1 /*
2  * Copyright (c) 2010-2011 Atheros Communications Inc.
3  *
4  * Permission to use, copy, modify, and/or distribute this software for any
5  * purpose with or without fee is hereby granted, provided that the above
6  * copyright notice and this permission notice appear in all copies.
7  *
8  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15  */
16 
17 #include <asm/unaligned.h>
18 #include "htc.h"
19 
20 MODULE_FIRMWARE(HTC_7010_MODULE_FW);
21 MODULE_FIRMWARE(HTC_9271_MODULE_FW);
22 
23 static const struct usb_device_id ath9k_hif_usb_ids[] = {
24 	{ USB_DEVICE(0x0cf3, 0x9271) }, /* Atheros */
25 	{ USB_DEVICE(0x0cf3, 0x1006) }, /* Atheros */
26 	{ USB_DEVICE(0x0846, 0x9030) }, /* Netgear N150 */
27 	{ USB_DEVICE(0x07b8, 0x9271) }, /* Altai WA1011N-GU */
28 	{ USB_DEVICE(0x07D1, 0x3A10) }, /* Dlink Wireless 150 */
29 	{ USB_DEVICE(0x13D3, 0x3327) }, /* Azurewave */
30 	{ USB_DEVICE(0x13D3, 0x3328) }, /* Azurewave */
31 	{ USB_DEVICE(0x13D3, 0x3346) }, /* IMC Networks */
32 	{ USB_DEVICE(0x13D3, 0x3348) }, /* Azurewave */
33 	{ USB_DEVICE(0x13D3, 0x3349) }, /* Azurewave */
34 	{ USB_DEVICE(0x13D3, 0x3350) }, /* Azurewave */
35 	{ USB_DEVICE(0x04CA, 0x4605) }, /* Liteon */
36 	{ USB_DEVICE(0x040D, 0x3801) }, /* VIA */
37 	{ USB_DEVICE(0x0cf3, 0xb003) }, /* Ubiquiti WifiStation Ext */
38 	{ USB_DEVICE(0x0cf3, 0xb002) }, /* Ubiquiti WifiStation */
39 	{ USB_DEVICE(0x057c, 0x8403) }, /* AVM FRITZ!WLAN 11N v2 USB */
40 	{ USB_DEVICE(0x0471, 0x209e) }, /* Philips (or NXP) PTA01 */
41 	{ USB_DEVICE(0x1eda, 0x2315) }, /* AirTies */
42 
43 	{ USB_DEVICE(0x0cf3, 0x7015),
44 	  .driver_info = AR9287_USB },  /* Atheros */
45 	{ USB_DEVICE(0x1668, 0x1200),
46 	  .driver_info = AR9287_USB },  /* Verizon */
47 
48 	{ USB_DEVICE(0x0cf3, 0x7010),
49 	  .driver_info = AR9280_USB },  /* Atheros */
50 	{ USB_DEVICE(0x0846, 0x9018),
51 	  .driver_info = AR9280_USB },  /* Netgear WNDA3200 */
52 	{ USB_DEVICE(0x083A, 0xA704),
53 	  .driver_info = AR9280_USB },  /* SMC Networks */
54 	{ USB_DEVICE(0x0411, 0x017f),
55 	  .driver_info = AR9280_USB },  /* Sony UWA-BR100 */
56 	{ USB_DEVICE(0x0411, 0x0197),
57 	  .driver_info = AR9280_USB },  /* Buffalo WLI-UV-AG300P */
58 	{ USB_DEVICE(0x04da, 0x3904),
59 	  .driver_info = AR9280_USB },
60 	{ USB_DEVICE(0x0930, 0x0a08),
61 	  .driver_info = AR9280_USB },  /* Toshiba WLM-20U2 and GN-1080 */
62 
63 	{ USB_DEVICE(0x0cf3, 0x20ff),
64 	  .driver_info = STORAGE_DEVICE },
65 
66 	{ },
67 };
68 
69 MODULE_DEVICE_TABLE(usb, ath9k_hif_usb_ids);
70 
71 static int __hif_usb_tx(struct hif_device_usb *hif_dev);
72 
73 static void hif_usb_regout_cb(struct urb *urb)
74 {
75 	struct cmd_buf *cmd = (struct cmd_buf *)urb->context;
76 
77 	switch (urb->status) {
78 	case 0:
79 		break;
80 	case -ENOENT:
81 	case -ECONNRESET:
82 	case -ENODEV:
83 	case -ESHUTDOWN:
84 		goto free;
85 	default:
86 		break;
87 	}
88 
89 	if (cmd) {
90 		ath9k_htc_txcompletion_cb(cmd->hif_dev->htc_handle,
91 					  cmd->skb, true);
92 		kfree(cmd);
93 	}
94 
95 	return;
96 free:
97 	kfree_skb(cmd->skb);
98 	kfree(cmd);
99 }
100 
101 static int hif_usb_send_regout(struct hif_device_usb *hif_dev,
102 			       struct sk_buff *skb)
103 {
104 	struct urb *urb;
105 	struct cmd_buf *cmd;
106 	int ret = 0;
107 
108 	urb = usb_alloc_urb(0, GFP_KERNEL);
109 	if (urb == NULL)
110 		return -ENOMEM;
111 
112 	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
113 	if (cmd == NULL) {
114 		usb_free_urb(urb);
115 		return -ENOMEM;
116 	}
117 
118 	cmd->skb = skb;
119 	cmd->hif_dev = hif_dev;
120 
121 	usb_fill_int_urb(urb, hif_dev->udev,
122 			 usb_sndintpipe(hif_dev->udev, USB_REG_OUT_PIPE),
123 			 skb->data, skb->len,
124 			 hif_usb_regout_cb, cmd, 1);
125 
126 	usb_anchor_urb(urb, &hif_dev->regout_submitted);
127 	ret = usb_submit_urb(urb, GFP_KERNEL);
128 	if (ret) {
129 		usb_unanchor_urb(urb);
130 		kfree(cmd);
131 	}
132 	usb_free_urb(urb);
133 
134 	return ret;
135 }
136 
137 static void hif_usb_mgmt_cb(struct urb *urb)
138 {
139 	struct cmd_buf *cmd = (struct cmd_buf *)urb->context;
140 	struct hif_device_usb *hif_dev;
141 	unsigned long flags;
142 	bool txok = true;
143 
144 	if (!cmd || !cmd->skb || !cmd->hif_dev)
145 		return;
146 
147 	hif_dev = cmd->hif_dev;
148 
149 	switch (urb->status) {
150 	case 0:
151 		break;
152 	case -ENOENT:
153 	case -ECONNRESET:
154 	case -ENODEV:
155 	case -ESHUTDOWN:
156 		txok = false;
157 
158 		/*
159 		 * If the URBs are being flushed, no need to complete
160 		 * this packet.
