1 /*
2  * USB Orinoco driver
3  *
4  * Copyright (c) 2003 Manuel Estrada Sainz
5  *
6  * The contents of this file are subject to the Mozilla Public License
7  * Version 1.1 (the "License"); you may not use this file except in
8  * compliance with the License. You may obtain a copy of the License
9  * at http://www.mozilla.org/MPL/
10  *
11  * Software distributed under the License is distributed on an "AS IS"
12  * basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
13  * the License for the specific language governing rights and
14  * limitations under the License.
15  *
16  * Alternatively, the contents of this file may be used under the
17  * terms of the GNU General Public License version 2 (the "GPL"), in
18  * which case the provisions of the GPL are applicable instead of the
19  * above.  If you wish to allow the use of your version of this file
20  * only under the terms of the GPL and not to allow others to use your
21  * version of this file under the MPL, indicate your decision by
22  * deleting the provisions above and replace them with the notice and
23  * other provisions required by the GPL.  If you do not delete the
24  * provisions above, a recipient may use your version of this file
25  * under either the MPL or the GPL.
26  *
27  * Queueing code based on linux-wlan-ng 0.2.1-pre5
28  *
29  * Copyright (C) 1999 AbsoluteValue Systems, Inc.  All Rights Reserved.
30  *
31  *	The license is the same as above.
32  *
33  * Initialy based on USB Skeleton driver - 0.7
34  *
35  * Copyright (c) 2001 Greg Kroah-Hartman (greg@kroah.com)
36  *
37  *	This program is free software; you can redistribute it and/or
38  *	modify it under the terms of the GNU General Public License as
39  *	published by the Free Software Foundation; either version 2 of
40  *	the License, or (at your option) any later version.
41  *
42  * NOTE: The original USB Skeleton driver is GPL, but all that code is
43  * gone so MPL/GPL applies.
44  */
45 
46 #define DRIVER_NAME "orinoco_usb"
47 #define PFX DRIVER_NAME ": "
48 
49 #include <linux/module.h>
50 #include <linux/kernel.h>
51 #include <linux/sched.h>
52 #include <linux/signal.h>
53 #include <linux/errno.h>
54 #include <linux/poll.h>
55 #include <linux/slab.h>
56 #include <linux/fcntl.h>
57 #include <linux/spinlock.h>
58 #include <linux/list.h>
59 #include <linux/usb.h>
60 #include <linux/timer.h>
61 
62 #include <linux/netdevice.h>
63 #include <linux/if_arp.h>
64 #include <linux/etherdevice.h>
65 #include <linux/wireless.h>
66 #include <linux/firmware.h>
67 #include <linux/refcount.h>
68 
69 #include "mic.h"
70 #include "orinoco.h"
71 
72 #ifndef URB_ASYNC_UNLINK
73 #define URB_ASYNC_UNLINK 0
74 #endif
75 
76 struct header_struct {
77 	/* 802.3 */
78 	u8 dest[ETH_ALEN];
79 	u8 src[ETH_ALEN];
80 	__be16 len;
81 	/* 802.2 */
82 	u8 dsap;
83 	u8 ssap;
84 	u8 ctrl;
85 	/* SNAP */
86 	u8 oui[3];
87 	__be16 ethertype;
88 } __packed;
89 
90 struct ez_usb_fw {
91 	u16 size;
92 	const u8 *code;
93 };
94 
95 static struct ez_usb_fw firmware = {
96 	.size = 0,
97 	.code = NULL,
98 };
99 
100 /* Debugging macros */
101 #undef err
102 #define err(format, arg...) \
103 	do { printk(KERN_ERR PFX format "\n", ## arg); } while (0)
104 
105 MODULE_FIRMWARE("orinoco_ezusb_fw");
106 
107 /*
108  * Under some conditions, the card gets stuck and stops paying attention
109  * to the world (i.e. data communication stalls) until we do something to
110  * it.  Sending an INQ_TALLIES command seems to be enough and should be
111  * harmless otherwise.  This behaviour has been observed when using the
112  * driver on a systemimager client during installation.  In the past a
113  * timer was used to send INQ_TALLIES commands when there was no other
114  * activity, but it was troublesome and was removed.
115  */
116 
117 #define USB_COMPAQ_VENDOR_ID     0x049f /* Compaq Computer Corp. */
118 #define USB_COMPAQ_WL215_ID      0x001f /* Compaq WL215 USB Adapter */
119 #define USB_COMPAQ_W200_ID       0x0076 /* Compaq W200 USB Adapter */
120 #define USB_HP_WL215_ID          0x0082 /* Compaq WL215 USB Adapter */
121 
122 #define USB_MELCO_VENDOR_ID      0x0411
123 #define USB_BUFFALO_L11_ID       0x0006 /* BUFFALO WLI-USB-L11 */
124 #define USB_BUFFALO_L11G_WR_ID   0x000B /* BUFFALO WLI-USB-L11G-WR */
125 #define USB_BUFFALO_L11G_ID      0x000D /* BUFFALO WLI-USB-L11G */
126 
127 #define USB_LUCENT_VENDOR_ID     0x047E /* Lucent Technologies */
128 #define USB_LUCENT_ORINOCO_ID    0x0300 /* Lucent/Agere Orinoco USB Client */
129 
130 #define USB_AVAYA8_VENDOR_ID     0x0D98
131 #define USB_AVAYAE_VENDOR_ID     0x0D9E
132 #define USB_AVAYA_WIRELESS_ID    0x0300 /* Avaya USB Wireless Card */
133 
134 #define USB_AGERE_VENDOR_ID      0x0D4E /* Agere Systems */
135 #define USB_AGERE_MODEL0801_ID   0x1000 /* USB Wireless Card Model 0801 */
136 #define USB_AGERE_MODEL0802_ID   0x1001 /* USB Wireless Card Model 0802 */
137 #define USB_AGERE_REBRANDED_ID   0x047A /* USB WLAN Card */
138 
139 #define USB_ELSA_VENDOR_ID       0x05CC
140 #define USB_ELSA_AIRLANCER_ID    0x3100 /* ELSA AirLancer USB-11 */
141 
142 #define USB_LEGEND_VENDOR_ID     0x0E7C
143 #define USB_LEGEND_JOYNET_ID     0x0300 /* Joynet USB WLAN Card */
144 
145 #define USB_SAMSUNG_VENDOR_ID    0x04E8
146 #define USB_SAMSUNG_SEW2001U1_ID 0x5002 /* Samsung SEW-2001u Card */
147 #define USB_SAMSUNG_SEW2001U2_ID 0x5B11 /* Samsung SEW-2001u Card */
148 #define USB_SAMSUNG_SEW2003U_ID  0x7011 /* Samsung SEW-2003U Card */
149 
150 #define USB_IGATE_VENDOR_ID      0x0681
151 #define USB_IGATE_IGATE_11M_ID   0x0012 /* I-GATE 11M USB Card */
152 
153 #define USB_FUJITSU_VENDOR_ID    0x0BF8
154 #define USB_FUJITSU_E1100_ID     0x1002 /* connect2AIR WLAN E-1100 USB */
155 
156 #define USB_2WIRE_VENDOR_ID      0x1630
157 #define USB_2WIRE_WIRELESS_ID    0xff81 /* 2Wire USB Wireless adapter */
158 
159 
160 #define EZUSB_REQUEST_FW_TRANS		0xA0
161 #define EZUSB_REQUEST_TRIGGER		0xAA
162 #define EZUSB_REQUEST_TRIG_AC		0xAC
163 #define EZUSB_CPUCS_REG			0x7F92
164 
165 #define EZUSB_RID_TX			0x0700
166 #define EZUSB_RID_RX			0x0701
167 #define EZUSB_RID_INIT1			0x0702
168 #define EZUSB_RID_ACK			0x0710
169 #define EZUSB_RID_READ_PDA		0x0800
170 #define EZUSB_RID_PROG_INIT		0x0852
171 #define EZUSB_RID_PROG_SET_ADDR		0x0853
172 #define EZUSB_RID_PROG_BYTES		0x0854
173 #define EZUSB_RID_PROG_END		0x0855
174 #define EZUSB_RID_DOCMD			0x0860
175 
176 /* Recognize info frames */
177 #define EZUSB_IS_INFO(id)		((id >= 0xF000) && (id <= 0xF2FF))
178 
179 #define EZUSB_MAGIC			0x0210
180 
181 #define EZUSB_FRAME_DATA		1
182 #define EZUSB_FRAME_CONTROL		2
183 
184 #define DEF_TIMEOUT			(3 * HZ)
185 
186 #define BULK_BUF_SIZE			2048
187 
188 #define MAX_DL_SIZE (BULK_BUF_SIZE - sizeof(struct ezusb_packet))
189 
190 #define FW_BUF_SIZE			64
191 #define FW_VAR_OFFSET_PTR		0x359
192 #define FW_VAR_VALUE			0
193 #define FW_HOLE_START			0x100
194 #define FW_HOLE_END			0x300
195 
196 struct ezusb_packet {
197 	__le16 magic;		/* 0x0210 */
198 	u8 req_reply_count;
199 	u8 ans_reply_count;
200 	__le16 frame_type;	/* 0x01 for data frames, 0x02 otherwise */
