1 /* 2 * USB Orinoco driver 3 * 4 * Copyright (c) 2003 Manuel Estrada Sainz 5 * 6 * The contents of this file are subject to the Mozilla Public License 7 * Version 1.1 (the "License"); you may not use this file except in 8 * compliance with the License. You may obtain a copy of the License 9 * at http://www.mozilla.org/MPL/ 10 * 11 * Software distributed under the License is distributed on an "AS IS" 12 * basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See 13 * the License for the specific language governing rights and 14 * limitations under the License. 15 * 16 * Alternatively, the contents of this file may be used under the 17 * terms of the GNU General Public License version 2 (the "GPL"), in 18 * which case the provisions of the GPL are applicable instead of the 19 * above. If you wish to allow the use of your version of this file 20 * only under the terms of the GPL and not to allow others to use your 21 * version of this file under the MPL, indicate your decision by 22 * deleting the provisions above and replace them with the notice and 23 * other provisions required by the GPL. If you do not delete the 24 * provisions above, a recipient may use your version of this file 25 * under either the MPL or the GPL. 26 * 27 * Queueing code based on linux-wlan-ng 0.2.1-pre5 28 * 29 * Copyright (C) 1999 AbsoluteValue Systems, Inc. All Rights Reserved. 30 * 31 * The license is the same as above. 32 * 33 * Initialy based on USB Skeleton driver - 0.7 34 * 35 * Copyright (c) 2001 Greg Kroah-Hartman (greg@kroah.com) 36 * 37 * This program is free software; you can redistribute it and/or 38 * modify it under the terms of the GNU General Public License as 39 * published by the Free Software Foundation; either version 2 of 40 * the License, or (at your option) any later version. 41 * 42 * NOTE: The original USB Skeleton driver is GPL, but all that code is 43 * gone so MPL/GPL applies. 44 */ 45 46 #define DRIVER_NAME "orinoco_usb" 47 #define PFX DRIVER_NAME ": " 48 49 #include <linux/module.h> 50 #include <linux/kernel.h> 51 #include <linux/sched.h> 52 #include <linux/signal.h> 53 #include <linux/errno.h> 54 #include <linux/poll.h> 55 #include <linux/slab.h> 56 #include <linux/fcntl.h> 57 #include <linux/spinlock.h> 58 #include <linux/list.h> 59 #include <linux/usb.h> 60 #include <linux/timer.h> 61 62 #include <linux/netdevice.h> 63 #include <linux/if_arp.h> 64 #include <linux/etherdevice.h> 65 #include <linux/wireless.h> 66 #include <linux/firmware.h> 67 68 #include "mic.h" 69 #include "orinoco.h" 70 71 #ifndef URB_ASYNC_UNLINK 72 #define URB_ASYNC_UNLINK 0 73 #endif 74 75 /* 802.2 LLC/SNAP header used for Ethernet encapsulation over 802.11 */ 76 static const u8 encaps_hdr[] = {0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00}; 77 #define ENCAPS_OVERHEAD (sizeof(encaps_hdr) + 2) 78 79 struct header_struct { 80 /* 802.3 */ 81 u8 dest[ETH_ALEN]; 82 u8 src[ETH_ALEN]; 83 __be16 len; 84 /* 802.2 */ 85 u8 dsap; 86 u8 ssap; 87 u8 ctrl; 88 /* SNAP */ 89 u8 oui[3]; 90 __be16 ethertype; 91 } __packed; 92 93 struct ez_usb_fw { 94 u16 size; 95 const u8 *code; 96 }; 97 98 static struct ez_usb_fw firmware = { 99 .size = 0, 100 .code = NULL, 101 }; 102 103 /* Debugging macros */ 104 #undef err 105 #define err(format, arg...) \ 106 do { printk(KERN_ERR PFX format "\n", ## arg); } while (0) 107 108 MODULE_FIRMWARE("orinoco_ezusb_fw"); 109 110 /* 111 * Under some conditions, the card gets stuck and stops paying attention 112 * to the world (i.e. data communication stalls) until we do something to 113 * it. Sending an INQ_TALLIES command seems to be enough and should be 114 * harmless otherwise. This behaviour has been observed when using the 115 * driver on a systemimager client during installation. In the past a 116 * timer was used to send INQ_TALLIES commands when there was no other 117 * activity, but it was troublesome and was removed. 118 */ 119 120 #define USB_COMPAQ_VENDOR_ID 0x049f /* Compaq Computer Corp. */ 121 #define USB_COMPAQ_WL215_ID 0x001f /* Compaq WL215 USB Adapter */ 122 #define USB_COMPAQ_W200_ID 0x0076 /* Compaq W200 USB Adapter */ 123 #define USB_HP_WL215_ID 0x0082 /* Compaq WL215 USB Adapter */ 124 125 #define USB_MELCO_VENDOR_ID 0x0411 126 #define USB_BUFFALO_L11_ID 0x0006 /* BUFFALO WLI-USB-L11 */ 127 #define USB_BUFFALO_L11G_WR_ID 0x000B /* BUFFALO WLI-USB-L11G-WR */ 128 #define USB_BUFFALO_L11G_ID 0x000D /* BUFFALO WLI-USB-L11G */ 129 130 #define USB_LUCENT_VENDOR_ID 0x047E /* Lucent Technologies */ 131 #define USB_LUCENT_ORINOCO_ID 0x0300 /* Lucent/Agere Orinoco USB Client */ 132 133 #define USB_AVAYA8_VENDOR_ID 0x0D98 134 #define USB_AVAYAE_VENDOR_ID 0x0D9E 135 #define USB_AVAYA_WIRELESS_ID 0x0300 /* Avaya Wireless USB Card */ 136 137 #define USB_AGERE_VENDOR_ID 0x0D4E /* Agere Systems */ 138 #define USB_AGERE_MODEL0801_ID 0x1000 /* Wireless USB Card Model 0801 */ 139 #define USB_AGERE_MODEL0802_ID 0x1001 /* Wireless USB Card Model 0802 */ 140 #define USB_AGERE_REBRANDED_ID 0x047A /* WLAN USB Card */ 141 142 #define USB_ELSA_VENDOR_ID 0x05CC 143 #define USB_ELSA_AIRLANCER_ID 0x3100 /* ELSA AirLancer USB-11 */ 144 145 #define USB_LEGEND_VENDOR_ID 0x0E7C 146 #define USB_LEGEND_JOYNET_ID 0x0300 /* Joynet WLAN USB Card */ 147 148 #define USB_SAMSUNG_VENDOR_ID 0x04E8 149 #define USB_SAMSUNG_SEW2001U1_ID 0x5002 /* Samsung SEW-2001u Card */ 150 #define USB_SAMSUNG_SEW2001U2_ID 0x5B11 /* Samsung SEW-2001u Card */ 151 #define USB_SAMSUNG_SEW2003U_ID 0x7011 /* Samsung SEW-2003U Card */ 152 153 #define USB_IGATE_VENDOR_ID 0x0681 154 #define USB_IGATE_IGATE_11M_ID 0x0012 /* I-GATE 11M USB Card */ 155 156 #define USB_FUJITSU_VENDOR_ID 0x0BF8 157 #define USB_FUJITSU_E1100_ID 0x1002 /* connect2AIR WLAN E-1100 USB */ 158 159 #define USB_2WIRE_VENDOR_ID 0x1630 160 #define USB_2WIRE_WIRELESS_ID 0xff81 /* 2Wire Wireless USB adapter */ 161 162 163 #define EZUSB_REQUEST_FW_TRANS 0xA0 164 #define EZUSB_REQUEST_TRIGER 0xAA 165 #define EZUSB_REQUEST_TRIG_AC 0xAC 166 #define EZUSB_CPUCS_REG 0x7F92 167 168 #define EZUSB_RID_TX 0x0700 169 #define EZUSB_RID_RX 0x0701 170 #define EZUSB_RID_INIT1 0x0702 171 #define EZUSB_RID_ACK 0x0710 172 #define EZUSB_RID_READ_PDA 0x0800 173 #define EZUSB_RID_PROG_INIT 0x0852 174 #define EZUSB_RID_PROG_SET_ADDR 0x0853 175 #define EZUSB_RID_PROG_BYTES 