1 /*
2  *  Copyright (C) 2008, cozybit Inc.
3  *  Copyright (C) 2003-2006, Marvell International Ltd.
4  *
5  *  This program is free software; you can redistribute it and/or modify
6  *  it under the terms of the GNU General Public License as published by
7  *  the Free Software Foundation; either version 2 of the License, or (at
8  *  your option) any later version.
9  */
10 #define DRV_NAME "lbtf_usb"
11 
12 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
13 
14 #include "libertas_tf.h"
15 #include "if_usb.h"
16 
17 #include <linux/delay.h>
18 #include <linux/module.h>
19 #include <linux/firmware.h>
20 #include <linux/netdevice.h>
21 #include <linux/slab.h>
22 #include <linux/usb.h>
23 
24 #define INSANEDEBUG	0
25 #define lbtf_deb_usb2(...) do { if (INSANEDEBUG) lbtf_deb_usbd(__VA_ARGS__); } while (0)
26 
27 #define MESSAGE_HEADER_LEN	4
28 
29 static char *lbtf_fw_name = "lbtf_usb.bin";
30 module_param_named(fw_name, lbtf_fw_name, charp, 0644);
31 
32 MODULE_FIRMWARE("lbtf_usb.bin");
33 
34 static const struct usb_device_id if_usb_table[] = {
35 	/* Enter the device signature inside */
36 	{ USB_DEVICE(0x1286, 0x2001) },
37 	{ USB_DEVICE(0x05a3, 0x8388) },
38 	{}	/* Terminating entry */
39 };
40 
41 MODULE_DEVICE_TABLE(usb, if_usb_table);
42 
43 static void if_usb_receive(struct urb *urb);
44 static void if_usb_receive_fwload(struct urb *urb);
45 static int if_usb_prog_firmware(struct if_usb_card *cardp);
46 static int if_usb_host_to_card(struct lbtf_private *priv, uint8_t type,
47 			       uint8_t *payload, uint16_t nb);
48 static int usb_tx_block(struct if_usb_card *cardp, uint8_t *payload,
49 			uint16_t nb, u8 data);
50 static void if_usb_free(struct if_usb_card *cardp);
51 static int if_usb_submit_rx_urb(struct if_usb_card *cardp);
52 static int if_usb_reset_device(struct if_usb_card *cardp);
53 
54 /**
55  *  if_usb_wrike_bulk_callback -  call back to handle URB status
56  *
57  *  @param urb		pointer to urb structure
58  */
59 static void if_usb_write_bulk_callback(struct urb *urb)
60 {
61 	if (urb->status != 0) {
62 		/* print the failure status number for debug */
63 		pr_info("URB in failure status: %d\n", urb->status);
64 	} else {
65 		lbtf_deb_usb2(&urb->dev->dev, "URB status is successful\n");
66 		lbtf_deb_usb2(&urb->dev->dev, "Actual length transmitted %d\n",
67 			     urb->actual_length);
68 	}
69 }
70 
71 /**
72  *  if_usb_free - free tx/rx urb, skb and rx buffer
73  *
74  *  @param cardp	pointer if_usb_card
75  */
76 static void if_usb_free(struct if_usb_card *cardp)
77 {
78 	lbtf_deb_enter(LBTF_DEB_USB);
79 
80 	/* Unlink tx & rx urb */
81 	usb_kill_urb(cardp->tx_urb);
82 	usb_kill_urb(cardp->rx_urb);
83 	usb_kill_urb(cardp->cmd_urb);
84 
85 	usb_free_urb(cardp->tx_urb);
86 	cardp->tx_urb = NULL;
87 
88 	usb_free_urb(cardp->rx_urb);
89 	cardp->rx_urb = NULL;
90 
91 	usb_free_urb(cardp->cmd_urb);
92 	cardp->cmd_urb = NULL;
93 
94 	kfree(cardp->ep_out_buf);
95 	cardp->ep_out_buf = NULL;
96 
97 	lbtf_deb_leave(LBTF_DEB_USB);
98 }
99 
100 static void if_usb_setup_firmware(struct lbtf_private *priv)
101 {
102 	struct if_usb_card *cardp = priv->card;
103 	struct cmd_ds_set_boot2_ver b2_cmd;
104 
105 	lbtf_deb_enter(LBTF_DEB_USB);
106 
107 	if_usb_submit_rx_urb(cardp);