161 		 */
162 		spin_lock_irqsave(&hif_dev->tx.tx_lock, flags);
163 		if (hif_dev->tx.flags & HIF_USB_TX_FLUSH) {
164 			spin_unlock_irqrestore(&hif_dev->tx.tx_lock, flags);
165 			dev_kfree_skb_any(cmd->skb);
166 			kfree(cmd);
167 			return;
168 		}
169 		spin_unlock_irqrestore(&hif_dev->tx.tx_lock, flags);
170 
171 		break;
172 	default:
173 		txok = false;
174 		break;
175 	}
176 
177 	skb_pull(cmd->skb, 4);
178 	ath9k_htc_txcompletion_cb(cmd->hif_dev->htc_handle,
179 				  cmd->skb, txok);
180 	kfree(cmd);
181 }
182 
183 static int hif_usb_send_mgmt(struct hif_device_usb *hif_dev,
184 			     struct sk_buff *skb)
185 {
186 	struct urb *urb;
187 	struct cmd_buf *cmd;
188 	int ret = 0;
189 	__le16 *hdr;
190 
191 	urb = usb_alloc_urb(0, GFP_ATOMIC);
192 	if (urb == NULL)
193 		return -ENOMEM;
194 
195 	cmd = kzalloc(sizeof(*cmd), GFP_ATOMIC);
196 	if (cmd == NULL) {
197 		usb_free_urb(urb);
198 		return -ENOMEM;
199 	}
200 
201 	cmd->skb = skb;
202 	cmd->hif_dev = hif_dev;
203 
204 	hdr = skb_push(skb, 4);
205 	*hdr++ = cpu_to_le16(skb->len - 4);
206 	*hdr++ = cpu_to_le16(ATH_USB_TX_STREAM_MODE_TAG);
207 
208 	usb_fill_bulk_urb(urb, hif_dev->udev,
209 			 usb_sndbulkpipe(hif_dev->udev, USB_WLAN_TX_PIPE),
210 			 skb->data, skb->len,
211 			 hif_usb_mgmt_cb, cmd);
212 
213 	usb_anchor_urb(urb, &hif_dev->mgmt_submitted);
214 	ret = usb_submit_urb(urb, GFP_ATOMIC);
215 	if (ret) {
216 		usb_unanchor_urb(urb);
217 		kfree(cmd);
218 	}
219 	usb_free_urb(urb);
220 
221 	return ret;
222 }
223 
224 static inline void ath9k_skb_queue_purge(struct hif_device_usb *hif_dev,
225 					 struct sk_buff_head *list)
226 {
227 	struct sk_buff *skb;
228 
229 	while ((skb = __skb_dequeue(list)) != NULL) {
230 		dev_kfree_skb_any(skb);
231 	}
232 }
233 
234 static inline void ath9k_skb_queue_complete(struct hif_device_usb *hif_dev,
235 					    struct sk_buff_head *queue,
236 					    bool txok)
237 {
238 	struct sk_buff *skb;
239 
240 	while ((skb = __skb_dequeue(queue)) != NULL) {
241 #ifdef CONFIG_ATH9K_HTC_DEBUGFS
242 		int ln = skb->len;
243 #endif
244 		ath9k_htc_txcompletion_cb(hif_dev->htc_handle,
245 					  skb, txok);
246 		if (txok) {
247 			TX_STAT_INC(skb_success);
248 			TX_STAT_ADD(skb_success_bytes, ln);
249 		}
250 		else
251 			TX_STAT_INC(skb_failed);
252 	}
253 }
254 
255 static void hif_usb_tx_cb(struct urb *urb)
256 {
257 	struct tx_buf *tx_buf = (struct tx_buf *) urb->context;
258 	struct hif_device_usb *hif_dev;
259 	bool txok = true;
260 
261 	if (!tx_buf || !tx_buf->hif_dev)
262 		return;
263 
264 	hif_dev = tx_buf->hif_dev;
265 
266 	switch (urb->status) {
267 	case 0:
268 		break;
269 	case -ENOENT:
270 	case -ECONNRESET:
271 	case -ENODEV:
272 	case -ESHUTDOWN:
273 		txok = false;
274 
275 		/*
276 		 * If the URBs are being flushed, no need to add this
277 		 * URB to the free list.
278 		 */
279 		spin_lock(&hif_dev->tx.tx_lock);
280 		if (hif_dev->tx.flags & HIF_USB_TX_FLUSH) {
281 			spin_unlock(&hif_dev->tx.tx_lock);
282 			ath9k_skb_queue_purge(hif_dev, &tx_buf->skb_queue);
283 			return;
284 		}
285 		spin_unlock(&hif_dev->tx.tx_lock);
286 
287 		break;
288 	default:
289 		txok = false;
290 		break;
291 	}
292 
293 	ath9k_skb_queue_complete(hif_dev, &tx_buf->skb_queue, txok);
294 
295 	/* Re-initialize the SKB queue */
296 	tx_buf->len = tx_buf->offset = 0;
297 	__skb_queue_head_init(&tx_buf->skb_queue);
298 
299 	/* Add this TX buffer to the free list */
300 	spin_lock(&hif_dev->tx.tx_lock);
301 	list_move_tail(&tx_buf->list, &hif_dev->tx.tx_buf);
302 	hif_dev->tx.tx_buf_cnt++;
303 	if (!(hif_dev->tx.flags & HIF_USB_TX_STOP))
304 		__hif_usb_tx(hif_dev); /* Check for pending SKBs */
305 	TX_STAT_INC(buf_completed);
306 	spin_unlock(&hif_dev->tx.tx_lock);
307 }
308 
309 /* TX lock has to be taken */
310 static int __hif_usb_tx(struct hif_device_usb *hif_dev)
311 {
312 	struct tx_buf *tx_buf = NULL;
313 	struct sk_buff *nskb = NULL;
314 	int ret = 0, i;
315 	u16 tx_skb_cnt = 0;
316 	u8 *buf;
317 	__le16 *hdr;
318 
319 	if (hif_dev->tx.tx_skb_cnt == 0)
320 		return 0;
321 
322 	/* Check if a free TX buffer is available */
323 	if (list_empty(&hif_dev->tx.tx_buf))
324 		return 0;
325 
326 	tx_buf = list_first_entry(&hif_dev->tx.tx_buf, struct tx_buf, list);
327 	list_move_tail(&tx_buf->list, &hif_dev->tx.tx_pending);
328 	hif_dev->tx.tx_buf_cnt--;
329 
330 	tx_skb_cnt = min_t(u16, hif_dev->tx.tx_skb_cnt, MAX_TX_AGGR_NUM);
331 
332 	for (i = 0; i < tx_skb_cnt; i++) {
333 		nskb = __skb_dequeue(&hif_dev->tx.tx_skb_queue);
334 
335 		/* Should never be NULL */
336 		BUG_ON(!nskb);
337 
338 		hif_dev->tx.tx_skb_cnt--;
339 
340 		buf = tx_buf->buf;
341 		buf += tx_buf->offset;
