1 /*
2  * Copyright (c) 2010-2011 Atheros Communications Inc.
3  *
4  * Permission to use, copy, modify, and/or distribute this software for any
5  * purpose with or without fee is hereby granted, provided that the above
6  * copyright notice and this permission notice appear in all copies.
7  *
8  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15  */
16 
17 #include <asm/unaligned.h>
18 #include "htc.h"
19 
20 MODULE_FIRMWARE(HTC_7010_MODULE_FW);
21 MODULE_FIRMWARE(HTC_9271_MODULE_FW);
22 
23 static struct usb_device_id ath9k_hif_usb_ids[] = {
24 	{ USB_DEVICE(0x0cf3, 0x9271) }, /* Atheros */
25 	{ USB_DEVICE(0x0cf3, 0x1006) }, /* Atheros */
26 	{ USB_DEVICE(0x0846, 0x9030) }, /* Netgear N150 */
27 	{ USB_DEVICE(0x07D1, 0x3A10) }, /* Dlink Wireless 150 */
28 	{ USB_DEVICE(0x13D3, 0x3327) }, /* Azurewave */
29 	{ USB_DEVICE(0x13D3, 0x3328) }, /* Azurewave */
30 	{ USB_DEVICE(0x13D3, 0x3346) }, /* IMC Networks */
31 	{ USB_DEVICE(0x13D3, 0x3348) }, /* Azurewave */
32 	{ USB_DEVICE(0x13D3, 0x3349) }, /* Azurewave */
33 	{ USB_DEVICE(0x13D3, 0x3350) }, /* Azurewave */
34 	{ USB_DEVICE(0x04CA, 0x4605) }, /* Liteon */
35 	{ USB_DEVICE(0x040D, 0x3801) }, /* VIA */
36 	{ USB_DEVICE(0x0cf3, 0xb003) }, /* Ubiquiti WifiStation Ext */
37 	{ USB_DEVICE(0x0cf3, 0xb002) }, /* Ubiquiti WifiStation */
38 	{ USB_DEVICE(0x057c, 0x8403) }, /* AVM FRITZ!WLAN 11N v2 USB */
39 	{ USB_DEVICE(0x0471, 0x209e) }, /* Philips (or NXP) PTA01 */
40 	{ USB_DEVICE(0x1eda, 0x2315) }, /* AirTies */
41 
42 	{ USB_DEVICE(0x0cf3, 0x7015),
43 	  .driver_info = AR9287_USB },  /* Atheros */
44 	{ USB_DEVICE(0x1668, 0x1200),
45 	  .driver_info = AR9287_USB },  /* Verizon */
46 
47 	{ USB_DEVICE(0x0cf3, 0x7010),
48 	  .driver_info = AR9280_USB },  /* Atheros */
49 	{ USB_DEVICE(0x0846, 0x9018),
50 	  .driver_info = AR9280_USB },  /* Netgear WNDA3200 */
51 	{ USB_DEVICE(0x083A, 0xA704),
52 	  .driver_info = AR9280_USB },  /* SMC Networks */
53 	{ USB_DEVICE(0x0411, 0x017f),
54 	  .driver_info = AR9280_USB },  /* Sony UWA-BR100 */
55 	{ USB_DEVICE(0x0411, 0x0197),
56 	  .driver_info = AR9280_USB },  /* Buffalo WLI-UV-AG300P */
57 	{ USB_DEVICE(0x04da, 0x3904),
58 	  .driver_info = AR9280_USB },
59 	{ USB_DEVICE(0x0930, 0x0a08),
60 	  .driver_info = AR9280_USB },  /* Toshiba WLM-20U2 and GN-1080 */
61 
62 	{ USB_DEVICE(0x0cf3, 0x20ff),
63 	  .driver_info = STORAGE_DEVICE },
64 
65 	{ },
66 };
67 
68 MODULE_DEVICE_TABLE(usb, ath9k_hif_usb_ids);
69 
70 static int __hif_usb_tx(struct hif_device_usb *hif_dev);
71 
72 static void hif_usb_regout_cb(struct urb *urb)
73 {
74 	struct cmd_buf *cmd = (struct cmd_buf *)urb->context;
75 
76 	switch (urb->status) {
77 	case 0:
78 		break;
79 	case -ENOENT:
80 	case -ECONNRESET:
81 	case -ENODEV:
82 	case -ESHUTDOWN:
83 		goto free;
84 	default:
85 		break;
86 	}
87 
88 	if (cmd) {
89 		ath9k_htc_txcompletion_cb(cmd->hif_dev->htc_handle,
90 					  cmd->skb, true);
91 		kfree(cmd);
92 	}
93 
94 	return;
95 free:
96 	kfree_skb(cmd->skb);
97 	kfree(cmd);
98 }
99 
100 static int hif_usb_send_regout(struct hif_device_usb *hif_dev,
101 			       struct sk_buff *skb)
102 {
103 	struct urb *urb;
104 	struct cmd_buf *cmd;
105 	int ret = 0;
106 
107 	urb = usb_alloc_urb(0, GFP_KERNEL);
108 	if (urb == NULL)
109 		return -ENOMEM;
110 
111 	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
112 	if (cmd == NULL) {
113 		usb_free_urb(urb);
114 		return -ENOMEM;
115 	}
116 
117 	cmd->skb = skb;
118 	cmd->hif_dev = hif_dev;
119 
120 	usb_fill_int_urb(urb, hif_dev->udev,
121 			 usb_sndintpipe(hif_dev->udev, USB_REG_OUT_PIPE),
122 			 skb->data, skb->len,
123 			 hif_usb_regout_cb, cmd, 1);
124 
125 	usb_anchor_urb(urb, &hif_dev->regout_submitted);
126 	ret = usb_submit_urb(urb, GFP_KERNEL);
127 	if (ret) {
128 		usb_unanchor_urb(urb);
129 		kfree(cmd);
130 	}
131 	usb_free_urb(urb);
132 
133 	return ret;
134 }
135 
136 static void hif_usb_mgmt_cb(struct urb *urb)
137 {
138 	struct cmd_buf *cmd = (struct cmd_buf *)urb->context;
139 	struct hif_device_usb *hif_dev;
140 	bool txok = true;
141 
142 	if (!cmd || !cmd->skb || !cmd->hif_dev)
143 		return;
144 
145 	hif_dev = cmd->hif_dev;
146 
147 	switch (urb->status) {
148 	case 0:
149 		break;
150 	case -ENOENT:
151 	case -ECONNRESET:
152 	case -ENODEV:
153 	case -ESHUTDOWN:
154 		txok = false;
155 
156 		/*
157 		 * If the URBs are being flushed, no need to complete
158 		 * this packet.
