1 /*
2  * Copyright (c) 2006 Damien Bergamini <damien.bergamini@free.fr>
3  * Copyright (c) 2006 Sam Leffler, Errno Consulting
4  * Copyright (c) 2007 Christoph Hellwig <hch@lst.de>
5  * Copyright (c) 2008-2009 Weongyo Jeong <weongyo@freebsd.org>
6  * Copyright (c) 2012 Pontus Fuchs <pontus.fuchs@gmail.com>
7  *
8  * Permission to use, copy, modify, and/or distribute this software for any
9  * purpose with or without fee is hereby granted, provided that the above
10  * copyright notice and this permission notice appear in all copies.
11  *
12  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
13  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
14  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
15  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
16  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19  */
20 
21 /*
22  * This driver is based on the uath driver written by Damien Bergamini for
23  * OpenBSD, who did black-box analysis of the Windows binary driver to find
24  * out how the hardware works.  It contains a lot magic numbers because of
25  * that and only has minimal functionality.
26  */
27 #include <linux/compiler.h>
28 #include <linux/init.h>
29 #include <linux/kernel.h>
30 #include <linux/module.h>
31 #include <linux/list.h>
32 #include <linux/completion.h>
33 #include <linux/firmware.h>
34 #include <linux/skbuff.h>
35 #include <linux/usb.h>
36 #include <net/mac80211.h>
37 
38 #include "ar5523.h"
39 #include "ar5523_hw.h"
40 
41 /*
42  * Various supported device vendors/products.
43  * UB51: AR5005UG 802.11b/g, UB52: AR5005UX 802.11a/b/g
44  */
45 
46 static int ar5523_submit_rx_cmd(struct ar5523 *ar);
47 static void ar5523_data_tx_pkt_put(struct ar5523 *ar);
48 
49 static void ar5523_read_reply(struct ar5523 *ar, struct ar5523_cmd_hdr *hdr,
50 			      struct ar5523_tx_cmd *cmd)
51 {
52 	int dlen, olen;
53 	__be32 *rp;
54 
55 	dlen = be32_to_cpu(hdr->len) - sizeof(*hdr);
56 
57 	if (dlen < 0) {
58 		WARN_ON(1);
59 		goto out;
60 	}
61 
62 	ar5523_dbg(ar, "Code = %d len = %d\n", be32_to_cpu(hdr->code) & 0xff,
63 		   dlen);
64 
65 	rp = (__be32 *)(hdr + 1);
66 	if (dlen >= sizeof(u32)) {
67 		olen = be32_to_cpu(rp[0]);
68 		dlen -= sizeof(u32);
69 		if (olen == 0) {
70 			/* convention is 0 =>'s one word */
71 			olen = sizeof(u32);
72 		}
73 	} else
74 		olen = 0;
75 
76 	if (cmd->odata) {
77 		if (cmd->olen < olen) {
78 			ar5523_err(ar, "olen to small %d < %d\n",
79 				   cmd->olen, olen);
80 			cmd->olen = 0;
81 			cmd->res = -EOVERFLOW;
82 		} else {
83 			cmd->olen = olen;
84 			memcpy(cmd->odata, &rp[1], olen);
85 			cmd->res = 0;
86 		}
87 	}
88 
89 out:
90 	complete(&cmd->done);
91 }
92 
93 static void ar5523_cmd_rx_cb(struct urb *urb)
94 {
95 	struct ar5523 *ar = urb->context;
96 	struct ar5523_tx_cmd *cmd = &ar->tx_cmd;
97 	struct ar5523_cmd_hdr *hdr = ar->rx_cmd_buf;
98 	int dlen;
99 	u32 code, hdrlen;
100 
101 	if (urb->status) {
102 		if (urb->status != -ESHUTDOWN)
103 			ar5523_err(ar, "RX USB error %d.\n", urb->status);
104 		goto skip;
105 	}
106 
107 	if (urb->actual_length < sizeof(struct ar5523_cmd_hdr)) {
108 		ar5523_err(ar, "RX USB to short.\n");
109 		goto skip;
110 	}
111 
112 	ar5523_dbg(ar, "%s code %02x priv %d\n", __func__,
113 		   be32_to_cpu(hdr->code) & 0xff, hdr->priv);
114 
115 	code = be32_to_cpu(hdr->code);
116 	hdrlen = be32_to_cpu(hdr->len);
117 
118 	switch (code & 0xff) {
119 	default:
120 		/* reply to a read command */
121 		if (hdr->priv != AR5523_CMD_ID) {
122 			ar5523_err(ar, "Unexpected command id: %02x\n",
123 				   code & 0xff);
124 			goto skip;
125 		}
126 		ar5523_read_reply(ar, hdr, cmd);
127 		break;
128 
129 	case WDCMSG_DEVICE_AVAIL:
130 		ar5523_dbg(ar, "WDCMSG_DEVICE_AVAIL\n");
131 		cmd->res = 0;
132 		cmd->olen = 0;
133 		complete(&cmd->done);
134 		break;
135 
136 	case WDCMSG_SEND_COMPLETE:
137 		ar5523_dbg(ar, "WDCMSG_SEND_COMPLETE: %d pending\n",
138 			atomic_read(&ar->tx_nr_pending));
139 		if (!test_bit(AR5523_HW_UP, &ar->flags))
140 			ar5523_dbg(ar, "Unexpected WDCMSG_SEND_COMPLETE\n");
141 		else {
142 			mod_timer(&ar->tx_wd_timer,
143 				  jiffies + AR5523_TX_WD_TIMEOUT);
144 			ar5523_data_tx_pkt_put(ar);
145 
146 		}
147 		break;
148 
149 	case WDCMSG_TARGET_START:
150 		/* This command returns a bogus id so it needs special
151 		   handling */
152 		dlen = hdrlen - sizeof(*hdr);
153 		if (dlen != (int)sizeof(u32)) {
154 			ar5523_err(ar, "Invalid reply to WDCMSG_TARGET_START");
155 			return;
156 		}
157 		memcpy(cmd->odata, hdr + 1, sizeof(u32));
158 		cmd->olen = sizeof(u32);
159 		cmd->res = 0;
160 		complete(&cmd->done);
161 		break;
162 
163 	case WDCMSG_STATS_UPDATE:
164 		ar5523_dbg(ar, "WDCMSG_STATS_UPDATE\n");
165 		break;
166 	}
167 
168 skip:
169 	ar5523_submit_rx_cmd(ar);
170 }
171 
172 static int ar5523_alloc_rx_cmd(struct ar5523 *ar)
173 {
174 	ar->rx_cmd_urb = usb_alloc_urb(0, GFP_KERNEL);
175 	if (!ar->rx_cmd_urb)
176 		return -ENOMEM;
177 
178 	ar->rx_cmd_buf = usb_alloc_coherent(ar->dev, AR5523_MAX_RXCMDSZ,
179 					    GFP_KERNEL,
180 					    &ar->rx_cmd_urb->transfer_dma);
181 	if (!ar->rx_cmd_buf) {
182 		usb_free_urb(ar->rx_cmd_urb);
183 		return -ENOMEM;
184 	}
185 	return 0;
186 }
187 
188 static void ar5523_cancel_rx_cmd(struct ar5523 *ar)
189 {
190 	usb_kill_urb(ar->rx_cmd_urb);
191 }
192 
193 static void ar5523_free_rx_cmd(struct ar5523 *ar)
194 {
195 	usb_free_coherent(ar->dev, AR5523_MAX_RXCMDSZ,
196 			  ar->rx_cmd_buf, ar->rx_cmd_urb->transfer_dma);
197 	usb_free_urb(ar->rx_cmd_urb);
198 }
199 
200 static int ar5523_submit_rx_cmd(struct ar5523 *ar)
201 {
202 	int error;
203 
204 	usb_fill_bulk_urb(ar->rx_cmd_urb, ar->dev,
205 			  ar5523_cmd_rx_pipe(ar->dev), ar->rx_cmd_buf,
206 			  AR5523_MAX_RXCMDSZ, ar5523_cmd_rx_cb, ar);
207 	ar->rx_cmd_urb->transfer_flags |= URB_NO_TRANSFER_DMA_MAP;
208 
209 	error = usb_submit_urb(ar->rx_cmd_urb, GFP_ATOMIC);
210 	if (error) {
211 		if (error != -ENODEV)
212 			ar5523_err(ar, "error %d when submitting rx urb\n",
213 				   error);
214 		return error;
215 	}
216 	return 0;
217 }
218 
219 /*
220  * Command submitted cb
221  */
222 static void ar5523_cmd_tx_cb(struct urb *urb)
223 {
224 	struct ar5523_tx_cmd *cmd = urb->context;
225 	struct ar5523 *ar = cmd->ar;
226 
227 	if (urb->status) {
228 		ar5523_err(ar, "Failed to TX command. Status = %d\n",
229 			   urb->status);
230 		cmd->res = urb->status;
231 		complete(&cmd->done);
232 		return;
233 	}
234 
235 	if (!(cmd->flags & AR5523_CMD_FLAG_READ)) {
236 		cmd->res = 0;
237 		complete(&cmd->done);
238 	}
239 }
240 
241 static int ar5523_cmd(struct ar5523 *ar, u32 code, const void *idata,
242 		      int ilen, void *odata, int olen, int flags)
243 {
244 	struct ar5523_cmd_hdr *hdr;
245 	struct ar5523_tx_cmd *cmd = &ar->tx_cmd;
246 	int xferlen, error;
247 
248 	/* always bulk-out a multiple of 4 bytes */
249 	xferlen = (sizeof(struct ar5523_cmd_hdr) + ilen + 3) & ~3;
250 
251 	hdr = (struct ar5523_cmd_hdr *)cmd->buf_tx;
252 	memset(hdr, 0, sizeof(struct ar5523_cmd_hdr));
253 	hdr->len  = cpu_to_be32(xferlen);
254 	hdr->code = cpu_to_be32(code);
255 	hdr->priv = AR5523_CMD_ID;
256 
257 	if (flags & AR5523_CMD_FLAG_MAGIC)
