1 // SPDX-License-Identifier: GPL-2.0
2 /* Copyright(c) 2009-2012  Realtek Corporation.*/
3 
4 #include "wifi.h"
5 #include "core.h"
6 #include "usb.h"
7 #include "base.h"
8 #include "ps.h"
9 #include "rtl8192c/fw_common.h"
10 #include <linux/export.h>
11 #include <linux/module.h>
12 
13 MODULE_AUTHOR("lizhaoming	<chaoming_li@realsil.com.cn>");
14 MODULE_AUTHOR("Realtek WlanFAE	<wlanfae@realtek.com>");
15 MODULE_AUTHOR("Larry Finger	<Larry.FInger@lwfinger.net>");
16 MODULE_LICENSE("GPL");
17 MODULE_DESCRIPTION("USB basic driver for rtlwifi");
18 
19 #define	REALTEK_USB_VENQT_READ			0xC0
20 #define	REALTEK_USB_VENQT_WRITE			0x40
21 #define REALTEK_USB_VENQT_CMD_REQ		0x05
22 #define	REALTEK_USB_VENQT_CMD_IDX		0x00
23 
24 #define MAX_USBCTRL_VENDORREQ_TIMES		10
25 
26 static void usbctrl_async_callback(struct urb *urb)
27 {
28 	if (urb) {
29 		/* free dr */
30 		kfree(urb->setup_packet);
31 		/* free databuf */
32 		kfree(urb->transfer_buffer);
33 	}
34 }
35 
36 static int _usbctrl_vendorreq_async_write(struct usb_device *udev, u8 request,
37 					  u16 value, u16 index, void *pdata,
38 					  u16 len)
39 {
40 	int rc;
41 	unsigned int pipe;
42 	u8 reqtype;
43 	struct usb_ctrlrequest *dr;
44 	struct urb *urb;
45 	const u16 databuf_maxlen = REALTEK_USB_VENQT_MAX_BUF_SIZE;
46 	u8 *databuf;
47 
48 	if (WARN_ON_ONCE(len > databuf_maxlen))
49 		len = databuf_maxlen;
50 
51 	pipe = usb_sndctrlpipe(udev, 0); /* write_out */
52 	reqtype =  REALTEK_USB_VENQT_WRITE;
53 
54 	dr = kzalloc(sizeof(*dr), GFP_ATOMIC);
55 	if (!dr)
56 		return -ENOMEM;
57 
58 	databuf = kzalloc(databuf_maxlen, GFP_ATOMIC);
59 	if (!databuf) {
60 		kfree(dr);
61 		return -ENOMEM;
62 	}
63 
64 	urb = usb_alloc_urb(0, GFP_ATOMIC);
65 	if (!urb) {
66 		kfree(databuf);
67 		kfree(dr);
68 		return -ENOMEM;
69 	}
70 
71 	dr->bRequestType = reqtype;
72 	dr->bRequest = request;
73 	dr->wValue = cpu_to_le16(value);
74 	dr->wIndex = cpu_to_le16(index);
75 	dr->wLength = cpu_to_le16(len);
76 	/* data are already in little-endian order */
77 	memcpy(databuf, pdata, len);
78 	usb_fill_control_urb(urb, udev, pipe,
79 			     (unsigned char *)dr, databuf, len,
80 			     usbctrl_async_callback, NULL);
81 	rc = usb_submit_urb(urb, GFP_ATOMIC);
82 	if (rc < 0) {
83 		kfree(databuf);
84 		kfree(dr);
85 	}
86 	usb_free_urb(urb);
87 	return rc;
88 }
89 
90 static int _usbctrl_vendorreq_sync_read(struct usb_device *udev, u8 request,
91 					u16 value, u16 index, void *pdata,
92 					u16 len)
93 {
94 	unsigned int pipe;
95 	int status;
96 	u8 reqtype;
97 	int vendorreq_times = 0;
98 	static int count;
99 
100 	pipe = usb_rcvctrlpipe(udev, 0); /* read_in */
101 	reqtype =  REALTEK_USB_VENQT_READ;
102 
103 	do {
104 		status = usb_control_msg(udev, pipe, request, reqtype, value,
105 					 index, pdata, len, 1000);
106 		if (status < 0) {
107 			/* firmware download is checksumed, don't retry */
108 			if ((value >= FW_8192C_START_ADDRESS &&
109 			    value <= FW_8192C_END_ADDRESS))
110 				break;
111 		} else {
112 			break;
113 		}
114 	} while (++vendorreq_times < MAX_USBCTRL_VENDORREQ_TIMES);
115 
116 	if (status < 0 && count++ < 4)
117 		pr_err("reg 0x%x, usbctrl_vendorreq TimeOut! status:0x%x value=0x%x\n",
118 		       value, status, *(u32 *)pdata);
119 	return status;
120 }
121 
122 static u32 _usb_read_sync(struct rtl_priv *rtlpriv, u32 addr, u16 len)
123 {
124 	struct device *dev = rtlpriv->io.dev;
125 	struct usb_device *udev = to_usb_device(dev);
126 	u8 request;
127 	u16 wvalue;
128 	u16 index;
129 	__le32 *data;
130 	unsigned long flags;
131 
132 	spin_lock_irqsave(&rtlpriv->locks.usb_lock, flags);
133 	if (++rtlpriv->usb_data_index >= RTL_USB_MAX_RX_COUNT)
134 		rtlpriv->usb_data_index = 0;
135 	data = &rtlpriv->usb_data[rtlpriv->usb_data_index];
136 	spin_unlock_irqrestore(&rtlpriv->locks.usb_lock, flags);
137 	request = REALTEK_USB_VENQT_CMD_REQ;
138 	index = REALTEK_USB_VENQT_CMD_IDX; /* n/a */
139 
140 	wvalue = (u16)addr;
141 	_usbctrl_vendorreq_sync_read(udev, request, wvalue, index, data, len);
142 	return le32_to_cpu(*data);
143 }
144 
145 static u8 _usb_read8_sync(struct rtl_priv *rtlpriv, u32 addr)
146 {
147 	return (u8)_usb_read_sync(rtlpriv, addr, 1);
148 }
149 
150 static u16 _usb_read16_sync(struct rtl_priv *rtlpriv, u32 addr)
151 {
152 	return (u16)_usb_read_sync(rtlpriv, addr, 2);
153 }
154 