342 		hdr = (__le16 *)buf;
343 		*hdr++ = cpu_to_le16(nskb->len);
344 		*hdr++ = cpu_to_le16(ATH_USB_TX_STREAM_MODE_TAG);
345 		buf += 4;
346 		memcpy(buf, nskb->data, nskb->len);
347 		tx_buf->len = nskb->len + 4;
348 
349 		if (i < (tx_skb_cnt - 1))
350 			tx_buf->offset += (((tx_buf->len - 1) / 4) + 1) * 4;
351 
352 		if (i == (tx_skb_cnt - 1))
353 			tx_buf->len += tx_buf->offset;
354 
355 		__skb_queue_tail(&tx_buf->skb_queue, nskb);
356 		TX_STAT_INC(skb_queued);
357 	}
358 
359 	usb_fill_bulk_urb(tx_buf->urb, hif_dev->udev,
360 			  usb_sndbulkpipe(hif_dev->udev, USB_WLAN_TX_PIPE),
361 			  tx_buf->buf, tx_buf->len,
362 			  hif_usb_tx_cb, tx_buf);
363 
364 	ret = usb_submit_urb(tx_buf->urb, GFP_ATOMIC);
365 	if (ret) {
366 		tx_buf->len = tx_buf->offset = 0;
367 		ath9k_skb_queue_complete(hif_dev, &tx_buf->skb_queue, false);
368 		__skb_queue_head_init(&tx_buf->skb_queue);
369 		list_move_tail(&tx_buf->list, &hif_dev->tx.tx_buf);
370 		hif_dev->tx.tx_buf_cnt++;
371 	}
372 
373 	if (!ret)
374 		TX_STAT_INC(buf_queued);
375 
376 	return ret;
377 }
378 
379 static int hif_usb_send_tx(struct hif_device_usb *hif_dev, struct sk_buff *skb)
380 {
381 	struct ath9k_htc_tx_ctl *tx_ctl;
382 	unsigned long flags;
383 	int ret = 0;
384 
385 	spin_lock_irqsave(&hif_dev->tx.tx_lock, flags);
386 
387 	if (hif_dev->tx.flags & HIF_USB_TX_STOP) {
388 		spin_unlock_irqrestore(&hif_dev->tx.tx_lock, flags);
389 		return -ENODEV;
390 	}
391 
392 	/* Check if the max queue count has been reached */
393 	if (hif_dev->tx.tx_skb_cnt > MAX_TX_BUF_NUM) {
394 		spin_unlock_irqrestore(&hif_dev->tx.tx_lock, flags);
395 		return -ENOMEM;
396 	}
397 
398 	spin_unlock_irqrestore(&hif_dev->tx.tx_lock, flags);
399 
400 	tx_ctl = HTC_SKB_CB(skb);
401 
402 	/* Mgmt/Beacon frames don't use the TX buffer pool */
403 	if ((tx_ctl->type == ATH9K_HTC_MGMT) ||
404 	    (tx_ctl->type == ATH9K_HTC_BEACON)) {
405 		ret = hif_usb_send_mgmt(hif_dev, skb);
406 	}
407 
408 	spin_lock_irqsave(&hif_dev->tx.tx_lock, flags);
409 
410 	if ((tx_ctl->type == ATH9K_HTC_NORMAL) ||
411 	    (tx_ctl->type == ATH9K_HTC_AMPDU)) {
412 		__skb_queue_tail(&hif_dev->tx.tx_skb_queue, skb);
413 		hif_dev->tx.tx_skb_cnt++;
414 	}
415 
416 	/* Check if AMPDUs have to be sent immediately */
417 	if ((hif_dev->tx.tx_buf_cnt == MAX_TX_URB_NUM) &&
418 	    (hif_dev->tx.tx_skb_cnt < 2)) {
419 		__hif_usb_tx(hif_dev);
420 	}
421 
422 	spin_unlock_irqrestore(&hif_dev->tx.tx_lock, flags);
423 
424 	return ret;
425 }
426 
427 static void hif_usb_start(void *hif_handle)
428 {
429 	struct hif_device_usb *hif_dev = hif_handle;
430 	unsigned long flags;
431 
432 	hif_dev->flags |= HIF_USB_START;
433 
434 	spin_lock_irqsave(&hif_dev->tx.tx_lock, flags);
435 	hif_dev->tx.flags &= ~HIF_USB_TX_STOP;
436 	spin_unlock_irqrestore(&hif_dev->tx.tx_lock, flags);
437 }
438 
439 static void hif_usb_stop(void *hif_handle)
440 {
441 	struct hif_device_usb *hif_dev = hif_handle;
442 	struct tx_buf *tx_buf = NULL, *tx_buf_tmp = NULL;
443 	unsigned long flags;
444 
445 	spin_lock_irqsave(&hif_dev->tx.tx_lock, flags);
446 	ath9k_skb_queue_complete(hif_dev, &hif_dev->tx.tx_skb_queue, false);
447 	hif_dev->tx.tx_skb_cnt = 0;
448 	hif_dev->tx.flags |= HIF_USB_TX_STOP;
449 	spin_unlock_irqrestore(&hif_dev->tx.tx_lock, flags);
450 
451 	/* The pending URBs have to be canceled. */
452 	list_for_each_entry_safe(tx_buf, tx_buf_tmp,
453 				 &hif_dev->tx.tx_pending, list) {
454 		usb_kill_urb(tx_buf->urb);
455 	}
456 
457 	usb_kill_anchored_urbs(&hif_dev->mgmt_submitted);
458 }
459 
460 static int hif_usb_send(void *hif_handle, u8 pipe_id, struct sk_buff *skb)
461 {
462 	struct hif_device_usb *hif_dev = hif_handle;
463 	int ret = 0;
464 
465 	switch (pipe_id) {
466 	case USB_WLAN_TX_PIPE:
467 		ret = hif_usb_send_tx(hif_dev, skb);
468 		break;
469 	case USB_REG_OUT_PIPE:
470 		ret = hif_usb_send_regout(hif_dev, skb);
471 		break;
472 	default:
473 		dev_err(&hif_dev->udev->dev,
474 			"ath9k_htc: Invalid TX pipe: %d\n", pipe_id);
475 		ret = -EINVAL;
476 		break;
477 	}
478 
479 	return ret;
480 }
481 
482 static inline bool check_index(struct sk_buff *skb, u8 idx)
483 {
484 	struct ath9k_htc_tx_ctl *tx_ctl;
485 
486 	tx_ctl = HTC_SKB_CB(skb);
487 
488 	if ((tx_ctl->type == ATH9K_HTC_AMPDU) &&
489 	    (tx_ctl->sta_idx == idx))
490 		return true;
491 
492 	return false;
493 }
494 
495 static void hif_usb_sta_drain(void *hif_handle, u8 idx)
496 {
497 	struct hif_device_usb *hif_dev = hif_handle;
498 	struct sk_buff *skb, *tmp;
499 	unsigned long flags;
500 
501 	spin_lock_irqsave(&hif_dev->tx.tx_lock, flags);
502 
503 	skb_queue_walk_safe(&hif_dev->tx.tx_skb_queue, skb, tmp) {
504 		if (check_index(skb, idx)) {