258 		hdr->magic = cpu_to_be32(1 << 24);
259 	memcpy(hdr + 1, idata, ilen);
260 
261 	cmd->odata = odata;
262 	cmd->olen = olen;
263 	cmd->flags = flags;
264 
265 	ar5523_dbg(ar, "do cmd %02x\n", code);
266 
267 	usb_fill_bulk_urb(cmd->urb_tx, ar->dev, ar5523_cmd_tx_pipe(ar->dev),
268 			  cmd->buf_tx, xferlen, ar5523_cmd_tx_cb, cmd);
269 	cmd->urb_tx->transfer_flags |= URB_NO_TRANSFER_DMA_MAP;
270 
271 	error = usb_submit_urb(cmd->urb_tx, GFP_KERNEL);
272 	if (error) {
273 		ar5523_err(ar, "could not send command 0x%x, error=%d\n",
274 			   code, error);
275 		return error;
276 	}
277 
278 	if (!wait_for_completion_timeout(&cmd->done, 2 * HZ)) {
279 		cmd->odata = NULL;
280 		ar5523_err(ar, "timeout waiting for command %02x reply\n",
281 			   code);
282 		cmd->res = -ETIMEDOUT;
283 	}
284 	return cmd->res;
285 }
286 
287 static int ar5523_cmd_write(struct ar5523 *ar, u32 code, const void *data,
288 			    int len, int flags)
289 {
290 	flags &= ~AR5523_CMD_FLAG_READ;
291 	return ar5523_cmd(ar, code, data, len, NULL, 0, flags);
292 }
293 
294 static int ar5523_cmd_read(struct ar5523 *ar, u32 code, const void *idata,
295 			   int ilen, void *odata, int olen, int flags)
296 {
297 	flags |= AR5523_CMD_FLAG_READ;
298 	return ar5523_cmd(ar, code, idata, ilen, odata, olen, flags);
299 }
300 
301 static int ar5523_config(struct ar5523 *ar, u32 reg, u32 val)
302 {
303 	struct ar5523_write_mac write;
304 	int error;
305 
306 	write.reg = cpu_to_be32(reg);
307 	write.len = cpu_to_be32(0);	/* 0 = single write */
308 	*(__be32 *)write.data = cpu_to_be32(val);
309 
310 	error = ar5523_cmd_write(ar, WDCMSG_TARGET_SET_CONFIG, &write,
311 				 3 * sizeof(u32), 0);
312 	if (error != 0)
313 		ar5523_err(ar, "could not write register 0x%02x\n", reg);
314 	return error;
315 }
316 
317 static int ar5523_config_multi(struct ar5523 *ar, u32 reg, const void *data,
318 			       int len)
319 {
320 	struct ar5523_write_mac write;
321 	int error;
322 
323 	write.reg = cpu_to_be32(reg);
324 	write.len = cpu_to_be32(len);
325 	memcpy(write.data, data, len);
326 
327 	/* properly handle the case where len is zero (reset) */
328 	error = ar5523_cmd_write(ar, WDCMSG_TARGET_SET_CONFIG, &write,
329 	    (len == 0) ? sizeof(u32) : 2 * sizeof(u32) + len, 0);
330 	if (error != 0)
331 		ar5523_err(ar, "could not write %d bytes to register 0x%02x\n",
332 			   len, reg);
333 	return error;
334 }
335 
336 static int ar5523_get_status(struct ar5523 *ar, u32 which, void *odata,
337 			     int olen)
338 {
339 	int error;
340 	__be32 which_be;
341 
342 	which_be = cpu_to_be32(which);
343 	error = ar5523_cmd_read(ar, WDCMSG_TARGET_GET_STATUS,
344 	    &which_be, sizeof(which_be), odata, olen, AR5523_CMD_FLAG_MAGIC);
345 	if (error != 0)
346 		ar5523_err(ar, "could not read EEPROM offset 0x%02x\n", which);
347 	return error;
348 }
349 
350 static int ar5523_get_capability(struct ar5523 *ar, u32 cap, u32 *val)
351 {
352 	int error;
353 	__be32 cap_be, val_be;
354 
355 	cap_be = cpu_to_be32(cap);
356 	error = ar5523_cmd_read(ar, WDCMSG_TARGET_GET_CAPABILITY, &cap_be,
357 				sizeof(cap_be), &val_be, sizeof(__be32),
358 				AR5523_CMD_FLAG_MAGIC);
359 	if (error != 0) {
360 		ar5523_err(ar, "could not read capability %u\n", cap);
361 		return error;
362 	}
363 	*val = be32_to_cpu(val_be);
364 	return error;
365 }
366 
367 static int ar5523_get_devcap(struct ar5523 *ar)
368 {
369 #define	GETCAP(x) do {				\
370 	error = ar5523_get_capability(ar, x, &cap);		\
371 	if (error != 0)					\
372 		return error;				\
373 	ar5523_info(ar, "Cap: "			\
374 	    "%s=0x%08x\n", #x, cap);	\
375 } while (0)
376 	int error;
377 	u32 cap;
378 
379 	/* collect device capabilities */
380 	GETCAP(CAP_TARGET_VERSION);
381 	GETCAP(CAP_TARGET_REVISION);
382 	GETCAP(CAP_MAC_VERSION);
383 	GETCAP(CAP_MAC_REVISION);
384 	GETCAP(CAP_PHY_REVISION);
385 	GETCAP(CAP_ANALOG_5GHz_REVISION);
386 	GETCAP(CAP_ANALOG_2GHz_REVISION);
387 
388 	GETCAP(CAP_REG_DOMAIN);
389 	GETCAP(CAP_REG_CAP_BITS);
390 	GETCAP(CAP_WIRELESS_MODES);
391 	GETCAP(CAP_CHAN_SPREAD_SUPPORT);
392 	GETCAP(CAP_COMPRESS_SUPPORT);
393 	GETCAP(CAP_BURST_SUPPORT);
394 	GETCAP(CAP_FAST_FRAMES_SUPPORT);
395 	GETCAP(CAP_CHAP_TUNING_SUPPORT);
396 	GETCAP(CAP_TURBOG_SUPPORT);
397 	GETCAP(CAP_TURBO_PRIME_SUPPORT);
398 	GETCAP(CAP_DEVICE_TYPE);
399 	GETCAP(CAP_WME_SUPPORT);
400 	GETCAP(CAP_TOTAL_QUEUES);
401 	GETCAP(CAP_CONNECTION_ID_MAX);
402 
403 	GETCAP(CAP_LOW_5GHZ_CHAN);
404 	GETCAP(CAP_HIGH_5GHZ_CHAN);
405 	GETCAP(CAP_LOW_2GHZ_CHAN);
406 	GETCAP(CAP_HIGH_2GHZ_CHAN);
407 	GETCAP(CAP_TWICE_ANTENNAGAIN_5G);
408 	GETCAP(CAP_TWICE_ANTENNAGAIN_2G);
409 
410 	GETCAP(CAP_CIPHER_AES_CCM);
411 	GETCAP(CAP_CIPHER_TKIP);
412 	GETCAP(CAP_MIC_TKIP);
413 	return 0;
414 }
415 
416 static int ar5523_set_ledsteady(struct ar5523 *ar, int lednum, int ledmode)
417 {
418 	struct ar5523_cmd_ledsteady led;
419 
420 	led.lednum = cpu_to_be32(lednum);
421 	led.ledmode = cpu_to_be32(ledmode);
422 
423 	ar5523_dbg(ar, "set %s led %s (steady)\n",
424 		   (lednum == UATH_LED_LINK) ? "link" : "activity",
425 		   ledmode ? "on" : "off");
426 	return ar5523_cmd_write(ar, WDCMSG_SET_LED_STEADY, &led, sizeof(led),
427 				 0);
428 }
429 
430 static int ar5523_set_rxfilter(struct ar5523 *ar, u32 bits, u32 op)
431 {
432 	struct ar5523_cmd_rx_filter rxfilter;
433 
434 	rxfilter.bits = cpu_to_be32(bits);
435 	rxfilter.op = cpu_to_be32(op);
436 
437 	ar5523_dbg(ar, "setting Rx filter=0x%x flags=0x%x\n", bits, op);
438 	return ar5523_cmd_write(ar, WDCMSG_RX_FILTER, &rxfilter,
439 				 sizeof(rxfilter), 0);
440 }
441 
442 static int ar5523_reset_tx_queues(struct ar5523 *ar)
443 {
444 	__be32 qid = cpu_to_be32(0);
445 
446 	ar5523_dbg(ar, "resetting Tx queue\n");
447 	return ar5523_cmd_write(ar, WDCMSG_RELEASE_TX_QUEUE,
448 				 &qid, sizeof(qid), 0);
449 }
450 
451 static int ar5523_set_chan(struct ar5523 *ar)
452 {
453 	struct ieee80211_conf *conf = &ar->hw->conf;
454 
455 	struct ar5523_cmd_reset reset;
456 
457 	memset(&reset, 0, sizeof(reset));
458 	reset.flags |= cpu_to_be32(UATH_CHAN_2GHZ);
459 	reset.flags |= cpu_to_be32(UATH_CHAN_OFDM);
460 	reset.freq = cpu_to_be32(conf->chandef.chan->center_freq);
461 	reset.maxrdpower = cpu_to_be32(50);	/* XXX */
462 	reset.channelchange = cpu_to_be32(1);
463 	reset.keeprccontent = cpu_to_be32(0);
464 
465 	ar5523_dbg(ar, "set chan flags 0x%x freq %d\n",
466 		   be32_to_cpu(reset.flags),
467 		   conf->chandef.chan->center_freq);
468 	return ar5523_cmd_write(ar, WDCMSG_RESET, &reset, sizeof(reset), 0);
469 }
470 
471 static int ar5523_queue_init(struct ar5523 *ar)
472 {
473 	struct ar5523_cmd_txq_setup qinfo;
474 
475 	ar5523_dbg(ar, "setting up Tx queue\n");
476 	qinfo.qid	     = cpu_to_be32(0);
477 	qinfo.len	     = cpu_to_be32(sizeof(qinfo.attr));
478 	qinfo.attr.priority  = cpu_to_be32(0);	/* XXX */
479 	qinfo.attr.aifs	     = cpu_to_be32(3);
480 	qinfo.attr.logcwmin  = cpu_to_be32(4);
481 	qinfo.attr.logcwmax  = cpu_to_be32(10);
482 	qinfo.attr.bursttime = cpu_to_be32(0);
483 	qinfo.attr.mode	     = cpu_to_be32(0);
484 	qinfo.attr.qflags    = cpu_to_be32(1);	/* XXX? */
485 	return ar5523_cmd_write(ar, WDCMSG_SETUP_TX_QUEUE, &qinfo,
486 				 sizeof(qinfo), 0);
487 }
488 