155 static u32 _usb_read32_sync(struct rtl_priv *rtlpriv, u32 addr)
156 {
157 	return _usb_read_sync(rtlpriv, addr, 4);
158 }
159 
160 static void _usb_write_async(struct usb_device *udev, u32 addr, u32 val,
161 			     u16 len)
162 {
163 	u8 request;
164 	u16 wvalue;
165 	u16 index;
166 	__le32 data;
167 
168 	request = REALTEK_USB_VENQT_CMD_REQ;
169 	index = REALTEK_USB_VENQT_CMD_IDX; /* n/a */
170 	wvalue = (u16)(addr&0x0000ffff);
171 	data = cpu_to_le32(val);
172 	_usbctrl_vendorreq_async_write(udev, request, wvalue, index, &data,
173 				       len);
174 }
175 
176 static void _usb_write8_async(struct rtl_priv *rtlpriv, u32 addr, u8 val)
177 {
178 	struct device *dev = rtlpriv->io.dev;
179 
180 	_usb_write_async(to_usb_device(dev), addr, val, 1);
181 }
182 
183 static void _usb_write16_async(struct rtl_priv *rtlpriv, u32 addr, u16 val)
184 {
185 	struct device *dev = rtlpriv->io.dev;
186 
187 	_usb_write_async(to_usb_device(dev), addr, val, 2);
188 }
189 
190 static void _usb_write32_async(struct rtl_priv *rtlpriv, u32 addr, u32 val)
191 {
192 	struct device *dev = rtlpriv->io.dev;
193 
194 	_usb_write_async(to_usb_device(dev), addr, val, 4);
195 }
196 
197 static void _usb_writen_sync(struct rtl_priv *rtlpriv, u32 addr, void *data,
198 			     u16 len)
199 {
200 	struct device *dev = rtlpriv->io.dev;
201 	struct usb_device *udev = to_usb_device(dev);
202 	u8 request = REALTEK_USB_VENQT_CMD_REQ;
203 	u8 reqtype =  REALTEK_USB_VENQT_WRITE;
204 	u16 wvalue;
205 	u16 index = REALTEK_USB_VENQT_CMD_IDX;
206 	int pipe = usb_sndctrlpipe(udev, 0); /* write_out */
207 	u8 *buffer;
208 
209 	wvalue = (u16)(addr & 0x0000ffff);
210 	buffer = kmemdup(data, len, GFP_ATOMIC);
211 	if (!buffer)
212 		return;
213 	usb_control_msg(udev, pipe, request, reqtype, wvalue,
214 			index, buffer, len, 50);
215 
216 	kfree(buffer);
217 }
218 
219 static void _rtl_usb_io_handler_init(struct device *dev,
220 				     struct ieee80211_hw *hw)
221 {
222 	struct rtl_priv *rtlpriv = rtl_priv(hw);
223 
224 	rtlpriv->io.dev = dev;
225 	mutex_init(&rtlpriv->io.bb_mutex);
226 	rtlpriv->io.write8_async	= _usb_write8_async;
227 	rtlpriv->io.write16_async	= _usb_write16_async;
228 	rtlpriv->io.write32_async	= _usb_write32_async;
229 	rtlpriv->io.read8_sync		= _usb_read8_sync;
230 	rtlpriv->io.read16_sync		= _usb_read16_sync;
231 	rtlpriv->io.read32_sync		= _usb_read32_sync;
232 	rtlpriv->io.writen_sync		= _usb_writen_sync;
233 }
234 
235 static void _rtl_usb_io_handler_release(struct ieee80211_hw *hw)
236 {
237 	struct rtl_priv __maybe_unused *rtlpriv = rtl_priv(hw);
238 
239 	mutex_destroy(&rtlpriv->io.bb_mutex);
240 }
241 
242 /*	Default aggregation handler. Do nothing and just return the oldest skb.  */
243 static struct sk_buff *_none_usb_tx_aggregate_hdl(struct ieee80211_hw *hw,
244 						  struct sk_buff_head *list)
245 {
246 	return skb_dequeue(list);
247 }
248 
249 #define IS_HIGH_SPEED_USB(udev) \
250 		((USB_SPEED_HIGH == (udev)->speed) ? true : false)
251 
252 static int _rtl_usb_init_tx(struct ieee80211_hw *hw)
253 {
254 	u32 i;
255 	struct rtl_priv *rtlpriv = rtl_priv(hw);
256 	struct rtl_usb *rtlusb = rtl_usbdev(rtl_usbpriv(hw));
257 
258 	rtlusb->max_bulk_out_size = IS_HIGH_SPEED_USB(rtlusb->udev)
259 						    ? USB_HIGH_SPEED_BULK_SIZE
260 						    : USB_FULL_SPEED_BULK_SIZE;
261 
262 	RT_TRACE(rtlpriv, COMP_INIT, DBG_DMESG, "USB Max Bulk-out Size=%d\n",
263 		 rtlusb->max_bulk_out_size);
264 
265 	for (i = 0; i < __RTL_TXQ_NUM; i++) {
266 		u32 ep_num = rtlusb->ep_map.ep_mapping[i];
267 
268 		if (!ep_num) {
269 			RT_TRACE(rtlpriv, COMP_INIT, DBG_DMESG,
270 				 "Invalid endpoint map setting!\n");
271 			return -EINVAL;
272 		}
273 	}
274 
275 	rtlusb->usb_tx_post_hdl =
276 		 rtlpriv->cfg->usb_interface_cfg->usb_tx_post_hdl;
277 	rtlusb->usb_tx_cleanup	=
278 		 rtlpriv->cfg->usb_interface_cfg->usb_tx_cleanup;
279 	rtlusb->usb_tx_aggregate_hdl =
280 		 (rtlpriv->cfg->usb_interface_cfg->usb_tx_aggregate_hdl)
281 		 ? rtlpriv->cfg->usb_interface_cfg->usb_tx_aggregate_hdl
282 		 : &_none_usb_tx_aggregate_hdl;
283 
284 	init_usb_anchor(&rtlusb->tx_submitted);
285 	for (i = 0; i < RTL_USB_MAX_EP_NUM; i++) {
286 		skb_queue_head_init(&rtlusb->tx_skb_queue[i]);
287 		init_usb_anchor(&rtlusb->tx_pending[i]);
288 	}
289 	return 0;
290 }
291 
292 static void _rtl_rx_work(unsigned long param);
293 
