1 /*
2  * Atheros CARL9170 driver
3  *
4  * USB - frontend
5  *
6  * Copyright 2008, Johannes Berg <johannes@sipsolutions.net>
7  * Copyright 2009, 2010, Christian Lamparter <chunkeey@googlemail.com>
8  *
9  * This program is free software; you can redistribute it and/or modify
10  * it under the terms of the GNU General Public License as published by
11  * the Free Software Foundation; either version 2 of the License, or
12  * (at your option) any later version.
13  *
14  * This program is distributed in the hope that it will be useful,
15  * but WITHOUT ANY WARRANTY; without even the implied warranty of
16  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17  * GNU General Public License for more details.
18  *
19  * You should have received a copy of the GNU General Public License
20  * along with this program; see the file COPYING.  If not, see
21  * http://www.gnu.org/licenses/.
22  *
23  * This file incorporates work covered by the following copyright and
24  * permission notice:
25  *    Copyright (c) 2007-2008 Atheros Communications, Inc.
26  *
27  *    Permission to use, copy, modify, and/or distribute this software for any
28  *    purpose with or without fee is hereby granted, provided that the above
29  *    copyright notice and this permission notice appear in all copies.
30  *
31  *    THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
32  *    WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
33  *    MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
34  *    ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
35  *    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
36  *    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
37  *    OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
38  */
39 
40 #include <linux/module.h>
41 #include <linux/slab.h>
42 #include <linux/usb.h>
43 #include <linux/firmware.h>
44 #include <linux/etherdevice.h>
45 #include <linux/device.h>
46 #include <net/mac80211.h>
47 #include "carl9170.h"
48 #include "cmd.h"
49 #include "hw.h"
50 #include "fwcmd.h"
51 
52 MODULE_AUTHOR("Johannes Berg <johannes@sipsolutions.net>");
53 MODULE_AUTHOR("Christian Lamparter <chunkeey@googlemail.com>");
54 MODULE_LICENSE("GPL");
55 MODULE_DESCRIPTION("Atheros AR9170 802.11n USB wireless");
56 MODULE_FIRMWARE(CARL9170FW_NAME);
57 MODULE_ALIAS("ar9170usb");
58 MODULE_ALIAS("arusb_lnx");
59 
60 /*
61  * Note:
62  *
63  * Always update our wiki's device list (located at:
64  * http://wireless.kernel.org/en/users/Drivers/ar9170/devices ),
65  * whenever you add a new device.
66  */
67 static struct usb_device_id carl9170_usb_ids[] = {
68 	/* Atheros 9170 */
69 	{ USB_DEVICE(0x0cf3, 0x9170) },
70 	/* Atheros TG121N */
71 	{ USB_DEVICE(0x0cf3, 0x1001) },
72 	/* TP-Link TL-WN821N v2 */
73 	{ USB_DEVICE(0x0cf3, 0x1002), .driver_info = CARL9170_WPS_BUTTON |
74 		 CARL9170_ONE_LED },
75 	/* 3Com Dual Band 802.11n USB Adapter */
76 	{ USB_DEVICE(0x0cf3, 0x1010) },
77 	/* H3C Dual Band 802.11n USB Adapter */
78 	{ USB_DEVICE(0x0cf3, 0x1011) },
79 	/* Cace Airpcap NX */
80 	{ USB_DEVICE(0xcace, 0x0300) },
81 	/* D-Link DWA 160 A1 */
82 	{ USB_DEVICE(0x07d1, 0x3c10) },
83 	/* D-Link DWA 160 A2 */
84 	{ USB_DEVICE(0x07d1, 0x3a09) },
85 	/* D-Link DWA 130 D */
86 	{ USB_DEVICE(0x07d1, 0x3a0f) },
87 	/* Netgear WNA1000 */
88 	{ USB_DEVICE(0x0846, 0x9040) },
89 	/* Netgear WNDA3100 (v1) */
90 	{ USB_DEVICE(0x0846, 0x9010) },
91 	/* Netgear WN111 v2 */
92 	{ USB_DEVICE(0x0846, 0x9001), .driver_info = CARL9170_ONE_LED },
93 	/* Zydas ZD1221 */
94 	{ USB_DEVICE(0x0ace, 0x1221) },
95 	/* Proxim ORiNOCO 802.11n USB */
96 	{ USB_DEVICE(0x1435, 0x0804) },
97 	/* WNC Generic 11n USB Dongle */
98 	{ USB_DEVICE(0x1435, 0x0326) },
99 	/* ZyXEL NWD271N */
100 	{ USB_DEVICE(0x0586, 0x3417) },
101 	/* Z-Com UB81 BG */
102 	{ USB_DEVICE(0x0cde, 0x0023) },
103 	/* Z-Com UB82 ABG */
104 	{ USB_DEVICE(0x0cde, 0x0026) },
105 	/* Sphairon Homelink 1202 */
106 	{ USB_DEVICE(0x0cde, 0x0027) },
107 	/* Arcadyan WN7512 */
108 	{ USB_DEVICE(0x083a, 0xf522) },
109 	/* Planex GWUS300 */
110 	{ USB_DEVICE(0x2019, 0x5304) },
111 	/* IO-Data WNGDNUS2 */
112 	{ USB_DEVICE(0x04bb, 0x093f) },
113 	/* NEC WL300NU-G */
114 	{ USB_DEVICE(0x0409, 0x0249) },