505 			__skb_unlink(skb, &hif_dev->tx.tx_skb_queue);
506 			ath9k_htc_txcompletion_cb(hif_dev->htc_handle,
507 						  skb, false);
508 			hif_dev->tx.tx_skb_cnt--;
509 			TX_STAT_INC(skb_failed);
510 		}
511 	}
512 
513 	spin_unlock_irqrestore(&hif_dev->tx.tx_lock, flags);
514 }
515 
516 static struct ath9k_htc_hif hif_usb = {
517 	.transport = ATH9K_HIF_USB,
518 	.name = "ath9k_hif_usb",
519 
520 	.control_ul_pipe = USB_REG_OUT_PIPE,
521 	.control_dl_pipe = USB_REG_IN_PIPE,
522 
523 	.start = hif_usb_start,
524 	.stop = hif_usb_stop,
525 	.sta_drain = hif_usb_sta_drain,
526 	.send = hif_usb_send,
527 };
528 
529 static void ath9k_hif_usb_rx_stream(struct hif_device_usb *hif_dev,
530 				    struct sk_buff *skb)
531 {
532 	struct sk_buff *nskb, *skb_pool[MAX_PKT_NUM_IN_TRANSFER];
533 	int index = 0, i, len = skb->len;
534 	int rx_remain_len, rx_pkt_len;
535 	u16 pool_index = 0;
536 	u8 *ptr;
537 
538 	spin_lock(&hif_dev->rx_lock);
539 
540 	rx_remain_len = hif_dev->rx_remain_len;
541 	rx_pkt_len = hif_dev->rx_transfer_len;
542 
543 	if (rx_remain_len != 0) {
544 		struct sk_buff *remain_skb = hif_dev->remain_skb;
545 
546 		if (remain_skb) {
547 			ptr = (u8 *) remain_skb->data;
548 
549 			index = rx_remain_len;
550 			rx_remain_len -= hif_dev->rx_pad_len;
551 			ptr += rx_pkt_len;
552 
553 			memcpy(ptr, skb->data, rx_remain_len);
554 
555 			rx_pkt_len += rx_remain_len;
556 			hif_dev->rx_remain_len = 0;
557 			skb_put(remain_skb, rx_pkt_len);
558 
559 			skb_pool[pool_index++] = remain_skb;
560 
561 		} else {
562 			index = rx_remain_len;
563 		}
564 	}
565 
566 	spin_unlock(&hif_dev->rx_lock);
567 
568 	while (index < len) {
569 		u16 pkt_len;
570 		u16 pkt_tag;
571 		u16 pad_len;
572 		int chk_idx;
573 
574 		ptr = (u8 *) skb->data;
575 
576 		pkt_len = get_unaligned_le16(ptr + index);
577 		pkt_tag = get_unaligned_le16(ptr + index + 2);
578 
579 		if (pkt_tag != ATH_USB_RX_STREAM_MODE_TAG) {
580 			RX_STAT_INC(skb_dropped);
581 			return;
582 		}
583 
584 		pad_len = 4 - (pkt_len & 0x3);
585 		if (pad_len == 4)
586 			pad_len = 0;
587 
588 		chk_idx = index;
589 		index = index + 4 + pkt_len + pad_len;
590 
591 		if (index > MAX_RX_BUF_SIZE) {
592 			spin_lock(&hif_dev->rx_lock);
593 			hif_dev->rx_remain_len = index - MAX_RX_BUF_SIZE;
594 			hif_dev->rx_transfer_len =
595 				MAX_RX_BUF_SIZE - chk_idx - 4;
596 			hif_dev->rx_pad_len = pad_len;
597 
598 			nskb = __dev_alloc_skb(pkt_len + 32, GFP_ATOMIC);
599 			if (!nskb) {
600 				dev_err(&hif_dev->udev->dev,
601 					"ath9k_htc: RX memory allocation error\n");
602 				spin_unlock(&hif_dev->rx_lock);
603 				goto err;
604 			}
605 			skb_reserve(nskb, 32);
606 			RX_STAT_INC(skb_allocated);
607 
608 			memcpy(nskb->data, &(skb->data[chk_idx+4]),
609 			       hif_dev->rx_transfer_len);
610 
611 			/* Record the buffer pointer */
612 			hif_dev->remain_skb = nskb;
613 			spin_unlock(&hif_dev->rx_lock);
614 		} else {
615 			nskb = __dev_alloc_skb(pkt_len + 32, GFP_ATOMIC);
616 			if (!nskb) {
617 				dev_err(&hif_dev->udev->dev,
618 					"ath9k_htc: RX memory allocation error\n");
619 				goto err;
620 			}
621 			skb_reserve(nskb, 32);
622 			RX_STAT_INC(skb_allocated);
623 
624 			memcpy(nskb->data, &(skb->data[chk_idx+4]), pkt_len);
625 			skb_put(nskb, pkt_len);
626 			skb_pool[pool_index++] = nskb;
627 		}
628 	}
629 
630 err:
631 	for (i = 0; i < pool_index; i++) {
632 		RX_STAT_ADD(skb_completed_bytes, skb_pool[i]->len);
633 		ath9k_htc_rx_msg(hif_dev->htc_handle, skb_pool[i],
634 				 skb_pool[i]->len, USB_WLAN_RX_PIPE);
635 		RX_STAT_INC(skb_completed);
636 	}
637 }
638 
639 static void ath9k_hif_usb_rx_cb(struct urb *urb)
640 {
641 	struct sk_buff *skb = (struct sk_buff *) urb->context;
642 	struct hif_device_usb *hif_dev =
643 		usb_get_intfdata(usb_ifnum_to_if(urb->dev, 0));
644 	int ret;
645 
646 	if (!skb)
647 		return;
648 
649 	if (!hif_dev)
650 		goto free;
651 
652 	switch (urb->status) {
653 	case 0:
654 		break;
655 	case -ENOENT:
656 	case -ECONNRESET:
657 	case -ENODEV:
658 	case -ESHUTDOWN:
659 		goto free;
660 	default:
661 		goto resubmit;
662 	}
663 
664 	if (likely(urb->actual_length != 0)) {
665 		skb_put(skb, urb->actual_length);
666 		ath9k_hif_usb_rx_stream(hif_dev, skb);
667 	}
668 
669 resubmit:
670 	skb_reset_tail_pointer(skb);
671 	skb_trim(skb, 0);
672 
673 	usb_anchor_urb(urb, &hif_dev->rx_submitted);
674 	ret = usb_submit_urb(urb, GFP_ATOMIC);
675 	if (ret) {
676 		usb_unanchor_urb(urb);
677 		goto free;
678 	}
679 
680 	return;
681 free:
682 	kfree_skb(skb);
683 }
684 
685 static void ath9k_hif_usb_reg_in_cb(struct urb *urb)
686 {
687 	struct sk_buff *skb = (struct sk_buff *) urb->context;