294 static int _rtl_usb_init_rx(struct ieee80211_hw *hw)
295 {
296 	struct rtl_priv *rtlpriv = rtl_priv(hw);
297 	struct rtl_usb_priv *usb_priv = rtl_usbpriv(hw);
298 	struct rtl_usb *rtlusb = rtl_usbdev(usb_priv);
299 
300 	rtlusb->rx_max_size = rtlpriv->cfg->usb_interface_cfg->rx_max_size;
301 	rtlusb->rx_urb_num = rtlpriv->cfg->usb_interface_cfg->rx_urb_num;
302 	rtlusb->in_ep = rtlpriv->cfg->usb_interface_cfg->in_ep_num;
303 	rtlusb->usb_rx_hdl = rtlpriv->cfg->usb_interface_cfg->usb_rx_hdl;
304 	rtlusb->usb_rx_segregate_hdl =
305 		rtlpriv->cfg->usb_interface_cfg->usb_rx_segregate_hdl;
306 
307 	pr_info("rx_max_size %d, rx_urb_num %d, in_ep %d\n",
308 		rtlusb->rx_max_size, rtlusb->rx_urb_num, rtlusb->in_ep);
309 	init_usb_anchor(&rtlusb->rx_submitted);
310 	init_usb_anchor(&rtlusb->rx_cleanup_urbs);
311 
312 	skb_queue_head_init(&rtlusb->rx_queue);
313 	rtlusb->rx_work_tasklet.func = _rtl_rx_work;
314 	rtlusb->rx_work_tasklet.data = (unsigned long)rtlusb;
315 
316 	return 0;
317 }
318 
319 static int _rtl_usb_init(struct ieee80211_hw *hw)
320 {
321 	struct rtl_priv *rtlpriv = rtl_priv(hw);
322 	struct rtl_usb_priv *usb_priv = rtl_usbpriv(hw);
323 	struct rtl_usb *rtlusb = rtl_usbdev(usb_priv);
324 	int err;
325 	u8 epidx;
326 	struct usb_interface	*usb_intf = rtlusb->intf;
327 	u8 epnums = usb_intf->cur_altsetting->desc.bNumEndpoints;
328 
329 	rtlusb->out_ep_nums = rtlusb->in_ep_nums = 0;
330 	for (epidx = 0; epidx < epnums; epidx++) {
331 		struct usb_endpoint_descriptor *pep_desc;
332 
333 		pep_desc = &usb_intf->cur_altsetting->endpoint[epidx].desc;
334 
335 		if (usb_endpoint_dir_in(pep_desc))
336 			rtlusb->in_ep_nums++;
337 		else if (usb_endpoint_dir_out(pep_desc))
338 			rtlusb->out_ep_nums++;
339 
340 		RT_TRACE(rtlpriv, COMP_INIT, DBG_DMESG,
341 			 "USB EP(0x%02x), MaxPacketSize=%d, Interval=%d\n",
342 			 pep_desc->bEndpointAddress, pep_desc->wMaxPacketSize,
343 			 pep_desc->bInterval);
344 	}
345 	if (rtlusb->in_ep_nums <  rtlpriv->cfg->usb_interface_cfg->in_ep_num) {
346 		pr_err("Too few input end points found\n");
347 		return -EINVAL;
348 	}
349 	if (rtlusb->out_ep_nums == 0) {
350 		pr_err("No output end points found\n");
351 		return -EINVAL;
352 	}
353 	/* usb endpoint mapping */
354 	err = rtlpriv->cfg->usb_interface_cfg->usb_endpoint_mapping(hw);
355 	rtlusb->usb_mq_to_hwq =  rtlpriv->cfg->usb_interface_cfg->usb_mq_to_hwq;
356 	_rtl_usb_init_tx(hw);
357 	_rtl_usb_init_rx(hw);
358 	return err;
359 }
360 
361 static void rtl_usb_init_sw(struct ieee80211_hw *hw)
362 {
363 	struct rtl_mac *mac = rtl_mac(rtl_priv(hw));
364 	struct rtl_hal *rtlhal = rtl_hal(rtl_priv(hw));
365 	struct rtl_ps_ctl *ppsc = rtl_psc(rtl_priv(hw));
366 	struct rtl_usb *rtlusb = rtl_usbdev(rtl_usbpriv(hw));
367 
368 	rtlhal->hw = hw;
369 	ppsc->inactiveps = false;
370 	ppsc->leisure_ps = false;
371 	ppsc->fwctrl_lps = false;
372 	ppsc->reg_fwctrl_lps = 3;
373 	ppsc->reg_max_lps_awakeintvl = 5;
374 	ppsc->fwctrl_psmode = FW_PS_DTIM_MODE;
375 
376 	 /* IBSS */
377 	mac->beacon_interval = 100;
378 
379 	 /* AMPDU */
380 	mac->min_space_cfg = 0;
381 	mac->max_mss_density = 0;
382 
383 	/* set sane AMPDU defaults */
384 	mac->current_ampdu_density = 7;
385 	mac->current_ampdu_factor = 3;
386 
387 	/* QOS */
388 	rtlusb->acm_method = EACMWAY2_SW;
389 
390 	/* IRQ */
391 	/* HIMR - turn all on */
392 	rtlusb->irq_mask[0] = 0xFFFFFFFF;
393 	/* HIMR_EX - turn all on */
394 	rtlusb->irq_mask[1] = 0xFFFFFFFF;
395 	rtlusb->disablehwsm =  true;
396 }
397 
398 static void _rtl_rx_completed(struct urb *urb);
399 
400 static int _rtl_prep_rx_urb(struct ieee80211_hw *hw, struct rtl_usb *rtlusb,
401 			      struct urb *urb, gfp_t gfp_mask)
402 {
403 	void *buf;
404 
405 	buf = usb_alloc_coherent(rtlusb->udev, rtlusb->rx_max_size, gfp_mask,
406 				 &urb->transfer_dma);
407 	if (!buf) {
408 		pr_err("Failed to usb_alloc_coherent!!\n");
409 		return -ENOMEM;
410 	}
411 
412 	usb_fill_bulk_urb(urb, rtlusb->udev,
413 			  usb_rcvbulkpipe(rtlusb->udev, rtlusb->in_ep),
414 			  buf, rtlusb->rx_max_size, _rtl_rx_completed, rtlusb);
415 	urb->transfer_flags |= URB_NO_TRANSFER_DMA_MAP;
416 
417 	return 0;
418 }
419 
420 static void _rtl_usb_rx_process_agg(struct ieee80211_hw *hw,
421 				    struct sk_buff *skb)
422 {
423 	struct rtl_priv *rtlpriv = rtl_priv(hw);
424 	u8 *rxdesc = skb->data;