108 	b2_cmd.hdr.size = cpu_to_le16(sizeof(b2_cmd));
109 	b2_cmd.action = 0;
110 	b2_cmd.version = cardp->boot2_version;
111 
112 	if (lbtf_cmd_with_response(priv, CMD_SET_BOOT2_VER, &b2_cmd))
113 		lbtf_deb_usb("Setting boot2 version failed\n");
114 
115 	lbtf_deb_leave(LBTF_DEB_USB);
116 }
117 
118 static void if_usb_fw_timeo(struct timer_list *t)
119 {
120 	struct if_usb_card *cardp = from_timer(cardp, t, fw_timeout);
121 
122 	lbtf_deb_enter(LBTF_DEB_USB);
123 	if (!cardp->fwdnldover) {
124 		/* Download timed out */
125 		cardp->priv->surpriseremoved = 1;
126 		pr_err("Download timed out\n");
127 	} else {
128 		lbtf_deb_usb("Download complete, no event. Assuming success\n");
129 	}
130 	wake_up(&cardp->fw_wq);
131 	lbtf_deb_leave(LBTF_DEB_USB);
132 }
133 
134 /**
135  *  if_usb_probe - sets the configuration values
136  *
137  *  @ifnum	interface number
138  *  @id		pointer to usb_device_id
139  *
140  *  Returns: 0 on success, error code on failure
141  */
142 static int if_usb_probe(struct usb_interface *intf,
143 			const struct usb_device_id *id)
144 {
145 	struct usb_device *udev;
146 	struct usb_host_interface *iface_desc;
147 	struct usb_endpoint_descriptor *endpoint;
148 	struct lbtf_private *priv;
149 	struct if_usb_card *cardp;
150 	int i;
151 
152 	lbtf_deb_enter(LBTF_DEB_USB);
153 	udev = interface_to_usbdev(intf);
154 
155 	cardp = kzalloc(sizeof(struct if_usb_card), GFP_KERNEL);
156 	if (!cardp)
157 		goto error;
158 
159 	timer_setup(&cardp->fw_timeout, if_usb_fw_timeo, 0);
160 	init_waitqueue_head(&cardp->fw_wq);
161 
162 	cardp->udev = udev;
163 	iface_desc = intf->cur_altsetting;
164 
165 	lbtf_deb_usbd(&udev->dev, "bcdUSB = 0x%X bDeviceClass = 0x%X"
166 		     " bDeviceSubClass = 0x%X, bDeviceProtocol = 0x%X\n",
167 		     le16_to_cpu(udev->descriptor.bcdUSB),
168 		     udev->descriptor.bDeviceClass,
169 		     udev->descriptor.bDeviceSubClass,
170 		     udev->descriptor.bDeviceProtocol);
171 
172 	for (i = 0; i < iface_desc->desc.bNumEndpoints; ++i) {
173 		endpoint = &iface_desc->endpoint[i].desc;
174 		if (usb_endpoint_is_bulk_in(endpoint)) {
175 			cardp->ep_in_size =
176 				le16_to_cpu(endpoint->wMaxPacketSize);
177 			cardp->ep_in = usb_endpoint_num(endpoint);
178 
179 			lbtf_deb_usbd(&udev->dev, "in_endpoint = %d\n",
180 				cardp->ep_in);
181 			lbtf_deb_usbd(&udev->dev, "Bulk in size is %d\n",
182 				cardp->ep_in_size);
183 		} else if (usb_endpoint_is_bulk_out(endpoint)) {
184 			cardp->ep_out_size =
185 				le16_to_cpu(endpoint->wMaxPacketSize);
186 			cardp->ep_out = usb_endpoint_num(endpoint);
187 
188 			lbtf_deb_usbd(&udev->dev, "out_endpoint = %d\n",
189 				cardp->ep_out);
190 			lbtf_deb_usbd(&udev->dev, "Bulk out size is %d\n",
191 				cardp->ep_out_size);
192 		}
193 	}
194 	if (!cardp->ep_out_size || !cardp->ep_in_size) {
195 		lbtf_deb_usbd(&udev->dev, "Endpoints not found\n");
196 		/* Endpoints not found */
197 		goto dealloc;
198 	}
199 
200 	cardp->rx_urb = usb_alloc_urb(0, GFP_KERNEL);
201 	if (!cardp->rx_urb)
202 		goto dealloc;
203 
204 	cardp->tx_urb = usb_alloc_urb(0, GFP_KERNEL);
205 	if (!cardp->tx_urb)
206 		goto dealloc;
207 
208 	cardp->cmd_urb = usb_alloc_urb(0, GFP_KERNEL);
209 	if (!cardp->cmd_urb)
210 		goto dealloc;
211 