489 static int ar5523_switch_chan(struct ar5523 *ar)
490 {
491 	int error;
492 
493 	error = ar5523_set_chan(ar);
494 	if (error) {
495 		ar5523_err(ar, "could not set chan, error %d\n", error);
496 		goto out_err;
497 	}
498 
499 	/* reset Tx rings */
500 	error = ar5523_reset_tx_queues(ar);
501 	if (error) {
502 		ar5523_err(ar, "could not reset Tx queues, error %d\n",
503 			   error);
504 		goto out_err;
505 	}
506 	/* set Tx rings WME properties */
507 	error = ar5523_queue_init(ar);
508 	if (error)
509 		ar5523_err(ar, "could not init wme, error %d\n", error);
510 
511 out_err:
512 	return error;
513 }
514 
515 static void ar5523_rx_data_put(struct ar5523 *ar,
516 				struct ar5523_rx_data *data)
517 {
518 	unsigned long flags;
519 	spin_lock_irqsave(&ar->rx_data_list_lock, flags);
520 	list_move(&data->list, &ar->rx_data_free);
521 	spin_unlock_irqrestore(&ar->rx_data_list_lock, flags);
522 }
523 
524 static void ar5523_data_rx_cb(struct urb *urb)
525 {
526 	struct ar5523_rx_data *data = urb->context;
527 	struct ar5523 *ar = data->ar;
528 	struct ar5523_rx_desc *desc;
529 	struct ar5523_chunk *chunk;
530 	struct ieee80211_hw *hw = ar->hw;
531 	struct ieee80211_rx_status *rx_status;
532 	u32 rxlen;
533 	int usblen = urb->actual_length;
534 	int hdrlen, pad;
535 
536 	ar5523_dbg(ar, "%s\n", __func__);
537 	/* sync/async unlink faults aren't errors */
538 	if (urb->status) {
539 		if (urb->status != -ESHUTDOWN)
540 			ar5523_err(ar, "%s: USB err: %d\n", __func__,
541 				   urb->status);
542 		goto skip;
543 	}
544 
545 	if (usblen < AR5523_MIN_RXBUFSZ) {
546 		ar5523_err(ar, "RX: wrong xfer size (usblen=%d)\n", usblen);
547 		goto skip;
548 	}
549 
550 	chunk = (struct ar5523_chunk *) data->skb->data;
551 
552 	if (((chunk->flags & UATH_CFLAGS_FINAL) == 0) ||
553 		chunk->seqnum != 0) {
554 		ar5523_dbg(ar, "RX: No final flag. s: %d f: %02x l: %d\n",
555 			   chunk->seqnum, chunk->flags,
556 			   be16_to_cpu(chunk->length));
557 		goto skip;
558 	}
559 
560 	/* Rx descriptor is located at the end, 32-bit aligned */
561 	desc = (struct ar5523_rx_desc *)
562 		(data->skb->data + usblen - sizeof(struct ar5523_rx_desc));
563 
564 	rxlen = be32_to_cpu(desc->len);
565 	if (rxlen > ar->rxbufsz) {
566 		ar5523_dbg(ar, "RX: Bad descriptor (len=%d)\n",
567 			   be32_to_cpu(desc->len));
568 		goto skip;
569 	}
570 
571 	if (!rxlen) {
572 		ar5523_dbg(ar, "RX: rxlen is 0\n");
573 		goto skip;
574 	}
575 
576 	if (be32_to_cpu(desc->status) != 0) {
577 		ar5523_dbg(ar, "Bad RX status (0x%x len = %d). Skip\n",
578 			   be32_to_cpu(desc->status), be32_to_cpu(desc->len));
579 		goto skip;
580 	}
581 
582 	skb_reserve(data->skb, sizeof(*chunk));
583 	skb_put(data->skb, rxlen - sizeof(struct ar5523_rx_desc));
584 
585 	hdrlen = ieee80211_get_hdrlen_from_skb(data->skb);
586 	if (!IS_ALIGNED(hdrlen, 4)) {
587 		ar5523_dbg(ar, "eek, alignment workaround activated\n");
588 		pad = ALIGN(hdrlen, 4) - hdrlen;
589 		memmove(data->skb->data + pad, data->skb->data, hdrlen);
590 		skb_pull(data->skb, pad);
591 		skb_put(data->skb, pad);
592 	}
593 
594 	rx_status = IEEE80211_SKB_RXCB(data->skb);
595 	memset(rx_status, 0, sizeof(*rx_status));
596 	rx_status->freq = be32_to_cpu(desc->channel);
597 	rx_status->band = hw->conf.chandef.chan->band;
598 	rx_status->signal = -95 + be32_to_cpu(desc->rssi);
599 
600 	ieee80211_rx_irqsafe(hw, data->skb);
601 	data->skb = NULL;
602 
603 skip:
604 	if (data->skb) {
605 		dev_kfree_skb_irq(data->skb);
606 		data->skb = NULL;
607 	}
608 
609 	ar5523_rx_data_put(ar, data);
610 	if (atomic_inc_return(&ar->rx_data_free_cnt) >=
611 	    AR5523_RX_DATA_REFILL_COUNT &&
612 	    test_bit(AR5523_HW_UP, &ar->flags))
613 		queue_work(ar->wq, &ar->rx_refill_work);
614 }
615 
616 static void ar5523_rx_refill_work(struct work_struct *work)
617 {
618 	struct ar5523 *ar = container_of(work, struct ar5523, rx_refill_work);
619 	struct ar5523_rx_data *data;
620 	unsigned long flags;
621 	int error;
622 
623 	ar5523_dbg(ar, "%s\n", __func__);
624 	do {
625 		spin_lock_irqsave(&ar->rx_data_list_lock, flags);
626 
627 		if (!list_empty(&ar->rx_data_free))
628 			data = (struct ar5523_rx_data *) ar->rx_data_free.next;
629 		else
630 			data = NULL;
631 		spin_unlock_irqrestore(&ar->rx_data_list_lock, flags);
632 
633 		if (!data)
634 			goto done;
635 
636 		data->skb = alloc_skb(ar->rxbufsz, GFP_KERNEL);
637 		if (!data->skb) {
638 			ar5523_err(ar, "could not allocate rx skbuff\n");
639 			return;
640 		}
641 
642 		usb_fill_bulk_urb(data->urb, ar->dev,
643 				  ar5523_data_rx_pipe(ar->dev), data->skb->data,
644 				  ar->rxbufsz, ar5523_data_rx_cb, data);
645 
646 		spin_lock_irqsave(&ar->rx_data_list_lock, flags);
647 		list_move(&data->list, &ar->rx_data_used);
648 		spin_unlock_irqrestore(&ar->rx_data_list_lock, flags);
649 		atomic_dec(&ar->rx_data_free_cnt);
650 
651 		error = usb_submit_urb(data->urb, GFP_KERNEL);
652 		if (error) {
653 			kfree_skb(data->skb);
654 			if (error != -ENODEV)
655 				ar5523_err(ar, "Err sending rx data urb %d\n",
656 					   error);
657 			ar5523_rx_data_put(ar, data);
658 			atomic_inc(&ar->rx_data_free_cnt);
659 			return;
660 		}
661 
662 	} while (true);
663 done:
664 	return;
665 }
666 
667 static void ar5523_cancel_rx_bufs(struct ar5523 *ar)
668 {
669 	struct ar5523_rx_data *data;
670 	unsigned long flags;
671 
672 	do {
673 		spin_lock_irqsave(&ar->rx_data_list_lock, flags);
674 		if (!list_empty(&ar->rx_data_used))
675 			data = (struct ar5523_rx_data *) ar->rx_data_used.next;
676 		else
677 			data = NULL;
678 		spin_unlock_irqrestore(&ar->rx_data_list_lock, flags);
679 
680 		if (!data)
681 			break;
682 
683 		usb_kill_urb(data->urb);
684 		list_move(&data->list, &ar->rx_data_free);
685 		atomic_inc(&ar->rx_data_free_cnt);
686 	} while (data);
687 }
688 
689 static void ar5523_free_rx_bufs(struct ar5523 *ar)
690 {
691 	struct ar5523_rx_data *data;
692 
693 	ar5523_cancel_rx_bufs(ar);
694 	while (!list_empty(&ar->rx_data_free)) {
695 		data = (struct ar5523_rx_data *) ar->rx_data_free.next;
696 		list_del(&data->list);
697 		usb_free_urb(data->urb);
698 	}
699 }
700 
701 static int ar5523_alloc_rx_bufs(struct ar5523 *ar)
702 {
703 	int i;
704 
705 	for (i = 0; i < AR5523_RX_DATA_COUNT; i++) {
706 		struct ar5523_rx_data *data = &ar->rx_data[i];
707 
708 		data->ar = ar;
709 		data->urb = usb_alloc_urb(0, GFP_KERNEL);
710 		if (!data->urb) {
711 			ar5523_err(ar, "could not allocate rx data urb\n");
712 			goto err;
713 		}
714 		list_add_tail(&data->list, &ar->rx_data_free);
715 		atomic_inc(&ar->rx_data_free_cnt);
716 	}
717 	return 0;
718 
719 err:
720 	ar5523_free_rx_bufs(ar);
721 	return -ENOMEM;
722 }
723 
724 static void ar5523_data_tx_pkt_put(struct ar5523 *ar)
725 {
726 	atomic_dec(&ar->tx_nr_total);
727 	if (!atomic_dec_return(&ar->tx_nr_pending)) {
728 		del_timer(&ar->tx_wd_timer);
729 		wake_up(&ar->tx_flush_waitq);
730 	}
731 
732 	if (atomic_read(&ar->tx_nr_total) < AR5523_TX_DATA_RESTART_COUNT) {
733 		ar5523_dbg(ar, "restart tx queue\n");
734 		ieee80211_wake_queues(ar->hw);
735 	}
736 }
737 
738 static void ar5523_data_tx_cb(struct urb *urb)
739 {
740 	struct sk_buff *skb = urb->context;
741 	struct ieee80211_tx_info *txi = IEEE80211_SKB_CB(skb);