201 	__le16 size;		/* transport size */
202 	__le16 crc;		/* CRC up to here */
203 	__le16 hermes_len;
204 	__le16 hermes_rid;
205 	u8 data[];
206 } __packed;
207 
208 /* Table of devices that work or may work with this driver */
209 static const struct usb_device_id ezusb_table[] = {
210 	{USB_DEVICE(USB_COMPAQ_VENDOR_ID, USB_COMPAQ_WL215_ID)},
211 	{USB_DEVICE(USB_COMPAQ_VENDOR_ID, USB_HP_WL215_ID)},
212 	{USB_DEVICE(USB_COMPAQ_VENDOR_ID, USB_COMPAQ_W200_ID)},
213 	{USB_DEVICE(USB_MELCO_VENDOR_ID, USB_BUFFALO_L11_ID)},
214 	{USB_DEVICE(USB_MELCO_VENDOR_ID, USB_BUFFALO_L11G_WR_ID)},
215 	{USB_DEVICE(USB_MELCO_VENDOR_ID, USB_BUFFALO_L11G_ID)},
216 	{USB_DEVICE(USB_LUCENT_VENDOR_ID, USB_LUCENT_ORINOCO_ID)},
217 	{USB_DEVICE(USB_AVAYA8_VENDOR_ID, USB_AVAYA_WIRELESS_ID)},
218 	{USB_DEVICE(USB_AVAYAE_VENDOR_ID, USB_AVAYA_WIRELESS_ID)},
219 	{USB_DEVICE(USB_AGERE_VENDOR_ID, USB_AGERE_MODEL0801_ID)},
220 	{USB_DEVICE(USB_AGERE_VENDOR_ID, USB_AGERE_MODEL0802_ID)},
221 	{USB_DEVICE(USB_ELSA_VENDOR_ID, USB_ELSA_AIRLANCER_ID)},
222 	{USB_DEVICE(USB_LEGEND_VENDOR_ID, USB_LEGEND_JOYNET_ID)},
223 	{USB_DEVICE_VER(USB_SAMSUNG_VENDOR_ID, USB_SAMSUNG_SEW2001U1_ID,
224 			0, 0)},
225 	{USB_DEVICE(USB_SAMSUNG_VENDOR_ID, USB_SAMSUNG_SEW2001U2_ID)},
226 	{USB_DEVICE(USB_SAMSUNG_VENDOR_ID, USB_SAMSUNG_SEW2003U_ID)},
227 	{USB_DEVICE(USB_IGATE_VENDOR_ID, USB_IGATE_IGATE_11M_ID)},
228 	{USB_DEVICE(USB_FUJITSU_VENDOR_ID, USB_FUJITSU_E1100_ID)},
229 	{USB_DEVICE(USB_2WIRE_VENDOR_ID, USB_2WIRE_WIRELESS_ID)},
230 	{USB_DEVICE(USB_AGERE_VENDOR_ID, USB_AGERE_REBRANDED_ID)},
231 	{}			/* Terminating entry */
232 };
233 
234 MODULE_DEVICE_TABLE(usb, ezusb_table);
235 
236 /* Structure to hold all of our device specific stuff */
237 struct ezusb_priv {
238 	struct usb_device *udev;
239 	struct net_device *dev;
240 	struct mutex mtx;
241 	spinlock_t req_lock;
242 	struct list_head req_pending;
243 	struct list_head req_active;
244 	spinlock_t reply_count_lock;
245 	u16 hermes_reg_fake[0x40];
246 	u8 *bap_buf;
247 	struct urb *read_urb;
248 	int read_pipe;
249 	int write_pipe;
250 	u8 reply_count;
251 };
252 
253 enum ezusb_state {
254 	EZUSB_CTX_START,
255 	EZUSB_CTX_QUEUED,
256 	EZUSB_CTX_REQ_SUBMITTED,
257 	EZUSB_CTX_REQ_COMPLETE,
258 	EZUSB_CTX_RESP_RECEIVED,
259 	EZUSB_CTX_REQ_TIMEOUT,
260 	EZUSB_CTX_REQ_FAILED,
261 	EZUSB_CTX_RESP_TIMEOUT,
262 	EZUSB_CTX_REQSUBMIT_FAIL,
263 	EZUSB_CTX_COMPLETE,
264 };
265 
266 struct request_context {
267 	struct list_head list;
268 	refcount_t refcount;
269 	struct completion done;	/* Signals that CTX is dead */
270 	int killed;
271 	struct urb *outurb;	/* OUT for req pkt */
272 	struct ezusb_priv *upriv;
273 	struct ezusb_packet *buf;
274 	int buf_length;
275 	struct timer_list timer;	/* Timeout handling */
276 	enum ezusb_state state;	/* Current state */
277 	/* the RID that we will wait for */
278 	u16 out_rid;
279 	u16 in_rid;
280 };
281 
282 
283 /* Forward declarations */
284 static void ezusb_ctx_complete(struct request_context *ctx);
285 static void ezusb_req_queue_run(struct ezusb_priv *upriv);
286 static void ezusb_bulk_in_callback(struct urb *urb);
287 
ezusb_reply_inc(u8 count)288 static inline u8 ezusb_reply_inc(u8 count)
289 {
290 	if (count < 0x7F)
291 		return count + 1;
292 	else
293 		return 1;
294 }
295 
ezusb_request_context_put(struct request_context * ctx)296 static void ezusb_request_context_put(struct request_context *ctx)
297 {
298 	if (!refcount_dec_and_test(&ctx->refcount))
299 		return;
300 
301 	WARN_ON(!ctx->done.done);
302 	BUG_ON(ctx->outurb->status == -EINPROGRESS);
303 	BUG_ON(timer_pending(&ctx->timer));
304 	usb_free_urb(ctx->outurb);
305 	kfree(ctx->buf);
306 	kfree(ctx);
307 }
308 
ezusb_mod_timer(struct ezusb_priv * upriv,struct timer_list * timer,unsigned long expire)309 static inline void ezusb_mod_timer(struct ezusb_priv *upriv,
310 				   struct timer_list *timer,
311 				   unsigned long expire)
312 {
313 	if (!upriv->udev)
314 		return;
315 	mod_timer(timer, expire);
316 }
317 
ezusb_request_timerfn(struct timer_list * t)318 static void ezusb_request_timerfn(struct timer_list *t)
319 {
320 	struct request_context *ctx = from_timer(ctx, t, timer);
321 
322 	ctx->outurb->transfer_flags |= URB_ASYNC_UNLINK;
323 	if (usb_unlink_urb(ctx->outurb) == -EINPROGRESS) {
324 		ctx->state = EZUSB_CTX_REQ_TIMEOUT;
325 	} else {
326 		ctx->state = EZUSB_CTX_RESP_TIMEOUT;
327 		dev_dbg(&ctx->outurb->dev->dev, "couldn't unlink\n");
328 		refcount_inc(&ctx->refcount);
329 		ctx->killed = 1;
330 		ezusb_ctx_complete(ctx);
331 		ezusb_request_context_put(ctx);
332 	}
333 };
334 
ezusb_alloc_ctx(struct ezusb_priv * upriv,u16 out_rid,u16 in_rid)335 static struct request_context *ezusb_alloc_ctx(struct ezusb_priv *upriv,
336 					       u16 out_rid, u16 in_rid)
337 {
338 	struct request_context *ctx;
339 
340 	ctx = kzalloc(sizeof(*ctx), GFP_ATOMIC);
341 	if (!ctx)
342 		return NULL;
343 
344 	ctx->buf = kmalloc(BULK_BUF_SIZE, GFP_ATOMIC);
345 	if (!ctx->buf) {
346 		kfree(ctx);
347 		return NULL;
348 	}
349 	ctx->outurb = usb_alloc_urb(0, GFP_ATOMIC);
350 	if (!ctx->outurb) {
351 		kfree(ctx->buf);
352 		kfree(ctx);
353 		return NULL;
354 	}
355 
356 	ctx->upriv = upriv;
357 	ctx->state = EZUSB_CTX_START;
358 	ctx->out_rid = out_rid;
359 	ctx->in_rid = in_rid;
360 
361 	refcount_set(&ctx->refcount, 1);
362 	init_completion(&ctx->done);
363 
364 	timer_setup(&ctx->timer, ezusb_request_timerfn, 0);
365 	return ctx;
366 }
367 
ezusb_ctx_complete(struct request_context * ctx)368 static void ezusb_ctx_complete(struct request_context *ctx)
369 {
370 	struct ezusb_priv *upriv = ctx->upriv;
371 	unsigned long flags;
372 
373 	spin_lock_irqsave(&upriv->req_lock, flags);
374 
375 	list_del_init(&ctx->list);
376 	if (upriv->udev) {
377 		spin_unlock_irqrestore(&upriv->req_lock, flags);
378 		ezusb_req_queue_run(upriv);
379 		spin_lock_irqsave(&upriv->req_lock, flags);
380 	}
381 
382 	switch (ctx->state) {
383 	case EZUSB_CTX_COMPLETE:
384 	case EZUSB_CTX_REQSUBMIT_FAIL:
385 	case EZUSB_CTX_REQ_FAILED:
386 	case EZUSB_CTX_REQ_TIMEOUT:
387 	case EZUSB_CTX_RESP_TIMEOUT:
388 		spin_unlock_irqrestore(&upriv->req_lock, flags);
389 
390 		if ((ctx->out_rid == EZUSB_RID_TX) && upriv->dev) {
391 			struct net_device *dev = upriv->dev;
392 			struct net_device_stats *stats = &dev->stats;
393 
394 			if (ctx->state != EZUSB_CTX_COMPLETE)
395 				stats->tx_errors++;
396 			else
397 				stats->tx_packets++;
398 
399 			netif_wake_queue(dev);
400 		}
401 		complete_all(&ctx->done);
402 		ezusb_request_context_put(ctx);
403 		break;
404 
405 	default:
406 		spin_unlock_irqrestore(&upriv->req_lock, flags);
407 		if (!upriv->udev) {
408 			/* This is normal, as all request contexts get flushed
409 			 * when the device is disconnected */
410 			err("Called, CTX not terminating, but device gone");
411 			complete_all(&ctx->done);
412 			ezusb_request_context_put(ctx);
413 			break;
414 		}
415 
416 		err("Called, CTX not in terminating state.");
417 		/* Things are really bad if this happens. Just leak
418 		 * the CTX because it may still be linked to the
419 		 * queue or the OUT urb may still be active.
