drivers/net/wireless/orinoco/orinoco_usb.c at v3.2-rc4

tjh.dev / kernel
fork
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork
kernel / drivers / net / wireless / orinoco / orinoco_usb.c
at v3.2-rc4 1791 lines 46 kB view raw
wrap content
   1/*
   2 * USB Orinoco driver
   3 *
   4 * Copyright (c) 2003 Manuel Estrada Sainz
   5 *
   6 * The contents of this file are subject to the Mozilla Public License
   7 * Version 1.1 (the "License"); you may not use this file except in
   8 * compliance with the License. You may obtain a copy of the License
   9 * at http://www.mozilla.org/MPL/
  10 *
  11 * Software distributed under the License is distributed on an "AS IS"
  12 * basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
  13 * the License for the specific language governing rights and
  14 * limitations under the License.
  15 *
  16 * Alternatively, the contents of this file may be used under the
  17 * terms of the GNU General Public License version 2 (the "GPL"), in
  18 * which case the provisions of the GPL are applicable instead of the
  19 * above.  If you wish to allow the use of your version of this file
  20 * only under the terms of the GPL and not to allow others to use your
  21 * version of this file under the MPL, indicate your decision by
  22 * deleting the provisions above and replace them with the notice and
  23 * other provisions required by the GPL.  If you do not delete the
  24 * provisions above, a recipient may use your version of this file
  25 * under either the MPL or the GPL.
  26 *
  27 * Queueing code based on linux-wlan-ng 0.2.1-pre5
  28 *
  29 * Copyright (C) 1999 AbsoluteValue Systems, Inc.  All Rights Reserved.
  30 *
  31 *	The license is the same as above.
  32 *
  33 * Initialy based on USB Skeleton driver - 0.7
  34 *
  35 * Copyright (c) 2001 Greg Kroah-Hartman (greg@kroah.com)
  36 *
  37 *	This program is free software; you can redistribute it and/or
  38 *	modify it under the terms of the GNU General Public License as
  39 *	published by the Free Software Foundation; either version 2 of
  40 *	the License, or (at your option) any later version.
  41 *
  42 * NOTE: The original USB Skeleton driver is GPL, but all that code is
  43 * gone so MPL/GPL applies.
  44 */
  45
  46#define DRIVER_NAME "orinoco_usb"
  47#define PFX DRIVER_NAME ": "
  48
  49#include <linux/module.h>
  50#include <linux/kernel.h>
  51#include <linux/sched.h>
  52#include <linux/signal.h>
  53#include <linux/errno.h>
  54#include <linux/poll.h>
  55#include <linux/init.h>
  56#include <linux/slab.h>
  57#include <linux/fcntl.h>
  58#include <linux/spinlock.h>
  59#include <linux/list.h>
  60#include <linux/usb.h>
  61#include <linux/timer.h>
  62
  63#include <linux/netdevice.h>
  64#include <linux/if_arp.h>
  65#include <linux/etherdevice.h>
  66#include <linux/wireless.h>
  67#include <linux/firmware.h>
  68
  69#include "mic.h"
  70#include "orinoco.h"
  71
  72#ifndef URB_ASYNC_UNLINK
  73#define URB_ASYNC_UNLINK 0
  74#endif
  75
  76/* 802.2 LLC/SNAP header used for Ethernet encapsulation over 802.11 */
  77static const u8 encaps_hdr[] = {0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00};
  78#define ENCAPS_OVERHEAD		(sizeof(encaps_hdr) + 2)
  79
  80struct header_struct {
  81	/* 802.3 */
  82	u8 dest[ETH_ALEN];
  83	u8 src[ETH_ALEN];
  84	__be16 len;
  85	/* 802.2 */
  86	u8 dsap;
  87	u8 ssap;
  88	u8 ctrl;
  89	/* SNAP */
  90	u8 oui[3];
  91	__be16 ethertype;
  92} __packed;
  93
  94struct ez_usb_fw {
  95	u16 size;
  96	const u8 *code;
  97};
  98
  99static struct ez_usb_fw firmware = {
 100	.size = 0,
 101	.code = NULL,
 102};
 103
 104#ifdef CONFIG_USB_DEBUG
 105static int debug = 1;
 106#else
 107static int debug;
 108#endif
 109
 110/* Debugging macros */
 111#undef dbg
 112#define dbg(format, arg...) \
 113	do { if (debug) printk(KERN_DEBUG PFX "%s: " format "\n", \
 114			       __func__ , ## arg); } while (0)
 115#undef err
 116#define err(format, arg...) \
 117	do { printk(KERN_ERR PFX format "\n", ## arg); } while (0)
 118
 119/* Module paramaters */
 120module_param(debug, int, 0644);
 121MODULE_PARM_DESC(debug, "Debug enabled or not");
 122
 123MODULE_FIRMWARE("orinoco_ezusb_fw");
 124
 125/*
 126 * Under some conditions, the card gets stuck and stops paying attention
 127 * to the world (i.e. data communication stalls) until we do something to
 128 * it.  Sending an INQ_TALLIES command seems to be enough and should be
 129 * harmless otherwise.  This behaviour has been observed when using the
 130 * driver on a systemimager client during installation.  In the past a
 131 * timer was used to send INQ_TALLIES commands when there was no other
 132 * activity, but it was troublesome and was removed.
 133 */
 134
 135#define USB_COMPAQ_VENDOR_ID     0x049f /* Compaq Computer Corp. */
 136#define USB_COMPAQ_WL215_ID      0x001f /* Compaq WL215 USB Adapter */
 137#define USB_COMPAQ_W200_ID       0x0076 /* Compaq W200 USB Adapter */
 138#define USB_HP_WL215_ID          0x0082 /* Compaq WL215 USB Adapter */
 139
 140#define USB_MELCO_VENDOR_ID      0x0411
 141#define USB_BUFFALO_L11_ID       0x0006 /* BUFFALO WLI-USB-L11 */
 142#define USB_BUFFALO_L11G_WR_ID   0x000B /* BUFFALO WLI-USB-L11G-WR */
 143#define USB_BUFFALO_L11G_ID      0x000D /* BUFFALO WLI-USB-L11G */
 144
 145#define USB_LUCENT_VENDOR_ID     0x047E /* Lucent Technologies */
 146#define USB_LUCENT_ORINOCO_ID    0x0300 /* Lucent/Agere Orinoco USB Client */
 147
 148#define USB_AVAYA8_VENDOR_ID     0x0D98
 149#define USB_AVAYAE_VENDOR_ID     0x0D9E
 150#define USB_AVAYA_WIRELESS_ID    0x0300 /* Avaya Wireless USB Card */
 151
 152#define USB_AGERE_VENDOR_ID      0x0D4E /* Agere Systems */
 153#define USB_AGERE_MODEL0801_ID   0x1000 /* Wireless USB Card Model 0801 */
 154#define USB_AGERE_MODEL0802_ID   0x1001 /* Wireless USB Card Model 0802 */
 155#define USB_AGERE_REBRANDED_ID   0x047A /* WLAN USB Card */
 156
 157#define USB_ELSA_VENDOR_ID       0x05CC
 158#define USB_ELSA_AIRLANCER_ID    0x3100 /* ELSA AirLancer USB-11 */
 159
 160#define USB_LEGEND_VENDOR_ID     0x0E7C
 161#define USB_LEGEND_JOYNET_ID     0x0300 /* Joynet WLAN USB Card */
 162
 163#define USB_SAMSUNG_VENDOR_ID    0x04E8
 164#define USB_SAMSUNG_SEW2001U1_ID 0x5002 /* Samsung SEW-2001u Card */
 165#define USB_SAMSUNG_SEW2001U2_ID 0x5B11 /* Samsung SEW-2001u Card */
 166#define USB_SAMSUNG_SEW2003U_ID  0x7011 /* Samsung SEW-2003U Card */
 167
 168#define USB_IGATE_VENDOR_ID      0x0681
 169#define USB_IGATE_IGATE_11M_ID   0x0012 /* I-GATE 11M USB Card */
 170
 171#define USB_FUJITSU_VENDOR_ID    0x0BF8
 172#define USB_FUJITSU_E1100_ID     0x1002 /* connect2AIR WLAN E-1100 USB */
 173
 174#define USB_2WIRE_VENDOR_ID      0x1630
 175#define USB_2WIRE_WIRELESS_ID    0xff81 /* 2Wire Wireless USB adapter */
 176
 177
 178#define EZUSB_REQUEST_FW_TRANS		0xA0
 179#define EZUSB_REQUEST_TRIGER		0xAA
 180#define EZUSB_REQUEST_TRIG_AC		0xAC
 181#define EZUSB_CPUCS_REG			0x7F92
 182
 183#define EZUSB_RID_TX			0x0700
 184#define EZUSB_RID_RX			0x0701
 185#define EZUSB_RID_INIT1			0x0702
 186#define EZUSB_RID_ACK			0x0710
 187#define EZUSB_RID_READ_PDA		0x0800
 188#define EZUSB_RID_PROG_INIT		0x0852
 189#define EZUSB_RID_PROG_SET_ADDR		0x0853
 190#define EZUSB_RID_PROG_BYTES		0x0854
 191#define EZUSB_RID_PROG_END		0x0855
 192#define EZUSB_RID_DOCMD			0x0860
 193
 194/* Recognize info frames */
 195#define EZUSB_IS_INFO(id)		((id >= 0xF000) && (id <= 0xF2FF))
 196
 197#define EZUSB_MAGIC			0x0210
 198
 199#define EZUSB_FRAME_DATA		1
 200#define EZUSB_FRAME_CONTROL		2
 201
 202#define DEF_TIMEOUT			(3 * HZ)
