1 /*
2 * USB Orinoco driver
3 *
4 * Copyright (c) 2003 Manuel Estrada Sainz
5 *
6 * The contents of this file are subject to the Mozilla Public License
7 * Version 1.1 (the "License"); you may not use this file except in
8 * compliance with the License. You may obtain a copy of the License
9 * at http://www.mozilla.org/MPL/
10 *
11 * Software distributed under the License is distributed on an "AS IS"
12 * basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
13 * the License for the specific language governing rights and
14 * limitations under the License.
15 *
16 * Alternatively, the contents of this file may be used under the
17 * terms of the GNU General Public License version 2 (the "GPL"), in
18 * which case the provisions of the GPL are applicable instead of the
19 * above. If you wish to allow the use of your version of this file
20 * only under the terms of the GPL and not to allow others to use your
21 * version of this file under the MPL, indicate your decision by
22 * deleting the provisions above and replace them with the notice and
23 * other provisions required by the GPL. If you do not delete the
24 * provisions above, a recipient may use your version of this file
25 * under either the MPL or the GPL.
26 *
27 * Queueing code based on linux-wlan-ng 0.2.1-pre5
28 *
29 * Copyright (C) 1999 AbsoluteValue Systems, Inc. All Rights Reserved.
30 *
31 * The license is the same as above.
32 *
33 * Initialy based on USB Skeleton driver - 0.7
34 *
35 * Copyright (c) 2001 Greg Kroah-Hartman (greg@kroah.com)
36 *
37 * This program is free software; you can redistribute it and/or
38 * modify it under the terms of the GNU General Public License as
39 * published by the Free Software Foundation; either version 2 of
40 * the License, or (at your option) any later version.
41 *
42 * NOTE: The original USB Skeleton driver is GPL, but all that code is
43 * gone so MPL/GPL applies.
44 */
45
46 #define DRIVER_NAME "orinoco_usb"
47 #define PFX DRIVER_NAME ": "
48
49 #include <linux/module.h>
50 #include <linux/kernel.h>
51 #include <linux/sched.h>
52 #include <linux/signal.h>
53 #include <linux/errno.h>
54 #include <linux/poll.h>
55 #include <linux/slab.h>
56 #include <linux/fcntl.h>
57 #include <linux/spinlock.h>
58 #include <linux/list.h>
59 #include <linux/usb.h>
60 #include <linux/timer.h>
61
62 #include <linux/netdevice.h>
63 #include <linux/if_arp.h>
64 #include <linux/etherdevice.h>
65 #include <linux/wireless.h>
66 #include <linux/firmware.h>
67 #include <linux/refcount.h>
68
69 #include "mic.h"
70 #include "orinoco.h"
71
72 #ifndef URB_ASYNC_UNLINK
73 #define URB_ASYNC_UNLINK 0
74 #endif
75
76 struct header_struct {
77 /* 802.3 */
78 u8 dest[ETH_ALEN];
79 u8 src[ETH_ALEN];
80 __be16 len;
81 /* 802.2 */
82 u8 dsap;
83 u8 ssap;
84 u8 ctrl;
85 /* SNAP */
86 u8 oui[3];
87 __be16 ethertype;
88 } __packed;
89
90 struct ez_usb_fw {
91 u16 size;
92 const u8 *code;
93 };
94
95 static struct ez_usb_fw firmware = {
96 .size = 0,
97 .code = NULL,
98 };
99
100 /* Debugging macros */
101 #undef err
102 #define err(format, arg...) \
103 do { printk(KERN_ERR PFX format "\n", ## arg); } while (0)
104
105 MODULE_FIRMWARE("orinoco_ezusb_fw");
106
107 /*
108 * Under some conditions, the card gets stuck and stops paying attention
109 * to the world (i.e. data communication stalls) until we do something to
110 * it. Sending an INQ_TALLIES command seems to be enough and should be
111 * harmless otherwise. This behaviour has been observed when using the
112 * driver on a systemimager client during installation. In the past a
113 * timer was used to send INQ_TALLIES commands when there was no other
114 * activity, but it was troublesome and was removed.
115 */
116
117 #define USB_COMPAQ_VENDOR_ID 0x049f /* Compaq Computer Corp. */
118 #define USB_COMPAQ_WL215_ID 0x001f /* Compaq WL215 USB Adapter */
119 #define USB_COMPAQ_W200_ID 0x0076 /* Compaq W200 USB Adapter */
120 #define USB_HP_WL215_ID 0x0082 /* Compaq WL215 USB Adapter */
121
122 #define USB_MELCO_VENDOR_ID 0x0411
123 #define USB_BUFFALO_L11_ID 0x0006 /* BUFFALO WLI-USB-L11 */
124 #define USB_BUFFALO_L11G_WR_ID 0x000B /* BUFFALO WLI-USB-L11G-WR */
125 #define USB_BUFFALO_L11G_ID 0x000D /* BUFFALO WLI-USB-L11G */
126
127 #define USB_LUCENT_VENDOR_ID 0x047E /* Lucent Technologies */
128 #define USB_LUCENT_ORINOCO_ID 0x0300 /* Lucent/Agere Orinoco USB Client */
129
130 #define USB_AVAYA8_VENDOR_ID 0x0D98
131 #define USB_AVAYAE_VENDOR_ID 0x0D9E
132 #define USB_AVAYA_WIRELESS_ID 0x0300 /* Avaya USB Wireless Card */
133
134 #define USB_AGERE_VENDOR_ID 0x0D4E /* Agere Systems */
135 #define USB_AGERE_MODEL0801_ID 0x1000 /* USB Wireless Card Model 0801 */
136 #define USB_AGERE_MODEL0802_ID 0x1001 /* USB Wireless Card Model 0802 */
137 #define USB_AGERE_REBRANDED_ID 0x047A /* USB WLAN Card */
138
139 #define USB_ELSA_VENDOR_ID 0x05CC
140 #define USB_ELSA_AIRLANCER_ID 0x3100 /* ELSA AirLancer USB-11 */
141
142 #define USB_LEGEND_VENDOR_ID 0x0E7C
143 #define USB_LEGEND_JOYNET_ID 0x0300 /* Joynet USB WLAN Card */
144
145 #define USB_SAMSUNG_VENDOR_ID 0x04E8
146 #define USB_SAMSUNG_SEW2001U1_ID 0x5002 /* Samsung SEW-2001u Card */
147 #define USB_SAMSUNG_SEW2001U2_ID 0x5B11 /* Samsung SEW-2001u Card */
148 #define USB_SAMSUNG_SEW2003U_ID 0x7011 /* Samsung SEW-2003U Card */
149
150 #define USB_IGATE_VENDOR_ID 0x0681
151 #define USB_IGATE_IGATE_11M_ID 0x0012 /* I-GATE 11M USB Card */
152
153 #define USB_FUJITSU_VENDOR_ID 0x0BF8
154 #define USB_FUJITSU_E1100_ID 0x1002 /* connect2AIR WLAN E-1100 USB */
155
156 #define USB_2WIRE_VENDOR_ID 0x1630
157 #define USB_2WIRE_WIRELESS_ID 0xff81 /* 2Wire USB Wireless adapter */
158
159
160 #define EZUSB_REQUEST_FW_TRANS 0xA0
161 #define EZUSB_REQUEST_TRIGGER 0xAA
162 #define EZUSB_REQUEST_TRIG_AC 0xAC
163 #define EZUSB_CPUCS_REG 0x7F92
164
165 #define EZUSB_RID_TX 0x0700
166 #define EZUSB_RID_RX 0x0701
167 #define EZUSB_RID_INIT1 0x0702
168 #define EZUSB_RID_ACK 0x0710
169 #define EZUSB_RID_READ_PDA 0x0800
170 #define EZUSB_RID_PROG_INIT 0x0852
171 #define EZUSB_RID_PROG_SET_ADDR 0x0853
172 #define EZUSB_RID_PROG_BYTES 0x0854
173 #define EZUSB_RID_PROG_END 0x0855
174 #define EZUSB_RID_DOCMD 0x0860
175
176 /* Recognize info frames */
177 #define EZUSB_IS_INFO(id) ((id >= 0xF000) && (id <= 0xF2FF))
178
179 #define EZUSB_MAGIC 0x0210
180
181 #define EZUSB_FRAME_DATA 1
182 #define EZUSB_FRAME_CONTROL 2
183
184 #define DEF_TIMEOUT (3 * HZ)
185
186 #define BULK_BUF_SIZE 2048
187
188 #define MAX_DL_SIZE (BULK_BUF_SIZE - sizeof(struct ezusb_packet))
189
190 #define FW_BUF_SIZE 64
191 #define FW_VAR_OFFSET_PTR 0x359
192 #define FW_VAR_VALUE 0
193 #define FW_HOLE_START 0x100
194 #define FW_HOLE_END 0x300
195
196 struct ezusb_packet {
197 __le16 magic; /* 0x0210 */
198 u8 req_reply_count;
199 u8 ans_reply_count;
200 __le16 frame_type; /* 0x01 for data frames, 0x02 otherwise */