420 		 * Just leaking at least prevents an Oops or Panic.
421 		 */
422 		break;
423 	}
424 }
425 
426 /*
427  * ezusb_req_queue_run:
428  * Description:
429  *	Note: Only one active CTX at any one time, because there's no
430  *	other (reliable) way to match the response URB to the correct
431  *	CTX.
432  */
ezusb_req_queue_run(struct ezusb_priv * upriv)433 static void ezusb_req_queue_run(struct ezusb_priv *upriv)
434 {
435 	unsigned long flags;
436 	struct request_context *ctx;
437 	int result;
438 
439 	spin_lock_irqsave(&upriv->req_lock, flags);
440 
441 	if (!list_empty(&upriv->req_active))
442 		goto unlock;
443 
444 	if (list_empty(&upriv->req_pending))
445 		goto unlock;
446 
447 	ctx =
448 	    list_entry(upriv->req_pending.next, struct request_context,
449 		       list);
450 
451 	if (!ctx->upriv->udev)
452 		goto unlock;
453 
454 	/* We need to split this off to avoid a race condition */
455 	list_move_tail(&ctx->list, &upriv->req_active);
456 
457 	if (ctx->state == EZUSB_CTX_QUEUED) {
458 		refcount_inc(&ctx->refcount);
459 		result = usb_submit_urb(ctx->outurb, GFP_ATOMIC);
460 		if (result) {
461 			ctx->state = EZUSB_CTX_REQSUBMIT_FAIL;
462 
463 			spin_unlock_irqrestore(&upriv->req_lock, flags);
464 
465 			err("Fatal, failed to submit command urb."
466 			    " error=%d\n", result);
467 
468 			ezusb_ctx_complete(ctx);
469 			ezusb_request_context_put(ctx);
470 			goto done;
471 		}
472 
473 		ctx->state = EZUSB_CTX_REQ_SUBMITTED;
474 		ezusb_mod_timer(ctx->upriv, &ctx->timer,
475 				jiffies + DEF_TIMEOUT);
476 	}
477 
478  unlock:
479 	spin_unlock_irqrestore(&upriv->req_lock, flags);
480 
481  done:
482 	return;
483 }
484 
ezusb_req_enqueue_run(struct ezusb_priv * upriv,struct request_context * ctx)485 static void ezusb_req_enqueue_run(struct ezusb_priv *upriv,
486 				  struct request_context *ctx)
487 {
488 	unsigned long flags;
489 
490 	spin_lock_irqsave(&upriv->req_lock, flags);
491 
492 	if (!ctx->upriv->udev) {
493 		spin_unlock_irqrestore(&upriv->req_lock, flags);
494 		goto done;
495 	}
496 	refcount_inc(&ctx->refcount);
497 	list_add_tail(&ctx->list, &upriv->req_pending);
498 	spin_unlock_irqrestore(&upriv->req_lock, flags);
499 
500 	ctx->state = EZUSB_CTX_QUEUED;
501 	ezusb_req_queue_run(upriv);
502 
503  done:
504 	return;
505 }
506 
ezusb_request_out_callback(struct urb * urb)507 static void ezusb_request_out_callback(struct urb *urb)
508 {
509 	unsigned long flags;
510 	enum ezusb_state state;
511 	struct request_context *ctx = urb->context;
512 	struct ezusb_priv *upriv = ctx->upriv;
513 
514 	spin_lock_irqsave(&upriv->req_lock, flags);
515 
516 	del_timer(&ctx->timer);
517 
518 	if (ctx->killed) {
519 		spin_unlock_irqrestore(&upriv->req_lock, flags);
520 		pr_warn("interrupt called with dead ctx\n");
521 		goto out;
522 	}
523 
524 	state = ctx->state;
525 
526 	if (urb->status == 0) {
527 		switch (state) {
528 		case EZUSB_CTX_REQ_SUBMITTED:
529 			if (ctx->in_rid) {
530 				ctx->state = EZUSB_CTX_REQ_COMPLETE;
531 				/* reply URB still pending */
532 				ezusb_mod_timer(upriv, &ctx->timer,
533 						jiffies + DEF_TIMEOUT);
534 				spin_unlock_irqrestore(&upriv->req_lock,
535 						       flags);
536 				break;
537 			}
538 			fallthrough;
539 		case EZUSB_CTX_RESP_RECEIVED:
540 			/* IN already received before this OUT-ACK */
541 			ctx->state = EZUSB_CTX_COMPLETE;
542 			spin_unlock_irqrestore(&upriv->req_lock, flags);
543 			ezusb_ctx_complete(ctx);
544 			break;
545 
546 		default:
547 			spin_unlock_irqrestore(&upriv->req_lock, flags);
548 			err("Unexpected state(0x%x, %d) in OUT URB",
549 			    state, urb->status);
550 			break;
551 		}
552 	} else {
553 		/* If someone cancels the OUT URB then its status
554 		 * should be either -ECONNRESET or -ENOENT.
555 		 */
556 		switch (state) {
557 		case EZUSB_CTX_REQ_SUBMITTED:
558 		case EZUSB_CTX_RESP_RECEIVED:
559 			ctx->state = EZUSB_CTX_REQ_FAILED;
560 			fallthrough;
561 
562 		case EZUSB_CTX_REQ_FAILED:
563 		case EZUSB_CTX_REQ_TIMEOUT:
564 			spin_unlock_irqrestore(&upriv->req_lock, flags);
565 
566 			ezusb_ctx_complete(ctx);
567 			break;
568 
569 		default:
570 			spin_unlock_irqrestore(&upriv->req_lock, flags);
571 
572 			err("Unexpected state(0x%x, %d) in OUT URB",
573 			    state, urb->status);
574 			break;
575 		}
576 	}
577  out:
578 	ezusb_request_context_put(ctx);
579 }
580 
ezusb_request_in_callback(struct ezusb_priv * upriv,struct urb * urb)581 static void ezusb_request_in_callback(struct ezusb_priv *upriv,
582 				      struct urb *urb)
583 {
584 	struct ezusb_packet *ans = urb->transfer_buffer;
585 	struct request_context *ctx = NULL;
586 	enum ezusb_state state;
587 	unsigned long flags;
588 
589 	/* Find the CTX on the active queue that requested this URB */
590 	spin_lock_irqsave(&upriv->req_lock, flags);
591 	if (upriv->udev) {
592 		struct list_head *item;
593 
594 		list_for_each(item, &upriv->req_active) {
595 			struct request_context *c;
596 			int reply_count;
597 
598 			c = list_entry(item, struct request_context, list);
599 			reply_count =
600 			    ezusb_reply_inc(c->buf->req_reply_count);
601 			if ((ans->ans_reply_count == reply_count)
602 			    && (le16_to_cpu(ans->hermes_rid) == c->in_rid)) {
603 				ctx = c;
604 				break;
605 			}
606 			netdev_dbg(upriv->dev, "Skipped (0x%x/0x%x) (%d/%d)\n",
607 				   le16_to_cpu(ans->hermes_rid), c->in_rid,
608 				   ans->ans_reply_count, reply_count);
609 		}
610 	}
611 
612 	if (ctx == NULL) {
613 		spin_unlock_irqrestore(&upriv->req_lock, flags);
614 		err("%s: got unexpected RID: 0x%04X", __func__,
615 		    le16_to_cpu(ans->hermes_rid));
616 		ezusb_req_queue_run(upriv);
617 		return;
618 	}
619 
620 	/* The data we want is in the in buffer, exchange */
621 	urb->transfer_buffer = ctx->buf;
622 	ctx->buf = (void *) ans;
623 	ctx->buf_length = urb->actual_length;
624 
625 	state = ctx->state;
626 	switch (state) {
627 	case EZUSB_CTX_REQ_SUBMITTED:
628 		/* We have received our response URB before
629 		 * our request has been acknowledged. Do NOT
630 		 * destroy our CTX yet, because our OUT URB
631 		 * is still alive ...
632 		 */
633 		ctx->state = EZUSB_CTX_RESP_RECEIVED;
634 		spin_unlock_irqrestore(&upriv->req_lock, flags);
635 
636 		/* Let the machine continue running. */
637 		break;
638 
639 	case EZUSB_CTX_REQ_COMPLETE:
640 		/* This is the usual path: our request
641 		 * has already been acknowledged, and
642 		 * we have now received the reply.
643 		 */
644 		ctx->state = EZUSB_CTX_COMPLETE;
645 
646 		/* Stop the intimer */
647 		del_timer(&ctx->timer);
648 		spin_unlock_irqrestore(&upriv->req_lock, flags);
649 
650 		/* Call the completion handler */
651 		ezusb_ctx_complete(ctx);
652 		break;
653 
654 	default:
655 		spin_unlock_irqrestore(&upriv->req_lock, flags);
656 
657 		pr_warn("Matched IN URB, unexpected context state(0x%x)\n",
658 			state);
659 		/* Throw this CTX away and try submitting another */
660 		del_timer(&ctx->timer);
661 		ctx->outurb->transfer_flags |= URB_ASYNC_UNLINK;
662 		usb_unlink_urb(ctx->outurb);
663 		ezusb_req_queue_run(upriv);
664 		break;
665 	}			/* switch */
666 }
667 
668 typedef void (*ezusb_ctx_wait)(struct ezusb_priv *, struct request_context *);
669 
ezusb_req_ctx_wait_compl(struct ezusb_priv * upriv,struct request_context * ctx)670 static void ezusb_req_ctx_wait_compl(struct ezusb_priv *upriv,
671 				     struct request_context *ctx)
672 {
673 	switch (ctx->state) {
674 	case EZUSB_CTX_QUEUED:
675 	case EZUSB_CTX_REQ_SUBMITTED:
676 	case EZUSB_CTX_REQ_COMPLETE:
677 	case EZUSB_CTX_RESP_RECEIVED:
678 		wait_for_completion(&ctx->done);
679 		break;
680 	default:
681 		/* Done or failed - nothing to wait for */
682 		break;
683 	}
684 }
685 
ezusb_req_ctx_wait_poll(struct ezusb_priv * upriv,struct request_context * ctx)686 static void ezusb_req_ctx_wait_poll(struct ezusb_priv *upriv,
687 				    struct request_context *ctx)
688 {
689 	int msecs;
690 
691 	switch (ctx->state) {
692 	case EZUSB_CTX_QUEUED:
693 	case EZUSB_CTX_REQ_SUBMITTED:
694 	case EZUSB_CTX_REQ_COMPLETE:
695 	case EZUSB_CTX_RESP_RECEIVED:
696 		/* If we get called from a timer or with our lock acquired, then
697 		 * we can't wait for the completion and have to poll. This won't
698 		 * happen if the USB controller completes the URB requests in
699 		 * BH.
