1 /*
2  * Copyright (c) 2010-2011 Atheros Communications Inc.
3  *
4  * Permission to use, copy, modify, and/or distribute this software for any
5  * purpose with or without fee is hereby granted, provided that the above
6  * copyright notice and this permission notice appear in all copies.
7  *
8  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15  */
16 
17 #include <asm/unaligned.h>
18 #include "htc.h"
19 
20 MODULE_FIRMWARE(HTC_7010_MODULE_FW);
21 MODULE_FIRMWARE(HTC_9271_MODULE_FW);
22 
23 static const struct usb_device_id ath9k_hif_usb_ids[] = {
24 	{ USB_DEVICE(0x0cf3, 0x9271) }, /* Atheros */
25 	{ USB_DEVICE(0x0cf3, 0x1006) }, /* Atheros */
26 	{ USB_DEVICE(0x0846, 0x9030) }, /* Netgear N150 */
27 	{ USB_DEVICE(0x07b8, 0x9271) }, /* Altai WA1011N-GU */
28 	{ USB_DEVICE(0x07D1, 0x3A10) }, /* Dlink Wireless 150 */
29 	{ USB_DEVICE(0x13D3, 0x3327) }, /* Azurewave */
30 	{ USB_DEVICE(0x13D3, 0x3328) }, /* Azurewave */
31 	{ USB_DEVICE(0x13D3, 0x3346) }, /* IMC Networks */
32 	{ USB_DEVICE(0x13D3, 0x3348) }, /* Azurewave */
33 	{ USB_DEVICE(0x13D3, 0x3349) }, /* Azurewave */
34 	{ USB_DEVICE(0x13D3, 0x3350) }, /* Azurewave */
35 	{ USB_DEVICE(0x04CA, 0x4605) }, /* Liteon */
36 	{ USB_DEVICE(0x040D, 0x3801) }, /* VIA */
37 	{ USB_DEVICE(0x0cf3, 0xb003) }, /* Ubiquiti WifiStation Ext */
38 	{ USB_DEVICE(0x0cf3, 0xb002) }, /* Ubiquiti WifiStation */
39 	{ USB_DEVICE(0x057c, 0x8403) }, /* AVM FRITZ!WLAN 11N v2 USB */
40 	{ USB_DEVICE(0x0471, 0x209e) }, /* Philips (or NXP) PTA01 */
41 	{ USB_DEVICE(0x1eda, 0x2315) }, /* AirTies */
42 
43 	{ USB_DEVICE(0x0cf3, 0x7015),
44 	  .driver_info = AR9287_USB },  /* Atheros */
45 
46 	{ USB_DEVICE(0x0cf3, 0x7010),
47 	  .driver_info = AR9280_USB },  /* Atheros */
48 	{ USB_DEVICE(0x0846, 0x9018),
49 	  .driver_info = AR9280_USB },  /* Netgear WNDA3200 */
50 	{ USB_DEVICE(0x083A, 0xA704),
51 	  .driver_info = AR9280_USB },  /* SMC Networks */
52 	{ USB_DEVICE(0x0411, 0x017f),
53 	  .driver_info = AR9280_USB },  /* Sony UWA-BR100 */
54 	{ USB_DEVICE(0x0411, 0x0197),
55 	  .driver_info = AR9280_USB },  /* Buffalo WLI-UV-AG300P */
56 	{ USB_DEVICE(0x04da, 0x3904),
57 	  .driver_info = AR9280_USB },
58 	{ USB_DEVICE(0x0930, 0x0a08),
59 	  .driver_info = AR9280_USB },  /* Toshiba WLM-20U2 and GN-1080 */
60 
61 	{ USB_DEVICE(0x0cf3, 0x20ff),
62 	  .driver_info = STORAGE_DEVICE },
63 
64 	{ },
65 };
66 
67 MODULE_DEVICE_TABLE(usb, ath9k_hif_usb_ids);
68 
69 static int __hif_usb_tx(struct hif_device_usb *hif_dev);
70 
71 static void hif_usb_regout_cb(struct urb *urb)
72 {
73 	struct cmd_buf *cmd = (struct cmd_buf *)urb->context;
74 
75 	switch (urb->status) {
76 	case 0:
77 		break;
78 	case -ENOENT:
79 	case -ECONNRESET:
80 	case -ENODEV:
81 	case -ESHUTDOWN:
82 		goto free;
83 	default:
84 		break;
85 	}
86 
87 	if (cmd) {
88 		ath9k_htc_txcompletion_cb(cmd->hif_dev->htc_handle,
89 					  cmd->skb, true);
90 		kfree(cmd);
91 	}
92 
93 	return;
94 free:
95 	kfree_skb(cmd->skb);
96 	kfree(cmd);
97 }
98 
99 static int hif_usb_send_regout(struct hif_device_usb *hif_dev,
100 			       struct sk_buff *skb)
101 {
102 	struct urb *urb;
103 	struct cmd_buf *cmd;
104 	int ret = 0;
105 
106 	urb = usb_alloc_urb(0, GFP_KERNEL);
107 	if (urb == NULL)
108 		return -ENOMEM;
109 
110 	cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
111 	if (cmd == NULL) {
112 		usb_free_urb(urb);
113 		return -ENOMEM;
114 	}
115 
116 	cmd->skb = skb;
117 	cmd->hif_dev = hif_dev;
118 
119 	usb_fill_int_urb(urb, hif_dev->udev,
120 			 usb_sndintpipe(hif_dev->udev, USB_REG_OUT_PIPE),
121 			 skb->data, skb->len,
122 			 hif_usb_regout_cb, cmd, 1);
123 
124 	usb_anchor_urb(urb, &hif_dev->regout_submitted);
125 	ret = usb_submit_urb(urb, GFP_KERNEL);
126 	if (ret) {
127 		usb_unanchor_urb(urb);
128 		kfree(cmd);
129 	}
130 	usb_free_urb(urb);
131 
132 	return ret;
133 }
134 
135 static void hif_usb_mgmt_cb(struct urb *urb)
136 {
137 	struct cmd_buf *cmd = (struct cmd_buf *)urb->context;
138 	struct hif_device_usb *hif_dev;
139 	unsigned long flags;
140 	bool txok = true;
141 
142 	if (!cmd || !cmd->skb || !cmd->hif_dev)
143 		return;
144 
145 	hif_dev = cmd->hif_dev;
146 
147 	switch (urb->status) {
148 	case 0:
149 		break;
150 	case -ENOENT:
151 	case -ECONNRESET:
152 	case -ENODEV:
153 	case -ESHUTDOWN:
154 		txok = false;
155 
156 		/*
157 		 * If the URBs are being flushed, no need to complete
158 		 * this packet.