742 	struct ar5523_tx_data *data = (struct ar5523_tx_data *)
743 				       txi->driver_data;
744 	struct ar5523 *ar = data->ar;
745 	unsigned long flags;
746 
747 	ar5523_dbg(ar, "data tx urb completed: %d\n", urb->status);
748 
749 	spin_lock_irqsave(&ar->tx_data_list_lock, flags);
750 	list_del(&data->list);
751 	spin_unlock_irqrestore(&ar->tx_data_list_lock, flags);
752 
753 	if (urb->status) {
754 		ar5523_dbg(ar, "%s: urb status: %d\n", __func__, urb->status);
755 		ar5523_data_tx_pkt_put(ar);
756 		ieee80211_free_txskb(ar->hw, skb);
757 	} else {
758 		skb_pull(skb, sizeof(struct ar5523_tx_desc) + sizeof(__be32));
759 		ieee80211_tx_status_irqsafe(ar->hw, skb);
760 	}
761 	usb_free_urb(urb);
762 }
763 
764 static void ar5523_tx(struct ieee80211_hw *hw,
765 		       struct ieee80211_tx_control *control,
766 		       struct sk_buff *skb)
767 {
768 	struct ieee80211_tx_info *txi = IEEE80211_SKB_CB(skb);
769 	struct ar5523_tx_data *data = (struct ar5523_tx_data *)
770 					txi->driver_data;
771 	struct ar5523 *ar = hw->priv;
772 	unsigned long flags;
773 
774 	ar5523_dbg(ar, "tx called\n");
775 	if (atomic_inc_return(&ar->tx_nr_total) >= AR5523_TX_DATA_COUNT) {
776 		ar5523_dbg(ar, "tx queue full\n");
777 		ar5523_dbg(ar, "stop queues (tot %d pend %d)\n",
778 			   atomic_read(&ar->tx_nr_total),
779 			   atomic_read(&ar->tx_nr_pending));
780 		ieee80211_stop_queues(hw);
781 	}
782 
783 	data->skb = skb;
784 
785 	spin_lock_irqsave(&ar->tx_data_list_lock, flags);
786 	list_add_tail(&data->list, &ar->tx_queue_pending);
787 	spin_unlock_irqrestore(&ar->tx_data_list_lock, flags);
788 
789 	ieee80211_queue_work(ar->hw, &ar->tx_work);
790 }
791 
792 static void ar5523_tx_work_locked(struct ar5523 *ar)
793 {
794 	struct ar5523_tx_data *data;
795 	struct ar5523_tx_desc *desc;
796 	struct ar5523_chunk *chunk;
797 	struct ieee80211_tx_info *txi;
798 	struct urb *urb;
799 	struct sk_buff *skb;
800 	int error = 0, paylen;
801 	u32 txqid;
802 	unsigned long flags;
803 
804 	BUILD_BUG_ON(sizeof(struct ar5523_tx_data) >
805 		     IEEE80211_TX_INFO_DRIVER_DATA_SIZE);
806 
807 	ar5523_dbg(ar, "%s\n", __func__);
808 	do {
809 		spin_lock_irqsave(&ar->tx_data_list_lock, flags);
810 		if (!list_empty(&ar->tx_queue_pending)) {
811 			data = (struct ar5523_tx_data *)
812 				ar->tx_queue_pending.next;
813 			list_del(&data->list);
814 		} else
815 			data = NULL;
816 		spin_unlock_irqrestore(&ar->tx_data_list_lock, flags);
817 
818 		if (!data)
819 			break;
820 
821 		skb = data->skb;
822 		txqid = 0;
823 		txi = IEEE80211_SKB_CB(skb);
824 		paylen = skb->len;
825 		urb = usb_alloc_urb(0, GFP_KERNEL);
826 		if (!urb) {
827 			ar5523_err(ar, "Failed to allocate TX urb\n");
828 			ieee80211_free_txskb(ar->hw, skb);
829 			continue;
830 		}
831 
832 		data->ar = ar;
833 		data->urb = urb;
834 
835 		desc = (struct ar5523_tx_desc *)skb_push(skb, sizeof(*desc));
836 		chunk = (struct ar5523_chunk *)skb_push(skb, sizeof(*chunk));
837 
838 		chunk->seqnum = 0;
839 		chunk->flags = UATH_CFLAGS_FINAL;
840 		chunk->length = cpu_to_be16(skb->len);
841 
842 		desc->msglen = cpu_to_be32(skb->len);
843 		desc->msgid  = AR5523_DATA_ID;
844 		desc->buflen = cpu_to_be32(paylen);
845 		desc->type   = cpu_to_be32(WDCMSG_SEND);
846 		desc->flags  = cpu_to_be32(UATH_TX_NOTIFY);
847 
848 		if (test_bit(AR5523_CONNECTED, &ar->flags))
849 			desc->connid = cpu_to_be32(AR5523_ID_BSS);
850 		else
851 			desc->connid = cpu_to_be32(AR5523_ID_BROADCAST);
852 
853 		if (txi->flags & IEEE80211_TX_CTL_USE_MINRATE)
854 			txqid |= UATH_TXQID_MINRATE;
855 
856 		desc->txqid = cpu_to_be32(txqid);
857 
858 		urb->transfer_flags = URB_ZERO_PACKET;
859 		usb_fill_bulk_urb(urb, ar->dev, ar5523_data_tx_pipe(ar->dev),
860 				  skb->data, skb->len, ar5523_data_tx_cb, skb);
861 
862 		spin_lock_irqsave(&ar->tx_data_list_lock, flags);
863 		list_add_tail(&data->list, &ar->tx_queue_submitted);
864 		spin_unlock_irqrestore(&ar->tx_data_list_lock, flags);
865 		mod_timer(&ar->tx_wd_timer, jiffies + AR5523_TX_WD_TIMEOUT);
866 		atomic_inc(&ar->tx_nr_pending);
867 
868 		ar5523_dbg(ar, "TX Frame (%d pending)\n",
869 			   atomic_read(&ar->tx_nr_pending));
870 		error = usb_submit_urb(urb, GFP_KERNEL);
871 		if (error) {
872 			ar5523_err(ar, "error %d when submitting tx urb\n",
873 				   error);
874 			spin_lock_irqsave(&ar->tx_data_list_lock, flags);
875 			list_del(&data->list);
876 			spin_unlock_irqrestore(&ar->tx_data_list_lock, flags);
877 			atomic_dec(&ar->tx_nr_pending);
878 			ar5523_data_tx_pkt_put(ar);
879 			usb_free_urb(urb);
880 			ieee80211_free_txskb(ar->hw, skb);
881 		}
882 	} while (true);
883 }
884 
885 static void ar5523_tx_work(struct work_struct *work)
886 {
887 	struct ar5523 *ar = container_of(work, struct ar5523, tx_work);
888 
889 	ar5523_dbg(ar, "%s\n", __func__);
890 	mutex_lock(&ar->mutex);
891 	ar5523_tx_work_locked(ar);
892 	mutex_unlock(&ar->mutex);
893 }
894 
895 static void ar5523_tx_wd_timer(unsigned long arg)
896 {
897 	struct ar5523 *ar = (struct ar5523 *) arg;
898 
899 	ar5523_dbg(ar, "TX watchdog timer triggered\n");
900 	ieee80211_queue_work(ar->hw, &ar->tx_wd_work);
901 }
902 
903 static void ar5523_tx_wd_work(struct work_struct *work)
904 {
905 	struct ar5523 *ar = container_of(work, struct ar5523, tx_wd_work);
906 
907 	/* Occasionally the TX queues stop responding. The only way to
908 	 * recover seems to be to reset the dongle.
909 	 */
910 
911 	mutex_lock(&ar->mutex);
912 	ar5523_err(ar, "TX queue stuck (tot %d pend %d)\n",
913 		   atomic_read(&ar->tx_nr_total),
914 		   atomic_read(&ar->tx_nr_pending));
915 
916 	ar5523_err(ar, "Will restart dongle.\n");
917 	ar5523_cmd_write(ar, WDCMSG_TARGET_RESET, NULL, 0, 0);
918 	mutex_unlock(&ar->mutex);
919 }
920 
921 static void ar5523_flush_tx(struct ar5523 *ar)
922 {
923 	ar5523_tx_work_locked(ar);
924 
925 	/* Don't waste time trying to flush if USB is disconnected */
926 	if (test_bit(AR5523_USB_DISCONNECTED, &ar->flags))
927 		return;
928 	if (!wait_event_timeout(ar->tx_flush_waitq,
929 	    !atomic_read(&ar->tx_nr_pending), AR5523_FLUSH_TIMEOUT))
930 		ar5523_err(ar, "flush timeout (tot %d pend %d)\n",
931 			   atomic_read(&ar->tx_nr_total),
932 			   atomic_read(&ar->tx_nr_pending));
933 }
934 
935 static void ar5523_free_tx_cmd(struct ar5523 *ar)
936 {
937 	struct ar5523_tx_cmd *cmd = &ar->tx_cmd;
938 
939 	usb_free_coherent(ar->dev, AR5523_MAX_RXCMDSZ, cmd->buf_tx,
940 			  cmd->urb_tx->transfer_dma);
941 	usb_free_urb(cmd->urb_tx);
942 }
943 
944 static int ar5523_alloc_tx_cmd(struct ar5523 *ar)
945 {
946 	struct ar5523_tx_cmd *cmd = &ar->tx_cmd;
947 
948 	cmd->ar = ar;
949 	init_completion(&cmd->done);
950 
951 	cmd->urb_tx = usb_alloc_urb(0, GFP_KERNEL);
952 	if (!cmd->urb_tx) {
953 		ar5523_err(ar, "could not allocate urb\n");
954 		return -ENOMEM;
955 	}
956 	cmd->buf_tx = usb_alloc_coherent(ar->dev, AR5523_MAX_TXCMDSZ,
957 					 GFP_KERNEL,
958 					 &cmd->urb_tx->transfer_dma);
959 	if (!cmd->buf_tx) {
960 		usb_free_urb(cmd->urb_tx);
961 		return -ENOMEM;
962 	}
963 	return 0;
964 }
965 
966 /*
967  * This function is called periodically (every second) when associated to
968  * query device statistics.
