1/* 2 * USB Orinoco driver 3 * 4 * Copyright (c) 2003 Manuel Estrada Sainz 5 * 6 * The contents of this file are subject to the Mozilla Public License 7 * Version 1.1 (the "License"); you may not use this file except in 8 * compliance with the License. You may obtain a copy of the License 9 * at http://www.mozilla.org/MPL/ 10 * 11 * Software distributed under the License is distributed on an "AS IS" 12 * basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See 13 * the License for the specific language governing rights and 14 * limitations under the License. 15 * 16 * Alternatively, the contents of this file may be used under the 17 * terms of the GNU General Public License version 2 (the "GPL"), in 18 * which case the provisions of the GPL are applicable instead of the 19 * above. If you wish to allow the use of your version of this file 20 * only under the terms of the GPL and not to allow others to use your 21 * version of this file under the MPL, indicate your decision by 22 * deleting the provisions above and replace them with the notice and 23 * other provisions required by the GPL. If you do not delete the 24 * provisions above, a recipient may use your version of this file 25 * under either the MPL or the GPL. 26 * 27 * Queueing code based on linux-wlan-ng 0.2.1-pre5 28 * 29 * Copyright (C) 1999 AbsoluteValue Systems, Inc. All Rights Reserved. 30 * 31 * The license is the same as above. 32 * 33 * Initialy based on USB Skeleton driver - 0.7 34 * 35 * Copyright (c) 2001 Greg Kroah-Hartman (greg@kroah.com) 36 * 37 * This program is free software; you can redistribute it and/or 38 * modify it under the terms of the GNU General Public License as 39 * published by the Free Software Foundation; either version 2 of 40 * the License, or (at your option) any later version. 41 * 42 * NOTE: The original USB Skeleton driver is GPL, but all that code is 43 * gone so MPL/GPL applies. 44 */ 45 46#define DRIVER_NAME "orinoco_usb" 47#define PFX DRIVER_NAME ": " 48 49#include <linux/module.h> 50#include <linux/kernel.h> 51#include <linux/sched.h> 52#include <linux/signal.h> 53#include <linux/errno.h> 54#include <linux/poll.h> 55#include <linux/slab.h> 56#include <linux/fcntl.h> 57#include <linux/spinlock.h> 58#include <linux/list.h> 59#include <linux/usb.h> 60#include <linux/timer.h> 61 62#include <linux/netdevice.h> 63#include <linux/if_arp.h> 64#include <linux/etherdevice.h> 65#include <linux/wireless.h> 66#include <linux/firmware.h> 67 68#include "mic.h" 69#include "orinoco.h" 70 71#ifndef URB_ASYNC_UNLINK 72#define URB_ASYNC_UNLINK 0 73#endif 74 75/* 802.2 LLC/SNAP header used for Ethernet encapsulation over 802.11 */ 76static const u8 encaps_hdr[] = {0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00}; 77#define ENCAPS_OVERHEAD (sizeof(encaps_hdr) + 2) 78 79struct header_struct { 80 /* 802.3 */ 81 u8 dest[ETH_ALEN]; 82 u8 src[ETH_ALEN]; 83 __be16 len; 84 /* 802.2 */ 85 u8 dsap; 86 u8 ssap; 87 u8 ctrl; 88 /* SNAP */ 89 u8 oui[3]; 90 __be16 ethertype; 91} __packed; 92 93struct ez_usb_fw { 94 u16 size; 95 const u8 *code; 96}; 97 98static struct ez_usb_fw firmware = { 99 .size = 0, 100 .code = NULL, 