 203
 204#define BULK_BUF_SIZE			2048
 205
 206#define MAX_DL_SIZE (BULK_BUF_SIZE - sizeof(struct ezusb_packet))
 207
 208#define FW_BUF_SIZE			64
 209#define FW_VAR_OFFSET_PTR		0x359
 210#define FW_VAR_VALUE			0
 211#define FW_HOLE_START			0x100
 212#define FW_HOLE_END			0x300
 213
 214struct ezusb_packet {
 215	__le16 magic;		/* 0x0210 */
 216	u8 req_reply_count;
 217	u8 ans_reply_count;
 218	__le16 frame_type;	/* 0x01 for data frames, 0x02 otherwise */
 219	__le16 size;		/* transport size */
 220	__le16 crc;		/* CRC up to here */
 221	__le16 hermes_len;
 222	__le16 hermes_rid;
 223	u8 data[0];
 224} __packed;
 225
 226/* Table of devices that work or may work with this driver */
 227static struct usb_device_id ezusb_table[] = {
 228	{USB_DEVICE(USB_COMPAQ_VENDOR_ID, USB_COMPAQ_WL215_ID)},
 229	{USB_DEVICE(USB_COMPAQ_VENDOR_ID, USB_HP_WL215_ID)},
 230	{USB_DEVICE(USB_COMPAQ_VENDOR_ID, USB_COMPAQ_W200_ID)},
 231	{USB_DEVICE(USB_MELCO_VENDOR_ID, USB_BUFFALO_L11_ID)},
 232	{USB_DEVICE(USB_MELCO_VENDOR_ID, USB_BUFFALO_L11G_WR_ID)},
 233	{USB_DEVICE(USB_MELCO_VENDOR_ID, USB_BUFFALO_L11G_ID)},
 234	{USB_DEVICE(USB_LUCENT_VENDOR_ID, USB_LUCENT_ORINOCO_ID)},
 235	{USB_DEVICE(USB_AVAYA8_VENDOR_ID, USB_AVAYA_WIRELESS_ID)},
 236	{USB_DEVICE(USB_AVAYAE_VENDOR_ID, USB_AVAYA_WIRELESS_ID)},
 237	{USB_DEVICE(USB_AGERE_VENDOR_ID, USB_AGERE_MODEL0801_ID)},
 238	{USB_DEVICE(USB_AGERE_VENDOR_ID, USB_AGERE_MODEL0802_ID)},
 239	{USB_DEVICE(USB_ELSA_VENDOR_ID, USB_ELSA_AIRLANCER_ID)},
 240	{USB_DEVICE(USB_LEGEND_VENDOR_ID, USB_LEGEND_JOYNET_ID)},
 241	{USB_DEVICE_VER(USB_SAMSUNG_VENDOR_ID, USB_SAMSUNG_SEW2001U1_ID,
 242			0, 0)},
 243	{USB_DEVICE(USB_SAMSUNG_VENDOR_ID, USB_SAMSUNG_SEW2001U2_ID)},
 244	{USB_DEVICE(USB_SAMSUNG_VENDOR_ID, USB_SAMSUNG_SEW2003U_ID)},
 245	{USB_DEVICE(USB_IGATE_VENDOR_ID, USB_IGATE_IGATE_11M_ID)},
 246	{USB_DEVICE(USB_FUJITSU_VENDOR_ID, USB_FUJITSU_E1100_ID)},
 247	{USB_DEVICE(USB_2WIRE_VENDOR_ID, USB_2WIRE_WIRELESS_ID)},
 248	{USB_DEVICE(USB_AGERE_VENDOR_ID, USB_AGERE_REBRANDED_ID)},
 249	{}			/* Terminating entry */
 250};
 251
 252MODULE_DEVICE_TABLE(usb, ezusb_table);
 253
 254/* Structure to hold all of our device specific stuff */
 255struct ezusb_priv {
 256	struct usb_device *udev;
 257	struct net_device *dev;
 258	struct mutex mtx;
 259	spinlock_t req_lock;
 260	struct list_head req_pending;
 261	struct list_head req_active;
 262	spinlock_t reply_count_lock;
 263	u16 hermes_reg_fake[0x40];
 264	u8 *bap_buf;
 265	struct urb *read_urb;
 266	int read_pipe;
 267	int write_pipe;
 268	u8 reply_count;
 269};
 270
 271enum ezusb_state {
 272	EZUSB_CTX_START,
 273	EZUSB_CTX_QUEUED,
 274	EZUSB_CTX_REQ_SUBMITTED,
 275	EZUSB_CTX_REQ_COMPLETE,
 276	EZUSB_CTX_RESP_RECEIVED,
 277	EZUSB_CTX_REQ_TIMEOUT,
 278	EZUSB_CTX_REQ_FAILED,
 279	EZUSB_CTX_RESP_TIMEOUT,
 280	EZUSB_CTX_REQSUBMIT_FAIL,
 281	EZUSB_CTX_COMPLETE,
 282};
 283
 284struct request_context {
 285	struct list_head list;
 286	atomic_t refcount;
 287	struct completion done;	/* Signals that CTX is dead */
 288	int killed;
 289	struct urb *outurb;	/* OUT for req pkt */
 290	struct ezusb_priv *upriv;
 291	struct ezusb_packet *buf;
 292	int buf_length;
 293	struct timer_list timer;	/* Timeout handling */
 294	enum ezusb_state state;	/* Current state */
 295	/* the RID that we will wait for */
 296	u16 out_rid;
 297	u16 in_rid;
 298};
 299
 300
 301/* Forward declarations */
 302static void ezusb_ctx_complete(struct request_context *ctx);
 303static void ezusb_req_queue_run(struct ezusb_priv *upriv);
 304static void ezusb_bulk_in_callback(struct urb *urb);
 305
 306static inline u8 ezusb_reply_inc(u8 count)
 307{
 308	if (count < 0x7F)
 309		return count + 1;
 310	else
 311		return 1;
 312}
 313
 314static void ezusb_request_context_put(struct request_context *ctx)
 315{
 316	if (!atomic_dec_and_test(&ctx->refcount))
 317		return;
 318
 319	WARN_ON(!ctx->done.done);
 320	BUG_ON(ctx->outurb->status == -EINPROGRESS);
 321	BUG_ON(timer_pending(&ctx->timer));
 322	usb_free_urb(ctx->outurb);
 323	kfree(ctx->buf);
 324	kfree(ctx);
 325}
 326
 327static inline void ezusb_mod_timer(struct ezusb_priv *upriv,
 328				   struct timer_list *timer,
 329				   unsigned long expire)
 330{
 331	if (!upriv->udev)
 332		return;
 333	mod_timer(timer, expire);
 334}
 335
 336static void ezusb_request_timerfn(u_long _ctx)
 337{
 338	struct request_context *ctx = (void *) _ctx;
 339
 340	ctx->outurb->transfer_flags |= URB_ASYNC_UNLINK;
 341	if (usb_unlink_urb(ctx->outurb) == -EINPROGRESS) {
 342		ctx->state = EZUSB_CTX_REQ_TIMEOUT;
 343	} else {
 344		ctx->state = EZUSB_CTX_RESP_TIMEOUT;
 345		dbg("couldn't unlink");
 346		atomic_inc(&ctx->refcount);
 347		ctx->killed = 1;
 348		ezusb_ctx_complete(ctx);
 349		ezusb_request_context_put(ctx);
 350	}
 351};
 352
 353static struct request_context *ezusb_alloc_ctx(struct ezusb_priv *upriv,
 354					       u16 out_rid, u16 in_rid)
 355{
 356	struct request_context *ctx;
 357
 358	ctx = kzalloc(sizeof(*ctx), GFP_ATOMIC);
 359	if (!ctx)
 360		return NULL;
 361
 362	ctx->buf = kmalloc(BULK_BUF_SIZE, GFP_ATOMIC);
 363	if (!ctx->buf) {
 364		kfree(ctx);
 365		return NULL;
 366	}
 367	ctx->outurb = usb_alloc_urb(0, GFP_ATOMIC);
 368	if (!ctx->outurb) {
 369		kfree(ctx->buf);
 370		kfree(ctx);
 371		return NULL;
 372	}
 373
 374	ctx->upriv = upriv;
 375	ctx->state = EZUSB_CTX_START;
 376	ctx->out_rid = out_rid;
 377	ctx->in_rid = in_rid;
 378
 379	atomic_set(&ctx->refcount, 1);
 380	init_completion(&ctx->done);
 381
 382	init_timer(&ctx->timer);
 383	ctx->timer.function = ezusb_request_timerfn;
 384	ctx->timer.data = (u_long) ctx;
 385	return ctx;
 386}
 387
 388
 389/* Hopefully the real complete_all will soon be exported, in the mean
 390 * while this should work. */
 391static inline void ezusb_complete_all(struct completion *comp)
 392{
 393	complete(comp);
 394	complete(comp);
 395	complete(comp);
 396	complete(comp);
 397}
 398
 399static void ezusb_ctx_complete(struct request_context *ctx)
 400{
 401	struct ezusb_priv *upriv = ctx->upriv;
 402	unsigned long flags;
 403
 404	spin_lock_irqsave(&upriv->req_lock, flags);
 405
 406	list_del_init(&ctx->list);
 407	if (upriv->udev) {
 408		spin_unlock_irqrestore(&upriv->req_lock, flags);
 409		ezusb_req_queue_run(upriv);
 410		spin_lock_irqsave(&upriv->req_lock, flags);
 411	}
 412
 413	switch (ctx->state) {
 414	case EZUSB_CTX_COMPLETE:
 415	case EZUSB_CTX_REQSUBMIT_FAIL:
 416	case EZUSB_CTX_REQ_FAILED:
 417	case EZUSB_CTX_REQ_TIMEOUT:
 418	case EZUSB_CTX_RESP_TIMEOUT:
 419		spin_unlock_irqrestore(&upriv->req_lock, flags);
 420
 421		if ((ctx->out_rid == EZUSB_RID_TX) && upriv->dev) {
 422			struct net_device *dev = upriv->dev;
 423			struct orinoco_private *priv = ndev_priv(dev);
 424			struct net_device_stats *stats = &priv->stats;
 425
 426			if (ctx->state != EZUSB_CTX_COMPLETE)
 427				stats->tx_errors++;
 428			else
 429				stats->tx_packets++;
 430
 431			netif_wake_queue(dev);
 432		}
 433		ezusb_complete_all(&ctx->done);
 434		ezusb_request_context_put(ctx);
 435		break;
 436
 437	default:
 438		spin_unlock_irqrestore(&upriv->req_lock, flags);
 439		if (!upriv->udev) {
 440			/* This is normal, as all request contexts get flushed
 441			 * when the device is disconnected */
 442			err("Called, CTX not terminating, but device gone");
 443			ezusb_complete_all(&ctx->done);
 444			ezusb_request_context_put(ctx);
 445			break;
 446		}
 447
 448		err("Called, CTX not in terminating state.");
 449		/* Things are really bad if this happens. Just leak
 450		 * the CTX because it may still be linked to the
 451		 * queue or the OUT urb may still be active.
