1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3  *  Copyright (C) 2008, cozybit Inc.
4  *  Copyright (C) 2003-2006, Marvell International Ltd.
5  */
6 #define DRV_NAME "lbtf_usb"
7 
8 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
9 
10 #include "libertas_tf.h"
11 #include "if_usb.h"
12 
13 #include <linux/delay.h>
14 #include <linux/module.h>
15 #include <linux/firmware.h>
16 #include <linux/netdevice.h>
17 #include <linux/slab.h>
18 #include <linux/usb.h>
19 
20 #define INSANEDEBUG	0
21 #define lbtf_deb_usb2(...) do { if (INSANEDEBUG) lbtf_deb_usbd(__VA_ARGS__); } while (0)
22 
23 #define MESSAGE_HEADER_LEN	4
24 
25 static char *lbtf_fw_name = "lbtf_usb.bin";
26 module_param_named(fw_name, lbtf_fw_name, charp, 0644);
27 
28 MODULE_FIRMWARE("lbtf_usb.bin");
29 
30 static const struct usb_device_id if_usb_table[] = {
31 	/* Enter the device signature inside */
32 	{ USB_DEVICE(0x1286, 0x2001) },
33 	{ USB_DEVICE(0x05a3, 0x8388) },
34 	{}	/* Terminating entry */
35 };
36 
37 MODULE_DEVICE_TABLE(usb, if_usb_table);
38 
39 static void if_usb_receive(struct urb *urb);
40 static void if_usb_receive_fwload(struct urb *urb);
41 static int if_usb_prog_firmware(struct lbtf_private *priv);
42 static int if_usb_host_to_card(struct lbtf_private *priv, uint8_t type,
43 			       uint8_t *payload, uint16_t nb);
44 static int usb_tx_block(struct if_usb_card *cardp, uint8_t *payload,
45 			uint16_t nb, u8 data);
46 static void if_usb_free(struct if_usb_card *cardp);
47 static int if_usb_submit_rx_urb(struct if_usb_card *cardp);
48 static int if_usb_reset_device(struct lbtf_private *priv);
49 
50 /**
51  *  if_usb_write_bulk_callback -  call back to handle URB status
52  *
53  *  @urb:		pointer to urb structure
54  */
55 static void if_usb_write_bulk_callback(struct urb *urb)
56 {
57 	if (urb->status != 0) {
58 		/* print the failure status number for debug */
59 		pr_info("URB in failure status: %d\n", urb->status);
60 	} else {
61 		lbtf_deb_usb2(&urb->dev->dev, "URB status is successful\n");
62 		lbtf_deb_usb2(&urb->dev->dev, "Actual length transmitted %d\n",
63 			     urb->actual_length);
64 	}
65 }
66 
67 /**
68  *  if_usb_free - free tx/rx urb, skb and rx buffer
69  *
70  *  @cardp:	pointer if_usb_card
71  */
72 static void if_usb_free(struct if_usb_card *cardp)
73 {
74 	lbtf_deb_enter(LBTF_DEB_USB);
75 
76 	/* Unlink tx & rx urb */
77 	usb_kill_urb(cardp->tx_urb);
78 	usb_kill_urb(cardp->rx_urb);
79 	usb_kill_urb(cardp->cmd_urb);
80 
81 	usb_free_urb(cardp->tx_urb);
82 	cardp->tx_urb = NULL;
83 
84 	usb_free_urb(cardp->rx_urb);
85 	cardp->rx_urb = NULL;
86 
87 	usb_free_urb(cardp->cmd_urb);
88 	cardp->cmd_urb = NULL;
89 
90 	kfree(cardp->ep_out_buf);
91 	cardp->ep_out_buf = NULL;
92 
93 	lbtf_deb_leave(LBTF_DEB_USB);
94 }
95 
96 static void if_usb_setup_firmware(struct lbtf_private *priv)
97 {
98 	struct if_usb_card *cardp = priv->card;
99 	struct cmd_ds_set_boot2_ver b2_cmd;
100 
101 	lbtf_deb_enter(LBTF_DEB_USB);
102 
103 	if_usb_submit_rx_urb(cardp);
104 	b2_cmd.hdr.size = cpu_to_le16(sizeof(b2_cmd));
105 	b2_cmd.action = 0;
106 	b2_cmd.version = cardp->boot2_version;
107 
108 	if (lbtf_cmd_with_response(priv, CMD_SET_BOOT2_VER, &b2_cmd))
109 		lbtf_deb_usb("Setting boot2 version failed\n");