201 __le16 size; /* transport size */
202 __le16 crc; /* CRC up to here */
203 __le16 hermes_len;
204 __le16 hermes_rid;
205 u8 data[];
206 } __packed;
207
208 /* Table of devices that work or may work with this driver */
209 static const struct usb_device_id ezusb_table[] = {
210 {USB_DEVICE(USB_COMPAQ_VENDOR_ID, USB_COMPAQ_WL215_ID)},
211 {USB_DEVICE(USB_COMPAQ_VENDOR_ID, USB_HP_WL215_ID)},
212 {USB_DEVICE(USB_COMPAQ_VENDOR_ID, USB_COMPAQ_W200_ID)},
213 {USB_DEVICE(USB_MELCO_VENDOR_ID, USB_BUFFALO_L11_ID)},
214 {USB_DEVICE(USB_MELCO_VENDOR_ID, USB_BUFFALO_L11G_WR_ID)},
215 {USB_DEVICE(USB_MELCO_VENDOR_ID, USB_BUFFALO_L11G_ID)},
216 {USB_DEVICE(USB_LUCENT_VENDOR_ID, USB_LUCENT_ORINOCO_ID)},
217 {USB_DEVICE(USB_AVAYA8_VENDOR_ID, USB_AVAYA_WIRELESS_ID)},
218 {USB_DEVICE(USB_AVAYAE_VENDOR_ID, USB_AVAYA_WIRELESS_ID)},
219 {USB_DEVICE(USB_AGERE_VENDOR_ID, USB_AGERE_MODEL0801_ID)},
220 {USB_DEVICE(USB_AGERE_VENDOR_ID, USB_AGERE_MODEL0802_ID)},
221 {USB_DEVICE(USB_ELSA_VENDOR_ID, USB_ELSA_AIRLANCER_ID)},
222 {USB_DEVICE(USB_LEGEND_VENDOR_ID, USB_LEGEND_JOYNET_ID)},
223 {USB_DEVICE_VER(USB_SAMSUNG_VENDOR_ID, USB_SAMSUNG_SEW2001U1_ID,
224 0, 0)},
225 {USB_DEVICE(USB_SAMSUNG_VENDOR_ID, USB_SAMSUNG_SEW2001U2_ID)},
226 {USB_DEVICE(USB_SAMSUNG_VENDOR_ID, USB_SAMSUNG_SEW2003U_ID)},
227 {USB_DEVICE(USB_IGATE_VENDOR_ID, USB_IGATE_IGATE_11M_ID)},
228 {USB_DEVICE(USB_FUJITSU_VENDOR_ID, USB_FUJITSU_E1100_ID)},
229 {USB_DEVICE(USB_2WIRE_VENDOR_ID, USB_2WIRE_WIRELESS_ID)},
230 {USB_DEVICE(USB_AGERE_VENDOR_ID, USB_AGERE_REBRANDED_ID)},
231 {} /* Terminating entry */
232 };
233
234 MODULE_DEVICE_TABLE(usb, ezusb_table);
235
236 /* Structure to hold all of our device specific stuff */
237 struct ezusb_priv {
238 struct usb_device *udev;
239 struct net_device *dev;
240 struct mutex mtx;
241 spinlock_t req_lock;
242 struct list_head req_pending;
243 struct list_head req_active;
244 spinlock_t reply_count_lock;
245 u16 hermes_reg_fake[0x40];
246 u8 *bap_buf;
247 struct urb *read_urb;
248 int read_pipe;
249 int write_pipe;
250 u8 reply_count;
251 };
252
253 enum ezusb_state {
254 EZUSB_CTX_START,
255 EZUSB_CTX_QUEUED,
256 EZUSB_CTX_REQ_SUBMITTED,
257 EZUSB_CTX_REQ_COMPLETE,
258 EZUSB_CTX_RESP_RECEIVED,
259 EZUSB_CTX_REQ_TIMEOUT,
260 EZUSB_CTX_REQ_FAILED,
261 EZUSB_CTX_RESP_TIMEOUT,
262 EZUSB_CTX_REQSUBMIT_FAIL,
263 EZUSB_CTX_COMPLETE,
264 };
265
266 struct request_context {
267 struct list_head list;
268 refcount_t refcount;
269 struct completion done; /* Signals that CTX is dead */
270 int killed;
271 struct urb *outurb; /* OUT for req pkt */
272 struct ezusb_priv *upriv;
273 struct ezusb_packet *buf;
274 int buf_length;
275 struct timer_list timer; /* Timeout handling */
276 enum ezusb_state state; /* Current state */
277 /* the RID that we will wait for */
278 u16 out_rid;
279 u16 in_rid;
280 };
281
282
283 /* Forward declarations */
284 static void ezusb_ctx_complete(struct request_context *ctx);
285 static void ezusb_req_queue_run(struct ezusb_priv *upriv);
286 static void ezusb_bulk_in_callback(struct urb *urb);
287
ezusb_reply_inc(u8 count)288 static inline u8 ezusb_reply_inc(u8 count)
289 {
290 if (count < 0x7F)
291 return count + 1;
292 else
293 return 1;
294 }
295
ezusb_request_context_put(struct request_context * ctx)296 static void ezusb_request_context_put(struct request_context *ctx)
297 {
298 if (!refcount_dec_and_test(&ctx->refcount))
299 return;
300
301 WARN_ON(!ctx->done.done);
302 BUG_ON(ctx->outurb->status == -EINPROGRESS);
303 BUG_ON(timer_pending(&ctx->timer));
304 usb_free_urb(ctx->outurb);
305 kfree(ctx->buf);
306 kfree(ctx);
307 }
308
ezusb_mod_timer(struct ezusb_priv * upriv,struct timer_list * timer,unsigned long expire)309 static inline void ezusb_mod_timer(struct ezusb_priv *upriv,
310 struct timer_list *timer,
311 unsigned long expire)
312 {
313 if (!upriv->udev)
314 return;
315 mod_timer(timer, expire);
316 }
317
ezusb_request_timerfn(struct timer_list * t)318 static void ezusb_request_timerfn(struct timer_list *t)
319 {
320 struct request_context *ctx = from_timer(ctx, t, timer);
321
322 ctx->outurb->transfer_flags |= URB_ASYNC_UNLINK;
323 if (usb_unlink_urb(ctx->outurb) == -EINPROGRESS) {
324 ctx->state = EZUSB_CTX_REQ_TIMEOUT;
325 } else {
326 ctx->state = EZUSB_CTX_RESP_TIMEOUT;
327 dev_dbg(&ctx->outurb->dev->dev, "couldn't unlink\n");
328 refcount_inc(&ctx->refcount);
329 ctx->killed = 1;
330 ezusb_ctx_complete(ctx);
331 ezusb_request_context_put(ctx);
332 }
333 };
334
ezusb_alloc_ctx(struct ezusb_priv * upriv,u16 out_rid,u16 in_rid)335 static struct request_context *ezusb_alloc_ctx(struct ezusb_priv *upriv,
336 u16 out_rid, u16 in_rid)
337 {
338 struct request_context *ctx;
339
340 ctx = kzalloc(sizeof(*ctx), GFP_ATOMIC);
341 if (!ctx)
342 return NULL;
343
344 ctx->buf = kmalloc(BULK_BUF_SIZE, GFP_ATOMIC);
345 if (!ctx->buf) {
346 kfree(ctx);
347 return NULL;
348 }
349 ctx->outurb = usb_alloc_urb(0, GFP_ATOMIC);
350 if (!ctx->outurb) {
351 kfree(ctx->buf);
352 kfree(ctx);
353 return NULL;
354 }
355
356 ctx->upriv = upriv;
357 ctx->state = EZUSB_CTX_START;
358 ctx->out_rid = out_rid;
359 ctx->in_rid = in_rid;
360
361 refcount_set(&ctx->refcount, 1);
362 init_completion(&ctx->done);
363
364 timer_setup(&ctx->timer, ezusb_request_timerfn, 0);
365 return ctx;
366 }
367
ezusb_ctx_complete(struct request_context * ctx)368 static void ezusb_ctx_complete(struct request_context *ctx)
369 {
370 struct ezusb_priv *upriv = ctx->upriv;
371 unsigned long flags;
372
373 spin_lock_irqsave(&upriv->req_lock, flags);
374
375 list_del_init(&ctx->list);
376 if (upriv->udev) {
377 spin_unlock_irqrestore(&upriv->req_lock, flags);
378 ezusb_req_queue_run(upriv);
379 spin_lock_irqsave(&upriv->req_lock, flags);
380 }
381
382 switch (ctx->state) {
383 case EZUSB_CTX_COMPLETE:
384 case EZUSB_CTX_REQSUBMIT_FAIL:
385 case EZUSB_CTX_REQ_FAILED:
386 case EZUSB_CTX_REQ_TIMEOUT:
387 case EZUSB_CTX_RESP_TIMEOUT:
388 spin_unlock_irqrestore(&upriv->req_lock, flags);
389
390 if ((ctx->out_rid == EZUSB_RID_TX) && upriv->dev) {
391 struct net_device *dev = upriv->dev;
392 struct net_device_stats *stats = &dev->stats;
393
394 if (ctx->state != EZUSB_CTX_COMPLETE)
395 stats->tx_errors++;
396 else
397 stats->tx_packets++;
398
399 netif_wake_queue(dev);
400 }
401 complete_all(&ctx->done);
402 ezusb_request_context_put(ctx);
403 break;
404
405 default:
406 spin_unlock_irqrestore(&upriv->req_lock, flags);
407 if (!upriv->udev) {
408 /* This is normal, as all request contexts get flushed
409 * when the device is disconnected */
410 err("Called, CTX not terminating, but device gone");
411 complete_all(&ctx->done);
412 ezusb_request_context_put(ctx);
413 break;
414 }
415
416 err("Called, CTX not in terminating state.");
417 /* Things are really bad if this happens. Just leak
418 * the CTX because it may still be linked to the
419 * queue or the OUT urb may still be active.