159 		 */
160 		spin_lock(&hif_dev->tx.tx_lock);
161 		if (hif_dev->tx.flags & HIF_USB_TX_FLUSH) {
162 			spin_unlock(&hif_dev->tx.tx_lock);
163 			dev_kfree_skb_any(cmd->skb);
164 			kfree(cmd);
165 			return;
166 		}
167 		spin_unlock(&hif_dev->tx.tx_lock);
168 
169 		break;
170 	default:
171 		txok = false;
172 		break;
173 	}
174 
175 	skb_pull(cmd->skb, 4);
176 	ath9k_htc_txcompletion_cb(cmd->hif_dev->htc_handle,
177 				  cmd->skb, txok);
178 	kfree(cmd);
179 }
180 
181 static int hif_usb_send_mgmt(struct hif_device_usb *hif_dev,
182 			     struct sk_buff *skb)
183 {
184 	struct urb *urb;
185 	struct cmd_buf *cmd;
186 	int ret = 0;
187 	__le16 *hdr;
188 
189 	urb = usb_alloc_urb(0, GFP_ATOMIC);
190 	if (urb == NULL)
191 		return -ENOMEM;
192 
193 	cmd = kzalloc(sizeof(*cmd), GFP_ATOMIC);
194 	if (cmd == NULL) {
195 		usb_free_urb(urb);
196 		return -ENOMEM;
197 	}
198 
199 	cmd->skb = skb;
200 	cmd->hif_dev = hif_dev;
201 
202 	hdr = skb_push(skb, 4);
203 	*hdr++ = cpu_to_le16(skb->len - 4);
204 	*hdr++ = cpu_to_le16(ATH_USB_TX_STREAM_MODE_TAG);
205 
206 	usb_fill_bulk_urb(urb, hif_dev->udev,
207 			 usb_sndbulkpipe(hif_dev->udev, USB_WLAN_TX_PIPE),
208 			 skb->data, skb->len,
209 			 hif_usb_mgmt_cb, cmd);
210 
211 	usb_anchor_urb(urb, &hif_dev->mgmt_submitted);
212 	ret = usb_submit_urb(urb, GFP_ATOMIC);
213 	if (ret) {
214 		usb_unanchor_urb(urb);
215 		kfree(cmd);
216 	}
217 	usb_free_urb(urb);
218 
219 	return ret;
220 }
221 
222 static inline void ath9k_skb_queue_purge(struct hif_device_usb *hif_dev,
223 					 struct sk_buff_head *list)
224 {
225 	struct sk_buff *skb;
226 
227 	while ((skb = __skb_dequeue(list)) != NULL) {
228 		dev_kfree_skb_any(skb);
229 	}
230 }
231 
232 static inline void ath9k_skb_queue_complete(struct hif_device_usb *hif_dev,
233 					    struct sk_buff_head *queue,
234 					    bool txok)
235 {
236 	struct sk_buff *skb;
237 
238 	while ((skb = __skb_dequeue(queue)) != NULL) {
239 #ifdef CONFIG_ATH9K_HTC_DEBUGFS
240 		int ln = skb->len;
241 #endif
242 		ath9k_htc_txcompletion_cb(hif_dev->htc_handle,
243 					  skb, txok);
244 		if (txok) {
245 			TX_STAT_INC(skb_success);
246 			TX_STAT_ADD(skb_success_bytes, ln);
247 		}
248 		else
249 			TX_STAT_INC(skb_failed);
250 	}
251 }
252 
253 static void hif_usb_tx_cb(struct urb *urb)
254 {
255 	struct tx_buf *tx_buf = (struct tx_buf *) urb->context;
256 	struct hif_device_usb *hif_dev;
257 	bool txok = true;
258 
259 	if (!tx_buf || !tx_buf->hif_dev)
260 		return;
261 
262 	hif_dev = tx_buf->hif_dev;
263 
264 	switch (urb->status) {
265 	case 0:
266 		break;
267 	case -ENOENT:
268 	case -ECONNRESET:
269 	case -ENODEV:
270 	case -ESHUTDOWN:
271 		txok = false;
272 
273 		/*
274 		 * If the URBs are being flushed, no need to add this
275 		 * URB to the free list.
276 		 */
277 		spin_lock(&hif_dev->tx.tx_lock);
278 		if (hif_dev->tx.flags & HIF_USB_TX_FLUSH) {
279 			spin_unlock(&hif_dev->tx.tx_lock);
280 			ath9k_skb_queue_purge(hif_dev, &tx_buf->skb_queue);
281 			return;
282 		}
283 		spin_unlock(&hif_dev->tx.tx_lock);
284 
285 		break;
286 	default:
287 		txok = false;
288 		break;
289 	}
290 
291 	ath9k_skb_queue_complete(hif_dev, &tx_buf->skb_queue, txok);
292 
293 	/* Re-initialize the SKB queue */
294 	tx_buf->len = tx_buf->offset = 0;
295 	__skb_queue_head_init(&tx_buf->skb_queue);
296 
297 	/* Add this TX buffer to the free list */
298 	spin_lock(&hif_dev->tx.tx_lock);
299 	list_move_tail(&tx_buf->list, &hif_dev->tx.tx_buf);
300 	hif_dev->tx.tx_buf_cnt++;
301 	if (!(hif_dev->tx.flags & HIF_USB_TX_STOP))
302 		__hif_usb_tx(hif_dev); /* Check for pending SKBs */
303 	TX_STAT_INC(buf_completed);
304 	spin_unlock(&hif_dev->tx.tx_lock);
305 }
306 
307 /* TX lock has to be taken */
308 static int __hif_usb_tx(struct hif_device_usb *hif_dev)
309 {
310 	struct tx_buf *tx_buf = NULL;
311 	struct sk_buff *nskb = NULL;
312 	int ret = 0, i;
313 	u16 tx_skb_cnt = 0;
314 	u8 *buf;
315 	__le16 *hdr;
316 
317 	if (hif_dev->tx.tx_skb_cnt == 0)
318 		return 0;
319 
320 	/* Check if a free TX buffer is available */
321 	if (list_empty(&hif_dev->tx.tx_buf))
322 		return 0;
323 
324 	tx_buf = list_first_entry(&hif_dev->tx.tx_buf, struct tx_buf, list);
325 	list_move_tail(&tx_buf->list, &hif_dev->tx.tx_pending);
326 	hif_dev->tx.tx_buf_cnt--;
327 
328 	tx_skb_cnt = min_t(u16, hif_dev->tx.tx_skb_cnt, MAX_TX_AGGR_NUM);
329 
330 	for (i = 0; i < tx_skb_cnt; i++) {
331 		nskb = __skb_dequeue(&hif_dev->tx.tx_skb_queue);
332 
333 		/* Should never be NULL */
334 		BUG_ON(!nskb);
335 
336 		hif_dev->tx.tx_skb_cnt--;
337 
338 		buf = tx_buf->buf;
339 		buf += tx_buf->offset;
340 		hdr = (__le16 *)buf;
341 		*hdr++ = cpu_to_le16(nskb->len);