101}; 102 103/* Debugging macros */ 104#undef err 105#define err(format, arg...) \ 106 do { printk(KERN_ERR PFX format "\n", ## arg); } while (0) 107 108MODULE_FIRMWARE("orinoco_ezusb_fw"); 109 110/* 111 * Under some conditions, the card gets stuck and stops paying attention 112 * to the world (i.e. data communication stalls) until we do something to 113 * it. Sending an INQ_TALLIES command seems to be enough and should be 114 * harmless otherwise. This behaviour has been observed when using the 115 * driver on a systemimager client during installation. In the past a 116 * timer was used to send INQ_TALLIES commands when there was no other 117 * activity, but it was troublesome and was removed. 118 */ 119 120#define USB_COMPAQ_VENDOR_ID 0x049f /* Compaq Computer Corp. */ 121#define USB_COMPAQ_WL215_ID 0x001f /* Compaq WL215 USB Adapter */ 122#define USB_COMPAQ_W200_ID 0x0076 /* Compaq W200 USB Adapter */ 123#define USB_HP_WL215_ID 0x0082 /* Compaq WL215 USB Adapter */ 124 125#define USB_MELCO_VENDOR_ID 0x0411 126#define USB_BUFFALO_L11_ID 0x0006 /* BUFFALO WLI-USB-L11 */ 127#define USB_BUFFALO_L11G_WR_ID 0x000B /* BUFFALO WLI-USB-L11G-WR */ 128#define USB_BUFFALO_L11G_ID 0x000D /* BUFFALO WLI-USB-L11G */ 129 130#define USB_LUCENT_VENDOR_ID 0x047E /* Lucent Technologies */ 131#define USB_LUCENT_ORINOCO_ID 0x0300 /* Lucent/Agere Orinoco USB Client */ 132 133#define USB_AVAYA8_VENDOR_ID 0x0D98 134#define USB_AVAYAE_VENDOR_ID 0x0D9E 135#define USB_AVAYA_WIRELESS_ID 0x0300 /* Avaya Wireless USB Card */ 136 137#define USB_AGERE_VENDOR_ID 0x0D4E /* Agere Systems */ 138#define USB_AGERE_MODEL0801_ID 0x1000 /* Wireless USB Card Model 0801 */ 139#define USB_AGERE_MODEL0802_ID 0x1001 /* Wireless USB Card Model 0802 */ 140#define USB_AGERE_REBRANDED_ID 0x047A /* WLAN USB Card */ 141 142#define USB_ELSA_VENDOR_ID 0x05CC 143#define USB_ELSA_AIRLANCER_ID 0x3100 /* ELSA AirLancer USB-11 */ 144 145#define USB_LEGEND_VENDOR_ID 0x0E7C 146#define USB_LEGEND_JOYNET_ID 0x0300 /* Joynet WLAN USB Card */ 147 148#define USB_SAMSUNG_VENDOR_ID 0x04E8 149#define USB_SAMSUNG_SEW2001U1_ID 0x5002 /* Samsung SEW-2001u Card */ 150#define USB_SAMSUNG_SEW2001U2_ID 0x5B11 /* Samsung SEW-2001u Card */ 151#define USB_SAMSUNG_SEW2003U_ID 0x7011 /* Samsung SEW-2003U Card */ 152 153#define USB_IGATE_VENDOR_ID 0x0681 154#define USB_IGATE_IGATE_11M_ID 0x0012 /* I-GATE 11M USB Card */ 155 156#define USB_FUJITSU_VENDOR_ID 0x0BF8 157#define USB_FUJITSU_E1100_ID 0x1002 /* connect2AIR WLAN E-1100 USB */ 158 159#define USB_2WIRE_VENDOR_ID 0x1630 160#define USB_2WIRE_WIRELESS_ID 0xff81 /* 2Wire Wireless USB adapter */ 161 162 163#define EZUSB_REQUEST_FW_TRANS 0xA0 164#define EZUSB_REQUEST_TRIGER 0xAA 165#define EZUSB_REQUEST_TRIG_AC 0xAC 166#define EZUSB_CPUCS_REG 0x7F92 167 168#define EZUSB_RID_TX 0x0700 169#define EZUSB_RID_RX 0x0701 170#define EZUSB_RID_INIT1 0x0702 171#define EZUSB_RID_ACK 0x0710 172#define EZUSB_RID_READ_PDA 0x0800 173#define EZUSB_RID_PROG_INIT 0x0852 174#define EZUSB_RID_PROG_SET_ADDR 0x0853 175#define EZUSB_RID_PROG_BYTES 0x0854 176#define EZUSB_RID_PROG_END 0x0855 177#define EZUSB_RID_DOCMD 0x0860 178 179/* Recognize info frames */ 180#define EZUSB_IS_INFO(id) ((id >= 0xF000) && (id <= 0xF2FF)) 181 182#define EZUSB_MAGIC 0x0210 183 184#define EZUSB_FRAME_DATA 1 185#define EZUSB_FRAME_CONTROL 2 186 187#define DEF_TIMEOUT (3 * HZ) 188 189#define BULK_BUF_SIZE 2048 190 191#define MAX_DL_SIZE (BULK_BUF_SIZE - sizeof(struct ezusb_packet)) 192 193#define FW_BUF_SIZE 64 194#define FW_VAR_OFFSET_PTR 0x359 195#define FW_VAR_VALUE 0 196#define FW_HOLE_START 0x100 197#define FW_HOLE_END 0x300 198 199struct ezusb_packet { 200 __le16 magic; /* 0x0210 */ 201 u8 req_reply_count; 202 u8 ans_reply_count; 203 __le16 frame_type; /* 0x01 for data frames, 0x02 otherwise */ 204 __le16 size; /* transport size */ 205 __le16 crc; /* CRC up to here */ 206 __le16 hermes_len; 207 __le16 hermes_rid; 208 u8 data[0]; 209} __packed; 210 211/* Table of devices that work or may work with this driver */ 212static struct usb_device_id ezusb_table[] = { 213 {USB_DEVICE(USB_COMPAQ_VENDOR_ID, USB_COMPAQ_WL215_ID)}, 214 {USB_DEVICE(USB_COMPAQ_VENDOR_ID, USB_HP_WL215_ID)}, 215 {USB_DEVICE(USB_COMPAQ_VENDOR_ID, USB_COMPAQ_W200_ID)}, 216 {USB_DEVICE(USB_MELCO_VENDOR_ID, USB_BUFFALO_L11_ID)}, 217 {USB_DEVICE(USB_MELCO_VENDOR_ID, USB_BUFFALO_L11G_WR_ID)}, 218 {USB_DEVICE(USB_MELCO_VENDOR_ID, USB_BUFFALO_L11G_ID)}, 219 {USB_DEVICE(USB_LUCENT_VENDOR_ID, USB_LUCENT_ORINOCO_ID)}, 220 {USB_DEVICE(USB_AVAYA8_VENDOR_ID, USB_AVAYA_WIRELESS_ID)}, 221 {USB_DEVICE(USB_AVAYAE_VENDOR_ID, USB_AVAYA_WIRELESS_ID)}, 222 {USB_DEVICE(USB_AGERE_VENDOR_ID, USB_AGERE_MODEL0801_ID)}, 223 {USB_DEVICE(USB_AGERE_VENDOR_ID, USB_AGERE_MODEL0802_ID)}, 224 {USB_DEVICE(USB_ELSA_VENDOR_ID, USB_ELSA_AIRLANCER_ID)}, 225 {USB_DEVICE(USB_LEGEND_VENDOR_ID, USB_LEGEND_JOYNET_ID)}, 226 {USB_DEVICE_VER(USB_SAMSUNG_VENDOR_ID, USB_SAMSUNG_SEW2001U1_ID, 227 0, 0)}, 228 {USB_DEVICE(USB_SAMSUNG_VENDOR_ID, USB_SAMSUNG_SEW2001U2_ID)}, 229 {USB_DEVICE(USB_SAMSUNG_VENDOR_ID, USB_SAMSUNG_SEW2003U_ID)}, 230 {USB_DEVICE(USB_IGATE_VENDOR_ID, USB_IGATE_IGATE_11M_ID)}, 231 {USB_DEVICE(USB_FUJITSU_VENDOR_ID, USB_FUJITSU_E1100_ID)}, 232 {USB_DEVICE(USB_2WIRE_VENDOR_ID, USB_2WIRE_WIRELESS_ID)}, 233 {USB_DEVICE(USB_AGERE_VENDOR_ID, USB_AGERE_REBRANDED_ID)}, 234 {} /* Terminating entry */ 235}; 236 237MODULE_DEVICE_TABLE(usb, ezusb_table); 238 239/* Structure to hold all of our device specific stuff */ 240struct ezusb_priv { 241 struct usb_device *udev; 242 struct net_device *dev; 243 struct mutex mtx; 244 spinlock_t req_lock; 245 struct list_head req_pending; 246 struct list_head req_active; 247 spinlock_t reply_count_lock; 248 u16 hermes_reg_fake[0x40]; 249 u8 *bap_buf; 250 struct urb *read_urb; 251 int read_pipe; 252 int write_pipe; 253 u8 reply_count; 254}; 255 256enum ezusb_state { 257 EZUSB_CTX_START, 258 EZUSB_CTX_QUEUED, 259 EZUSB_CTX_REQ_SUBMITTED, 260 EZUSB_CTX_REQ_COMPLETE, 261 EZUSB_CTX_RESP_RECEIVED, 262 EZUSB_CTX_REQ_TIMEOUT, 263 EZUSB_CTX_REQ_FAILED, 264 EZUSB_CTX_RESP_TIMEOUT, 265 EZUSB_CTX_REQSUBMIT_FAIL, 266 EZUSB_CTX_COMPLETE, 267}; 268 269struct request_context { 270 struct list_head list; 271 atomic_t refcount; 272 struct completion done; /* Signals that CTX is dead */ 273 int killed; 274 struct urb *outurb; /* OUT for req pkt */ 275 struct ezusb_priv *upriv; 276 struct ezusb_packet *buf; 277 int buf_length; 278 struct timer_list timer; /* Timeout handling */ 279 enum ezusb_state state; /* Current state */ 280 /* the RID that we will wait for */ 281 u16 out_rid; 282 u16 in_rid; 283}; 284 285 286/* Forward declarations */ 287static void ezusb_ctx_complete(struct request_context *ctx); 288static void ezusb_req_queue_run(struct ezusb_priv *upriv); 289static void ezusb_bulk_in_callback(struct urb *urb); 290 291static inline u8 ezusb_reply_inc(u8 count) 292{ 293 if (count < 0x7F) 294 return count + 1; 295 else 296 return 1; 297} 298 299static void ezusb_request_context_put(struct request_context *ctx) 300{ 301 if (!atomic_dec_and_test(&ctx->refcount)) 302 return; 303 304 WARN_ON(!ctx->done.done); 305 BUG_ON(ctx->outurb->status == -EINPROGRESS); 306 BUG_ON(timer_pending(&ctx->timer)); 307 usb_free_urb(ctx->outurb); 308 kfree(ctx->buf); 309 kfree(ctx); 310} 311 312static inline void ezusb_mod_timer(struct ezusb_priv *upriv, 313 struct timer_list *timer, 314 unsigned long expire) 315{ 316 if (!upriv->udev) 317 return; 318 mod_timer(timer, expire); 319} 320 321static void ezusb_request_timerfn(u_long _ctx) 322{ 323 struct request_context *ctx = (void *) _ctx; 324 325 ctx->outurb->transfer_flags |= URB_ASYNC_UNLINK; 326 if (usb_unlink_urb(ctx->outurb) == -EINPROGRESS) { 327 ctx->state = EZUSB_CTX_REQ_TIMEOUT; 328 } else { 329 ctx->state = EZUSB_CTX_RESP_TIMEOUT; 330 dev_dbg(&ctx->outurb->dev->dev, "couldn't unlink\n"); 331 atomic_inc(&ctx->refcount); 332 ctx->killed = 1; 333 ezusb_ctx_complete(ctx); 334 ezusb_request_context_put(ctx); 335 } 336}; 337 338static struct request_context *ezusb_alloc_ctx(struct ezusb_priv *upriv, 339 u16 out_rid, u16 in_rid) 340{ 341 struct request_context *ctx; 342 343 ctx = kzalloc(sizeof(*ctx), GFP_ATOMIC); 344 if (!ctx) 345 return NULL; 346 347 ctx->buf = kmalloc(BULK_BUF_SIZE, GFP_ATOMIC); 348 if (!ctx->buf) { 349 kfree(ctx); 350 return NULL; 351 } 352 ctx->outurb = usb_alloc_urb(0, GFP_ATOMIC); 353 if (!ctx->outurb) { 354 kfree(ctx->buf); 355 kfree(ctx); 356 return NULL; 357 } 358 359 ctx->upriv = upriv; 360 ctx->state = EZUSB_CTX_START; 361 ctx->out_rid = out_rid; 362 ctx->in_rid = in_rid; 363 364 atomic_set(&ctx->refcount, 1); 365 init_completion(&ctx->done); 366 367 init_timer(&ctx->timer); 368 ctx->timer.function = ezusb_request_timerfn; 369 ctx->timer.data = (u_long) ctx; 370 return ctx; 371} 372 373 374/* Hopefully the real complete_all will soon be exported, in the mean 375 * while this should work. */ 376static inline void ezusb_complete_all(struct completion *comp) 377{ 378 complete(comp); 379 complete(comp); 380 complete(comp); 381 complete(comp); 382} 383 384static void ezusb_ctx_complete(struct request_context *ctx) 385{ 386 struct ezusb_priv *upriv = ctx->upriv; 387 unsigned long flags; 388 389 spin_lock_irqsave(&upriv->req_lock, flags); 390 391 list_del_init(&ctx->list); 392 if (upriv->udev) { 393 spin_unlock_irqrestore(&upriv->req_lock, flags); 394 ezusb_req_queue_run(upriv); 395 spin_lock_irqsave(&upriv->req_lock, flags); 396 } 397 398 switch (ctx->state) { 399 