688 	struct sk_buff *nskb;
689 	struct hif_device_usb *hif_dev =
690 		usb_get_intfdata(usb_ifnum_to_if(urb->dev, 0));
691 	int ret;
692 
693 	if (!skb)
694 		return;
695 
696 	if (!hif_dev)
697 		goto free;
698 
699 	switch (urb->status) {
700 	case 0:
701 		break;
702 	case -ENOENT:
703 	case -ECONNRESET:
704 	case -ENODEV:
705 	case -ESHUTDOWN:
706 		goto free;
707 	default:
708 		skb_reset_tail_pointer(skb);
709 		skb_trim(skb, 0);
710 
711 		goto resubmit;
712 	}
713 
714 	if (likely(urb->actual_length != 0)) {
715 		skb_put(skb, urb->actual_length);
716 
717 		/* Process the command first */
718 		ath9k_htc_rx_msg(hif_dev->htc_handle, skb,
719 				 skb->len, USB_REG_IN_PIPE);
720 
721 
722 		nskb = alloc_skb(MAX_REG_IN_BUF_SIZE, GFP_ATOMIC);
723 		if (!nskb) {
724 			dev_err(&hif_dev->udev->dev,
725 				"ath9k_htc: REG_IN memory allocation failure\n");
726 			urb->context = NULL;
727 			return;
728 		}
729 
730 		usb_fill_int_urb(urb, hif_dev->udev,
731 				 usb_rcvintpipe(hif_dev->udev,
732 						 USB_REG_IN_PIPE),
733 				 nskb->data, MAX_REG_IN_BUF_SIZE,
734 				 ath9k_hif_usb_reg_in_cb, nskb, 1);
735 	}
736 
737 resubmit:
738 	usb_anchor_urb(urb, &hif_dev->reg_in_submitted);
739 	ret = usb_submit_urb(urb, GFP_ATOMIC);
740 	if (ret) {
741 		usb_unanchor_urb(urb);
742 		goto free;
743 	}
744 
745 	return;
746 free:
747 	kfree_skb(skb);
748 	urb->context = NULL;
749 }
750 
751 static void ath9k_hif_usb_dealloc_tx_urbs(struct hif_device_usb *hif_dev)
752 {
753 	struct tx_buf *tx_buf = NULL, *tx_buf_tmp = NULL;
754 	unsigned long flags;
755 
756 	list_for_each_entry_safe(tx_buf, tx_buf_tmp,
757 				 &hif_dev->tx.tx_buf, list) {
758 		usb_kill_urb(tx_buf->urb);
759 		list_del(&tx_buf->list);
760 		usb_free_urb(tx_buf->urb);
761 		kfree(tx_buf->buf);
762 		kfree(tx_buf);
763 	}
764 
765 	spin_lock_irqsave(&hif_dev->tx.tx_lock, flags);
766 	hif_dev->tx.flags |= HIF_USB_TX_FLUSH;
767 	spin_unlock_irqrestore(&hif_dev->tx.tx_lock, flags);
768 
769 	list_for_each_entry_safe(tx_buf, tx_buf_tmp,
770 				 &hif_dev->tx.tx_pending, list) {
771 		usb_kill_urb(tx_buf->urb);
772 		list_del(&tx_buf->list);
773 		usb_free_urb(tx_buf->urb);
774 		kfree(tx_buf->buf);
775 		kfree(tx_buf);
776 	}
777 
778 	usb_kill_anchored_urbs(&hif_dev->mgmt_submitted);
779 }
780 
781 static int ath9k_hif_usb_alloc_tx_urbs(struct hif_device_usb *hif_dev)
782 {
783 	struct tx_buf *tx_buf;
784 	int i;
785 
786 	INIT_LIST_HEAD(&hif_dev->tx.tx_buf);
787 	INIT_LIST_HEAD(&hif_dev->tx.tx_pending);
788 	spin_lock_init(&hif_dev->tx.tx_lock);
789 	__skb_queue_head_init(&hif_dev->tx.tx_skb_queue);
790 	init_usb_anchor(&hif_dev->mgmt_submitted);
791 
792 	for (i = 0; i < MAX_TX_URB_NUM; i++) {
793 		tx_buf = kzalloc(sizeof(struct tx_buf), GFP_KERNEL);
794 		if (!tx_buf)
795 			goto err;
796 
797 		tx_buf->buf = kzalloc(MAX_TX_BUF_SIZE, GFP_KERNEL);
798 		if (!tx_buf->buf)
799 			goto err;
800 
801 		tx_buf->urb = usb_alloc_urb(0, GFP_KERNEL);
802 		if (!tx_buf->urb)
803 			goto err;
804 
805 		tx_buf->hif_dev = hif_dev;
806 		__skb_queue_head_init(&tx_buf->skb_queue);
807 
808 		list_add_tail(&tx_buf->list, &hif_dev->tx.tx_buf);
809 	}
810 
811 	hif_dev->tx.tx_buf_cnt = MAX_TX_URB_NUM;
812 
813 	return 0;
814 err:
815 	if (tx_buf) {
816 		kfree(tx_buf->buf);
817 		kfree(tx_buf);
818 	}
819 	ath9k_hif_usb_dealloc_tx_urbs(hif_dev);
820 	return -ENOMEM;
821 }
822 
823 static void ath9k_hif_usb_dealloc_rx_urbs(struct hif_device_usb *hif_dev)
824 {
825 	usb_kill_anchored_urbs(&hif_dev->rx_submitted);
826 }
827 
828 static int ath9k_hif_usb_alloc_rx_urbs(struct hif_device_usb *hif_dev)
829 {
830 	struct urb *urb = NULL;
831 	struct sk_buff *skb = NULL;
832 	int i, ret;
833 
834 	init_usb_anchor(&hif_dev->rx_submitted);
835 	spin_lock_init(&hif_dev->rx_lock);
836 
837 	for (i = 0; i < MAX_RX_URB_NUM; i++) {
838 
839 		/* Allocate URB */
840 		urb = usb_alloc_urb(0, GFP_KERNEL);
841 		if (urb == NULL) {
842 			ret = -ENOMEM;
843 			goto err_urb;
844 		}
845 
846 		/* Allocate buffer */
847 		skb = alloc_skb(MAX_RX_BUF_SIZE, GFP_KERNEL);
848 		if (!skb) {
849 			ret = -ENOMEM;
850 			goto err_skb;
851 		}
852 
853 		usb_fill_bulk_urb(urb, hif_dev->udev,
854 				  usb_rcvbulkpipe(hif_dev->udev,
855 						  USB_WLAN_RX_PIPE),
856 				  skb->data, MAX_RX_BUF_SIZE,
857 				  ath9k_hif_usb_rx_cb, skb);
858 
859 		/* Anchor URB */
860 		usb_anchor_urb(urb, &hif_dev->rx_submitted);
861 
862 		/* Submit URB */
863 		ret = usb_submit_urb(urb, GFP_KERNEL);
864 		if (ret) {
865 			usb_unanchor_urb(urb);
866 			goto err_submit;
867 		}
868 
869 		/*
870 		 * Drop reference count.
871 		 * This ensures that the URB is freed when killing them.