342 		*hdr++ = cpu_to_le16(ATH_USB_TX_STREAM_MODE_TAG);
343 		buf += 4;
344 		memcpy(buf, nskb->data, nskb->len);
345 		tx_buf->len = nskb->len + 4;
346 
347 		if (i < (tx_skb_cnt - 1))
348 			tx_buf->offset += (((tx_buf->len - 1) / 4) + 1) * 4;
349 
350 		if (i == (tx_skb_cnt - 1))
351 			tx_buf->len += tx_buf->offset;
352 
353 		__skb_queue_tail(&tx_buf->skb_queue, nskb);
354 		TX_STAT_INC(skb_queued);
355 	}
356 
357 	usb_fill_bulk_urb(tx_buf->urb, hif_dev->udev,
358 			  usb_sndbulkpipe(hif_dev->udev, USB_WLAN_TX_PIPE),
359 			  tx_buf->buf, tx_buf->len,
360 			  hif_usb_tx_cb, tx_buf);
361 
362 	ret = usb_submit_urb(tx_buf->urb, GFP_ATOMIC);
363 	if (ret) {
364 		tx_buf->len = tx_buf->offset = 0;
365 		ath9k_skb_queue_complete(hif_dev, &tx_buf->skb_queue, false);
366 		__skb_queue_head_init(&tx_buf->skb_queue);
367 		list_move_tail(&tx_buf->list, &hif_dev->tx.tx_buf);
368 		hif_dev->tx.tx_buf_cnt++;
369 	}
370 
371 	if (!ret)
372 		TX_STAT_INC(buf_queued);
373 
374 	return ret;
375 }
376 
377 static int hif_usb_send_tx(struct hif_device_usb *hif_dev, struct sk_buff *skb)
378 {
379 	struct ath9k_htc_tx_ctl *tx_ctl;
380 	unsigned long flags;
381 	int ret = 0;
382 
383 	spin_lock_irqsave(&hif_dev->tx.tx_lock, flags);
384 
385 	if (hif_dev->tx.flags & HIF_USB_TX_STOP) {
386 		spin_unlock_irqrestore(&hif_dev->tx.tx_lock, flags);
387 		return -ENODEV;
388 	}
389 
390 	/* Check if the max queue count has been reached */
391 	if (hif_dev->tx.tx_skb_cnt > MAX_TX_BUF_NUM) {
392 		spin_unlock_irqrestore(&hif_dev->tx.tx_lock, flags);
393 		return -ENOMEM;
394 	}
395 
396 	spin_unlock_irqrestore(&hif_dev->tx.tx_lock, flags);
397 
398 	tx_ctl = HTC_SKB_CB(skb);
399 
400 	/* Mgmt/Beacon frames don't use the TX buffer pool */
401 	if ((tx_ctl->type == ATH9K_HTC_MGMT) ||
402 	    (tx_ctl->type == ATH9K_HTC_BEACON)) {
403 		ret = hif_usb_send_mgmt(hif_dev, skb);
404 	}
405 
406 	spin_lock_irqsave(&hif_dev->tx.tx_lock, flags);
407 
408 	if ((tx_ctl->type == ATH9K_HTC_NORMAL) ||
409 	    (tx_ctl->type == ATH9K_HTC_AMPDU)) {
410 		__skb_queue_tail(&hif_dev->tx.tx_skb_queue, skb);
411 		hif_dev->tx.tx_skb_cnt++;
412 	}
413 
414 	/* Check if AMPDUs have to be sent immediately */
415 	if ((hif_dev->tx.tx_buf_cnt == MAX_TX_URB_NUM) &&
416 	    (hif_dev->tx.tx_skb_cnt < 2)) {
417 		__hif_usb_tx(hif_dev);
418 	}
419 
420 	spin_unlock_irqrestore(&hif_dev->tx.tx_lock, flags);
421 
422 	return ret;
423 }
424 
425 static void hif_usb_start(void *hif_handle)
426 {
427 	struct hif_device_usb *hif_dev = (struct hif_device_usb *)hif_handle;
428 	unsigned long flags;
429 
430 	hif_dev->flags |= HIF_USB_START;
431 
432 	spin_lock_irqsave(&hif_dev->tx.tx_lock, flags);
433 	hif_dev->tx.flags &= ~HIF_USB_TX_STOP;
434 	spin_unlock_irqrestore(&hif_dev->tx.tx_lock, flags);
435 }
436 
437 static void hif_usb_stop(void *hif_handle)
438 {
439 	struct hif_device_usb *hif_dev = (struct hif_device_usb *)hif_handle;
440 	struct tx_buf *tx_buf = NULL, *tx_buf_tmp = NULL;
441 	unsigned long flags;
442 
443 	spin_lock_irqsave(&hif_dev->tx.tx_lock, flags);
444 	ath9k_skb_queue_complete(hif_dev, &hif_dev->tx.tx_skb_queue, false);
445 	hif_dev->tx.tx_skb_cnt = 0;
446 	hif_dev->tx.flags |= HIF_USB_TX_STOP;
447 	spin_unlock_irqrestore(&hif_dev->tx.tx_lock, flags);
448 
449 	/* The pending URBs have to be canceled. */
450 	list_for_each_entry_safe(tx_buf, tx_buf_tmp,
451 				 &hif_dev->tx.tx_pending, list) {
452 		usb_kill_urb(tx_buf->urb);
453 	}
454 
455 	usb_kill_anchored_urbs(&hif_dev->mgmt_submitted);
456 }
457 
458 static int hif_usb_send(void *hif_handle, u8 pipe_id, struct sk_buff *skb)
459 {
460 	struct hif_device_usb *hif_dev = (struct hif_device_usb *)hif_handle;
461 	int ret = 0;
462 
463 	switch (pipe_id) {
464 	case USB_WLAN_TX_PIPE:
465 		ret = hif_usb_send_tx(hif_dev, skb);
466 		break;
467 	case USB_REG_OUT_PIPE:
468 		ret = hif_usb_send_regout(hif_dev, skb);
469 		break;
470 	default:
471 		dev_err(&hif_dev->udev->dev,
472 			"ath9k_htc: Invalid TX pipe: %d\n", pipe_id);
473 		ret = -EINVAL;
474 		break;
475 	}
476 
477 	return ret;
478 }
479 
480 static inline bool check_index(struct sk_buff *skb, u8 idx)
481 {
482 	struct ath9k_htc_tx_ctl *tx_ctl;
483 
484 	tx_ctl = HTC_SKB_CB(skb);
485 
486 	if ((tx_ctl->type == ATH9K_HTC_AMPDU) &&
487 	    (tx_ctl->sta_idx == idx))
488 		return true;
489 
490 	return false;
491 }
492 
493 static void hif_usb_sta_drain(void *hif_handle, u8 idx)
494 {
495 	struct hif_device_usb *hif_dev = (struct hif_device_usb *)hif_handle;
496 	struct sk_buff *skb, *tmp;
497 	unsigned long flags;
498 
499 	spin_lock_irqsave(&hif_dev->tx.tx_lock, flags);
500 
501 	skb_queue_walk_safe(&hif_dev->tx.tx_skb_queue, skb, tmp) {