212 	cardp->ep_out_buf = kmalloc(MRVDRV_ETH_TX_PACKET_BUFFER_SIZE,
213 				    GFP_KERNEL);
214 	if (!cardp->ep_out_buf) {
215 		lbtf_deb_usbd(&udev->dev, "Could not allocate buffer\n");
216 		goto dealloc;
217 	}
218 
219 	priv = lbtf_add_card(cardp, &udev->dev);
220 	if (!priv)
221 		goto dealloc;
222 
223 	cardp->priv = priv;
224 
225 	priv->hw_host_to_card = if_usb_host_to_card;
226 	priv->hw_prog_firmware = if_usb_prog_firmware;
227 	priv->hw_reset_device = if_usb_reset_device;
228 	cardp->boot2_version = udev->descriptor.bcdDevice;
229 
230 	usb_get_dev(udev);
231 	usb_set_intfdata(intf, cardp);
232 
233 	return 0;
234 
235 dealloc:
236 	if_usb_free(cardp);
237 error:
238 lbtf_deb_leave(LBTF_DEB_MAIN);
239 	return -ENOMEM;
240 }
241 
242 /**
243  *  if_usb_disconnect -  free resource and cleanup
244  *
245  *  @intf	USB interface structure
246  */
247 static void if_usb_disconnect(struct usb_interface *intf)
248 {
249 	struct if_usb_card *cardp = usb_get_intfdata(intf);
250 	struct lbtf_private *priv = cardp->priv;
251 
252 	lbtf_deb_enter(LBTF_DEB_MAIN);
253 
254 	if_usb_reset_device(cardp);
255 
256 	if (priv)
257 		lbtf_remove_card(priv);
258 
259 	/* Unlink and free urb */
260 	if_usb_free(cardp);
261 
262 	usb_set_intfdata(intf, NULL);
263 	usb_put_dev(interface_to_usbdev(intf));
264 
265 	lbtf_deb_leave(LBTF_DEB_MAIN);
266 }
267 
268 /**
269  *  if_usb_send_fw_pkt -  This function downloads the FW
270  *
271  *  @priv	pointer to struct lbtf_private
272  *
273  *  Returns: 0
274  */
275 static int if_usb_send_fw_pkt(struct if_usb_card *cardp)
276 {
277 	struct fwdata *fwdata = cardp->ep_out_buf;
278 	u8 *firmware = (u8 *) cardp->fw->data;
279 
280 	lbtf_deb_enter(LBTF_DEB_FW);
281 
282 	/* If we got a CRC failure on the last block, back
283 	   up and retry it */
284 	if (!cardp->CRC_OK) {
285 		cardp->totalbytes = cardp->fwlastblksent;
286 		cardp->fwseqnum--;
287 	}
288 
289 	lbtf_deb_usb2(&cardp->udev->dev, "totalbytes = %d\n",
290 		     cardp->totalbytes);
291 
292 	/* struct fwdata (which we sent to the card) has an
293 	   extra __le32 field in between the header and the data,
294 	   which is not in the struct fwheader in the actual
295 	   firmware binary. Insert the seqnum in the middle... */
296 	memcpy(&fwdata->hdr, &firmware[cardp->totalbytes],
297 	       sizeof(struct fwheader));
298 
299 	cardp->fwlastblksent = cardp->totalbytes;
300 	cardp->totalbytes += sizeof(struct fwheader);
301 
302 	memcpy(fwdata->data, &firmware[cardp->totalbytes],
303 	       le32_to_cpu(fwdata->hdr.datalength));
304 
305 	lbtf_deb_usb2(&cardp->udev->dev, "Data length = %d\n",
306 		     le32_to_cpu(fwdata->hdr.datalength));
307 
308 	fwdata->seqnum = cpu_to_le32(++cardp->fwseqnum);
309 	cardp->totalbytes += le32_to_cpu(fwdata->hdr.datalength);
310 
311 	usb_tx_block(cardp, cardp->ep_out_buf, sizeof(struct fwdata) +
312 		     le32_to_cpu(fwdata->hdr.datalength), 0);
313 
314 	if (fwdata->hdr.dnldcmd == cpu_to_le32(FW_HAS_DATA_TO_RECV)) {
315 		lbtf_deb_usb2(&cardp->udev->dev, "There are data to follow\n");
316 		lbtf_deb_usb2(&cardp->udev->dev,
317 			"seqnum = %d totalbytes = %d\n",
318 			cardp->fwseqnum, cardp->totalbytes);
319 	} else if (fwdata->hdr.dnldcmd == cpu_to_le32(FW_HAS_LAST_BLOCK)) {