872 		 */
873 		usb_free_urb(urb);
874 	}
875 
876 	return 0;
877 
878 err_submit:
879 	kfree_skb(skb);
880 err_skb:
881 	usb_free_urb(urb);
882 err_urb:
883 	ath9k_hif_usb_dealloc_rx_urbs(hif_dev);
884 	return ret;
885 }
886 
887 static void ath9k_hif_usb_dealloc_reg_in_urbs(struct hif_device_usb *hif_dev)
888 {
889 	usb_kill_anchored_urbs(&hif_dev->reg_in_submitted);
890 }
891 
892 static int ath9k_hif_usb_alloc_reg_in_urbs(struct hif_device_usb *hif_dev)
893 {
894 	struct urb *urb = NULL;
895 	struct sk_buff *skb = NULL;
896 	int i, ret;
897 
898 	init_usb_anchor(&hif_dev->reg_in_submitted);
899 
900 	for (i = 0; i < MAX_REG_IN_URB_NUM; i++) {
901 
902 		/* Allocate URB */
903 		urb = usb_alloc_urb(0, GFP_KERNEL);
904 		if (urb == NULL) {
905 			ret = -ENOMEM;
906 			goto err_urb;
907 		}
908 
909 		/* Allocate buffer */
910 		skb = alloc_skb(MAX_REG_IN_BUF_SIZE, GFP_KERNEL);
911 		if (!skb) {
912 			ret = -ENOMEM;
913 			goto err_skb;
914 		}
915 
916 		usb_fill_int_urb(urb, hif_dev->udev,
917 				  usb_rcvintpipe(hif_dev->udev,
918 						  USB_REG_IN_PIPE),
919 				  skb->data, MAX_REG_IN_BUF_SIZE,
920 				  ath9k_hif_usb_reg_in_cb, skb, 1);
921 
922 		/* Anchor URB */
923 		usb_anchor_urb(urb, &hif_dev->reg_in_submitted);
924 
925 		/* Submit URB */
926 		ret = usb_submit_urb(urb, GFP_KERNEL);
927 		if (ret) {
928 			usb_unanchor_urb(urb);
929 			goto err_submit;
930 		}
931 
932 		/*
933 		 * Drop reference count.
934 		 * This ensures that the URB is freed when killing them.
935 		 */
936 		usb_free_urb(urb);
937 	}
938 
939 	return 0;
940 
941 err_submit:
942 	kfree_skb(skb);
943 err_skb:
944 	usb_free_urb(urb);
945 err_urb:
946 	ath9k_hif_usb_dealloc_reg_in_urbs(hif_dev);
947 	return ret;
948 }
949 
950 static int ath9k_hif_usb_alloc_urbs(struct hif_device_usb *hif_dev)
951 {
952 	/* Register Write */
953 	init_usb_anchor(&hif_dev->regout_submitted);
954 
955 	/* TX */
956 	if (ath9k_hif_usb_alloc_tx_urbs(hif_dev) < 0)
957 		goto err;
958 
959 	/* RX */
960 	if (ath9k_hif_usb_alloc_rx_urbs(hif_dev) < 0)
961 		goto err_rx;
962 
963 	/* Register Read */
964 	if (ath9k_hif_usb_alloc_reg_in_urbs(hif_dev) < 0)
965 		goto err_reg;
966 
967 	return 0;
968 err_reg:
969 	ath9k_hif_usb_dealloc_rx_urbs(hif_dev);
970 err_rx:
971 	ath9k_hif_usb_dealloc_tx_urbs(hif_dev);
972 err:
973 	return -ENOMEM;
974 }
975 
976 static void ath9k_hif_usb_dealloc_urbs(struct hif_device_usb *hif_dev)
977 {
978 	usb_kill_anchored_urbs(&hif_dev->regout_submitted);
979 	ath9k_hif_usb_dealloc_reg_in_urbs(hif_dev);
980 	ath9k_hif_usb_dealloc_tx_urbs(hif_dev);
981 	ath9k_hif_usb_dealloc_rx_urbs(hif_dev);
982 }
983 
984 static int ath9k_hif_usb_download_fw(struct hif_device_usb *hif_dev)
985 {
986 	int transfer, err;
987 	const void *data = hif_dev->fw_data;
988 	size_t len = hif_dev->fw_size;
989 	u32 addr = AR9271_FIRMWARE;
990 	u8 *buf = kzalloc(4096, GFP_KERNEL);
991 	u32 firm_offset;
992 
993 	if (!buf)
994 		return -ENOMEM;
995 
996 	while (len) {
997 		transfer = min_t(size_t, len, 4096);
998 		memcpy(buf, data, transfer);
999 
1000 		err = usb_control_msg(hif_dev->udev,
1001 				      usb_sndctrlpipe(hif_dev->udev, 0),
1002 				      FIRMWARE_DOWNLOAD, 0x40 | USB_DIR_OUT,
1003 				      addr >> 8, 0, buf, transfer,
1004 				      USB_MSG_TIMEOUT);
1005 		if (err < 0) {
1006 			kfree(buf);
1007 			return err;
1008 		}
1009 
1010 		len -= transfer;
1011 		data += transfer;
1012 		addr += transfer;
1013 	}
1014 	kfree(buf);
1015 
1016 	if (IS_AR7010_DEVICE(hif_dev->usb_device_id->driver_info))
1017 		firm_offset = AR7010_FIRMWARE_TEXT;
1018 	else
1019 		firm_offset = AR9271_FIRMWARE_TEXT;
1020 
1021 	/*
1022 	 * Issue FW download complete command to firmware.
1023 	 */
1024 	err = usb_control_msg(hif_dev->udev, usb_sndctrlpipe(hif_dev->udev, 0),
1025 			      FIRMWARE_DOWNLOAD_COMP,
1026 			      0x40 | USB_DIR_OUT,
1027 			      firm_offset >> 8, 0, NULL, 0, USB_MSG_TIMEOUT);
1028 	if (err)
1029 		return -EIO;
1030 
1031 	dev_info(&hif_dev->udev->dev, "ath9k_htc: Transferred FW: %s, size: %ld\n",
1032 		 hif_dev->fw_name, (unsigned long) hif_dev->fw_size);
1033 
1034 	return 0;
1035 }
1036 
1037 static int ath9k_hif_usb_dev_init(struct hif_device_usb *hif_dev)
1038 {
1039 	int ret;
1040 
1041 	ret = ath9k_hif_usb_download_fw(hif_dev);
1042 	if (ret) {
1043 		dev_err(&hif_dev->udev->dev,
1044 			"ath9k_htc: Firmware - %s download failed\n",
1045 			hif_dev->fw_name);
1046 		return ret;
1047 	}
1048 
1049 	/* Alloc URBs */
1050 	ret = ath9k_hif_usb_alloc_urbs(hif_dev);
1051 	if (ret) {
1052 		dev_err(&hif_dev->udev->dev,
1053 			"ath9k_htc: Unable to allocate URBs\n");
1054 		return ret;
1055 	}
1056 
1057 	return 0;
1058 }
1059 
1060 static void ath9k_hif_usb_dev_deinit(struct hif_device_usb *hif_dev)
1061 {
1062 	ath9k_hif_usb_dealloc_urbs(hif_dev);
1063 }
1064 
1065 /*
1066  * If initialization fails or the FW cannot be retrieved,
1067  * detach the device.