110 
111 	lbtf_deb_leave(LBTF_DEB_USB);
112 }
113 
114 static void if_usb_fw_timeo(struct timer_list *t)
115 {
116 	struct if_usb_card *cardp = from_timer(cardp, t, fw_timeout);
117 
118 	lbtf_deb_enter(LBTF_DEB_USB);
119 	if (!cardp->fwdnldover) {
120 		/* Download timed out */
121 		cardp->priv->surpriseremoved = 1;
122 		pr_err("Download timed out\n");
123 	} else {
124 		lbtf_deb_usb("Download complete, no event. Assuming success\n");
125 	}
126 	wake_up(&cardp->fw_wq);
127 	lbtf_deb_leave(LBTF_DEB_USB);
128 }
129 
130 static const struct lbtf_ops if_usb_ops = {
131 	.hw_host_to_card = if_usb_host_to_card,
132 	.hw_prog_firmware = if_usb_prog_firmware,
133 	.hw_reset_device = if_usb_reset_device,
134 };
135 
136 /**
137  *  if_usb_probe - sets the configuration values
138  *
139  *  @intf:	USB interface structure
140  *  @id:	pointer to usb_device_id
141  *
142  *  Returns: 0 on success, error code on failure
143  */
144 static int if_usb_probe(struct usb_interface *intf,
145 			const struct usb_device_id *id)
146 {
147 	struct usb_device *udev;
148 	struct usb_host_interface *iface_desc;
149 	struct usb_endpoint_descriptor *endpoint;
150 	struct lbtf_private *priv;
151 	struct if_usb_card *cardp;
152 	int i;
153 
154 	lbtf_deb_enter(LBTF_DEB_USB);
155 	udev = interface_to_usbdev(intf);
156 
157 	cardp = kzalloc(sizeof(struct if_usb_card), GFP_KERNEL);
158 	if (!cardp)
159 		goto error;
160 
161 	timer_setup(&cardp->fw_timeout, if_usb_fw_timeo, 0);
162 	init_waitqueue_head(&cardp->fw_wq);
163 
164 	cardp->udev = udev;
165 	iface_desc = intf->cur_altsetting;
166 
167 	lbtf_deb_usbd(&udev->dev, "bcdUSB = 0x%X bDeviceClass = 0x%X"
168 		     " bDeviceSubClass = 0x%X, bDeviceProtocol = 0x%X\n",
169 		     le16_to_cpu(udev->descriptor.bcdUSB),
170 		     udev->descriptor.bDeviceClass,
171 		     udev->descriptor.bDeviceSubClass,
172 		     udev->descriptor.bDeviceProtocol);
173 
174 	for (i = 0; i < iface_desc->desc.bNumEndpoints; ++i) {
175 		endpoint = &iface_desc->endpoint[i].desc;
176 		if (usb_endpoint_is_bulk_in(endpoint)) {
177 			cardp->ep_in_size =
178 				le16_to_cpu(endpoint->wMaxPacketSize);
179 			cardp->ep_in = usb_endpoint_num(endpoint);
180 
181 			lbtf_deb_usbd(&udev->dev, "in_endpoint = %d\n",
182 				cardp->ep_in);
183 			lbtf_deb_usbd(&udev->dev, "Bulk in size is %d\n",
184 				cardp->ep_in_size);
185 		} else if (usb_endpoint_is_bulk_out(endpoint)) {
186 			cardp->ep_out_size =
187 				le16_to_cpu(endpoint->wMaxPacketSize);
188 			cardp->ep_out = usb_endpoint_num(endpoint);
189 
190 			lbtf_deb_usbd(&udev->dev, "out_endpoint = %d\n",
191 				cardp->ep_out);
192 			lbtf_deb_usbd(&udev->dev, "Bulk out size is %d\n",
193 				cardp->ep_out_size);
194 		}
195 	}
196 	if (!cardp->ep_out_size || !cardp->ep_in_size) {
197 		lbtf_deb_usbd(&udev->dev, "Endpoints not found\n");
198 		/* Endpoints not found */
199 		goto dealloc;
200 	}
201 
202 	cardp->rx_urb = usb_alloc_urb(0, GFP_KERNEL);
203 	if (!cardp->rx_urb)
204 		goto dealloc;
205 
206 	cardp->tx_urb = usb_alloc_urb(0, GFP_KERNEL);
207 	if (!cardp->tx_urb)
208 		goto dealloc;
209 
210 	cardp->cmd_urb = usb_alloc_urb(0, GFP_KERNEL);
211 	if (!cardp->cmd_urb)
212 		goto dealloc;
213 
214 	cardp->ep_out_buf = kmalloc(MRVDRV_ETH_TX_PACKET_BUFFER_SIZE,