969  */
970 static void ar5523_stat_work(struct work_struct *work)
971 {
972 	struct ar5523 *ar = container_of(work, struct ar5523, stat_work.work);
973 	int error;
974 
975 	ar5523_dbg(ar, "%s\n", __func__);
976 	mutex_lock(&ar->mutex);
977 
978 	/*
979 	 * Send request for statistics asynchronously once a second. This
980 	 * seems to be important. Throughput is a lot better if this is done.
981 	 */
982 	error = ar5523_cmd_write(ar, WDCMSG_TARGET_GET_STATS, NULL, 0, 0);
983 	if (error)
984 		ar5523_err(ar, "could not query stats, error %d\n", error);
985 	mutex_unlock(&ar->mutex);
986 	ieee80211_queue_delayed_work(ar->hw, &ar->stat_work, HZ);
987 }
988 
989 /*
990  * Interface routines to the mac80211 stack.
991  */
992 static int ar5523_start(struct ieee80211_hw *hw)
993 {
994 	struct ar5523 *ar = hw->priv;
995 	int error;
996 	__be32 val;
997 
998 	ar5523_dbg(ar, "start called\n");
999 
1000 	mutex_lock(&ar->mutex);
1001 	val = cpu_to_be32(0);
1002 	ar5523_cmd_write(ar, WDCMSG_BIND, &val, sizeof(val), 0);
1003 
1004 	/* set MAC address */
1005 	ar5523_config_multi(ar, CFG_MAC_ADDR, &ar->hw->wiphy->perm_addr,
1006 			    ETH_ALEN);
1007 
1008 	/* XXX honor net80211 state */
1009 	ar5523_config(ar, CFG_RATE_CONTROL_ENABLE, 0x00000001);
1010 	ar5523_config(ar, CFG_DIVERSITY_CTL, 0x00000001);
1011 	ar5523_config(ar, CFG_ABOLT, 0x0000003f);
1012 	ar5523_config(ar, CFG_WME_ENABLED, 0x00000000);
1013 
1014 	ar5523_config(ar, CFG_SERVICE_TYPE, 1);
1015 	ar5523_config(ar, CFG_TP_SCALE, 0x00000000);
1016 	ar5523_config(ar, CFG_TPC_HALF_DBM5, 0x0000003c);
1017 	ar5523_config(ar, CFG_TPC_HALF_DBM2, 0x0000003c);
1018 	ar5523_config(ar, CFG_OVERRD_TX_POWER, 0x00000000);
1019 	ar5523_config(ar, CFG_GMODE_PROTECTION, 0x00000000);
1020 	ar5523_config(ar, CFG_GMODE_PROTECT_RATE_INDEX, 0x00000003);
1021 	ar5523_config(ar, CFG_PROTECTION_TYPE, 0x00000000);
1022 	ar5523_config(ar, CFG_MODE_CTS, 0x00000002);
1023 
1024 	error = ar5523_cmd_read(ar, WDCMSG_TARGET_START, NULL, 0,
1025 	    &val, sizeof(val), AR5523_CMD_FLAG_MAGIC);
1026 	if (error) {
1027 		ar5523_dbg(ar, "could not start target, error %d\n", error);
1028 		goto err;
1029 	}
1030 	ar5523_dbg(ar, "WDCMSG_TARGET_START returns handle: 0x%x\n",
1031 		   be32_to_cpu(val));
1032 
1033 	ar5523_switch_chan(ar);
1034 
1035 	val = cpu_to_be32(TARGET_DEVICE_AWAKE);
1036 	ar5523_cmd_write(ar, WDCMSG_SET_PWR_MODE, &val, sizeof(val), 0);
1037 	/* XXX? check */
1038 	ar5523_cmd_write(ar, WDCMSG_RESET_KEY_CACHE, NULL, 0, 0);
1039 
1040 	set_bit(AR5523_HW_UP, &ar->flags);
1041 	queue_work(ar->wq, &ar->rx_refill_work);
1042 
1043 	/* enable Rx */
1044 	ar5523_set_rxfilter(ar, 0, UATH_FILTER_OP_INIT);
1045 	ar5523_set_rxfilter(ar,
1046 			    UATH_FILTER_RX_UCAST | UATH_FILTER_RX_MCAST |
1047 			    UATH_FILTER_RX_BCAST | UATH_FILTER_RX_BEACON,
1048 			    UATH_FILTER_OP_SET);
1049 
1050 	ar5523_set_ledsteady(ar, UATH_LED_ACTIVITY, UATH_LED_ON);
1051 	ar5523_dbg(ar, "start OK\n");
1052 
1053 err:
1054 	mutex_unlock(&ar->mutex);
1055 	return error;
1056 }
1057 
1058 static void ar5523_stop(struct ieee80211_hw *hw)
1059 {
1060 	struct ar5523 *ar = hw->priv;
1061 
1062 	ar5523_dbg(ar, "stop called\n");
1063 
1064 	cancel_delayed_work_sync(&ar->stat_work);
1065 	mutex_lock(&ar->mutex);
1066 	clear_bit(AR5523_HW_UP, &ar->flags);
1067 
1068 	ar5523_set_ledsteady(ar, UATH_LED_LINK, UATH_LED_OFF);
1069 	ar5523_set_ledsteady(ar, UATH_LED_ACTIVITY, UATH_LED_OFF);
1070 
1071 	ar5523_cmd_write(ar, WDCMSG_TARGET_STOP, NULL, 0, 0);
1072 
1073 	del_timer_sync(&ar->tx_wd_timer);
1074 	cancel_work_sync(&ar->tx_wd_work);
1075 	cancel_work_sync(&ar->rx_refill_work);
1076 	ar5523_cancel_rx_bufs(ar);
1077 	mutex_unlock(&ar->mutex);
1078 }
1079 
1080 static int ar5523_set_rts_threshold(struct ieee80211_hw *hw, u32 value)
1081 {
1082 	struct ar5523 *ar = hw->priv;
1083 	int ret;
1084 
1085 	ar5523_dbg(ar, "set_rts_threshold called\n");
1086 	mutex_lock(&ar->mutex);
1087 
1088 	ret = ar5523_config(ar, CFG_USER_RTS_THRESHOLD, value);
1089 
1090 	mutex_unlock(&ar->mutex);
1091 	return ret;
1092 }
1093 
1094 static void ar5523_flush(struct ieee80211_hw *hw, u32 queues, bool drop)
1095 {
1096 	struct ar5523 *ar = hw->priv;
1097 
1098 	ar5523_dbg(ar, "flush called\n");
1099 	ar5523_flush_tx(ar);
1100 }
1101 
1102 static int ar5523_add_interface(struct ieee80211_hw *hw,
1103 				struct ieee80211_vif *vif)
1104 {
1105 	struct ar5523 *ar = hw->priv;
1106 
1107 	ar5523_dbg(ar, "add interface called\n");
1108 
1109 	if (ar->vif) {
1110 		ar5523_dbg(ar, "invalid add_interface\n");
1111 		return -EOPNOTSUPP;
1112 	}
1113 
1114 	switch (vif->type) {
1115 	case NL80211_IFTYPE_STATION:
1116 		ar->vif = vif;
1117 		break;
1118 	default:
1119 		return -EOPNOTSUPP;
1120 	}
1121 	return 0;
1122 }
1123 
1124 static void ar5523_remove_interface(struct ieee80211_hw *hw,
1125 				    struct ieee80211_vif *vif)
1126 {
1127 	struct ar5523 *ar = hw->priv;
1128 
1129 	ar5523_dbg(ar, "remove interface called\n");
1130 	ar->vif = NULL;
1131 }
1132 
1133 static int ar5523_hwconfig(struct ieee80211_hw *hw, u32 changed)
1134 {
1135 	struct ar5523 *ar = hw->priv;
1136 
1137 	ar5523_dbg(ar, "config called\n");
1138 	mutex_lock(&ar->mutex);
1139 	if (changed & IEEE80211_CONF_CHANGE_CHANNEL) {
1140 		ar5523_dbg(ar, "Do channel switch\n");
1141 		ar5523_flush_tx(ar);
1142 		ar5523_switch_chan(ar);
1143 	}
1144 	mutex_unlock(&ar->mutex);
1145 	return 0;
1146 }
1147 
1148 static int ar5523_get_wlan_mode(struct ar5523 *ar,
1149 				struct ieee80211_bss_conf *bss_conf)
1150 {
1151 	struct ieee80211_supported_band *band;
1152 	int bit;
1153 	struct ieee80211_sta *sta;
1154 	u32 sta_rate_set;
1155 
1156 	band = ar->hw->wiphy->bands[ar->hw->conf.chandef.chan->band];
1157 	sta = ieee80211_find_sta(ar->vif, bss_conf->bssid);
1158 	if (!sta) {
1159 		ar5523_info(ar, "STA not found!\n");
1160 		return WLAN_MODE_11b;
1161 	}
1162 	sta_rate_set = sta->supp_rates[ar->hw->conf.chandef.chan->band];
1163 
1164 	for (bit = 0; bit < band->n_bitrates; bit++) {
1165 		if (sta_rate_set & 1) {
1166 			int rate = band->bitrates[bit].bitrate;
1167 			switch (rate) {
1168 			case 60:
1169 			case 90:
1170 			case 120:
1171 			case 180:
1172 			case 240:
1173 			case 360:
1174 			case 480:
1175 			case 540:
1176 				return WLAN_MODE_11g;
1177 			}
1178 		}
1179 		sta_rate_set >>= 1;
1180 	}
1181 	return WLAN_MODE_11b;
1182 }
1183 
1184 static void ar5523_create_rateset(struct ar5523 *ar,
1185 				  struct ieee80211_bss_conf *bss_conf,
1186 				  struct ar5523_cmd_rateset *rs,
1187 				  bool basic)
1188 {
1189 	struct ieee80211_supported_band *band;
1190 	struct ieee80211_sta *sta;
1191 	int bit, i = 0;
1192 	u32 sta_rate_set, basic_rate_set;
1193 
1194 	sta = ieee80211_find_sta(ar->vif, bss_conf->bssid);
1195 	basic_rate_set = bss_conf->basic_rates;
1196 	if (!sta) {
1197 		ar5523_info(ar, "STA not found. Cannot set rates\n");
1198 		sta_rate_set = bss_conf->basic_rates;
1199 	} else
1200 		sta_rate_set = sta->supp_rates[ar->hw->conf.chandef.chan->band];
1201 
1202 	ar5523_dbg(ar, "sta rate_set = %08x\n", sta_rate_set);
1203 
1204 	band = ar->hw->wiphy->bands[ar->hw->conf.chandef.chan->band];