502 		if (check_index(skb, idx)) {
503 			__skb_unlink(skb, &hif_dev->tx.tx_skb_queue);
504 			ath9k_htc_txcompletion_cb(hif_dev->htc_handle,
505 						  skb, false);
506 			hif_dev->tx.tx_skb_cnt--;
507 			TX_STAT_INC(skb_failed);
508 		}
509 	}
510 
511 	spin_unlock_irqrestore(&hif_dev->tx.tx_lock, flags);
512 }
513 
514 static struct ath9k_htc_hif hif_usb = {
515 	.transport = ATH9K_HIF_USB,
516 	.name = "ath9k_hif_usb",
517 
518 	.control_ul_pipe = USB_REG_OUT_PIPE,
519 	.control_dl_pipe = USB_REG_IN_PIPE,
520 
521 	.start = hif_usb_start,
522 	.stop = hif_usb_stop,
523 	.sta_drain = hif_usb_sta_drain,
524 	.send = hif_usb_send,
525 };
526 
527 static void ath9k_hif_usb_rx_stream(struct hif_device_usb *hif_dev,
528 				    struct sk_buff *skb)
529 {
530 	struct sk_buff *nskb, *skb_pool[MAX_PKT_NUM_IN_TRANSFER];
531 	int index = 0, i, len = skb->len;
532 	int rx_remain_len, rx_pkt_len;
533 	u16 pool_index = 0;
534 	u8 *ptr;
535 
536 	spin_lock(&hif_dev->rx_lock);
537 
538 	rx_remain_len = hif_dev->rx_remain_len;
539 	rx_pkt_len = hif_dev->rx_transfer_len;
540 
541 	if (rx_remain_len != 0) {
542 		struct sk_buff *remain_skb = hif_dev->remain_skb;
543 
544 		if (remain_skb) {
545 			ptr = (u8 *) remain_skb->data;
546 
547 			index = rx_remain_len;
548 			rx_remain_len -= hif_dev->rx_pad_len;
549 			ptr += rx_pkt_len;
550 
551 			memcpy(ptr, skb->data, rx_remain_len);
552 
553 			rx_pkt_len += rx_remain_len;
554 			hif_dev->rx_remain_len = 0;
555 			skb_put(remain_skb, rx_pkt_len);
556 
557 			skb_pool[pool_index++] = remain_skb;
558 
559 		} else {
560 			index = rx_remain_len;
561 		}
562 	}
563 
564 	spin_unlock(&hif_dev->rx_lock);
565 
566 	while (index < len) {
567 		u16 pkt_len;
568 		u16 pkt_tag;
569 		u16 pad_len;
570 		int chk_idx;
571 
572 		ptr = (u8 *) skb->data;
573 
574 		pkt_len = get_unaligned_le16(ptr + index);
575 		pkt_tag = get_unaligned_le16(ptr + index + 2);
576 
577 		if (pkt_tag != ATH_USB_RX_STREAM_MODE_TAG) {
578 			RX_STAT_INC(skb_dropped);
579 			return;
580 		}
581 
582 		pad_len = 4 - (pkt_len & 0x3);
583 		if (pad_len == 4)
584 			pad_len = 0;
585 
586 		chk_idx = index;
587 		index = index + 4 + pkt_len + pad_len;
588 
589 		if (index > MAX_RX_BUF_SIZE) {
590 			spin_lock(&hif_dev->rx_lock);
591 			hif_dev->rx_remain_len = index - MAX_RX_BUF_SIZE;
592 			hif_dev->rx_transfer_len =
593 				MAX_RX_BUF_SIZE - chk_idx - 4;
594 			hif_dev->rx_pad_len = pad_len;
595 
596 			nskb = __dev_alloc_skb(pkt_len + 32, GFP_ATOMIC);
597 			if (!nskb) {
598 				dev_err(&hif_dev->udev->dev,
599 					"ath9k_htc: RX memory allocation error\n");
600 				spin_unlock(&hif_dev->rx_lock);
601 				goto err;
602 			}
603 			skb_reserve(nskb, 32);
604 			RX_STAT_INC(skb_allocated);
605 
606 			memcpy(nskb->data, &(skb->data[chk_idx+4]),
607 			       hif_dev->rx_transfer_len);
608 
609 			/* Record the buffer pointer */
610 			hif_dev->remain_skb = nskb;
611 			spin_unlock(&hif_dev->rx_lock);
612 		} else {
613 			nskb = __dev_alloc_skb(pkt_len + 32, GFP_ATOMIC);
614 			if (!nskb) {
615 				dev_err(&hif_dev->udev->dev,
616 					"ath9k_htc: RX memory allocation error\n");
617 				goto err;
618 			}
619 			skb_reserve(nskb, 32);
620 			RX_STAT_INC(skb_allocated);
621 
622 			memcpy(nskb->data, &(skb->data[chk_idx+4]), pkt_len);
623 			skb_put(nskb, pkt_len);
624 			skb_pool[pool_index++] = nskb;
625 		}
626 	}
627 
628 err:
629 	for (i = 0; i < pool_index; i++) {
630 		RX_STAT_ADD(skb_completed_bytes, skb_pool[i]->len);
631 		ath9k_htc_rx_msg(hif_dev->htc_handle, skb_pool[i],
632 				 skb_pool[i]->len, USB_WLAN_RX_PIPE);
633 		RX_STAT_INC(skb_completed);
634 	}
635 }
636 
637 static void ath9k_hif_usb_rx_cb(struct urb *urb)
638 {
639 	struct sk_buff *skb = (struct sk_buff *) urb->context;
640 	struct hif_device_usb *hif_dev =
641 		usb_get_intfdata(usb_ifnum_to_if(urb->dev, 0));
642 	int ret;
643 
644 	if (!skb)
645 		return;
646 
647 	if (!hif_dev)
648 		goto free;
649 
650 	switch (urb->status) {
651 	case 0:
652 		break;
653 	case -ENOENT:
654 	case -ECONNRESET:
655 	case -ENODEV:
656 	case -ESHUTDOWN:
657 		goto free;
658 	default:
659 		goto resubmit;
660 	}
661 
662 	if (likely(urb->actual_length != 0)) {
663 		skb_put(skb, urb->actual_length);
664 		ath9k_hif_usb_rx_stream(hif_dev, skb);
665 	}
666 
667 resubmit:
668 	skb_reset_tail_pointer(skb);
669 	skb_trim(skb, 0);
670 
671 	usb_anchor_urb(urb, &hif_dev->rx_submitted);
672 	ret = usb_submit_urb(urb, GFP_ATOMIC);
673 	if (ret) {
674 		usb_unanchor_urb(urb);
675 		goto free;
676 	}
677 
678 	return;
679 free:
680 	kfree_skb(skb);
681 }
682 
683 static void ath9k_hif_usb_reg_in_cb(struct urb *urb)
684 {
685 	struct sk_buff *skb = (struct sk_buff *) urb->context;