159 		 */
160 		spin_lock_irqsave(&hif_dev->tx.tx_lock, flags);
161 		if (hif_dev->tx.flags & HIF_USB_TX_FLUSH) {
162 			spin_unlock_irqrestore(&hif_dev->tx.tx_lock, flags);
163 			dev_kfree_skb_any(cmd->skb);
164 			kfree(cmd);
165 			return;
166 		}
167 		spin_unlock_irqrestore(&hif_dev->tx.tx_lock, flags);
168 
169 		break;
170 	default:
171 		txok = false;
172 		break;
173 	}
174 
175 	skb_pull(cmd->skb, 4);
176 	ath9k_htc_txcompletion_cb(cmd->hif_dev->htc_handle,
177 				  cmd->skb, txok);
178 	kfree(cmd);
179 }
180 
181 static int hif_usb_send_mgmt(struct hif_device_usb *hif_dev,
182 			     struct sk_buff *skb)
183 {
184 	struct urb *urb;
185 	struct cmd_buf *cmd;
186 	int ret = 0;
187 	__le16 *hdr;
188 
189 	urb = usb_alloc_urb(0, GFP_ATOMIC);
190 	if (urb == NULL)
191 		return -ENOMEM;
192 
193 	cmd = kzalloc(sizeof(*cmd), GFP_ATOMIC);
194 	if (cmd == NULL) {
195 		usb_free_urb(urb);
196 		return -ENOMEM;
197 	}
198 
199 	cmd->skb = skb;
200 	cmd->hif_dev = hif_dev;
201 
202 	hdr = skb_push(skb, 4);
203 	*hdr++ = cpu_to_le16(skb->len - 4);
204 	*hdr++ = cpu_to_le16(ATH_USB_TX_STREAM_MODE_TAG);
205 
206 	usb_fill_bulk_urb(urb, hif_dev->udev,
207 			 usb_sndbulkpipe(hif_dev->udev, USB_WLAN_TX_PIPE),
208 			 skb->data, skb->len,
209 			 hif_usb_mgmt_cb, cmd);
210 
211 	usb_anchor_urb(urb, &hif_dev->mgmt_submitted);
212 	ret = usb_submit_urb(urb, GFP_ATOMIC);
213 	if (ret) {
214 		usb_unanchor_urb(urb);
215 		kfree(cmd);
216 	}
217 	usb_free_urb(urb);
218 
219 	return ret;
220 }
221 
222 static inline void ath9k_skb_queue_purge(struct hif_device_usb *hif_dev,
223 					 struct sk_buff_head *list)
224 {
225 	struct sk_buff *skb;
226 
227 	while ((skb = __skb_dequeue(list)) != NULL) {
228 		dev_kfree_skb_any(skb);
229 	}
230 }
231 
232 static inline void ath9k_skb_queue_complete(struct hif_device_usb *hif_dev,
233 					    struct sk_buff_head *queue,
234 					    bool txok)
235 {
236 	struct sk_buff *skb;
237 
238 	while ((skb = __skb_dequeue(queue)) != NULL) {
239 #ifdef CONFIG_ATH9K_HTC_DEBUGFS
240 		int ln = skb->len;
241 #endif
242 		ath9k_htc_txcompletion_cb(hif_dev->htc_handle,
243 					  skb, txok);
244 		if (txok) {
245 			TX_STAT_INC(hif_dev, skb_success);
246 			TX_STAT_ADD(hif_dev, skb_success_bytes, ln);
247 		}
248 		else
249 			TX_STAT_INC(hif_dev, skb_failed);
250 	}
251 }
252 
253 static void hif_usb_tx_cb(struct urb *urb)
254 {
255 	struct tx_buf *tx_buf = (struct tx_buf *) urb->context;
256 	struct hif_device_usb *hif_dev;
257 	bool txok = true;
258 
259 	if (!tx_buf || !tx_buf->hif_dev)
260 		return;
261 
262 	hif_dev = tx_buf->hif_dev;
263 
264 	switch (urb->status) {
265 	case 0:
266 		break;
267 	case -ENOENT:
268 	case -ECONNRESET:
269 	case -ENODEV:
270 	case -ESHUTDOWN:
271 		txok = false;
272 
273 		/*
274 		 * If the URBs are being flushed, no need to add this
275 		 * URB to the free list.
276 		 */
277 		spin_lock(&hif_dev->tx.tx_lock);
278 		if (hif_dev->tx.flags & HIF_USB_TX_FLUSH) {
279 			spin_unlock(&hif_dev->tx.tx_lock);
280 			ath9k_skb_queue_purge(hif_dev, &tx_buf->skb_queue);
281 			return;
282 		}
283 		spin_unlock(&hif_dev->tx.tx_lock);
284 
285 		break;
286 	default:
287 		txok = false;
288 		break;
289 	}
290 
291 	ath9k_skb_queue_complete(hif_dev, &tx_buf->skb_queue, txok);
292 
293 	/* Re-initialize the SKB queue */
294 	tx_buf->len = tx_buf->offset = 0;
295 	__skb_queue_head_init(&tx_buf->skb_queue);
296 
297 	/* Add this TX buffer to the free list */
298 	spin_lock(&hif_dev->tx.tx_lock);
299 	list_move_tail(&tx_buf->list, &hif_dev->tx.tx_buf);
300 	hif_dev->tx.tx_buf_cnt++;
301 	if (!(hif_dev->tx.flags & HIF_USB_TX_STOP))
302 		__hif_usb_tx(hif_dev); /* Check for pending SKBs */
303 	TX_STAT_INC(hif_dev, buf_completed);
304 	spin_unlock(&hif_dev->tx.tx_lock);
305 }
306 
307 /* TX lock has to be taken */
308 static int __hif_usb_tx(struct hif_device_usb *hif_dev)
309 {
310 	struct tx_buf *tx_buf = NULL;
311 	struct sk_buff *nskb = NULL;
312 	int ret = 0, i;
313 	u16 tx_skb_cnt = 0;
314 	u8 *buf;
315 	__le16 *hdr;
316 
317 	if (hif_dev->tx.tx_skb_cnt == 0)
318 		return 0;
319 
320 	/* Check if a free TX buffer is available */
321 	if (list_empty(&hif_dev->tx.tx_buf))
322 		return 0;
323 
324 	tx_buf = list_first_entry(&hif_dev->tx.tx_buf, struct tx_buf, list);
325 	list_move_tail(&tx_buf->list, &hif_dev->tx.tx_pending);
326 	hif_dev->tx.tx_buf_cnt--;
327 
328 	tx_skb_cnt = min_t(u16, hif_dev->tx.tx_skb_cnt, MAX_TX_AGGR_NUM);
329 
330 	for (i = 0; i < tx_skb_cnt; i++) {
331 		nskb = __skb_dequeue(&hif_dev->tx.tx_skb_queue);
332 
333 		/* Should never be NULL */
334 		BUG_ON(!nskb);
335 
336 		hif_dev->tx.tx_skb_cnt--;
337 
338 		buf = tx_buf->buf;
339 		buf += tx_buf->offset;
340 		hdr = (__le16 *)buf;
341 		*hdr++ = cpu_to_le16(nskb->len);
342 		*hdr++ = cpu_to_le16(ATH_USB_TX_STREAM_MODE_TAG);
343 		buf += 4;
344 		memcpy(buf, nskb->data, nskb->len);
345 		tx_buf->len = nskb->len + 4;
346 
347 		if (i < (tx_skb_cnt - 1))
348 			tx_buf->offset += (((tx_buf->len - 1) / 4) + 1) * 4;
349 
350 		if (i == (tx_skb_cnt - 1))
351 			tx_buf->len += tx_buf->offset;
352 
353 		__skb_queue_tail(&tx_buf->skb_queue, nskb);
354 		TX_STAT_INC(hif_dev, skb_queued);
355 	}
356 
357 	usb_fill_bulk_urb(tx_buf->urb, hif_dev->udev,
358 			  usb_sndbulkpipe(hif_dev->udev, USB_WLAN_TX_PIPE),