1205 	for (bit = 0; bit < band->n_bitrates; bit++) {
1206 		BUG_ON(i >= AR5523_MAX_NRATES);
1207 		ar5523_dbg(ar, "Considering rate %d : %d\n",
1208 			   band->bitrates[bit].hw_value, sta_rate_set & 1);
1209 		if (sta_rate_set & 1) {
1210 			rs->set[i] = band->bitrates[bit].hw_value;
1211 			if (basic_rate_set & 1 && basic)
1212 				rs->set[i] |= 0x80;
1213 			i++;
1214 		}
1215 		sta_rate_set >>= 1;
1216 		basic_rate_set >>= 1;
1217 	}
1218 
1219 	rs->length = i;
1220 }
1221 
1222 static int ar5523_set_basic_rates(struct ar5523 *ar,
1223 				  struct ieee80211_bss_conf *bss)
1224 {
1225 	struct ar5523_cmd_rates rates;
1226 
1227 	memset(&rates, 0, sizeof(rates));
1228 	rates.connid = cpu_to_be32(2);		/* XXX */
1229 	rates.size   = cpu_to_be32(sizeof(struct ar5523_cmd_rateset));
1230 	ar5523_create_rateset(ar, bss, &rates.rateset, true);
1231 
1232 	return ar5523_cmd_write(ar, WDCMSG_SET_BASIC_RATE, &rates,
1233 				sizeof(rates), 0);
1234 }
1235 
1236 static int ar5523_create_connection(struct ar5523 *ar,
1237 				    struct ieee80211_vif *vif,
1238 				    struct ieee80211_bss_conf *bss)
1239 {
1240 	struct ar5523_cmd_create_connection create;
1241 	int wlan_mode;
1242 
1243 	memset(&create, 0, sizeof(create));
1244 	create.connid = cpu_to_be32(2);
1245 	create.bssid = cpu_to_be32(0);
1246 	/* XXX packed or not?  */
1247 	create.size = cpu_to_be32(sizeof(struct ar5523_cmd_rateset));
1248 
1249 	ar5523_create_rateset(ar, bss, &create.connattr.rateset, false);
1250 
1251 	wlan_mode = ar5523_get_wlan_mode(ar, bss);
1252 	create.connattr.wlanmode = cpu_to_be32(wlan_mode);
1253 
1254 	return ar5523_cmd_write(ar, WDCMSG_CREATE_CONNECTION, &create,
1255 				sizeof(create), 0);
1256 }
1257 
1258 static int ar5523_write_associd(struct ar5523 *ar,
1259 				struct ieee80211_bss_conf *bss)
1260 {
1261 	struct ar5523_cmd_set_associd associd;
1262 
1263 	memset(&associd, 0, sizeof(associd));
1264 	associd.defaultrateix = cpu_to_be32(0);	/* XXX */
1265 	associd.associd = cpu_to_be32(bss->aid);
1266 	associd.timoffset = cpu_to_be32(0x3b);	/* XXX */
1267 	memcpy(associd.bssid, bss->bssid, ETH_ALEN);
1268 	return ar5523_cmd_write(ar, WDCMSG_WRITE_ASSOCID, &associd,
1269 				sizeof(associd), 0);
1270 }
1271 
1272 static void ar5523_bss_info_changed(struct ieee80211_hw *hw,
1273 				    struct ieee80211_vif *vif,
1274 				    struct ieee80211_bss_conf *bss,
1275 				    u32 changed)
1276 {
1277 	struct ar5523 *ar = hw->priv;
1278 	int error;
1279 
1280 	ar5523_dbg(ar, "bss_info_changed called\n");
1281 	mutex_lock(&ar->mutex);
1282 
1283 	if (!(changed & BSS_CHANGED_ASSOC))
1284 		goto out_unlock;
1285 
1286 	if (bss->assoc) {
1287 		error = ar5523_create_connection(ar, vif, bss);
1288 		if (error) {
1289 			ar5523_err(ar, "could not create connection\n");
1290 			goto out_unlock;
1291 		}
1292 
1293 		error = ar5523_set_basic_rates(ar, bss);
1294 		if (error) {
1295 			ar5523_err(ar, "could not set negotiated rate set\n");
1296 			goto out_unlock;
1297 		}
1298 
1299 		error = ar5523_write_associd(ar, bss);
1300 		if (error) {
1301 			ar5523_err(ar, "could not set association\n");
1302 			goto out_unlock;
1303 		}
1304 
1305 		/* turn link LED on */
1306 		ar5523_set_ledsteady(ar, UATH_LED_LINK, UATH_LED_ON);
1307 		set_bit(AR5523_CONNECTED, &ar->flags);
1308 		ieee80211_queue_delayed_work(hw, &ar->stat_work, HZ);
1309 
1310 	} else {
1311 		cancel_delayed_work(&ar->stat_work);
1312 		clear_bit(AR5523_CONNECTED, &ar->flags);
1313 		ar5523_set_ledsteady(ar, UATH_LED_LINK, UATH_LED_OFF);
1314 	}
1315 
1316 out_unlock:
1317 	mutex_unlock(&ar->mutex);
1318 
1319 }
1320 
1321 #define AR5523_SUPPORTED_FILTERS (FIF_PROMISC_IN_BSS | \
1322 				  FIF_ALLMULTI | \
1323 				  FIF_FCSFAIL | \
1324 				  FIF_OTHER_BSS)
1325 
1326 static void ar5523_configure_filter(struct ieee80211_hw *hw,
1327 				    unsigned int changed_flags,
1328 				    unsigned int *total_flags,
1329 				    u64 multicast)
1330 {
1331 	struct ar5523 *ar = hw->priv;
1332 	u32 filter = 0;
1333 
1334 	ar5523_dbg(ar, "configure_filter called\n");
1335 	mutex_lock(&ar->mutex);
1336 	ar5523_flush_tx(ar);
1337 
1338 	*total_flags &= AR5523_SUPPORTED_FILTERS;
1339 
1340 	/* The filters seems strange. UATH_FILTER_RX_BCAST and
1341 	 * UATH_FILTER_RX_MCAST does not result in those frames being RXed.
1342 	 * The only way I have found to get [mb]cast frames seems to be
1343 	 * to set UATH_FILTER_RX_PROM. */
1344 	filter |= UATH_FILTER_RX_UCAST | UATH_FILTER_RX_MCAST |
1345 		  UATH_FILTER_RX_BCAST | UATH_FILTER_RX_BEACON |
1346 		  UATH_FILTER_RX_PROM;
1347 
1348 	ar5523_set_rxfilter(ar, 0, UATH_FILTER_OP_INIT);
1349 	ar5523_set_rxfilter(ar, filter, UATH_FILTER_OP_SET);
1350 
1351 	mutex_unlock(&ar->mutex);
1352 }
1353 
1354 static const struct ieee80211_ops ar5523_ops = {
1355 	.start			= ar5523_start,
1356 	.stop			= ar5523_stop,
1357 	.tx			= ar5523_tx,
1358 	.set_rts_threshold	= ar5523_set_rts_threshold,
1359 	.add_interface		= ar5523_add_interface,
1360 	.remove_interface	= ar5523_remove_interface,
1361 	.config			= ar5523_hwconfig,
1362 	.bss_info_changed	= ar5523_bss_info_changed,
1363 	.configure_filter	= ar5523_configure_filter,
1364 	.flush			= ar5523_flush,
1365 };
1366 
1367 static int ar5523_host_available(struct ar5523 *ar)
1368 {
1369 	struct ar5523_cmd_host_available setup;
1370 
1371 	/* inform target the host is available */
1372 	setup.sw_ver_major = cpu_to_be32(ATH_SW_VER_MAJOR);
1373 	setup.sw_ver_minor = cpu_to_be32(ATH_SW_VER_MINOR);
1374 	setup.sw_ver_patch = cpu_to_be32(ATH_SW_VER_PATCH);
1375 	setup.sw_ver_build = cpu_to_be32(ATH_SW_VER_BUILD);
1376 	return ar5523_cmd_read(ar, WDCMSG_HOST_AVAILABLE,
1377 			       &setup, sizeof(setup), NULL, 0, 0);
1378 }
1379 
1380 static int ar5523_get_devstatus(struct ar5523 *ar)
1381 {
1382 	u8 macaddr[ETH_ALEN];
1383 	int error;
1384 
1385 	/* retrieve MAC address */
1386 	error = ar5523_get_status(ar, ST_MAC_ADDR, macaddr, ETH_ALEN);
1387 	if (error) {
1388 		ar5523_err(ar, "could not read MAC address\n");
1389 		return error;
1390 	}
1391 
1392 	SET_IEEE80211_PERM_ADDR(ar->hw, macaddr);
1393 
1394 	error = ar5523_get_status(ar, ST_SERIAL_NUMBER,
1395 	    &ar->serial[0], sizeof(ar->serial));
1396 	if (error) {
1397 		ar5523_err(ar, "could not read device serial number\n");
1398 		return error;
1399 	}
1400 	return 0;
1401 }
1402 
1403 #define AR5523_SANE_RXBUFSZ 2000
1404 
1405 static int ar5523_get_max_rxsz(struct ar5523 *ar)
1406 {
1407 	int error;
1408 	__be32 rxsize;
1409 
1410 	/* Get max rx size */
1411 	error = ar5523_get_status(ar, ST_WDC_TRANSPORT_CHUNK_SIZE, &rxsize,
1412 				  sizeof(rxsize));
1413 	if (error != 0) {
1414 		ar5523_err(ar, "could not read max RX size\n");
1415 		return error;
1416 	}
1417 
1418 	ar->rxbufsz = be32_to_cpu(rxsize);
1419 
1420 	if (!ar->rxbufsz || ar->rxbufsz > AR5523_SANE_RXBUFSZ) {
1421 		ar5523_err(ar, "Bad rxbufsz from device. Using %d instead\n",
1422 			   AR5523_SANE_RXBUFSZ);
1423 		ar->rxbufsz = AR5523_SANE_RXBUFSZ;
1424 	}
1425 
1426 	ar5523_dbg(ar, "Max RX buf size: %d\n", ar->rxbufsz);
1427 	return 0;
1428 }
1429 
1430 /*
1431  * This is copied from rtl818x, but we should probably move this
1432  * to common code as in OpenBSD.