1068  */
1069 static void ath9k_hif_usb_firmware_fail(struct hif_device_usb *hif_dev)
1070 {
1071 	struct device *dev = &hif_dev->udev->dev;
1072 	struct device *parent = dev->parent;
1073 
1074 	complete_all(&hif_dev->fw_done);
1075 
1076 	if (parent)
1077 		device_lock(parent);
1078 
1079 	device_release_driver(dev);
1080 
1081 	if (parent)
1082 		device_unlock(parent);
1083 }
1084 
1085 static void ath9k_hif_usb_firmware_cb(const struct firmware *fw, void *context);
1086 
1087 /* taken from iwlwifi */
1088 static int ath9k_hif_request_firmware(struct hif_device_usb *hif_dev,
1089 				      bool first)
1090 {
1091 	char index[8], *chip;
1092 	int ret;
1093 
1094 	if (first) {
1095 		if (htc_use_dev_fw) {
1096 			hif_dev->fw_minor_index = FIRMWARE_MINOR_IDX_MAX + 1;
1097 			sprintf(index, "%s", "dev");
1098 		} else {
1099 			hif_dev->fw_minor_index = FIRMWARE_MINOR_IDX_MAX;
1100 			sprintf(index, "%d", hif_dev->fw_minor_index);
1101 		}
1102 	} else {
1103 		hif_dev->fw_minor_index--;
1104 		sprintf(index, "%d", hif_dev->fw_minor_index);
1105 	}
1106 
1107 	/* test for FW 1.3 */
1108 	if (MAJOR_VERSION_REQ == 1 && hif_dev->fw_minor_index == 3) {
1109 		const char *filename;
1110 
1111 		if (IS_AR7010_DEVICE(hif_dev->usb_device_id->driver_info))
1112 			filename = FIRMWARE_AR7010_1_1;
1113 		else
1114 			filename = FIRMWARE_AR9271;
1115 
1116 		/* expected fw locations:
1117 		 * - htc_9271.fw   (stable version 1.3, depricated)
1118 		 */
1119 		snprintf(hif_dev->fw_name, sizeof(hif_dev->fw_name),
1120 			 "%s", filename);
1121 
1122 	} else if (hif_dev->fw_minor_index < FIRMWARE_MINOR_IDX_MIN) {
1123 		dev_err(&hif_dev->udev->dev, "no suitable firmware found!\n");
1124 
1125 		return -ENOENT;
1126 	} else {
1127 		if (IS_AR7010_DEVICE(hif_dev->usb_device_id->driver_info))
1128 			chip = "7010";
1129 		else
1130 			chip = "9271";
1131 
1132 		/* expected fw locations:
1133 		 * - ath9k_htc/htc_9271-1.dev.0.fw (development version)
1134 		 * - ath9k_htc/htc_9271-1.4.0.fw   (stable version)
1135 		 */
1136 		snprintf(hif_dev->fw_name, sizeof(hif_dev->fw_name),
1137 			 "%s/htc_%s-%d.%s.0.fw", HTC_FW_PATH,
1138 			 chip, MAJOR_VERSION_REQ, index);
1139 	}
1140 
1141 	ret = request_firmware_nowait(THIS_MODULE, true, hif_dev->fw_name,
1142 				      &hif_dev->udev->dev, GFP_KERNEL,
1143 				      hif_dev, ath9k_hif_usb_firmware_cb);
1144 	if (ret) {
1145 		dev_err(&hif_dev->udev->dev,
1146 			"ath9k_htc: Async request for firmware %s failed\n",
1147 			hif_dev->fw_name);
1148 		return ret;
1149 	}
1150 
1151 	dev_info(&hif_dev->udev->dev, "ath9k_htc: Firmware %s requested\n",
1152 		 hif_dev->fw_name);
1153 
1154 	return ret;
1155 }
1156 
1157 static void ath9k_hif_usb_firmware_cb(const struct firmware *fw, void *context)
1158 {
1159 	struct hif_device_usb *hif_dev = context;
1160 	int ret;
1161 
1162 	if (!fw) {
1163 		ret = ath9k_hif_request_firmware(hif_dev, false);
1164 		if (!ret)
1165 			return;
1166 
1167 		dev_err(&hif_dev->udev->dev,
1168 			"ath9k_htc: Failed to get firmware %s\n",
1169 			hif_dev->fw_name);
1170 		goto err_fw;
1171 	}
1172 
1173 	hif_dev->htc_handle = ath9k_htc_hw_alloc(hif_dev, &hif_usb,
1174 						 &hif_dev->udev->dev);
1175 	if (hif_dev->htc_handle == NULL)
1176 		goto err_dev_alloc;
1177 
1178 	hif_dev->fw_data = fw->data;
1179 	hif_dev->fw_size = fw->size;
1180 
1181 	/* Proceed with initialization */
1182 
1183 	ret = ath9k_hif_usb_dev_init(hif_dev);
1184 	if (ret)
1185 		goto err_dev_init;
1186 
1187 	ret = ath9k_htc_hw_init(hif_dev->htc_handle,
1188 				&hif_dev->interface->dev,
1189 				hif_dev->usb_device_id->idProduct,
1190 				hif_dev->udev->product,
1191 				hif_dev->usb_device_id->driver_info);
1192 	if (ret) {
1193 		ret = -EINVAL;
1194 		goto err_htc_hw_init;
1195 	}
1196 
1197 	release_firmware(fw);
1198 	hif_dev->flags |= HIF_USB_READY;
1199 	complete_all(&hif_dev->fw_done);
1200 
1201 	return;
1202 
1203 err_htc_hw_init:
1204 	ath9k_hif_usb_dev_deinit(hif_dev);
1205 err_dev_init:
1206 	ath9k_htc_hw_free(hif_dev->htc_handle);
1207 err_dev_alloc:
1208 	release_firmware(fw);
1209 err_fw:
1210 	ath9k_hif_usb_firmware_fail(hif_dev);
1211 }
1212 
1213 /*
1214  * An exact copy of the function from zd1211rw.