215 				    GFP_KERNEL);
216 	if (!cardp->ep_out_buf) {
217 		lbtf_deb_usbd(&udev->dev, "Could not allocate buffer\n");
218 		goto dealloc;
219 	}
220 
221 	cardp->boot2_version = udev->descriptor.bcdDevice;
222 	priv = lbtf_add_card(cardp, &udev->dev, &if_usb_ops);
223 	if (!priv)
224 		goto dealloc;
225 
226 	usb_get_dev(udev);
227 	usb_set_intfdata(intf, cardp);
228 
229 	return 0;
230 
231 dealloc:
232 	if_usb_free(cardp);
233 	kfree(cardp);
234 error:
235 lbtf_deb_leave(LBTF_DEB_MAIN);
236 	return -ENOMEM;
237 }
238 
239 /**
240  *  if_usb_disconnect -  free resource and cleanup
241  *
242  *  @intf:	USB interface structure
243  */
244 static void if_usb_disconnect(struct usb_interface *intf)
245 {
246 	struct if_usb_card *cardp = usb_get_intfdata(intf);
247 	struct lbtf_private *priv = cardp->priv;
248 
249 	lbtf_deb_enter(LBTF_DEB_MAIN);
250 
251 	if (priv) {
252 		if_usb_reset_device(priv);
253 		lbtf_remove_card(priv);
254 	}
255 
256 	/* Unlink and free urb */
257 	if_usb_free(cardp);
258 	kfree(cardp);
259 
260 	usb_set_intfdata(intf, NULL);
261 	usb_put_dev(interface_to_usbdev(intf));
262 
263 	lbtf_deb_leave(LBTF_DEB_MAIN);
264 }
265 
266 /**
267  *  if_usb_send_fw_pkt -  This function downloads the FW
268  *
269  *  @cardp:	pointer if_usb_card
270  *
271  *  Returns: 0
272  */
273 static int if_usb_send_fw_pkt(struct if_usb_card *cardp)
274 {
275 	struct fwdata *fwdata = cardp->ep_out_buf;
276 	u8 *firmware = (u8 *) cardp->fw->data;
277 
278 	lbtf_deb_enter(LBTF_DEB_FW);
279 
280 	/* If we got a CRC failure on the last block, back
281 	   up and retry it */
282 	if (!cardp->CRC_OK) {
283 		cardp->totalbytes = cardp->fwlastblksent;
284 		cardp->fwseqnum--;
285 	}
286 
287 	lbtf_deb_usb2(&cardp->udev->dev, "totalbytes = %d\n",
288 		     cardp->totalbytes);
289 
290 	/* struct fwdata (which we sent to the card) has an
291 	   extra __le32 field in between the header and the data,
292 	   which is not in the struct fwheader in the actual
293 	   firmware binary. Insert the seqnum in the middle... */
294 	memcpy(&fwdata->hdr, &firmware[cardp->totalbytes],
295 	       sizeof(struct fwheader));
296 
297 	cardp->fwlastblksent = cardp->totalbytes;
298 	cardp->totalbytes += sizeof(struct fwheader);
299 
300 	memcpy(fwdata->data, &firmware[cardp->totalbytes],
301 	       le32_to_cpu(fwdata->hdr.datalength));
302 
303 	lbtf_deb_usb2(&cardp->udev->dev, "Data length = %d\n",
304 		     le32_to_cpu(fwdata->hdr.datalength));
305 
306 	fwdata->seqnum = cpu_to_le32(++cardp->fwseqnum);
307 	cardp->totalbytes += le32_to_cpu(fwdata->hdr.datalength);
308 
309 	usb_tx_block(cardp, cardp->ep_out_buf, sizeof(struct fwdata) +
310 		     le32_to_cpu(fwdata->hdr.datalength), 0);
311 
312 	if (fwdata->hdr.dnldcmd == cpu_to_le32(FW_HAS_DATA_TO_RECV)) {
313 		lbtf_deb_usb2(&cardp->udev->dev, "There are data to follow\n");
314 		lbtf_deb_usb2(&cardp->udev->dev,
315 			"seqnum = %d totalbytes = %d\n",
316 			cardp->fwseqnum, cardp->totalbytes);
317 	} else if (fwdata->hdr.dnldcmd == cpu_to_le32(FW_HAS_LAST_BLOCK)) {
318 		lbtf_deb_usb2(&cardp->udev->dev,
319 			"Host has finished FW downloading\n");
320 		lbtf_deb_usb2(&cardp->udev->dev, "Downloading FW JUMP BLOCK\n");
321 