 452		 * Just leaking at least prevents an Oops or Panic.
 453		 */
 454		break;
 455	}
 456}
 457
 458/**
 459 * ezusb_req_queue_run:
 460 * Description:
 461 *	Note: Only one active CTX at any one time, because there's no
 462 *	other (reliable) way to match the response URB to the correct
 463 *	CTX.
 464 **/
 465static void ezusb_req_queue_run(struct ezusb_priv *upriv)
 466{
 467	unsigned long flags;
 468	struct request_context *ctx;
 469	int result;
 470
 471	spin_lock_irqsave(&upriv->req_lock, flags);
 472
 473	if (!list_empty(&upriv->req_active))
 474		goto unlock;
 475
 476	if (list_empty(&upriv->req_pending))
 477		goto unlock;
 478
 479	ctx =
 480	    list_entry(upriv->req_pending.next, struct request_context,
 481		       list);
 482
 483	if (!ctx->upriv->udev)
 484		goto unlock;
 485
 486	/* We need to split this off to avoid a race condition */
 487	list_move_tail(&ctx->list, &upriv->req_active);
 488
 489	if (ctx->state == EZUSB_CTX_QUEUED) {
 490		atomic_inc(&ctx->refcount);
 491		result = usb_submit_urb(ctx->outurb, GFP_ATOMIC);
 492		if (result) {
 493			ctx->state = EZUSB_CTX_REQSUBMIT_FAIL;
 494
 495			spin_unlock_irqrestore(&upriv->req_lock, flags);
 496
 497			err("Fatal, failed to submit command urb."
 498			    " error=%d\n", result);
 499
 500			ezusb_ctx_complete(ctx);
 501			ezusb_request_context_put(ctx);
 502			goto done;
 503		}
 504
 505		ctx->state = EZUSB_CTX_REQ_SUBMITTED;
 506		ezusb_mod_timer(ctx->upriv, &ctx->timer,
 507				jiffies + DEF_TIMEOUT);
 508	}
 509
 510 unlock:
 511	spin_unlock_irqrestore(&upriv->req_lock, flags);
 512
 513 done:
 514	return;
 515}
 516
 517static void ezusb_req_enqueue_run(struct ezusb_priv *upriv,
 518				  struct request_context *ctx)
 519{
 520	unsigned long flags;
 521
 522	spin_lock_irqsave(&upriv->req_lock, flags);
 523
 524	if (!ctx->upriv->udev) {
 525		spin_unlock_irqrestore(&upriv->req_lock, flags);
 526		goto done;
 527	}
 528	atomic_inc(&ctx->refcount);
 529	list_add_tail(&ctx->list, &upriv->req_pending);
 530	spin_unlock_irqrestore(&upriv->req_lock, flags);
 531
 532	ctx->state = EZUSB_CTX_QUEUED;
 533	ezusb_req_queue_run(upriv);
 534
 535 done:
 536	return;
 537}
 538
 539static void ezusb_request_out_callback(struct urb *urb)
 540{
 541	unsigned long flags;
 542	enum ezusb_state state;
 543	struct request_context *ctx = urb->context;
 544	struct ezusb_priv *upriv = ctx->upriv;
 545
 546	spin_lock_irqsave(&upriv->req_lock, flags);
 547
 548	del_timer(&ctx->timer);
 549
 550	if (ctx->killed) {
 551		spin_unlock_irqrestore(&upriv->req_lock, flags);
 552		pr_warning("interrupt called with dead ctx");
 553		goto out;
 554	}
 555
 556	state = ctx->state;
 557
 558	if (urb->status == 0) {
 559		switch (state) {
 560		case EZUSB_CTX_REQ_SUBMITTED:
 561			if (ctx->in_rid) {
 562				ctx->state = EZUSB_CTX_REQ_COMPLETE;
 563				/* reply URB still pending */
 564				ezusb_mod_timer(upriv, &ctx->timer,
 565						jiffies + DEF_TIMEOUT);
 566				spin_unlock_irqrestore(&upriv->req_lock,
 567						       flags);
 568				break;
 569			}
 570			/* fall through */
 571		case EZUSB_CTX_RESP_RECEIVED:
 572			/* IN already received before this OUT-ACK */
 573			ctx->state = EZUSB_CTX_COMPLETE;
 574			spin_unlock_irqrestore(&upriv->req_lock, flags);
 575			ezusb_ctx_complete(ctx);
 576			break;
 577
 578		default:
 579			spin_unlock_irqrestore(&upriv->req_lock, flags);
 580			err("Unexpected state(0x%x, %d) in OUT URB",
 581			    state, urb->status);
 582			break;
 583		}
 584	} else {
 585		/* If someone cancels the OUT URB then its status
 586		 * should be either -ECONNRESET or -ENOENT.
 587		 */
 588		switch (state) {
 589		case EZUSB_CTX_REQ_SUBMITTED:
 590		case EZUSB_CTX_RESP_RECEIVED:
 591			ctx->state = EZUSB_CTX_REQ_FAILED;
 592			/* fall through */
 593
 594		case EZUSB_CTX_REQ_FAILED:
 595		case EZUSB_CTX_REQ_TIMEOUT:
 596			spin_unlock_irqrestore(&upriv->req_lock, flags);
 597
 598			ezusb_ctx_complete(ctx);
 599			break;
 600
 601		default:
 602			spin_unlock_irqrestore(&upriv->req_lock, flags);
 603
 604			err("Unexpected state(0x%x, %d) in OUT URB",
 605			    state, urb->status);
 606			break;
 607		}
 608	}
 609 out:
 610	ezusb_request_context_put(ctx);
 611}
 612
 613static void ezusb_request_in_callback(struct ezusb_priv *upriv,
 614				      struct urb *urb)
 615{
 616	struct ezusb_packet *ans = urb->transfer_buffer;
 617	struct request_context *ctx = NULL;
 618	enum ezusb_state state;
 619	unsigned long flags;
 620
 621	/* Find the CTX on the active queue that requested this URB */
 622	spin_lock_irqsave(&upriv->req_lock, flags);
 623	if (upriv->udev) {
 624		struct list_head *item;
 625
 626		list_for_each(item, &upriv->req_active) {
 627			struct request_context *c;
 628			int reply_count;
 629
 630			c = list_entry(item, struct request_context, list);
 631			reply_count =
 632			    ezusb_reply_inc(c->buf->req_reply_count);
 633			if ((ans->ans_reply_count == reply_count)
 634			    && (le16_to_cpu(ans->hermes_rid) == c->in_rid)) {
 635				ctx = c;
 636				break;
 637			}
 638			dbg("Skipped (0x%x/0x%x) (%d/%d)",
 639			    le16_to_cpu(ans->hermes_rid),
 640			    c->in_rid, ans->ans_reply_count, reply_count);
 641		}
 642	}
 643
 644	if (ctx == NULL) {
 645		spin_unlock_irqrestore(&upriv->req_lock, flags);
 646		err("%s: got unexpected RID: 0x%04X", __func__,
 647		    le16_to_cpu(ans->hermes_rid));
 648		ezusb_req_queue_run(upriv);
 649		return;
 650	}
 651
 652	/* The data we want is in the in buffer, exchange */
 653	urb->transfer_buffer = ctx->buf;
 654	ctx->buf = (void *) ans;
 655	ctx->buf_length = urb->actual_length;
 656
 657	state = ctx->state;
 658	switch (state) {
 659	case EZUSB_CTX_REQ_SUBMITTED:
 660		/* We have received our response URB before
 661		 * our request has been acknowledged. Do NOT
 662		 * destroy our CTX yet, because our OUT URB
 663		 * is still alive ...