425 	struct ieee80211_hdr *hdr;
426 	bool unicast = false;
427 	__le16 fc;
428 	struct ieee80211_rx_status rx_status = {0};
429 	struct rtl_stats stats = {
430 		.signal = 0,
431 		.rate = 0,
432 	};
433 
434 	skb_pull(skb, RTL_RX_DESC_SIZE);
435 	rtlpriv->cfg->ops->query_rx_desc(hw, &stats, &rx_status, rxdesc, skb);
436 	skb_pull(skb, (stats.rx_drvinfo_size + stats.rx_bufshift));
437 	hdr = (struct ieee80211_hdr *)(skb->data);
438 	fc = hdr->frame_control;
439 	if (!stats.crc) {
440 		memcpy(IEEE80211_SKB_RXCB(skb), &rx_status, sizeof(rx_status));
441 
442 		if (is_broadcast_ether_addr(hdr->addr1)) {
443 			/*TODO*/;
444 		} else if (is_multicast_ether_addr(hdr->addr1)) {
445 			/*TODO*/
446 		} else {
447 			unicast = true;
448 			rtlpriv->stats.rxbytesunicast +=  skb->len;
449 		}
450 
451 		if (ieee80211_is_data(fc)) {
452 			rtlpriv->cfg->ops->led_control(hw, LED_CTL_RX);
453 
454 			if (unicast)
455 				rtlpriv->link_info.num_rx_inperiod++;
456 		}
457 		/* static bcn for roaming */
458 		rtl_beacon_statistic(hw, skb);
459 	}
460 }
461 
462 static void _rtl_usb_rx_process_noagg(struct ieee80211_hw *hw,
463 				      struct sk_buff *skb)
464 {
465 	struct rtl_priv *rtlpriv = rtl_priv(hw);
466 	u8 *rxdesc = skb->data;
467 	struct ieee80211_hdr *hdr;
468 	bool unicast = false;
469 	__le16 fc;
470 	struct ieee80211_rx_status rx_status = {0};
471 	struct rtl_stats stats = {
472 		.signal = 0,
473 		.rate = 0,
474 	};
475 
476 	skb_pull(skb, RTL_RX_DESC_SIZE);
477 	rtlpriv->cfg->ops->query_rx_desc(hw, &stats, &rx_status, rxdesc, skb);
478 	skb_pull(skb, (stats.rx_drvinfo_size + stats.rx_bufshift));
479 	hdr = (struct ieee80211_hdr *)(skb->data);
480 	fc = hdr->frame_control;
481 	if (!stats.crc) {
482 		memcpy(IEEE80211_SKB_RXCB(skb), &rx_status, sizeof(rx_status));
483 
484 		if (is_broadcast_ether_addr(hdr->addr1)) {
485 			/*TODO*/;
486 		} else if (is_multicast_ether_addr(hdr->addr1)) {
487 			/*TODO*/
488 		} else {
489 			unicast = true;
490 			rtlpriv->stats.rxbytesunicast +=  skb->len;
491 		}
492 
493 		if (ieee80211_is_data(fc)) {
494 			rtlpriv->cfg->ops->led_control(hw, LED_CTL_RX);
495 
496 			if (unicast)
497 				rtlpriv->link_info.num_rx_inperiod++;
498 		}
499 
500 		/* static bcn for roaming */
501 		rtl_beacon_statistic(hw, skb);
502 
503 		if (likely(rtl_action_proc(hw, skb, false)))
504 			ieee80211_rx(hw, skb);
505 		else
506 			dev_kfree_skb_any(skb);
507 	} else {
508 		dev_kfree_skb_any(skb);
509 	}
510 }
511 
512 static void _rtl_rx_pre_process(struct ieee80211_hw *hw, struct sk_buff *skb)
513 {
514 	struct sk_buff *_skb;
515 	struct sk_buff_head rx_queue;
516 	struct rtl_usb *rtlusb = rtl_usbdev(rtl_usbpriv(hw));
517 
518 	skb_queue_head_init(&rx_queue);
519 	if (rtlusb->usb_rx_segregate_hdl)
520 		rtlusb->usb_rx_segregate_hdl(hw, skb, &rx_queue);
521 	WARN_ON(skb_queue_empty(&rx_queue));
522 	while (!skb_queue_empty(&rx_queue)) {
523 		_skb = skb_dequeue(&rx_queue);
524 		_rtl_usb_rx_process_agg(hw, _skb);
525 		ieee80211_rx(hw, _skb);
526 	}
527 }
528 
529 #define __RX_SKB_MAX_QUEUED	64
530 
531 static void _rtl_rx_work(unsigned long param)
532 {
533 	struct rtl_usb *rtlusb = (struct rtl_usb *)param;
534 	struct ieee80211_hw *hw = usb_get_intfdata(rtlusb->intf);
535 	struct sk_buff *skb;
536 
537 	while ((skb = skb_dequeue(&rtlusb->rx_queue))) {
538 		if (unlikely(IS_USB_STOP(rtlusb))) {
539 			dev_kfree_skb_any(skb);
540 			continue;
541 		}
542 
543 		if (likely(!rtlusb->usb_rx_segregate_hdl)) {
544 			_rtl_usb_rx_process_noagg(hw, skb);
545 		} else {
546 			/* TO DO */
547 			_rtl_rx_pre_process(hw, skb);
548 			pr_err("rx agg not supported\n");
549 		}
550 	}
551 }
552 
553 static unsigned int _rtl_rx_get_padding(struct ieee80211_hdr *hdr,
554 					unsigned int len)
555 {
556 #if NET_IP_ALIGN != 0
557 	unsigned int padding = 0;
558 #endif
559 
560 	/* make function no-op when possible */
561 	if (NET_IP_ALIGN == 0 || len < sizeof(*hdr))
562 		return 0;
563 
564 #if NET_IP_ALIGN != 0
565 	/* alignment calculation as in lbtf_rx() / carl9170_rx_copy_data() */
566 	/* TODO: deduplicate common code, define helper function instead? */
567 
568 	if (ieee80211_is_data_qos(hdr->frame_control)) {
569 		u8 *qc = ieee80211_get_qos_ctl(hdr);
570 
571 		padding ^= NET_IP_ALIGN;
572 
573 		/* Input might be invalid, avoid accessing memory outside
574 		 * the buffer.