0x0854 176 #define EZUSB_RID_PROG_END 0x0855 177 #define EZUSB_RID_DOCMD 0x0860 178 179 /* Recognize info frames */ 180 #define EZUSB_IS_INFO(id) ((id >= 0xF000) && (id <= 0xF2FF)) 181 182 #define EZUSB_MAGIC 0x0210 183 184 #define EZUSB_FRAME_DATA 1 185 #define EZUSB_FRAME_CONTROL 2 186 187 #define DEF_TIMEOUT (3 * HZ) 188 189 #define BULK_BUF_SIZE 2048 190 191 #define MAX_DL_SIZE (BULK_BUF_SIZE - sizeof(struct ezusb_packet)) 192 193 #define FW_BUF_SIZE 64 194 #define FW_VAR_OFFSET_PTR 0x359 195 #define FW_VAR_VALUE 0 196 #define FW_HOLE_START 0x100 197 #define FW_HOLE_END 0x300 198 199 struct ezusb_packet { 200 __le16 magic; /* 0x0210 */ 201 u8 req_reply_count; 202 u8 ans_reply_count; 203 __le16 frame_type; /* 0x01 for data frames, 0x02 otherwise */ 204 __le16 size; /* transport size */ 205 __le16 crc; /* CRC up to here */ 206 __le16 hermes_len; 207 __le16 hermes_rid; 208 u8 data[0]; 209 } __packed; 210 211 /* Table of devices that work or may work with this driver */ 212 static struct usb_device_id ezusb_table[] = { 213 {USB_DEVICE(USB_COMPAQ_VENDOR_ID, USB_COMPAQ_WL215_ID)}, 214 {USB_DEVICE(USB_COMPAQ_VENDOR_ID, USB_HP_WL215_ID)}, 215 {USB_DEVICE(USB_COMPAQ_VENDOR_ID, USB_COMPAQ_W200_ID)}, 216 {USB_DEVICE(USB_MELCO_VENDOR_ID, USB_BUFFALO_L11_ID)}, 217 {USB_DEVICE(USB_MELCO_VENDOR_ID, USB_BUFFALO_L11G_WR_ID)}, 218 {USB_DEVICE(USB_MELCO_VENDOR_ID, USB_BUFFALO_L11G_ID)}, 219 {USB_DEVICE(USB_LUCENT_VENDOR_ID, USB_LUCENT_ORINOCO_ID)}, 220 {USB_DEVICE(USB_AVAYA8_VENDOR_ID, USB_AVAYA_WIRELESS_ID)}, 221 {USB_DEVICE(USB_AVAYAE_VENDOR_ID, USB_AVAYA_WIRELESS_ID)}, 222 {USB_DEVICE(USB_AGERE_VENDOR_ID, USB_AGERE_MODEL0801_ID)}, 223 {USB_DEVICE(USB_AGERE_VENDOR_ID, USB_AGERE_MODEL0802_ID)}, 224 {USB_DEVICE(USB_ELSA_VENDOR_ID, USB_ELSA_AIRLANCER_ID)}, 225 {USB_DEVICE(USB_LEGEND_VENDOR_ID, USB_LEGEND_JOYNET_ID)}, 226 {USB_DEVICE_VER(USB_SAMSUNG_VENDOR_ID, USB_SAMSUNG_SEW2001U1_ID, 227 0, 0)}, 228 {USB_DEVICE(USB_SAMSUNG_VENDOR_ID, USB_SAMSUNG_SEW2001U2_ID)}, 229 {USB_DEVICE(USB_SAMSUNG_VENDOR_ID, USB_SAMSUNG_SEW2003U_ID)}, 230 {USB_DEVICE(USB_IGATE_VENDOR_ID, USB_IGATE_IGATE_11M_ID)}, 231 {USB_DEVICE(USB_FUJITSU_VENDOR_ID, USB_FUJITSU_E1100_ID)}, 232 {USB_DEVICE(USB_2WIRE_VENDOR_ID, USB_2WIRE_WIRELESS_ID)}, 233 {USB_DEVICE(USB_AGERE_VENDOR_ID, USB_AGERE_REBRANDED_ID)}, 234 {} /* Terminating entry */ 235 }; 236 237 MODULE_DEVICE_TABLE(usb, ezusb_table); 238 239 /* Structure to hold all of our device specific stuff */ 240 struct ezusb_priv { 241 struct usb_device *udev; 242 struct net_device *dev; 243 struct mutex mtx; 244 spinlock_t req_lock; 245 struct list_head req_pending; 246 struct list_head req_active; 247 spinlock_t reply_count_lock; 248 u16 hermes_reg_fake[0x40]; 249 u8 *bap_buf; 250 struct urb *read_urb; 251 int read_pipe; 252 int write_pipe; 253 u8 reply_count; 254 }; 255 256 enum ezusb_state { 257 EZUSB_CTX_START, 258 EZUSB_CTX_QUEUED, 259 EZUSB_CTX_REQ_SUBMITTED, 260 EZUSB_CTX_REQ_COMPLETE, 261 EZUSB_CTX_RESP_RECEIVED, 262 EZUSB_CTX_REQ_TIMEOUT, 263 EZUSB_CTX_REQ_FAILED, 264 EZUSB_CTX_RESP_TIMEOUT, 265 EZUSB_CTX_REQSUBMIT_FAIL, 266 EZUSB_CTX_COMPLETE, 267 }; 268 269 struct request_context { 270 struct list_head list; 271 atomic_t refcount; 272 struct completion done; /* Signals that CTX is dead */ 273 int killed; 274 struct urb *outurb; /* OUT for req pkt */ 275 struct ezusb_priv *upriv; 276 struct ezusb_packet *buf; 277 int buf_length; 278 struct timer_list timer; /* Timeout handling */ 279 enum ezusb_state state; /* Current state */ 280 /* the RID that we will wait for */ 281 u16 out_rid; 282 u16 in_rid; 283 }; 284 285 286 /* Forward declarations */ 287 static void ezusb_ctx_complete(struct request_context *ctx); 288 static void ezusb_req_queue_run(struct ezusb_priv *upriv); 289 static void ezusb_bulk_in_callback(struct urb *urb); 290 291 static inline u8 ezusb_reply_inc(u8 count) 292 { 293 if (count < 0x7F) 294 return count + 1; 295 else 296 return 1; 297 } 298 299 static void ezusb_request_context_put(struct request_context *ctx) 300 { 301 if (!atomic_dec_and_test(&ctx->refcount)) 302 return; 303 304 WARN_ON(!ctx->done.done); 305 BUG_ON(ctx->outurb->status == -EINPROGRESS); 306 BUG_ON(timer_pending(&ctx->timer)); 307 usb_free_urb(ctx->outurb); 308 kfree(ctx->buf); 309 kfree(ctx); 310 } 311 312 static inline void ezusb_mod_timer(struct ezusb_priv *upriv, 313 struct timer_list *timer, 314 unsigned long expire) 315 { 316 if (!upriv->udev) 317 return; 318 mod_timer(timer, expire); 319 } 320 321 static void ezusb_request_timerfn(u_long _ctx) 322 { 323 struct request_context *ctx = (void *) _ctx; 324 325 ctx->outurb->transfer_flags |= URB_ASYNC_UNLINK; 326 if (usb_unlink_urb(ctx->outurb) == -EINPROGRESS) { 327 ctx->state = EZUSB_CTX_REQ_TIMEOUT; 328 } else { 329 ctx->state = EZUSB_CTX_RESP_TIMEOUT; 330 dev_dbg(&ctx->outurb->dev->dev, "couldn't unlink\n"); 331 atomic_inc(&ctx->refcount); 332 ctx->killed = 1; 333 ezusb_ctx_complete(ctx); 334 ezusb_request_context_put(ctx); 335 } 336 }; 337 338 static struct request_context *ezusb_alloc_ctx(struct ezusb_priv *upriv, 339 u16 out_rid, u16 in_rid) 340 { 341 struct request_context *ctx; 342 343 ctx = kzalloc(sizeof(*ctx), GFP_ATOMIC); 344 if (!ctx) 345 return NULL; 346 347 ctx->buf = kmalloc(BULK_BUF_SIZE, GFP_ATOMIC); 348 if (!ctx->buf) { 349 kfree(ctx); 350 return NULL; 351 } 352 ctx->outurb = usb_alloc_urb(0, GFP_ATOMIC); 353 if (!ctx->outurb) { 354 kfree(ctx->buf); 355 kfree(ctx); 356 return NULL; 357 } 358 359 ctx->upriv = upriv; 360 ctx->state = EZUSB_CTX_START; 361 ctx->out_rid = out_rid; 362 ctx->in_rid = in_rid; 363 364 atomic_set(&ctx->refcount, 1); 365 init_completion(&ctx->done); 366 367 setup_timer(&ctx->timer, ezusb_request_timerfn, (u_long)ctx); 368 return ctx; 369 } 370 371 372 /* Hopefully the real complete_all will soon be exported, in the mean 373 * while this should work. */ 374 static inline void ezusb_complete_all(struct completion *comp) 375 { 376 complete(comp); 377 complete(comp); 378 complete(comp); 379 complete(comp); 380 } 381 382 static void ezusb_ctx_complete(struct request_context *ctx) 383 { 384 struct ezusb_priv *upriv = ctx->upriv; 385 unsigned long flags; 386 387 spin_lock_irqsave(&upriv->req_lock, flags); 388 389 list_del_init(&ctx->list); 390 if (upriv->udev) { 391 