115 	/* NEC WL300NU-AG */
116 	{ USB_DEVICE(0x0409, 0x02b4) },
117 	/* AVM FRITZ!WLAN USB Stick N */
118 	{ USB_DEVICE(0x057c, 0x8401) },
119 	/* AVM FRITZ!WLAN USB Stick N 2.4 */
120 	{ USB_DEVICE(0x057c, 0x8402) },
121 	/* Qwest/Actiontec 802AIN Wireless N USB Network Adapter */
122 	{ USB_DEVICE(0x1668, 0x1200) },
123 	/* Airlive X.USB a/b/g/n */
124 	{ USB_DEVICE(0x1b75, 0x9170) },
125 
126 	/* terminate */
127 	{}
128 };
129 MODULE_DEVICE_TABLE(usb, carl9170_usb_ids);
130 
131 static void carl9170_usb_submit_data_urb(struct ar9170 *ar)
132 {
133 	struct urb *urb;
134 	int err;
135 
136 	if (atomic_inc_return(&ar->tx_anch_urbs) > AR9170_NUM_TX_URBS)
137 		goto err_acc;
138 
139 	urb = usb_get_from_anchor(&ar->tx_wait);
140 	if (!urb)
141 		goto err_acc;
142 
143 	usb_anchor_urb(urb, &ar->tx_anch);
144 
145 	err = usb_submit_urb(urb, GFP_ATOMIC);
146 	if (unlikely(err)) {
147 		if (net_ratelimit()) {
148 			dev_err(&ar->udev->dev, "tx submit failed (%d)\n",
149 				urb->status);
150 		}
151 
152 		usb_unanchor_urb(urb);
153 		usb_anchor_urb(urb, &ar->tx_err);
154 	}
155 
156 	usb_free_urb(urb);
157 
158 	if (likely(err == 0))
159 		return;
160 
161 err_acc:
162 	atomic_dec(&ar->tx_anch_urbs);
163 }
164 
165 static void carl9170_usb_tx_data_complete(struct urb *urb)
166 {
167 	struct ar9170 *ar = usb_get_intfdata(usb_ifnum_to_if(urb->dev, 0));
168 
169 	if (WARN_ON_ONCE(!ar)) {
170 		dev_kfree_skb_irq(urb->context);
171 		return;
172 	}
173 
174 	atomic_dec(&ar->tx_anch_urbs);
175 
176 	switch (urb->status) {
177 	/* everything is fine */
178 	case 0:
179 		carl9170_tx_callback(ar, (void *)urb->context);
180 		break;
181 
182 	/* disconnect */
183 	case -ENOENT:
184 	case -ECONNRESET:
185 	case -ENODEV:
186 	case -ESHUTDOWN:
187 		/*
188 		 * Defer the frame clean-up to the tasklet worker.
189 		 * This is necessary, because carl9170_tx_drop
190 		 * does not work in an irqsave context.
191 		 */
192 		usb_anchor_urb(urb, &ar->tx_err);
193 		return;
194 
195 	/* a random transmission error has occurred? */
196 	default:
197 		if (net_ratelimit()) {
198 			dev_err(&ar->udev->dev, "tx failed (%d)\n",
199 				urb->status);
200 		}
201 
202 		usb_anchor_urb(urb, &ar->tx_err);
203 		break;
204 	}
205 
206 	if (likely(IS_STARTED(ar)))
207 		carl9170_usb_submit_data_urb(ar);
208 }
209 
210 static int carl9170_usb_submit_cmd_urb(struct ar9170 *ar)
211 {
212 	struct urb *urb;
213 	int err;
214 
215 	if (atomic_inc_return(&ar->tx_cmd_urbs) != 1) {
216 		atomic_dec(&ar->tx_cmd_urbs);
217 		return 0;
218 	}
219 
220 	urb = usb_get_from_anchor(&ar->tx_cmd);
221 	if (!urb) {
222 		atomic_dec(&ar->tx_cmd_urbs);
223 		return 0;
224 	}
225 
226 	usb_anchor_urb(urb, &ar->tx_anch);
227 	err = usb_submit_urb(urb, GFP_ATOMIC);
228 	if (unlikely(err)) {
229 		usb_unanchor_urb(urb);
230 		atomic_dec(&ar->tx_cmd_urbs);
231 	}
232 	usb_free_urb(urb);
233 
234 	return err;
235 }
236 
237 static void carl9170_usb_cmd_complete(struct urb *urb)
238 {
239 	struct ar9170 *ar = urb->context;
240 	int err = 0;
241 
242 	if (WARN_ON_ONCE(!ar))
243 		return;
244 
245 	atomic_dec(&ar->tx_cmd_urbs);
246 
247 	switch (urb->status) {
248 	/* everything is fine */
249 	case 0:
250 		break;
251 
252 	/* disconnect */
253 	case -ENOENT:
254 	case -ECONNRESET:
255 	case -ENODEV:
256 	case -ESHUTDOWN:
257 		return;
258 
259 	default:
260 		err = urb->status;
261 		break;
262 	}
263 
264 	if (!IS_INITIALIZED(ar))
265 		return;
266 
267 	if (err)
268 		dev_err(&ar->udev->dev, "submit cmd cb failed (%d).\n", err);
269 
270 	err = carl9170_usb_submit_cmd_urb(ar);
271 	if (err)
272 		dev_err(&ar->udev->dev, "submit cmd failed (%d).\n", err);
273 }
274 
275 static void carl9170_usb_rx_irq_complete(struct urb *urb)
276 {
277 	struct ar9170 *ar = urb->context;
278 
279 	if (WARN_ON_ONCE(!ar))
280 		return;
281 
282 	switch (urb->status) {
283 	/* everything is fine */
284 	case 0:
285 		break;
286 
287 	/* disconnect */
288 	case -ENOENT:
289 	case -ECONNRESET:
290 	case -ENODEV:
291 	case -ESHUTDOWN:
292 		return;
293 
294 	default:
295 		goto resubmit;
296 	}
297 
298 	/*
299 	 * While the carl9170 firmware does not use this EP, the
300 	 * firmware loader in the EEPROM unfortunately does.
