); 1541 } 1542 kfree(upriv->bap_buf); 1543 if (upriv->dev) { 1544 struct orinoco_private *priv = ndev_priv(upriv->dev); 1545 orinoco_if_del(priv); 1546 wiphy_unregister(priv_to_wiphy(upriv)); 1547 free_orinocodev(priv); 1548 } 1549 } 1550 ezusb_lock_irqsave(spinlock_t * lock,unsigned long * flags)1551 static void ezusb_lock_irqsave(spinlock_t *lock, 1552 unsigned long *flags) __acquires(lock) 1553 { 1554 spin_lock_bh(lock); 1555 } 1556 ezusb_unlock_irqrestore(spinlock_t * lock,unsigned long * flags)1557 static void ezusb_unlock_irqrestore(spinlock_t *lock, 1558 unsigned long *flags) __releases(lock) 1559 { 1560 spin_unlock_bh(lock); 1561 } 1562 ezusb_lock_irq(spinlock_t * lock)1563 static void ezusb_lock_irq(spinlock_t *lock) __acquires(lock) 1564 { 1565 spin_lock_bh(lock); 1566 } 1567 ezusb_unlock_irq(spinlock_t * lock)1568 static void ezusb_unlock_irq(spinlock_t *lock) __releases(lock) 1569 { 1570 spin_unlock_bh(lock); 1571 } 1572 1573 static const struct hermes_ops ezusb_ops = { 1574 .init = ezusb_init, 1575 .cmd_wait = ezusb_docmd_wait, 1576 .init_cmd_wait = ezusb_doicmd_wait, 1577 .allocate = ezusb_allocate, 1578 .read_ltv = ezusb_read_ltv, 1579 .read_ltv_pr = ezusb_read_ltv_preempt, 1580 .write_ltv = ezusb_write_ltv, 1581 .bap_pread = ezusb_bap_pread, 1582 .read_pda = ezusb_read_pda, 1583 .program_init = ezusb_program_init, 1584 .program_end = ezusb_program_end, 1585 .program = ezusb_program, 1586 .lock_irqsave = ezusb_lock_irqsave, 1587 .unlock_irqrestore = ezusb_unlock_irqrestore, 1588 .lock_irq = ezusb_lock_irq, 1589 .unlock_irq = ezusb_unlock_irq, 1590 }; 1591 1592 static const struct net_device_ops ezusb_netdev_ops = { 1593 .ndo_open = orinoco_open, 1594 .ndo_stop = orinoco_stop, 1595 .ndo_start_xmit = ezusb_xmit, 1596 .ndo_set_rx_mode = orinoco_set_multicast_list, 1597 .ndo_change_mtu = orinoco_change_mtu, 1598 .ndo_set_mac_address = eth_mac_addr, 1599 .ndo_validate_addr = eth_validate_addr, 1600 .ndo_tx_timeout = orinoco_tx_timeout, 1601 }; 1602 ezusb_probe(struct usb_interface * interface,const struct usb_device_id * id)1603 static int ezusb_probe(struct usb_interface *interface, 1604 const struct usb_device_id *id) 1605 { 1606 struct usb_device *udev = interface_to_usbdev(interface); 1607 struct orinoco_private *priv; 1608 struct hermes *hw; 1609 struct ezusb_priv *upriv = NULL; 1610 struct usb_interface_descriptor *iface_desc; 1611 struct usb_endpoint_descriptor *ep; 1612 const struct firmware *fw_entry = NULL; 1613 int retval = 0; 1614 int i; 1615 1616 priv = alloc_orinocodev(sizeof(*upriv), &udev->dev, 1617 ezusb_hard_reset, NULL); 1618 if (!priv) { 1619 err("Couldn't allocate orinocodev"); 1620 retval = -ENOMEM; 1621 goto exit; 1622 } 1623 1624 hw = &priv->hw; 1625 1626 upriv = priv->card; 1627 1628 mutex_init(&upriv->mtx); 1629 spin_lock_init(&upriv->reply_count_lock); 1630 1631 spin_lock_init(&upriv->req_lock); 1632 INIT_LIST_HEAD(&upriv->req_pending); 1633 INIT_LIST_HEAD(&upriv->req_active); 1634 1635 upriv->udev = udev; 1636 1637 hw->iobase = (void __force __iomem *) &upriv->hermes_reg_fake; 1638 hw->reg_spacing = HERMES_16BIT_REGSPACING; 1639 hw->priv = upriv; 1640 hw->ops = &ezusb_ops; 1641 1642 /* set up the endpoint information */ 1643 /* check out the endpoints */ 1644 1645 iface_desc = &interface->cur_altsetting->desc; 1646 for (i = 0; i < iface_desc->bNumEndpoints; ++i) { 1647 ep = &interface->cur_altsetting->endpoint[i].desc; 1648 1649 if (usb_endpoint_is_bulk_in(ep)) { 1650 /* we found a bulk in endpoint */ 1651 if (upriv->read_urb != NULL) { 1652 pr_warn("Found a second bulk in ep, ignored\n"); 1653 continue; 1654 } 1655 1656 upriv->read_urb = usb_alloc_urb(0, GFP_KERNEL); 1657 if (!upriv->read_urb) 1658 goto error; 1659 if (le16_to_cpu(ep->wMaxPacketSize) != 64) 1660 pr_warn("bulk in: wMaxPacketSize!