spin_unlock_irqrestore(&upriv->req_lock, flags); 392 ezusb_req_queue_run(upriv); 393 spin_lock_irqsave(&upriv->req_lock, flags); 394 } 395 396 switch (ctx->state) { 397 case EZUSB_CTX_COMPLETE: 398 case EZUSB_CTX_REQSUBMIT_FAIL: 399 case EZUSB_CTX_REQ_FAILED: 400 case EZUSB_CTX_REQ_TIMEOUT: 401 case EZUSB_CTX_RESP_TIMEOUT: 402 spin_unlock_irqrestore(&upriv->req_lock, flags); 403 404 if ((ctx->out_rid == EZUSB_RID_TX) && upriv->dev) { 405 struct net_device *dev = upriv->dev; 406 struct net_device_stats *stats = &dev->stats; 407 408 if (ctx->state != EZUSB_CTX_COMPLETE) 409 stats->tx_errors++; 410 else 411 stats->tx_packets++; 412 413 netif_wake_queue(dev); 414 } 415 ezusb_complete_all(&ctx->done); 416 ezusb_request_context_put(ctx); 417 break; 418 419 default: 420 spin_unlock_irqrestore(&upriv->req_lock, flags); 421 if (!upriv->udev) { 422 /* This is normal, as all request contexts get flushed 423 * when the device is disconnected */ 424 err("Called, CTX not terminating, but device gone"); 425 ezusb_complete_all(&ctx->done); 426 ezusb_request_context_put(ctx); 427 break; 428 } 429 430 err("Called, CTX not in terminating state."); 431 /* Things are really bad if this happens. Just leak 432 * the CTX because it may still be linked to the 433 * queue or the OUT urb may still be active. 434 * Just leaking at least prevents an Oops or Panic. 435 */ 436 break; 437 } 438 } 439 440 /** 441 * ezusb_req_queue_run: 442 * Description: 443 * Note: Only one active CTX at any one time, because there's no 444 * other (reliable) way to match the response URB to the correct 445 * CTX. 446 **/ 447 static void ezusb_req_queue_run(struct ezusb_priv *upriv) 448 { 449 unsigned long flags; 450 struct request_context *ctx; 451 int result; 452 453 spin_lock_irqsave(&upriv->req_lock, flags); 454 455 if (!list_empty(&upriv->req_active)) 456 goto unlock; 457 458 if (list_empty(&upriv->req_pending)) 459 goto unlock; 460 461 ctx = 462 list_entry(upriv->req_pending.next, struct request_context, 463 list); 464 465 if (!ctx->upriv->udev) 466 goto unlock; 467 468 /* We need to split this off to avoid a race condition */ 469 list_move_tail(&ctx->list, &upriv->req_active); 470 471 if (ctx->state == EZUSB_CTX_QUEUED) { 472 atomic_inc(&ctx->refcount); 473 result = usb_submit_urb(ctx->outurb, GFP_ATOMIC); 474 if (result) { 475 ctx->state = EZUSB_CTX_REQSUBMIT_FAIL; 476 477 spin_unlock_irqrestore(&upriv->req_lock, flags); 478 479 err("Fatal, failed to submit command urb." 480 " error=%d\n", result); 481 482 ezusb_ctx_complete(ctx); 483 ezusb_request_context_put(ctx); 484 goto done; 485 } 486 487 ctx->state = EZUSB_CTX_REQ_SUBMITTED; 488 ezusb_mod_timer(ctx->upriv, &ctx->timer, 489 jiffies + DEF_TIMEOUT); 490 } 491 492 unlock: 493 spin_unlock_irqrestore(&upriv->req_lock, flags); 494 495 done: 496 return; 497 } 498 499 static void ezusb_req_enqueue_run(struct ezusb_priv *upriv, 500 struct request_context *ctx) 501 { 502 unsigned long flags; 503 504 spin_lock_irqsave(&upriv->req_lock, flags); 505 506 if (!ctx->upriv->udev) { 507 spin_unlock_irqrestore(&upriv->req_lock, flags); 508 goto done; 509 } 510 atomic_inc(&ctx->refcount); 511 list_add_tail(&ctx->list, &upriv->req_pending); 512 spin_unlock_irqrestore(&upriv->req_lock, flags); 513 514 ctx->state = EZUSB_CTX_QUEUED; 515 ezusb_req_queue_run(upriv); 516 517 done: 518 return; 519 } 520 521 static void ezusb_request_out_callback(struct urb *urb) 522 { 523 unsigned long flags; 524 enum ezusb_state state; 525 struct request_context *ctx = urb->context; 526 struct ezusb_priv *upriv = ctx->upriv; 527 528 spin_lock_irqsave(&upriv->req_lock, flags); 529 530 del_timer(&ctx->timer); 531 532 if (ctx->killed) { 533 spin_unlock_irqrestore(&upriv->req_lock, flags); 534 pr_warn("interrupt called with dead ctx\n"); 535 goto out; 536 } 537 538 state = ctx->state; 539 540 if (urb->status == 0) { 541 switch (state) { 542 case EZUSB_CTX_REQ_SUBMITTED: 543 if (ctx->in_rid) { 544 ctx->state = EZUSB_CTX_REQ_COMPLETE; 545 /* reply URB still pending */ 546 ezusb_mod_timer(upriv, &ctx->timer, 547 jiffies + DEF_TIMEOUT); 548 spin_unlock_irqrestore(&upriv->req_lock, 549 flags); 550 break; 551 } 552 /* fall through */ 553 case EZUSB_CTX_RESP_RECEIVED: 554 /* IN already received before this OUT-ACK */ 555 ctx->state = EZUSB_CTX_COMPLETE; 556 spin_unlock_irqrestore(&upriv->req_lock, flags); 557 ezusb_ctx_complete(ctx); 558 break; 559 560 default: 561 spin_unlock_irqrestore(&upriv->req_lock, flags); 562 err("Unexpected state(0x%x, %d) in OUT URB", 563 state, urb->status); 564 break; 565 } 566 } else { 567 /* If someone cancels the OUT URB then its status 568 * should be either -ECONNRESET or -ENOENT. 569 */ 570 switch (state) { 571 case EZUSB_CTX_REQ_SUBMITTED: 572 case EZUSB_CTX_RESP_RECEIVED: 573 ctx->state = EZUSB_CTX_REQ_FAILED; 574 /* fall through */ 575 576 case EZUSB_CTX_REQ_FAILED: 577 case EZUSB_CTX_REQ_TIMEOUT: 578 spin_unlock_irqrestore(&upriv->req_lock, flags); 579 580 ezusb_ctx_complete(ctx); 581 break; 582 583 default: 584 spin_unlock_irqrestore(&upriv->req_lock, flags); 585 586 err("Unexpected state(0x%x, %d) in OUT URB", 587 state, urb->status); 588 break; 589 } 590 } 591 out: 592 ezusb_request_context_put(ctx); 593 } 594 595 static void ezusb_request_in_callback(struct ezusb_priv *upriv, 596 struct urb *urb) 597 { 598 struct ezusb_packet *ans = urb->transfer_buffer; 599 struct request_context *ctx = NULL; 600 enum ezusb_state state; 601 unsigned long flags; 602 603 /* Find the CTX on the active queue that requested this URB */ 604 spin_lock_irqsave(&upriv->req_lock, flags); 605 if (upriv->udev) { 606 struct list_head *item; 607 608 list_for_each(item, &upriv->req_active) { 609 struct request_context *c; 610 int reply_count; 611 612 c = list_entry(item, struct request_context, list); 613 reply_count = 614 ezusb_reply_inc(c->buf->req_reply_count); 615 if ((ans->ans_reply_count == reply_count) 616 && (le16_to_cpu(ans->hermes_rid) == c->in_rid)) { 617 ctx = c; 618 break; 619 } 620 netdev_dbg(upriv->dev, "Skipped (0x%x/0x%x) (%d/%d)\n", 621 le16_to_cpu(ans->hermes_rid), c->in_rid, 622 ans->ans_reply_count, reply_count); 623 } 624 } 625 626 if (ctx == NULL) { 627 spin_unlock_irqrestore(&upriv->req_lock, flags); 628 err("%s: got unexpected RID: 0x%04X", __func__, 629 le16_to_cpu(ans->hermes_rid)); 630 ezusb_req_queue_run(upriv); 631 return; 632 } 633 634 /* The data we want is in the in buffer, exchange */ 635 urb->transfer_buffer = ctx->buf; 636 ctx->buf = (void *) ans; 637 ctx->buf_length = urb->actual_length; 638 639 state = ctx->state; 640 switch (state) { 641 case EZUSB_CTX_REQ_SUBMITTED: 642 /* We have received our response URB before 643 * our request has been acknowledged. Do NOT 644 * destroy our CTX yet, because our OUT URB 645 * is still alive ... 