420 * Just leaking at least prevents an Oops or Panic.
421 */
422 break;
423 }
424 }
425
426 /*
427 * ezusb_req_queue_run:
428 * Description:
429 * Note: Only one active CTX at any one time, because there's no
430 * other (reliable) way to match the response URB to the correct
431 * CTX.
432 */
ezusb_req_queue_run(struct ezusb_priv * upriv)433 static void ezusb_req_queue_run(struct ezusb_priv *upriv)
434 {
435 unsigned long flags;
436 struct request_context *ctx;
437 int result;
438
439 spin_lock_irqsave(&upriv->req_lock, flags);
440
441 if (!list_empty(&upriv->req_active))
442 goto unlock;
443
444 if (list_empty(&upriv->req_pending))
445 goto unlock;
446
447 ctx =
448 list_entry(upriv->req_pending.next, struct request_context,
449 list);
450
451 if (!ctx->upriv->udev)
452 goto unlock;
453
454 /* We need to split this off to avoid a race condition */
455 list_move_tail(&ctx->list, &upriv->req_active);
456
457 if (ctx->state == EZUSB_CTX_QUEUED) {
458 refcount_inc(&ctx->refcount);
459 result = usb_submit_urb(ctx->outurb, GFP_ATOMIC);
460 if (result) {
461 ctx->state = EZUSB_CTX_REQSUBMIT_FAIL;
462
463 spin_unlock_irqrestore(&upriv->req_lock, flags);
464
465 err("Fatal, failed to submit command urb."
466 " error=%d\n", result);
467
468 ezusb_ctx_complete(ctx);
469 ezusb_request_context_put(ctx);
470 goto done;
471 }
472
473 ctx->state = EZUSB_CTX_REQ_SUBMITTED;
474 ezusb_mod_timer(ctx->upriv, &ctx->timer,
475 jiffies + DEF_TIMEOUT);
476 }
477
478 unlock:
479 spin_unlock_irqrestore(&upriv->req_lock, flags);
480
481 done:
482 return;
483 }
484
ezusb_req_enqueue_run(struct ezusb_priv * upriv,struct request_context * ctx)485 static void ezusb_req_enqueue_run(struct ezusb_priv *upriv,
486 struct request_context *ctx)
487 {
488 unsigned long flags;
489
490 spin_lock_irqsave(&upriv->req_lock, flags);
491
492 if (!ctx->upriv->udev) {
493 spin_unlock_irqrestore(&upriv->req_lock, flags);
494 goto done;
495 }
496 refcount_inc(&ctx->refcount);
497 list_add_tail(&ctx->list, &upriv->req_pending);
498 spin_unlock_irqrestore(&upriv->req_lock, flags);
499
500 ctx->state = EZUSB_CTX_QUEUED;
501 ezusb_req_queue_run(upriv);
502
503 done:
504 return;
505 }
506
ezusb_request_out_callback(struct urb * urb)507 static void ezusb_request_out_callback(struct urb *urb)
508 {
509 unsigned long flags;
510 enum ezusb_state state;
511 struct request_context *ctx = urb->context;
512 struct ezusb_priv *upriv = ctx->upriv;
513
514 spin_lock_irqsave(&upriv->req_lock, flags);
515
516 del_timer(&ctx->timer);
517
518 if (ctx->killed) {
519 spin_unlock_irqrestore(&upriv->req_lock, flags);
520 pr_warn("interrupt called with dead ctx\n");
521 goto out;
522 }
523
524 state = ctx->state;
525
526 if (urb->status == 0) {
527 switch (state) {
528 case EZUSB_CTX_REQ_SUBMITTED:
529 if (ctx->in_rid) {
530 ctx->state = EZUSB_CTX_REQ_COMPLETE;
531 /* reply URB still pending */
532 ezusb_mod_timer(upriv, &ctx->timer,
533 jiffies + DEF_TIMEOUT);
534 spin_unlock_irqrestore(&upriv->req_lock,
535 flags);
536 break;
537 }
538 fallthrough;
539 case EZUSB_CTX_RESP_RECEIVED:
540 /* IN already received before this OUT-ACK */
541 ctx->state = EZUSB_CTX_COMPLETE;
542 spin_unlock_irqrestore(&upriv->req_lock, flags);
543 ezusb_ctx_complete(ctx);
544 break;
545
546 default:
547 spin_unlock_irqrestore(&upriv->req_lock, flags);
548 err("Unexpected state(0x%x, %d) in OUT URB",
549 state, urb->status);
550 break;
551 }
552 } else {
553 /* If someone cancels the OUT URB then its status
554 * should be either -ECONNRESET or -ENOENT.
555 */
556 switch (state) {
557 case EZUSB_CTX_REQ_SUBMITTED:
558 case EZUSB_CTX_RESP_RECEIVED:
559 ctx->state = EZUSB_CTX_REQ_FAILED;
560 fallthrough;
561
562 case EZUSB_CTX_REQ_FAILED:
563 case EZUSB_CTX_REQ_TIMEOUT:
564 spin_unlock_irqrestore(&upriv->req_lock, flags);
565
566 ezusb_ctx_complete(ctx);
567 break;
568
569 default:
570 spin_unlock_irqrestore(&upriv->req_lock, flags);
571
572 err("Unexpected state(0x%x, %d) in OUT URB",
573 state, urb->status);
574 break;
575 }
576 }
577 out:
578 ezusb_request_context_put(ctx);
579 }
580
ezusb_request_in_callback(struct ezusb_priv * upriv,struct urb * urb)581 static void ezusb_request_in_callback(struct ezusb_priv *upriv,
582 struct urb *urb)
583 {
584 struct ezusb_packet *ans = urb->transfer_buffer;
585 struct request_context *ctx = NULL;
586 enum ezusb_state state;
587 unsigned long flags;
588
589 /* Find the CTX on the active queue that requested this URB */
590 spin_lock_irqsave(&upriv->req_lock, flags);
591 if (upriv->udev) {
592 struct list_head *item;
593
594 list_for_each(item, &upriv->req_active) {
595 struct request_context *c;
596 int reply_count;
597
598 c = list_entry(item, struct request_context, list);
599 reply_count =
600 ezusb_reply_inc(c->buf->req_reply_count);
601 if ((ans->ans_reply_count == reply_count)
602 && (le16_to_cpu(ans->hermes_rid) == c->in_rid)) {
603 ctx = c;
604 break;
605 }
606 netdev_dbg(upriv->dev, "Skipped (0x%x/0x%x) (%d/%d)\n",
607 le16_to_cpu(ans->hermes_rid), c->in_rid,
608 ans->ans_reply_count, reply_count);
609 }
610 }
611
612 if (ctx == NULL) {
613 spin_unlock_irqrestore(&upriv->req_lock, flags);
614 err("%s: got unexpected RID: 0x%04X", __func__,
615 le16_to_cpu(ans->hermes_rid));
616 ezusb_req_queue_run(upriv);
617 return;
618 }
619
620 /* The data we want is in the in buffer, exchange */
621 urb->transfer_buffer = ctx->buf;
622 ctx->buf = (void *) ans;
623 ctx->buf_length = urb->actual_length;
624
625 state = ctx->state;
626 switch (state) {
627 case EZUSB_CTX_REQ_SUBMITTED:
628 /* We have received our response URB before
629 * our request has been acknowledged. Do NOT
630 * destroy our CTX yet, because our OUT URB
631 * is still alive ...
632 */
633 ctx->state = EZUSB_CTX_RESP_RECEIVED;
634 spin_unlock_irqrestore(&upriv->req_lock, flags);
635
636 /* Let the machine continue running. */
637 break;
638
639 case EZUSB_CTX_REQ_COMPLETE:
640 /* This is the usual path: our request
641 * has already been acknowledged, and
642 * we have now received the reply.
643 */
644 ctx->state = EZUSB_CTX_COMPLETE;
645
646 /* Stop the intimer */
647 del_timer(&ctx->timer);
648 spin_unlock_irqrestore(&upriv->req_lock, flags);
649
650 /* Call the completion handler */
651 ezusb_ctx_complete(ctx);
652 break;
653
654 default:
655 spin_unlock_irqrestore(&upriv->req_lock, flags);
656
657 pr_warn("Matched IN URB, unexpected context state(0x%x)\n",
658 state);
659 /* Throw this CTX away and try submitting another */
660 del_timer(&ctx->timer);
661 ctx->outurb->transfer_flags |= URB_ASYNC_UNLINK;
662 usb_unlink_urb(ctx->outurb);
663 ezusb_req_queue_run(upriv);
664 break;
665 } /* switch */
666 }
667
668 typedef void (*ezusb_ctx_wait)(struct ezusb_priv *, struct request_context *);
669
ezusb_req_ctx_wait_compl(struct ezusb_priv * upriv,struct request_context * ctx)670 static void ezusb_req_ctx_wait_compl(struct ezusb_priv *upriv,
671 struct request_context *ctx)
672 {
673 switch (ctx->state) {
674 case EZUSB_CTX_QUEUED:
675 case EZUSB_CTX_REQ_SUBMITTED:
676 case EZUSB_CTX_REQ_COMPLETE:
677 case EZUSB_CTX_RESP_RECEIVED:
678 wait_for_completion(&ctx->done);
679 break;
680 default:
681 /* Done or failed - nothing to wait for */
682 break;
683 }
684 }
685
ezusb_req_ctx_wait_poll(struct ezusb_priv * upriv,struct request_context * ctx)686 static void ezusb_req_ctx_wait_poll(struct ezusb_priv *upriv,
687 struct request_context *ctx)
688 {
689 int msecs;
690
691 switch (ctx->state) {
692 case EZUSB_CTX_QUEUED:
693 case EZUSB_CTX_REQ_SUBMITTED:
694 case EZUSB_CTX_REQ_COMPLETE:
695 case EZUSB_CTX_RESP_RECEIVED:
696 /* If we get called from a timer or with our lock acquired, then
697 * we can't wait for the completion and have to poll. This won't
698 * happen if the USB controller completes the URB requests in
699 * BH.