 664		 */
 665		ctx->state = EZUSB_CTX_RESP_RECEIVED;
 666		spin_unlock_irqrestore(&upriv->req_lock, flags);
 667
 668		/* Let the machine continue running. */
 669		break;
 670
 671	case EZUSB_CTX_REQ_COMPLETE:
 672		/* This is the usual path: our request
 673		 * has already been acknowledged, and
 674		 * we have now received the reply.
 675		 */
 676		ctx->state = EZUSB_CTX_COMPLETE;
 677
 678		/* Stop the intimer */
 679		del_timer(&ctx->timer);
 680		spin_unlock_irqrestore(&upriv->req_lock, flags);
 681
 682		/* Call the completion handler */
 683		ezusb_ctx_complete(ctx);
 684		break;
 685
 686	default:
 687		spin_unlock_irqrestore(&upriv->req_lock, flags);
 688
 689		pr_warning("Matched IN URB, unexpected context state(0x%x)",
 690		     state);
 691		/* Throw this CTX away and try submitting another */
 692		del_timer(&ctx->timer);
 693		ctx->outurb->transfer_flags |= URB_ASYNC_UNLINK;
 694		usb_unlink_urb(ctx->outurb);
 695		ezusb_req_queue_run(upriv);
 696		break;
 697	}			/* switch */
 698}
 699
 700
 701static void ezusb_req_ctx_wait(struct ezusb_priv *upriv,
 702			       struct request_context *ctx)
 703{
 704	switch (ctx->state) {
 705	case EZUSB_CTX_QUEUED:
 706	case EZUSB_CTX_REQ_SUBMITTED:
 707	case EZUSB_CTX_REQ_COMPLETE:
 708	case EZUSB_CTX_RESP_RECEIVED:
 709		if (in_softirq()) {
 710			/* If we get called from a timer, timeout timers don't
 711			 * get the chance to run themselves. So we make sure
 712			 * that we don't sleep for ever */
 713			int msecs = DEF_TIMEOUT * (1000 / HZ);
 714			while (!ctx->done.done && msecs--)
 715				udelay(1000);
 716		} else {
 717			wait_event_interruptible(ctx->done.wait,
 718						 ctx->done.done);
 719		}
 720		break;
 721	default:
 722		/* Done or failed - nothing to wait for */
 723		break;
 724	}
 725}
 726
 727static inline u16 build_crc(struct ezusb_packet *data)
 728{
 729	u16 crc = 0;
 730	u8 *bytes = (u8 *)data;
 731	int i;
 732
 733	for (i = 0; i < 8; i++)
 734		crc = (crc << 1) + bytes[i];
 735
 736	return crc;
 737}
 738
 739/**
 740 * ezusb_fill_req:
 741 *
 742 * if data == NULL and length > 0 the data is assumed to be already in
 743 * the target buffer and only the header is filled.
 744 *
 745 */
 746static int ezusb_fill_req(struct ezusb_packet *req, u16 length, u16 rid,
 747			  const void *data, u16 frame_type, u8 reply_count)
 748{
 749	int total_size = sizeof(*req) + length;
 750
 751	BUG_ON(total_size > BULK_BUF_SIZE);
 752
 753	req->magic = cpu_to_le16(EZUSB_MAGIC);
 754	req->req_reply_count = reply_count;
 755	req->ans_reply_count = 0;
 756	req->frame_type = cpu_to_le16(frame_type);
 757	req->size = cpu_to_le16(length + 4);
 758	req->crc = cpu_to_le16(build_crc(req));
 759	req->hermes_len = cpu_to_le16(HERMES_BYTES_TO_RECLEN(length));
 760	req->hermes_rid = cpu_to_le16(rid);
 761	if (data)
 762		memcpy(req->data, data, length);
 763	return total_size;
 764}
 765
 766static int ezusb_submit_in_urb(struct ezusb_priv *upriv)
 767{
 768	int retval = 0;
 769	void *cur_buf = upriv->read_urb->transfer_buffer;
 770
 771	if (upriv->read_urb->status == -EINPROGRESS) {
 772		dbg("urb busy, not resubmiting");
 773		retval = -EBUSY;
 774		goto exit;
 775	}
 776	usb_fill_bulk_urb(upriv->read_urb, upriv->udev, upriv->read_pipe,
 777			  cur_buf, BULK_BUF_SIZE,
 778			  ezusb_bulk_in_callback, upriv);
 779	upriv->read_urb->transfer_flags = 0;
 780	retval = usb_submit_urb(upriv->read_urb, GFP_ATOMIC);
 781	if (retval)
 782		err("%s submit failed %d", __func__, retval);
 783
 784 exit:
 785	return retval;
 786}
 787
 788static inline int ezusb_8051_cpucs(struct ezusb_priv *upriv, int reset)
 789{
 790	u8 res_val = reset;	/* avoid argument promotion */
 791
 792	if (!upriv->udev) {
 793		err("%s: !upriv->udev", __func__);
 794		return -EFAULT;
 795	}
 796	return usb_control_msg(upriv->udev,
 797			       usb_sndctrlpipe(upriv->udev, 0),
 798			       EZUSB_REQUEST_FW_TRANS,
 799			       USB_TYPE_VENDOR | USB_RECIP_DEVICE |
 800			       USB_DIR_OUT, EZUSB_CPUCS_REG, 0, &res_val,
 801			       sizeof(res_val), DEF_TIMEOUT);
 802}
 803
 804static int ezusb_firmware_download(struct ezusb_priv *upriv,
 805				   struct ez_usb_fw *fw)
 806{
 807	u8 fw_buffer[FW_BUF_SIZE];
 808	int retval, addr;
 809	int variant_offset;
 810
 811	/*
 812	 * This byte is 1 and should be replaced with 0.  The offset is
 813	 * 0x10AD in version 0.0.6.  The byte in question should follow
 814	 * the end of the code pointed to by the jump in the beginning
 815	 * of the firmware.  Also, it is read by code located at 0x358.