301 	 * Therefore we need to be ready to handle out-of-band
302 	 * responses and traps in case the firmware crashed and
303 	 * the loader took over again.
304 	 */
305 	carl9170_handle_command_response(ar, urb->transfer_buffer,
306 					 urb->actual_length);
307 
308 resubmit:
309 	usb_anchor_urb(urb, &ar->rx_anch);
310 	if (unlikely(usb_submit_urb(urb, GFP_ATOMIC)))
311 		usb_unanchor_urb(urb);
312 }
313 
314 static int carl9170_usb_submit_rx_urb(struct ar9170 *ar, gfp_t gfp)
315 {
316 	struct urb *urb;
317 	int err = 0, runs = 0;
318 
319 	while ((atomic_read(&ar->rx_anch_urbs) < AR9170_NUM_RX_URBS) &&
320 		(runs++ < AR9170_NUM_RX_URBS)) {
321 		err = -ENOSPC;
322 		urb = usb_get_from_anchor(&ar->rx_pool);
323 		if (urb) {
324 			usb_anchor_urb(urb, &ar->rx_anch);
325 			err = usb_submit_urb(urb, gfp);
326 			if (unlikely(err)) {
327 				usb_unanchor_urb(urb);
328 				usb_anchor_urb(urb, &ar->rx_pool);
329 			} else {
330 				atomic_dec(&ar->rx_pool_urbs);
331 				atomic_inc(&ar->rx_anch_urbs);
332 			}
333 			usb_free_urb(urb);
334 		}
335 	}
336 
337 	return err;
338 }
339 
340 static void carl9170_usb_rx_work(struct ar9170 *ar)
341 {
342 	struct urb *urb;
343 	int i;
344 
345 	for (i = 0; i < AR9170_NUM_RX_URBS_POOL; i++) {
346 		urb = usb_get_from_anchor(&ar->rx_work);
347 		if (!urb)
348 			break;
349 
350 		atomic_dec(&ar->rx_work_urbs);
351 		if (IS_INITIALIZED(ar)) {
352 			carl9170_rx(ar, urb->transfer_buffer,
353 				    urb->actual_length);
354 		}
355 
356 		usb_anchor_urb(urb, &ar->rx_pool);
357 		atomic_inc(&ar->rx_pool_urbs);
358 
359 		usb_free_urb(urb);
360 
361 		carl9170_usb_submit_rx_urb(ar, GFP_ATOMIC);
362 	}
363 }
364 
365 void carl9170_usb_handle_tx_err(struct ar9170 *ar)
366 {
367 	struct urb *urb;
368 
369 	while ((urb = usb_get_from_anchor(&ar->tx_err))) {
370 		struct sk_buff *skb = (void *)urb->context;
371 
372 		carl9170_tx_drop(ar, skb);
373 		carl9170_tx_callback(ar, skb);
374 		usb_free_urb(urb);
375 	}
376 }
377 
378 static void carl9170_usb_tasklet(unsigned long data)
379 {
380 	struct ar9170 *ar = (struct ar9170 *) data;
381 
382 	if (!IS_INITIALIZED(ar))
383 		return;
384 
385 	carl9170_usb_rx_work(ar);
386 
387 	/*
388 	 * Strictly speaking: The tx scheduler is not part of the USB system.
389 	 * But the rx worker returns frames back to the mac80211-stack and
390 	 * this is the _perfect_ place to generate the next transmissions.
391 	 */
392 	if (IS_STARTED(ar))
393 		carl9170_tx_scheduler(ar);
394 }
395 
396 static void carl9170_usb_rx_complete(struct urb *urb)
397 {
398 	struct ar9170 *ar = (struct ar9170 *)urb->context;
399 	int err;
400 
401 	if (WARN_ON_ONCE(!ar))
402 		return;
403 
404 	atomic_dec(&ar->rx_anch_urbs);
405 
406 	switch (urb->status) {
407 	case 0:
408 		/* rx path */
409 		usb_anchor_urb(urb, &ar->rx_work);
410 		atomic_inc(&ar->rx_work_urbs);
411 		break;
412 
413 	case -ENOENT:
414 	case -ECONNRESET:
415 	case -ENODEV:
416 	case -ESHUTDOWN:
417 		/* handle disconnect events*/
418 		return;
419 
420 	default:
421 		/* handle all other errors */
422 		usb_anchor_urb(urb, &ar->rx_pool);
423 		atomic_inc(&ar->rx_pool_urbs);
424 		break;
425 	}
426 
427 	err = carl9170_usb_submit_rx_urb(ar, GFP_ATOMIC);
428 	if (unlikely(err)) {
429 		/*
430 		 * usb_submit_rx_urb reported a problem.
431 		 * In case this is due to a rx buffer shortage,
432 		 * elevate the tasklet worker priority to
433 		 * the highest available level.