700 */
701 msecs = DEF_TIMEOUT * (1000 / HZ);
702
703 while (!try_wait_for_completion(&ctx->done) && msecs--)
704 udelay(1000);
705 break;
706 default:
707 /* Done or failed - nothing to wait for */
708 break;
709 }
710 }
711
ezusb_req_ctx_wait_skip(struct ezusb_priv * upriv,struct request_context * ctx)712 static void ezusb_req_ctx_wait_skip(struct ezusb_priv *upriv,
713 struct request_context *ctx)
714 {
715 WARN(1, "Shouldn't be invoked for in_rid\n");
716 }
717
build_crc(struct ezusb_packet * data)718 static inline u16 build_crc(struct ezusb_packet *data)
719 {
720 u16 crc = 0;
721 u8 *bytes = (u8 *)data;
722 int i;
723
724 for (i = 0; i < 8; i++)
725 crc = (crc << 1) + bytes[i];
726
727 return crc;
728 }
729
730 /*
731 * ezusb_fill_req:
732 *
733 * if data == NULL and length > 0 the data is assumed to be already in
734 * the target buffer and only the header is filled.
735 *
736 */
ezusb_fill_req(struct ezusb_packet * req,u16 length,u16 rid,const void * data,u16 frame_type,u8 reply_count)737 static int ezusb_fill_req(struct ezusb_packet *req, u16 length, u16 rid,
738 const void *data, u16 frame_type, u8 reply_count)
739 {
740 int total_size = sizeof(*req) + length;
741
742 BUG_ON(total_size > BULK_BUF_SIZE);
743
744 req->magic = cpu_to_le16(EZUSB_MAGIC);
745 req->req_reply_count = reply_count;
746 req->ans_reply_count = 0;
747 req->frame_type = cpu_to_le16(frame_type);
748 req->size = cpu_to_le16(length + 4);
749 req->crc = cpu_to_le16(build_crc(req));
750 req->hermes_len = cpu_to_le16(HERMES_BYTES_TO_RECLEN(length));
751 req->hermes_rid = cpu_to_le16(rid);
752 if (data)
753 memcpy(req->data, data, length);
754 return total_size;
755 }
756
ezusb_submit_in_urb(struct ezusb_priv * upriv)757 static int ezusb_submit_in_urb(struct ezusb_priv *upriv)
758 {
759 int retval = 0;
760 void *cur_buf = upriv->read_urb->transfer_buffer;
761
762 if (upriv->read_urb->status == -EINPROGRESS) {
763 netdev_dbg(upriv->dev, "urb busy, not resubmiting\n");
764 retval = -EBUSY;
765 goto exit;
766 }
767 usb_fill_bulk_urb(upriv->read_urb, upriv->udev, upriv->read_pipe,
768 cur_buf, BULK_BUF_SIZE,
769 ezusb_bulk_in_callback, upriv);
770 upriv->read_urb->transfer_flags = 0;
771 retval = usb_submit_urb(upriv->read_urb, GFP_ATOMIC);
772 if (retval)
773 err("%s submit failed %d", __func__, retval);
774
775 exit:
776 return retval;
777 }
778
ezusb_8051_cpucs(struct ezusb_priv * upriv,int reset)779 static inline int ezusb_8051_cpucs(struct ezusb_priv *upriv, int reset)
780 {
781 int ret;
782 u8 *res_val = NULL;
783
784 if (!upriv->udev) {
785 err("%s: !upriv->udev", __func__);
786 return -EFAULT;
787 }
788
789 res_val = kmalloc(sizeof(*res_val), GFP_KERNEL);
790
791 if (!res_val)
792 return -ENOMEM;
793
794 *res_val = reset; /* avoid argument promotion */
795
796 ret = usb_control_msg(upriv->udev,
797 usb_sndctrlpipe(upriv->udev, 0),
798 EZUSB_REQUEST_FW_TRANS,
799 USB_TYPE_VENDOR | USB_RECIP_DEVICE |
800 USB_DIR_OUT, EZUSB_CPUCS_REG, 0, res_val,
801 sizeof(*res_val), DEF_TIMEOUT);
802
803 kfree(res_val);
804
805 return ret;
806 }
807
ezusb_firmware_download(struct ezusb_priv * upriv,struct ez_usb_fw * fw)808 static int ezusb_firmware_download(struct ezusb_priv *upriv,
809 struct ez_usb_fw *fw)
810 {
811 u8 *fw_buffer;
812 int retval, addr;
813 int variant_offset;
814
815 fw_buffer = kmalloc(FW_BUF_SIZE, GFP_KERNEL);
816 if (!fw_buffer) {
817 printk(KERN_ERR PFX "Out of memory for firmware buffer.\n");
818 return -ENOMEM;
819 }
820 /*
821 * This byte is 1 and should be replaced with 0. The offset is
822 * 0x10AD in version 0.0.6. The byte in question should follow
823 * the end of the code pointed to by the jump in the beginning
824 * of the firmware. Also, it is read by code located at 0x358.
825 */
826 variant_offset = be16_to_cpup((__be16 *) &fw->code[FW_VAR_OFFSET_PTR]);
827 if (variant_offset >= fw->size) {
828 printk(KERN_ERR PFX "Invalid firmware variant offset: "
829 "0x%04x\n", variant_offset);
830 retval = -EINVAL;
831 goto fail;
832 }
833
834 retval = ezusb_8051_cpucs(upriv, 1);
835 if (retval < 0)
836 goto fail;
837 for (addr = 0; addr < fw->size; addr += FW_BUF_SIZE) {
838 /* 0x100-0x300 should be left alone, it contains card
839 * specific data, like USB enumeration information */
840 if ((addr >= FW_HOLE_START) && (addr < FW_HOLE_END))
841 continue;
842
843 memcpy(fw_buffer, &fw->code[addr], FW_BUF_SIZE);
844 if (variant_offset >= addr &&
845 variant_offset < addr + FW_BUF_SIZE) {
846 netdev_dbg(upriv->dev,
847 "Patching card_variant byte at 0x%04X\n",
848 variant_offset);
849 fw_buffer[variant_offset - addr] = FW_VAR_VALUE;
850 }
851 retval = usb_control_msg(upriv->udev,
852 usb_sndctrlpipe(upriv->udev, 0),
853 EZUSB_REQUEST_FW_TRANS,
854 USB_TYPE_VENDOR | USB_RECIP_DEVICE
855 | USB_DIR_OUT,
856 addr, 0x0,
857 fw_buffer, FW_BUF_SIZE,
858 DEF_TIMEOUT);
859
860 if (retval < 0)
861 goto fail;
862 }
863 retval = ezusb_8051_cpucs(upriv, 0);
864 if (retval < 0)
865 goto fail;
866
867 goto exit;
868 fail:
869 printk(KERN_ERR PFX "Firmware download failed, error %d\n",
870 retval);
871 exit:
872 kfree(fw_buffer);
873 return retval;
874 }
875
ezusb_access_ltv(struct ezusb_priv * upriv,struct request_context * ctx,u16 length,const void * data,u16 frame_type,void * ans_buff,unsigned ans_size,u16 * ans_length,ezusb_ctx_wait ezusb_ctx_wait_func)876 static int ezusb_access_ltv(struct ezusb_priv *upriv,
877 struct request_context *ctx,
878 u16 length, const void *data, u16 frame_type,
879 void *ans_buff, unsigned ans_size, u16 *ans_length,
880 ezusb_ctx_wait ezusb_ctx_wait_func)
881 {
882 int req_size;
883 int retval = 0;
884 enum ezusb_state state;
885
886 if (!upriv->udev) {
887 retval = -ENODEV;
888 goto exit;
889 }
890
891 if (upriv->read_urb->status != -EINPROGRESS)
892 err("%s: in urb not pending", __func__);
893
894 /* protect upriv->reply_count, guarantee sequential numbers */
895 spin_lock_bh(&upriv->reply_count_lock);
896 req_size = ezusb_fill_req(ctx->buf, length, ctx->out_rid, data,
897 frame_type, upriv->reply_count);
898 usb_fill_bulk_urb(ctx->outurb, upriv->udev, upriv->write_pipe,
899 ctx->buf, req_size,
900 ezusb_request_out_callback, ctx);
901
902 if (ctx->in_rid)
903 upriv->reply_count = ezusb_reply_inc(upriv->reply_count);
904
905 ezusb_req_enqueue_run(upriv, ctx);
906
907 spin_unlock_bh(&upriv->reply_count_lock);
908
909 if (ctx->in_rid)
910 ezusb_ctx_wait_func(upriv, ctx);
911
912 state = ctx->state;
913 switch (state) {
914 case EZUSB_CTX_COMPLETE:
915 retval = ctx->outurb->status;
916 break;
917
918 case EZUSB_CTX_QUEUED:
919 case EZUSB_CTX_REQ_SUBMITTED:
920 if (!ctx->in_rid)
921 break;
922 fallthrough;
923 default:
924 err("%s: Unexpected context state %d", __func__,