 816	 */
 817	variant_offset = be16_to_cpup((__be16 *) &fw->code[FW_VAR_OFFSET_PTR]);
 818	if (variant_offset >= fw->size) {
 819		printk(KERN_ERR PFX "Invalid firmware variant offset: "
 820		       "0x%04x\n", variant_offset);
 821		retval = -EINVAL;
 822		goto fail;
 823	}
 824
 825	retval = ezusb_8051_cpucs(upriv, 1);
 826	if (retval < 0)
 827		goto fail;
 828	for (addr = 0; addr < fw->size; addr += FW_BUF_SIZE) {
 829		/* 0x100-0x300 should be left alone, it contains card
 830		 * specific data, like USB enumeration information */
 831		if ((addr >= FW_HOLE_START) && (addr < FW_HOLE_END))
 832			continue;
 833
 834		memcpy(fw_buffer, &fw->code[addr], FW_BUF_SIZE);
 835		if (variant_offset >= addr &&
 836		    variant_offset < addr + FW_BUF_SIZE) {
 837			dbg("Patching card_variant byte at 0x%04X",
 838			    variant_offset);
 839			fw_buffer[variant_offset - addr] = FW_VAR_VALUE;
 840		}
 841		retval = usb_control_msg(upriv->udev,
 842					 usb_sndctrlpipe(upriv->udev, 0),
 843					 EZUSB_REQUEST_FW_TRANS,
 844					 USB_TYPE_VENDOR | USB_RECIP_DEVICE
 845					 | USB_DIR_OUT,
 846					 addr, 0x0,
 847					 fw_buffer, FW_BUF_SIZE,
 848					 DEF_TIMEOUT);
 849
 850		if (retval < 0)
 851			goto fail;
 852	}
 853	retval = ezusb_8051_cpucs(upriv, 0);
 854	if (retval < 0)
 855		goto fail;
 856
 857	goto exit;
 858 fail:
 859	printk(KERN_ERR PFX "Firmware download failed, error %d\n",
 860	       retval);
 861 exit:
 862	return retval;
 863}
 864
 865static int ezusb_access_ltv(struct ezusb_priv *upriv,
 866			    struct request_context *ctx,
 867			    u16 length, const void *data, u16 frame_type,
 868			    void *ans_buff, int ans_size, u16 *ans_length)
 869{
 870	int req_size;
 871	int retval = 0;
 872	enum ezusb_state state;
 873
 874	BUG_ON(in_irq());
 875
 876	if (!upriv->udev) {
 877		dbg("Device disconnected");
 878		return -ENODEV;
 879	}
 880
 881	if (upriv->read_urb->status != -EINPROGRESS)
 882		err("%s: in urb not pending", __func__);
 883
 884	/* protect upriv->reply_count, guarantee sequential numbers */
 885	spin_lock_bh(&upriv->reply_count_lock);
 886	req_size = ezusb_fill_req(ctx->buf, length, ctx->out_rid, data,
 887				  frame_type, upriv->reply_count);
 888	usb_fill_bulk_urb(ctx->outurb, upriv->udev, upriv->write_pipe,
 889			  ctx->buf, req_size,
 890			  ezusb_request_out_callback, ctx);
 891
 892	if (ctx->in_rid)
 893		upriv->reply_count = ezusb_reply_inc(upriv->reply_count);
 894
 895	ezusb_req_enqueue_run(upriv, ctx);
 896
 897	spin_unlock_bh(&upriv->reply_count_lock);
 898
 899	if (ctx->in_rid)
 900		ezusb_req_ctx_wait(upriv, ctx);
 901
 902	state = ctx->state;
 903	switch (state) {
 904	case EZUSB_CTX_COMPLETE:
 905		retval = ctx->outurb->status;
 906		break;
 907
 908	case EZUSB_CTX_QUEUED:
 909	case EZUSB_CTX_REQ_SUBMITTED:
 910		if (!ctx->in_rid)
 911			break;
 912	default:
 913		err("%s: Unexpected context state %d", __func__,
 914		    state);
 915		/* fall though */
 916	case EZUSB_CTX_REQ_TIMEOUT:
 917	case EZUSB_CTX_REQ_FAILED:
 918	case EZUSB_CTX_RESP_TIMEOUT:
 919	case EZUSB_CTX_REQSUBMIT_FAIL:
 920		printk(KERN_ERR PFX "Access failed, resetting (state %d,"
 921		       " reply_count %d)\n", state, upriv->reply_count);
 922		upriv->reply_count = 0;
 923		if (state == EZUSB_CTX_REQ_TIMEOUT
 924		    || state == EZUSB_CTX_RESP_TIMEOUT) {
 925			printk(KERN_ERR PFX "ctx timed out\n");
 926			retval = -ETIMEDOUT;
 927		} else {
 928			printk(KERN_ERR PFX "ctx failed\n");
 929			retval = -EFAULT;
 930		}
 931		goto exit;
 932		break;
 933	}
 934	if (ctx->in_rid) {
 935		struct ezusb_packet *ans = ctx->buf;
 936		int exp_len;
 937
 938		if (ans->hermes_len != 0)
 939			exp_len = le16_to_cpu(ans->hermes_len) * 2 + 12;
 940		else
 941			exp_len = 14;
 942
 943		if (exp_len != ctx->buf_length) {
 944			err("%s: length mismatch for RID 0x%04x: "
 945			    "expected %d, got %d", __func__,
 946			    ctx->in_rid, exp_len, ctx->buf_length);
 947			retval = -EIO;
 948			goto exit;
 949		}
 950
 951		if (ans_buff)
 952			memcpy(ans_buff, ans->data,
 953			       min_t(int, exp_len, ans_size));
 954		if (ans_length)
 955			*ans_length = le16_to_cpu(ans->hermes_len);
 956	}
 957 exit:
 958	ezusb_request_context_put(ctx);
 959	return retval;
 960}
 961
 962static int ezusb_write_ltv(struct hermes *hw, int bap, u16 rid,
 963			   u16 length, const void *data)
 964{
 965	struct ezusb_priv *upriv = hw->priv;
 966	u16 frame_type;
 967	struct request_context *ctx;
 968
 969	if (length == 0)
 970		return -EINVAL;
 971
 972	length = HERMES_RECLEN_TO_BYTES(length);
 973
 974	/* On memory mapped devices HERMES_RID_CNFGROUPADDRESSES can be
 975	 * set to be empty, but the USB bridge doesn't like it */
 976	if (length == 0)
 977		return 0;
 978
 979	ctx = ezusb_alloc_ctx(upriv, rid, EZUSB_RID_ACK);
 980	if (!ctx)
 981		return -ENOMEM;
 982
 983	if (rid == EZUSB_RID_TX)
 984		frame_type = EZUSB_FRAME_DATA;
 985	else
 986		frame_type = EZUSB_FRAME_CONTROL;
 987
 988	return ezusb_access_ltv(upriv, ctx, length, data, frame_type,
 989				NULL, 0, NULL);
 990}
 991
 992static int ezusb_read_ltv(struct hermes *hw, int bap, u16 rid,
 993			  unsigned bufsize, u16 *length, void *buf)
 994{
 995	struct ezusb_priv *upriv = hw->priv;
 996	struct request_context *ctx;
 997
 998	if ((bufsize < 0) || (bufsize % 2))
 999		return -EINVAL;
1000
1001	ctx = ezusb_alloc_ctx(upriv, rid, rid);
1002	if (!ctx)
1003		return -ENOMEM;
1004
1005	return ezusb_access_ltv(upriv, ctx, 0, NULL, EZUSB_FRAME_CONTROL,
1006				buf, bufsize, length);
1007}
1008
1009static int ezusb_doicmd_wait(struct hermes *hw, u16 cmd, u16 parm0, u16 parm1,
1010			     u16 parm2, struct hermes_response *resp)
1011{
1012	struct ezusb_priv *upriv = hw->priv;
1013	struct request_context *ctx;
1014
1015	__le16 data[4] = {
1016		cpu_to_le16(cmd),
1017		cpu_to_le16(parm0),
1018		cpu_to_le16(parm1),
1019		cpu_to_le16(parm2),
1020	};
1021	dbg("0x%04X, parm0 0x%04X, parm1 0x%04X, parm2 0x%04X",
1022	    cmd, parm0, parm1, parm2);
1023	ctx = ezusb_alloc_ctx(upriv, EZUSB_RID_DOCMD, EZUSB_RID_ACK);
1024	if (!ctx)
1025		return -ENOMEM;
1026
1027	return ezusb_access_ltv(upriv, ctx, sizeof(data), &data,
1028				EZUSB_FRAME_CONTROL, NULL, 0, NULL);
1029}
1030
1031static int ezusb_docmd_wait(struct hermes *hw, u16 cmd, u16 parm0,
1032			    struct hermes_response *resp)
1033{
1034	struct ezusb_priv *upriv = hw->priv;
1035	struct request_context *ctx;
1036
1037	__le16 data[4] = {
1038		cpu_to_le16(cmd),
1039		cpu_to_le16(parm0),
1040		0,
1041		0,
1042	};
1043	dbg("0x%04X, parm0 0x%04X", cmd, parm0);
1044	ctx = ezusb_alloc_ctx(upriv, EZUSB_RID_DOCMD, EZUSB_RID_ACK);
1045	if (!ctx)
1046		return -ENOMEM;
1047
1048	return ezusb_access_ltv(upriv, ctx, sizeof(data), &data,
1049				EZUSB_FRAME_CONTROL, NULL, 0, NULL);
1050}
1051
1052static int ezusb_bap_pread(struct hermes *hw, int bap,
1053			   void *buf, int len, u16 id, u16 offset)
1054{
1055	struct ezusb_priv *upriv = hw->priv;
1056	struct ezusb_packet *ans = (void *) upriv->read_urb->transfer_buffer;
1057	int actual_length = upriv->read_urb->actual_length;
1058
1059	if (id == EZUSB_RID_RX) {
1060		if ((sizeof(*ans) + offset + len) > actual_length) {
1061			printk(KERN_ERR PFX "BAP read beyond buffer end "
1062			       "in rx frame\n");
1063			return -EINVAL;
1064		}
1065		memcpy(buf, ans->data + offset, len);
1066		return 0;
1067	}
1068
1069	if (EZUSB_IS_INFO(id)) {
1070		/* Include 4 bytes for length/type */
1071		if ((sizeof(*ans) + offset + len - 4) > actual_length) {
1072			printk(KERN_ERR PFX "BAP read beyond buffer end "
1073			       "in info frame\n");
1074			return -EFAULT;
1075		}
1076		memcpy(buf, ans->data + offset - 4, len);
1077	} else {
1078		printk(KERN_ERR PFX "Unexpected fid 0x%04x\n", id);
1079		return -EINVAL;
1080	}
1081
1082	return 0;
1083}
1084
1085static int ezusb_read_pda(struct hermes *hw, __le16 *pda,
1086			  u32 pda_addr, u16 pda_len)
1087{
1088	struct ezusb_priv *upriv = hw->priv;
1089	struct request_context *ctx;
1090	__le16 data[] = {
1091		cpu_to_le16(pda_addr & 0xffff),
1092		cpu_to_le16(pda_len - 4)
1093	};
1094	ctx = ezusb_alloc_ctx(upriv, EZUSB_RID_READ_PDA, EZUSB_RID_READ_PDA);
1095	if (!ctx)
1096		return -ENOMEM;
1097
1098	/* wl_lkm does not include PDA size in the PDA area.