575 		 */
576 		if ((unsigned long)qc - (unsigned long)hdr < len &&
577 		    *qc & IEEE80211_QOS_CTL_A_MSDU_PRESENT)
578 			padding ^= NET_IP_ALIGN;
579 	}
580 
581 	if (ieee80211_has_a4(hdr->frame_control))
582 		padding ^= NET_IP_ALIGN;
583 
584 	return padding;
585 #endif
586 }
587 
588 #define __RADIO_TAP_SIZE_RSV	32
589 
590 static void _rtl_rx_completed(struct urb *_urb)
591 {
592 	struct rtl_usb *rtlusb = (struct rtl_usb *)_urb->context;
593 	int err = 0;
594 
595 	if (unlikely(IS_USB_STOP(rtlusb)))
596 		goto free;
597 
598 	if (likely(0 == _urb->status)) {
599 		unsigned int padding;
600 		struct sk_buff *skb;
601 		unsigned int qlen;
602 		unsigned int size = _urb->actual_length;
603 		struct ieee80211_hdr *hdr;
604 
605 		if (size < RTL_RX_DESC_SIZE + sizeof(struct ieee80211_hdr)) {
606 			pr_err("Too short packet from bulk IN! (len: %d)\n",
607 			       size);
608 			goto resubmit;
609 		}
610 
611 		qlen = skb_queue_len(&rtlusb->rx_queue);
612 		if (qlen >= __RX_SKB_MAX_QUEUED) {
613 			pr_err("Pending RX skbuff queue full! (qlen: %d)\n",
614 			       qlen);
615 			goto resubmit;
616 		}
617 
618 		hdr = (void *)(_urb->transfer_buffer + RTL_RX_DESC_SIZE);
619 		padding = _rtl_rx_get_padding(hdr, size - RTL_RX_DESC_SIZE);
620 
621 		skb = dev_alloc_skb(size + __RADIO_TAP_SIZE_RSV + padding);
622 		if (!skb) {
623 			pr_err("Can't allocate skb for bulk IN!\n");
624 			goto resubmit;
625 		}
626 
627 		_rtl_install_trx_info(rtlusb, skb, rtlusb->in_ep);
628 
629 		/* Make sure the payload data is 4 byte aligned. */
630 		skb_reserve(skb, padding);
631 
632 		/* reserve some space for mac80211's radiotap */
633 		skb_reserve(skb, __RADIO_TAP_SIZE_RSV);
634 
635 		skb_put_data(skb, _urb->transfer_buffer, size);
636 
637 		skb_queue_tail(&rtlusb->rx_queue, skb);
638 		tasklet_schedule(&rtlusb->rx_work_tasklet);
639 
640 		goto resubmit;
641 	}
642 
643 	switch (_urb->status) {
644 	/* disconnect */
645 	case -ENOENT:
646 	case -ECONNRESET:
647 	case -ENODEV:
648 	case -ESHUTDOWN:
649 		goto free;
650 	default:
651 		break;
652 	}
653 
654 resubmit:
655 	usb_anchor_urb(_urb, &rtlusb->rx_submitted);
656 	err = usb_submit_urb(_urb, GFP_ATOMIC);
657 	if (unlikely(err)) {
658 		usb_unanchor_urb(_urb);
659 		goto free;
660 	}
661 	return;
662 
663 free:
664 	/* On some architectures, usb_free_coherent must not be called from
665 	 * hardirq context. Queue urb to cleanup list.
666 	 */
667 	usb_anchor_urb(_urb, &rtlusb->rx_cleanup_urbs);
668 }
669 
670 #undef __RADIO_TAP_SIZE_RSV
671 
672 static void _rtl_usb_cleanup_rx(struct ieee80211_hw *hw)
673 {
674 	struct rtl_priv *rtlpriv = rtl_priv(hw);
675 	struct rtl_usb *rtlusb = rtl_usbdev(rtl_usbpriv(hw));
676 	struct urb *urb;
677 
678 	usb_kill_anchored_urbs(&rtlusb->rx_submitted);
679 
680 	tasklet_kill(&rtlusb->rx_work_tasklet);
681 	cancel_work_sync(&rtlpriv->works.lps_change_work);
682 
683 	if (rtlpriv->works.rtl_wq) {
684 		destroy_workqueue(rtlpriv->works.rtl_wq);
685 		rtlpriv->works.rtl_wq = NULL;
686 	}
687 
688 	skb_queue_purge(&rtlusb->rx_queue);
689 
690 	while ((urb = usb_get_from_anchor(&rtlusb->rx_cleanup_urbs))) {
691 		usb_free_coherent(urb->dev, urb->transfer_buffer_length,
692 				urb->transfer_buffer, urb->transfer_dma);
693 		usb_free_urb(urb);
694 	}
695 }
696 
697 static int _rtl_usb_receive(struct ieee80211_hw *hw)
698 {
699 	struct urb *urb;
700 	int err;
701 	int i;
702 	struct rtl_usb *rtlusb = rtl_usbdev(rtl_usbpriv(hw));
703 
704 	WARN_ON(0 == rtlusb->rx_urb_num);
705 	/* 1600 == 1514 + max WLAN header + rtk info */
706 	WARN_ON(rtlusb->rx_max_size < 1600);
707 
708 	for (i = 0; i < rtlusb->rx_urb_num; i++) {
709 		err = -ENOMEM;
710 		urb = usb_alloc_urb(0, GFP_KERNEL);
711 		if (!urb)
712 			goto err_out;
713 
714 		err = _rtl_prep_rx_urb(hw, rtlusb, urb, GFP_KERNEL);
715 		if (err < 0) {
716 			pr_err("Failed to prep_rx_urb!!\n");
717 			usb_free_urb(urb);
718 			goto err_out;
719 		}
720 
721 		usb_anchor_urb(urb, &rtlusb->rx_submitted);
722 		err = usb_submit_urb(urb, GFP_KERNEL);
723 		if (err) {
724 			usb_unanchor_urb(urb);
725 			usb_free_urb(urb);
726 			goto err_out;
727 		}
728 		usb_free_urb(urb);
729 	}
730 	return 0;
731 
732 err_out:
733 	usb_kill_anchored_urbs(&rtlusb->rx_submitted);