686 	struct sk_buff *nskb;
687 	struct hif_device_usb *hif_dev =
688 		usb_get_intfdata(usb_ifnum_to_if(urb->dev, 0));
689 	int ret;
690 
691 	if (!skb)
692 		return;
693 
694 	if (!hif_dev)
695 		goto free;
696 
697 	switch (urb->status) {
698 	case 0:
699 		break;
700 	case -ENOENT:
701 	case -ECONNRESET:
702 	case -ENODEV:
703 	case -ESHUTDOWN:
704 		goto free;
705 	default:
706 		skb_reset_tail_pointer(skb);
707 		skb_trim(skb, 0);
708 
709 		goto resubmit;
710 	}
711 
712 	if (likely(urb->actual_length != 0)) {
713 		skb_put(skb, urb->actual_length);
714 
715 		/* Process the command first */
716 		ath9k_htc_rx_msg(hif_dev->htc_handle, skb,
717 				 skb->len, USB_REG_IN_PIPE);
718 
719 
720 		nskb = alloc_skb(MAX_REG_IN_BUF_SIZE, GFP_ATOMIC);
721 		if (!nskb) {
722 			dev_err(&hif_dev->udev->dev,
723 				"ath9k_htc: REG_IN memory allocation failure\n");
724 			urb->context = NULL;
725 			return;
726 		}
727 
728 		usb_fill_int_urb(urb, hif_dev->udev,
729 				 usb_rcvintpipe(hif_dev->udev,
730 						 USB_REG_IN_PIPE),
731 				 nskb->data, MAX_REG_IN_BUF_SIZE,
732 				 ath9k_hif_usb_reg_in_cb, nskb, 1);
733 	}
734 
735 resubmit:
736 	usb_anchor_urb(urb, &hif_dev->reg_in_submitted);
737 	ret = usb_submit_urb(urb, GFP_ATOMIC);
738 	if (ret) {
739 		usb_unanchor_urb(urb);
740 		goto free;
741 	}
742 
743 	return;
744 free:
745 	kfree_skb(skb);
746 	urb->context = NULL;
747 }
748 
749 static void ath9k_hif_usb_dealloc_tx_urbs(struct hif_device_usb *hif_dev)
750 {
751 	struct tx_buf *tx_buf = NULL, *tx_buf_tmp = NULL;
752 	unsigned long flags;
753 
754 	list_for_each_entry_safe(tx_buf, tx_buf_tmp,
755 				 &hif_dev->tx.tx_buf, list) {
756 		usb_kill_urb(tx_buf->urb);
757 		list_del(&tx_buf->list);
758 		usb_free_urb(tx_buf->urb);
759 		kfree(tx_buf->buf);
760 		kfree(tx_buf);
761 	}
762 
763 	spin_lock_irqsave(&hif_dev->tx.tx_lock, flags);
764 	hif_dev->tx.flags |= HIF_USB_TX_FLUSH;
765 	spin_unlock_irqrestore(&hif_dev->tx.tx_lock, flags);
766 
767 	list_for_each_entry_safe(tx_buf, tx_buf_tmp,
768 				 &hif_dev->tx.tx_pending, list) {
769 		usb_kill_urb(tx_buf->urb);
770 		list_del(&tx_buf->list);
771 		usb_free_urb(tx_buf->urb);
772 		kfree(tx_buf->buf);
773 		kfree(tx_buf);
774 	}
775 
776 	usb_kill_anchored_urbs(&hif_dev->mgmt_submitted);
777 }
778 
779 static int ath9k_hif_usb_alloc_tx_urbs(struct hif_device_usb *hif_dev)
780 {
781 	struct tx_buf *tx_buf;
782 	int i;
783 
784 	INIT_LIST_HEAD(&hif_dev->tx.tx_buf);
785 	INIT_LIST_HEAD(&hif_dev->tx.tx_pending);
786 	spin_lock_init(&hif_dev->tx.tx_lock);
787 	__skb_queue_head_init(&hif_dev->tx.tx_skb_queue);
788 	init_usb_anchor(&hif_dev->mgmt_submitted);
789 
790 	for (i = 0; i < MAX_TX_URB_NUM; i++) {
791 		tx_buf = kzalloc(sizeof(struct tx_buf), GFP_KERNEL);
792 		if (!tx_buf)
793 			goto err;
794 
795 		tx_buf->buf = kzalloc(MAX_TX_BUF_SIZE, GFP_KERNEL);
796 		if (!tx_buf->buf)
797 			goto err;
798 
799 		tx_buf->urb = usb_alloc_urb(0, GFP_KERNEL);
800 		if (!tx_buf->urb)
801 			goto err;
802 
803 		tx_buf->hif_dev = hif_dev;
804 		__skb_queue_head_init(&tx_buf->skb_queue);
805 
806 		list_add_tail(&tx_buf->list, &hif_dev->tx.tx_buf);
807 	}
808 
809 	hif_dev->tx.tx_buf_cnt = MAX_TX_URB_NUM;
810 
811 	return 0;
812 err:
813 	if (tx_buf) {
814 		kfree(tx_buf->buf);
815 		kfree(tx_buf);
816 	}
817 	ath9k_hif_usb_dealloc_tx_urbs(hif_dev);
818 	return -ENOMEM;
819 }
820 
821 static void ath9k_hif_usb_dealloc_rx_urbs(struct hif_device_usb *hif_dev)
822 {
823 	usb_kill_anchored_urbs(&hif_dev->rx_submitted);
824 }
825 
826 static int ath9k_hif_usb_alloc_rx_urbs(struct hif_device_usb *hif_dev)
827 {
828 	struct urb *urb = NULL;
829 	struct sk_buff *skb = NULL;
830 	int i, ret;
831 
832 	init_usb_anchor(&hif_dev->rx_submitted);
833 	spin_lock_init(&hif_dev->rx_lock);
834 
835 	for (i = 0; i < MAX_RX_URB_NUM; i++) {
836 
837 		/* Allocate URB */
838 		urb = usb_alloc_urb(0, GFP_KERNEL);
839 		if (urb == NULL) {
840 			ret = -ENOMEM;
841 			goto err_urb;
842 		}
843 
844 		/* Allocate buffer */
845 		skb = alloc_skb(MAX_RX_BUF_SIZE, GFP_KERNEL);
846 		if (!skb) {
847 			ret = -ENOMEM;
848 			goto err_skb;
849 		}
850 
851 		usb_fill_bulk_urb(urb, hif_dev->udev,
852 				  usb_rcvbulkpipe(hif_dev->udev,
853 						  USB_WLAN_RX_PIPE),
854 				  skb->data, MAX_RX_BUF_SIZE,
855 				  ath9k_hif_usb_rx_cb, skb);
856 
857 		/* Anchor URB */
858 		usb_anchor_urb(urb, &hif_dev->rx_submitted);
859 
860 		/* Submit URB */
861 		ret = usb_submit_urb(urb, GFP_KERNEL);
862 		if (ret) {
863 			usb_unanchor_urb(urb);
864 			goto err_submit;
865 		}
866 
867 		/*
868 		 * Drop reference count.
869 		 * This ensures that the URB is freed when killing them.