case EZUSB_CTX_COMPLETE: 400 case EZUSB_CTX_REQSUBMIT_FAIL: 401 case EZUSB_CTX_REQ_FAILED: 402 case EZUSB_CTX_REQ_TIMEOUT: 403 case EZUSB_CTX_RESP_TIMEOUT: 404 spin_unlock_irqrestore(&upriv->req_lock, flags); 405 406 if ((ctx->out_rid == EZUSB_RID_TX) && upriv->dev) { 407 struct net_device *dev = upriv->dev; 408 struct orinoco_private *priv = ndev_priv(dev); 409 struct net_device_stats *stats = &priv->stats; 410 411 if (ctx->state != EZUSB_CTX_COMPLETE) 412 stats->tx_errors++; 413 else 414 stats->tx_packets++; 415 416 netif_wake_queue(dev); 417 } 418 ezusb_complete_all(&ctx->done); 419 ezusb_request_context_put(ctx); 420 break; 421 422 default: 423 spin_unlock_irqrestore(&upriv->req_lock, flags); 424 if (!upriv->udev) { 425 /* This is normal, as all request contexts get flushed 426 * when the device is disconnected */ 427 err("Called, CTX not terminating, but device gone"); 428 ezusb_complete_all(&ctx->done); 429 ezusb_request_context_put(ctx); 430 break; 431 } 432 433 err("Called, CTX not in terminating state."); 434 /* Things are really bad if this happens. Just leak 435 * the CTX because it may still be linked to the 436 * queue or the OUT urb may still be active. 437 * Just leaking at least prevents an Oops or Panic. 438 */ 439 break; 440 } 441} 442 443/** 444 * ezusb_req_queue_run: 445 * Description: 446 * Note: Only one active CTX at any one time, because there's no 447 * other (reliable) way to match the response URB to the correct 448 * CTX. 449 **/ 450static void ezusb_req_queue_run(struct ezusb_priv *upriv) 451{ 452 unsigned long flags; 453 struct request_context *ctx; 454 int result; 455 456 spin_lock_irqsave(&upriv->req_lock, flags); 457 458 if (!list_empty(&upriv->req_active)) 459 goto unlock; 460 461 if (list_empty(&upriv->req_pending)) 462 goto unlock; 463 464 ctx = 465 list_entry(upriv->req_pending.next, struct request_context, 466 list); 467 468 if (!ctx->upriv->udev) 469 goto unlock; 470 471 /* We need to split this off to avoid a race condition */ 472 list_move_tail(&ctx->list, &upriv->req_active); 473 474 if (ctx->state == EZUSB_CTX_QUEUED) { 475 atomic_inc(&ctx->refcount); 476 result = usb_submit_urb(ctx->outurb, GFP_ATOMIC); 477 if (result) { 478 ctx->state = EZUSB_CTX_REQSUBMIT_FAIL; 479 480 spin_unlock_irqrestore(&upriv->req_lock, flags); 481 482 err("Fatal, failed to submit command urb." 483 " error=%d\n", result); 484 485 ezusb_ctx_complete(ctx); 486 ezusb_request_context_put(ctx); 487 goto done; 488 } 489 490 ctx->state = EZUSB_CTX_REQ_SUBMITTED; 491 ezusb_mod_timer(ctx->upriv, &ctx->timer, 492 jiffies + DEF_TIMEOUT); 493 } 494 495 unlock: 496 spin_unlock_irqrestore(&upriv->req_lock, flags); 497 498 done: 499 return; 500} 501 502static void ezusb_req_enqueue_run(struct ezusb_priv *upriv, 503 struct request_context *ctx) 504{ 505 unsigned long flags; 506 507 spin_lock_irqsave(&upriv->req_lock, flags); 508 509 if (!ctx->upriv->udev) { 510 spin_unlock_irqrestore(&upriv->req_lock, flags); 511 goto done; 512 } 513 atomic_inc(&ctx->refcount); 514 list_add_tail(&ctx->list, &upriv->req_pending); 515 spin_unlock_irqrestore(&upriv->req_lock, flags); 516 517 ctx->state = EZUSB_CTX_QUEUED; 