700 		 */
701 		msecs = DEF_TIMEOUT * (1000 / HZ);
702 
703 		while (!try_wait_for_completion(&ctx->done) && msecs--)
704 			udelay(1000);
705 		break;
706 	default:
707 		/* Done or failed - nothing to wait for */
708 		break;
709 	}
710 }
711 
ezusb_req_ctx_wait_skip(struct ezusb_priv * upriv,struct request_context * ctx)712 static void ezusb_req_ctx_wait_skip(struct ezusb_priv *upriv,
713 				    struct request_context *ctx)
714 {
715 	WARN(1, "Shouldn't be invoked for in_rid\n");
716 }
717 
build_crc(struct ezusb_packet * data)718 static inline u16 build_crc(struct ezusb_packet *data)
719 {
720 	u16 crc = 0;
721 	u8 *bytes = (u8 *)data;
722 	int i;
723 
724 	for (i = 0; i < 8; i++)
725 		crc = (crc << 1) + bytes[i];
726 
727 	return crc;
728 }
729 
730 /*
731  * ezusb_fill_req:
732  *
733  * if data == NULL and length > 0 the data is assumed to be already in
734  * the target buffer and only the header is filled.
735  *
736  */
ezusb_fill_req(struct ezusb_packet * req,u16 length,u16 rid,const void * data,u16 frame_type,u8 reply_count)737 static int ezusb_fill_req(struct ezusb_packet *req, u16 length, u16 rid,
738 			  const void *data, u16 frame_type, u8 reply_count)
739 {
740 	int total_size = sizeof(*req) + length;
741 
742 	BUG_ON(total_size > BULK_BUF_SIZE);
743 
744 	req->magic = cpu_to_le16(EZUSB_MAGIC);
745 	req->req_reply_count = reply_count;
746 	req->ans_reply_count = 0;
747 	req->frame_type = cpu_to_le16(frame_type);
748 	req->size = cpu_to_le16(length + 4);
749 	req->crc = cpu_to_le16(build_crc(req));
750 	req->hermes_len = cpu_to_le16(HERMES_BYTES_TO_RECLEN(length));
751 	req->hermes_rid = cpu_to_le16(rid);
752 	if (data)
753 		memcpy(req->data, data, length);
754 	return total_size;
755 }
756 
ezusb_submit_in_urb(struct ezusb_priv * upriv)757 static int ezusb_submit_in_urb(struct ezusb_priv *upriv)
758 {
759 	int retval = 0;
760 	void *cur_buf = upriv->read_urb->transfer_buffer;
761 
762 	if (upriv->read_urb->status == -EINPROGRESS) {
763 		netdev_dbg(upriv->dev, "urb busy, not resubmiting\n");
764 		retval = -EBUSY;
765 		goto exit;
766 	}
767 	usb_fill_bulk_urb(upriv->read_urb, upriv->udev, upriv->read_pipe,
768 			  cur_buf, BULK_BUF_SIZE,
769 			  ezusb_bulk_in_callback, upriv);
770 	upriv->read_urb->transfer_flags = 0;
771 	retval = usb_submit_urb(upriv->read_urb, GFP_ATOMIC);
772 	if (retval)
773 		err("%s submit failed %d", __func__, retval);
774 
775  exit:
776 	return retval;
777 }
778 
ezusb_8051_cpucs(struct ezusb_priv * upriv,int reset)779 static inline int ezusb_8051_cpucs(struct ezusb_priv *upriv, int reset)
780 {
781 	int ret;
782 	u8 *res_val = NULL;
783 
784 	if (!upriv->udev) {
785 		err("%s: !upriv->udev", __func__);
786 		return -EFAULT;
787 	}
788 
789 	res_val = kmalloc(sizeof(*res_val), GFP_KERNEL);
790 
791 	if (!res_val)
792 		return -ENOMEM;
793 
794 	*res_val = reset;	/* avoid argument promotion */
795 
796 	ret =  usb_control_msg(upriv->udev,
797 			       usb_sndctrlpipe(upriv->udev, 0),
798 			       EZUSB_REQUEST_FW_TRANS,
799 			       USB_TYPE_VENDOR | USB_RECIP_DEVICE |
800 			       USB_DIR_OUT, EZUSB_CPUCS_REG, 0, res_val,
801 			       sizeof(*res_val), DEF_TIMEOUT);
802 
803 	kfree(res_val);
804 
805 	return ret;
806 }
807 
ezusb_firmware_download(struct ezusb_priv * upriv,struct ez_usb_fw * fw)808 static int ezusb_firmware_download(struct ezusb_priv *upriv,
809 				   struct ez_usb_fw *fw)
810 {
811 	u8 *fw_buffer;
812 	int retval, addr;
813 	int variant_offset;
814 
815 	fw_buffer = kmalloc(FW_BUF_SIZE, GFP_KERNEL);
816 	if (!fw_buffer) {
817 		printk(KERN_ERR PFX "Out of memory for firmware buffer.\n");
818 		return -ENOMEM;
819 	}
820 	/*
821 	 * This byte is 1 and should be replaced with 0.  The offset is
822 	 * 0x10AD in version 0.0.6.  The byte in question should follow
823 	 * the end of the code pointed to by the jump in the beginning
824 	 * of the firmware.  Also, it is read by code located at 0x358.
825 	 */
826 	variant_offset = be16_to_cpup((__be16 *) &fw->code[FW_VAR_OFFSET_PTR]);
827 	if (variant_offset >= fw->size) {
828 		printk(KERN_ERR PFX "Invalid firmware variant offset: "
829 		       "0x%04x\n", variant_offset);
830 		retval = -EINVAL;
831 		goto fail;
832 	}
833 
834 	retval = ezusb_8051_cpucs(upriv, 1);
835 	if (retval < 0)
836 		goto fail;
837 	for (addr = 0; addr < fw->size; addr += FW_BUF_SIZE) {
838 		/* 0x100-0x300 should be left alone, it contains card
839 		 * specific data, like USB enumeration information */
840 		if ((addr >= FW_HOLE_START) && (addr < FW_HOLE_END))
841 			continue;
842 
843 		memcpy(fw_buffer, &fw->code[addr], FW_BUF_SIZE);
844 		if (variant_offset >= addr &&
845 		    variant_offset < addr + FW_BUF_SIZE) {
846 			netdev_dbg(upriv->dev,
847 				   "Patching card_variant byte at 0x%04X\n",
848 				   variant_offset);
849 			fw_buffer[variant_offset - addr] = FW_VAR_VALUE;
850 		}
851 		retval = usb_control_msg(upriv->udev,
852 					 usb_sndctrlpipe(upriv->udev, 0),
853 					 EZUSB_REQUEST_FW_TRANS,
854 					 USB_TYPE_VENDOR | USB_RECIP_DEVICE
855 					 | USB_DIR_OUT,
856 					 addr, 0x0,
857 					 fw_buffer, FW_BUF_SIZE,
858 					 DEF_TIMEOUT);
859 
860 		if (retval < 0)
861 			goto fail;
862 	}
863 	retval = ezusb_8051_cpucs(upriv, 0);
864 	if (retval < 0)
865 		goto fail;
866 
867 	goto exit;
868  fail:
869 	printk(KERN_ERR PFX "Firmware download failed, error %d\n",
870 	       retval);
871  exit:
872 	kfree(fw_buffer);
873 	return retval;
874 }
875 
ezusb_access_ltv(struct ezusb_priv * upriv,struct request_context * ctx,u16 length,const void * data,u16 frame_type,void * ans_buff,unsigned ans_size,u16 * ans_length,ezusb_ctx_wait ezusb_ctx_wait_func)876 static int ezusb_access_ltv(struct ezusb_priv *upriv,
877 			    struct request_context *ctx,
878 			    u16 length, const void *data, u16 frame_type,
879 			    void *ans_buff, unsigned ans_size, u16 *ans_length,
880 			    ezusb_ctx_wait ezusb_ctx_wait_func)
881 {
882 	int req_size;
883 	int retval = 0;
884 	enum ezusb_state state;
885 
886 	if (!upriv->udev) {
887 		retval = -ENODEV;
888 		goto exit;
889 	}
890 
891 	if (upriv->read_urb->status != -EINPROGRESS)
892 		err("%s: in urb not pending", __func__);
893 
894 	/* protect upriv->reply_count, guarantee sequential numbers */
895 	spin_lock_bh(&upriv->reply_count_lock);
896 	req_size = ezusb_fill_req(ctx->buf, length, ctx->out_rid, data,
897 				  frame_type, upriv->reply_count);
898 	usb_fill_bulk_urb(ctx->outurb, upriv->udev, upriv->write_pipe,
899 			  ctx->buf, req_size,
900 			  ezusb_request_out_callback, ctx);
901 
902 	if (ctx->in_rid)
903 		upriv->reply_count = ezusb_reply_inc(upriv->reply_count);
904 
905 	ezusb_req_enqueue_run(upriv, ctx);
906 
907 	spin_unlock_bh(&upriv->reply_count_lock);
908 
909 	if (ctx->in_rid)
910 		ezusb_ctx_wait_func(upriv, ctx);
911 
912 	state = ctx->state;
913 	switch (state) {
914 	case EZUSB_CTX_COMPLETE:
915 		retval = ctx->outurb->status;
916 		break;
917 
918 	case EZUSB_CTX_QUEUED:
919 	case EZUSB_CTX_REQ_SUBMITTED:
920 		if (!ctx->in_rid)
921 			break;
922 		fallthrough;
923 	default:
924 		err("%s: Unexpected context state %d", __func__,
925 		    state);
926 		fallthrough;
927 	case EZUSB_CTX_REQ_TIMEOUT:
928 	case EZUSB_CTX_REQ_FAILED:
929 	case EZUSB_CTX_RESP_TIMEOUT:
930 	case EZUSB_CTX_REQSUBMIT_FAIL:
931 		printk(KERN_ERR PFX "Access failed, resetting (state %d,"
932 		       " reply_count %d)\n", state, upriv->reply_count);
933 		upriv->reply_count = 0;
934 		if (state == EZUSB_CTX_REQ_TIMEOUT
935 		    || state == EZUSB_CTX_RESP_TIMEOUT) {
936 			printk(KERN_ERR PFX "ctx timed out\n");
937 			retval = -ETIMEDOUT;
938 		} else {
939 			printk(KERN_ERR PFX "ctx failed\n");
940 			retval = -EFAULT;
941 		}
942 		goto exit;
943 	}
944 	if (ctx->in_rid) {
945 		struct ezusb_packet *ans = ctx->buf;
946 		unsigned exp_len;
947 
948 		if (ans->hermes_len != 0)
949 			exp_len = le16_to_cpu(ans->hermes_len) * 2 + 12;
950 		else
951 			exp_len = 14;
952 
953 		if (exp_len != ctx->buf_length) {
954 			err("%s: length mismatch for RID 0x%04x: "
955 			    "expected %d, got %d", __func__,
956 			    ctx->in_rid, exp_len, ctx->buf_length);
957 			retval = -EIO;
958 			goto exit;
959 		}
960 
961 		if (ans_buff)
962 			memcpy(ans_buff, ans->data, min(exp_len, ans_size));
963 		if (ans_length)
964 			*ans_length = le16_to_cpu(ans->hermes_len);
965 	}
966  exit:
967 	ezusb_request_context_put(ctx);
968 	return retval;
969 }
970 
__ezusb_write_ltv(struct hermes * hw,int bap,u16 rid,u16 length,const void * data,ezusb_ctx_wait ezusb_ctx_wait_func)971 static int __ezusb_write_ltv(struct hermes *hw, int bap, u16 rid,
972 			   u16 length, const void *data,
973 			   ezusb_ctx_wait ezusb_ctx_wait_func)
974 {
975 	struct ezusb_priv *upriv = hw->priv;
976 	u16 frame_type;
977 	struct request_context *ctx;
978 
979 	if (length == 0)
980 		return -EINVAL;
981 
982 	length = HERMES_RECLEN_TO_BYTES(length);
983 
984 	/* On memory mapped devices HERMES_RID_CNFGROUPADDRESSES can be
985 	 * set to be empty, but the USB bridge doesn't like it */
986 	if (length == 0)
987 		return 0;
988 
989 	ctx = ezusb_alloc_ctx(upriv, rid, EZUSB_RID_ACK);
990 	if (!ctx)
991 		return -ENOMEM;
992 
993 	if (rid == EZUSB_RID_TX)
994 		frame_type = EZUSB_FRAME_DATA;
995 	else
996 		frame_type = EZUSB_FRAME_CONTROL;
997 
998 	return ezusb_access_ltv(upriv, ctx, length, data, frame_type,
999 				NULL, 0, NULL, ezusb_ctx_wait_func);
1000 }
1001 
ezusb_write_ltv(struct hermes * hw,int bap,u16 rid,u16 length,const void * data)1002 static int ezusb_write_ltv(struct hermes *hw, int bap, u16 rid,
1003 			   u16 length, const void *data)
1004 {
1005 	return __ezusb_write_ltv(hw, bap, rid, length, data,
1006 				 ezusb_req_ctx_wait_poll);
1007 }
1008 
__ezusb_read_ltv(struct hermes * hw,int bap,u16 rid,unsigned bufsize,u16 * length,void * buf,ezusb_ctx_wait ezusb_ctx_wait_func)1009 static int __ezusb_read_ltv(struct hermes *hw, int bap, u16 rid,
1010 			    unsigned bufsize, u16 *length, void *buf,
1011 			    ezusb_ctx_wait ezusb_ctx_wait_func)
1012 
1013 {
1014 	struct ezusb_priv *upriv = hw->priv;
1015 	struct request_context *ctx;
1016 
1017 	if (bufsize % 2)
1018 		return -EINVAL;
1019 
1020 	ctx = ezusb_alloc_ctx(upriv, rid, rid);
1021 	if (!ctx)
1022 		return -ENOMEM;
1023 
1024 	return ezusb_access_ltv(upriv, ctx, 0, NULL, EZUSB_FRAME_CONTROL,
1025 				buf, bufsize, length, ezusb_req_ctx_wait_poll);
1026 }
1027 
ezusb_read_ltv(struct hermes * hw,int bap,u16 rid,unsigned bufsize,u16 * length,void * buf)1028 static int ezusb_read_ltv(struct hermes *hw, int bap, u16 rid,
1029 			    unsigned bufsize, u16 *length, void *buf)
1030 {
1031 	return __ezusb_read_ltv(hw, bap, rid, bufsize, length, buf,
1032 				ezusb_req_ctx_wait_poll);
1033 }
1034 
ezusb_read_ltv_preempt(struct hermes * hw,int bap,u16 rid,unsigned bufsize,u16 * length,void * buf)1035 static int ezusb_read_ltv_preempt(struct hermes *hw, int bap, u16 rid,
1036 				  unsigned bufsize, u16 *length, void *buf)
1037 {
1038 	return __ezusb_read_ltv(hw, bap, rid, bufsize, length, buf,
1039 				ezusb_req_ctx_wait_compl);
1040 }
1041 
ezusb_doicmd_wait(struct hermes * hw,u16 cmd,u16 parm0,u16 parm1,u16 parm2,struct hermes_response * resp)1042 static int ezusb_doicmd_wait(struct hermes *hw, u16 cmd, u16 parm0, u16 parm1,
1043 			     u16 parm2, struct hermes_response *resp)
1044 {
1045 	WARN_ON_ONCE(1);
1046 	return -EINVAL;
1047 }
1048 
__ezusb_docmd_wait(struct hermes * hw,u16 cmd,u16 parm0,struct hermes_response * resp,ezusb_ctx_wait ezusb_ctx_wait_func)1049 static int __ezusb_docmd_wait(struct hermes *hw, u16 cmd, u16 parm0,
1050 			    struct hermes_response *resp,
1051 			    ezusb_ctx_wait ezusb_ctx_wait_func)
1052 {
1053 	struct ezusb_priv *upriv = hw->priv;
1054 	struct request_context *ctx;
1055 
1056 	__le16 data[4] = {
1057 		cpu_to_le16(cmd),
1058 		cpu_to_le16(parm0),
1059 		0,
1060 		0,
1061 	};
1062 	netdev_dbg(upriv->dev, "0x%04X, parm0 0x%04X\n", cmd, parm0);
1063 	ctx = ezusb_alloc_ctx(upriv, EZUSB_RID_DOCMD, EZUSB_RID_ACK);
1064 	if (!ctx)
1065 		return -ENOMEM;
1066 
1067 	return ezusb_access_ltv(upriv, ctx, sizeof(data), &data,
1068 				EZUSB_FRAME_CONTROL, NULL, 0, NULL,
1069 				ezusb_ctx_wait_func);
1070 }
1071 
ezusb_docmd_wait(struct hermes * hw,u16 cmd,u16 parm0,struct hermes_response * resp)1072 static int ezusb_docmd_wait(struct hermes *hw, u16 cmd, u16 parm0,
1073 			    struct hermes_response *resp)
1074 {
1075 	return __ezusb_docmd_wait(hw, cmd, parm0, resp, ezusb_req_ctx_wait_poll);
1076 }
1077 
ezusb_bap_pread(struct hermes * hw,int bap,void * buf,int len,u16 id,u16 offset)1078 static int ezusb_bap_pread(struct hermes *hw, int bap,
1079 			   void *buf, int len, u16 id, u16 offset)
1080 {
1081 	struct ezusb_priv *upriv = hw->priv;
1082 	struct ezusb_packet *ans = (void *) upriv->read_urb->transfer_buffer;
1083 	int actual_length = upriv->read_urb->actual_length;
1084 
1085 	if (id == EZUSB_RID_RX) {
1086 		if ((sizeof(*ans) + offset + len) > actual_length) {
1087 			printk(KERN_ERR PFX "BAP read beyond buffer end "
1088 			       "in rx frame\n");
1089 			return -EINVAL;
1090 		}
1091 		memcpy(buf, ans->data + offset, len);
1092 		return 0;
1093 	}
1094 
1095 	if (EZUSB_IS_INFO(id)) {
1096 		/* Include 4 bytes for length/type */
1097 		if ((sizeof(*ans) + offset + len - 4) > actual_length) {
1098 			printk(KERN_ERR PFX "BAP read beyond buffer end "
1099 			       "in info frame\n");
1100 			return -EFAULT;
1101 		}
1102 		memcpy(buf, ans->data + offset - 4, len);
1103 	} else {
1104 		printk(KERN_ERR PFX "Unexpected fid 0x%04x\n", id);
1105 		return -EINVAL;
1106 	}
1107 
1108 	return 0;
1109 }
1110 
ezusb_read_pda(struct hermes * hw,__le16 * pda,u32 pda_addr,u16 pda_len)1111 static int ezusb_read_pda(struct hermes *hw, __le16 *pda,
1112 			  u32 pda_addr, u16 pda_len)
1113 {
1114 	struct ezusb_priv *upriv = hw->priv;
1115 	struct request_context *ctx;
1116 	__le16 data[] = {
1117 		cpu_to_le16(pda_addr & 0xffff),
1118 		cpu_to_le16(pda_len - 4)
1119 	};
1120 	ctx = ezusb_alloc_ctx(upriv, EZUSB_RID_READ_PDA, EZUSB_RID_READ_PDA);
1121 	if (!ctx)
1122 		return -ENOMEM;
1123 
1124 	/* wl_lkm does not include PDA size in the PDA area.