322 		/* Host has finished FW downloading
323 		 * Donwloading FW JUMP BLOCK
324 		 */
325 		cardp->fwfinalblk = 1;
326 	}
327 
328 	lbtf_deb_usb2(&cardp->udev->dev, "Firmware download done; size %d\n",
329 		     cardp->totalbytes);
330 
331 	lbtf_deb_leave(LBTF_DEB_FW);
332 	return 0;
333 }
334 
335 static int if_usb_reset_device(struct lbtf_private *priv)
336 {
337 	struct if_usb_card *cardp = priv->card;
338 	struct cmd_ds_802_11_reset *cmd = cardp->ep_out_buf + 4;
339 	int ret;
340 
341 	lbtf_deb_enter(LBTF_DEB_USB);
342 
343 	*(__le32 *)cardp->ep_out_buf = cpu_to_le32(CMD_TYPE_REQUEST);
344 
345 	cmd->hdr.command = cpu_to_le16(CMD_802_11_RESET);
346 	cmd->hdr.size = cpu_to_le16(sizeof(struct cmd_ds_802_11_reset));
347 	cmd->hdr.result = cpu_to_le16(0);
348 	cmd->hdr.seqnum = cpu_to_le16(0x5a5a);
349 	cmd->action = cpu_to_le16(CMD_ACT_HALT);
350 	usb_tx_block(cardp, cardp->ep_out_buf,
351 		     4 + sizeof(struct cmd_ds_802_11_reset), 0);
352 
353 	msleep(100);
354 	ret = usb_reset_device(cardp->udev);
355 	msleep(100);
356 
357 	lbtf_deb_leave_args(LBTF_DEB_USB, "ret %d", ret);
358 
359 	return ret;
360 }
361 
362 /**
363  *  usb_tx_block - transfer data to the device
364  *
365  *  @cardp:	pointer if_usb_card
366  *  @payload:	pointer to payload data
367  *  @nb:	data length
368  *  @data:	non-zero for data, zero for commands
369  *
370  *  Returns: 0 on success, nonzero otherwise.
371  */
372 static int usb_tx_block(struct if_usb_card *cardp, uint8_t *payload,
373 			uint16_t nb, u8 data)
374 {
375 	int ret = -1;
376 	struct urb *urb;
377 
378 	lbtf_deb_enter(LBTF_DEB_USB);
379 	/* check if device is removed */
380 	if (cardp->priv->surpriseremoved) {
381 		lbtf_deb_usbd(&cardp->udev->dev, "Device removed\n");
382 		goto tx_ret;
383 	}
384 
385 	if (data)
386 		urb = cardp->tx_urb;
387 	else
388 		urb = cardp->cmd_urb;
389 
390 	usb_fill_bulk_urb(urb, cardp->udev,
391 			  usb_sndbulkpipe(cardp->udev,
392 					  cardp->ep_out),
393 			  payload, nb, if_usb_write_bulk_callback, cardp);
394 
395 	urb->transfer_flags |= URB_ZERO_PACKET;
396 
397 	if (usb_submit_urb(urb, GFP_ATOMIC)) {
398 		lbtf_deb_usbd(&cardp->udev->dev,
399 			"usb_submit_urb failed: %d\n", ret);
400 		goto tx_ret;
401 	}
402 
403 	lbtf_deb_usb2(&cardp->udev->dev, "usb_submit_urb success\n");
404 
405 	ret = 0;
406 
407 tx_ret:
408 	lbtf_deb_leave(LBTF_DEB_USB);
409 	return ret;
410 }
411 
412 static int __if_usb_submit_rx_urb(struct if_usb_card *cardp,
413 				  void (*callbackfn)(struct urb *urb))
414 {
415 	struct sk_buff *skb;
416 	int ret = -1;
417 
418 	lbtf_deb_enter(LBTF_DEB_USB);
419 
420 	skb = dev_alloc_skb(MRVDRV_ETH_RX_PACKET_BUFFER_SIZE);
421 	if (!skb) {
422 		pr_err("No free skb\n");
423 		lbtf_deb_leave(LBTF_DEB_USB);
424 		return -1;
425 	}
426 
427 	cardp->rx_skb = skb;
428 
429 	/* Fill the receive configuration URB and initialise the Rx call back */
430 	usb_fill_bulk_urb(cardp->rx_urb, cardp->udev,
431 			  usb_rcvbulkpipe(cardp->udev, cardp->ep_in),
432 			  skb_tail_pointer(skb),
433 			  MRVDRV_ETH_RX_PACKET_BUFFER_SIZE, callbackfn, cardp);
434 
435 	lbtf_deb_usb2(&cardp->udev->dev, "Pointer for rx_urb %p\n",
436 		cardp->rx_urb);
437 	ret = usb_submit_urb(cardp->rx_urb, GFP_ATOMIC);
438 	if (ret) {