925 state);
926 fallthrough;
927 case EZUSB_CTX_REQ_TIMEOUT:
928 case EZUSB_CTX_REQ_FAILED:
929 case EZUSB_CTX_RESP_TIMEOUT:
930 case EZUSB_CTX_REQSUBMIT_FAIL:
931 printk(KERN_ERR PFX "Access failed, resetting (state %d,"
932 " reply_count %d)\n", state, upriv->reply_count);
933 upriv->reply_count = 0;
934 if (state == EZUSB_CTX_REQ_TIMEOUT
935 || state == EZUSB_CTX_RESP_TIMEOUT) {
936 printk(KERN_ERR PFX "ctx timed out\n");
937 retval = -ETIMEDOUT;
938 } else {
939 printk(KERN_ERR PFX "ctx failed\n");
940 retval = -EFAULT;
941 }
942 goto exit;
943 }
944 if (ctx->in_rid) {
945 struct ezusb_packet *ans = ctx->buf;
946 unsigned exp_len;
947
948 if (ans->hermes_len != 0)
949 exp_len = le16_to_cpu(ans->hermes_len) * 2 + 12;
950 else
951 exp_len = 14;
952
953 if (exp_len != ctx->buf_length) {
954 err("%s: length mismatch for RID 0x%04x: "
955 "expected %d, got %d", __func__,
956 ctx->in_rid, exp_len, ctx->buf_length);
957 retval = -EIO;
958 goto exit;
959 }
960
961 if (ans_buff)
962 memcpy(ans_buff, ans->data, min(exp_len, ans_size));
963 if (ans_length)
964 *ans_length = le16_to_cpu(ans->hermes_len);
965 }
966 exit:
967 ezusb_request_context_put(ctx);
968 return retval;
969 }
970
__ezusb_write_ltv(struct hermes * hw,int bap,u16 rid,u16 length,const void * data,ezusb_ctx_wait ezusb_ctx_wait_func)971 static int __ezusb_write_ltv(struct hermes *hw, int bap, u16 rid,
972 u16 length, const void *data,
973 ezusb_ctx_wait ezusb_ctx_wait_func)
974 {
975 struct ezusb_priv *upriv = hw->priv;
976 u16 frame_type;
977 struct request_context *ctx;
978
979 if (length == 0)
980 return -EINVAL;
981
982 length = HERMES_RECLEN_TO_BYTES(length);
983
984 /* On memory mapped devices HERMES_RID_CNFGROUPADDRESSES can be
985 * set to be empty, but the USB bridge doesn't like it */
986 if (length == 0)
987 return 0;
988
989 ctx = ezusb_alloc_ctx(upriv, rid, EZUSB_RID_ACK);
990 if (!ctx)
991 return -ENOMEM;
992
993 if (rid == EZUSB_RID_TX)
994 frame_type = EZUSB_FRAME_DATA;
995 else
996 frame_type = EZUSB_FRAME_CONTROL;
997
998 return ezusb_access_ltv(upriv, ctx, length, data, frame_type,
999 NULL, 0, NULL, ezusb_ctx_wait_func);
1000 }
1001
ezusb_write_ltv(struct hermes * hw,int bap,u16 rid,u16 length,const void * data)1002 static int ezusb_write_ltv(struct hermes *hw, int bap, u16 rid,
1003 u16 length, const void *data)
1004 {
1005 return __ezusb_write_ltv(hw, bap, rid, length, data,
1006 ezusb_req_ctx_wait_poll);
1007 }
1008
__ezusb_read_ltv(struct hermes * hw,int bap,u16 rid,unsigned bufsize,u16 * length,void * buf,ezusb_ctx_wait ezusb_ctx_wait_func)1009 static int __ezusb_read_ltv(struct hermes *hw, int bap, u16 rid,
1010 unsigned bufsize, u16 *length, void *buf,
1011 ezusb_ctx_wait ezusb_ctx_wait_func)
1012
1013 {
1014 struct ezusb_priv *upriv = hw->priv;
1015 struct request_context *ctx;
1016
1017 if (bufsize % 2)
1018 return -EINVAL;
1019
1020 ctx = ezusb_alloc_ctx(upriv, rid, rid);
1021 if (!ctx)
1022 return -ENOMEM;
1023
1024 return ezusb_access_ltv(upriv, ctx, 0, NULL, EZUSB_FRAME_CONTROL,
1025 buf, bufsize, length, ezusb_req_ctx_wait_poll);
1026 }
1027
ezusb_read_ltv(struct hermes * hw,int bap,u16 rid,unsigned bufsize,u16 * length,void * buf)1028 static int ezusb_read_ltv(struct hermes *hw, int bap, u16 rid,
1029 unsigned bufsize, u16 *length, void *buf)
1030 {
1031 return __ezusb_read_ltv(hw, bap, rid, bufsize, length, buf,
1032 ezusb_req_ctx_wait_poll);
1033 }
1034
ezusb_read_ltv_preempt(struct hermes * hw,int bap,u16 rid,unsigned bufsize,u16 * length,void * buf)1035 static int ezusb_read_ltv_preempt(struct hermes *hw, int bap, u16 rid,
1036 unsigned bufsize, u16 *length, void *buf)
1037 {
1038 return __ezusb_read_ltv(hw, bap, rid, bufsize, length, buf,
1039 ezusb_req_ctx_wait_compl);
1040 }
1041
ezusb_doicmd_wait(struct hermes * hw,u16 cmd,u16 parm0,u16 parm1,u16 parm2,struct hermes_response * resp)1042 static int ezusb_doicmd_wait(struct hermes *hw, u16 cmd, u16 parm0, u16 parm1,
1043 u16 parm2, struct hermes_response *resp)
1044 {
1045 WARN_ON_ONCE(1);
1046 return -EINVAL;
1047 }
1048
__ezusb_docmd_wait(struct hermes * hw,u16 cmd,u16 parm0,struct hermes_response * resp,ezusb_ctx_wait ezusb_ctx_wait_func)1049 static int __ezusb_docmd_wait(struct hermes *hw, u16 cmd, u16 parm0,
1050 struct hermes_response *resp,
1051 ezusb_ctx_wait ezusb_ctx_wait_func)
1052 {
1053 struct ezusb_priv *upriv = hw->priv;
1054 struct request_context *ctx;
1055
1056 __le16 data[4] = {
1057 cpu_to_le16(cmd),
1058 cpu_to_le16(parm0),
1059 0,
1060 0,
1061 };
1062 netdev_dbg(upriv->dev, "0x%04X, parm0 0x%04X\n", cmd, parm0);
1063 ctx = ezusb_alloc_ctx(upriv, EZUSB_RID_DOCMD, EZUSB_RID_ACK);
1064 if (!ctx)
1065 return -ENOMEM;
1066
1067 return ezusb_access_ltv(upriv, ctx, sizeof(data), &data,
1068 EZUSB_FRAME_CONTROL, NULL, 0, NULL,
1069 ezusb_ctx_wait_func);
1070 }
1071
ezusb_docmd_wait(struct hermes * hw,u16 cmd,u16 parm0,struct hermes_response * resp)1072 static int ezusb_docmd_wait(struct hermes *hw, u16 cmd, u16 parm0,
1073 struct hermes_response *resp)
1074 {
1075 return __ezusb_docmd_wait(hw, cmd, parm0, resp, ezusb_req_ctx_wait_poll);
1076 }
1077
ezusb_bap_pread(struct hermes * hw,int bap,void * buf,int len,u16 id,u16 offset)1078 static int ezusb_bap_pread(struct hermes *hw, int bap,
1079 void *buf, int len, u16 id, u16 offset)
1080 {
1081 struct ezusb_priv *upriv = hw->priv;
1082 struct ezusb_packet *ans = (void *) upriv->read_urb->transfer_buffer;
1083 int actual_length = upriv->read_urb->actual_length;
1084
1085 if (id == EZUSB_RID_RX) {
1086 if ((sizeof(*ans) + offset + len) > actual_length) {
1087 printk(KERN_ERR PFX "BAP read beyond buffer end "
1088 "in rx frame\n");
1089 return -EINVAL;
1090 }
1091 memcpy(buf, ans->data + offset, len);
1092 return 0;
1093 }
1094
1095 if (EZUSB_IS_INFO(id)) {
1096 /* Include 4 bytes for length/type */
1097 if ((sizeof(*ans) + offset + len - 4) > actual_length) {
1098 printk(KERN_ERR PFX "BAP read beyond buffer end "
1099 "in info frame\n");
1100 return -EFAULT;
1101 }
1102 memcpy(buf, ans->data + offset - 4, len);
1103 } else {
1104 printk(KERN_ERR PFX "Unexpected fid 0x%04x\n", id);
1105 return -EINVAL;
1106 }
1107
1108 return 0;
1109 }
1110
ezusb_read_pda(struct hermes * hw,__le16 * pda,u32 pda_addr,u16 pda_len)1111 static int ezusb_read_pda(struct hermes *hw, __le16 *pda,
1112 u32 pda_addr, u16 pda_len)
1113 {
1114 struct ezusb_priv *upriv = hw->priv;
1115 struct request_context *ctx;
1116 __le16 data[] = {
1117 cpu_to_le16(pda_addr & 0xffff),
1118 cpu_to_le16(pda_len - 4)
1119 };
1120 ctx = ezusb_alloc_ctx(upriv, EZUSB_RID_READ_PDA, EZUSB_RID_READ_PDA);
1121 if (!ctx)
1122 return -ENOMEM;
1123
1124 /* wl_lkm does not include PDA size in the PDA area.