1125 	 * We will pad the information into pda, so other routines
1126 	 * don't have to be modified */
1127 	pda[0] = cpu_to_le16(pda_len - 2);
1128 	/* Includes CFG_PROD_DATA but not itself */
1129 	pda[1] = cpu_to_le16(0x0800); /* CFG_PROD_DATA */
1130 
1131 	return ezusb_access_ltv(upriv, ctx, sizeof(data), &data,
1132 				EZUSB_FRAME_CONTROL, &pda[2], pda_len - 4,
1133 				NULL, ezusb_req_ctx_wait_compl);
1134 }
1135 
ezusb_program_init(struct hermes * hw,u32 entry_point)1136 static int ezusb_program_init(struct hermes *hw, u32 entry_point)
1137 {
1138 	struct ezusb_priv *upriv = hw->priv;
1139 	struct request_context *ctx;
1140 	__le32 data = cpu_to_le32(entry_point);
1141 
1142 	ctx = ezusb_alloc_ctx(upriv, EZUSB_RID_PROG_INIT, EZUSB_RID_ACK);
1143 	if (!ctx)
1144 		return -ENOMEM;
1145 
1146 	return ezusb_access_ltv(upriv, ctx, sizeof(data), &data,
1147 				EZUSB_FRAME_CONTROL, NULL, 0, NULL,
1148 				ezusb_req_ctx_wait_compl);
1149 }
1150 
ezusb_program_end(struct hermes * hw)1151 static int ezusb_program_end(struct hermes *hw)
1152 {
1153 	struct ezusb_priv *upriv = hw->priv;
1154 	struct request_context *ctx;
1155 
1156 	ctx = ezusb_alloc_ctx(upriv, EZUSB_RID_PROG_END, EZUSB_RID_ACK);
1157 	if (!ctx)
1158 		return -ENOMEM;
1159 
1160 	return ezusb_access_ltv(upriv, ctx, 0, NULL,
1161 				EZUSB_FRAME_CONTROL, NULL, 0, NULL,
1162 				ezusb_req_ctx_wait_compl);
1163 }
1164 
ezusb_program_bytes(struct hermes * hw,const char * buf,u32 addr,u32 len)1165 static int ezusb_program_bytes(struct hermes *hw, const char *buf,
1166 			       u32 addr, u32 len)
1167 {
1168 	struct ezusb_priv *upriv = hw->priv;
1169 	struct request_context *ctx;
1170 	__le32 data = cpu_to_le32(addr);
1171 	int err;
1172 
1173 	ctx = ezusb_alloc_ctx(upriv, EZUSB_RID_PROG_SET_ADDR, EZUSB_RID_ACK);
1174 	if (!ctx)
1175 		return -ENOMEM;
1176 
1177 	err = ezusb_access_ltv(upriv, ctx, sizeof(data), &data,
1178 			       EZUSB_FRAME_CONTROL, NULL, 0, NULL,
1179 			       ezusb_req_ctx_wait_compl);
1180 	if (err)
1181 		return err;
1182 
1183 	ctx = ezusb_alloc_ctx(upriv, EZUSB_RID_PROG_BYTES, EZUSB_RID_ACK);
1184 	if (!ctx)
1185 		return -ENOMEM;
1186 
1187 	return ezusb_access_ltv(upriv, ctx, len, buf,
1188 				EZUSB_FRAME_CONTROL, NULL, 0, NULL,
1189 				ezusb_req_ctx_wait_compl);
1190 }
1191 
ezusb_program(struct hermes * hw,const char * buf,u32 addr,u32 len)1192 static int ezusb_program(struct hermes *hw, const char *buf,
1193 			 u32 addr, u32 len)
1194 {
1195 	u32 ch_addr;
1196 	u32 ch_len;
1197 	int err = 0;
1198 
1199 	/* We can only send 2048 bytes out of the bulk xmit at a time,
1200 	 * so we have to split any programming into chunks of <2048
1201 	 * bytes. */
1202 
1203 	ch_len = (len < MAX_DL_SIZE) ? len : MAX_DL_SIZE;
1204 	ch_addr = addr;
1205 
1206 	while (ch_addr < (addr + len)) {
1207 		pr_debug("Programming subblock of length %d "
1208 			 "to address 0x%08x. Data @ %p\n",
1209 			 ch_len, ch_addr, &buf[ch_addr - addr]);
1210 
1211 		err = ezusb_program_bytes(hw, &buf[ch_addr - addr],
1212 					  ch_addr, ch_len);
1213 		if (err)
1214 			break;
1215 
1216 		ch_addr += ch_len;
1217 		ch_len = ((addr + len - ch_addr) < MAX_DL_SIZE) ?
1218 			(addr + len - ch_addr) : MAX_DL_SIZE;
1219 	}
1220 
1221 	return err;
1222 }
1223 
ezusb_xmit(struct sk_buff * skb,struct net_device * dev)1224 static netdev_tx_t ezusb_xmit(struct sk_buff *skb, struct net_device *dev)
1225 {
1226 	struct orinoco_private *priv = ndev_priv(dev);
1227 	struct net_device_stats *stats = &dev->stats;
1228 	struct ezusb_priv *upriv = priv->card;
1229 	u8 mic[MICHAEL_MIC_LEN + 1];
1230 	int err = 0;
1231 	int tx_control;
1232 	unsigned long flags;
1233 	struct request_context *ctx;
1234 	u8 *buf;
1235 	int tx_size;
1236 
1237 	if (!netif_running(dev)) {
1238 		printk(KERN_ERR "%s: Tx on stopped device!\n",
1239 		       dev->name);
1240 		return NETDEV_TX_BUSY;
1241 	}
1242 
1243 	if (netif_queue_stopped(dev)) {
1244 		printk(KERN_DEBUG "%s: Tx while transmitter busy!\n",
1245 		       dev->name);
1246 		return NETDEV_TX_BUSY;
1247 	}
1248 
1249 	if (orinoco_lock(priv, &flags) != 0) {
1250 		printk(KERN_ERR
1251 		       "%s: ezusb_xmit() called while hw_unavailable\n",
1252 		       dev->name);
1253 		return NETDEV_TX_BUSY;
1254 	}
1255 
1256 	if (!netif_carrier_ok(dev) ||
1257 	    (priv->iw_mode == NL80211_IFTYPE_MONITOR)) {
1258 		/* Oops, the firmware hasn't established a connection,
1259 		   silently drop the packet (this seems to be the
1260 		   safest approach). */
1261 		goto drop;
1262 	}
1263 
1264 	/* Check packet length */
1265 	if (skb->len < ETH_HLEN)
1266 		goto drop;
1267 
1268 	tx_control = 0;
1269 
1270 	err = orinoco_process_xmit_skb(skb, dev, priv, &tx_control,
1271 				       &mic[0]);
1272 	if (err)
1273 		goto drop;
1274 
1275 	ctx = ezusb_alloc_ctx(upriv, EZUSB_RID_TX, 0);
1276 	if (!ctx)
1277 		goto drop;
1278 
1279 	memset(ctx->buf, 0, BULK_BUF_SIZE);
1280 	buf = ctx->buf->data;
1281 
1282 	{
1283 		__le16 *tx_cntl = (__le16 *)buf;
1284 		*tx_cntl = cpu_to_le16(tx_control);
1285 		buf += sizeof(*tx_cntl);
1286 	}
1287 
1288 	memcpy(buf, skb->data, skb->len);
1289 	buf += skb->len;
1290 
1291 	if (tx_control & HERMES_TXCTRL_MIC) {
1292 		u8 *m = mic;
1293 		/* Mic has been offset so it can be copied to an even
1294 		 * address. We're copying eveything anyway, so we
1295 		 * don't need to copy that first byte. */
1296 		if (skb->len % 2)
1297 			m++;
1298 		memcpy(buf, m, MICHAEL_MIC_LEN);
1299 		buf += MICHAEL_MIC_LEN;
1300 	}
1301 
1302 	/* Finally, we actually initiate the send */
1303 	netif_stop_queue(dev);
1304 
1305 	/* The card may behave better if we send evenly sized usb transfers */
1306 	tx_size = ALIGN(buf - ctx->buf->data, 2);
1307 
1308 	err = ezusb_access_ltv(upriv, ctx, tx_size, NULL,
1309 			       EZUSB_FRAME_DATA, NULL, 0, NULL,
1310 			       ezusb_req_ctx_wait_skip);
1311 
1312 	if (err) {
1313 		netif_start_queue(dev);
1314 		if (net_ratelimit())
1315 			printk(KERN_ERR "%s: Error %d transmitting packet\n",
1316 				dev->name, err);
1317 		goto busy;
1318 	}
1319 
1320 	netif_trans_update(dev);
1321 	stats->tx_bytes += skb->len;
1322 	goto ok;
1323 
1324  drop:
1325 	stats->tx_errors++;
1326 	stats->tx_dropped++;
1327 
1328  ok:
1329 	orinoco_unlock(priv, &flags);
1330 	dev_kfree_skb(skb);
1331 	return NETDEV_TX_OK;
1332 
1333  busy:
1334 	orinoco_unlock(priv, &flags);
1335 	return NETDEV_TX_BUSY;
1336 }
1337 
ezusb_allocate(struct hermes * hw,u16 size,u16 * fid)1338 static int ezusb_allocate(struct hermes *hw, u16 size, u16 *fid)
1339 {
1340 	*fid = EZUSB_RID_TX;
1341 	return 0;
1342 }
1343 
1344 
ezusb_hard_reset(struct orinoco_private * priv)1345 static int ezusb_hard_reset(struct orinoco_private *priv)
1346 {
1347 	struct ezusb_priv *upriv = priv->card;
1348 	int retval = ezusb_8051_cpucs(upriv, 1);
1349 
1350 	if (retval < 0) {
1351 		err("Failed to reset");