434 		 */
435 		tasklet_hi_schedule(&ar->usb_tasklet);
436 
437 		if (atomic_read(&ar->rx_anch_urbs) == 0) {
438 			/*
439 			 * The system is too slow to cope with
440 			 * the enormous workload. We have simply
441 			 * run out of active rx urbs and this
442 			 * unfortunately leads to an unpredictable
443 			 * device.
444 			 */
445 
446 			ieee80211_queue_work(ar->hw, &ar->ping_work);
447 		}
448 	} else {
449 		/*
450 		 * Using anything less than _high_ priority absolutely
451 		 * kills the rx performance my UP-System...
452 		 */
453 		tasklet_hi_schedule(&ar->usb_tasklet);
454 	}
455 }
456 
457 static struct urb *carl9170_usb_alloc_rx_urb(struct ar9170 *ar, gfp_t gfp)
458 {
459 	struct urb *urb;
460 	void *buf;
461 
462 	buf = kmalloc(ar->fw.rx_size, gfp);
463 	if (!buf)
464 		return NULL;
465 
466 	urb = usb_alloc_urb(0, gfp);
467 	if (!urb) {
468 		kfree(buf);
469 		return NULL;
470 	}
471 
472 	usb_fill_bulk_urb(urb, ar->udev, usb_rcvbulkpipe(ar->udev,
473 			  AR9170_USB_EP_RX), buf, ar->fw.rx_size,
474 			  carl9170_usb_rx_complete, ar);
475 
476 	urb->transfer_flags |= URB_FREE_BUFFER;
477 
478 	return urb;
479 }
480 
481 static int carl9170_usb_send_rx_irq_urb(struct ar9170 *ar)
482 {
483 	struct urb *urb = NULL;
484 	void *ibuf;
485 	int err = -ENOMEM;
486 
487 	urb = usb_alloc_urb(0, GFP_KERNEL);
488 	if (!urb)
489 		goto out;
490 
491 	ibuf = kmalloc(AR9170_USB_EP_CTRL_MAX, GFP_KERNEL);
492 	if (!ibuf)
493 		goto out;
494 
495 	usb_fill_int_urb(urb, ar->udev, usb_rcvintpipe(ar->udev,
496 			 AR9170_USB_EP_IRQ), ibuf, AR9170_USB_EP_CTRL_MAX,
497 			 carl9170_usb_rx_irq_complete, ar, 1);
498 
499 	urb->transfer_flags |= URB_FREE_BUFFER;
500 
501 	usb_anchor_urb(urb, &ar->rx_anch);
502 	err = usb_submit_urb(urb, GFP_KERNEL);
503 	if (err)
504 		usb_unanchor_urb(urb);
505 
506 out:
507 	usb_free_urb(urb);
508 	return err;
509 }
510 
511 static int carl9170_usb_init_rx_bulk_urbs(struct ar9170 *ar)
512 {
513 	struct urb *urb;
514 	int i, err = -EINVAL;
515 
516 	/*
517 	 * The driver actively maintains a second shadow
518 	 * pool for inactive, but fully-prepared rx urbs.
519 	 *
520 	 * The pool should help the driver to master huge
521 	 * workload spikes without running the risk of
522 	 * undersupplying the hardware or wasting time by
523 	 * processing rx data (streams) inside the urb
524 	 * completion (hardirq context).
525 	 */
526 	for (i = 0; i < AR9170_NUM_RX_URBS_POOL; i++) {
527 		urb = carl9170_usb_alloc_rx_urb(ar, GFP_KERNEL);
528 		if (!urb) {
529 			err = -ENOMEM;
530 			goto err_out;
531 		}
532 
533 		usb_anchor_urb(urb, &ar->rx_pool);
534 		atomic_inc(&ar->rx_pool_urbs);
535 		usb_free_urb(urb);
536 	}
537 
538 	err = carl9170_usb_submit_rx_urb(ar, GFP_KERNEL);
539 	if (err)
540 		goto err_out;
541 
542 	/* the device now waiting for the firmware. */
543 	carl9170_set_state_when(ar, CARL9170_STOPPED, CARL9170_IDLE);
544 	return 0;
545 
546 err_out:
547 
548 	usb_scuttle_anchored_urbs(&ar->rx_pool);
549 	usb_scuttle_anchored_urbs(&ar->rx_work);
550 	usb_kill_anchored_urbs(&ar->rx_anch);
551 	return err;
552 }
553 
554 static int carl9170_usb_flush(struct ar9170 *ar)
555 {
556 	struct urb *urb;
557 	int ret, err = 0;
558 
559 	while ((urb = usb_get_from_anchor(&ar->tx_wait))) {
560 		struct sk_buff *skb = (void *)urb->context;
561 		carl9170_tx_drop(ar, skb);
562 		carl9170_tx_callback(ar, skb);
563 		usb_free_urb(urb);
564 	}
565 
566 	ret = usb_wait_anchor_empty_timeout(&ar->tx_cmd, 1000);
567 	if (ret == 0)
568 		err = -ETIMEDOUT;
569 
570 	/* lets wait a while until the tx - queues are dried out */
571 	ret = usb_wait_anchor_empty_timeout(&ar->tx_anch, 1000);
572 	if (ret == 0)
573 		err = -ETIMEDOUT;
574 
575 	usb_kill_anchored_urbs(&ar->tx_anch);
576 	carl9170_usb_handle_tx_err(ar);