870 		 */
871 		usb_free_urb(urb);
872 	}
873 
874 	return 0;
875 
876 err_submit:
877 	kfree_skb(skb);
878 err_skb:
879 	usb_free_urb(urb);
880 err_urb:
881 	ath9k_hif_usb_dealloc_rx_urbs(hif_dev);
882 	return ret;
883 }
884 
885 static void ath9k_hif_usb_dealloc_reg_in_urbs(struct hif_device_usb *hif_dev)
886 {
887 	usb_kill_anchored_urbs(&hif_dev->reg_in_submitted);
888 }
889 
890 static int ath9k_hif_usb_alloc_reg_in_urbs(struct hif_device_usb *hif_dev)
891 {
892 	struct urb *urb = NULL;
893 	struct sk_buff *skb = NULL;
894 	int i, ret;
895 
896 	init_usb_anchor(&hif_dev->reg_in_submitted);
897 
898 	for (i = 0; i < MAX_REG_IN_URB_NUM; i++) {
899 
900 		/* Allocate URB */
901 		urb = usb_alloc_urb(0, GFP_KERNEL);
902 		if (urb == NULL) {
903 			ret = -ENOMEM;
904 			goto err_urb;
905 		}
906 
907 		/* Allocate buffer */
908 		skb = alloc_skb(MAX_REG_IN_BUF_SIZE, GFP_KERNEL);
909 		if (!skb) {
910 			ret = -ENOMEM;
911 			goto err_skb;
912 		}
913 
914 		usb_fill_int_urb(urb, hif_dev->udev,
915 				  usb_rcvintpipe(hif_dev->udev,
916 						  USB_REG_IN_PIPE),
917 				  skb->data, MAX_REG_IN_BUF_SIZE,
918 				  ath9k_hif_usb_reg_in_cb, skb, 1);
919 
920 		/* Anchor URB */
921 		usb_anchor_urb(urb, &hif_dev->reg_in_submitted);
922 
923 		/* Submit URB */
924 		ret = usb_submit_urb(urb, GFP_KERNEL);
925 		if (ret) {
926 			usb_unanchor_urb(urb);
927 			goto err_submit;
928 		}
929 
930 		/*
931 		 * Drop reference count.
932 		 * This ensures that the URB is freed when killing them.
933 		 */
934 		usb_free_urb(urb);
935 	}
936 
937 	return 0;
938 
939 err_submit:
940 	kfree_skb(skb);
941 err_skb:
942 	usb_free_urb(urb);
943 err_urb:
944 	ath9k_hif_usb_dealloc_reg_in_urbs(hif_dev);
945 	return ret;
946 }
947 
948 static int ath9k_hif_usb_alloc_urbs(struct hif_device_usb *hif_dev)
949 {
950 	/* Register Write */
951 	init_usb_anchor(&hif_dev->regout_submitted);
952 
953 	/* TX */
954 	if (ath9k_hif_usb_alloc_tx_urbs(hif_dev) < 0)
955 		goto err;
956 
957 	/* RX */
958 	if (ath9k_hif_usb_alloc_rx_urbs(hif_dev) < 0)
959 		goto err_rx;
960 
961 	/* Register Read */
962 	if (ath9k_hif_usb_alloc_reg_in_urbs(hif_dev) < 0)
963 		goto err_reg;
964 
965 	return 0;
966 err_reg:
967 	ath9k_hif_usb_dealloc_rx_urbs(hif_dev);
968 err_rx:
969 	ath9k_hif_usb_dealloc_tx_urbs(hif_dev);
970 err:
971 	return -ENOMEM;
972 }
973 
974 static void ath9k_hif_usb_dealloc_urbs(struct hif_device_usb *hif_dev)
975 {
976 	usb_kill_anchored_urbs(&hif_dev->regout_submitted);
977 	ath9k_hif_usb_dealloc_reg_in_urbs(hif_dev);
978 	ath9k_hif_usb_dealloc_tx_urbs(hif_dev);
979 	ath9k_hif_usb_dealloc_rx_urbs(hif_dev);
980 }
981 
982 static int ath9k_hif_usb_download_fw(struct hif_device_usb *hif_dev)
983 {
984 	int transfer, err;
985 	const void *data = hif_dev->fw_data;
986 	size_t len = hif_dev->fw_size;
987 	u32 addr = AR9271_FIRMWARE;
988 	u8 *buf = kzalloc(4096, GFP_KERNEL);
989 	u32 firm_offset;
990 
991 	if (!buf)
992 		return -ENOMEM;
993 
994 	while (len) {
995 		transfer = min_t(size_t, len, 4096);
996 		memcpy(buf, data, transfer);
997 
998 		err = usb_control_msg(hif_dev->udev,
999 				      usb_sndctrlpipe(hif_dev->udev, 0),
1000 				      FIRMWARE_DOWNLOAD, 0x40 | USB_DIR_OUT,
1001 				      addr >> 8, 0, buf, transfer,
1002 				      USB_MSG_TIMEOUT);
1003 		if (err < 0) {
1004 			kfree(buf);
1005 			return err;
1006 		}
1007 
1008 		len -= transfer;
1009 		data += transfer;
1010 		addr += transfer;
1011 	}
1012 	kfree(buf);
1013 
1014 	if (IS_AR7010_DEVICE(hif_dev->usb_device_id->driver_info))
1015 		firm_offset = AR7010_FIRMWARE_TEXT;
1016 	else
1017 		firm_offset = AR9271_FIRMWARE_TEXT;
1018 
1019 	/*
1020 	 * Issue FW download complete command to firmware.
1021 	 */
1022 	err = usb_control_msg(hif_dev->udev, usb_sndctrlpipe(hif_dev->udev, 0),
1023 			      FIRMWARE_DOWNLOAD_COMP,
1024 			      0x40 | USB_DIR_OUT,
1025 			      firm_offset >> 8, 0, NULL, 0, USB_MSG_TIMEOUT);
1026 	if (err)
1027 		return -EIO;
1028 
1029 	dev_info(&hif_dev->udev->dev, "ath9k_htc: Transferred FW: %s, size: %ld\n",
1030 		 hif_dev->fw_name, (unsigned long) hif_dev->fw_size);
1031 
1032 	return 0;
1033 }
1034 
1035 static int ath9k_hif_usb_dev_init(struct hif_device_usb *hif_dev)
1036 {
1037 	int ret;
1038 
1039 	ret = ath9k_hif_usb_download_fw(hif_dev);
1040 	if (ret) {
1041 		dev_err(&hif_dev->udev->dev,
1042 			"ath9k_htc: Firmware - %s download failed\n",
1043 			hif_dev->fw_name);
1044 		return ret;
1045 	}
1046 
1047 	/* Alloc URBs */
1048 	ret = ath9k_hif_usb_alloc_urbs(hif_dev);
1049 	if (ret) {
1050 		dev_err(&hif_dev->udev->dev,
1051 			"ath9k_htc: Unable to allocate URBs\n");
1052 		return ret;
1053 	}
1054 
1055 	return 0;
1056 }
1057 
1058 static void ath9k_hif_usb_dev_deinit(struct hif_device_usb *hif_dev)
1059 {
1060 	ath9k_hif_usb_dealloc_urbs(hif_dev);
1061 }
1062 
1063 /*
1064  * If initialization fails or the FW cannot be retrieved,
1065  * detach the device.