734 	_rtl_usb_cleanup_rx(hw);
735 	return err;
736 }
737 
738 static int rtl_usb_start(struct ieee80211_hw *hw)
739 {
740 	int err;
741 	struct rtl_priv *rtlpriv = rtl_priv(hw);
742 	struct rtl_hal *rtlhal = rtl_hal(rtl_priv(hw));
743 	struct rtl_usb *rtlusb = rtl_usbdev(rtl_usbpriv(hw));
744 
745 	err = rtlpriv->cfg->ops->hw_init(hw);
746 	if (!err) {
747 		rtl_init_rx_config(hw);
748 
749 		/* Enable software */
750 		SET_USB_START(rtlusb);
751 		/* should after adapter start and interrupt enable. */
752 		set_hal_start(rtlhal);
753 
754 		/* Start bulk IN */
755 		err = _rtl_usb_receive(hw);
756 	}
757 
758 	return err;
759 }
760 
761 /*=======================  tx =========================================*/
762 static void rtl_usb_cleanup(struct ieee80211_hw *hw)
763 {
764 	u32 i;
765 	struct sk_buff *_skb;
766 	struct rtl_usb *rtlusb = rtl_usbdev(rtl_usbpriv(hw));
767 	struct ieee80211_tx_info *txinfo;
768 
769 	/* clean up rx stuff. */
770 	_rtl_usb_cleanup_rx(hw);
771 
772 	/* clean up tx stuff */
773 	for (i = 0; i < RTL_USB_MAX_EP_NUM; i++) {
774 		while ((_skb = skb_dequeue(&rtlusb->tx_skb_queue[i]))) {
775 			rtlusb->usb_tx_cleanup(hw, _skb);
776 			txinfo = IEEE80211_SKB_CB(_skb);
777 			ieee80211_tx_info_clear_status(txinfo);
778 			txinfo->flags |= IEEE80211_TX_STAT_ACK;
779 			ieee80211_tx_status_irqsafe(hw, _skb);
780 		}
781 		usb_kill_anchored_urbs(&rtlusb->tx_pending[i]);
782 	}
783 	usb_kill_anchored_urbs(&rtlusb->tx_submitted);
784 }
785 
786 /* We may add some struct into struct rtl_usb later. Do deinit here.  */
787 static void rtl_usb_deinit(struct ieee80211_hw *hw)
788 {
789 	rtl_usb_cleanup(hw);
790 }
791 
792 static void rtl_usb_stop(struct ieee80211_hw *hw)
793 {
794 	struct rtl_priv *rtlpriv = rtl_priv(hw);
795 	struct rtl_hal *rtlhal = rtl_hal(rtl_priv(hw));
796 	struct rtl_usb *rtlusb = rtl_usbdev(rtl_usbpriv(hw));
797 	struct urb *urb;
798 
799 	/* should after adapter start and interrupt enable. */
800 	set_hal_stop(rtlhal);
801 	cancel_work_sync(&rtlpriv->works.fill_h2c_cmd);
802 	/* Enable software */
803 	SET_USB_STOP(rtlusb);
804 
805 	/* free pre-allocated URBs from rtl_usb_start() */
806 	usb_kill_anchored_urbs(&rtlusb->rx_submitted);
807 
808 	tasklet_kill(&rtlusb->rx_work_tasklet);
809 	cancel_work_sync(&rtlpriv->works.lps_change_work);
810 
811 	flush_workqueue(rtlpriv->works.rtl_wq);
812 
813 	skb_queue_purge(&rtlusb->rx_queue);
814 
815 	while ((urb = usb_get_from_anchor(&rtlusb->rx_cleanup_urbs))) {
816 		usb_free_coherent(urb->dev, urb->transfer_buffer_length,
817 				urb->transfer_buffer, urb->transfer_dma);
818 		usb_free_urb(urb);
819 	}
820 
821 	rtlpriv->cfg->ops->hw_disable(hw);
822 }
823 
824 static void _rtl_submit_tx_urb(struct ieee80211_hw *hw, struct urb *_urb)
825 {
826 	int err;
827 	struct rtl_usb *rtlusb = rtl_usbdev(rtl_usbpriv(hw));
828 
829 	usb_anchor_urb(_urb, &rtlusb->tx_submitted);
830 	err = usb_submit_urb(_urb, GFP_ATOMIC);
831 	if (err < 0) {
832 		struct sk_buff *skb;
833 
834 		pr_err("Failed to submit urb\n");
835 		usb_unanchor_urb(_urb);
836 		skb = (struct sk_buff *)_urb->context;
837 		kfree_skb(skb);
838 	}
839 	usb_free_urb(_urb);
840 }
841 
842 static int _usb_tx_post(struct ieee80211_hw *hw, struct urb *urb,
843 			struct sk_buff *skb)
844 {
845 	struct rtl_usb *rtlusb = rtl_usbdev(rtl_usbpriv(hw));
846 	struct ieee80211_tx_info *txinfo;
847 
848 	rtlusb->usb_tx_post_hdl(hw, urb, skb);
849 	skb_pull(skb, RTL_TX_HEADER_SIZE);
850 	txinfo = IEEE80211_SKB_CB(skb);
851 	ieee80211_tx_info_clear_status(txinfo);
852 	txinfo->flags |= IEEE80211_TX_STAT_ACK;
853 
854 	if (urb->status) {
855 		pr_err("Urb has error status 0x%X\n", urb->status);
856 		goto out;
857 	}
858 	/*  TODO:	statistics */
859 out:
860 	ieee80211_tx_status_irqsafe(hw, skb);
861 	return urb->status;
862 }
863 
864 static void _rtl_tx_complete(struct urb *urb)
865 {
866 	struct sk_buff *skb = (struct sk_buff *)urb->context;
867 	struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
868 	struct rtl_usb *rtlusb = (struct rtl_usb *)info->rate_driver_data[0];
869 	struct ieee80211_hw *hw = usb_get_intfdata(rtlusb->intf);
870 	int err;
871 
872 	if (unlikely(IS_USB_STOP(rtlusb)))
873 		return;
874 	err = _usb_tx_post(hw, urb, skb);
875 	if (err) {