320 		lbtf_deb_usb2(&cardp->udev->dev,
321 			"Host has finished FW downloading\n");
322 		lbtf_deb_usb2(&cardp->udev->dev, "Donwloading FW JUMP BLOCK\n");
323 
324 		/* Host has finished FW downloading
325 		 * Donwloading FW JUMP BLOCK
326 		 */
327 		cardp->fwfinalblk = 1;
328 	}
329 
330 	lbtf_deb_usb2(&cardp->udev->dev, "Firmware download done; size %d\n",
331 		     cardp->totalbytes);
332 
333 	lbtf_deb_leave(LBTF_DEB_FW);
334 	return 0;
335 }
336 
337 static int if_usb_reset_device(struct if_usb_card *cardp)
338 {
339 	struct cmd_ds_802_11_reset *cmd = cardp->ep_out_buf + 4;
340 	int ret;
341 
342 	lbtf_deb_enter(LBTF_DEB_USB);
343 
344 	*(__le32 *)cardp->ep_out_buf = cpu_to_le32(CMD_TYPE_REQUEST);
345 
346 	cmd->hdr.command = cpu_to_le16(CMD_802_11_RESET);
347 	cmd->hdr.size = cpu_to_le16(sizeof(struct cmd_ds_802_11_reset));
348 	cmd->hdr.result = cpu_to_le16(0);
349 	cmd->hdr.seqnum = cpu_to_le16(0x5a5a);
350 	cmd->action = cpu_to_le16(CMD_ACT_HALT);
351 	usb_tx_block(cardp, cardp->ep_out_buf,
352 		     4 + sizeof(struct cmd_ds_802_11_reset), 0);
353 
354 	msleep(100);
355 	ret = usb_reset_device(cardp->udev);
356 	msleep(100);
357 
358 	lbtf_deb_leave_args(LBTF_DEB_USB, "ret %d", ret);
359 
360 	return ret;
361 }
362 
363 /**
364  *  usb_tx_block - transfer data to the device
365  *
366  *  @priv	pointer to struct lbtf_private
367  *  @payload	pointer to payload data
368  *  @nb		data length
369  *  @data	non-zero for data, zero for commands
370  *
371  *  Returns: 0 on success, nonzero otherwise.
372  */
373 static int usb_tx_block(struct if_usb_card *cardp, uint8_t *payload,
374 			uint16_t nb, u8 data)
375 {
376 	int ret = -1;
377 	struct urb *urb;
378 
379 	lbtf_deb_enter(LBTF_DEB_USB);
380 	/* check if device is removed */
381 	if (cardp->priv->surpriseremoved) {
382 		lbtf_deb_usbd(&cardp->udev->dev, "Device removed\n");
383 		goto tx_ret;
384 	}
385 
386 	if (data)
387 		urb = cardp->tx_urb;
388 	else
389 		urb = cardp->cmd_urb;
390 
391 	usb_fill_bulk_urb(urb, cardp->udev,
392 			  usb_sndbulkpipe(cardp->udev,
393 					  cardp->ep_out),
394 			  payload, nb, if_usb_write_bulk_callback, cardp);
395 
396 	urb->transfer_flags |= URB_ZERO_PACKET;
397 
398 	if (usb_submit_urb(urb, GFP_ATOMIC)) {
399 		lbtf_deb_usbd(&cardp->udev->dev,
400 			"usb_submit_urb failed: %d\n", ret);
401 		goto tx_ret;
402 	}
403 
404 	lbtf_deb_usb2(&cardp->udev->dev, "usb_submit_urb success\n");
405 
406 	ret = 0;
407 
408 tx_ret:
409 	lbtf_deb_leave(LBTF_DEB_USB);
410 	return ret;
411 }
412 
413 static int __if_usb_submit_rx_urb(struct if_usb_card *cardp,
414 				  void (*callbackfn)(struct urb *urb))
415 {
416 	struct sk_buff *skb;
417 	int ret = -1;
418 
419 	lbtf_deb_enter(LBTF_DEB_USB);
420 
421 	skb = dev_alloc_skb(MRVDRV_ETH_RX_PACKET_BUFFER_SIZE);
422 	if (!skb) {
423 		pr_err("No free skb\n");
424 		lbtf_deb_leave(LBTF_DEB_USB);
425 		return -1;
426 	}
427 
428 	cardp->rx_skb = skb;
429 
430 	/* Fill the receive configuration URB and initialise the Rx call back */
431 	usb_fill_bulk_urb(cardp->rx_urb, cardp->udev,
432 			  usb_rcvbulkpipe(cardp->udev, cardp->ep_in),
433 			  skb_tail_pointer(skb),
434 			  MRVDRV_ETH_RX_PACKET_BUFFER_SIZE, callbackfn, cardp);
435 
436 	cardp->rx_urb->transfer_flags |= URB_ZERO_PACKET;