439 		lbtf_deb_usbd(&cardp->udev->dev,
440 			"Submit Rx URB failed: %d\n", ret);
441 		kfree_skb(skb);
442 		cardp->rx_skb = NULL;
443 		lbtf_deb_leave(LBTF_DEB_USB);
444 		return -1;
445 	} else {
446 		lbtf_deb_usb2(&cardp->udev->dev, "Submit Rx URB success\n");
447 		lbtf_deb_leave(LBTF_DEB_USB);
448 		return 0;
449 	}
450 }
451 
452 static int if_usb_submit_rx_urb_fwload(struct if_usb_card *cardp)
453 {
454 	return __if_usb_submit_rx_urb(cardp, &if_usb_receive_fwload);
455 }
456 
457 static int if_usb_submit_rx_urb(struct if_usb_card *cardp)
458 {
459 	return __if_usb_submit_rx_urb(cardp, &if_usb_receive);
460 }
461 
462 static void if_usb_receive_fwload(struct urb *urb)
463 {
464 	struct if_usb_card *cardp = urb->context;
465 	struct sk_buff *skb = cardp->rx_skb;
466 	struct fwsyncheader *syncfwheader;
467 	struct bootcmdresp bcmdresp;
468 
469 	lbtf_deb_enter(LBTF_DEB_USB);
470 	if (urb->status) {
471 		lbtf_deb_usbd(&cardp->udev->dev,
472 			     "URB status is failed during fw load\n");
473 		kfree_skb(skb);
474 		lbtf_deb_leave(LBTF_DEB_USB);
475 		return;
476 	}
477 
478 	if (cardp->fwdnldover) {
479 		__le32 *tmp = (__le32 *)(skb->data);
480 
481 		if (tmp[0] == cpu_to_le32(CMD_TYPE_INDICATION) &&
482 		    tmp[1] == cpu_to_le32(MACREG_INT_CODE_FIRMWARE_READY)) {
483 			/* Firmware ready event received */
484 			pr_info("Firmware ready event received\n");
485 			wake_up(&cardp->fw_wq);
486 		} else {
487 			lbtf_deb_usb("Waiting for confirmation; got %x %x\n",
488 				    le32_to_cpu(tmp[0]), le32_to_cpu(tmp[1]));
489 			if_usb_submit_rx_urb_fwload(cardp);
490 		}
491 		kfree_skb(skb);
492 		lbtf_deb_leave(LBTF_DEB_USB);
493 		return;
494 	}
495 	if (cardp->bootcmdresp <= 0) {
496 		memcpy(&bcmdresp, skb->data, sizeof(bcmdresp));
497 
498 		if (le16_to_cpu(cardp->udev->descriptor.bcdDevice) < 0x3106) {
499 			kfree_skb(skb);
500 			if_usb_submit_rx_urb_fwload(cardp);
501 			cardp->bootcmdresp = 1;
502 			/* Received valid boot command response */
503 			lbtf_deb_usbd(&cardp->udev->dev,
504 				     "Received valid boot command response\n");
505 			lbtf_deb_leave(LBTF_DEB_USB);
506 			return;
507 		}
508 		if (bcmdresp.magic != cpu_to_le32(BOOT_CMD_MAGIC_NUMBER)) {
509 			if (bcmdresp.magic == cpu_to_le32(CMD_TYPE_REQUEST) ||
510 			    bcmdresp.magic == cpu_to_le32(CMD_TYPE_DATA) ||
511 			    bcmdresp.magic == cpu_to_le32(CMD_TYPE_INDICATION)) {
512 				if (!cardp->bootcmdresp)
513 					pr_info("Firmware already seems alive; resetting\n");
514 				cardp->bootcmdresp = -1;
515 			} else {
516 				pr_info("boot cmd response wrong magic number (0x%x)\n",
517 					    le32_to_cpu(bcmdresp.magic));
518 			}
519 		} else if (bcmdresp.cmd != BOOT_CMD_FW_BY_USB) {
520 			pr_info("boot cmd response cmd_tag error (%d)\n",
521 				bcmdresp.cmd);
522 		} else if (bcmdresp.result != BOOT_CMD_RESP_OK) {
523 			pr_info("boot cmd response result error (%d)\n",
524 				bcmdresp.result);
525 		} else {
526 			cardp->bootcmdresp = 1;
527 			lbtf_deb_usbd(&cardp->udev->dev,
528 				"Received valid boot command response\n");
529 		}
530 
531 		kfree_skb(skb);
532 		if_usb_submit_rx_urb_fwload(cardp);
533 		lbtf_deb_leave(LBTF_DEB_USB);
534 		return;
535 	}
536 
537 	syncfwheader = kmemdup(skb->data, sizeof(struct fwsyncheader),