359 			  tx_buf->buf, tx_buf->len,
360 			  hif_usb_tx_cb, tx_buf);
361 
362 	ret = usb_submit_urb(tx_buf->urb, GFP_ATOMIC);
363 	if (ret) {
364 		tx_buf->len = tx_buf->offset = 0;
365 		ath9k_skb_queue_complete(hif_dev, &tx_buf->skb_queue, false);
366 		__skb_queue_head_init(&tx_buf->skb_queue);
367 		list_move_tail(&tx_buf->list, &hif_dev->tx.tx_buf);
368 		hif_dev->tx.tx_buf_cnt++;
369 	} else {
370 		TX_STAT_INC(hif_dev, buf_queued);
371 	}
372 
373 	return ret;
374 }
375 
376 static int hif_usb_send_tx(struct hif_device_usb *hif_dev, struct sk_buff *skb)
377 {
378 	struct ath9k_htc_tx_ctl *tx_ctl;
379 	unsigned long flags;
380 	int ret = 0;
381 
382 	spin_lock_irqsave(&hif_dev->tx.tx_lock, flags);
383 
384 	if (hif_dev->tx.flags & HIF_USB_TX_STOP) {
385 		spin_unlock_irqrestore(&hif_dev->tx.tx_lock, flags);
386 		return -ENODEV;
387 	}
388 
389 	/* Check if the max queue count has been reached */
390 	if (hif_dev->tx.tx_skb_cnt > MAX_TX_BUF_NUM) {
391 		spin_unlock_irqrestore(&hif_dev->tx.tx_lock, flags);
392 		return -ENOMEM;
393 	}
394 
395 	spin_unlock_irqrestore(&hif_dev->tx.tx_lock, flags);
396 
397 	tx_ctl = HTC_SKB_CB(skb);
398 
399 	/* Mgmt/Beacon frames don't use the TX buffer pool */
400 	if ((tx_ctl->type == ATH9K_HTC_MGMT) ||
401 	    (tx_ctl->type == ATH9K_HTC_BEACON)) {
402 		ret = hif_usb_send_mgmt(hif_dev, skb);
403 	}
404 
405 	spin_lock_irqsave(&hif_dev->tx.tx_lock, flags);
406 
407 	if ((tx_ctl->type == ATH9K_HTC_NORMAL) ||
408 	    (tx_ctl->type == ATH9K_HTC_AMPDU)) {
409 		__skb_queue_tail(&hif_dev->tx.tx_skb_queue, skb);
410 		hif_dev->tx.tx_skb_cnt++;
411 	}
412 
413 	/* Check if AMPDUs have to be sent immediately */
414 	if ((hif_dev->tx.tx_buf_cnt == MAX_TX_URB_NUM) &&
415 	    (hif_dev->tx.tx_skb_cnt < 2)) {
416 		__hif_usb_tx(hif_dev);
417 	}
418 
419 	spin_unlock_irqrestore(&hif_dev->tx.tx_lock, flags);
420 
421 	return ret;
422 }
423 
424 static void hif_usb_start(void *hif_handle)
425 {
426 	struct hif_device_usb *hif_dev = hif_handle;
427 	unsigned long flags;
428 
429 	hif_dev->flags |= HIF_USB_START;
430 
431 	spin_lock_irqsave(&hif_dev->tx.tx_lock, flags);
432 	hif_dev->tx.flags &= ~HIF_USB_TX_STOP;
433 	spin_unlock_irqrestore(&hif_dev->tx.tx_lock, flags);
434 }
435 
436 static void hif_usb_stop(void *hif_handle)
437 {
438 	struct hif_device_usb *hif_dev = hif_handle;
439 	struct tx_buf *tx_buf = NULL, *tx_buf_tmp = NULL;
440 	unsigned long flags;
441 
442 	spin_lock_irqsave(&hif_dev->tx.tx_lock, flags);
443 	ath9k_skb_queue_complete(hif_dev, &hif_dev->tx.tx_skb_queue, false);
444 	hif_dev->tx.tx_skb_cnt = 0;
445 	hif_dev->tx.flags |= HIF_USB_TX_STOP;
446 	spin_unlock_irqrestore(&hif_dev->tx.tx_lock, flags);
447 
448 	/* The pending URBs have to be canceled. */
449 	spin_lock_irqsave(&hif_dev->tx.tx_lock, flags);
450 	list_for_each_entry_safe(tx_buf, tx_buf_tmp,
451 				 &hif_dev->tx.tx_pending, list) {
452 		usb_get_urb(tx_buf->urb);
453 		spin_unlock_irqrestore(&hif_dev->tx.tx_lock, flags);
454 		usb_kill_urb(tx_buf->urb);
455 		list_del(&tx_buf->list);
456 		usb_free_urb(tx_buf->urb);
457 		kfree(tx_buf->buf);
458 		kfree(tx_buf);
459 		spin_lock_irqsave(&hif_dev->tx.tx_lock, flags);
460 	}
461 	spin_unlock_irqrestore(&hif_dev->tx.tx_lock, flags);
462 
463 	usb_kill_anchored_urbs(&hif_dev->mgmt_submitted);
464 }
465 
466 static int hif_usb_send(void *hif_handle, u8 pipe_id, struct sk_buff *skb)
467 {
468 	struct hif_device_usb *hif_dev = hif_handle;
469 	int ret = 0;
470 
471 	switch (pipe_id) {
472 	case USB_WLAN_TX_PIPE:
473 		ret = hif_usb_send_tx(hif_dev, skb);
474 		break;
475 	case USB_REG_OUT_PIPE:
476 		ret = hif_usb_send_regout(hif_dev, skb);
477 		break;
478 	default:
479 		dev_err(&hif_dev->udev->dev,
480 			"ath9k_htc: Invalid TX pipe: %d\n", pipe_id);
481 		ret = -EINVAL;
482 		break;
483 	}
484 
485 	return ret;
486 }
487 
488 static inline bool check_index(struct sk_buff *skb, u8 idx)
489 {
490 	struct ath9k_htc_tx_ctl *tx_ctl;
491 
492 	tx_ctl = HTC_SKB_CB(skb);
493 
494 	if ((tx_ctl->type == ATH9K_HTC_AMPDU) &&
495 	    (tx_ctl->sta_idx == idx))
496 		return true;
497 
498 	return false;
499 }
500 
501 static void hif_usb_sta_drain(void *hif_handle, u8 idx)
502 {
503 	struct hif_device_usb *hif_dev = hif_handle;
504 	struct sk_buff *skb, *tmp;
505 	unsigned long flags;
506 
507 	spin_lock_irqsave(&hif_dev->tx.tx_lock, flags);
508 
509 	skb_queue_walk_safe(&hif_dev->tx.tx_skb_queue, skb, tmp) {
510 		if (check_index(skb, idx)) {
511 			__skb_unlink(skb, &hif_dev->tx.tx_skb_queue);
512 			ath9k_htc_txcompletion_cb(hif_dev->htc_handle,
513 						  skb, false);
514 			hif_dev->tx.tx_skb_cnt--;
515 			TX_STAT_INC(hif_dev, skb_failed);
516 		}
517 	}
518 
519 	spin_unlock_irqrestore(&hif_dev->tx.tx_lock, flags);
520 }
521 
522 static struct ath9k_htc_hif hif_usb = {
523 	.transport = ATH9K_HIF_USB,
524 	.name = "ath9k_hif_usb",
525 
526 	.control_ul_pipe = USB_REG_OUT_PIPE,
527 	.control_dl_pipe = USB_REG_IN_PIPE,
528 
529 	.start = hif_usb_start,
530 	.stop = hif_usb_stop,
531 	.sta_drain = hif_usb_sta_drain,
532 	.send = hif_usb_send,
533 };
534 
535 /* Need to free remain_skb allocated in ath9k_hif_usb_rx_stream
536  * in case ath9k_hif_usb_rx_stream wasn't called next time to
537  * process the buffer and subsequently free it.