1099	 * We will pad the information into pda, so other routines
1100	 * don't have to be modified */
1101	pda[0] = cpu_to_le16(pda_len - 2);
1102	/* Includes CFG_PROD_DATA but not itself */
1103	pda[1] = cpu_to_le16(0x0800); /* CFG_PROD_DATA */
1104
1105	return ezusb_access_ltv(upriv, ctx, sizeof(data), &data,
1106				EZUSB_FRAME_CONTROL, &pda[2], pda_len - 4,
1107				NULL);
1108}
1109
1110static int ezusb_program_init(struct hermes *hw, u32 entry_point)
1111{
1112	struct ezusb_priv *upriv = hw->priv;
1113	struct request_context *ctx;
1114	__le32 data = cpu_to_le32(entry_point);
1115
1116	ctx = ezusb_alloc_ctx(upriv, EZUSB_RID_PROG_INIT, EZUSB_RID_ACK);
1117	if (!ctx)
1118		return -ENOMEM;
1119
1120	return ezusb_access_ltv(upriv, ctx, sizeof(data), &data,
1121				EZUSB_FRAME_CONTROL, NULL, 0, NULL);
1122}
1123
1124static int ezusb_program_end(struct hermes *hw)
1125{
1126	struct ezusb_priv *upriv = hw->priv;
1127	struct request_context *ctx;
1128
1129	ctx = ezusb_alloc_ctx(upriv, EZUSB_RID_PROG_END, EZUSB_RID_ACK);
1130	if (!ctx)
1131		return -ENOMEM;
1132
1133	return ezusb_access_ltv(upriv, ctx, 0, NULL,
1134				EZUSB_FRAME_CONTROL, NULL, 0, NULL);
1135}
1136
1137static int ezusb_program_bytes(struct hermes *hw, const char *buf,
1138			       u32 addr, u32 len)
1139{
1140	struct ezusb_priv *upriv = hw->priv;
1141	struct request_context *ctx;
1142	__le32 data = cpu_to_le32(addr);
1143	int err;
1144
1145	ctx = ezusb_alloc_ctx(upriv, EZUSB_RID_PROG_SET_ADDR, EZUSB_RID_ACK);
1146	if (!ctx)
1147		return -ENOMEM;
1148
1149	err = ezusb_access_ltv(upriv, ctx, sizeof(data), &data,
1150			       EZUSB_FRAME_CONTROL, NULL, 0, NULL);
1151	if (err)
1152		return err;
1153
1154	ctx = ezusb_alloc_ctx(upriv, EZUSB_RID_PROG_BYTES, EZUSB_RID_ACK);
1155	if (!ctx)
1156		return -ENOMEM;
1157
1158	return ezusb_access_ltv(upriv, ctx, len, buf,
1159				EZUSB_FRAME_CONTROL, NULL, 0, NULL);
1160}
1161
1162static int ezusb_program(struct hermes *hw, const char *buf,
1163			 u32 addr, u32 len)
1164{
1165	u32 ch_addr;
1166	u32 ch_len;
1167	int err = 0;
1168
1169	/* We can only send 2048 bytes out of the bulk xmit at a time,
1170	 * so we have to split any programming into chunks of <2048
1171	 * bytes. */
1172
1173	ch_len = (len < MAX_DL_SIZE) ? len : MAX_DL_SIZE;
1174	ch_addr = addr;
1175
1176	while (ch_addr < (addr + len)) {
1177		pr_debug("Programming subblock of length %d "
1178			 "to address 0x%08x. Data @ %p\n",
1179			 ch_len, ch_addr, &buf[ch_addr - addr]);
1180
1181		err = ezusb_program_bytes(hw, &buf[ch_addr - addr],
1182					  ch_addr, ch_len);
1183		if (err)
1184			break;
1185
1186		ch_addr += ch_len;
1187		ch_len = ((addr + len - ch_addr) < MAX_DL_SIZE) ?
1188			(addr + len - ch_addr) : MAX_DL_SIZE;
1189	}
1190
1191	return err;
1192}
1193
1194static netdev_tx_t ezusb_xmit(struct sk_buff *skb, struct net_device *dev)
1195{
1196	struct orinoco_private *priv = ndev_priv(dev);
1197	struct net_device_stats *stats = &priv->stats;
1198	struct ezusb_priv *upriv = priv->card;
1199	u8 mic[MICHAEL_MIC_LEN + 1];
1200	int err = 0;
1201	int tx_control;
1202	unsigned long flags;
1203	struct request_context *ctx;
1204	u8 *buf;
1205	int tx_size;
1206
1207	if (!netif_running(dev)) {
1208		printk(KERN_ERR "%s: Tx on stopped device!\n",
1209		       dev->name);
1210		return NETDEV_TX_BUSY;
1211	}
1212
1213	if (netif_queue_stopped(dev)) {
1214		printk(KERN_DEBUG "%s: Tx while transmitter busy!\n",
1215		       dev->name);
1216		return NETDEV_TX_BUSY;
1217	}
1218
1219	if (orinoco_lock(priv, &flags) != 0) {
1220		printk(KERN_ERR
1221		       "%s: ezusb_xmit() called while hw_unavailable\n",
1222		       dev->name);
1223		return NETDEV_TX_BUSY;
1224	}
1225
1226	if (!netif_carrier_ok(dev) ||
1227	    (priv->iw_mode == NL80211_IFTYPE_MONITOR)) {
1228		/* Oops, the firmware hasn't established a connection,
1229		   silently drop the packet (this seems to be the
1230		   safest approach). */
1231		goto drop;
1232	}
1233
1234	/* Check packet length */
1235	if (skb->len < ETH_HLEN)
1236		goto drop;
1237
1238	ctx = ezusb_alloc_ctx(upriv, EZUSB_RID_TX, 0);
1239	if (!ctx)
1240		goto busy;
1241
1242	memset(ctx->buf, 0, BULK_BUF_SIZE);
1243	buf = ctx->buf->data;
1244
1245	tx_control = 0;
1246
1247	err = orinoco_process_xmit_skb(skb, dev, priv, &tx_control,
1248				       &mic[0]);
1249	if (err)
1250		goto drop;
1251
1252	{
1253		__le16 *tx_cntl = (__le16 *)buf;
1254		*tx_cntl = cpu_to_le16(tx_control);
1255		buf += sizeof(*tx_cntl);
1256	}
1257
1258	memcpy(buf, skb->data, skb->len);
1259	buf += skb->len;
1260
1261	if (tx_control & HERMES_TXCTRL_MIC) {
1262		u8 *m = mic;
1263		/* Mic has been offset so it can be copied to an even
1264		 * address. We're copying eveything anyway, so we
1265		 * don't need to copy that first byte. */
1266		if (skb->len % 2)
1267			m++;
1268		memcpy(buf, m, MICHAEL_MIC_LEN);
1269		buf += MICHAEL_MIC_LEN;
1270	}
1271
1272	/* Finally, we actually initiate the send */
1273	netif_stop_queue(dev);
1274
1275	/* The card may behave better if we send evenly sized usb transfers */
1276	tx_size = ALIGN(buf - ctx->buf->data, 2);
1277
1278	err = ezusb_access_ltv(upriv, ctx, tx_size, NULL,
1279			       EZUSB_FRAME_DATA, NULL, 0, NULL);
1280
1281	if (err) {
1282		netif_start_queue(dev);
1283		if (net_ratelimit())
1284			printk(KERN_ERR "%s: Error %d transmitting packet\n",
1285				dev->name, err);
1286		goto busy;
1287	}
1288
1289	dev->trans_start = jiffies;
1290	stats->tx_bytes += skb->len;
1291	goto ok;
1292
1293 drop:
1294	stats->tx_errors++;
1295	stats->tx_dropped++;
1296
1297 ok:
1298	orinoco_unlock(priv, &flags);
1299	dev_kfree_skb(skb);
1300	return NETDEV_TX_OK;
1301
1302 busy:
1303	orinoco_unlock(priv, &flags);
1304	return NETDEV_TX_BUSY;
1305}
1306
1307static int ezusb_allocate(struct hermes *hw, u16 size, u16 *fid)
1308{
1309	*fid = EZUSB_RID_TX;
1310	return 0;
1311}
1312
1313
1314static int ezusb_hard_reset(struct orinoco_private *priv)
1315{
1316	struct ezusb_priv *upriv = priv->card;
1317	int retval = ezusb_8051_cpucs(upriv, 1);
1318
1319	if (retval < 0) {
1320		err("Failed to reset");
1321		return retval;
1322	}
1323
1324	retval = ezusb_8051_cpucs(upriv, 0);
1325	if (retval < 0) {
1326		err("Failed to unreset");
1327		return retval;
1328	}
1329
1330	dbg("sending control message");
1331	retval = usb_control_msg(upriv->udev,
1332				 usb_sndctrlpipe(upriv->udev, 0),
1333				 EZUSB_REQUEST_TRIGER,
1334				 USB_TYPE_VENDOR | USB_RECIP_DEVICE |
1335				 USB_DIR_OUT, 0x0, 0x0, NULL, 0,
1336				 DEF_TIMEOUT);
1337	if (retval < 0) {
1338		err("EZUSB_REQUEST_TRIGER failed retval %d", retval);
1339		return retval;
1340	}
1341#if 0