1433  */
1434 static const struct ieee80211_rate ar5523_rates[] = {
1435 	{ .bitrate = 10, .hw_value = 2, },
1436 	{ .bitrate = 20, .hw_value = 4 },
1437 	{ .bitrate = 55, .hw_value = 11, },
1438 	{ .bitrate = 110, .hw_value = 22, },
1439 	{ .bitrate = 60, .hw_value = 12, },
1440 	{ .bitrate = 90, .hw_value = 18, },
1441 	{ .bitrate = 120, .hw_value = 24, },
1442 	{ .bitrate = 180, .hw_value = 36, },
1443 	{ .bitrate = 240, .hw_value = 48, },
1444 	{ .bitrate = 360, .hw_value = 72, },
1445 	{ .bitrate = 480, .hw_value = 96, },
1446 	{ .bitrate = 540, .hw_value = 108, },
1447 };
1448 
1449 static const struct ieee80211_channel ar5523_channels[] = {
1450 	{ .center_freq = 2412 },
1451 	{ .center_freq = 2417 },
1452 	{ .center_freq = 2422 },
1453 	{ .center_freq = 2427 },
1454 	{ .center_freq = 2432 },
1455 	{ .center_freq = 2437 },
1456 	{ .center_freq = 2442 },
1457 	{ .center_freq = 2447 },
1458 	{ .center_freq = 2452 },
1459 	{ .center_freq = 2457 },
1460 	{ .center_freq = 2462 },
1461 	{ .center_freq = 2467 },
1462 	{ .center_freq = 2472 },
1463 	{ .center_freq = 2484 },
1464 };
1465 
1466 static int ar5523_init_modes(struct ar5523 *ar)
1467 {
1468 	BUILD_BUG_ON(sizeof(ar->channels) != sizeof(ar5523_channels));
1469 	BUILD_BUG_ON(sizeof(ar->rates) != sizeof(ar5523_rates));
1470 
1471 	memcpy(ar->channels, ar5523_channels, sizeof(ar5523_channels));
1472 	memcpy(ar->rates, ar5523_rates, sizeof(ar5523_rates));
1473 
1474 	ar->band.band = IEEE80211_BAND_2GHZ;
1475 	ar->band.channels = ar->channels;
1476 	ar->band.n_channels = ARRAY_SIZE(ar5523_channels);
1477 	ar->band.bitrates = ar->rates;
1478 	ar->band.n_bitrates = ARRAY_SIZE(ar5523_rates);
1479 	ar->hw->wiphy->bands[IEEE80211_BAND_2GHZ] = &ar->band;
1480 	return 0;
1481 }
1482 
1483 /*
1484  * Load the MIPS R4000 microcode into the device.  Once the image is loaded,
1485  * the device will detach itself from the bus and reattach later with a new
1486  * product Id (a la ezusb).
1487  */
1488 static int ar5523_load_firmware(struct usb_device *dev)
1489 {
1490 	struct ar5523_fwblock *txblock, *rxblock;
1491 	const struct firmware *fw;
1492 	void *fwbuf;
1493 	int len, offset;
1494 	int foolen; /* XXX(hch): handle short transfers */
1495 	int error = -ENXIO;
1496 
1497 	if (request_firmware(&fw, AR5523_FIRMWARE_FILE, &dev->dev)) {
1498 		dev_err(&dev->dev, "no firmware found: %s\n",
1499 			AR5523_FIRMWARE_FILE);
1500 		return -ENOENT;
1501 	}
1502 
1503 	txblock = kmalloc(sizeof(*txblock), GFP_KERNEL);
1504 	if (!txblock)
1505 		goto out;
1506 
1507 	rxblock = kmalloc(sizeof(*rxblock), GFP_KERNEL);
1508 	if (!rxblock)
1509 		goto out_free_txblock;
1510 
1511 	fwbuf = kmalloc(AR5523_MAX_FWBLOCK_SIZE, GFP_KERNEL);
1512 	if (!fwbuf)
1513 		goto out_free_rxblock;
1514 
1515 	memset(txblock, 0, sizeof(struct ar5523_fwblock));
1516 	txblock->flags = cpu_to_be32(AR5523_WRITE_BLOCK);
1517 	txblock->total = cpu_to_be32(fw->size);
1518 
1519 	offset = 0;
1520 	len = fw->size;
1521 	while (len > 0) {
1522 		int mlen = min(len, AR5523_MAX_FWBLOCK_SIZE);
1523 
1524 		txblock->remain = cpu_to_be32(len - mlen);
1525 		txblock->len = cpu_to_be32(mlen);
1526 
1527 		/* send firmware block meta-data */
1528 		error = usb_bulk_msg(dev, ar5523_cmd_tx_pipe(dev),
1529 				     txblock, sizeof(*txblock), &foolen,
1530 				     AR5523_CMD_TIMEOUT);
1531 		if (error) {
1532 			dev_err(&dev->dev,
1533 				"could not send firmware block info\n");
1534 			goto out_free_fwbuf;
1535 		}
1536 
1537 		/* send firmware block data */
1538 		memcpy(fwbuf, fw->data + offset, mlen);
1539 		error = usb_bulk_msg(dev, ar5523_data_tx_pipe(dev),
1540 				     fwbuf, mlen, &foolen,
1541 				     AR5523_DATA_TIMEOUT);
1542 		if (error) {
1543 			dev_err(&dev->dev,
1544 				"could not send firmware block data\n");
1545 			goto out_free_fwbuf;
1546 		}
1547 
1548 		/* wait for ack from firmware */
1549 		error = usb_bulk_msg(dev, ar5523_cmd_rx_pipe(dev),
1550 				     rxblock, sizeof(*rxblock), &foolen,
1551 				     AR5523_CMD_TIMEOUT);
1552 		if (error) {
1553 			dev_err(&dev->dev,
1554 				"could not read firmware answer\n");
1555 			goto out_free_fwbuf;
1556 		}
1557 
1558 		len -= mlen;
1559 		offset += mlen;
1560 	}
1561 
1562 	/*
1563 	 * Set the error to -ENXIO to make sure we continue probing for
1564 	 * a driver.
1565 	 */
1566 	error = -ENXIO;
1567 
1568  out_free_fwbuf:
1569 	kfree(fwbuf);
1570  out_free_rxblock:
1571 	kfree(rxblock);
1572  out_free_txblock:
1573 	kfree(txblock);
1574  out:
1575 	release_firmware(fw);
1576 	return error;
1577 }
1578 
1579 static int ar5523_probe(struct usb_interface *intf,
1580 			const struct usb_device_id *id)
1581 {
1582 	struct usb_device *dev = interface_to_usbdev(intf);
1583 	struct ieee80211_hw *hw;
1584 	struct ar5523 *ar;
1585 	int error = -ENOMEM;
1586 
1587 	/*
1588 	 * Load firmware if the device requires it.  This will return
1589 	 * -ENXIO on success and we'll get called back afer the usb
1590 	 * id changes to indicate that the firmware is present.