1125 * We will pad the information into pda, so other routines
1126 * don't have to be modified */
1127 pda[0] = cpu_to_le16(pda_len - 2);
1128 /* Includes CFG_PROD_DATA but not itself */
1129 pda[1] = cpu_to_le16(0x0800); /* CFG_PROD_DATA */
1130
1131 return ezusb_access_ltv(upriv, ctx, sizeof(data), &data,
1132 EZUSB_FRAME_CONTROL, &pda[2], pda_len - 4,
1133 NULL, ezusb_req_ctx_wait_compl);
1134 }
1135
ezusb_program_init(struct hermes * hw,u32 entry_point)1136 static int ezusb_program_init(struct hermes *hw, u32 entry_point)
1137 {
1138 struct ezusb_priv *upriv = hw->priv;
1139 struct request_context *ctx;
1140 __le32 data = cpu_to_le32(entry_point);
1141
1142 ctx = ezusb_alloc_ctx(upriv, EZUSB_RID_PROG_INIT, EZUSB_RID_ACK);
1143 if (!ctx)
1144 return -ENOMEM;
1145
1146 return ezusb_access_ltv(upriv, ctx, sizeof(data), &data,
1147 EZUSB_FRAME_CONTROL, NULL, 0, NULL,
1148 ezusb_req_ctx_wait_compl);
1149 }
1150
ezusb_program_end(struct hermes * hw)1151 static int ezusb_program_end(struct hermes *hw)
1152 {
1153 struct ezusb_priv *upriv = hw->priv;
1154 struct request_context *ctx;
1155
1156 ctx = ezusb_alloc_ctx(upriv, EZUSB_RID_PROG_END, EZUSB_RID_ACK);
1157 if (!ctx)
1158 return -ENOMEM;
1159
1160 return ezusb_access_ltv(upriv, ctx, 0, NULL,
1161 EZUSB_FRAME_CONTROL, NULL, 0, NULL,
1162 ezusb_req_ctx_wait_compl);
1163 }
1164
ezusb_program_bytes(struct hermes * hw,const char * buf,u32 addr,u32 len)1165 static int ezusb_program_bytes(struct hermes *hw, const char *buf,
1166 u32 addr, u32 len)
1167 {
1168 struct ezusb_priv *upriv = hw->priv;
1169 struct request_context *ctx;
1170 __le32 data = cpu_to_le32(addr);
1171 int err;
1172
1173 ctx = ezusb_alloc_ctx(upriv, EZUSB_RID_PROG_SET_ADDR, EZUSB_RID_ACK);
1174 if (!ctx)
1175 return -ENOMEM;
1176
1177 err = ezusb_access_ltv(upriv, ctx, sizeof(data), &data,
1178 EZUSB_FRAME_CONTROL, NULL, 0, NULL,
1179 ezusb_req_ctx_wait_compl);
1180 if (err)
1181 return err;
1182
1183 ctx = ezusb_alloc_ctx(upriv, EZUSB_RID_PROG_BYTES, EZUSB_RID_ACK);
1184 if (!ctx)
1185 return -ENOMEM;
1186
1187 return ezusb_access_ltv(upriv, ctx, len, buf,
1188 EZUSB_FRAME_CONTROL, NULL, 0, NULL,
1189 ezusb_req_ctx_wait_compl);
1190 }
1191
ezusb_program(struct hermes * hw,const char * buf,u32 addr,u32 len)1192 static int ezusb_program(struct hermes *hw, const char *buf,
1193 u32 addr, u32 len)
1194 {
1195 u32 ch_addr;
1196 u32 ch_len;
1197 int err = 0;
1198
1199 /* We can only send 2048 bytes out of the bulk xmit at a time,
1200 * so we have to split any programming into chunks of <2048
1201 * bytes. */
1202
1203 ch_len = (len < MAX_DL_SIZE) ? len : MAX_DL_SIZE;
1204 ch_addr = addr;
1205
1206 while (ch_addr < (addr + len)) {
1207 pr_debug("Programming subblock of length %d "
1208 "to address 0x%08x. Data @ %p\n",
1209 ch_len, ch_addr, &buf[ch_addr - addr]);
1210
1211 err = ezusb_program_bytes(hw, &buf[ch_addr - addr],
1212 ch_addr, ch_len);
1213 if (err)
1214 break;
1215
1216 ch_addr += ch_len;
1217 ch_len = ((addr + len - ch_addr) < MAX_DL_SIZE) ?
1218 (addr + len - ch_addr) : MAX_DL_SIZE;
1219 }
1220
1221 return err;
1222 }
1223
ezusb_xmit(struct sk_buff * skb,struct net_device * dev)1224 static netdev_tx_t ezusb_xmit(struct sk_buff *skb, struct net_device *dev)
1225 {
1226 struct orinoco_private *priv = ndev_priv(dev);
1227 struct net_device_stats *stats = &dev->stats;
1228 struct ezusb_priv *upriv = priv->card;
1229 u8 mic[MICHAEL_MIC_LEN + 1];
1230 int err = 0;
1231 int tx_control;
1232 unsigned long flags;
1233 struct request_context *ctx;
1234 u8 *buf;
1235 int tx_size;
1236
1237 if (!netif_running(dev)) {
1238 printk(KERN_ERR "%s: Tx on stopped device!\n",
1239 dev->name);
1240 return NETDEV_TX_BUSY;
1241 }
1242
1243 if (netif_queue_stopped(dev)) {
1244 printk(KERN_DEBUG "%s: Tx while transmitter busy!\n",
1245 dev->name);
1246 return NETDEV_TX_BUSY;
1247 }
1248
1249 if (orinoco_lock(priv, &flags) != 0) {
1250 printk(KERN_ERR
1251 "%s: ezusb_xmit() called while hw_unavailable\n",
1252 dev->name);
1253 return NETDEV_TX_BUSY;
1254 }
1255
1256 if (!netif_carrier_ok(dev) ||
1257 (priv->iw_mode == NL80211_IFTYPE_MONITOR)) {
1258 /* Oops, the firmware hasn't established a connection,
1259 silently drop the packet (this seems to be the
1260 safest approach). */
1261 goto drop;
1262 }
1263
1264 /* Check packet length */
1265 if (skb->len < ETH_HLEN)
1266 goto drop;
1267
1268 tx_control = 0;
1269
1270 err = orinoco_process_xmit_skb(skb, dev, priv, &tx_control,
1271 &mic[0]);
1272 if (err)
1273 goto drop;
1274
1275 ctx = ezusb_alloc_ctx(upriv, EZUSB_RID_TX, 0);
1276 if (!ctx)
1277 goto drop;
1278
1279 memset(ctx->buf, 0, BULK_BUF_SIZE);
1280 buf = ctx->buf->data;
1281
1282 {
1283 __le16 *tx_cntl = (__le16 *)buf;
1284 *tx_cntl = cpu_to_le16(tx_control);
1285 buf += sizeof(*tx_cntl);
1286 }
1287
1288 memcpy(buf, skb->data, skb->len);
1289 buf += skb->len;
1290
1291 if (tx_control & HERMES_TXCTRL_MIC) {
1292 u8 *m = mic;
1293 /* Mic has been offset so it can be copied to an even
1294 * address. We're copying eveything anyway, so we
1295 * don't need to copy that first byte. */
1296 if (skb->len % 2)
1297 m++;
1298 memcpy(buf, m, MICHAEL_MIC_LEN);
1299 buf += MICHAEL_MIC_LEN;
1300 }
1301
1302 /* Finally, we actually initiate the send */
1303 netif_stop_queue(dev);
1304
1305 /* The card may behave better if we send evenly sized usb transfers */
1306 tx_size = ALIGN(buf - ctx->buf->data, 2);
1307
1308 err = ezusb_access_ltv(upriv, ctx, tx_size, NULL,
1309 EZUSB_FRAME_DATA, NULL, 0, NULL,
1310 ezusb_req_ctx_wait_skip);
1311
1312 if (err) {
1313 netif_start_queue(dev);
1314 if (net_ratelimit())
1315 printk(KERN_ERR "%s: Error %d transmitting packet\n",
1316 dev->name, err);
1317 goto busy;
1318 }
1319
1320 netif_trans_update(dev);
1321 stats->tx_bytes += skb->len;
1322 goto ok;
1323
1324 drop:
1325 stats->tx_errors++;
1326 stats->tx_dropped++;
1327
1328 ok:
1329 orinoco_unlock(priv, &flags);
1330 dev_kfree_skb(skb);
1331 return NETDEV_TX_OK;
1332
1333 busy:
1334 orinoco_unlock(priv, &flags);
1335 return NETDEV_TX_BUSY;
1336 }
1337
ezusb_allocate(struct hermes * hw,u16 size,u16 * fid)1338 static int ezusb_allocate(struct hermes *hw, u16 size, u16 *fid)
1339 {
1340 *fid = EZUSB_RID_TX;
1341 return 0;
1342 }
1343
1344
ezusb_hard_reset(struct orinoco_private * priv)1345 static int ezusb_hard_reset(struct orinoco_private *priv)
1346 {
1347 struct ezusb_priv *upriv = priv->card;
1348 int retval = ezusb_8051_cpucs(upriv, 1);
1349
1350 if (retval < 0) {
1351 err("Failed to reset");