1342	dbg("Sending EZUSB_REQUEST_TRIG_AC");
1343	retval = usb_control_msg(upriv->udev,
1344				 usb_sndctrlpipe(upriv->udev, 0),
1345				 EZUSB_REQUEST_TRIG_AC,
1346				 USB_TYPE_VENDOR | USB_RECIP_DEVICE |
1347				 USB_DIR_OUT, 0x00FA, 0x0, NULL, 0,
1348				 DEF_TIMEOUT);
1349	if (retval < 0) {
1350		err("EZUSB_REQUEST_TRIG_AC failed retval %d", retval);
1351		return retval;
1352	}
1353#endif
1354
1355	return 0;
1356}
1357
1358
1359static int ezusb_init(struct hermes *hw)
1360{
1361	struct ezusb_priv *upriv = hw->priv;
1362	int retval;
1363
1364	BUG_ON(in_interrupt());
1365	BUG_ON(!upriv);
1366
1367	upriv->reply_count = 0;
1368	/* Write the MAGIC number on the simulated registers to keep
1369	 * orinoco.c happy */
1370	hermes_write_regn(hw, SWSUPPORT0, HERMES_MAGIC);
1371	hermes_write_regn(hw, RXFID, EZUSB_RID_RX);
1372
1373	usb_kill_urb(upriv->read_urb);
1374	ezusb_submit_in_urb(upriv);
1375
1376	retval = ezusb_write_ltv(hw, 0, EZUSB_RID_INIT1,
1377				 HERMES_BYTES_TO_RECLEN(2), "\x10\x00");
1378	if (retval < 0) {
1379		printk(KERN_ERR PFX "EZUSB_RID_INIT1 error %d\n", retval);
1380		return retval;
1381	}
1382
1383	retval = ezusb_docmd_wait(hw, HERMES_CMD_INIT, 0, NULL);
1384	if (retval < 0) {
1385		printk(KERN_ERR PFX "HERMES_CMD_INIT error %d\n", retval);
1386		return retval;
1387	}
1388
1389	return 0;
1390}
1391
1392static void ezusb_bulk_in_callback(struct urb *urb)
1393{
1394	struct ezusb_priv *upriv = (struct ezusb_priv *) urb->context;
1395	struct ezusb_packet *ans = urb->transfer_buffer;
1396	u16 crc;
1397	u16 hermes_rid;
1398
1399	if (upriv->udev == NULL) {
1400		dbg("disconnected");
1401		return;
1402	}
1403
1404	if (urb->status == -ETIMEDOUT) {
1405		/* When a device gets unplugged we get this every time
1406		 * we resubmit, flooding the logs.  Since we don't use
1407		 * USB timeouts, it shouldn't happen any other time*/
1408		pr_warning("%s: urb timed out, not resubmiting", __func__);
1409		return;
1410	}
1411	if (urb->status == -ECONNABORTED) {
1412		pr_warning("%s: connection abort, resubmiting urb",
1413		     __func__);
1414		goto resubmit;
1415	}
1416	if ((urb->status == -EILSEQ)
1417	    || (urb->status == -ENOENT)
1418	    || (urb->status == -ECONNRESET)) {
1419		dbg("status %d, not resubmiting", urb->status);
1420		return;
1421	}
1422	if (urb->status)
1423		dbg("status: %d length: %d",
1424		    urb->status, urb->actual_length);
1425	if (urb->actual_length < sizeof(*ans)) {
1426		err("%s: short read, ignoring", __func__);
1427		goto resubmit;
1428	}
1429	crc = build_crc(ans);
1430	if (le16_to_cpu(ans->crc) != crc) {
1431		err("CRC error, ignoring packet");
1432		goto resubmit;
1433	}
1434
1435	hermes_rid = le16_to_cpu(ans->hermes_rid);
1436	if ((hermes_rid != EZUSB_RID_RX) && !EZUSB_IS_INFO(hermes_rid)) {
1437		ezusb_request_in_callback(upriv, urb);
1438	} else if (upriv->dev) {
1439		struct net_device *dev = upriv->dev;
1440		struct orinoco_private *priv = ndev_priv(dev);
1441		struct hermes *hw = &priv->hw;
1442
1443		if (hermes_rid == EZUSB_RID_RX) {
1444			__orinoco_ev_rx(dev, hw);
1445		} else {
1446			hermes_write_regn(hw, INFOFID,
1447					  le16_to_cpu(ans->hermes_rid));
1448			__orinoco_ev_info(dev, hw);
1449		}
1450	}
1451
1452 resubmit:
1453	if (upriv->udev)
1454		ezusb_submit_in_urb(upriv);
1455}
1456
1457static inline void ezusb_delete(struct ezusb_priv *upriv)
1458{
1459	struct net_device *dev;
1460	struct list_head *item;
1461	struct list_head *tmp_item;
1462	unsigned long flags;
1463
1464	BUG_ON(in_interrupt());
1465	BUG_ON(!upriv);
1466
1467	dev = upriv->dev;
1468	mutex_lock(&upriv->mtx);
1469
1470	upriv->udev = NULL;	/* No timer will be rearmed from here */
1471
1472	usb_kill_urb(upriv->read_urb);
1473
1474	spin_lock_irqsave(&upriv->req_lock, flags);
1475	list_for_each_safe(item, tmp_item, &upriv->req_active) {
1476		struct request_context *ctx;
1477		int err;
1478
1479		ctx = list_entry(item, struct request_context, list);
1480		atomic_inc(&ctx->refcount);
1481
1482		ctx->outurb->transfer_flags |= URB_ASYNC_UNLINK;
1483		err = usb_unlink_urb(ctx->outurb);
1484
1485		spin_unlock_irqrestore(&upriv->req_lock, flags);
1486		if (err == -EINPROGRESS)
1487			wait_for_completion(&ctx->done);
1488
1489		del_timer_sync(&ctx->timer);
1490		/* FIXME: there is an slight chance for the irq handler to
1491		 * be running */
1492		if (!list_empty(&ctx->list))
1493			ezusb_ctx_complete(ctx);
1494
1495		ezusb_request_context_put(ctx);
1496		spin_lock_irqsave(&upriv->req_lock, flags);
1497	}
1498	spin_unlock_irqrestore(&upriv->req_lock, flags);
1499
1500	list_for_each_safe(item, tmp_item, &upriv->req_pending)
1501	    ezusb_ctx_complete(list_entry(item,
1502					  struct request_context, list));
1503
1504	if (upriv->read_urb && upriv->read_urb->status == -EINPROGRESS)
1505		printk(KERN_ERR PFX "Some URB in progress\n");
1506
1507	mutex_unlock(&upriv->mtx);
1508
1509	if (upriv->read_urb) {
1510		kfree(upriv->read_urb->transfer_buffer);
1511		usb_free_urb(upriv->read_urb);
1512	}
1513	kfree(upriv->bap_buf);
1514	if (upriv->dev) {
1515		struct orinoco_private *priv = ndev_priv(upriv->dev);
1516		orinoco_if_del(priv);
1517		free_orinocodev(priv);
1518	}
1519}
1520
1521static void ezusb_lock_irqsave(spinlock_t *lock,
1522			       unsigned long *flags) __acquires(lock)
1523{
1524	spin_lock_bh(lock);
1525}
1526
1527static void ezusb_unlock_irqrestore(spinlock_t *lock,
1528				    unsigned long *flags) __releases(lock)
1529{
1530	spin_unlock_bh(lock);
1531}
1532
1533static void ezusb_lock_irq(spinlock_t *lock) __acquires(lock)
1534{
1535	spin_lock_bh(lock);
1536}
1537
1538static void ezusb_unlock_irq(spinlock_t *lock) __releases(lock)
1539{
1540	spin_unlock_bh(lock);
1541}
1542
1543static const struct hermes_ops ezusb_ops = {
1544	.init = ezusb_init,
1545	.cmd_wait = ezusb_docmd_wait,
1546	.init_cmd_wait = ezusb_doicmd_wait,
1547	.allocate = ezusb_allocate,
1548	.read_ltv = ezusb_read_ltv,
1549	.write_ltv = ezusb_write_ltv,
1550	.bap_pread = ezusb_bap_pread,
1551	.read_pda = ezusb_read_pda,
1552	.program_init = ezusb_program_init,
1553	.program_end = ezusb_program_end,
1554	.program = ezusb_program,
1555	.lock_irqsave = ezusb_lock_irqsave,
1556	.unlock_irqrestore = ezusb_unlock_irqrestore,
1557	.lock_irq = ezusb_lock_irq,
1558	.unlock_irq = ezusb_unlock_irq,
1559};
1560
1561static const struct net_device_ops ezusb_netdev_ops = {
1562	.ndo_open		= orinoco_open,
1563	.ndo_stop		= orinoco_stop,
1564	.ndo_start_xmit		= ezusb_xmit,
1565	.ndo_set_rx_mode	= orinoco_set_multicast_list,
1566	.ndo_change_mtu		= orinoco_change_mtu,
1567	.ndo_set_mac_address	= eth_mac_addr,
1568	.ndo_validate_addr	= eth_validate_addr,