577 
578 	return err;
579 }
580 
581 static void carl9170_usb_cancel_urbs(struct ar9170 *ar)
582 {
583 	int err;
584 
585 	carl9170_set_state(ar, CARL9170_UNKNOWN_STATE);
586 
587 	err = carl9170_usb_flush(ar);
588 	if (err)
589 		dev_err(&ar->udev->dev, "stuck tx urbs!\n");
590 
591 	usb_poison_anchored_urbs(&ar->tx_anch);
592 	carl9170_usb_handle_tx_err(ar);
593 	usb_poison_anchored_urbs(&ar->rx_anch);
594 
595 	tasklet_kill(&ar->usb_tasklet);
596 
597 	usb_scuttle_anchored_urbs(&ar->rx_work);
598 	usb_scuttle_anchored_urbs(&ar->rx_pool);
599 	usb_scuttle_anchored_urbs(&ar->tx_cmd);
600 }
601 
602 int __carl9170_exec_cmd(struct ar9170 *ar, struct carl9170_cmd *cmd,
603 			const bool free_buf)
604 {
605 	struct urb *urb;
606 	int err = 0;
607 
608 	if (!IS_INITIALIZED(ar)) {
609 		err = -EPERM;
610 		goto err_free;
611 	}
612 
613 	if (WARN_ON(cmd->hdr.len > CARL9170_MAX_CMD_LEN - 4)) {
614 		err = -EINVAL;
615 		goto err_free;
616 	}
617 
618 	urb = usb_alloc_urb(0, GFP_ATOMIC);
619 	if (!urb) {
620 		err = -ENOMEM;
621 		goto err_free;
622 	}
623 
624 	if (ar->usb_ep_cmd_is_bulk)
625 		usb_fill_bulk_urb(urb, ar->udev,
626 				  usb_sndbulkpipe(ar->udev, AR9170_USB_EP_CMD),
627 				  cmd, cmd->hdr.len + 4,
628 				  carl9170_usb_cmd_complete, ar);
629 	else
630 		usb_fill_int_urb(urb, ar->udev,
631 				 usb_sndintpipe(ar->udev, AR9170_USB_EP_CMD),
632 				 cmd, cmd->hdr.len + 4,
633 				 carl9170_usb_cmd_complete, ar, 1);
634 
635 	if (free_buf)
636 		urb->transfer_flags |= URB_FREE_BUFFER;
637 
638 	usb_anchor_urb(urb, &ar->tx_cmd);
639 	usb_free_urb(urb);
640 
641 	return carl9170_usb_submit_cmd_urb(ar);
642 
643 err_free:
644 	if (free_buf)
645 		kfree(cmd);
646 
647 	return err;
648 }
649 
650 int carl9170_exec_cmd(struct ar9170 *ar, const enum carl9170_cmd_oids cmd,
651 	unsigned int plen, void *payload, unsigned int outlen, void *out)
652 {
653 	int err = -ENOMEM;
654 
655 	if (!IS_ACCEPTING_CMD(ar))
656 		return -EIO;
657 
658 	if (!(cmd & CARL9170_CMD_ASYNC_FLAG))
659 		might_sleep();
660 
661 	ar->cmd.hdr.len = plen;
662 	ar->cmd.hdr.cmd = cmd;
663 	/* writing multiple regs fills this buffer already */
664 	if (plen && payload != (u8 *)(ar->cmd.data))
665 		memcpy(ar->cmd.data, payload, plen);
666 
667 	spin_lock_bh(&ar->cmd_lock);
668 	ar->readbuf = (u8 *)out;
669 	ar->readlen = outlen;
670 	spin_unlock_bh(&ar->cmd_lock);
671 
672 	err = __carl9170_exec_cmd(ar, &ar->cmd, false);
673 
674 	if (!(cmd & CARL9170_CMD_ASYNC_FLAG)) {
675 		err = wait_for_completion_timeout(&ar->cmd_wait, HZ);
676 		if (err == 0) {
677 			err = -ETIMEDOUT;
678 			goto err_unbuf;
679 		}
680 
681 		if (ar->readlen != outlen) {
682 			err = -EMSGSIZE;
683 			goto err_unbuf;
684 		}
685 	}
686 
687 	return 0;
688 
689 err_unbuf:
690 	/* Maybe the device was removed in the moment we were waiting? */
691 	if (IS_STARTED(ar)) {
692 		dev_err(&ar->udev->dev, "no command feedback "
693 			"received (%d).\n", err);
694 
695 		/* provide some maybe useful debug information */
696 		print_hex_dump_bytes("carl9170 cmd: ", DUMP_PREFIX_NONE,
697 				     &ar->cmd, plen + 4);
698 
699 		carl9170_restart(ar, CARL9170_RR_COMMAND_TIMEOUT);
700 	}
701 
702 	/* invalidate to avoid completing the next command prematurely */
703 	spin_lock_bh(&ar->cmd_lock);
704 	ar->readbuf = NULL;
705 	ar->readlen = 0;
706 	spin_unlock_bh(&ar->cmd_lock);
707 
708 	return err;
709 }
710 
711 void carl9170_usb_tx(struct ar9170 *ar, struct sk_buff *skb)
712 {
713 	struct urb *urb;
714 	struct ar9170_stream *tx_stream;
715 	void *data;
716 	unsigned int len;
717 
718 	if (!IS_STARTED(ar))
719 		goto err_drop;
720 
721 	urb = usb_alloc_urb(0, GFP_ATOMIC);
722 	if (!urb)
723 		goto err_drop;
724 
725 	if (ar->fw.tx_stream) {
726 		tx_stream = (void *) (skb->data - sizeof(*tx_stream));