1352 return retval;
1353 }
1354
1355 retval = ezusb_8051_cpucs(upriv, 0);
1356 if (retval < 0) {
1357 err("Failed to unreset");
1358 return retval;
1359 }
1360
1361 netdev_dbg(upriv->dev, "sending control message\n");
1362 retval = usb_control_msg(upriv->udev,
1363 usb_sndctrlpipe(upriv->udev, 0),
1364 EZUSB_REQUEST_TRIGGER,
1365 USB_TYPE_VENDOR | USB_RECIP_DEVICE |
1366 USB_DIR_OUT, 0x0, 0x0, NULL, 0,
1367 DEF_TIMEOUT);
1368 if (retval < 0) {
1369 err("EZUSB_REQUEST_TRIGGER failed retval %d", retval);
1370 return retval;
1371 }
1372 #if 0
1373 dbg("Sending EZUSB_REQUEST_TRIG_AC");
1374 retval = usb_control_msg(upriv->udev,
1375 usb_sndctrlpipe(upriv->udev, 0),
1376 EZUSB_REQUEST_TRIG_AC,
1377 USB_TYPE_VENDOR | USB_RECIP_DEVICE |
1378 USB_DIR_OUT, 0x00FA, 0x0, NULL, 0,
1379 DEF_TIMEOUT);
1380 if (retval < 0) {
1381 err("EZUSB_REQUEST_TRIG_AC failed retval %d", retval);
1382 return retval;
1383 }
1384 #endif
1385
1386 return 0;
1387 }
1388
1389
ezusb_init(struct hermes * hw)1390 static int ezusb_init(struct hermes *hw)
1391 {
1392 struct ezusb_priv *upriv = hw->priv;
1393 int retval;
1394
1395 if (!upriv)
1396 return -EINVAL;
1397
1398 upriv->reply_count = 0;
1399 /* Write the MAGIC number on the simulated registers to keep
1400 * orinoco.c happy */
1401 hermes_write_regn(hw, SWSUPPORT0, HERMES_MAGIC);
1402 hermes_write_regn(hw, RXFID, EZUSB_RID_RX);
1403
1404 usb_kill_urb(upriv->read_urb);
1405 ezusb_submit_in_urb(upriv);
1406
1407 retval = __ezusb_write_ltv(hw, 0, EZUSB_RID_INIT1,
1408 HERMES_BYTES_TO_RECLEN(2), "\x10\x00",
1409 ezusb_req_ctx_wait_compl);
1410 if (retval < 0) {
1411 printk(KERN_ERR PFX "EZUSB_RID_INIT1 error %d\n", retval);
1412 return retval;
1413 }
1414
1415 retval = __ezusb_docmd_wait(hw, HERMES_CMD_INIT, 0, NULL,
1416 ezusb_req_ctx_wait_compl);
1417 if (retval < 0) {
1418 printk(KERN_ERR PFX "HERMES_CMD_INIT error %d\n", retval);
1419 return retval;
1420 }
1421
1422 return 0;
1423 }
1424
ezusb_bulk_in_callback(struct urb * urb)1425 static void ezusb_bulk_in_callback(struct urb *urb)
1426 {
1427 struct ezusb_priv *upriv = (struct ezusb_priv *) urb->context;
1428 struct ezusb_packet *ans = urb->transfer_buffer;
1429 u16 crc;
1430 u16 hermes_rid;
1431
1432 if (upriv->udev == NULL)
1433 return;
1434
1435 if (urb->status == -ETIMEDOUT) {
1436 /* When a device gets unplugged we get this every time
1437 * we resubmit, flooding the logs. Since we don't use
1438 * USB timeouts, it shouldn't happen any other time*/
1439 pr_warn("%s: urb timed out, not resubmitting\n", __func__);
1440 return;
1441 }
1442 if (urb->status == -ECONNABORTED) {
1443 pr_warn("%s: connection abort, resubmitting urb\n",
1444 __func__);
1445 goto resubmit;
1446 }
1447 if ((urb->status == -EILSEQ)
1448 || (urb->status == -ENOENT)
1449 || (urb->status == -ECONNRESET)) {
1450 netdev_dbg(upriv->dev, "status %d, not resubmiting\n",
1451 urb->status);
1452 return;
1453 }
1454 if (urb->status)
1455 netdev_dbg(upriv->dev, "status: %d length: %d\n",
1456 urb->status, urb->actual_length);
1457 if (urb->actual_length < sizeof(*ans)) {
1458 err("%s: short read, ignoring", __func__);
1459 goto resubmit;
1460 }
1461 crc = build_crc(ans);
1462 if (le16_to_cpu(ans->crc) != crc) {
1463 err("CRC error, ignoring packet");
1464 goto resubmit;
1465 }
1466
1467 hermes_rid = le16_to_cpu(ans->hermes_rid);
1468 if ((hermes_rid != EZUSB_RID_RX) && !EZUSB_IS_INFO(hermes_rid)) {
1469 ezusb_request_in_callback(upriv, urb);
1470 } else if (upriv->dev) {
1471 struct net_device *dev = upriv->dev;
1472 struct orinoco_private *priv = ndev_priv(dev);
1473 struct hermes *hw = &priv->hw;
1474
1475 if (hermes_rid == EZUSB_RID_RX) {
1476 __orinoco_ev_rx(dev, hw);
1477 } else {
1478 hermes_write_regn(hw, INFOFID,
1479 le16_to_cpu(ans->hermes_rid));
1480 __orinoco_ev_info(dev, hw);
1481 }
1482 }
1483
1484 resubmit:
1485 if (upriv->udev)
1486 ezusb_submit_in_urb(upriv);
1487 }
1488
ezusb_delete(struct ezusb_priv * upriv)1489 static inline void ezusb_delete(struct ezusb_priv *upriv)
1490 {
1491 struct list_head *item;
1492 struct list_head *tmp_item;
1493 unsigned long flags;
1494
1495 BUG_ON(!upriv);
1496
1497 mutex_lock(&upriv->mtx);
1498
1499 upriv->udev = NULL; /* No timer will be rearmed from here */
1500
1501 usb_kill_urb(upriv->read_urb);
1502
1503 spin_lock_irqsave(&upriv->req_lock, flags);
1504 list_for_each_safe(item, tmp_item, &upriv->req_active) {
1505 struct request_context *ctx;
1506 int err;
1507
1508 ctx = list_entry(item, struct request_context, list);
1509 refcount_inc(&ctx->refcount);
1510
1511 ctx->outurb->transfer_flags |= URB_ASYNC_UNLINK;
1512 err = usb_unlink_urb(ctx->outurb);
1513
1514 spin_unlock_irqrestore(&upriv->req_lock, flags);
1515 if (err == -EINPROGRESS)
1516 wait_for_completion(&ctx->done);
1517
1518 del_timer_sync(&ctx->timer);
1519 /* FIXME: there is an slight chance for the irq handler to
1520 * be running */
1521 if (!list_empty(&ctx->list))
1522 ezusb_ctx_complete(ctx);
1523
1524 ezusb_request_context_put(ctx);
1525 spin_lock_irqsave(&upriv->req_lock, flags);
1526 }
1527 spin_unlock_irqrestore(&upriv->req_lock, flags);
1528
1529 list_for_each_safe(item, tmp_item, &upriv->req_pending)
1530 ezusb_ctx_complete(list_entry(item,
1531 struct request_context, list));
1532
1533 if (upriv->read_urb && upriv->read_urb->status == -EINPROGRESS)
1534 printk(KERN_ERR PFX "Some URB in progress\n");
1535
1536 mutex_unlock(&upriv->mtx);
1537
1538 if (upriv->read_urb) {
1539 kfree(upriv->read_urb->transfer_buffer);
1540 usb_free_urb(upriv->read_urb);
1541 }
1542 kfree(upriv->bap_buf);
1543 if (upriv->dev) {
1544 struct orinoco_private *priv = ndev_priv(upriv->dev);
1545 orinoco_if_del(priv);
1546 wiphy_unregister(priv_to_wiphy(upriv));
1547 free_orinocodev(priv);
1548 }
1549 }
1550
ezusb_lock_irqsave(spinlock_t * lock,unsigned long * flags)1551 static void ezusb_lock_irqsave(spinlock_t *lock,
1552 unsigned long *flags) __acquires(lock)
1553 {
1554 spin_lock_bh(lock);
1555 }
1556
ezusb_unlock_irqrestore(spinlock_t * lock,unsigned long * flags)1557 static void ezusb_unlock_irqrestore(spinlock_t *lock,
1558 unsigned long *flags) __releases(lock)
1559 {
1560 spin_unlock_bh(lock);
1561 }
1562
ezusb_lock_irq(spinlock_t * lock)1563 static void ezusb_lock_irq(spinlock_t *lock) __acquires(lock)
1564 {
1565 spin_lock_bh(lock);
1566 }
1567
ezusb_unlock_irq(spinlock_t * lock)1568 static void ezusb_unlock_irq(spinlock_t *lock) __releases(lock)
1569 {
1570 spin_unlock_bh(lock);
1571 }
1572
1573 static const struct hermes_ops ezusb_ops = {