538 			       GFP_ATOMIC);
539 	if (!syncfwheader) {
540 		lbtf_deb_usbd(&cardp->udev->dev,
541 			"Failure to allocate syncfwheader\n");
542 		kfree_skb(skb);
543 		lbtf_deb_leave(LBTF_DEB_USB);
544 		return;
545 	}
546 
547 	if (!syncfwheader->cmd) {
548 		lbtf_deb_usb2(&cardp->udev->dev,
549 			"FW received Blk with correct CRC\n");
550 		lbtf_deb_usb2(&cardp->udev->dev,
551 			"FW received Blk seqnum = %d\n",
552 			le32_to_cpu(syncfwheader->seqnum));
553 		cardp->CRC_OK = 1;
554 	} else {
555 		lbtf_deb_usbd(&cardp->udev->dev,
556 			"FW received Blk with CRC error\n");
557 		cardp->CRC_OK = 0;
558 	}
559 
560 	kfree_skb(skb);
561 
562 	/* reschedule timer for 200ms hence */
563 	mod_timer(&cardp->fw_timeout, jiffies + (HZ/5));
564 
565 	if (cardp->fwfinalblk) {
566 		cardp->fwdnldover = 1;
567 		goto exit;
568 	}
569 
570 	if_usb_send_fw_pkt(cardp);
571 
572  exit:
573 	if_usb_submit_rx_urb_fwload(cardp);
574 
575 	kfree(syncfwheader);
576 
577 	lbtf_deb_leave(LBTF_DEB_USB);
578 }
579 
580 #define MRVDRV_MIN_PKT_LEN	30
581 
582 static inline void process_cmdtypedata(int recvlength, struct sk_buff *skb,
583 				       struct if_usb_card *cardp,
584 				       struct lbtf_private *priv)
585 {
586 	if (recvlength > MRVDRV_ETH_RX_PACKET_BUFFER_SIZE + MESSAGE_HEADER_LEN
587 	    || recvlength < MRVDRV_MIN_PKT_LEN) {
588 		lbtf_deb_usbd(&cardp->udev->dev, "Packet length is Invalid\n");
589 		kfree_skb(skb);
590 		return;
591 	}
592 
593 	skb_put(skb, recvlength);
594 	skb_pull(skb, MESSAGE_HEADER_LEN);
595 	lbtf_rx(priv, skb);
596 }
597 
598 static inline void process_cmdrequest(int recvlength, uint8_t *recvbuff,
599 				      struct sk_buff *skb,
600 				      struct if_usb_card *cardp,
601 				      struct lbtf_private *priv)
602 {
603 	unsigned long flags;
604 
605 	if (recvlength < MESSAGE_HEADER_LEN ||
606 	    recvlength > LBS_CMD_BUFFER_SIZE) {
607 		lbtf_deb_usbd(&cardp->udev->dev,
608 			     "The receive buffer is invalid: %d\n", recvlength);
609 		kfree_skb(skb);
610 		return;
611 	}
612 
613 	spin_lock_irqsave(&priv->driver_lock, flags);
614 	memcpy(priv->cmd_resp_buff, recvbuff + MESSAGE_HEADER_LEN,
615 	       recvlength - MESSAGE_HEADER_LEN);
616 	kfree_skb(skb);
617 	lbtf_cmd_response_rx(priv);
618 	spin_unlock_irqrestore(&priv->driver_lock, flags);
619 }
620 
621 /**
622  *  if_usb_receive - read data received from the device.
623  *
624  *  @urb:		pointer to struct urb
625  */
626 static void if_usb_receive(struct urb *urb)
627 {
628 	struct if_usb_card *cardp = urb->context;
629 	struct sk_buff *skb = cardp->rx_skb;
630 	struct lbtf_private *priv = cardp->priv;
631 	int recvlength = urb->actual_length;
632 	uint8_t *recvbuff = NULL;
633 	uint32_t recvtype = 0;
634 	__le32 *pkt = (__le32 *) skb->data;
635 
636 	lbtf_deb_enter(LBTF_DEB_USB);
637 
638 	if (recvlength) {
639 		if (urb->status) {
640 			lbtf_deb_usbd(&cardp->udev->dev, "RX URB failed: %d\n",
641 				     urb->status);
642 			kfree_skb(skb);
643 			goto setup_for_next;
644 		}
645 
646 		recvbuff = skb->data;
647 		recvtype = le32_to_cpu(pkt[0]);
648 		lbtf_deb_usbd(&cardp->udev->dev,
649 			    "Recv length = 0x%x, Recv type = 0x%X\n",
650 			    recvlength, recvtype);