538  */
539 static void ath9k_hif_usb_free_rx_remain_skb(struct hif_device_usb *hif_dev)
540 {
541 	unsigned long flags;
542 
543 	spin_lock_irqsave(&hif_dev->rx_lock, flags);
544 	if (hif_dev->remain_skb) {
545 		dev_kfree_skb_any(hif_dev->remain_skb);
546 		hif_dev->remain_skb = NULL;
547 		hif_dev->rx_remain_len = 0;
548 		RX_STAT_INC(hif_dev, skb_dropped);
549 	}
550 	spin_unlock_irqrestore(&hif_dev->rx_lock, flags);
551 }
552 
553 static void ath9k_hif_usb_rx_stream(struct hif_device_usb *hif_dev,
554 				    struct sk_buff *skb)
555 {
556 	struct sk_buff *nskb, *skb_pool[MAX_PKT_NUM_IN_TRANSFER];
557 	int index = 0, i, len = skb->len;
558 	int rx_remain_len, rx_pkt_len;
559 	u16 pool_index = 0;
560 	u8 *ptr;
561 
562 	spin_lock(&hif_dev->rx_lock);
563 
564 	rx_remain_len = hif_dev->rx_remain_len;
565 	rx_pkt_len = hif_dev->rx_transfer_len;
566 
567 	if (rx_remain_len != 0) {
568 		struct sk_buff *remain_skb = hif_dev->remain_skb;
569 
570 		if (remain_skb) {
571 			ptr = (u8 *) remain_skb->data;
572 
573 			index = rx_remain_len;
574 			rx_remain_len -= hif_dev->rx_pad_len;
575 			ptr += rx_pkt_len;
576 
577 			memcpy(ptr, skb->data, rx_remain_len);
578 
579 			rx_pkt_len += rx_remain_len;
580 			skb_put(remain_skb, rx_pkt_len);
581 
582 			skb_pool[pool_index++] = remain_skb;
583 			hif_dev->remain_skb = NULL;
584 			hif_dev->rx_remain_len = 0;
585 		} else {
586 			index = rx_remain_len;
587 		}
588 	}
589 
590 	spin_unlock(&hif_dev->rx_lock);
591 
592 	while (index < len) {
593 		u16 pkt_len;
594 		u16 pkt_tag;
595 		u16 pad_len;
596 		int chk_idx;
597 
598 		ptr = (u8 *) skb->data;
599 
600 		pkt_len = get_unaligned_le16(ptr + index);
601 		pkt_tag = get_unaligned_le16(ptr + index + 2);
602 
603 		/* It is supposed that if we have an invalid pkt_tag or
604 		 * pkt_len then the whole input SKB is considered invalid
605 		 * and dropped; the associated packets already in skb_pool
606 		 * are dropped, too.
607 		 */
608 		if (pkt_tag != ATH_USB_RX_STREAM_MODE_TAG) {
609 			RX_STAT_INC(hif_dev, skb_dropped);
610 			goto invalid_pkt;
611 		}
612 
613 		if (pkt_len > 2 * MAX_RX_BUF_SIZE) {
614 			dev_err(&hif_dev->udev->dev,
615 				"ath9k_htc: invalid pkt_len (%x)\n", pkt_len);
616 			RX_STAT_INC(hif_dev, skb_dropped);
617 			goto invalid_pkt;
618 		}
619 
620 		pad_len = 4 - (pkt_len & 0x3);
621 		if (pad_len == 4)
622 			pad_len = 0;
623 
624 		chk_idx = index;
625 		index = index + 4 + pkt_len + pad_len;
626 
627 		if (index > MAX_RX_BUF_SIZE) {
628 			spin_lock(&hif_dev->rx_lock);
629 			nskb = __dev_alloc_skb(pkt_len + 32, GFP_ATOMIC);
630 			if (!nskb) {
631 				dev_err(&hif_dev->udev->dev,
632 					"ath9k_htc: RX memory allocation error\n");
633 				spin_unlock(&hif_dev->rx_lock);
634 				goto err;
635 			}
636 
637 			hif_dev->rx_remain_len = index - MAX_RX_BUF_SIZE;
638 			hif_dev->rx_transfer_len =
639 				MAX_RX_BUF_SIZE - chk_idx - 4;
640 			hif_dev->rx_pad_len = pad_len;
641 
642 			skb_reserve(nskb, 32);
643 			RX_STAT_INC(hif_dev, skb_allocated);
644 
645 			memcpy(nskb->data, &(skb->data[chk_idx+4]),
646 			       hif_dev->rx_transfer_len);
647 
648 			/* Record the buffer pointer */
649 			hif_dev->remain_skb = nskb;
650 			spin_unlock(&hif_dev->rx_lock);
651 		} else {
652 			if (pool_index == MAX_PKT_NUM_IN_TRANSFER) {
653 				dev_err(&hif_dev->udev->dev,
654 					"ath9k_htc: over RX MAX_PKT_NUM\n");
655 				goto err;
656 			}
657 			nskb = __dev_alloc_skb(pkt_len + 32, GFP_ATOMIC);
658 			if (!nskb) {
659 				dev_err(&hif_dev->udev->dev,
660 					"ath9k_htc: RX memory allocation error\n");
661 				goto err;
662 			}
663 			skb_reserve(nskb, 32);
664 			RX_STAT_INC(hif_dev, skb_allocated);
665 
666 			memcpy(nskb->data, &(skb->data[chk_idx+4]), pkt_len);
667 			skb_put(nskb, pkt_len);
668 			skb_pool[pool_index++] = nskb;
669 		}
670 	}
671 
672 err:
673 	for (i = 0; i < pool_index; i++) {
674 		RX_STAT_ADD(hif_dev, skb_completed_bytes, skb_pool[i]->len);
675 		ath9k_htc_rx_msg(hif_dev->htc_handle, skb_pool[i],
676 				 skb_pool[i]->len, USB_WLAN_RX_PIPE);
677 		RX_STAT_INC(hif_dev, skb_completed);
678 	}
679 	return;
680 invalid_pkt:
681 	for (i = 0; i < pool_index; i++) {
682 		dev_kfree_skb_any(skb_pool[i]);
683 		RX_STAT_INC(hif_dev, skb_dropped);
684 	}
685 	return;
686 }
687 
688 static void ath9k_hif_usb_rx_cb(struct urb *urb)
689 {
690 	struct rx_buf *rx_buf = (struct rx_buf *)urb->context;
691 	struct hif_device_usb *hif_dev = rx_buf->hif_dev;
692 	struct sk_buff *skb = rx_buf->skb;
693 	int ret;
694 
695 	if (!skb)
696 		return;
697 
698 	if (!hif_dev)
699 		goto free;
700 
701 	switch (urb->status) {
702 	case 0:
703 		break;
704 	case -ENOENT:
705 	case -ECONNRESET:
706 	case -ENODEV:
707 	case -ESHUTDOWN:
708 		goto free;
709 	default:
710 		goto resubmit;
711 	}
712 
713 	if (likely(urb->actual_length != 0)) {
714 		skb_put(skb, urb->actual_length);
715 		ath9k_hif_usb_rx_stream(hif_dev, skb);
716 	}
717 
718 resubmit:
719 	skb_reset_tail_pointer(skb);
720 	skb_trim(skb, 0);
721 
722 	usb_anchor_urb(urb, &hif_dev->rx_submitted);
723 	ret = usb_submit_urb(urb, GFP_ATOMIC);
724 	if (ret) {
725 		usb_unanchor_urb(urb);
726 		goto free;
727 	}
728 
729 	return;
730 free:
731 	kfree_skb(skb);
732 	kfree(rx_buf);
733 }
734 
735 static void ath9k_hif_usb_reg_in_cb(struct urb *urb)
736 {
737 	struct rx_buf *rx_buf = (struct rx_buf *)urb->context;
738 	struct hif_device_usb *hif_dev = rx_buf->hif_dev;
739 	struct sk_buff *skb = rx_buf->skb;
740 	int ret;
741 
742 	if (!skb)
743 		return;
744 
745 	if (!hif_dev)
746 		goto free_skb;
747 
748 	switch (urb->status) {
749 	case 0:
750 		break;
751 	case -ENOENT:
752 	case -ECONNRESET:
753 	case -ENODEV:
754 	case -ESHUTDOWN:
755 		goto free_skb;
756 	default:
757 		skb_reset_tail_pointer(skb);
758 		skb_trim(skb, 0);
759 
760 		goto resubmit;
761 	}
762 
763 	if (likely(urb->actual_length != 0)) {
764 		skb_put(skb, urb->actual_length);
765 
766 		/*
767 		 * Process the command first.
768 		 * skb is either freed here or passed to be
769 		 * managed to another callback function.