1215  */
1216 static int send_eject_command(struct usb_interface *interface)
1217 {
1218 	struct usb_device *udev = interface_to_usbdev(interface);
1219 	struct usb_host_interface *iface_desc = &interface->altsetting[0];
1220 	struct usb_endpoint_descriptor *endpoint;
1221 	unsigned char *cmd;
1222 	u8 bulk_out_ep;
1223 	int r;
1224 
1225 	if (iface_desc->desc.bNumEndpoints < 2)
1226 		return -ENODEV;
1227 
1228 	/* Find bulk out endpoint */
1229 	for (r = 1; r >= 0; r--) {
1230 		endpoint = &iface_desc->endpoint[r].desc;
1231 		if (usb_endpoint_dir_out(endpoint) &&
1232 		    usb_endpoint_xfer_bulk(endpoint)) {
1233 			bulk_out_ep = endpoint->bEndpointAddress;
1234 			break;
1235 		}
1236 	}
1237 	if (r == -1) {
1238 		dev_err(&udev->dev,
1239 			"ath9k_htc: Could not find bulk out endpoint\n");
1240 		return -ENODEV;
1241 	}
1242 
1243 	cmd = kzalloc(31, GFP_KERNEL);
1244 	if (cmd == NULL)
1245 		return -ENODEV;
1246 
1247 	/* USB bulk command block */
1248 	cmd[0] = 0x55;	/* bulk command signature */
1249 	cmd[1] = 0x53;	/* bulk command signature */
1250 	cmd[2] = 0x42;	/* bulk command signature */
1251 	cmd[3] = 0x43;	/* bulk command signature */
1252 	cmd[14] = 6;	/* command length */
1253 
1254 	cmd[15] = 0x1b;	/* SCSI command: START STOP UNIT */
1255 	cmd[19] = 0x2;	/* eject disc */
1256 
1257 	dev_info(&udev->dev, "Ejecting storage device...\n");
1258 	r = usb_bulk_msg(udev, usb_sndbulkpipe(udev, bulk_out_ep),
1259 		cmd, 31, NULL, 2 * USB_MSG_TIMEOUT);
1260 	kfree(cmd);
1261 	if (r)
1262 		return r;
1263 
1264 	/* At this point, the device disconnects and reconnects with the real
1265 	 * ID numbers. */
1266 
1267 	usb_set_intfdata(interface, NULL);
1268 	return 0;
1269 }
1270 
1271 static int ath9k_hif_usb_probe(struct usb_interface *interface,
1272 			       const struct usb_device_id *id)
1273 {
1274 	struct usb_device *udev = interface_to_usbdev(interface);
1275 	struct hif_device_usb *hif_dev;
1276 	int ret = 0;
1277 
1278 	if (id->driver_info == STORAGE_DEVICE)
1279 		return send_eject_command(interface);
1280 
1281 	hif_dev = kzalloc(sizeof(struct hif_device_usb), GFP_KERNEL);
1282 	if (!hif_dev) {
1283 		ret = -ENOMEM;
1284 		goto err_alloc;
1285 	}
1286 
1287 	usb_get_dev(udev);
1288 
1289 	hif_dev->udev = udev;
1290 	hif_dev->interface = interface;
1291 	hif_dev->usb_device_id = id;
1292 #ifdef CONFIG_PM
1293 	udev->reset_resume = 1;
1294 #endif
1295 	usb_set_intfdata(interface, hif_dev);
1296 
1297 	init_completion(&hif_dev->fw_done);
1298 
1299 	ret = ath9k_hif_request_firmware(hif_dev, true);
1300 	if (ret)
1301 		goto err_fw_req;
1302 
1303 	return ret;
1304 
1305 err_fw_req:
1306 	usb_set_intfdata(interface, NULL);
1307 	kfree(hif_dev);
1308 	usb_put_dev(udev);
1309 err_alloc:
1310 	return ret;
1311 }
1312 
1313 static void ath9k_hif_usb_reboot(struct usb_device *udev)
1314 {
1315 	u32 reboot_cmd = 0xffffffff;
1316 	void *buf;
1317 	int ret;
1318 
1319 	buf = kmemdup(&reboot_cmd, 4, GFP_KERNEL);
1320 	if (!buf)
1321 		return;
1322 
1323 	ret = usb_interrupt_msg(udev, usb_sndintpipe(udev, USB_REG_OUT_PIPE),
1324 			   buf, 4, NULL, USB_MSG_TIMEOUT);
1325 	if (ret)
1326 		dev_err(&udev->dev, "ath9k_htc: USB reboot failed\n");
1327 
1328 	kfree(buf);
1329 }
1330 
1331 static void ath9k_hif_usb_disconnect(struct usb_interface *interface)
1332 {
1333 	struct usb_device *udev = interface_to_usbdev(interface);
1334 	struct hif_device_usb *hif_dev = usb_get_intfdata(interface);
1335 	bool unplugged = (udev->state == USB_STATE_NOTATTACHED) ? true : false;
1336 
1337 	if (!hif_dev)
1338 		return;
1339 
1340 	wait_for_completion(&hif_dev->fw_done);
1341 
1342 	if (hif_dev->flags & HIF_USB_READY) {
1343 		ath9k_htc_hw_deinit(hif_dev->htc_handle, unplugged);
1344 		ath9k_htc_hw_free(hif_dev->htc_handle);
1345 		ath9k_hif_usb_dev_deinit(hif_dev);
1346 	}
1347 
1348 	usb_set_intfdata(interface, NULL);
1349 
1350 	/* If firmware was loaded we should drop it
1351 	 * go back to first stage bootloader. */
1352 	if (!unplugged && (hif_dev->flags & HIF_USB_READY))
1353 		ath9k_hif_usb_reboot(udev);
1354 
1355 	kfree(hif_dev);
1356 	dev_info(&udev->dev, "ath9k_htc: USB layer deinitialized\n");
1357 	usb_put_dev(udev);
1358 }
1359 
1360 #ifdef CONFIG_PM
1361 static int ath9k_hif_usb_suspend(struct usb_interface *interface,
1362 				 pm_message_t message)
1363 {
1364 	struct hif_device_usb *hif_dev = usb_get_intfdata(interface);
1365 
1366 	/*
1367 	 * The device has to be set to FULLSLEEP mode in case no
1368 	 * interface is up.
1369 	 */
1370 	if (!(hif_dev->flags & HIF_USB_START))
1371 		ath9k_htc_suspend(hif_dev->htc_handle);
1372 
1373 	wait_for_completion(&hif_dev->fw_done);
1374 
1375 	if (hif_dev->flags & HIF_USB_READY)
1376 		ath9k_hif_usb_dealloc_urbs(hif_dev);
1377 
1378 	return 0;
1379 }
1380 
1381 static int ath9k_hif_usb_resume(struct usb_interface *interface)
1382 {
1383 	struct hif_device_usb *hif_dev = usb_get_intfdata(interface);
1384 	struct htc_target *htc_handle = hif_dev->htc_handle;
1385 	int ret;
1386 	const struct firmware *fw;
1387 
1388 	ret = ath9k_hif_usb_alloc_urbs(hif_dev);
1389 	if (ret)
1390 		return ret;
1391 
1392 	if (hif_dev->flags & HIF_USB_READY) {
1393 		/* request cached firmware during suspend/resume cycle */
1394 		ret = request_firmware(&fw, hif_dev->fw_name,
1395 				       &hif_dev->udev->dev);
1396 		if (ret)
1397 			goto fail_resume;
1398 
1399 		hif_dev->fw_data = fw->data;
1400 		hif_dev->fw_size = fw->size;
1401 		ret = ath9k_hif_usb_download_fw(hif_dev);
1402 		release_firmware(fw);
1403 		if (ret)
1404 			goto fail_resume;
1405 	} else {
1406 		ath9k_hif_usb_dealloc_urbs(hif_dev);
1407 		return -EIO;
1408 	}
1409 
1410 	mdelay(100);
1411 
1412 	ret = ath9k_htc_resume(htc_handle);
1413 
1414 	if (ret)
1415 		goto fail_resume;
1416 
1417 	return 0;
1418 
1419 fail_resume:
1420 	ath9k_hif_usb_dealloc_urbs(hif_dev);
1421 
1422 	return ret;
1423 }
1424 #endif
1425 
1426 static struct usb_driver ath9k_hif_usb_driver = {
1427 	.name = KBUILD_MODNAME,
1428 	.probe = ath9k_hif_usb_probe,
1429 	.disconnect = ath9k_hif_usb_disconnect,
1430 #ifdef CONFIG_PM
1431 	.suspend = ath9k_hif_usb_suspend,
1432 	.resume = ath9k_hif_usb_resume,
1433 	.reset_resume = ath9k_hif_usb_resume,
1434 #endif
1435 	.id_table = ath9k_hif_usb_ids,
1436 	.soft_unbind = 1,
1437 	.disable_hub_initiated_lpm = 1,
1438 };
1439 
1440 int ath9k_hif_usb_init(void)
1441 {
1442 	return usb_register(&ath9k_hif_usb_driver);
1443 }
1444 
1445 void ath9k_hif_usb_exit(void)
1446 {
1447 	usb_deregister(&ath9k_hif_usb_driver);
1448 }
1449