727 
728 		len = skb->len + sizeof(*tx_stream);
729 		tx_stream->length = cpu_to_le16(len);
730 		tx_stream->tag = cpu_to_le16(AR9170_TX_STREAM_TAG);
731 		data = tx_stream;
732 	} else {
733 		data = skb->data;
734 		len = skb->len;
735 	}
736 
737 	usb_fill_bulk_urb(urb, ar->udev, usb_sndbulkpipe(ar->udev,
738 		AR9170_USB_EP_TX), data, len,
739 		carl9170_usb_tx_data_complete, skb);
740 
741 	urb->transfer_flags |= URB_ZERO_PACKET;
742 
743 	usb_anchor_urb(urb, &ar->tx_wait);
744 
745 	usb_free_urb(urb);
746 
747 	carl9170_usb_submit_data_urb(ar);
748 	return;
749 
750 err_drop:
751 	carl9170_tx_drop(ar, skb);
752 	carl9170_tx_callback(ar, skb);
753 }
754 
755 static void carl9170_release_firmware(struct ar9170 *ar)
756 {
757 	if (ar->fw.fw) {
758 		release_firmware(ar->fw.fw);
759 		memset(&ar->fw, 0, sizeof(ar->fw));
760 	}
761 }
762 
763 void carl9170_usb_stop(struct ar9170 *ar)
764 {
765 	int ret;
766 
767 	carl9170_set_state_when(ar, CARL9170_IDLE, CARL9170_STOPPED);
768 
769 	ret = carl9170_usb_flush(ar);
770 	if (ret)
771 		dev_err(&ar->udev->dev, "kill pending tx urbs.\n");
772 
773 	usb_poison_anchored_urbs(&ar->tx_anch);
774 	carl9170_usb_handle_tx_err(ar);
775 
776 	/* kill any pending command */
777 	spin_lock_bh(&ar->cmd_lock);
778 	ar->readlen = 0;
779 	spin_unlock_bh(&ar->cmd_lock);
780 	complete_all(&ar->cmd_wait);
781 
782 	/* This is required to prevent an early completion on _start */
783 	reinit_completion(&ar->cmd_wait);
784 
785 	/*
786 	 * Note:
787 	 * So far we freed all tx urbs, but we won't dare to touch any rx urbs.
788 	 * Else we would end up with a unresponsive device...
789 	 */
790 }
791 
792 int carl9170_usb_open(struct ar9170 *ar)
793 {
794 	usb_unpoison_anchored_urbs(&ar->tx_anch);
795 
796 	carl9170_set_state_when(ar, CARL9170_STOPPED, CARL9170_IDLE);
797 	return 0;
798 }
799 
800 static int carl9170_usb_load_firmware(struct ar9170 *ar)
801 {
802 	const u8 *data;
803 	u8 *buf;
804 	unsigned int transfer;
805 	size_t len;
806 	u32 addr;
807 	int err = 0;
808 
809 	buf = kmalloc(4096, GFP_KERNEL);
810 	if (!buf) {
811 		err = -ENOMEM;
812 		goto err_out;
813 	}
814 
815 	data = ar->fw.fw->data;
816 	len = ar->fw.fw->size;
817 	addr = ar->fw.address;
818 
819 	/* this removes the miniboot image */
820 	data += ar->fw.offset;
821 	len -= ar->fw.offset;
822 
823 	while (len) {
824 		transfer = min_t(unsigned int, len, 4096u);
825 		memcpy(buf, data, transfer);
826 
827 		err = usb_control_msg(ar->udev, usb_sndctrlpipe(ar->udev, 0),
828 				      0x30 /* FW DL */, 0x40 | USB_DIR_OUT,
829 				      addr >> 8, 0, buf, transfer, 100);
830 
831 		if (err < 0) {
832 			kfree(buf);
833 			goto err_out;
834 		}
835 
836 		len -= transfer;
837 		data += transfer;
838 		addr += transfer;
839 	}
840 	kfree(buf);
841 
842 	err = usb_control_msg(ar->udev, usb_sndctrlpipe(ar->udev, 0),
843 			      0x31 /* FW DL COMPLETE */,
844 			      0x40 | USB_DIR_OUT, 0, 0, NULL, 0, 200);
845 
846 	if (wait_for_completion_timeout(&ar->fw_boot_wait, HZ) == 0) {
847 		err = -ETIMEDOUT;
848 		goto err_out;
849 	}
850 
851 	err = carl9170_echo_test(ar, 0x4a110123);
852 	if (err)
853 		goto err_out;
854 
855 	/* now, start the command response counter */
856 	ar->cmd_seq = -1;
857 
858 	return 0;
859 
860 err_out:
861 	dev_err(&ar->udev->dev, "firmware upload failed (%d).\n", err);
862 	return err;
863 }
864 
865 int carl9170_usb_restart(struct ar9170 *ar)
866 {
867 	int err = 0;
868 
869 	if (ar->intf->condition != USB_INTERFACE_BOUND)
870 		return 0;
871 
872 	/*
873 	 * Disable the command response sequence counter check.
874 	 * We already know that the device/firmware is in a bad state.
875 	 * So, no extra points are awarded to anyone who reminds the
876 	 * driver about that.