770 		 */
771 		ath9k_htc_rx_msg(hif_dev->htc_handle, skb,
772 				 skb->len, USB_REG_IN_PIPE);
773 
774 		skb = alloc_skb(MAX_REG_IN_BUF_SIZE, GFP_ATOMIC);
775 		if (!skb) {
776 			dev_err(&hif_dev->udev->dev,
777 				"ath9k_htc: REG_IN memory allocation failure\n");
778 			goto free_rx_buf;
779 		}
780 
781 		rx_buf->skb = skb;
782 
783 		usb_fill_int_urb(urb, hif_dev->udev,
784 				 usb_rcvintpipe(hif_dev->udev,
785 						 USB_REG_IN_PIPE),
786 				 skb->data, MAX_REG_IN_BUF_SIZE,
787 				 ath9k_hif_usb_reg_in_cb, rx_buf, 1);
788 	}
789 
790 resubmit:
791 	usb_anchor_urb(urb, &hif_dev->reg_in_submitted);
792 	ret = usb_submit_urb(urb, GFP_ATOMIC);
793 	if (ret) {
794 		usb_unanchor_urb(urb);
795 		goto free_skb;
796 	}
797 
798 	return;
799 free_skb:
800 	kfree_skb(skb);
801 free_rx_buf:
802 	kfree(rx_buf);
803 	urb->context = NULL;
804 }
805 
806 static void ath9k_hif_usb_dealloc_tx_urbs(struct hif_device_usb *hif_dev)
807 {
808 	struct tx_buf *tx_buf = NULL, *tx_buf_tmp = NULL;
809 	unsigned long flags;
810 
811 	spin_lock_irqsave(&hif_dev->tx.tx_lock, flags);
812 	list_for_each_entry_safe(tx_buf, tx_buf_tmp,
813 				 &hif_dev->tx.tx_buf, list) {
814 		list_del(&tx_buf->list);
815 		usb_free_urb(tx_buf->urb);
816 		kfree(tx_buf->buf);
817 		kfree(tx_buf);
818 	}
819 	spin_unlock_irqrestore(&hif_dev->tx.tx_lock, flags);
820 
821 	spin_lock_irqsave(&hif_dev->tx.tx_lock, flags);
822 	hif_dev->tx.flags |= HIF_USB_TX_FLUSH;
823 	spin_unlock_irqrestore(&hif_dev->tx.tx_lock, flags);
824 
825 	spin_lock_irqsave(&hif_dev->tx.tx_lock, flags);
826 	list_for_each_entry_safe(tx_buf, tx_buf_tmp,
827 				 &hif_dev->tx.tx_pending, list) {
828 		usb_get_urb(tx_buf->urb);
829 		spin_unlock_irqrestore(&hif_dev->tx.tx_lock, flags);
830 		usb_kill_urb(tx_buf->urb);
831 		list_del(&tx_buf->list);
832 		usb_free_urb(tx_buf->urb);
833 		kfree(tx_buf->buf);
834 		kfree(tx_buf);
835 		spin_lock_irqsave(&hif_dev->tx.tx_lock, flags);
836 	}
837 	spin_unlock_irqrestore(&hif_dev->tx.tx_lock, flags);
838 
839 	usb_kill_anchored_urbs(&hif_dev->mgmt_submitted);
840 }
841 
842 static int ath9k_hif_usb_alloc_tx_urbs(struct hif_device_usb *hif_dev)
843 {
844 	struct tx_buf *tx_buf;
845 	int i;
846 
847 	INIT_LIST_HEAD(&hif_dev->tx.tx_buf);
848 	INIT_LIST_HEAD(&hif_dev->tx.tx_pending);
849 	spin_lock_init(&hif_dev->tx.tx_lock);
850 	__skb_queue_head_init(&hif_dev->tx.tx_skb_queue);
851 	init_usb_anchor(&hif_dev->mgmt_submitted);
852 
853 	for (i = 0; i < MAX_TX_URB_NUM; i++) {
854 		tx_buf = kzalloc(sizeof(*tx_buf), GFP_KERNEL);
855 		if (!tx_buf)
856 			goto err;
857 
858 		tx_buf->buf = kzalloc(MAX_TX_BUF_SIZE, GFP_KERNEL);
859 		if (!tx_buf->buf)
860 			goto err;
861 
862 		tx_buf->urb = usb_alloc_urb(0, GFP_KERNEL);
863 		if (!tx_buf->urb)
864 			goto err;
865 
866 		tx_buf->hif_dev = hif_dev;
867 		__skb_queue_head_init(&tx_buf->skb_queue);
868 
869 		list_add_tail(&tx_buf->list, &hif_dev->tx.tx_buf);
870 	}
871 
872 	hif_dev->tx.tx_buf_cnt = MAX_TX_URB_NUM;
873 
874 	return 0;
875 err:
876 	if (tx_buf) {
877 		kfree(tx_buf->buf);
878 		kfree(tx_buf);
879 	}
880 	ath9k_hif_usb_dealloc_tx_urbs(hif_dev);
881 	return -ENOMEM;
882 }
883 
884 static void ath9k_hif_usb_dealloc_rx_urbs(struct hif_device_usb *hif_dev)
885 {
886 	usb_kill_anchored_urbs(&hif_dev->rx_submitted);
887 	ath9k_hif_usb_free_rx_remain_skb(hif_dev);
888 }
889 
890 static int ath9k_hif_usb_alloc_rx_urbs(struct hif_device_usb *hif_dev)
891 {
892 	struct rx_buf *rx_buf = NULL;
893 	struct sk_buff *skb = NULL;
894 	struct urb *urb = NULL;
895 	int i, ret;
896 
897 	init_usb_anchor(&hif_dev->rx_submitted);
898 	spin_lock_init(&hif_dev->rx_lock);
899 
900 	for (i = 0; i < MAX_RX_URB_NUM; i++) {
901 
902 		rx_buf = kzalloc(sizeof(*rx_buf), GFP_KERNEL);
903 		if (!rx_buf) {
904 			ret = -ENOMEM;
905 			goto err_rxb;
906 		}
907 
908 		/* Allocate URB */
909 		urb = usb_alloc_urb(0, GFP_KERNEL);
910 		if (urb == NULL) {
911 			ret = -ENOMEM;
912 			goto err_urb;
913 		}
914 
915 		/* Allocate buffer */
916 		skb = alloc_skb(MAX_RX_BUF_SIZE, GFP_KERNEL);
917 		if (!skb) {
918 			ret = -ENOMEM;
919 			goto err_skb;
920 		}
921 
922 		rx_buf->hif_dev = hif_dev;
923 		rx_buf->skb = skb;
924 
925 		usb_fill_bulk_urb(urb, hif_dev->udev,
926 				  usb_rcvbulkpipe(hif_dev->udev,
927 						  USB_WLAN_RX_PIPE),
928 				  skb->data, MAX_RX_BUF_SIZE,
929 				  ath9k_hif_usb_rx_cb, rx_buf);
930 
931 		/* Anchor URB */
932 		usb_anchor_urb(urb, &hif_dev->rx_submitted);
933 
934 		/* Submit URB */
935 		ret = usb_submit_urb(urb, GFP_KERNEL);
936 		if (ret) {
937 			usb_unanchor_urb(urb);
938 			goto err_submit;
939 		}
940 
941 		/*
942 		 * Drop reference count.
943 		 * This ensures that the URB is freed when killing them.