876 		/* Ignore error and keep issuiing other urbs */
877 		return;
878 	}
879 }
880 
881 static struct urb *_rtl_usb_tx_urb_setup(struct ieee80211_hw *hw,
882 				struct sk_buff *skb, u32 ep_num)
883 {
884 	struct rtl_usb *rtlusb = rtl_usbdev(rtl_usbpriv(hw));
885 	struct urb *_urb;
886 
887 	WARN_ON(NULL == skb);
888 	_urb = usb_alloc_urb(0, GFP_ATOMIC);
889 	if (!_urb)
890 		return NULL;
891 	_rtl_install_trx_info(rtlusb, skb, ep_num);
892 	usb_fill_bulk_urb(_urb, rtlusb->udev, usb_sndbulkpipe(rtlusb->udev,
893 			  ep_num), skb->data, skb->len, _rtl_tx_complete, skb);
894 	_urb->transfer_flags |= URB_ZERO_PACKET;
895 	return _urb;
896 }
897 
898 static void _rtl_usb_transmit(struct ieee80211_hw *hw, struct sk_buff *skb,
899 		       enum rtl_txq qnum)
900 {
901 	struct rtl_usb *rtlusb = rtl_usbdev(rtl_usbpriv(hw));
902 	u32 ep_num;
903 	struct urb *_urb = NULL;
904 
905 	WARN_ON(NULL == rtlusb->usb_tx_aggregate_hdl);
906 	if (unlikely(IS_USB_STOP(rtlusb))) {
907 		pr_err("USB device is stopping...\n");
908 		kfree_skb(skb);
909 		return;
910 	}
911 	ep_num = rtlusb->ep_map.ep_mapping[qnum];
912 	_urb = _rtl_usb_tx_urb_setup(hw, skb, ep_num);
913 	if (unlikely(!_urb)) {
914 		pr_err("Can't allocate urb. Drop skb!\n");
915 		kfree_skb(skb);
916 		return;
917 	}
918 	_rtl_submit_tx_urb(hw, _urb);
919 }
920 
921 static void _rtl_usb_tx_preprocess(struct ieee80211_hw *hw,
922 				   struct ieee80211_sta *sta,
923 				   struct sk_buff *skb,
924 				   u16 hw_queue)
925 {
926 	struct rtl_priv *rtlpriv = rtl_priv(hw);
927 	struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
928 	struct rtl_tx_desc *pdesc = NULL;
929 	struct rtl_tcb_desc tcb_desc;
930 	struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)(skb->data);
931 	__le16 fc = hdr->frame_control;
932 	u8 *pda_addr = hdr->addr1;
933 
934 	memset(&tcb_desc, 0, sizeof(struct rtl_tcb_desc));
935 	if (ieee80211_is_auth(fc)) {
936 		RT_TRACE(rtlpriv, COMP_SEND, DBG_DMESG, "MAC80211_LINKING\n");
937 	}
938 
939 	if (rtlpriv->psc.sw_ps_enabled) {
940 		if (ieee80211_is_data(fc) && !ieee80211_is_nullfunc(fc) &&
941 		    !ieee80211_has_pm(fc))
942 			hdr->frame_control |= cpu_to_le16(IEEE80211_FCTL_PM);
943 	}
944 
945 	rtl_action_proc(hw, skb, true);
946 	if (is_multicast_ether_addr(pda_addr))
947 		rtlpriv->stats.txbytesmulticast += skb->len;
948 	else if (is_broadcast_ether_addr(pda_addr))
949 		rtlpriv->stats.txbytesbroadcast += skb->len;
950 	else
951 		rtlpriv->stats.txbytesunicast += skb->len;
952 	rtlpriv->cfg->ops->fill_tx_desc(hw, hdr, (u8 *)pdesc, NULL, info, sta, skb,
953 					hw_queue, &tcb_desc);
954 	if (ieee80211_is_data(fc))
955 		rtlpriv->cfg->ops->led_control(hw, LED_CTL_TX);
956 }
957 
958 static int rtl_usb_tx(struct ieee80211_hw *hw,
959 		      struct ieee80211_sta *sta,
960 		      struct sk_buff *skb,
961 		      struct rtl_tcb_desc *dummy)
962 {
963 	struct rtl_usb *rtlusb = rtl_usbdev(rtl_usbpriv(hw));
964 	struct rtl_hal *rtlhal = rtl_hal(rtl_priv(hw));
965 	struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)(skb->data);
966 	__le16 fc = hdr->frame_control;
967 	u16 hw_queue;
968 
969 	if (unlikely(is_hal_stop(rtlhal)))
970 		goto err_free;
971 	hw_queue = rtlusb->usb_mq_to_hwq(fc, skb_get_queue_mapping(skb));
972 	_rtl_usb_tx_preprocess(hw, sta, skb, hw_queue);
973 	_rtl_usb_transmit(hw, skb, hw_queue);
974 	return NETDEV_TX_OK;
975 
976 err_free:
977 	dev_kfree_skb_any(skb);
978 	return NETDEV_TX_OK;
979 }
980 
981 static bool rtl_usb_tx_chk_waitq_insert(struct ieee80211_hw *hw,
982 					struct ieee80211_sta *sta,
983 					struct sk_buff *skb)
984 {
985 	return false;
986 }
987 
988 static void rtl_fill_h2c_cmd_work_callback(struct work_struct *work)
989 {
990 	struct rtl_works *rtlworks =
991 	    container_of(work, struct rtl_works, fill_h2c_cmd);
992 	struct ieee80211_hw *hw = rtlworks->hw;
993 	struct rtl_priv *rtlpriv = rtl_priv(hw);
994 
995 	rtlpriv->cfg->ops->fill_h2c_cmd(hw, H2C_RA_MASK, 5, rtlpriv->rate_mask);
996 }
997 
998 static const struct rtl_intf_ops rtl_usb_ops = {
999 	.adapter_start = rtl_usb_start,
1000 	.adapter_stop = rtl_usb_stop,
1001 	.adapter_tx = rtl_usb_tx,
1002 	.waitq_insert = rtl_usb_tx_chk_waitq_insert,
1003 };
1004 
1005 int rtl_usb_probe(struct usb_interface *intf,