877 	 */
878 	ar->cmd_seq = -2;
879 
880 	err = carl9170_reboot(ar);
881 
882 	carl9170_usb_stop(ar);
883 
884 	if (err)
885 		goto err_out;
886 
887 	tasklet_schedule(&ar->usb_tasklet);
888 
889 	/* The reboot procedure can take quite a while to complete. */
890 	msleep(1100);
891 
892 	err = carl9170_usb_open(ar);
893 	if (err)
894 		goto err_out;
895 
896 	err = carl9170_usb_load_firmware(ar);
897 	if (err)
898 		goto err_out;
899 
900 	return 0;
901 
902 err_out:
903 	carl9170_usb_cancel_urbs(ar);
904 	return err;
905 }
906 
907 void carl9170_usb_reset(struct ar9170 *ar)
908 {
909 	/*
910 	 * This is the last resort to get the device going again
911 	 * without any *user replugging action*.
912 	 *
913 	 * But there is a catch: usb_reset really is like a physical
914 	 * *reconnect*. The mac80211 state will be lost in the process.
915 	 * Therefore a userspace application, which is monitoring
916 	 * the link must step in.
917 	 */
918 	carl9170_usb_cancel_urbs(ar);
919 
920 	carl9170_usb_stop(ar);
921 
922 	usb_queue_reset_device(ar->intf);
923 }
924 
925 static int carl9170_usb_init_device(struct ar9170 *ar)
926 {
927 	int err;
928 
929 	/*
930 	 * The carl9170 firmware let's the driver know when it's
931 	 * ready for action. But we have to be prepared to gracefully
932 	 * handle all spurious [flushed] messages after each (re-)boot.
933 	 * Thus the command response counter remains disabled until it
934 	 * can be safely synchronized.
935 	 */
936 	ar->cmd_seq = -2;
937 
938 	err = carl9170_usb_send_rx_irq_urb(ar);
939 	if (err)
940 		goto err_out;
941 
942 	err = carl9170_usb_init_rx_bulk_urbs(ar);
943 	if (err)
944 		goto err_unrx;
945 
946 	err = carl9170_usb_open(ar);
947 	if (err)
948 		goto err_unrx;
949 
950 	mutex_lock(&ar->mutex);
951 	err = carl9170_usb_load_firmware(ar);
952 	mutex_unlock(&ar->mutex);
953 	if (err)
954 		goto err_stop;
955 
956 	return 0;
957 
958 err_stop:
959 	carl9170_usb_stop(ar);
960 
961 err_unrx:
962 	carl9170_usb_cancel_urbs(ar);
963 
964 err_out:
965 	return err;
966 }
967 
968 static void carl9170_usb_firmware_failed(struct ar9170 *ar)
969 {
970 	struct device *parent = ar->udev->dev.parent;
971 	struct usb_device *udev;
972 
973 	/*
974 	 * Store a copy of the usb_device pointer locally.
975 	 * This is because device_release_driver initiates
976 	 * carl9170_usb_disconnect, which in turn frees our
977 	 * driver context (ar).
978 	 */
979 	udev = ar->udev;
980 
981 	complete(&ar->fw_load_wait);
982 
983 	/* unbind anything failed */
984 	if (parent)
985 		device_lock(parent);
986 
987 	device_release_driver(&udev->dev);
988 	if (parent)
989 		device_unlock(parent);
990 
991 	usb_put_dev(udev);
992 }
993 
994 static void carl9170_usb_firmware_finish(struct ar9170 *ar)
995 {
996 	int err;
997 
998 	err = carl9170_parse_firmware(ar);
999 	if (err)
1000 		goto err_freefw;
1001 
1002 	err = carl9170_usb_init_device(ar);
1003 	if (err)
1004 		goto err_freefw;
1005 
1006 	err = carl9170_register(ar);
1007 
1008 	carl9170_usb_stop(ar);
1009 	if (err)
1010 		goto err_unrx;
1011 
1012 	complete(&ar->fw_load_wait);
1013 	usb_put_dev(ar->udev);
1014 	return;
1015 
1016 err_unrx:
1017 	carl9170_usb_cancel_urbs(ar);
1018 
1019 err_freefw:
1020 	carl9170_release_firmware(ar);
1021 	carl9170_usb_firmware_failed(ar);
1022 }
1023 
1024 static void carl9170_usb_firmware_step2(const struct firmware *fw,
1025 					void *context)
1026 {
1027 	struct ar9170 *ar = context;
1028 
1029 	if (fw) {
1030 		ar->fw.fw = fw;
1031 		carl9170_usb_firmware_finish(ar);
1032 		return;
1033 	}
1034 
1035 	dev_err(&ar->udev->dev, "firmware not found.\n");
1036 	carl9170_usb_firmware_failed(ar);
1037 }
1038 
1039 static int carl9170_usb_probe(struct usb_interface *intf,
1040 			      const struct usb_device_id *id)
1041 {
1042 	struct usb_endpoint_descriptor *ep;
1043 	struct ar9170 *ar;
1044 	struct usb_device *udev;
1045 	int i, err;
1046 
1047 	err = usb_reset_device(interface_to_usbdev(intf));
1048 	if (err)
1049 		return err;
1050 
1051 	ar = carl9170_alloc(sizeof(*ar));
1052 	if (IS_ERR(ar))
1053 		return PTR_ERR(ar);
1054 
1055 	udev = interface_to_usbdev(intf);
1056 	usb_get_dev(udev);
1057 	ar->udev = udev;
1058 	ar->intf = intf;
1059 	ar->features = id->driver_info;
1060 
1061 	/* We need to remember the type of endpoint 4 because it differs
1062 	 * between high- and full-speed configuration. The high-speed
1063 	 * configuration specifies it as interrupt and the full-speed
1064 	 * configuration as bulk endpoint. This information is required
1065 	 * later when sending urbs to that endpoint.