1066  */
1067 static void ath9k_hif_usb_firmware_fail(struct hif_device_usb *hif_dev)
1068 {
1069 	struct device *dev = &hif_dev->udev->dev;
1070 	struct device *parent = dev->parent;
1071 
1072 	complete_all(&hif_dev->fw_done);
1073 
1074 	if (parent)
1075 		device_lock(parent);
1076 
1077 	device_release_driver(dev);
1078 
1079 	if (parent)
1080 		device_unlock(parent);
1081 }
1082 
1083 static void ath9k_hif_usb_firmware_cb(const struct firmware *fw, void *context);
1084 
1085 /* taken from iwlwifi */
1086 static int ath9k_hif_request_firmware(struct hif_device_usb *hif_dev,
1087 				      bool first)
1088 {
1089 	char index[8], *chip;
1090 	int ret;
1091 
1092 	if (first) {
1093 		if (htc_use_dev_fw) {
1094 			hif_dev->fw_minor_index = FIRMWARE_MINOR_IDX_MAX + 1;
1095 			sprintf(index, "%s", "dev");
1096 		} else {
1097 			hif_dev->fw_minor_index = FIRMWARE_MINOR_IDX_MAX;
1098 			sprintf(index, "%d", hif_dev->fw_minor_index);
1099 		}
1100 	} else {
1101 		hif_dev->fw_minor_index--;
1102 		sprintf(index, "%d", hif_dev->fw_minor_index);
1103 	}
1104 
1105 	/* test for FW 1.3 */
1106 	if (MAJOR_VERSION_REQ == 1 && hif_dev->fw_minor_index == 3) {
1107 		const char *filename;
1108 
1109 		if (IS_AR7010_DEVICE(hif_dev->usb_device_id->driver_info))
1110 			filename = FIRMWARE_AR7010_1_1;
1111 		else
1112 			filename = FIRMWARE_AR9271;
1113 
1114 		/* expected fw locations:
1115 		 * - htc_9271.fw   (stable version 1.3, depricated)
1116 		 */
1117 		snprintf(hif_dev->fw_name, sizeof(hif_dev->fw_name),
1118 			 "%s", filename);
1119 
1120 	} else if (hif_dev->fw_minor_index < FIRMWARE_MINOR_IDX_MIN) {
1121 		dev_err(&hif_dev->udev->dev, "no suitable firmware found!\n");
1122 
1123 		return -ENOENT;
1124 	} else {
1125 		if (IS_AR7010_DEVICE(hif_dev->usb_device_id->driver_info))
1126 			chip = "7010";
1127 		else
1128 			chip = "9271";
1129 
1130 		/* expected fw locations:
1131 		 * - ath9k_htc/htc_9271-1.dev.0.fw (development version)
1132 		 * - ath9k_htc/htc_9271-1.4.0.fw   (stable version)
1133 		 */
1134 		snprintf(hif_dev->fw_name, sizeof(hif_dev->fw_name),
1135 			 "%s/htc_%s-%d.%s.0.fw", HTC_FW_PATH,
1136 			 chip, MAJOR_VERSION_REQ, index);
1137 	}
1138 
1139 	ret = request_firmware_nowait(THIS_MODULE, true, hif_dev->fw_name,
1140 				      &hif_dev->udev->dev, GFP_KERNEL,
1141 				      hif_dev, ath9k_hif_usb_firmware_cb);
1142 	if (ret) {
1143 		dev_err(&hif_dev->udev->dev,
1144 			"ath9k_htc: Async request for firmware %s failed\n",
1145 			hif_dev->fw_name);
1146 		return ret;
1147 	}
1148 
1149 	dev_info(&hif_dev->udev->dev, "ath9k_htc: Firmware %s requested\n",
1150 		 hif_dev->fw_name);
1151 
1152 	return ret;
1153 }
1154 
1155 static void ath9k_hif_usb_firmware_cb(const struct firmware *fw, void *context)
1156 {
1157 	struct hif_device_usb *hif_dev = context;
1158 	int ret;
1159 
1160 	if (!fw) {
1161 		ret = ath9k_hif_request_firmware(hif_dev, false);
1162 		if (!ret)
1163 			return;
1164 
1165 		dev_err(&hif_dev->udev->dev,
1166 			"ath9k_htc: Failed to get firmware %s\n",
1167 			hif_dev->fw_name);
1168 		goto err_fw;
1169 	}
1170 
1171 	hif_dev->htc_handle = ath9k_htc_hw_alloc(hif_dev, &hif_usb,
1172 						 &hif_dev->udev->dev);
1173 	if (hif_dev->htc_handle == NULL)
1174 		goto err_dev_alloc;
1175 
1176 	hif_dev->fw_data = fw->data;
1177 	hif_dev->fw_size = fw->size;
1178 
1179 	/* Proceed with initialization */
1180 
1181 	ret = ath9k_hif_usb_dev_init(hif_dev);
1182 	if (ret)
1183 		goto err_dev_init;
1184 
1185 	ret = ath9k_htc_hw_init(hif_dev->htc_handle,
1186 				&hif_dev->interface->dev,
1187 				hif_dev->usb_device_id->idProduct,
1188 				hif_dev->udev->product,
1189 				hif_dev->usb_device_id->driver_info);
1190 	if (ret) {
1191 		ret = -EINVAL;
1192 		goto err_htc_hw_init;
1193 	}
1194 
1195 	release_firmware(fw);
1196 	hif_dev->flags |= HIF_USB_READY;
1197 	complete_all(&hif_dev->fw_done);
1198 
1199 	return;
1200 
1201 err_htc_hw_init:
1202 	ath9k_hif_usb_dev_deinit(hif_dev);
1203 err_dev_init:
1204 	ath9k_htc_hw_free(hif_dev->htc_handle);
1205 err_dev_alloc:
1206 	release_firmware(fw);
1207 err_fw:
1208 	ath9k_hif_usb_firmware_fail(hif_dev);
1209 }
1210 
1211 /*
1212  * An exact copy of the function from zd1211rw.