1352 		return retval;
1353 	}
1354 
1355 	retval = ezusb_8051_cpucs(upriv, 0);
1356 	if (retval < 0) {
1357 		err("Failed to unreset");
1358 		return retval;
1359 	}
1360 
1361 	netdev_dbg(upriv->dev, "sending control message\n");
1362 	retval = usb_control_msg(upriv->udev,
1363 				 usb_sndctrlpipe(upriv->udev, 0),
1364 				 EZUSB_REQUEST_TRIGGER,
1365 				 USB_TYPE_VENDOR | USB_RECIP_DEVICE |
1366 				 USB_DIR_OUT, 0x0, 0x0, NULL, 0,
1367 				 DEF_TIMEOUT);
1368 	if (retval < 0) {
1369 		err("EZUSB_REQUEST_TRIGGER failed retval %d", retval);
1370 		return retval;
1371 	}
1372 #if 0
1373 	dbg("Sending EZUSB_REQUEST_TRIG_AC");
1374 	retval = usb_control_msg(upriv->udev,
1375 				 usb_sndctrlpipe(upriv->udev, 0),
1376 				 EZUSB_REQUEST_TRIG_AC,
1377 				 USB_TYPE_VENDOR | USB_RECIP_DEVICE |
1378 				 USB_DIR_OUT, 0x00FA, 0x0, NULL, 0,
1379 				 DEF_TIMEOUT);
1380 	if (retval < 0) {
1381 		err("EZUSB_REQUEST_TRIG_AC failed retval %d", retval);
1382 		return retval;
1383 	}
1384 #endif
1385 
1386 	return 0;
1387 }
1388 
1389 
ezusb_init(struct hermes * hw)1390 static int ezusb_init(struct hermes *hw)
1391 {
1392 	struct ezusb_priv *upriv = hw->priv;
1393 	int retval;
1394 
1395 	if (!upriv)
1396 		return -EINVAL;
1397 
1398 	upriv->reply_count = 0;
1399 	/* Write the MAGIC number on the simulated registers to keep
1400 	 * orinoco.c happy */
1401 	hermes_write_regn(hw, SWSUPPORT0, HERMES_MAGIC);
1402 	hermes_write_regn(hw, RXFID, EZUSB_RID_RX);
1403 
1404 	usb_kill_urb(upriv->read_urb);
1405 	ezusb_submit_in_urb(upriv);
1406 
1407 	retval = __ezusb_write_ltv(hw, 0, EZUSB_RID_INIT1,
1408 				 HERMES_BYTES_TO_RECLEN(2), "\x10\x00",
1409 				 ezusb_req_ctx_wait_compl);
1410 	if (retval < 0) {
1411 		printk(KERN_ERR PFX "EZUSB_RID_INIT1 error %d\n", retval);
1412 		return retval;
1413 	}
1414 
1415 	retval = __ezusb_docmd_wait(hw, HERMES_CMD_INIT, 0, NULL,
1416 				    ezusb_req_ctx_wait_compl);
1417 	if (retval < 0) {
1418 		printk(KERN_ERR PFX "HERMES_CMD_INIT error %d\n", retval);
1419 		return retval;
1420 	}
1421 
1422 	return 0;
1423 }
1424 
ezusb_bulk_in_callback(struct urb * urb)1425 static void ezusb_bulk_in_callback(struct urb *urb)
1426 {
1427 	struct ezusb_priv *upriv = (struct ezusb_priv *) urb->context;
1428 	struct ezusb_packet *ans = urb->transfer_buffer;
1429 	u16 crc;
1430 	u16 hermes_rid;
1431 
1432 	if (upriv->udev == NULL)
1433 		return;
1434 
1435 	if (urb->status == -ETIMEDOUT) {
1436 		/* When a device gets unplugged we get this every time
1437 		 * we resubmit, flooding the logs.  Since we don't use
1438 		 * USB timeouts, it shouldn't happen any other time*/
1439 		pr_warn("%s: urb timed out, not resubmitting\n", __func__);
1440 		return;
1441 	}
1442 	if (urb->status == -ECONNABORTED) {
1443 		pr_warn("%s: connection abort, resubmitting urb\n",
1444 			__func__);
1445 		goto resubmit;
1446 	}
1447 	if ((urb->status == -EILSEQ)
1448 	    || (urb->status == -ENOENT)
1449 	    || (urb->status == -ECONNRESET)) {
1450 		netdev_dbg(upriv->dev, "status %d, not resubmiting\n",
1451 			   urb->status);
1452 		return;
1453 	}
1454 	if (urb->status)
1455 		netdev_dbg(upriv->dev, "status: %d length: %d\n",
1456 			   urb->status, urb->actual_length);
1457 	if (urb->actual_length < sizeof(*ans)) {
1458 		err("%s: short read, ignoring", __func__);
1459 		goto resubmit;
1460 	}
1461 	crc = build_crc(ans);
1462 	if (le16_to_cpu(ans->crc) != crc) {
1463 		err("CRC error, ignoring packet");
1464 		goto resubmit;
1465 	}
1466 
1467 	hermes_rid = le16_to_cpu(ans->hermes_rid);
1468 	if ((hermes_rid != EZUSB_RID_RX) && !EZUSB_IS_INFO(hermes_rid)) {
1469 		ezusb_request_in_callback(upriv, urb);
1470 	} else if (upriv->dev) {
1471 		struct net_device *dev = upriv->dev;
1472 		struct orinoco_private *priv = ndev_priv(dev);
1473 		struct hermes *hw = &priv->hw;
1474 
1475 		if (hermes_rid == EZUSB_RID_RX) {
1476 			__orinoco_ev_rx(dev, hw);
1477 		} else {
1478 			hermes_write_regn(hw, INFOFID,
1479 					  le16_to_cpu(ans->hermes_rid));
1480 			__orinoco_ev_info(dev, hw);
1481 		}
1482 	}
1483 
1484  resubmit:
1485 	if (upriv->udev)
1486 		ezusb_submit_in_urb(upriv);
1487 }
1488 
ezusb_delete(struct ezusb_priv * upriv)1489 static inline void ezusb_delete(struct ezusb_priv *upriv)
1490 {
1491 	struct list_head *item;
1492 	struct list_head *tmp_item;
1493 	unsigned long flags;
1494 
1495 	BUG_ON(!upriv);
1496 
1497 	mutex_lock(&upriv->mtx);
1498 
1499 	upriv->udev = NULL;	/* No timer will be rearmed from here */
1500 
1501 	usb_kill_urb(upriv->read_urb);
1502 
1503 	spin_lock_irqsave(&upriv->req_lock, flags);
1504 	list_for_each_safe(item, tmp_item, &upriv->req_active) {
1505 		struct request_context *ctx;
1506 		int err;
1507 
1508 		ctx = list_entry(item, struct request_context, list);
1509 		refcount_inc(&ctx->refcount);
1510 
1511 		ctx->outurb->transfer_flags |= URB_ASYNC_UNLINK;
1512 		err = usb_unlink_urb(ctx->outurb);
1513 
1514 		spin_unlock_irqrestore(&upriv->req_lock, flags);
1515 		if (err == -EINPROGRESS)
1516 			wait_for_completion(&ctx->done);
1517 
1518 		del_timer_sync(&ctx->timer);
1519 		/* FIXME: there is an slight chance for the irq handler to
1520 		 * be running */
1521 		if (!list_empty(&ctx->list))
1522 			ezusb_ctx_complete(ctx);
1523 
1524 		ezusb_request_context_put(ctx);
1525 		spin_lock_irqsave(&upriv->req_lock, flags);
1526 	}
1527 	spin_unlock_irqrestore(&upriv->req_lock, flags);
1528 
1529 	list_for_each_safe(item, tmp_item, &upriv->req_pending)
1530 	    ezusb_ctx_complete(list_entry(item,
1531 					  struct request_context, list));
1532 
1533 	if (upriv->read_urb && upriv->read_urb->status == -EINPROGRESS)
1534 		printk(KERN_ERR PFX "Some URB in progress\n");
1535 
1536 	mutex_unlock(&upriv->mtx);
1537 
1538 	if (upriv->read_urb) {
1539 		kfree(upriv->read_urb->transfer_buffer);
1540 		usb_free_urb(upriv->read_urb);
1541 	}
1542 	kfree(upriv->bap_buf);
1543 	if (upriv->dev) {
1544 		struct orinoco_private *priv = ndev_priv(upriv->dev);
1545 		orinoco_if_del(priv);
1546 		wiphy_unregister(priv_to_wiphy(upriv));
1547 		free_orinocodev(priv);
1548 	}
1549 }
1550 
ezusb_lock_irqsave(spinlock_t * lock,unsigned long * flags)1551 static void ezusb_lock_irqsave(spinlock_t *lock,
1552 			       unsigned long *flags) __acquires(lock)
1553 {
1554 	spin_lock_bh(lock);
1555 }
1556 
ezusb_unlock_irqrestore(spinlock_t * lock,unsigned long * flags)1557 static void ezusb_unlock_irqrestore(spinlock_t *lock,
1558 				    unsigned long *flags) __releases(lock)
1559 {
1560 	spin_unlock_bh(lock);
1561 }
1562 
ezusb_lock_irq(spinlock_t * lock)1563 static void ezusb_lock_irq(spinlock_t *lock) __acquires(lock)
1564 {
1565 	spin_lock_bh(lock);
1566 }
1567 
ezusb_unlock_irq(spinlock_t * lock)1568 static void ezusb_unlock_irq(spinlock_t *lock) __releases(lock)
1569 {
1570 	spin_unlock_bh(lock);
1571 }
1572 
1573 static const struct hermes_ops ezusb_ops = {