437 
438 	lbtf_deb_usb2(&cardp->udev->dev, "Pointer for rx_urb %p\n",
439 		cardp->rx_urb);
440 	ret = usb_submit_urb(cardp->rx_urb, GFP_ATOMIC);
441 	if (ret) {
442 		lbtf_deb_usbd(&cardp->udev->dev,
443 			"Submit Rx URB failed: %d\n", ret);
444 		kfree_skb(skb);
445 		cardp->rx_skb = NULL;
446 		lbtf_deb_leave(LBTF_DEB_USB);
447 		return -1;
448 	} else {
449 		lbtf_deb_usb2(&cardp->udev->dev, "Submit Rx URB success\n");
450 		lbtf_deb_leave(LBTF_DEB_USB);
451 		return 0;
452 	}
453 }
454 
455 static int if_usb_submit_rx_urb_fwload(struct if_usb_card *cardp)
456 {
457 	return __if_usb_submit_rx_urb(cardp, &if_usb_receive_fwload);
458 }
459 
460 static int if_usb_submit_rx_urb(struct if_usb_card *cardp)
461 {
462 	return __if_usb_submit_rx_urb(cardp, &if_usb_receive);
463 }
464 
465 static void if_usb_receive_fwload(struct urb *urb)
466 {
467 	struct if_usb_card *cardp = urb->context;
468 	struct sk_buff *skb = cardp->rx_skb;
469 	struct fwsyncheader *syncfwheader;
470 	struct bootcmdresp bcmdresp;
471 
472 	lbtf_deb_enter(LBTF_DEB_USB);
473 	if (urb->status) {
474 		lbtf_deb_usbd(&cardp->udev->dev,
475 			     "URB status is failed during fw load\n");
476 		kfree_skb(skb);
477 		lbtf_deb_leave(LBTF_DEB_USB);
478 		return;
479 	}
480 
481 	if (cardp->fwdnldover) {
482 		__le32 *tmp = (__le32 *)(skb->data);
483 
484 		if (tmp[0] == cpu_to_le32(CMD_TYPE_INDICATION) &&
485 		    tmp[1] == cpu_to_le32(MACREG_INT_CODE_FIRMWARE_READY)) {
486 			/* Firmware ready event received */
487 			pr_info("Firmware ready event received\n");
488 			wake_up(&cardp->fw_wq);
489 		} else {
490 			lbtf_deb_usb("Waiting for confirmation; got %x %x\n",
491 				    le32_to_cpu(tmp[0]), le32_to_cpu(tmp[1]));
492 			if_usb_submit_rx_urb_fwload(cardp);
493 		}
494 		kfree_skb(skb);
495 		lbtf_deb_leave(LBTF_DEB_USB);
496 		return;
497 	}
498 	if (cardp->bootcmdresp <= 0) {
499 		memcpy(&bcmdresp, skb->data, sizeof(bcmdresp));
500 
501 		if (le16_to_cpu(cardp->udev->descriptor.bcdDevice) < 0x3106) {
502 			kfree_skb(skb);
503 			if_usb_submit_rx_urb_fwload(cardp);
504 			cardp->bootcmdresp = 1;
505 			/* Received valid boot command response */
506 			lbtf_deb_usbd(&cardp->udev->dev,
507 				     "Received valid boot command response\n");
508 			lbtf_deb_leave(LBTF_DEB_USB);
509 			return;
510 		}
511 		if (bcmdresp.magic != cpu_to_le32(BOOT_CMD_MAGIC_NUMBER)) {
512 			if (bcmdresp.magic == cpu_to_le32(CMD_TYPE_REQUEST) ||
513 			    bcmdresp.magic == cpu_to_le32(CMD_TYPE_DATA) ||
514 			    bcmdresp.magic == cpu_to_le32(CMD_TYPE_INDICATION)) {
515 				if (!cardp->bootcmdresp)
516 					pr_info("Firmware already seems alive; resetting\n");
517 				cardp->bootcmdresp = -1;
518 			} else {
519 				pr_info("boot cmd response wrong magic number (0x%x)\n",
520 					    le32_to_cpu(bcmdresp.magic));
521 			}
522 		} else if (bcmdresp.cmd != BOOT_CMD_FW_BY_USB) {
523 			pr_info("boot cmd response cmd_tag error (%d)\n",
524 				bcmdresp.cmd);
525 		} else if (bcmdresp.result != BOOT_CMD_RESP_OK) {
526 			pr_info("boot cmd response result error (%d)\n",
527 				bcmdresp.result);
528 		} else {
529 			cardp->bootcmdresp = 1;
530 			lbtf_deb_usbd(&cardp->udev->dev,
531 				"Received valid boot command response\n");
532 		}
533 