944 		 */
945 		usb_free_urb(urb);
946 	}
947 
948 	return 0;
949 
950 err_submit:
951 	kfree_skb(skb);
952 err_skb:
953 	usb_free_urb(urb);
954 err_urb:
955 	kfree(rx_buf);
956 err_rxb:
957 	ath9k_hif_usb_dealloc_rx_urbs(hif_dev);
958 	return ret;
959 }
960 
961 static void ath9k_hif_usb_dealloc_reg_in_urbs(struct hif_device_usb *hif_dev)
962 {
963 	usb_kill_anchored_urbs(&hif_dev->reg_in_submitted);
964 }
965 
966 static int ath9k_hif_usb_alloc_reg_in_urbs(struct hif_device_usb *hif_dev)
967 {
968 	struct rx_buf *rx_buf = NULL;
969 	struct sk_buff *skb = NULL;
970 	struct urb *urb = NULL;
971 	int i, ret;
972 
973 	init_usb_anchor(&hif_dev->reg_in_submitted);
974 
975 	for (i = 0; i < MAX_REG_IN_URB_NUM; i++) {
976 
977 		rx_buf = kzalloc(sizeof(*rx_buf), GFP_KERNEL);
978 		if (!rx_buf) {
979 			ret = -ENOMEM;
980 			goto err_rxb;
981 		}
982 
983 		/* Allocate URB */
984 		urb = usb_alloc_urb(0, GFP_KERNEL);
985 		if (urb == NULL) {
986 			ret = -ENOMEM;
987 			goto err_urb;
988 		}
989 
990 		/* Allocate buffer */
991 		skb = alloc_skb(MAX_REG_IN_BUF_SIZE, GFP_KERNEL);
992 		if (!skb) {
993 			ret = -ENOMEM;
994 			goto err_skb;
995 		}
996 
997 		rx_buf->hif_dev = hif_dev;
998 		rx_buf->skb = skb;
999 
1000 		usb_fill_int_urb(urb, hif_dev->udev,
1001 				  usb_rcvintpipe(hif_dev->udev,
1002 						  USB_REG_IN_PIPE),
1003 				  skb->data, MAX_REG_IN_BUF_SIZE,
1004 				  ath9k_hif_usb_reg_in_cb, rx_buf, 1);
1005 
1006 		/* Anchor URB */
1007 		usb_anchor_urb(urb, &hif_dev->reg_in_submitted);
1008 
1009 		/* Submit URB */
1010 		ret = usb_submit_urb(urb, GFP_KERNEL);
1011 		if (ret) {
1012 			usb_unanchor_urb(urb);
1013 			goto err_submit;
1014 		}
1015 
1016 		/*
1017 		 * Drop reference count.
1018 		 * This ensures that the URB is freed when killing them.
1019 		 */
1020 		usb_free_urb(urb);
1021 	}
1022 
1023 	return 0;
1024 
1025 err_submit:
1026 	kfree_skb(skb);
1027 err_skb:
1028 	usb_free_urb(urb);
1029 err_urb:
1030 	kfree(rx_buf);
1031 err_rxb:
1032 	ath9k_hif_usb_dealloc_reg_in_urbs(hif_dev);
1033 	return ret;
1034 }
1035 
1036 static int ath9k_hif_usb_alloc_urbs(struct hif_device_usb *hif_dev)
1037 {
1038 	/* Register Write */
1039 	init_usb_anchor(&hif_dev->regout_submitted);
1040 
1041 	/* TX */
1042 	if (ath9k_hif_usb_alloc_tx_urbs(hif_dev) < 0)
1043 		goto err;
1044 
1045 	/* RX */
1046 	if (ath9k_hif_usb_alloc_rx_urbs(hif_dev) < 0)
1047 		goto err_rx;
1048 
1049 	/* Register Read */
1050 	if (ath9k_hif_usb_alloc_reg_in_urbs(hif_dev) < 0)
1051 		goto err_reg;
1052 
1053 	return 0;
1054 err_reg:
1055 	ath9k_hif_usb_dealloc_rx_urbs(hif_dev);
1056 err_rx:
1057 	ath9k_hif_usb_dealloc_tx_urbs(hif_dev);
1058 err:
1059 	return -ENOMEM;
1060 }
1061 
1062 void ath9k_hif_usb_dealloc_urbs(struct hif_device_usb *hif_dev)
1063 {
1064 	usb_kill_anchored_urbs(&hif_dev->regout_submitted);
1065 	ath9k_hif_usb_dealloc_reg_in_urbs(hif_dev);
1066 	ath9k_hif_usb_dealloc_tx_urbs(hif_dev);
1067 	ath9k_hif_usb_dealloc_rx_urbs(hif_dev);
1068 }
1069 
1070 static int ath9k_hif_usb_download_fw(struct hif_device_usb *hif_dev)
1071 {
1072 	int transfer, err;
1073 	const void *data = hif_dev->fw_data;
1074 	size_t len = hif_dev->fw_size;
1075 	u32 addr = AR9271_FIRMWARE;
1076 	u8 *buf = kzalloc(4096, GFP_KERNEL);
1077 	u32 firm_offset;
1078 
1079 	if (!buf)
1080 		return -ENOMEM;
1081 
1082 	while (len) {
1083 		transfer = min_t(size_t, len, 4096);
1084 		memcpy(buf, data, transfer);
1085 
1086 		err = usb_control_msg(hif_dev->udev,
1087 				      usb_sndctrlpipe(hif_dev->udev, 0),
1088 				      FIRMWARE_DOWNLOAD, 0x40 | USB_DIR_OUT,
1089 				      addr >> 8, 0, buf, transfer,
1090 				      USB_MSG_TIMEOUT);
1091 		if (err < 0) {
1092 			kfree(buf);
1093 			return err;
1094 		}
1095 
1096 		len -= transfer;
1097 		data += transfer;
1098 		addr += transfer;
1099 	}
1100 	kfree(buf);
1101 
1102 	if (IS_AR7010_DEVICE(hif_dev->usb_device_id->driver_info))
1103 		firm_offset = AR7010_FIRMWARE_TEXT;
1104 	else
1105 		firm_offset = AR9271_FIRMWARE_TEXT;
1106 
1107 	/*
1108 	 * Issue FW download complete command to firmware.
1109 	 */
1110 	err = usb_control_msg(hif_dev->udev, usb_sndctrlpipe(hif_dev->udev, 0),
1111 			      FIRMWARE_DOWNLOAD_COMP,
1112 			      0x40 | USB_DIR_OUT,
1113 			      firm_offset >> 8, 0, NULL, 0, USB_MSG_TIMEOUT);
1114 	if (err)
1115 		return -EIO;
1116 
1117 	dev_info(&hif_dev->udev->dev, "ath9k_htc: Transferred FW: %s, size: %ld\n",
1118 		 hif_dev->fw_name, (unsigned long) hif_dev->fw_size);
1119 
1120 	return 0;
1121 }
1122 
1123 static int ath9k_hif_usb_dev_init(struct hif_device_usb *hif_dev)
1124 {
1125 	int ret;
1126 
1127 	ret = ath9k_hif_usb_download_fw(hif_dev);
1128 	if (ret) {
1129 		dev_err(&hif_dev->udev->dev,
1130 			"ath9k_htc: Firmware - %s download failed\n",
1131 			hif_dev->fw_name);
1132 		return ret;
1133 	}
1134 
1135 	/* Alloc URBs */
1136 	ret = ath9k_hif_usb_alloc_urbs(hif_dev);
1137 	if (ret) {
1138 		dev_err(&hif_dev->udev->dev,
1139 			"ath9k_htc: Unable to allocate URBs\n");
1140 		return ret;
1141 	}
1142 
1143 	return 0;
1144 }
1145 
1146 static void ath9k_hif_usb_dev_deinit(struct hif_device_usb *hif_dev)
1147 {
1148 	ath9k_hif_usb_dealloc_urbs(hif_dev);
1149 }
1150 
1151 /*
1152  * If initialization fails or the FW cannot be retrieved,
1153  * detach the device.