1006 		  const struct usb_device_id *id,
1007 		  struct rtl_hal_cfg *rtl_hal_cfg)
1008 {
1009 	int err;
1010 	struct ieee80211_hw *hw = NULL;
1011 	struct rtl_priv *rtlpriv = NULL;
1012 	struct usb_device	*udev;
1013 	struct rtl_usb_priv *usb_priv;
1014 
1015 	hw = ieee80211_alloc_hw(sizeof(struct rtl_priv) +
1016 				sizeof(struct rtl_usb_priv), &rtl_ops);
1017 	if (!hw) {
1018 		WARN_ONCE(true, "rtl_usb: ieee80211 alloc failed\n");
1019 		return -ENOMEM;
1020 	}
1021 	rtlpriv = hw->priv;
1022 	rtlpriv->hw = hw;
1023 	rtlpriv->usb_data = kcalloc(RTL_USB_MAX_RX_COUNT, sizeof(u32),
1024 				    GFP_KERNEL);
1025 	if (!rtlpriv->usb_data) {
1026 		ieee80211_free_hw(hw);
1027 		return -ENOMEM;
1028 	}
1029 
1030 	/* this spin lock must be initialized early */
1031 	spin_lock_init(&rtlpriv->locks.usb_lock);
1032 	INIT_WORK(&rtlpriv->works.fill_h2c_cmd,
1033 		  rtl_fill_h2c_cmd_work_callback);
1034 	INIT_WORK(&rtlpriv->works.lps_change_work,
1035 		  rtl_lps_change_work_callback);
1036 
1037 	rtlpriv->usb_data_index = 0;
1038 	init_completion(&rtlpriv->firmware_loading_complete);
1039 	SET_IEEE80211_DEV(hw, &intf->dev);
1040 	udev = interface_to_usbdev(intf);
1041 	usb_get_dev(udev);
1042 	usb_priv = rtl_usbpriv(hw);
1043 	memset(usb_priv, 0, sizeof(*usb_priv));
1044 	usb_priv->dev.intf = intf;
1045 	usb_priv->dev.udev = udev;
1046 	usb_set_intfdata(intf, hw);
1047 	/* init cfg & intf_ops */
1048 	rtlpriv->rtlhal.interface = INTF_USB;
1049 	rtlpriv->cfg = rtl_hal_cfg;
1050 	rtlpriv->intf_ops = &rtl_usb_ops;
1051 	/* Init IO handler */
1052 	_rtl_usb_io_handler_init(&udev->dev, hw);
1053 	rtlpriv->cfg->ops->read_chip_version(hw);
1054 	/*like read eeprom and so on */
1055 	rtlpriv->cfg->ops->read_eeprom_info(hw);
1056 	err = _rtl_usb_init(hw);
1057 	if (err)
1058 		goto error_out2;
1059 	rtl_usb_init_sw(hw);
1060 	/* Init mac80211 sw */
1061 	err = rtl_init_core(hw);
1062 	if (err) {
1063 		pr_err("Can't allocate sw for mac80211\n");
1064 		goto error_out2;
1065 	}
1066 	if (rtlpriv->cfg->ops->init_sw_vars(hw)) {
1067 		pr_err("Can't init_sw_vars\n");
1068 		goto error_out;
1069 	}
1070 	rtlpriv->cfg->ops->init_sw_leds(hw);
1071 
1072 	err = ieee80211_register_hw(hw);
1073 	if (err) {
1074 		pr_err("Can't register mac80211 hw.\n");
1075 		err = -ENODEV;
1076 		goto error_out;
1077 	}
1078 	rtlpriv->mac80211.mac80211_registered = 1;
1079 
1080 	set_bit(RTL_STATUS_INTERFACE_START, &rtlpriv->status);
1081 	return 0;
1082 
1083 error_out:
1084 	rtl_deinit_core(hw);
1085 error_out2:
1086 	_rtl_usb_io_handler_release(hw);
1087 	usb_put_dev(udev);
1088 	complete(&rtlpriv->firmware_loading_complete);
1089 	kfree(rtlpriv->usb_data);
1090 	ieee80211_free_hw(hw);
1091 	return -ENODEV;
1092 }
1093 EXPORT_SYMBOL(rtl_usb_probe);
1094 
1095 void rtl_usb_disconnect(struct usb_interface *intf)
1096 {
1097 	struct ieee80211_hw *hw = usb_get_intfdata(intf);
1098 	struct rtl_priv *rtlpriv = rtl_priv(hw);
1099 	struct rtl_mac *rtlmac = rtl_mac(rtl_priv(hw));
1100 	struct rtl_usb *rtlusb = rtl_usbdev(rtl_usbpriv(hw));
1101 
1102 	if (unlikely(!rtlpriv))
1103 		return;
1104 	/* just in case driver is removed before firmware callback */
1105 	wait_for_completion(&rtlpriv->firmware_loading_complete);
1106 	clear_bit(RTL_STATUS_INTERFACE_START, &rtlpriv->status);
1107 	/*ieee80211_unregister_hw will call ops_stop */
1108 	if (rtlmac->mac80211_registered == 1) {
1109 		ieee80211_unregister_hw(hw);
1110 		rtlmac->mac80211_registered = 0;
1111 	} else {
1112 		rtl_deinit_deferred_work(hw, false);
1113 		rtlpriv->intf_ops->adapter_stop(hw);
1114 	}
1115 	/*deinit rfkill */
1116 	/* rtl_deinit_rfkill(hw); */
1117 	rtl_usb_deinit(hw);
1118 	rtl_deinit_core(hw);
1119 	kfree(rtlpriv->usb_data);
1120 	rtlpriv->cfg->ops->deinit_sw_leds(hw);
1121 	rtlpriv->cfg->ops->deinit_sw_vars(hw);
1122 	_rtl_usb_io_handler_release(hw);
1123 	usb_put_dev(rtlusb->udev);
1124 	usb_set_intfdata(intf, NULL);
1125 	ieee80211_free_hw(hw);
1126 }
1127 EXPORT_SYMBOL(rtl_usb_disconnect);
1128 
1129 int rtl_usb_suspend(struct usb_interface *pusb_intf, pm_message_t message)
1130 {
1131 	return 0;
1132 }
1133 EXPORT_SYMBOL(rtl_usb_suspend);
1134 
1135 int rtl_usb_resume(struct usb_interface *pusb_intf)
1136 {
1137 	return 0;
1138 }
1139 EXPORT_SYMBOL(rtl_usb_resume);
1140