534 		kfree_skb(skb);
535 		if_usb_submit_rx_urb_fwload(cardp);
536 		lbtf_deb_leave(LBTF_DEB_USB);
537 		return;
538 	}
539 
540 	syncfwheader = kmemdup(skb->data, sizeof(struct fwsyncheader),
541 			       GFP_ATOMIC);
542 	if (!syncfwheader) {
543 		lbtf_deb_usbd(&cardp->udev->dev,
544 			"Failure to allocate syncfwheader\n");
545 		kfree_skb(skb);
546 		lbtf_deb_leave(LBTF_DEB_USB);
547 		return;
548 	}
549 
550 	if (!syncfwheader->cmd) {
551 		lbtf_deb_usb2(&cardp->udev->dev,
552 			"FW received Blk with correct CRC\n");
553 		lbtf_deb_usb2(&cardp->udev->dev,
554 			"FW received Blk seqnum = %d\n",
555 			le32_to_cpu(syncfwheader->seqnum));
556 		cardp->CRC_OK = 1;
557 	} else {
558 		lbtf_deb_usbd(&cardp->udev->dev,
559 			"FW received Blk with CRC error\n");
560 		cardp->CRC_OK = 0;
561 	}
562 
563 	kfree_skb(skb);
564 
565 	/* reschedule timer for 200ms hence */
566 	mod_timer(&cardp->fw_timeout, jiffies + (HZ/5));
567 
568 	if (cardp->fwfinalblk) {
569 		cardp->fwdnldover = 1;
570 		goto exit;
571 	}
572 
573 	if_usb_send_fw_pkt(cardp);
574 
575  exit:
576 	if_usb_submit_rx_urb_fwload(cardp);
577 
578 	kfree(syncfwheader);
579 
580 	lbtf_deb_leave(LBTF_DEB_USB);
581 }
582 
583 #define MRVDRV_MIN_PKT_LEN	30
584 
585 static inline void process_cmdtypedata(int recvlength, struct sk_buff *skb,
586 				       struct if_usb_card *cardp,
587 				       struct lbtf_private *priv)
588 {
589 	if (recvlength > MRVDRV_ETH_RX_PACKET_BUFFER_SIZE + MESSAGE_HEADER_LEN
590 	    || recvlength < MRVDRV_MIN_PKT_LEN) {
591 		lbtf_deb_usbd(&cardp->udev->dev, "Packet length is Invalid\n");
592 		kfree_skb(skb);
593 		return;
594 	}
595 
596 	skb_put(skb, recvlength);
597 	skb_pull(skb, MESSAGE_HEADER_LEN);
598 	lbtf_rx(priv, skb);
599 }
600 
601 static inline void process_cmdrequest(int recvlength, uint8_t *recvbuff,
602 				      struct sk_buff *skb,
603 				      struct if_usb_card *cardp,
604 				      struct lbtf_private *priv)
605 {
606 	if (recvlength > LBS_CMD_BUFFER_SIZE) {
607 		lbtf_deb_usbd(&cardp->udev->dev,
608 			     "The receive buffer is too large\n");
609 		kfree_skb(skb);
610 		return;
611 	}
612 
613 	BUG_ON(!in_interrupt());
614 
615 	spin_lock(&priv->driver_lock);
616 	memcpy(priv->cmd_resp_buff, recvbuff + MESSAGE_HEADER_LEN,
617 	       recvlength - MESSAGE_HEADER_LEN);
618 	kfree_skb(skb);
619 	lbtf_cmd_response_rx(priv);
620 	spin_unlock(&priv->driver_lock);
621 }
622 
623 /**
624  *  if_usb_receive - read data received from the device.
625  *
626  *  @urb		pointer to struct urb
627  */
628 static void if_usb_receive(struct urb *urb)
629 {
630 	struct if_usb_card *cardp = urb->context;
631 	struct sk_buff *skb = cardp->rx_skb;
632 	struct lbtf_private *priv = cardp->priv;
633 	int recvlength = urb->actual_length;
634 	uint8_t *recvbuff = NULL;
635 	uint32_t recvtype = 0;
636 	__le32 *pkt = (__le32 *) skb->data;
637 
638 	lbtf_deb_enter(LBTF_DEB_USB);
639 
640 	if (recvlength) {
641 		if (urb->status) {
642 			lbtf_deb_usbd(&cardp->udev->dev, "RX URB failed: %d\n",
643 				     urb->status);
644 			kfree_skb(skb);
645 			goto setup_for_next;
646 		}
647 
648 		recvbuff = skb->data;
649 		recvtype = le32_to_cpu(pkt[0]);
650 		lbtf_deb_usbd(&cardp->udev->dev,
651 			    "Recv length = 0x%x, Recv type = 0x%X\n",