646 */ 647 ctx->state = EZUSB_CTX_RESP_RECEIVED; 648 spin_unlock_irqrestore(&upriv->req_lock, flags); 649 650 /* Let the machine continue running. */ 651 break; 652 653 case EZUSB_CTX_REQ_COMPLETE: 654 /* This is the usual path: our request 655 * has already been acknowledged, and 656 * we have now received the reply. 657 */ 658 ctx->state = EZUSB_CTX_COMPLETE; 659 660 /* Stop the intimer */ 661 del_timer(&ctx->timer); 662 spin_unlock_irqrestore(&upriv->req_lock, flags); 663 664 /* Call the completion handler */ 665 ezusb_ctx_complete(ctx); 666 break; 667 668 default: 669 spin_unlock_irqrestore(&upriv->req_lock, flags); 670 671 pr_warn("Matched IN URB, unexpected context state(0x%x)\n", 672 state); 673 /* Throw this CTX away and try submitting another */ 674 del_timer(&ctx->timer); 675 ctx->outurb->transfer_flags |= URB_ASYNC_UNLINK; 676 usb_unlink_urb(ctx->outurb); 677 ezusb_req_queue_run(upriv); 678 break; 679 } /* switch */ 680 } 681 682 683 static void ezusb_req_ctx_wait(struct ezusb_priv *upriv, 684 struct request_context *ctx) 685 { 686 switch (ctx->state) { 687 case EZUSB_CTX_QUEUED: 688 case EZUSB_CTX_REQ_SUBMITTED: 689 case EZUSB_CTX_REQ_COMPLETE: 690 case EZUSB_CTX_RESP_RECEIVED: 691 if (in_softirq()) { 692 /* If we get called from a timer, timeout timers don't 693 * get the chance to run themselves. So we make sure 694 * that we don't sleep for ever */ 695 int msecs = DEF_TIMEOUT * (1000 / HZ); 696 while (!ctx->done.done && msecs--) 697 udelay(1000); 698 } else { 699 wait_event_interruptible(ctx->done.wait, 700 ctx->done.done); 701 } 702 break; 703 default: 704 /* Done or failed - nothing to wait for */ 705 break; 706 } 707 } 708 709 static inline u16 build_crc(struct ezusb_packet *data) 710 { 711 u16 crc = 0; 712 u8 *bytes = (u8 *)data; 713 int i; 714 715 for (i = 0; i < 8; i++) 716 crc = (crc << 1) + bytes[i]; 717 718 return crc; 719 } 720 721 /** 722 * ezusb_fill_req: 723 * 724 * if data == NULL and length > 0 the data is assumed to be already in 725 * the target buffer and only the header is filled. 726 * 727 */ 728 static int ezusb_fill_req(struct ezusb_packet *req, u16 length, u16 rid, 729 const void *data, u16 frame_type, u8 reply_count) 730 { 731 int total_size = sizeof(*req) + length; 732 733 BUG_ON(total_size > BULK_BUF_SIZE); 734 735 req->magic = cpu_to_le16(EZUSB_MAGIC); 736 req->req_reply_count = reply_count; 737 req->ans_reply_count = 0; 738 req->frame_type = cpu_to_le16(frame_type); 739 req->size = cpu_to_le16(length + 4); 740 req->crc = cpu_to_le16(build_crc(req)); 741 req->hermes_len = cpu_to_le16(HERMES_BYTES_TO_RECLEN(length)); 742 req->hermes_rid = cpu_to_le16(rid); 743 if (data) 744 memcpy(req->data, data, length); 745 return total_size; 746 } 747 748 static int ezusb_submit_in_urb(struct ezusb_priv *upriv) 749 { 750 int retval = 0; 751 void *cur_buf = upriv->read_urb->transfer_buffer; 752 753 if (upriv->read_urb->status == -EINPROGRESS) { 754 netdev_dbg(upriv->dev, "urb busy, not resubmiting\n"); 755 retval = -EBUSY; 756 goto exit; 757 } 758 usb_fill_bulk_urb(upriv->read_urb, upriv->udev, upriv->read_pipe, 759 cur_buf, BULK_BUF_SIZE, 760 ezusb_bulk_in_callback, upriv); 761 upriv->read_urb->transfer_flags = 0; 762 retval = usb_submit_urb(upriv->read_urb, GFP_ATOMIC); 763 if (retval) 764 err("%s submit failed %d", __func__, retval); 765 766 exit: 767 return retval; 768 } 769 770 static inline int ezusb_8051_cpucs(struct ezusb_priv *upriv, int reset) 771 { 772 int ret; 773 u8 *res_val = NULL; 774 775 if (!upriv->udev) { 776 err("%s: !upriv->udev", __func__); 777 return -EFAULT; 778 } 779 780 res_val = kmalloc(sizeof(*res_val), GFP_KERNEL); 781 782 if (!res_val) 783 return -ENOMEM; 784 785 *res_val = reset; /* avoid argument promotion */ 786 787 ret = usb_control_msg(upriv->udev, 788 usb_sndctrlpipe(upriv->udev, 0), 789 EZUSB_REQUEST_FW_TRANS, 790 USB_TYPE_VENDOR | USB_RECIP_DEVICE | 791 USB_DIR_OUT, EZUSB_CPUCS_REG, 0, res_val, 792 sizeof(*res_val), DEF_TIMEOUT); 793 794 kfree(res_val); 795 796 return ret; 797 } 798 799 static int ezusb_firmware_download(struct ezusb_priv *upriv, 800 struct ez_usb_fw *fw) 801 { 802 u8 *fw_buffer; 803 int retval, addr; 804 int variant_offset; 805 806 fw_buffer = kmalloc(FW_BUF_SIZE, GFP_KERNEL); 807 if (!fw_buffer) { 808 printk(KERN_ERR PFX "Out of memory for firmware buffer.\n"); 809 return -ENOMEM; 810 } 811 /* 812 * This byte is 1 and should be replaced with 0. The offset is 813 * 0x10AD in version 0.0.6. The byte in question should follow 814 * the end of the code pointed to by the jump in the beginning 815 * of the firmware. Also, it is read by code located at 0x358. 816 */ 817 variant_offset = be16_to_cpup((__be16 *) &fw->code[FW_VAR_OFFSET_PTR]); 818 if (variant_offset >= fw->size) { 819 printk(KERN_ERR PFX "Invalid firmware variant offset: " 820 "0x%04x\n", variant_offset); 821 retval = -EINVAL; 822 goto fail; 823 } 824 825 retval = ezusb_8051_cpucs(upriv, 1); 826 if (retval < 0) 827 goto fail; 828 for (addr = 0; addr < fw->size; addr += FW_BUF_SIZE) { 829 /* 0x100-0x300 should be left alone, it contains card 830 * specific data, like USB enumeration information */ 831 if ((addr >= FW_HOLE_START) && (addr < FW_HOLE_END)) 832 continue; 833 834 memcpy(fw_buffer, &fw->code[addr], FW_BUF_SIZE); 835 if (variant_offset >= addr && 836 variant_offset < addr + FW_BUF_SIZE) { 837 netdev_dbg(upriv->dev, 838 "Patching card_variant byte at 0x%04X\n", 839 variant_offset); 840 fw_buffer[variant_offset - addr] = FW_VAR_VALUE; 841 } 842 retval = usb_control_msg(upriv->udev, 843 usb_sndctrlpipe(upriv->udev, 0), 844 EZUSB_REQUEST_FW_TRANS, 845 USB_TYPE_VENDOR | USB_RECIP_DEVICE 846 | USB_DIR_OUT, 847 addr, 0x0, 848 fw_buffer, FW_BUF_SIZE, 849 DEF_TIMEOUT); 850 851 if (retval < 0) 852 goto fail; 853 } 854 retval = ezusb_8051_cpucs(upriv, 0); 855 if (retval < 