= 64\n"); 1661 if (ep->bEndpointAddress != (2 | USB_DIR_IN)) 1662 pr_warn("bulk in: bEndpointAddress: %d\n", 1663 ep->bEndpointAddress); 1664 upriv->read_pipe = usb_rcvbulkpipe(udev, 1665 ep-> 1666 bEndpointAddress); 1667 upriv->read_urb->transfer_buffer = 1668 kmalloc(BULK_BUF_SIZE, GFP_KERNEL); 1669 if (!upriv->read_urb->transfer_buffer) { 1670 err("Couldn't allocate IN buffer"); 1671 goto error; 1672 } 1673 } 1674 1675 if (usb_endpoint_is_bulk_out(ep)) { 1676 /* we found a bulk out endpoint */ 1677 if (upriv->bap_buf != NULL) { 1678 pr_warn("Found a second bulk out ep, ignored\n"); 1679 continue; 1680 } 1681 1682 if (le16_to_cpu(ep->wMaxPacketSize) != 64) 1683 pr_warn("bulk out: wMaxPacketSize != 64\n"); 1684 if (ep->bEndpointAddress != 2) 1685 pr_warn("bulk out: bEndpointAddress: %d\n", 1686 ep->bEndpointAddress); 1687 upriv->write_pipe = usb_sndbulkpipe(udev, 1688 ep-> 1689 bEndpointAddress); 1690 upriv->bap_buf = kmalloc(BULK_BUF_SIZE, GFP_KERNEL); 1691 if (!upriv->bap_buf) { 1692 err("Couldn't allocate bulk_out_buffer"); 1693 goto error; 1694 } 1695 } 1696 } 1697 if (!upriv->bap_buf || !upriv->read_urb) { 1698 err("Didn't find the required bulk endpoints"); 1699 goto error; 1700 } 1701 1702 if (request_firmware(&fw_entry, "orinoco_ezusb_fw", 1703 &interface->dev) == 0) { 1704 firmware.size = fw_entry->size; 1705 firmware.code = fw_entry->data; 1706 } 1707 if (firmware.size && firmware.code) { 1708 if (ezusb_firmware_download(upriv, &firmware) < 0) 1709 goto error; 1710 } else { 1711 err("No firmware to download"); 1712 goto error; 1713 } 1714 1715 if (ezusb_hard_reset(priv) < 0) { 1716 err("Cannot reset the device"); 1717 goto error; 1718 } 1719 1720 /* If the firmware is already downloaded orinoco.c will call 1721 * ezusb_init but if the firmware is not already there, that will make 1722 * the kernel very unstable, so we try initializing here and quit in 1723 * case of error */ 1724 if (ezusb_init(hw) < 0) { 1725 err("Couldn't initialize the device"); 1726 err("Firmware may not be downloaded or may be wrong."); 1727 goto error; 1728 } 1729 1730 /* Initialise the main driver */ 1731 if (orinoco_init(priv) != 0) { 1732 err("orinoco_init() failed\n"); 1733 goto error; 1734 } 1735 1736 if (orinoco_if_add(priv, 0, 0, &ezusb_netdev_ops) != 0) { 1737 upriv->dev = NULL; 1738 err("%s: orinoco_if_add() failed", __func__); 1739 wiphy_unregister(priv_to_wiphy(priv)); 1740 goto error; 1741 } 1742 upriv->dev = priv->ndev; 1743 1744 goto exit; 1745 1746 error: 1747 ezusb_delete(upriv); 1748 if (upriv->dev) { 1749 /* upriv->dev was 0, so ezusb_delete() didn't free it */ 1750 free_orinocodev(priv); 1751 } 1752 upriv = NULL; 1753 retval = -EFAULT; 1754 exit: 1755 if (fw_entry) { 1756 firmware.code = NULL; 1757 firmware.size = 0; 1758 release_firmware(fw_entry); 1759 } 1760 usb_set_intfdata(interface, upriv); 1761 return retval; 1762 } 1763 1764 ezusb_disconnect(struct usb_interface * intf)1765 static void ezusb_disconnect(struct usb_interface *intf) 1766 { 1767 struct ezusb_priv *upriv = usb_get_intfdata(intf); 1768 usb_set_intfdata(intf, NULL); 1769 ezusb_delete(upriv); 1770 printk(KERN_INFO PFX "Disconnected\n"); 1771 } 1772 1773 1774 /* usb specific object needed to register this driver with the usb subsystem */ 1775 static struct usb_driver orinoco_driver = { 1776 .name = DRIVER_NAME, 1777 .probe = ezusb_probe, 1778 .disconnect = ezusb_disconnect, 1779 .id_table = ezusb_table, 1780 .disable_hub_initiated_lpm = 1, 1781 }; 1782 1783 module_usb_driver(orinoco_driver); 1784 1785 MODULE_AUTHOR("Manuel Estrada Sainz"); 1786 MODULE_DESCRIPTION("Driver for Orinoco wireless LAN cards using EZUSB bridge"); 1787 MODULE_LICENSE("Dual MPL/GPL"); 1788