652 			    recvlength, recvtype);
653 	} else if (urb->status) {
654 		kfree_skb(skb);
655 		lbtf_deb_leave(LBTF_DEB_USB);
656 		return;
657 	}
658 
659 	switch (recvtype) {
660 	case CMD_TYPE_DATA:
661 		process_cmdtypedata(recvlength, skb, cardp, priv);
662 		break;
663 
664 	case CMD_TYPE_REQUEST:
665 		process_cmdrequest(recvlength, recvbuff, skb, cardp, priv);
666 		break;
667 
668 	case CMD_TYPE_INDICATION:
669 	{
670 		/* Event cause handling */
671 		u32 event_cause = le32_to_cpu(pkt[1]);
672 		lbtf_deb_usbd(&cardp->udev->dev, "**EVENT** 0x%X\n",
673 			event_cause);
674 
675 		/* Icky undocumented magic special case */
676 		if (event_cause & 0xffff0000) {
677 			u16 tmp;
678 			u8 retrycnt;
679 			u8 failure;
680 
681 			tmp = event_cause >> 16;
682 			retrycnt = tmp & 0x00ff;
683 			failure = (tmp & 0xff00) >> 8;
684 			lbtf_send_tx_feedback(priv, retrycnt, failure);
685 		} else if (event_cause == LBTF_EVENT_BCN_SENT)
686 			lbtf_bcn_sent(priv);
687 		else
688 			lbtf_deb_usbd(&cardp->udev->dev,
689 			       "Unsupported notification %d received\n",
690 			       event_cause);
691 		kfree_skb(skb);
692 		break;
693 	}
694 	default:
695 		lbtf_deb_usbd(&cardp->udev->dev,
696 			"libertastf: unknown command type 0x%X\n", recvtype);
697 		kfree_skb(skb);
698 		break;
699 	}
700 
701 setup_for_next:
702 	if_usb_submit_rx_urb(cardp);
703 	lbtf_deb_leave(LBTF_DEB_USB);
704 }
705 
706 /**
707  *  if_usb_host_to_card -  Download data to the device
708  *
709  *  @priv		pointer to struct lbtf_private structure
710  *  @type		type of data
711  *  @buf		pointer to data buffer
712  *  @len		number of bytes
713  *
714  *  Returns: 0 on success, nonzero otherwise
715  */
716 static int if_usb_host_to_card(struct lbtf_private *priv, uint8_t type,
717 			       uint8_t *payload, uint16_t nb)
718 {
719 	struct if_usb_card *cardp = priv->card;
720 	u8 data = 0;
721 
722 	lbtf_deb_usbd(&cardp->udev->dev, "*** type = %u\n", type);
723 	lbtf_deb_usbd(&cardp->udev->dev, "size after = %d\n", nb);
724 
725 	if (type == MVMS_CMD) {
726 		*(__le32 *)cardp->ep_out_buf = cpu_to_le32(CMD_TYPE_REQUEST);
727 	} else {
728 		*(__le32 *)cardp->ep_out_buf = cpu_to_le32(CMD_TYPE_DATA);
729 		data = 1;
730 	}
731 
732 	memcpy((cardp->ep_out_buf + MESSAGE_HEADER_LEN), payload, nb);
733 
734 	return usb_tx_block(cardp, cardp->ep_out_buf, nb + MESSAGE_HEADER_LEN,
735 			    data);
736 }
737 
738 /**
739  *  if_usb_issue_boot_command - Issue boot command to Boot2.
740  *
741  *  @ivalue   1 boots from FW by USB-Download, 2 boots from FW in EEPROM.
742  *
743  *  Returns: 0
744  */
745 static int if_usb_issue_boot_command(struct if_usb_card *cardp, int ivalue)
746 {
747 	struct bootcmd *bootcmd = cardp->ep_out_buf;
748 
749 	/* Prepare command */
750 	bootcmd->magic = cpu_to_le32(BOOT_CMD_MAGIC_NUMBER);
751 	bootcmd->cmd = ivalue;
752 	memset(bootcmd->pad, 0, sizeof(bootcmd->pad));
753 
754 	/* Issue command */
755 	usb_tx_block(cardp, cardp->ep_out_buf, sizeof(*bootcmd), 0);
756 
757 	return 0;
758 }
759 
760 
761 /**
762  *  check_fwfile_format - Check the validity of Boot2/FW image.
763  *
764  *  @data	pointer to image
765  *  @totlen	image length
766  *
767  *  Returns: 0 if the image is valid, nonzero otherwise.