1154  */
1155 static void ath9k_hif_usb_firmware_fail(struct hif_device_usb *hif_dev)
1156 {
1157 	struct device *dev = &hif_dev->udev->dev;
1158 	struct device *parent = dev->parent;
1159 
1160 	complete_all(&hif_dev->fw_done);
1161 
1162 	if (parent)
1163 		device_lock(parent);
1164 
1165 	device_release_driver(dev);
1166 
1167 	if (parent)
1168 		device_unlock(parent);
1169 }
1170 
1171 static void ath9k_hif_usb_firmware_cb(const struct firmware *fw, void *context);
1172 
1173 /* taken from iwlwifi */
1174 static int ath9k_hif_request_firmware(struct hif_device_usb *hif_dev,
1175 				      bool first)
1176 {
1177 	char index[8], *chip;
1178 	int ret;
1179 
1180 	if (first) {
1181 		if (htc_use_dev_fw) {
1182 			hif_dev->fw_minor_index = FIRMWARE_MINOR_IDX_MAX + 1;
1183 			sprintf(index, "%s", "dev");
1184 		} else {
1185 			hif_dev->fw_minor_index = FIRMWARE_MINOR_IDX_MAX;
1186 			sprintf(index, "%d", hif_dev->fw_minor_index);
1187 		}
1188 	} else {
1189 		hif_dev->fw_minor_index--;
1190 		sprintf(index, "%d", hif_dev->fw_minor_index);
1191 	}
1192 
1193 	/* test for FW 1.3 */
1194 	if (MAJOR_VERSION_REQ == 1 && hif_dev->fw_minor_index == 3) {
1195 		const char *filename;
1196 
1197 		if (IS_AR7010_DEVICE(hif_dev->usb_device_id->driver_info))
1198 			filename = FIRMWARE_AR7010_1_1;
1199 		else
1200 			filename = FIRMWARE_AR9271;
1201 
1202 		/* expected fw locations:
1203 		 * - htc_9271.fw   (stable version 1.3, depricated)
1204 		 */
1205 		snprintf(hif_dev->fw_name, sizeof(hif_dev->fw_name),
1206 			 "%s", filename);
1207 
1208 	} else if (hif_dev->fw_minor_index < FIRMWARE_MINOR_IDX_MIN) {
1209 		dev_err(&hif_dev->udev->dev, "no suitable firmware found!\n");
1210 
1211 		return -ENOENT;
1212 	} else {
1213 		if (IS_AR7010_DEVICE(hif_dev->usb_device_id->driver_info))
1214 			chip = "7010";
1215 		else
1216 			chip = "9271";
1217 
1218 		/* expected fw locations:
1219 		 * - ath9k_htc/htc_9271-1.dev.0.fw (development version)
1220 		 * - ath9k_htc/htc_9271-1.4.0.fw   (stable version)
1221 		 */
1222 		snprintf(hif_dev->fw_name, sizeof(hif_dev->fw_name),
1223 			 "%s/htc_%s-%d.%s.0.fw", HTC_FW_PATH,
1224 			 chip, MAJOR_VERSION_REQ, index);
1225 	}
1226 
1227 	ret = request_firmware_nowait(THIS_MODULE, true, hif_dev->fw_name,
1228 				      &hif_dev->udev->dev, GFP_KERNEL,
1229 				      hif_dev, ath9k_hif_usb_firmware_cb);
1230 	if (ret) {
1231 		dev_err(&hif_dev->udev->dev,
1232 			"ath9k_htc: Async request for firmware %s failed\n",
1233 			hif_dev->fw_name);
1234 		return ret;
1235 	}
1236 
1237 	dev_info(&hif_dev->udev->dev, "ath9k_htc: Firmware %s requested\n",
1238 		 hif_dev->fw_name);
1239 
1240 	return ret;
1241 }
1242 
1243 static void ath9k_hif_usb_firmware_cb(const struct firmware *fw, void *context)
1244 {
1245 	struct hif_device_usb *hif_dev = context;
1246 	int ret;
1247 
1248 	if (!fw) {
1249 		ret = ath9k_hif_request_firmware(hif_dev, false);
1250 		if (!ret)
1251 			return;
1252 
1253 		dev_err(&hif_dev->udev->dev,
1254 			"ath9k_htc: Failed to get firmware %s\n",
1255 			hif_dev->fw_name);
1256 		goto err_fw;
1257 	}
1258 
1259 	hif_dev->htc_handle = ath9k_htc_hw_alloc(hif_dev, &hif_usb,
1260 						 &hif_dev->udev->dev);
1261 	if (hif_dev->htc_handle == NULL)
1262 		goto err_dev_alloc;
1263 
1264 	hif_dev->fw_data = fw->data;
1265 	hif_dev->fw_size = fw->size;
1266 
1267 	/* Proceed with initialization */
1268 
1269 	ret = ath9k_hif_usb_dev_init(hif_dev);
1270 	if (ret)
1271 		goto err_dev_init;
1272 
1273 	ret = ath9k_htc_hw_init(hif_dev->htc_handle,
1274 				&hif_dev->interface->dev,
1275 				hif_dev->usb_device_id->idProduct,
1276 				hif_dev->udev->product,
1277 				hif_dev->usb_device_id->driver_info);
1278 	if (ret) {
1279 		ret = -EINVAL;
1280 		goto err_htc_hw_init;
1281 	}
1282 
1283 	release_firmware(fw);
1284 	hif_dev->flags |= HIF_USB_READY;
1285 	complete_all(&hif_dev->fw_done);
1286 
1287 	return;
1288 
1289 err_htc_hw_init:
1290 	ath9k_hif_usb_dev_deinit(hif_dev);
1291 err_dev_init:
1292 	ath9k_htc_hw_free(hif_dev->htc_handle);
1293 err_dev_alloc:
1294 	release_firmware(fw);
1295 err_fw:
1296 	ath9k_hif_usb_firmware_fail(hif_dev);
1297 }
1298 
1299 /*
1300  * An exact copy of the function from zd1211rw.