1591 	 */
1592 	if (id->driver_info & AR5523_FLAG_PRE_FIRMWARE)
1593 		return ar5523_load_firmware(dev);
1594 
1595 
1596 	hw = ieee80211_alloc_hw(sizeof(*ar), &ar5523_ops);
1597 	if (!hw)
1598 		goto out;
1599 	SET_IEEE80211_DEV(hw, &intf->dev);
1600 
1601 	ar = hw->priv;
1602 	ar->hw = hw;
1603 	ar->dev = dev;
1604 	mutex_init(&ar->mutex);
1605 
1606 	INIT_DELAYED_WORK(&ar->stat_work, ar5523_stat_work);
1607 	init_timer(&ar->tx_wd_timer);
1608 	setup_timer(&ar->tx_wd_timer, ar5523_tx_wd_timer, (unsigned long) ar);
1609 	INIT_WORK(&ar->tx_wd_work, ar5523_tx_wd_work);
1610 	INIT_WORK(&ar->tx_work, ar5523_tx_work);
1611 	INIT_LIST_HEAD(&ar->tx_queue_pending);
1612 	INIT_LIST_HEAD(&ar->tx_queue_submitted);
1613 	spin_lock_init(&ar->tx_data_list_lock);
1614 	atomic_set(&ar->tx_nr_total, 0);
1615 	atomic_set(&ar->tx_nr_pending, 0);
1616 	init_waitqueue_head(&ar->tx_flush_waitq);
1617 
1618 	atomic_set(&ar->rx_data_free_cnt, 0);
1619 	INIT_WORK(&ar->rx_refill_work, ar5523_rx_refill_work);
1620 	INIT_LIST_HEAD(&ar->rx_data_free);
1621 	INIT_LIST_HEAD(&ar->rx_data_used);
1622 	spin_lock_init(&ar->rx_data_list_lock);
1623 
1624 	ar->wq = create_singlethread_workqueue("ar5523");
1625 	if (!ar->wq) {
1626 		ar5523_err(ar, "Could not create wq\n");
1627 		goto out_free_ar;
1628 	}
1629 
1630 	error = ar5523_alloc_rx_bufs(ar);
1631 	if (error) {
1632 		ar5523_err(ar, "Could not allocate rx buffers\n");
1633 		goto out_free_wq;
1634 	}
1635 
1636 	error = ar5523_alloc_rx_cmd(ar);
1637 	if (error) {
1638 		ar5523_err(ar, "Could not allocate rx command buffers\n");
1639 		goto out_free_rx_bufs;
1640 	}
1641 
1642 	error = ar5523_alloc_tx_cmd(ar);
1643 	if (error) {
1644 		ar5523_err(ar, "Could not allocate tx command buffers\n");
1645 		goto out_free_rx_cmd;
1646 	}
1647 
1648 	error = ar5523_submit_rx_cmd(ar);
1649 	if (error) {
1650 		ar5523_err(ar, "Failed to submit rx cmd\n");
1651 		goto out_free_tx_cmd;
1652 	}
1653 
1654 	/*
1655 	 * We're now ready to send/receive firmware commands.
1656 	 */
1657 	error = ar5523_host_available(ar);
1658 	if (error) {
1659 		ar5523_err(ar, "could not initialize adapter\n");
1660 		goto out_cancel_rx_cmd;
1661 	}
1662 
1663 	error = ar5523_get_max_rxsz(ar);
1664 	if (error) {
1665 		ar5523_err(ar, "could not get caps from adapter\n");
1666 		goto out_cancel_rx_cmd;
1667 	}
1668 
1669 	error = ar5523_get_devcap(ar);
1670 	if (error) {
1671 		ar5523_err(ar, "could not get caps from adapter\n");
1672 		goto out_cancel_rx_cmd;
1673 	}
1674 
1675 	error = ar5523_get_devstatus(ar);
1676 	if (error != 0) {
1677 		ar5523_err(ar, "could not get device status\n");
1678 		goto out_cancel_rx_cmd;
1679 	}
1680 
1681 	ar5523_info(ar, "MAC/BBP AR5523, RF AR%c112\n",
1682 			(id->driver_info & AR5523_FLAG_ABG) ? '5' : '2');
1683 
1684 	ar->vif = NULL;
1685 	hw->flags = IEEE80211_HW_RX_INCLUDES_FCS |
1686 		    IEEE80211_HW_SIGNAL_DBM |
1687 		    IEEE80211_HW_HAS_RATE_CONTROL;
1688 	hw->extra_tx_headroom = sizeof(struct ar5523_tx_desc) +
1689 				sizeof(struct ar5523_chunk);
1690 	hw->wiphy->interface_modes = BIT(NL80211_IFTYPE_STATION);
1691 	hw->queues = 1;
1692 
1693 	error = ar5523_init_modes(ar);
1694 	if (error)
1695 		goto out_cancel_rx_cmd;
1696 
1697 	usb_set_intfdata(intf, hw);
1698 
1699 	error = ieee80211_register_hw(hw);
1700 	if (error) {
1701 		ar5523_err(ar, "could not register device\n");
1702 		goto out_cancel_rx_cmd;
1703 	}
1704 
1705 	ar5523_info(ar, "Found and initialized AR5523 device\n");
1706 	return 0;
1707 
1708 out_cancel_rx_cmd:
1709 	ar5523_cancel_rx_cmd(ar);
1710 out_free_tx_cmd:
1711 	ar5523_free_tx_cmd(ar);
1712 out_free_rx_cmd:
1713 	ar5523_free_rx_cmd(ar);
1714 out_free_rx_bufs:
1715 	ar5523_free_rx_bufs(ar);
1716 out_free_wq:
1717 	destroy_workqueue(ar->wq);
1718 out_free_ar:
1719 	ieee80211_free_hw(hw);
1720 out:
1721 	return error;
1722 }
1723 
1724 static void ar5523_disconnect(struct usb_interface *intf)
1725 {
1726 	struct ieee80211_hw *hw = usb_get_intfdata(intf);
1727 	struct ar5523 *ar = hw->priv;
1728 
1729 	ar5523_dbg(ar, "detaching\n");
1730 	set_bit(AR5523_USB_DISCONNECTED, &ar->flags);
1731 
1732 	ieee80211_unregister_hw(hw);
1733 
1734 	ar5523_cancel_rx_cmd(ar);
1735 	ar5523_free_tx_cmd(ar);
1736 	ar5523_free_rx_cmd(ar);
1737 	ar5523_free_rx_bufs(ar);
1738 
1739 	destroy_workqueue(ar->wq);
1740 
1741 	ieee80211_free_hw(hw);
1742 	usb_set_intfdata(intf, NULL);
1743 }
1744 
1745 #define AR5523_DEVICE_UG(vendor, device) \
1746 	{ USB_DEVICE((vendor), (device)) }, \
1747 	{ USB_DEVICE((vendor), (device) + 1), \
1748 		.driver_info = AR5523_FLAG_PRE_FIRMWARE }
1749 #define AR5523_DEVICE_UX(vendor, device) \
1750 	{ USB_DEVICE((vendor), (device)), \
1751 		.driver_info = AR5523_FLAG_ABG }, \
1752 	{ USB_DEVICE((vendor), (device) + 1), \
1753 		.driver_info = AR5523_FLAG_ABG|AR5523_FLAG_PRE_FIRMWARE }
1754 
1755 static struct usb_device_id ar5523_id_table[] = {
1756 	AR5523_DEVICE_UG(0x168c, 0x0001),	/* Atheros / AR5523 */
1757 	AR5523_DEVICE_UG(0x0cf3, 0x0001),	/* Atheros2 / AR5523_1 */
1758 	AR5523_DEVICE_UG(0x0cf3, 0x0003),	/* Atheros2 / AR5523_2 */
1759 	AR5523_DEVICE_UX(0x0cf3, 0x0005),	/* Atheros2 / AR5523_3 */
1760 	AR5523_DEVICE_UG(0x0d8e, 0x7801),	/* Conceptronic / AR5523_1 */
1761 	AR5523_DEVICE_UX(0x0d8e, 0x7811),	/* Conceptronic / AR5523_2 */
1762 	AR5523_DEVICE_UX(0x2001, 0x3a00),	/* Dlink / DWLAG132 */
1763 	AR5523_DEVICE_UG(0x2001, 0x3a02),	/* Dlink / DWLG132 */
1764 	AR5523_DEVICE_UX(0x2001, 0x3a04),	/* Dlink / DWLAG122 */
1765 	AR5523_DEVICE_UG(0x07d1, 0x3a07),	/* D-Link / WUA-2340 rev A1 */
1766 	AR5523_DEVICE_UG(0x1690, 0x0712),	/* Gigaset / AR5523 */
1767 	AR5523_DEVICE_UG(0x1690, 0x0710),	/* Gigaset / SMCWUSBTG */
1768 	AR5523_DEVICE_UG(0x129b, 0x160c),	/* Gigaset / USB stick 108
1769 						   (CyberTAN Technology) */
1770 	AR5523_DEVICE_UG(0x16ab, 0x7801),	/* Globalsun / AR5523_1 */
1771 	AR5523_DEVICE_UX(0x16ab, 0x7811),	/* Globalsun / AR5523_2 */
1772 	AR5523_DEVICE_UG(0x0d8e, 0x7802),	/* Globalsun / AR5523_3 */
1773 	AR5523_DEVICE_UX(0x0846, 0x4300),	/* Netgear / WG111U */
1774 	AR5523_DEVICE_UG(0x0846, 0x4250),	/* Netgear / WG111T */
1775 	AR5523_DEVICE_UG(0x0846, 0x5f00),	/* Netgear / WPN111 */
1776 	AR5523_DEVICE_UG(0x157e, 0x3006),	/* Umedia / AR5523_1 */
1777 	AR5523_DEVICE_UX(0x157e, 0x3205),	/* Umedia / AR5523_2 */
1778 	AR5523_DEVICE_UG(0x157e, 0x3006),	/* Umedia / TEW444UBEU */
1779 	AR5523_DEVICE_UG(0x1435, 0x0826),	/* Wistronneweb / AR5523_1 */
1780 	AR5523_DEVICE_UX(0x1435, 0x0828),	/* Wistronneweb / AR5523_2 */
1781 	AR5523_DEVICE_UG(0x0cde, 0x0012),	/* Zcom / AR5523 */
1782 	AR5523_DEVICE_UG(0x1385, 0x4250),	/* Netgear3 / WG111T (2) */
1783 	AR5523_DEVICE_UG(0x1385, 0x5f00),	/* Netgear / WPN111 */
1784 	AR5523_DEVICE_UG(0x1385, 0x5f02),	/* Netgear / WPN111 */
1785 	{ }
1786 };
1787 MODULE_DEVICE_TABLE(usb, ar5523_id_table);
1788 
1789 static struct usb_driver ar5523_driver = {
1790 	.name		= "ar5523",
1791 	.id_table	= ar5523_id_table,
1792 	.probe		= ar5523_probe,
1793 	.disconnect	= ar5523_disconnect,
1794 };
1795 
1796 module_usb_driver(ar5523_driver);
1797 
1798 MODULE_LICENSE("Dual BSD/GPL");
1799 MODULE_FIRMWARE(AR5523_FIRMWARE_FILE);
1800