0) 856 goto fail; 857 858 goto exit; 859 fail: 860 printk(KERN_ERR PFX "Firmware download failed, error %d\n", 861 retval); 862 exit: 863 kfree(fw_buffer); 864 return retval; 865 } 866 867 static int ezusb_access_ltv(struct ezusb_priv *upriv, 868 struct request_context *ctx, 869 u16 length, const void *data, u16 frame_type, 870 void *ans_buff, unsigned ans_size, u16 *ans_length) 871 { 872 int req_size; 873 int retval = 0; 874 enum ezusb_state state; 875 876 BUG_ON(in_irq()); 877 878 if (!upriv->udev) { 879 retval = -ENODEV; 880 goto exit; 881 } 882 883 if (upriv->read_urb->status != -EINPROGRESS) 884 err("%s: in urb not pending", __func__); 885 886 /* protect upriv->reply_count, guarantee sequential numbers */ 887 spin_lock_bh(&upriv->reply_count_lock); 888 req_size = ezusb_fill_req(ctx->buf, length, ctx->out_rid, data, 889 frame_type, upriv->reply_count); 890 usb_fill_bulk_urb(ctx->outurb, upriv->udev, upriv->write_pipe, 891 ctx->buf, req_size, 892 ezusb_request_out_callback, ctx); 893 894 if (ctx->in_rid) 895 upriv->reply_count = ezusb_reply_inc(upriv->reply_count); 896 897 ezusb_req_enqueue_run(upriv, ctx); 898 899 spin_unlock_bh(&upriv->reply_count_lock); 900 901 if (ctx->in_rid) 902 ezusb_req_ctx_wait(upriv, ctx); 903 904 state = ctx->state; 905 switch (state) { 906 case EZUSB_CTX_COMPLETE: 907 retval = ctx->outurb->status; 908 break; 909 910 case EZUSB_CTX_QUEUED: 911 case EZUSB_CTX_REQ_SUBMITTED: 912 if (!ctx->in_rid) 913 break; 914 default: 915 err("%s: Unexpected context state %d", __func__, 916 state); 917 /* fall though */ 918 case EZUSB_CTX_REQ_TIMEOUT: 919 case EZUSB_CTX_REQ_FAILED: 920 case EZUSB_CTX_RESP_TIMEOUT: 921 case EZUSB_CTX_REQSUBMIT_FAIL: 922 printk(KERN_ERR PFX "Access failed, resetting (state %d," 923 " reply_count %d)\n", state, upriv->reply_count); 924 upriv->reply_count = 0; 925 if (state == EZUSB_CTX_REQ_TIMEOUT 926 || state == EZUSB_CTX_RESP_TIMEOUT) { 927 printk(KERN_ERR PFX "ctx timed out\n"); 928 retval = -ETIMEDOUT; 929 } else { 930 printk(KERN_ERR PFX "ctx failed\n"); 931 retval = -EFAULT; 932 } 933 goto exit; 934 } 935 if (ctx->in_rid) { 936 struct ezusb_packet *ans = ctx->buf; 937 unsigned exp_len; 938 939 if (ans->hermes_len != 0) 940 exp_len = le16_to_cpu(ans->hermes_len) * 2 + 12; 941 else 942 exp_len = 14; 943 944 if (exp_len != ctx->buf_length) { 945 err("%s: length mismatch for RID 0x%04x: " 946 "expected %d, got %d", __func__, 947 ctx->in_rid, exp_len, ctx->buf_length); 948 retval = -EIO; 949 goto exit; 950 } 951 952 if (ans_buff) 953 memcpy(ans_buff, ans->data, min(exp_len, ans_size)); 954 if (ans_length) 955 *ans_length = le16_to_cpu(ans->hermes_len); 956 } 957 exit: 958 ezusb_request_context_put(ctx); 959 return retval; 960 } 961 962 static int ezusb_write_ltv(struct hermes *hw, int bap, u16 rid, 963 u16 length, const void *data) 964 { 965 struct ezusb_priv *upriv = hw->priv; 966 u16 frame_type; 967 struct request_context *ctx; 968 969 if (length == 0) 970 return -EINVAL; 971 972 length = HERMES_RECLEN_TO_BYTES(length); 973 974 /* On memory mapped devices HERMES_RID_CNFGROUPADDRESSES can be 975 * set to be empty, but the USB bridge doesn't like it */ 976 if (length == 0) 977 return 0; 978 979 ctx = ezusb_alloc_ctx(upriv, rid, EZUSB_RID_ACK); 980 if (!ctx) 981 return -ENOMEM; 982 983 if (rid == EZUSB_RID_TX) 984 frame_type = EZUSB_FRAME_DATA; 985 else 986 frame_type = EZUSB_FRAME_CONTROL; 987 988 return ezusb_access_ltv(upriv, ctx, length, data, frame_type, 989 NULL, 0, NULL); 990 } 991 992 static int ezusb_read_ltv(struct hermes *hw, int bap, u16 rid, 993 unsigned bufsize, u16 *length, void *buf) 994 { 995 struct ezusb_priv *upriv = hw->priv; 996 struct request_context *ctx; 997 998 if (bufsize % 2) 999 return -EINVAL; 1000 1001 ctx = ezusb_alloc_ctx(upriv, rid, rid); 1002 if (!ctx) 1003 return -ENOMEM; 1004 1005 return ezusb_access_ltv(upriv, ctx, 0, NULL, EZUSB_FRAME_CONTROL, 1006 buf, bufsize, length); 1007 } 1008 1009 static int ezusb_doicmd_wait(struct hermes *hw, u16 cmd, u16 parm0, u16 parm1, 1010 u16 parm2, struct hermes_response *resp) 1011 { 1012 struct ezusb_priv *upriv = hw->priv; 1013 struct request_context *ctx; 1014 1015 __le16 data[4] = { 1016 cpu_to_le16(cmd), 1017 cpu_to_le16(parm0), 1018 cpu_to_le16(parm1), 1019 cpu_to_le16(parm2), 1020 }; 1021 netdev_dbg(upriv->dev, 1022 "0x%04X, parm0 0x%04X, parm1 0x%04X, parm2 0x%04X\n", cmd, 1023 parm0, parm1, parm2); 1024 ctx = ezusb_alloc_ctx(upriv, EZUSB_RID_DOCMD, EZUSB_RID_ACK); 1025 if (!ctx) 1026 return -ENOMEM; 1027 1028 return ezusb_access_ltv(upriv, ctx, sizeof(data), &data, 1029 EZUSB_FRAME_CONTROL, NULL, 0, NULL); 1030 } 1031 1032 static int ezusb_docmd_wait(struct hermes *hw, u16 cmd, u16 parm0, 1033 struct hermes_response *resp) 1034 { 1035 struct ezusb_priv *upriv = hw->priv; 1036 struct request_context *ctx; 1037 1038 __le16 data[4] = { 1039 cpu_to_le16(cmd), 1040 cpu_to_le16(parm0), 1041 0, 1042 0, 1043 }; 1044 netdev_dbg(upriv->dev, "0x%04X, parm0 0x%04X\n", cmd, parm0); 1045 ctx = ezusb_alloc_ctx(upriv, EZUSB_RID_DOCMD, EZUSB_RID_ACK); 1046 if (!ctx) 1047 return -ENOMEM; 1048 1049 return ezusb_access_ltv(upriv, ctx, sizeof(data), &data, 1050 EZUSB_FRAME_CONTROL, NULL, 0, NULL); 1051 } 1052 1053 static int ezusb_bap_pread(struct hermes *hw, int bap, 1054 void *buf, int len, u16 id, u16 offset) 1055 { 1056 struct ezusb_priv *upriv = hw->priv; 1057 struct ezusb_packet *ans = (void *) upriv->read_urb->transfer_buffer; 1058 int actual_length = upriv->read_urb->actual_length; 1059 1060 if (id == EZUSB_RID_RX) { 1061 if ((sizeof(*ans) + offset + len) > actual_length) { 1062 printk(KERN_ERR PFX "BAP read beyond buffer end " 1063 "in rx frame\n"); 1064 return -EINVAL; 1065 } 1066 memcpy(buf, ans->data + offset, len); 1067 return 0; 1068 } 1069 1070 if (EZUSB_IS_INFO(id)) { 1071 /* Include 4 bytes for length/type */ 1072 if ((sizeof(*ans) + offset + len - 4) > actual_length) { 1073 printk(KERN_ERR PFX "BAP read beyond buffer end " 1074 "in info frame\n"); 1075 return -EFAULT; 1076 } 1077 memcpy(buf, ans->data + offset - 4, len); 1078 } else { 1079 printk(KERN_ERR PFX "Unexpected fid 0x%04x\n", id); 1080 return -EINVAL; 1081 } 1082 1083 return 0; 1084 } 1085 1086 static int ezusb_read_pda(struct hermes *hw, __le16 *pda, 1087 u32 pda_addr, u16 pda_len) 1088 { 1089 struct ezusb_priv *upriv = hw->priv; 1090 struct request_context *ctx; 1091 __le16 data[] = { 1092 cpu_to_le16(pda_addr & 0xffff), 1093 cpu_to_le16(pda_len - 4) 1094 }; 1095 ctx = ezusb_alloc_ctx(upriv, EZUSB_RID_READ_PDA, EZUSB_RID_READ_PDA); 1096 if (!ctx) 1097 return -ENOMEM; 1098 1099 /* wl_lkm does not include PDA size in the PDA area. 1100 * We will pad the information into pda, so other routines 1101 * don't have to be modified */ 1102 pda[0] = cpu_to_le16(pda_len - 2); 1103 /* Includes CFG_PROD_DATA but not itself */ 1104 pda[1] = cpu_to_le16(0x0800); /* CFG_PROD_DATA */ 1105 1106 return ezusb_access_ltv(upriv, ctx, sizeof(data), &data, 1107 EZUSB_FRAME_CONTROL, &pda[2], pda_len - 4, 1108 NULL); 1109 } 1110 1111 static int ezusb_program_init(struct hermes *hw, u32 entry_point) 1112 { 1113 struct ezusb_priv *upriv = hw->priv; 1114 struct request_context *ctx; 1115 __le32 data = cpu_to_le32(entry_point); 1116 1117 ctx = ezusb_alloc_ctx(upriv, EZUSB_RID_PROG_INIT, EZUSB_RID_ACK); 1118 if (!ctx) 1119 return -ENOMEM; 1120 1121 return ezusb_access_ltv(upriv, ctx, sizeof(data), &data, 1122 EZUSB_FRAME_CONTROL, NULL, 0, NULL); 1123 } 1124 1125 static int ezusb_program_end(struct hermes *hw) 1126 { 1127 struct ezusb_priv *upriv = hw->priv; 1128 struct request_context *ctx; 1129 1130 ctx = ezusb_alloc_ctx(upriv, EZUSB_RID_PROG_END, EZUSB_RID_ACK); 1131 if (!ctx) 1132 return -ENOMEM; 1133 1134 return ezusb_access_ltv(upriv, ctx, 0, NULL, 1135 EZUSB_FRAME_CONTROL, NULL, 0, NULL); 1136 } 1137 1138 static int ezusb_program_bytes(struct hermes *hw, const char *buf, 1139 u32 addr, u32 len) 1140 { 1141 struct ezusb_priv *upriv = hw->priv; 1142 struct request_context *ctx; 1143 __le32 data = cpu_to_le32(addr); 1144 int err; 1145 1146 ctx = ezusb_alloc_ctx(upriv, EZUSB_RID_PROG_SET_ADDR, EZUSB_RID_ACK); 1147 if (!ctx) 1148 return -ENOMEM; 1149 1150 err = ezusb_access_ltv(upriv, ctx, sizeof(data), &data, 1151 EZUSB_FRAME_CONTROL, NULL, 0, NULL); 1152 if (err) 1153 return err; 1154 1155 ctx = ezusb_alloc_ctx(upriv, EZUSB_RID_PROG_BYTES, EZUSB_RID_ACK); 1156 if (!ctx) 1157 return -ENOMEM; 1158 1159 return ezusb_access_ltv(upriv, ctx, len, buf, 1160 EZUSB_FRAME_CONTROL, NULL, 0, NULL); 1161 } 1162 1163 static int ezusb_program(struct hermes *hw, const char *buf, 1164 u32 addr, u32 len) 1165 { 1166 u32 ch_addr; 1167 u32 ch_len; 1168 int err = 0; 1169 1170 /* We can only send 2048 bytes out of the bulk xmit at a time, 1171 * so we have to split any programming into chunks of <2048 1172 * bytes. */ 1173 1174 ch_len = (len < MAX_DL_SIZE) ? len : MAX_DL_SIZE; 1175 ch_addr = addr; 1176 1177 while (ch_addr < (addr + len)) { 1178 pr_debug("Programming subblock of length %d " 1179 "to address 0x%08x. Data @ %p\n", 1180 ch_len, ch_addr, &buf[ch_addr - addr]); 1181 1182 err = ezusb_program_bytes(hw, &buf[ch_addr - addr], 1183 ch_addr, ch_len); 1184 if (err) 1185 break; 1186 1187 ch_addr += ch_len; 1188 ch_len = ((addr + len - ch_addr) < MAX_DL_SIZE) ? 1189 (addr + len - ch_addr) : MAX_DL_SIZE; 1190 } 1191 1192 return err; 1193 } 1194 1195 static netdev_tx_t ezusb_xmit(struct sk_buff *skb, struct net_device *dev) 1196 { 1197 struct orinoco_private *priv = ndev_priv(dev); 1198 struct net_device_stats *stats = &dev->stats; 1199 struct ezusb_priv *upriv = priv->card; 1200 u8 mic[MICHAEL_MIC_LEN + 1]; 1201 int err = 0; 1202 int tx_control; 1203 unsigned long flags; 1204 struct request_context *ctx; 1205 u8 *buf; 1206 int tx_size; 1207 1208 if (!netif_running(dev)) { 1209 printk(KERN_ERR "%s: Tx on stopped device!\n", 1210 dev->name); 1211 return NETDEV_TX_BUSY; 1212 } 1213 1214 if (netif_queue_stopped(dev)) { 1215 printk(KERN_DEBUG "%s: Tx while transmitter busy!\n", 1216 dev->name); 1217 return NETDEV_TX_BUSY; 1218 } 1219 1220 if (orinoco_lock(priv, &flags) != 0) { 1221 printk(KERN_ERR 1222 "%s: ezusb_xmit() called while hw_unavailable\n", 1223 dev->name); 1224 return NETDEV_TX_BUSY; 1225 } 1226 1227 if (!netif_carrier_ok(dev) || 1228 (priv->iw_mode == NL80211_IFTYPE_MONITOR)) { 1229 /* Oops, the firmware hasn't established a connection, 1230 silently drop the packet (this seems to be the 1231 safest approach). */ 1232 goto drop; 1233 } 1234 1235 /* Check packet length */ 1236 if (skb->len < ETH_HLEN) 1237 goto drop; 1238 1239 ctx = ezusb_alloc_ctx(upriv, EZUSB_RID_TX, 0); 1240 if (!ctx) 1241 goto busy; 1242 1243 memset(ctx->buf, 0, BULK_BUF_SIZE); 1244 buf = ctx->buf->data; 1245 1246 tx_control = 0; 1247 1248 err = orinoco_process_xmit_skb(skb, dev, priv, &tx_control, 1249 &mic[0]); 1250 if (err) 1251 goto drop; 1252 1253 { 1254 __le16 *tx_cntl = (__le16 *)buf; 1255 *tx_cntl = cpu_to_le16(tx_control); 1256 buf += sizeof(*tx_cntl); 1257 } 1258 1259 memcpy(buf, skb->data, skb->len); 1260 buf += skb->len; 1261 1262 if (tx_control & HERMES_TXCTRL_MIC) { 1263 u8 *m = mic; 1264 /* Mic has been offset so it can be copied to an even 1265 * address. We're copying eveything anyway, so we 1266 * don't need to copy that first byte. */ 1267 if (skb->len % 2) 1268 m++; 1269 memcpy(buf, m, MICHAEL_MIC_LEN); 1270 buf += MICHAEL_MIC_LEN; 1271 } 1272 1273 /* Finally, we actually initiate the send */ 1274 netif_stop_queue(dev); 1275 1276 /* The card may behave better if we send evenly sized usb transfers */ 1277 tx_size = ALIGN(buf - ctx->buf->data, 2); 1278 1279 err = ezusb_access_ltv(upriv, ctx, tx_size, NULL, 1280 EZUSB_FRAME_DATA, NULL, 0, NULL); 1281 1282 if (err) { 1283 netif_start_queue(dev); 1284 if (net_ratelimit()) 1285 printk(KERN_ERR "%s: Error %d transmitting packet\n", 1286 dev->name, err); 1287 goto busy; 1288 } 1289 1290 netif_trans_update(dev); 1291 stats->tx_bytes += skb->len; 1292 goto ok; 1293 1294 drop: 1295 stats->tx_errors++; 1296 stats->tx_dropped++; 1297 1298 ok: 1299 orinoco_unlock(priv, &flags); 1300 dev_kfree_skb(skb); 1301 return NETDEV_TX_OK; 1302 1303 busy: 1304 orinoco_unlock(priv, &flags); 1305 return NETDEV_TX_BUSY; 1306 } 1307 1308 static int ezusb_allocate(struct hermes *hw, u16 size, u16 *fid) 1309 { 1310 *fid = EZUSB_RID_TX; 1311 return 0; 1312 } 1313 1314 1315 static int ezusb_hard_reset(struct orinoco_private *priv) 1316 { 1317 struct ezusb_priv *upriv = priv->card; 1318 int retval = ezusb_8051_cpucs(upriv, 1); 1319 1320 if (retval < 0) { 1321 err("Failed to reset"); 