1213  */
1214 static int send_eject_command(struct usb_interface *interface)
1215 {
1216 	struct usb_device *udev = interface_to_usbdev(interface);
1217 	struct usb_host_interface *iface_desc = &interface->altsetting[0];
1218 	struct usb_endpoint_descriptor *endpoint;
1219 	unsigned char *cmd;
1220 	u8 bulk_out_ep;
1221 	int r;
1222 
1223 	if (iface_desc->desc.bNumEndpoints < 2)
1224 		return -ENODEV;
1225 
1226 	/* Find bulk out endpoint */
1227 	for (r = 1; r >= 0; r--) {
1228 		endpoint = &iface_desc->endpoint[r].desc;
1229 		if (usb_endpoint_dir_out(endpoint) &&
1230 		    usb_endpoint_xfer_bulk(endpoint)) {
1231 			bulk_out_ep = endpoint->bEndpointAddress;
1232 			break;
1233 		}
1234 	}
1235 	if (r == -1) {
1236 		dev_err(&udev->dev,
1237 			"ath9k_htc: Could not find bulk out endpoint\n");
1238 		return -ENODEV;
1239 	}
1240 
1241 	cmd = kzalloc(31, GFP_KERNEL);
1242 	if (cmd == NULL)
1243 		return -ENODEV;
1244 
1245 	/* USB bulk command block */
1246 	cmd[0] = 0x55;	/* bulk command signature */
1247 	cmd[1] = 0x53;	/* bulk command signature */
1248 	cmd[2] = 0x42;	/* bulk command signature */
1249 	cmd[3] = 0x43;	/* bulk command signature */
1250 	cmd[14] = 6;	/* command length */
1251 
1252 	cmd[15] = 0x1b;	/* SCSI command: START STOP UNIT */
1253 	cmd[19] = 0x2;	/* eject disc */
1254 
1255 	dev_info(&udev->dev, "Ejecting storage device...\n");
1256 	r = usb_bulk_msg(udev, usb_sndbulkpipe(udev, bulk_out_ep),
1257 		cmd, 31, NULL, 2 * USB_MSG_TIMEOUT);
1258 	kfree(cmd);
1259 	if (r)
1260 		return r;
1261 
1262 	/* At this point, the device disconnects and reconnects with the real
1263 	 * ID numbers. */
1264 
1265 	usb_set_intfdata(interface, NULL);
1266 	return 0;
1267 }
1268 
1269 static int ath9k_hif_usb_probe(struct usb_interface *interface,
1270 			       const struct usb_device_id *id)
1271 {
1272 	struct usb_device *udev = interface_to_usbdev(interface);
1273 	struct hif_device_usb *hif_dev;
1274 	int ret = 0;
1275 
1276 	if (id->driver_info == STORAGE_DEVICE)
1277 		return send_eject_command(interface);
1278 
1279 	hif_dev = kzalloc(sizeof(struct hif_device_usb), GFP_KERNEL);
1280 	if (!hif_dev) {
1281 		ret = -ENOMEM;
1282 		goto err_alloc;
1283 	}
1284 
1285 	usb_get_dev(udev);
1286 
1287 	hif_dev->udev = udev;
1288 	hif_dev->interface = interface;
1289 	hif_dev->usb_device_id = id;
1290 #ifdef CONFIG_PM
1291 	udev->reset_resume = 1;
1292 #endif
1293 	usb_set_intfdata(interface, hif_dev);
1294 
1295 	init_completion(&hif_dev->fw_done);
1296 
1297 	ret = ath9k_hif_request_firmware(hif_dev, true);
1298 	if (ret)
1299 		goto err_fw_req;
1300 
1301 	return ret;
1302 
1303 err_fw_req:
1304 	usb_set_intfdata(interface, NULL);
1305 	kfree(hif_dev);
1306 	usb_put_dev(udev);
1307 err_alloc:
1308 	return ret;
1309 }
1310 
1311 static void ath9k_hif_usb_reboot(struct usb_device *udev)
1312 {
1313 	u32 reboot_cmd = 0xffffffff;
1314 	void *buf;
1315 	int ret;
1316 
1317 	buf = kmemdup(&reboot_cmd, 4, GFP_KERNEL);
1318 	if (!buf)
1319 		return;
1320 
1321 	ret = usb_interrupt_msg(udev, usb_sndintpipe(udev, USB_REG_OUT_PIPE),
1322 			   buf, 4, NULL, USB_MSG_TIMEOUT);
1323 	if (ret)
1324 		dev_err(&udev->dev, "ath9k_htc: USB reboot failed\n");
1325 
1326 	kfree(buf);
1327 }
1328 
1329 static void ath9k_hif_usb_disconnect(struct usb_interface *interface)
1330 {
1331 	struct usb_device *udev = interface_to_usbdev(interface);
1332 	struct hif_device_usb *hif_dev = usb_get_intfdata(interface);
1333 	bool unplugged = (udev->state == USB_STATE_NOTATTACHED) ? true : false;
1334 
1335 	if (!hif_dev)
1336 		return;
1337 
1338 	wait_for_completion(&hif_dev->fw_done);
1339 
1340 	if (hif_dev->flags & HIF_USB_READY) {
1341 		ath9k_htc_hw_deinit(hif_dev->htc_handle, unplugged);
1342 		ath9k_htc_hw_free(hif_dev->htc_handle);
1343 		ath9k_hif_usb_dev_deinit(hif_dev);
1344 	}
1345 
1346 	usb_set_intfdata(interface, NULL);
1347 
1348 	/* If firmware was loaded we should drop it
1349 	 * go back to first stage bootloader. */
1350 	if (!unplugged && (hif_dev->flags & HIF_USB_READY))
1351 		ath9k_hif_usb_reboot(udev);
1352 
1353 	kfree(hif_dev);
1354 	dev_info(&udev->dev, "ath9k_htc: USB layer deinitialized\n");
1355 	usb_put_dev(udev);
1356 }
1357 
1358 #ifdef CONFIG_PM
1359 static int ath9k_hif_usb_suspend(struct usb_interface *interface,
1360 				 pm_message_t message)
1361 {
1362 	struct hif_device_usb *hif_dev = usb_get_intfdata(interface);
1363 
1364 	/*
1365 	 * The device has to be set to FULLSLEEP mode in case no
1366 	 * interface is up.
1367 	 */
1368 	if (!(hif_dev->flags & HIF_USB_START))
1369 		ath9k_htc_suspend(hif_dev->htc_handle);
1370 
1371 	wait_for_completion(&hif_dev->fw_done);
1372 
1373 	if (hif_dev->flags & HIF_USB_READY)
1374 		ath9k_hif_usb_dealloc_urbs(hif_dev);
1375 
1376 	return 0;
1377 }
1378 
1379 static int ath9k_hif_usb_resume(struct usb_interface *interface)
1380 {
1381 	struct hif_device_usb *hif_dev = usb_get_intfdata(interface);
1382 	struct htc_target *htc_handle = hif_dev->htc_handle;
1383 	int ret;
1384 	const struct firmware *fw;
1385 
1386 	ret = ath9k_hif_usb_alloc_urbs(hif_dev);
1387 	if (ret)
1388 		return ret;
1389 
1390 	if (hif_dev->flags & HIF_USB_READY) {
1391 		/* request cached firmware during suspend/resume cycle */
1392 		ret = request_firmware(&fw, hif_dev->fw_name,
1393 				       &hif_dev->udev->dev);
1394 		if (ret)
1395 			goto fail_resume;
1396 
1397 		hif_dev->fw_data = fw->data;
1398 		hif_dev->fw_size = fw->size;
1399 		ret = ath9k_hif_usb_download_fw(hif_dev);
1400 		release_firmware(fw);
1401 		if (ret)
1402 			goto fail_resume;
1403 	} else {
1404 		ath9k_hif_usb_dealloc_urbs(hif_dev);
1405 		return -EIO;
1406 	}
1407 
1408 	mdelay(100);
1409 
1410 	ret = ath9k_htc_resume(htc_handle);
1411 
1412 	if (ret)
1413 		goto fail_resume;
1414 
1415 	return 0;
1416 
1417 fail_resume:
1418 	ath9k_hif_usb_dealloc_urbs(hif_dev);
1419 
1420 	return ret;
1421 }
1422 #endif
1423 
1424 static struct usb_driver ath9k_hif_usb_driver = {
1425 	.name = KBUILD_MODNAME,
1426 	.probe = ath9k_hif_usb_probe,
1427 	.disconnect = ath9k_hif_usb_disconnect,
1428 #ifdef CONFIG_PM
1429 	.suspend = ath9k_hif_usb_suspend,
1430 	.resume = ath9k_hif_usb_resume,
1431 	.reset_resume = ath9k_hif_usb_resume,
1432 #endif
1433 	.id_table = ath9k_hif_usb_ids,
1434 	.soft_unbind = 1,
1435 	.disable_hub_initiated_lpm = 1,
1436 };
1437 
1438 int ath9k_hif_usb_init(void)
1439 {
1440 	return usb_register(&ath9k_hif_usb_driver);
1441 }
1442 
1443 void ath9k_hif_usb_exit(void)
1444 {
1445 	usb_deregister(&ath9k_hif_usb_driver);
1446 }
1447