1066 	 */
1067 	for (i = 0; i < intf->cur_altsetting->desc.bNumEndpoints; ++i) {
1068 		ep = &intf->cur_altsetting->endpoint[i].desc;
1069 
1070 		if (usb_endpoint_num(ep) == AR9170_USB_EP_CMD &&
1071 		    usb_endpoint_dir_out(ep) &&
1072 		    usb_endpoint_type(ep) == USB_ENDPOINT_XFER_BULK)
1073 			ar->usb_ep_cmd_is_bulk = true;
1074 	}
1075 
1076 	usb_set_intfdata(intf, ar);
1077 	SET_IEEE80211_DEV(ar->hw, &intf->dev);
1078 
1079 	init_usb_anchor(&ar->rx_anch);
1080 	init_usb_anchor(&ar->rx_pool);
1081 	init_usb_anchor(&ar->rx_work);
1082 	init_usb_anchor(&ar->tx_wait);
1083 	init_usb_anchor(&ar->tx_anch);
1084 	init_usb_anchor(&ar->tx_cmd);
1085 	init_usb_anchor(&ar->tx_err);
1086 	init_completion(&ar->cmd_wait);
1087 	init_completion(&ar->fw_boot_wait);
1088 	init_completion(&ar->fw_load_wait);
1089 	tasklet_init(&ar->usb_tasklet, carl9170_usb_tasklet,
1090 		     (unsigned long)ar);
1091 
1092 	atomic_set(&ar->tx_cmd_urbs, 0);
1093 	atomic_set(&ar->tx_anch_urbs, 0);
1094 	atomic_set(&ar->rx_work_urbs, 0);
1095 	atomic_set(&ar->rx_anch_urbs, 0);
1096 	atomic_set(&ar->rx_pool_urbs, 0);
1097 
1098 	usb_get_dev(ar->udev);
1099 
1100 	carl9170_set_state(ar, CARL9170_STOPPED);
1101 
1102 	err = request_firmware_nowait(THIS_MODULE, 1, CARL9170FW_NAME,
1103 		&ar->udev->dev, GFP_KERNEL, ar, carl9170_usb_firmware_step2);
1104 	if (err) {
1105 		usb_put_dev(udev);
1106 		usb_put_dev(udev);
1107 		carl9170_free(ar);
1108 	}
1109 	return err;
1110 }
1111 
1112 static void carl9170_usb_disconnect(struct usb_interface *intf)
1113 {
1114 	struct ar9170 *ar = usb_get_intfdata(intf);
1115 	struct usb_device *udev;
1116 
1117 	if (WARN_ON(!ar))
1118 		return;
1119 
1120 	udev = ar->udev;
1121 	wait_for_completion(&ar->fw_load_wait);
1122 
1123 	if (IS_INITIALIZED(ar)) {
1124 		carl9170_reboot(ar);
1125 		carl9170_usb_stop(ar);
1126 	}
1127 
1128 	carl9170_usb_cancel_urbs(ar);
1129 	carl9170_unregister(ar);
1130 
1131 	usb_set_intfdata(intf, NULL);
1132 
1133 	carl9170_release_firmware(ar);
1134 	carl9170_free(ar);
1135 	usb_put_dev(udev);
1136 }
1137 
1138 #ifdef CONFIG_PM
1139 static int carl9170_usb_suspend(struct usb_interface *intf,
1140 				pm_message_t message)
1141 {
1142 	struct ar9170 *ar = usb_get_intfdata(intf);
1143 
1144 	if (!ar)
1145 		return -ENODEV;
1146 
1147 	carl9170_usb_cancel_urbs(ar);
1148 
1149 	return 0;
1150 }
1151 
1152 static int carl9170_usb_resume(struct usb_interface *intf)
1153 {
1154 	struct ar9170 *ar = usb_get_intfdata(intf);
1155 	int err;
1156 
1157 	if (!ar)
1158 		return -ENODEV;
1159 
1160 	usb_unpoison_anchored_urbs(&ar->rx_anch);
1161 	carl9170_set_state(ar, CARL9170_STOPPED);
1162 
1163 	/*
1164 	 * The USB documentation demands that [for suspend] all traffic
1165 	 * to and from the device has to stop. This would be fine, but
1166 	 * there's a catch: the device[usb phy] does not come back.
1167 	 *
1168 	 * Upon resume the firmware will "kill" itself and the
1169 	 * boot-code sorts out the magic voodoo.
1170 	 * Not very nice, but there's not much what could go wrong.
1171 	 */
1172 	msleep(1100);
1173 
1174 	err = carl9170_usb_init_device(ar);
1175 	if (err)
1176 		goto err_unrx;
1177 
1178 	return 0;
1179 
1180 err_unrx:
1181 	carl9170_usb_cancel_urbs(ar);
1182 
1183 	return err;
1184 }
1185 #endif /* CONFIG_PM */
1186 
1187 static struct usb_driver carl9170_driver = {
1188 	.name = KBUILD_MODNAME,
1189 	.probe = carl9170_usb_probe,
1190 	.disconnect = carl9170_usb_disconnect,
1191 	.id_table = carl9170_usb_ids,
1192 	.soft_unbind = 1,
1193 #ifdef CONFIG_PM
1194 	.suspend = carl9170_usb_suspend,
1195 	.resume = carl9170_usb_resume,
1196 	.reset_resume = carl9170_usb_resume,
1197 #endif /* CONFIG_PM */
1198 	.disable_hub_initiated_lpm = 1,
1199 };
1200 
1201 module_usb_driver(carl9170_driver);
1202