1569	.ndo_tx_timeout		= orinoco_tx_timeout,
1570	.ndo_get_stats		= orinoco_get_stats,
1571};
1572
1573static int ezusb_probe(struct usb_interface *interface,
1574		       const struct usb_device_id *id)
1575{
1576	struct usb_device *udev = interface_to_usbdev(interface);
1577	struct orinoco_private *priv;
1578	struct hermes *hw;
1579	struct ezusb_priv *upriv = NULL;
1580	struct usb_interface_descriptor *iface_desc;
1581	struct usb_endpoint_descriptor *ep;
1582	const struct firmware *fw_entry;
1583	int retval = 0;
1584	int i;
1585
1586	priv = alloc_orinocodev(sizeof(*upriv), &udev->dev,
1587				ezusb_hard_reset, NULL);
1588	if (!priv) {
1589		err("Couldn't allocate orinocodev");
1590		goto exit;
1591	}
1592
1593	hw = &priv->hw;
1594
1595	upriv = priv->card;
1596
1597	mutex_init(&upriv->mtx);
1598	spin_lock_init(&upriv->reply_count_lock);
1599
1600	spin_lock_init(&upriv->req_lock);
1601	INIT_LIST_HEAD(&upriv->req_pending);
1602	INIT_LIST_HEAD(&upriv->req_active);
1603
1604	upriv->udev = udev;
1605
1606	hw->iobase = (void __force __iomem *) &upriv->hermes_reg_fake;
1607	hw->reg_spacing = HERMES_16BIT_REGSPACING;
1608	hw->priv = upriv;
1609	hw->ops = &ezusb_ops;
1610
1611	/* set up the endpoint information */
1612	/* check out the endpoints */
1613
1614	iface_desc = &interface->altsetting[0].desc;
1615	for (i = 0; i < iface_desc->bNumEndpoints; ++i) {
1616		ep = &interface->altsetting[0].endpoint[i].desc;
1617
1618		if (((ep->bEndpointAddress & USB_ENDPOINT_DIR_MASK)
1619		     == USB_DIR_IN) &&
1620		    ((ep->bmAttributes & USB_ENDPOINT_XFERTYPE_MASK)
1621		     == USB_ENDPOINT_XFER_BULK)) {
1622			/* we found a bulk in endpoint */
1623			if (upriv->read_urb != NULL) {
1624				pr_warning("Found a second bulk in ep, ignored");
1625				continue;
1626			}
1627
1628			upriv->read_urb = usb_alloc_urb(0, GFP_KERNEL);
1629			if (!upriv->read_urb) {
1630				err("No free urbs available");
1631				goto error;
1632			}
1633			if (le16_to_cpu(ep->wMaxPacketSize) != 64)
1634				pr_warning("bulk in: wMaxPacketSize!= 64");
1635			if (ep->bEndpointAddress != (2 | USB_DIR_IN))
1636				pr_warning("bulk in: bEndpointAddress: %d",
1637				     ep->bEndpointAddress);
1638			upriv->read_pipe = usb_rcvbulkpipe(udev,
1639							 ep->
1640							 bEndpointAddress);
1641			upriv->read_urb->transfer_buffer =
1642			    kmalloc(BULK_BUF_SIZE, GFP_KERNEL);
1643			if (!upriv->read_urb->transfer_buffer) {
1644				err("Couldn't allocate IN buffer");
1645				goto error;
1646			}
1647		}
1648
1649		if (((ep->bEndpointAddress & USB_ENDPOINT_DIR_MASK)
1650		     == USB_DIR_OUT) &&
1651		    ((ep->bmAttributes & USB_ENDPOINT_XFERTYPE_MASK)
1652		     == USB_ENDPOINT_XFER_BULK)) {
1653			/* we found a bulk out endpoint */
1654			if (upriv->bap_buf != NULL) {
1655				pr_warning("Found a second bulk out ep, ignored");
1656				continue;
1657			}
1658
1659			if (le16_to_cpu(ep->wMaxPacketSize) != 64)
1660				pr_warning("bulk out: wMaxPacketSize != 64");
1661			if (ep->bEndpointAddress != 2)
1662				pr_warning("bulk out: bEndpointAddress: %d",
1663				     ep->bEndpointAddress);
1664			upriv->write_pipe = usb_sndbulkpipe(udev,
1665							  ep->
1666							  bEndpointAddress);
1667			upriv->bap_buf = kmalloc(BULK_BUF_SIZE, GFP_KERNEL);
1668			if (!upriv->bap_buf) {
1669				err("Couldn't allocate bulk_out_buffer");
1670				goto error;
1671			}
1672		}
1673	}
1674	if (!upriv->bap_buf || !upriv->read_urb) {
1675		err("Didn't find the required bulk endpoints");
1676		goto error;
1677	}
1678
1679	if (request_firmware(&fw_entry, "orinoco_ezusb_fw",
1680			     &interface->dev) == 0) {
1681		firmware.size = fw_entry->size;
1682		firmware.code = fw_entry->data;
1683	}
1684	if (firmware.size && firmware.code) {
1685		ezusb_firmware_download(upriv, &firmware);
1686	} else {
1687		err("No firmware to download");
1688		goto error;
1689	}
1690
1691	if (ezusb_hard_reset(priv) < 0) {
1692		err("Cannot reset the device");
1693		goto error;
1694	}
1695
1696	/* If the firmware is already downloaded orinoco.c will call
1697	 * ezusb_init but if the firmware is not already there, that will make
1698	 * the kernel very unstable, so we try initializing here and quit in
1699	 * case of error */
1700	if (ezusb_init(hw) < 0) {
1701		err("Couldn't initialize the device");
1702		err("Firmware may not be downloaded or may be wrong.");
1703		goto error;
1704	}
1705
1706	/* Initialise the main driver */
1707	if (orinoco_init(priv) != 0) {
1708		err("orinoco_init() failed\n");
1709		goto error;
1710	}
1711
1712	if (orinoco_if_add(priv, 0, 0, &ezusb_netdev_ops) != 0) {
1713		upriv->dev = NULL;
1714		err("%s: orinoco_if_add() failed", __func__);
1715		goto error;
1716	}
1717	upriv->dev = priv->ndev;
1718
1719	goto exit;
1720
1721 error:
1722	ezusb_delete(upriv);
1723	if (upriv->dev) {
1724		/* upriv->dev was 0, so ezusb_delete() didn't free it */
1725		free_orinocodev(priv);
1726	}
1727	upriv = NULL;
1728	retval = -EFAULT;
1729 exit:
1730	if (fw_entry) {
1731		firmware.code = NULL;
1732		firmware.size = 0;
1733		release_firmware(fw_entry);
1734	}
1735	usb_set_intfdata(interface, upriv);
1736	return retval;
1737}
1738
1739
1740static void ezusb_disconnect(struct usb_interface *intf)
1741{
1742	struct ezusb_priv *upriv = usb_get_intfdata(intf);
1743	usb_set_intfdata(intf, NULL);
1744	ezusb_delete(upriv);
1745	printk(KERN_INFO PFX "Disconnected\n");
1746}
1747
1748
1749/* usb specific object needed to register this driver with the usb subsystem */
1750static struct usb_driver orinoco_driver = {
1751	.name = DRIVER_NAME,
1752	.probe = ezusb_probe,
1753	.disconnect = ezusb_disconnect,
1754	.id_table = ezusb_table,
1755};
1756
1757/* Can't be declared "const" or the whole __initdata section will
1758 * become const */
1759static char version[] __initdata = DRIVER_NAME " " DRIVER_VERSION
1760	" (Manuel Estrada Sainz)";
1761
1762static int __init ezusb_module_init(void)
1763{
1764	int err;
1765
1766	printk(KERN_DEBUG "%s\n", version);
1767
1768	/* register this driver with the USB subsystem */
1769	err = usb_register(&orinoco_driver);
1770	if (err < 0) {
1771		printk(KERN_ERR PFX "usb_register failed, error %d\n",
1772		       err);
1773		return err;
1774	}
1775
1776	return 0;
1777}
1778
1779static void __exit ezusb_module_exit(void)
1780{
1781	/* deregister this driver with the USB subsystem */
1782	usb_deregister(&orinoco_driver);
1783}
1784
1785
1786module_init(ezusb_module_init);
1787module_exit(ezusb_module_exit);
1788
1789MODULE_AUTHOR("Manuel Estrada Sainz");
1790MODULE_DESCRIPTION("Driver for Orinoco wireless LAN cards using EZUSB bridge");
1791MODULE_LICENSE("Dual MPL/GPL");
Configure Feed

Configure Feed