1322 return retval; 1323 } 1324 1325 retval = ezusb_8051_cpucs(upriv, 0); 1326 if (retval < 0) { 1327 err("Failed to unreset"); 1328 return retval; 1329 } 1330 1331 netdev_dbg(upriv->dev, "sending control message\n"); 1332 retval = usb_control_msg(upriv->udev, 1333 usb_sndctrlpipe(upriv->udev, 0), 1334 EZUSB_REQUEST_TRIGER, 1335 USB_TYPE_VENDOR | USB_RECIP_DEVICE | 1336 USB_DIR_OUT, 0x0, 0x0, NULL, 0, 1337 DEF_TIMEOUT); 1338 if (retval < 0) { 1339 err("EZUSB_REQUEST_TRIGER failed retval %d", retval); 1340 return retval; 1341 } 1342 #if 0 1343 dbg("Sending EZUSB_REQUEST_TRIG_AC"); 1344 retval = usb_control_msg(upriv->udev, 1345 usb_sndctrlpipe(upriv->udev, 0), 1346 EZUSB_REQUEST_TRIG_AC, 1347 USB_TYPE_VENDOR | USB_RECIP_DEVICE | 1348 USB_DIR_OUT, 0x00FA, 0x0, NULL, 0, 1349 DEF_TIMEOUT); 1350 if (retval < 0) { 1351 err("EZUSB_REQUEST_TRIG_AC failed retval %d", retval); 1352 return retval; 1353 } 1354 #endif 1355 1356 return 0; 1357 } 1358 1359 1360 static int ezusb_init(struct hermes *hw) 1361 { 1362 struct ezusb_priv *upriv = hw->priv; 1363 int retval; 1364 1365 BUG_ON(in_interrupt()); 1366 BUG_ON(!upriv); 1367 1368 upriv->reply_count = 0; 1369 /* Write the MAGIC number on the simulated registers to keep 1370 * orinoco.c happy */ 1371 hermes_write_regn(hw, SWSUPPORT0, HERMES_MAGIC); 1372 hermes_write_regn(hw, RXFID, EZUSB_RID_RX); 1373 1374 usb_kill_urb(upriv->read_urb); 1375 ezusb_submit_in_urb(upriv); 1376 1377 retval = ezusb_write_ltv(hw, 0, EZUSB_RID_INIT1, 1378 HERMES_BYTES_TO_RECLEN(2), "\x10\x00"); 1379 if (retval < 0) { 1380 printk(KERN_ERR PFX "EZUSB_RID_INIT1 error %d\n", retval); 1381 return retval; 1382 } 1383 1384 retval = ezusb_docmd_wait(hw, HERMES_CMD_INIT, 0, NULL); 1385 if (retval < 0) { 1386 printk(KERN_ERR PFX "HERMES_CMD_INIT error %d\n", retval); 1387 return retval; 1388 } 1389 1390 return 0; 1391 } 1392 1393 static void ezusb_bulk_in_callback(struct urb *urb) 1394 { 1395 struct ezusb_priv *upriv = (struct ezusb_priv *) urb->context; 1396 struct ezusb_packet *ans = urb->transfer_buffer; 1397 u16 crc; 1398 u16 hermes_rid; 1399 1400 if (upriv->udev == NULL) 1401 return; 1402 1403 if (urb->status == -ETIMEDOUT) { 1404 /* When a device gets unplugged we get this every time 1405 * we resubmit, flooding the logs. Since we don't use 1406 * USB timeouts, it shouldn't happen any other time*/ 1407 pr_warn("%s: urb timed out, not resubmitting\n", __func__); 1408 return; 1409 } 1410 if (urb->status == -ECONNABORTED) { 1411 pr_warn("%s: connection abort, resubmitting urb\n", 1412 __func__); 1413 goto resubmit; 1414 } 1415 if ((urb->status == -EILSEQ) 1416 || (urb->status == -ENOENT) 1417 || (urb->status == -ECONNRESET)) { 1418 netdev_dbg(upriv->dev, "status %d, not resubmiting\n", 1419 urb->status); 1420 return; 1421 } 1422 if (urb->status) 1423 netdev_dbg(upriv->dev, "status: %d length: %d\n", 1424 urb->status, urb->actual_length); 1425 if (urb->actual_length < sizeof(*ans)) { 1426 err("%s: short read, ignoring", __func__); 1427 goto resubmit; 1428 } 1429 crc = build_crc(ans); 1430 if (le16_to_cpu(ans->crc) != crc) { 1431 err("CRC error, ignoring packet"); 1432 goto resubmit; 1433 } 1434 1435 hermes_rid = le16_to_cpu(ans->hermes_rid); 1436 if ((hermes_rid != EZUSB_RID_RX) && !EZUSB_IS_INFO(hermes_rid)) { 1437 ezusb_request_in_callback(upriv, urb); 1438 } else if (upriv->dev) { 1439 struct net_device *dev = upriv->dev; 1440 struct orinoco_private *priv = ndev_priv(dev); 1441 struct hermes *hw = &priv->hw; 1442 1443 if (hermes_rid == EZUSB_RID_RX) { 1444 __orinoco_ev_rx(dev, hw); 1445 } else { 1446 hermes_write_regn(hw, INFOFID, 1447 le16_to_cpu(ans->hermes_rid)); 1448 __orinoco_ev_info(dev, hw); 1449 } 1450 } 1451 1452 resubmit: 1453 if (upriv->udev) 1454 ezusb_submit_in_urb(upriv); 1455 } 1456 1457 static inline void ezusb_delete(struct ezusb_priv *upriv) 1458 { 1459 struct net_device *dev; 1460 struct list_head *item; 1461 struct list_head *tmp_item; 1462 unsigned long flags; 1463 1464 BUG_ON(in_interrupt()); 1465 BUG_ON(!upriv); 1466 1467 dev = upriv->dev; 1468 mutex_lock(&upriv->mtx); 1469 1470 upriv->udev = NULL; /* No timer will be rearmed from here */ 1471 1472 usb_kill_urb(upriv->read_urb); 1473 1474 spin_lock_irqsave(&upriv->req_lock, flags); 1475 list_for_each_safe(item, tmp_item, &upriv->req_active) { 1476 struct request_context *ctx; 1477 int err; 1478 1479 ctx = list_entry(item, struct request_context, list); 1480 atomic_inc(&ctx->refcount); 1481 1482 ctx->outurb->transfer_flags |= URB_ASYNC_UNLINK; 1483 err = usb_unlink_urb(ctx->outurb); 1484 1485 spin_unlock_irqrestore(&upriv->req_lock, flags); 1486 if (err == -EINPROGRESS) 1487 wait_for_completion(&ctx->done); 1488 1489 del_timer_sync(&ctx->timer); 1490 /* FIXME: there is an slight chance for the irq handler to 1491 * be running */ 1492 if (!list_empty(&ctx->list)) 1493 ezusb_ctx_complete(ctx); 1494 1495 ezusb_request_context_put(ctx); 1496 spin_lock_irqsave(&upriv->req_lock, flags); 1497 } 1498 spin_unlock_irqrestore(&upriv->req_lock, flags); 1499 1500 list_for_each_safe(item, tmp_item, &upriv->req_pending) 1501 ezusb_ctx_complete(list_entry(item, 1502 struct request_context, list)); 1503 1504 if (upriv->read_urb && upriv->read_urb->status == -EINPROGRESS) 1505 printk(KERN_ERR PFX "Some URB in progress\n"); 1506 1507 mutex_unlock(&upriv->mtx); 1508 1509 if (upriv->read_urb) { 1510 kfree(upriv->read_urb->transfer_buffer); 1511 usb_free_urb(upriv->read_urb); 1512 } 1513 kfree(upriv->bap_buf); 1514 if (upriv->dev) { 1515 struct orinoco_private *priv = ndev_priv(upriv->dev); 1516 orinoco_if_del(priv); 1517 wiphy_unregister(priv_to_wiphy(upriv)); 1518 free_orinocodev(priv); 1519 } 1520 } 1521 1522 static void ezusb_lock_irqsave(spinlock_t *lock, 1523 unsigned long *flags) __acquires(lock) 1524 { 1525 spin_lock_bh(lock); 1526 } 1527 1528 static void ezusb_unlock_irqrestore(spinlock_t *lock, 1529 unsigned long *flags) __releases(lock) 1530 { 1531 spin_unlock_bh(lock); 1532 } 1533 1534 static void ezusb_lock_irq(spinlock_t *lock) __acquires(lock) 1535 { 1536 spin_lock_bh(lock); 1537 } 1538 1539 static void ezusb_unlock_irq(spinlock_t *lock) __releases(lock) 1540 { 1541 spin_unlock_bh(lock); 1542 } 1543 1544 static const struct hermes_ops ezusb_ops = { 1545 .init = ezusb_init, 1546 .cmd_wait = ezusb_docmd_wait, 1547 .init_cmd_wait = ezusb_doicmd_wait, 1548 .allocate = ezusb_allocate, 1549 .read_ltv = ezusb_read_ltv, 1550 .write_ltv = ezusb_write_ltv, 1551 .bap_pread = ezusb_bap_pread, 1552 .read_pda = ezusb_read_pda, 1553 .program_init = ezusb_program_init, 1554 .program_end = ezusb_program_end, 1555 .program = ezusb_program, 1556 .lock_irqsave = ezusb_lock_irqsave, 1557 .unlock_irqrestore = ezusb_unlock_irqrestore, 1558 .lock_irq = ezusb_lock_irq, 1559 .unlock_irq = ezusb_unlock_irq, 1560 }; 1561 1562 static const struct net_device_ops ezusb_netdev_ops = { 1563 .ndo_open = orinoco_open, 1564 .ndo_stop = orinoco_stop, 1565 .ndo_start_xmit = ezusb_xmit, 1566 .ndo_set_rx_mode = orinoco_set_multicast_list, 1567 .ndo_change_mtu = orinoco_change_mtu, 1568 .ndo_set_mac_address = eth_mac_addr, 1569 .ndo_validate_addr = eth_validate_addr, 1570 .ndo_tx_timeout = orinoco_tx_timeout, 1571 }; 1572 1573 static int ezusb_probe(struct usb_interface *interface, 1574 const struct usb_device_id *id) 1575 { 1576 struct usb_device *udev = interface_to_usbdev(interface); 1577 struct orinoco_private *priv; 1578 struct hermes *hw; 1579 struct ezusb_priv *upriv = NULL; 1580 struct usb_interface_descriptor *iface_desc; 1581 struct usb_endpoint_descriptor *ep; 1582 const struct firmware *fw_entry = NULL; 1583 int retval = 0; 1584 int i; 1585 1586 priv = alloc_orinocodev(sizeof(*upriv), &udev->dev, 1587 ezusb_hard_reset, NULL); 1588 if (!priv) { 1589 err("Couldn't allocate orinocodev"); 1590 retval = -ENOMEM; 1591 goto exit; 1592 } 1593 1594 hw = &priv->hw; 1595 1596 upriv = priv->card; 1597 1598 mutex_init(&upriv->mtx); 1599 spin_lock_init(&upriv->reply_count_lock); 1600 1601 spin_lock_init(&upriv->req_lock); 1602 INIT_LIST_HEAD(&upriv->req_pending); 1603 INIT_LIST_HEAD(&upriv->req_active); 1604 1605 upriv->udev = udev; 1606 1607 hw->iobase = (void __force __iomem *) &upriv->hermes_reg_fake; 1608 hw->reg_spacing = HERMES_16BIT_REGSPACING; 1609 hw->priv = upriv; 1610 hw->ops = &ezusb_ops; 1611 1612 /* set up the endpoint information */ 1613 /* check out the endpoints */ 1614 1615 iface_desc = &interface->altsetting[0].desc; 1616 for (i = 0; i < iface_desc->bNumEndpoints; ++i) { 1617 ep = &interface->altsetting[0].endpoint[i].desc; 1618 1619 if (usb_endpoint_is_bulk_in(ep)) { 1620 /* we found a bulk in endpoint */ 1621 if (upriv->read_urb != NULL) { 1622 pr_warn("Found a second bulk in ep, ignored\n"); 1623 continue; 1624 } 1625 1626 upriv->read_urb = usb_alloc_urb(0, GFP_KERNEL); 1627 if (!upriv->read_urb) 1628 goto error; 1629 if (le16_to_cpu(ep->wMaxPacketSize) != 64) 1630 pr_warn("bulk in: wMaxPacketSize!= 64\n"); 1631 if (ep->bEndpointAddress != (2 | USB_DIR_IN)) 1632 pr_warn("bulk in: bEndpointAddress: %d\n", 1633 ep->bEndpointAddress); 1634 upriv->read_pipe = usb_rcvbulkpipe(udev, 1635 ep-> 1636 bEndpointAddress); 1637 upriv->read_urb->transfer_buffer = 1638 kmalloc(BULK_BUF_SIZE, GFP_KERNEL); 1639 if (!upriv->read_urb->transfer_buffer) { 1640 err("Couldn't allocate IN buffer"); 1641 goto error; 1642 } 1643 } 1644 1645 if (usb_endpoint_is_bulk_out(ep)) { 1646 /* we found a bulk out endpoint */ 1647 if (upriv->bap_buf != NULL) { 1648 pr_warn("Found a second bulk out ep, ignored\n"); 1649 continue; 1650 } 1651 1652 if (le16_to_cpu(ep->wMaxPacketSize) != 64) 1653 pr_warn("bulk out: wMaxPacketSize != 64\n"); 1654 if (ep->bEndpointAddress != 2) 1655 pr_warn("bulk out: bEndpointAddress: %d\n", 1656 ep->bEndpointAddress); 1657 upriv->write_pipe = usb_sndbulkpipe(udev, 1658 ep-> 1659 bEndpointAddress); 1660 upriv->bap_buf = kmalloc(BULK_BUF_SIZE, GFP_KERNEL); 1661 if (!upriv->bap_buf) { 1662 err("Couldn't allocate bulk_out_buffer"); 1663 goto error; 1664 } 1665 } 1666 } 1667 if (!upriv->bap_buf || !upriv->read_urb) { 1668 err("Didn't find the required bulk endpoints"); 1669 goto error; 1670 } 1671 1672 if (request_firmware(&fw_entry, "orinoco_ezusb_fw", 1673 &interface->dev) == 0) { 1674 firmware.size = fw_entry->size; 1675 firmware.code = fw_entry->data; 1676 } 1677 if (firmware.size && firmware.code) { 1678 if (ezusb_firmware_download(upriv, &firmware) < 0) 1679 goto error; 1680 } else { 1681 err("No firmware to download"); 1682 goto error; 1683 } 1684 1685 if (ezusb_hard_reset(priv) < 0) { 1686 err("Cannot reset the device"); 1687 goto error; 1688 } 1689 1690 /* If the firmware is already downloaded orinoco.c will call 1691 * ezusb_init but if the firmware is not already there, that will make 1692 * the kernel very unstable, so we try initializing here and quit in 1693 * case of error */ 1694 if (ezusb_init(hw) < 0) { 1695 err("Couldn't initialize the device"); 1696 err("Firmware may not be downloaded or may be wrong."); 1697 goto error; 1698 } 1699 1700 /* Initialise the main driver */ 1701 if (orinoco_init(priv) != 0) { 1702 err("orinoco_init() failed\n"); 1703 goto error; 1704 } 1705 1706 if (orinoco_if_add(priv, 0, 0, &ezusb_netdev_ops) != 0) { 1707 upriv->dev = NULL; 1708 err("%s: orinoco_if_add() failed", __func__); 1709 wiphy_unregister(priv_to_wiphy(priv)); 1710 goto error; 1711 } 1712 upriv->dev = priv->ndev; 1713 1714 goto exit; 1715 1716 error: 1717 ezusb_delete(upriv); 1718 if (upriv->dev) { 1719 /* upriv->dev was 0, so ezusb_delete() didn't free it */ 1720 free_orinocodev(priv); 1721 } 1722 upriv = NULL; 1723 retval = -EFAULT; 1724 exit: 1725 if (fw_entry) { 1726 firmware.code = NULL; 1727 firmware.size = 0; 1728 release_firmware(fw_entry); 1729 } 1730 usb_set_intfdata(interface, upriv); 1731 return retval; 1732 } 1733 1734 1735 static void ezusb_disconnect(struct usb_interface *intf) 1736 { 1737 struct ezusb_priv *upriv = usb_get_intfdata(intf); 1738 usb_set_intfdata(intf, NULL); 1739 ezusb_delete(upriv); 1740 printk(KERN_INFO PFX "Disconnected\n"); 1741 } 1742 1743 1744 /* usb specific object needed to register this driver with the usb subsystem */ 1745 static struct usb_driver orinoco_driver = { 1746 .name = DRIVER_NAME, 1747 .probe = ezusb_probe, 1748 .disconnect = ezusb_disconnect, 1749 .id_table = ezusb_table, 1750 .disable_hub_initiated_lpm = 1, 1751 }; 1752 1753 module_usb_driver(orinoco_driver); 1754 1755 MODULE_AUTHOR("Manuel Estrada Sainz"); 1756 MODULE_DESCRIPTION("Driver for Orinoco wireless LAN cards using EZUSB bridge"); 1757 MODULE_LICENSE("Dual MPL/GPL"); 1758