651 	} else if (urb->status) {
652 		kfree_skb(skb);
653 		lbtf_deb_leave(LBTF_DEB_USB);
654 		return;
655 	}
656 
657 	switch (recvtype) {
658 	case CMD_TYPE_DATA:
659 		process_cmdtypedata(recvlength, skb, cardp, priv);
660 		break;
661 
662 	case CMD_TYPE_REQUEST:
663 		process_cmdrequest(recvlength, recvbuff, skb, cardp, priv);
664 		break;
665 
666 	case CMD_TYPE_INDICATION:
667 	{
668 		/* Event cause handling */
669 		u32 event_cause = le32_to_cpu(pkt[1]);
670 		lbtf_deb_usbd(&cardp->udev->dev, "**EVENT** 0x%X\n",
671 			event_cause);
672 
673 		/* Icky undocumented magic special case */
674 		if (event_cause & 0xffff0000) {
675 			u16 tmp;
676 			u8 retrycnt;
677 			u8 failure;
678 
679 			tmp = event_cause >> 16;
680 			retrycnt = tmp & 0x00ff;
681 			failure = (tmp & 0xff00) >> 8;
682 			lbtf_send_tx_feedback(priv, retrycnt, failure);
683 		} else if (event_cause == LBTF_EVENT_BCN_SENT)
684 			lbtf_bcn_sent(priv);
685 		else
686 			lbtf_deb_usbd(&cardp->udev->dev,
687 			       "Unsupported notification %d received\n",
688 			       event_cause);
689 		kfree_skb(skb);
690 		break;
691 	}
692 	default:
693 		lbtf_deb_usbd(&cardp->udev->dev,
694 			"libertastf: unknown command type 0x%X\n", recvtype);
695 		kfree_skb(skb);
696 		break;
697 	}
698 
699 setup_for_next:
700 	if_usb_submit_rx_urb(cardp);
701 	lbtf_deb_leave(LBTF_DEB_USB);
702 }
703 
704 /**
705  *  if_usb_host_to_card -  Download data to the device
706  *
707  *  @priv:		pointer to struct lbtf_private structure
708  *  @type:		type of data
709  *  @payload:		pointer to payload buffer
710  *  @nb:		number of bytes
711  *
712  *  Returns: 0 on success, nonzero otherwise
713  */
714 static int if_usb_host_to_card(struct lbtf_private *priv, uint8_t type,
715 			       uint8_t *payload, uint16_t nb)
716 {
717 	struct if_usb_card *cardp = priv->card;
718 	u8 data = 0;
719 
720 	lbtf_deb_usbd(&cardp->udev->dev, "*** type = %u\n", type);
721 	lbtf_deb_usbd(&cardp->udev->dev, "size after = %d\n", nb);
722 
723 	if (type == MVMS_CMD) {
724 		*(__le32 *)cardp->ep_out_buf = cpu_to_le32(CMD_TYPE_REQUEST);
725 	} else {
726 		*(__le32 *)cardp->ep_out_buf = cpu_to_le32(CMD_TYPE_DATA);
727 		data = 1;
728 	}
729 
730 	memcpy((cardp->ep_out_buf + MESSAGE_HEADER_LEN), payload, nb);
731 
732 	return usb_tx_block(cardp, cardp->ep_out_buf, nb + MESSAGE_HEADER_LEN,
733 			    data);
734 }
735 
736 /**
737  *  if_usb_issue_boot_command - Issue boot command to Boot2.
738  *
739  *  @cardp:	pointer if_usb_card
740  *  @ivalue:   1 boots from FW by USB-Download, 2 boots from FW in EEPROM.
741  *
742  *  Returns: 0
743  */
744 static int if_usb_issue_boot_command(struct if_usb_card *cardp, int ivalue)
745 {
746 	struct bootcmd *bootcmd = cardp->ep_out_buf;
747 
748 	/* Prepare command */
749 	bootcmd->magic = cpu_to_le32(BOOT_CMD_MAGIC_NUMBER);
750 	bootcmd->cmd = ivalue;
751 	memset(bootcmd->pad, 0, sizeof(bootcmd->pad));
752 
753 	/* Issue command */
754 	usb_tx_block(cardp, cardp->ep_out_buf, sizeof(*bootcmd), 0);
755 
756 	return 0;
757 }
758 
759 
760 /**
761  *  check_fwfile_format - Check the validity of Boot2/FW image.
762  *
763  *  @data:	pointer to image
764  *  @totlen:	image length
765  *
766  *  Returns: 0 if the image is valid, nonzero otherwise.