1574 	.init = ezusb_init,
1575 	.cmd_wait = ezusb_docmd_wait,
1576 	.init_cmd_wait = ezusb_doicmd_wait,
1577 	.allocate = ezusb_allocate,
1578 	.read_ltv = ezusb_read_ltv,
1579 	.read_ltv_pr = ezusb_read_ltv_preempt,
1580 	.write_ltv = ezusb_write_ltv,
1581 	.bap_pread = ezusb_bap_pread,
1582 	.read_pda = ezusb_read_pda,
1583 	.program_init = ezusb_program_init,
1584 	.program_end = ezusb_program_end,
1585 	.program = ezusb_program,
1586 	.lock_irqsave = ezusb_lock_irqsave,
1587 	.unlock_irqrestore = ezusb_unlock_irqrestore,
1588 	.lock_irq = ezusb_lock_irq,
1589 	.unlock_irq = ezusb_unlock_irq,
1590 };
1591 
1592 static const struct net_device_ops ezusb_netdev_ops = {
1593 	.ndo_open		= orinoco_open,
1594 	.ndo_stop		= orinoco_stop,
1595 	.ndo_start_xmit		= ezusb_xmit,
1596 	.ndo_set_rx_mode	= orinoco_set_multicast_list,
1597 	.ndo_change_mtu		= orinoco_change_mtu,
1598 	.ndo_set_mac_address	= eth_mac_addr,
1599 	.ndo_validate_addr	= eth_validate_addr,
1600 	.ndo_tx_timeout		= orinoco_tx_timeout,
1601 };
1602 
ezusb_probe(struct usb_interface * interface,const struct usb_device_id * id)1603 static int ezusb_probe(struct usb_interface *interface,
1604 		       const struct usb_device_id *id)
1605 {
1606 	struct usb_device *udev = interface_to_usbdev(interface);
1607 	struct orinoco_private *priv;
1608 	struct hermes *hw;
1609 	struct ezusb_priv *upriv = NULL;
1610 	struct usb_interface_descriptor *iface_desc;
1611 	struct usb_endpoint_descriptor *ep;
1612 	const struct firmware *fw_entry = NULL;
1613 	int retval = 0;
1614 	int i;
1615 
1616 	priv = alloc_orinocodev(sizeof(*upriv), &udev->dev,
1617 				ezusb_hard_reset, NULL);
1618 	if (!priv) {
1619 		err("Couldn't allocate orinocodev");
1620 		retval = -ENOMEM;
1621 		goto exit;
1622 	}
1623 
1624 	hw = &priv->hw;
1625 
1626 	upriv = priv->card;
1627 
1628 	mutex_init(&upriv->mtx);
1629 	spin_lock_init(&upriv->reply_count_lock);
1630 
1631 	spin_lock_init(&upriv->req_lock);
1632 	INIT_LIST_HEAD(&upriv->req_pending);
1633 	INIT_LIST_HEAD(&upriv->req_active);
1634 
1635 	upriv->udev = udev;
1636 
1637 	hw->iobase = (void __force __iomem *) &upriv->hermes_reg_fake;
1638 	hw->reg_spacing = HERMES_16BIT_REGSPACING;
1639 	hw->priv = upriv;
1640 	hw->ops = &ezusb_ops;
1641 
1642 	/* set up the endpoint information */
1643 	/* check out the endpoints */
1644 
1645 	iface_desc = &interface->cur_altsetting->desc;
1646 	for (i = 0; i < iface_desc->bNumEndpoints; ++i) {
1647 		ep = &interface->cur_altsetting->endpoint[i].desc;
1648 
1649 		if (usb_endpoint_is_bulk_in(ep)) {
1650 			/* we found a bulk in endpoint */
1651 			if (upriv->read_urb != NULL) {
1652 				pr_warn("Found a second bulk in ep, ignored\n");
1653 				continue;
1654 			}
1655 
1656 			upriv->read_urb = usb_alloc_urb(0, GFP_KERNEL);
1657 			if (!upriv->read_urb)
1658 				goto error;
1659 			if (le16_to_cpu(ep->wMaxPacketSize) != 64)
1660 				pr_warn("bulk in: wMaxPacketSize!= 64\n");
1661 			if (ep->bEndpointAddress != (2 | USB_DIR_IN))
1662 				pr_warn("bulk in: bEndpointAddress: %d\n",
1663 					ep->bEndpointAddress);
1664 			upriv->read_pipe = usb_rcvbulkpipe(udev,
1665 							 ep->
1666 							 bEndpointAddress);
1667 			upriv->read_urb->transfer_buffer =
1668 			    kmalloc(BULK_BUF_SIZE, GFP_KERNEL);
1669 			if (!upriv->read_urb->transfer_buffer) {
1670 				err("Couldn't allocate IN buffer");
1671 				goto error;
1672 			}
1673 		}
1674 
1675 		if (usb_endpoint_is_bulk_out(ep)) {
1676 			/* we found a bulk out endpoint */
1677 			if (upriv->bap_buf != NULL) {
1678 				pr_warn("Found a second bulk out ep, ignored\n");
1679 				continue;
1680 			}
1681 
1682 			if (le16_to_cpu(ep->wMaxPacketSize) != 64)
1683 				pr_warn("bulk out: wMaxPacketSize != 64\n");
1684 			if (ep->bEndpointAddress != 2)
1685 				pr_warn("bulk out: bEndpointAddress: %d\n",
1686 					ep->bEndpointAddress);
1687 			upriv->write_pipe = usb_sndbulkpipe(udev,
1688 							  ep->
1689 							  bEndpointAddress);
1690 			upriv->bap_buf = kmalloc(BULK_BUF_SIZE, GFP_KERNEL);
1691 			if (!upriv->bap_buf) {
1692 				err("Couldn't allocate bulk_out_buffer");
1693 				goto error;
1694 			}
1695 		}
1696 	}
1697 	if (!upriv->bap_buf || !upriv->read_urb) {
1698 		err("Didn't find the required bulk endpoints");
1699 		goto error;
1700 	}
1701 
1702 	if (request_firmware(&fw_entry, "orinoco_ezusb_fw",
1703 			     &interface->dev) == 0) {
1704 		firmware.size = fw_entry->size;
1705 		firmware.code = fw_entry->data;
1706 	}
1707 	if (firmware.size && firmware.code) {
1708 		if (ezusb_firmware_download(upriv, &firmware) < 0)
1709 			goto error;
1710 	} else {
1711 		err("No firmware to download");
1712 		goto error;
1713 	}
1714 
1715 	if (ezusb_hard_reset(priv) < 0) {
1716 		err("Cannot reset the device");
1717 		goto error;
1718 	}
1719 
1720 	/* If the firmware is already downloaded orinoco.c will call
1721 	 * ezusb_init but if the firmware is not already there, that will make
1722 	 * the kernel very unstable, so we try initializing here and quit in
1723 	 * case of error */
1724 	if (ezusb_init(hw) < 0) {
1725 		err("Couldn't initialize the device");
1726 		err("Firmware may not be downloaded or may be wrong.");
1727 		goto error;
1728 	}
1729 
1730 	/* Initialise the main driver */
1731 	if (orinoco_init(priv) != 0) {
1732 		err("orinoco_init() failed\n");
1733 		goto error;
1734 	}
1735 
1736 	if (orinoco_if_add(priv, 0, 0, &ezusb_netdev_ops) != 0) {
1737 		upriv->dev = NULL;
1738 		err("%s: orinoco_if_add() failed", __func__);
1739 		wiphy_unregister(priv_to_wiphy(priv));
1740 		goto error;
1741 	}
1742 	upriv->dev = priv->ndev;
1743 
1744 	goto exit;
1745 
1746  error:
1747 	ezusb_delete(upriv);
1748 	if (upriv->dev) {
1749 		/* upriv->dev was 0, so ezusb_delete() didn't free it */
1750 		free_orinocodev(priv);
1751 	}
1752 	upriv = NULL;
1753 	retval = -EFAULT;
1754  exit:
1755 	if (fw_entry) {
1756 		firmware.code = NULL;
1757 		firmware.size = 0;
1758 		release_firmware(fw_entry);
1759 	}
1760 	usb_set_intfdata(interface, upriv);
1761 	return retval;
1762 }
1763 
1764 
ezusb_disconnect(struct usb_interface * intf)1765 static void ezusb_disconnect(struct usb_interface *intf)
1766 {
1767 	struct ezusb_priv *upriv = usb_get_intfdata(intf);
1768 	usb_set_intfdata(intf, NULL);
1769 	ezusb_delete(upriv);
1770 	printk(KERN_INFO PFX "Disconnected\n");
1771 }
1772 
1773 
1774 /* usb specific object needed to register this driver with the usb subsystem */
1775 static struct usb_driver orinoco_driver = {
1776 	.name = DRIVER_NAME,
1777 	.probe = ezusb_probe,
1778 	.disconnect = ezusb_disconnect,
1779 	.id_table = ezusb_table,
1780 	.disable_hub_initiated_lpm = 1,
1781 };
1782 
1783 module_usb_driver(orinoco_driver);
1784 
1785 MODULE_AUTHOR("Manuel Estrada Sainz");
1786 MODULE_DESCRIPTION("Driver for Orinoco wireless LAN cards using EZUSB bridge");
1787 MODULE_LICENSE("Dual MPL/GPL");
1788