768  */
769 static int check_fwfile_format(const u8 *data, u32 totlen)
770 {
771 	u32 bincmd, exit;
772 	u32 blksize, offset, len;
773 	int ret;
774 
775 	ret = 1;
776 	exit = len = 0;
777 
778 	do {
779 		struct fwheader *fwh = (void *) data;
780 
781 		bincmd = le32_to_cpu(fwh->dnldcmd);
782 		blksize = le32_to_cpu(fwh->datalength);
783 		switch (bincmd) {
784 		case FW_HAS_DATA_TO_RECV:
785 			offset = sizeof(struct fwheader) + blksize;
786 			data += offset;
787 			len += offset;
788 			if (len >= totlen)
789 				exit = 1;
790 			break;
791 		case FW_HAS_LAST_BLOCK:
792 			exit = 1;
793 			ret = 0;
794 			break;
795 		default:
796 			exit = 1;
797 			break;
798 		}
799 	} while (!exit);
800 
801 	if (ret)
802 		pr_err("firmware file format check FAIL\n");
803 	else
804 		lbtf_deb_fw("firmware file format check PASS\n");
805 
806 	return ret;
807 }
808 
809 
810 static int if_usb_prog_firmware(struct if_usb_card *cardp)
811 {
812 	int i = 0;
813 	static int reset_count = 10;
814 	int ret = 0;
815 
816 	lbtf_deb_enter(LBTF_DEB_USB);
817 
818 	kernel_param_lock(THIS_MODULE);
819 	ret = request_firmware(&cardp->fw, lbtf_fw_name, &cardp->udev->dev);
820 	if (ret < 0) {
821 		pr_err("request_firmware() failed with %#x\n", ret);
822 		pr_err("firmware %s not found\n", lbtf_fw_name);
823 		kernel_param_unlock(THIS_MODULE);
824 		goto done;
825 	}
826 	kernel_param_unlock(THIS_MODULE);
827 
828 	if (check_fwfile_format(cardp->fw->data, cardp->fw->size))
829 		goto release_fw;
830 
831 restart:
832 	if (if_usb_submit_rx_urb_fwload(cardp) < 0) {
833 		lbtf_deb_usbd(&cardp->udev->dev, "URB submission is failed\n");
834 		ret = -1;
835 		goto release_fw;
836 	}
837 
838 	cardp->bootcmdresp = 0;
839 	do {
840 		int j = 0;
841 		i++;
842 		/* Issue Boot command = 1, Boot from Download-FW */
843 		if_usb_issue_boot_command(cardp, BOOT_CMD_FW_BY_USB);
844 		/* wait for command response */
845 		do {
846 			j++;
847 			msleep_interruptible(100);
848 		} while (cardp->bootcmdresp == 0 && j < 10);
849 	} while (cardp->bootcmdresp == 0 && i < 5);
850 
851 	if (cardp->bootcmdresp <= 0) {
852 		if (--reset_count >= 0) {
853 			if_usb_reset_device(cardp);
854 			goto restart;
855 		}
856 		return -1;
857 	}
858 
859 	i = 0;
860 
861 	cardp->totalbytes = 0;
862 	cardp->fwlastblksent = 0;
863 	cardp->CRC_OK = 1;
864 	cardp->fwdnldover = 0;
865 	cardp->fwseqnum = -1;
866 	cardp->totalbytes = 0;
867 	cardp->fwfinalblk = 0;
868 
869 	/* Send the first firmware packet... */
870 	if_usb_send_fw_pkt(cardp);
871 
872 	/* ... and wait for the process to complete */
873 	wait_event_interruptible(cardp->fw_wq, cardp->priv->surpriseremoved ||
874 					       cardp->fwdnldover);
875 
876 	del_timer_sync(&cardp->fw_timeout);
877 	usb_kill_urb(cardp->rx_urb);
878 
879 	if (!cardp->fwdnldover) {
880 		pr_info("failed to load fw, resetting device!\n");
881 		if (--reset_count >= 0) {
882 			if_usb_reset_device(cardp);
883 			goto restart;
884 		}
885 
886 		pr_info("FW download failure, time = %d ms\n", i * 100);
887 		ret = -1;
888 		goto release_fw;
889 	}
890 
891 	cardp->priv->fw_ready = 1;
892 
893  release_fw:
894 	release_firmware(cardp->fw);
895 	cardp->fw = NULL;
896 
897 	if_usb_setup_firmware(cardp->priv);
898 
899  done:
900 	lbtf_deb_leave_args(LBTF_DEB_USB, "ret %d", ret);
901 	return ret;
902 }
903 
904 
905 #define if_usb_suspend NULL
906 #define if_usb_resume NULL
907 
908 static struct usb_driver if_usb_driver = {
909 	.name = DRV_NAME,
910 	.probe = if_usb_probe,
911 	.disconnect = if_usb_disconnect,
912 	.id_table = if_usb_table,
913 	.suspend = if_usb_suspend,
914 	.resume = if_usb_resume,
915 	.disable_hub_initiated_lpm = 1,
916 };
917 
918 module_usb_driver(if_usb_driver);
919 
920 MODULE_DESCRIPTION("8388 USB WLAN Thinfirm Driver");
921 MODULE_AUTHOR("Cozybit Inc.");
922 MODULE_LICENSE("GPL");
923