767  */
768 static int check_fwfile_format(const u8 *data, u32 totlen)
769 {
770 	u32 bincmd, exit;
771 	u32 blksize, offset, len;
772 	int ret;
773 
774 	ret = 1;
775 	exit = len = 0;
776 
777 	do {
778 		struct fwheader *fwh = (void *) data;
779 
780 		bincmd = le32_to_cpu(fwh->dnldcmd);
781 		blksize = le32_to_cpu(fwh->datalength);
782 		switch (bincmd) {
783 		case FW_HAS_DATA_TO_RECV:
784 			offset = sizeof(struct fwheader) + blksize;
785 			data += offset;
786 			len += offset;
787 			if (len >= totlen)
788 				exit = 1;
789 			break;
790 		case FW_HAS_LAST_BLOCK:
791 			exit = 1;
792 			ret = 0;
793 			break;
794 		default:
795 			exit = 1;
796 			break;
797 		}
798 	} while (!exit);
799 
800 	if (ret)
801 		pr_err("firmware file format check FAIL\n");
802 	else
803 		lbtf_deb_fw("firmware file format check PASS\n");
804 
805 	return ret;
806 }
807 
808 
809 static int if_usb_prog_firmware(struct lbtf_private *priv)
810 {
811 	struct if_usb_card *cardp = priv->card;
812 	int i = 0;
813 	static int reset_count = 10;
814 	int ret = 0;
815 
816 	lbtf_deb_enter(LBTF_DEB_USB);
817 
818 	cardp->priv = priv;
819 
820 	kernel_param_lock(THIS_MODULE);
821 	ret = request_firmware(&cardp->fw, lbtf_fw_name, &cardp->udev->dev);
822 	if (ret < 0) {
823 		pr_err("request_firmware() failed with %#x\n", ret);
824 		pr_err("firmware %s not found\n", lbtf_fw_name);
825 		kernel_param_unlock(THIS_MODULE);
826 		goto done;
827 	}
828 	kernel_param_unlock(THIS_MODULE);
829 
830 	if (check_fwfile_format(cardp->fw->data, cardp->fw->size))
831 		goto release_fw;
832 
833 restart:
834 	if (if_usb_submit_rx_urb_fwload(cardp) < 0) {
835 		lbtf_deb_usbd(&cardp->udev->dev, "URB submission is failed\n");
836 		ret = -1;
837 		goto release_fw;
838 	}
839 
840 	cardp->bootcmdresp = 0;
841 	do {
842 		int j = 0;
843 		i++;
844 		/* Issue Boot command = 1, Boot from Download-FW */
845 		if_usb_issue_boot_command(cardp, BOOT_CMD_FW_BY_USB);
846 		/* wait for command response */
847 		do {
848 			j++;
849 			msleep_interruptible(100);
850 		} while (cardp->bootcmdresp == 0 && j < 10);
851 	} while (cardp->bootcmdresp == 0 && i < 5);
852 
853 	if (cardp->bootcmdresp <= 0) {
854 		if (--reset_count >= 0) {
855 			if_usb_reset_device(priv);
856 			goto restart;
857 		}
858 		return -1;
859 	}
860 
861 	i = 0;
862 
863 	cardp->totalbytes = 0;
864 	cardp->fwlastblksent = 0;
865 	cardp->CRC_OK = 1;
866 	cardp->fwdnldover = 0;
867 	cardp->fwseqnum = -1;
868 	cardp->totalbytes = 0;
869 	cardp->fwfinalblk = 0;
870 
871 	/* Send the first firmware packet... */
872 	if_usb_send_fw_pkt(cardp);
873 
874 	/* ... and wait for the process to complete */
875 	wait_event_interruptible(cardp->fw_wq, cardp->priv->surpriseremoved ||
876 					       cardp->fwdnldover);
877 
878 	del_timer_sync(&cardp->fw_timeout);
879 	usb_kill_urb(cardp->rx_urb);
880 
881 	if (!cardp->fwdnldover) {
882 		pr_info("failed to load fw, resetting device!\n");
883 		if (--reset_count >= 0) {
884 			if_usb_reset_device(priv);
885 			goto restart;
886 		}
887 
888 		pr_info("FW download failure, time = %d ms\n", i * 100);
889 		ret = -1;
890 		goto release_fw;
891 	}
892 
893  release_fw:
894 	release_firmware(cardp->fw);
895 	cardp->fw = NULL;
896 
897 	if_usb_setup_firmware(cardp->priv);
898 
899  done:
900 	lbtf_deb_leave_args(LBTF_DEB_USB, "ret %d", ret);
901 	return ret;
902 }
903 
904 
905 #define if_usb_suspend NULL
906 #define if_usb_resume NULL
907 
908 static struct usb_driver if_usb_driver = {
909 	.name = DRV_NAME,
910 	.probe = if_usb_probe,
911 	.disconnect = if_usb_disconnect,
912 	.id_table = if_usb_table,
913 	.suspend = if_usb_suspend,
914 	.resume = if_usb_resume,
915 	.disable_hub_initiated_lpm = 1,
916 };
917 
918 module_usb_driver(if_usb_driver);
919 
920 MODULE_DESCRIPTION("8388 USB WLAN Thinfirm Driver");
921 MODULE_AUTHOR("Cozybit Inc.");
922 MODULE_LICENSE("GPL");
923