1301  */
1302 static int send_eject_command(struct usb_interface *interface)
1303 {
1304 	struct usb_device *udev = interface_to_usbdev(interface);
1305 	struct usb_host_interface *iface_desc = interface->cur_altsetting;
1306 	struct usb_endpoint_descriptor *endpoint;
1307 	unsigned char *cmd;
1308 	u8 bulk_out_ep;
1309 	int r;
1310 
1311 	if (iface_desc->desc.bNumEndpoints < 2)
1312 		return -ENODEV;
1313 
1314 	/* Find bulk out endpoint */
1315 	for (r = 1; r >= 0; r--) {
1316 		endpoint = &iface_desc->endpoint[r].desc;
1317 		if (usb_endpoint_dir_out(endpoint) &&
1318 		    usb_endpoint_xfer_bulk(endpoint)) {
1319 			bulk_out_ep = endpoint->bEndpointAddress;
1320 			break;
1321 		}
1322 	}
1323 	if (r == -1) {
1324 		dev_err(&udev->dev,
1325 			"ath9k_htc: Could not find bulk out endpoint\n");
1326 		return -ENODEV;
1327 	}
1328 
1329 	cmd = kzalloc(31, GFP_KERNEL);
1330 	if (cmd == NULL)
1331 		return -ENODEV;
1332 
1333 	/* USB bulk command block */
1334 	cmd[0] = 0x55;	/* bulk command signature */
1335 	cmd[1] = 0x53;	/* bulk command signature */
1336 	cmd[2] = 0x42;	/* bulk command signature */
1337 	cmd[3] = 0x43;	/* bulk command signature */
1338 	cmd[14] = 6;	/* command length */
1339 
1340 	cmd[15] = 0x1b;	/* SCSI command: START STOP UNIT */
1341 	cmd[19] = 0x2;	/* eject disc */
1342 
1343 	dev_info(&udev->dev, "Ejecting storage device...\n");
1344 	r = usb_bulk_msg(udev, usb_sndbulkpipe(udev, bulk_out_ep),
1345 		cmd, 31, NULL, 2 * USB_MSG_TIMEOUT);
1346 	kfree(cmd);
1347 	if (r)
1348 		return r;
1349 
1350 	/* At this point, the device disconnects and reconnects with the real
1351 	 * ID numbers. */
1352 
1353 	usb_set_intfdata(interface, NULL);
1354 	return 0;
1355 }
1356 
1357 static int ath9k_hif_usb_probe(struct usb_interface *interface,
1358 			       const struct usb_device_id *id)
1359 {
1360 	struct usb_endpoint_descriptor *bulk_in, *bulk_out, *int_in, *int_out;
1361 	struct usb_device *udev = interface_to_usbdev(interface);
1362 	struct usb_host_interface *alt;
1363 	struct hif_device_usb *hif_dev;
1364 	int ret = 0;
1365 
1366 	/* Verify the expected endpoints are present */
1367 	alt = interface->cur_altsetting;
1368 	if (usb_find_common_endpoints(alt, &bulk_in, &bulk_out, &int_in, &int_out) < 0 ||
1369 	    usb_endpoint_num(bulk_in) != USB_WLAN_RX_PIPE ||
1370 	    usb_endpoint_num(bulk_out) != USB_WLAN_TX_PIPE ||
1371 	    usb_endpoint_num(int_in) != USB_REG_IN_PIPE ||
1372 	    usb_endpoint_num(int_out) != USB_REG_OUT_PIPE) {
1373 		dev_err(&udev->dev,
1374 			"ath9k_htc: Device endpoint numbers are not the expected ones\n");
1375 		return -ENODEV;
1376 	}
1377 
1378 	if (id->driver_info == STORAGE_DEVICE)
1379 		return send_eject_command(interface);
1380 
1381 	hif_dev = kzalloc(sizeof(struct hif_device_usb), GFP_KERNEL);
1382 	if (!hif_dev) {
1383 		ret = -ENOMEM;
1384 		goto err_alloc;
1385 	}
1386 
1387 	usb_get_dev(udev);
1388 
1389 	hif_dev->udev = udev;
1390 	hif_dev->interface = interface;
1391 	hif_dev->usb_device_id = id;
1392 #ifdef CONFIG_PM
1393 	udev->reset_resume = 1;
1394 #endif
1395 	usb_set_intfdata(interface, hif_dev);
1396 
1397 	init_completion(&hif_dev->fw_done);
1398 
1399 	ret = ath9k_hif_request_firmware(hif_dev, true);
1400 	if (ret)
1401 		goto err_fw_req;
1402 
1403 	return ret;
1404 
1405 err_fw_req:
1406 	usb_set_intfdata(interface, NULL);
1407 	kfree(hif_dev);
1408 	usb_put_dev(udev);
1409 err_alloc:
1410 	return ret;
1411 }
1412 
1413 static void ath9k_hif_usb_reboot(struct usb_device *udev)
1414 {
1415 	u32 reboot_cmd = 0xffffffff;
1416 	void *buf;
1417 	int ret;
1418 
1419 	buf = kmemdup(&reboot_cmd, 4, GFP_KERNEL);
1420 	if (!buf)
1421 		return;
1422 
1423 	ret = usb_interrupt_msg(udev, usb_sndintpipe(udev, USB_REG_OUT_PIPE),
1424 			   buf, 4, NULL, USB_MSG_TIMEOUT);
1425 	if (ret)
1426 		dev_err(&udev->dev, "ath9k_htc: USB reboot failed\n");
1427 
1428 	kfree(buf);
1429 }
1430 
1431 static void ath9k_hif_usb_disconnect(struct usb_interface *interface)
1432 {
1433 	struct usb_device *udev = interface_to_usbdev(interface);
1434 	struct hif_device_usb *hif_dev = usb_get_intfdata(interface);
1435 	bool unplugged = udev->state == USB_STATE_NOTATTACHED;
1436 
1437 	if (!hif_dev)
1438 		return;
1439 
1440 	wait_for_completion(&hif_dev->fw_done);
1441 
1442 	if (hif_dev->flags & HIF_USB_READY) {
1443 		ath9k_htc_hw_deinit(hif_dev->htc_handle, unplugged);
1444 		ath9k_htc_hw_free(hif_dev->htc_handle);
1445 	}
1446 
1447 	usb_set_intfdata(interface, NULL);
1448 
1449 	/* If firmware was loaded we should drop it
1450 	 * go back to first stage bootloader. */
1451 	if (!unplugged && (hif_dev->flags & HIF_USB_READY))
1452 		ath9k_hif_usb_reboot(udev);
1453 
1454 	kfree(hif_dev);
1455 	dev_info(&udev->dev, "ath9k_htc: USB layer deinitialized\n");
1456 	usb_put_dev(udev);
1457 }
1458 
1459 #ifdef CONFIG_PM
1460 static int ath9k_hif_usb_suspend(struct usb_interface *interface,
1461 				 pm_message_t message)
1462 {
1463 	struct hif_device_usb *hif_dev = usb_get_intfdata(interface);
1464 
1465 	/*
1466 	 * The device has to be set to FULLSLEEP mode in case no
1467 	 * interface is up.
1468 	 */
1469 	if (!(hif_dev->flags & HIF_USB_START))
1470 		ath9k_htc_suspend(hif_dev->htc_handle);
1471 
1472 	wait_for_completion(&hif_dev->fw_done);
1473 
1474 	if (hif_dev->flags & HIF_USB_READY)
1475 		ath9k_hif_usb_dealloc_urbs(hif_dev);
1476 
1477 	return 0;
1478 }
1479 
1480 static int ath9k_hif_usb_resume(struct usb_interface *interface)
1481 {
1482 	struct hif_device_usb *hif_dev = usb_get_intfdata(interface);
1483 	struct htc_target *htc_handle = hif_dev->htc_handle;
1484 	int ret;
1485 	const struct firmware *fw;
1486 
1487 	ret = ath9k_hif_usb_alloc_urbs(hif_dev);
1488 	if (ret)
1489 		return ret;
1490 
1491 	if (hif_dev->flags & HIF_USB_READY) {
1492 		/* request cached firmware during suspend/resume cycle */
1493 		ret = request_firmware(&fw, hif_dev->fw_name,
1494 				       &hif_dev->udev->dev);
1495 		if (ret)
1496 			goto fail_resume;
1497 
1498 		hif_dev->fw_data = fw->data;
1499 		hif_dev->fw_size = fw->size;
1500 		ret = ath9k_hif_usb_download_fw(hif_dev);
1501 		release_firmware(fw);
1502 		if (ret)
1503 			goto fail_resume;
1504 	} else {
1505 		ath9k_hif_usb_dealloc_urbs(hif_dev);
1506 		return -EIO;
1507 	}
1508 
1509 	mdelay(100);
1510 
1511 	ret = ath9k_htc_resume(htc_handle);
1512 
1513 	if (ret)
1514 		goto fail_resume;
1515 
1516 	return 0;
1517 
1518 fail_resume:
1519 	ath9k_hif_usb_dealloc_urbs(hif_dev);
1520 
1521 	return ret;
1522 }
1523 #endif
1524 
1525 static struct usb_driver ath9k_hif_usb_driver = {
1526 	.name = KBUILD_MODNAME,
1527 	.probe = ath9k_hif_usb_probe,
1528 	.disconnect = ath9k_hif_usb_disconnect,
1529 #ifdef CONFIG_PM
1530 	.suspend = ath9k_hif_usb_suspend,
1531 	.resume = ath9k_hif_usb_resume,
1532 	.reset_resume = ath9k_hif_usb_resume,
1533 #endif
1534 	.id_table = ath9k_hif_usb_ids,
1535 	.soft_unbind = 1,
1536 	.disable_hub_initiated_lpm = 1,
1537 };
1538 
1539 int ath9k_hif_usb_init(void)
1540 {
1541 	return usb_register(&ath9k_hif_usb_driver);
1542 }
1543 
1544 void ath9k_hif_usb_exit(void)
1545 {
1546 	usb_deregister(&ath9k_hif_usb_driver);
1547 }
1548