1574 .init = ezusb_init,
1575 .cmd_wait = ezusb_docmd_wait,
1576 .init_cmd_wait = ezusb_doicmd_wait,
1577 .allocate = ezusb_allocate,
1578 .read_ltv = ezusb_read_ltv,
1579 .read_ltv_pr = ezusb_read_ltv_preempt,
1580 .write_ltv = ezusb_write_ltv,
1581 .bap_pread = ezusb_bap_pread,
1582 .read_pda = ezusb_read_pda,
1583 .program_init = ezusb_program_init,
1584 .program_end = ezusb_program_end,
1585 .program = ezusb_program,
1586 .lock_irqsave = ezusb_lock_irqsave,
1587 .unlock_irqrestore = ezusb_unlock_irqrestore,
1588 .lock_irq = ezusb_lock_irq,
1589 .unlock_irq = ezusb_unlock_irq,
1590 };
1591
1592 static const struct net_device_ops ezusb_netdev_ops = {
1593 .ndo_open = orinoco_open,
1594 .ndo_stop = orinoco_stop,
1595 .ndo_start_xmit = ezusb_xmit,
1596 .ndo_set_rx_mode = orinoco_set_multicast_list,
1597 .ndo_change_mtu = orinoco_change_mtu,
1598 .ndo_set_mac_address = eth_mac_addr,
1599 .ndo_validate_addr = eth_validate_addr,
1600 .ndo_tx_timeout = orinoco_tx_timeout,
1601 };
1602
ezusb_probe(struct usb_interface * interface,const struct usb_device_id * id)1603 static int ezusb_probe(struct usb_interface *interface,
1604 const struct usb_device_id *id)
1605 {
1606 struct usb_device *udev = interface_to_usbdev(interface);
1607 struct orinoco_private *priv;
1608 struct hermes *hw;
1609 struct ezusb_priv *upriv = NULL;
1610 struct usb_interface_descriptor *iface_desc;
1611 struct usb_endpoint_descriptor *ep;
1612 const struct firmware *fw_entry = NULL;
1613 int retval = 0;
1614 int i;
1615
1616 priv = alloc_orinocodev(sizeof(*upriv), &udev->dev,
1617 ezusb_hard_reset, NULL);
1618 if (!priv) {
1619 err("Couldn't allocate orinocodev");
1620 retval = -ENOMEM;
1621 goto exit;
1622 }
1623
1624 hw = &priv->hw;
1625
1626 upriv = priv->card;
1627
1628 mutex_init(&upriv->mtx);
1629 spin_lock_init(&upriv->reply_count_lock);
1630
1631 spin_lock_init(&upriv->req_lock);
1632 INIT_LIST_HEAD(&upriv->req_pending);
1633 INIT_LIST_HEAD(&upriv->req_active);
1634
1635 upriv->udev = udev;
1636
1637 hw->iobase = (void __force __iomem *) &upriv->hermes_reg_fake;
1638 hw->reg_spacing = HERMES_16BIT_REGSPACING;
1639 hw->priv = upriv;
1640 hw->ops = &ezusb_ops;
1641
1642 /* set up the endpoint information */
1643 /* check out the endpoints */
1644
1645 iface_desc = &interface->cur_altsetting->desc;
1646 for (i = 0; i < iface_desc->bNumEndpoints; ++i) {
1647 ep = &interface->cur_altsetting->endpoint[i].desc;
1648
1649 if (usb_endpoint_is_bulk_in(ep)) {
1650 /* we found a bulk in endpoint */
1651 if (upriv->read_urb != NULL) {
1652 pr_warn("Found a second bulk in ep, ignored\n");
1653 continue;
1654 }
1655
1656 upriv->read_urb = usb_alloc_urb(0, GFP_KERNEL);
1657 if (!upriv->read_urb)
1658 goto error;
1659 if (le16_to_cpu(ep->wMaxPacketSize) != 64)
1660 pr_warn("bulk in: wMaxPacketSize!= 64\n");
1661 if (ep->bEndpointAddress != (2 | USB_DIR_IN))
1662 pr_warn("bulk in: bEndpointAddress: %d\n",
1663 ep->bEndpointAddress);
1664 upriv->read_pipe = usb_rcvbulkpipe(udev,
1665 ep->
1666 bEndpointAddress);
1667 upriv->read_urb->transfer_buffer =
1668 kmalloc(BULK_BUF_SIZE, GFP_KERNEL);
1669 if (!upriv->read_urb->transfer_buffer) {
1670 err("Couldn't allocate IN buffer");
1671 goto error;
1672 }
1673 }
1674
1675 if (usb_endpoint_is_bulk_out(ep)) {
1676 /* we found a bulk out endpoint */
1677 if (upriv->bap_buf != NULL) {
1678 pr_warn("Found a second bulk out ep, ignored\n");
1679 continue;
1680 }
1681
1682 if (le16_to_cpu(ep->wMaxPacketSize) != 64)
1683 pr_warn("bulk out: wMaxPacketSize != 64\n");
1684 if (ep->bEndpointAddress != 2)
1685 pr_warn("bulk out: bEndpointAddress: %d\n",
1686 ep->bEndpointAddress);
1687 upriv->write_pipe = usb_sndbulkpipe(udev,
1688 ep->
1689 bEndpointAddress);
1690 upriv->bap_buf = kmalloc(BULK_BUF_SIZE, GFP_KERNEL);
1691 if (!upriv->bap_buf) {
1692 err("Couldn't allocate bulk_out_buffer");
1693 goto error;
1694 }
1695 }
1696 }
1697 if (!upriv->bap_buf || !upriv->read_urb) {
1698 err("Didn't find the required bulk endpoints");
1699 goto error;
1700 }
1701
1702 if (request_firmware(&fw_entry, "orinoco_ezusb_fw",
1703 &interface->dev) == 0) {
1704 firmware.size = fw_entry->size;
1705 firmware.code = fw_entry->data;
1706 }
1707 if (firmware.size && firmware.code) {
1708 if (ezusb_firmware_download(upriv, &firmware) < 0)
1709 goto error;
1710 } else {
1711 err("No firmware to download");
1712 goto error;
1713 }
1714
1715 if (ezusb_hard_reset(priv) < 0) {
1716 err("Cannot reset the device");
1717 goto error;
1718 }
1719
1720 /* If the firmware is already downloaded orinoco.c will call
1721 * ezusb_init but if the firmware is not already there, that will make
1722 * the kernel very unstable, so we try initializing here and quit in
1723 * case of error */
1724 if (ezusb_init(hw) < 0) {
1725 err("Couldn't initialize the device");
1726 err("Firmware may not be downloaded or may be wrong.");
1727 goto error;
1728 }
1729
1730 /* Initialise the main driver */
1731 if (orinoco_init(priv) != 0) {
1732 err("orinoco_init() failed\n");
1733 goto error;
1734 }
1735
1736 if (orinoco_if_add(priv, 0, 0, &ezusb_netdev_ops) != 0) {
1737 upriv->dev = NULL;
1738 err("%s: orinoco_if_add() failed", __func__);
1739 wiphy_unregister(priv_to_wiphy(priv));
1740 goto error;
1741 }
1742 upriv->dev = priv->ndev;
1743
1744 goto exit;
1745
1746 error:
1747 ezusb_delete(upriv);
1748 if (upriv->dev) {
1749 /* upriv->dev was 0, so ezusb_delete() didn't free it */
1750 free_orinocodev(priv);
1751 }
1752 upriv = NULL;
1753 retval = -EFAULT;
1754 exit:
1755 if (fw_entry) {
1756 firmware.code = NULL;
1757 firmware.size = 0;
1758 release_firmware(fw_entry);
1759 }
1760 usb_set_intfdata(interface, upriv);
1761 return retval;
1762 }
1763
1764
ezusb_disconnect(struct usb_interface * intf)1765 static void ezusb_disconnect(struct usb_interface *intf)
1766 {
1767 struct ezusb_priv *upriv = usb_get_intfdata(intf);
1768 usb_set_intfdata(intf, NULL);
1769 ezusb_delete(upriv);
1770 printk(KERN_INFO PFX "Disconnected\n");
1771 }
1772
1773
1774 /* usb specific object needed to register this driver with the usb subsystem */
1775 static struct usb_driver orinoco_driver = {
1776 .name = DRIVER_NAME,
1777 .probe = ezusb_probe,
1778 .disconnect = ezusb_disconnect,
1779 .id_table = ezusb_table,
1780 .disable_hub_initiated_lpm = 1,
1781 };
1782
1783 module_usb_driver(orinoco_driver);
1784
1785 MODULE_AUTHOR("Manuel Estrada Sainz");
1786 MODULE_DESCRIPTION("Driver for Orinoco wireless LAN cards using EZUSB bridge");
1787 MODULE_LICENSE("Dual MPL/GPL");
1788