518 ezusb_req_queue_run(upriv); 519 520 done: 521 return; 522} 523 524static void ezusb_request_out_callback(struct urb *urb) 525{ 526 unsigned long flags; 527 enum ezusb_state state; 528 struct request_context *ctx = urb->context; 529 struct ezusb_priv *upriv = ctx->upriv; 530 531 spin_lock_irqsave(&upriv->req_lock, flags); 532 533 del_timer(&ctx->timer); 534 535 if (ctx->killed) { 536 spin_unlock_irqrestore(&upriv->req_lock, flags); 537 pr_warn("interrupt called with dead ctx\n"); 538 goto out; 539 } 540 541 state = ctx->state; 542 543 if (urb->status == 0) { 544 switch (state) { 545 case EZUSB_CTX_REQ_SUBMITTED: 546 if (ctx->in_rid) { 547 ctx->state = EZUSB_CTX_REQ_COMPLETE; 548 /* reply URB still pending */ 549 ezusb_mod_timer(upriv, &ctx->timer, 550 jiffies + DEF_TIMEOUT); 551 spin_unlock_irqrestore(&upriv->req_lock, 552 flags); 553 break; 554 } 555 /* fall through */ 556 case EZUSB_CTX_RESP_RECEIVED: 557 /* IN already received before this OUT-ACK */ 558 ctx->state = EZUSB_CTX_COMPLETE; 559 spin_unlock_irqrestore(&upriv->req_lock, flags); 560 ezusb_ctx_complete(ctx); 561 break; 562 563 default: 564 spin_unlock_irqrestore(&upriv->req_lock, flags); 565 err("Unexpected state(0x%x, %d) in OUT URB", 566 state, urb->status); 567 break; 568 } 569 } else { 570 /* If someone cancels the OUT URB then its status 571 * should be either -ECONNRESET or -ENOENT. 572 */ 573 switch (state) { 574 case EZUSB_CTX_REQ_SUBMITTED: 575 case EZUSB_CTX_RESP_RECEIVED: 576 ctx->state = EZUSB_CTX_REQ_FAILED; 577 /* fall through */ 578 579 case EZUSB_CTX_REQ_FAILED: 580 case EZUSB_CTX_REQ_TIMEOUT: 581 spin_unlock_irqrestore(&upriv->req_lock, flags); 582 583 ezusb_ctx_complete(ctx); 584 break; 585 586 default: 587 spin_unlock_irqrestore(&upriv->req_lock, flags); 588 589 err("Unexpected state(0x%x, %d) in OUT URB", 590 state, urb->status); 591 break; 592 } 593 } 594 out: 595 ezusb_request_context_put(ctx); 596} 597 598static void ezusb_request_in_callback(struct ezusb_priv *upriv, 599 struct urb *urb) 600{ 601 struct ezusb_packet *ans = urb->transfer_buffer; 602 struct request_context *ctx = NULL; 603 enum ezusb_state state; 604 unsigned long flags; 605 606 /* Find the CTX on the active queue that requested this URB */ 607 spin_lock_irqsave(&upriv->req_lock, flags); 608 if (upriv->udev) { 609 struct list_head *item; 610 611 list_for_each(item, &upriv->req_active) { 612 struct request_context *c; 613 int reply_count; 614 615 c = list_entry(item, struct request_context, list); 616 reply_count = 617 ezusb_reply_inc(c->buf->req_reply_count); 618 if ((ans->ans_reply_count == reply_count) 619 && (le16_to_cpu(ans->hermes_rid) == c->in_rid)) { 620 ctx = c; 621 break; 622 } 623 netdev_dbg(upriv->dev, "Skipped (0x%x/0x%x) (%d/%d)\n", 624 le16_to_cpu(ans->hermes_rid), c->in_rid, 625 ans->ans_reply_count, reply_count); 626 } 627 } 628 629 if (ctx == NULL) { 630 spin_unlock_irqrestore(&upriv->req_lock, flags); 631 err("%s: got unexpected RID: 0x%04X", __func__, 632 le16_to_cpu(ans->hermes_rid)); 633 ezusb_req_queue_run(upriv); 634 return; 635 } 636 637 /* The data we want is in the in buffer, exchange */ 638 urb->transfer_buffer = ctx->buf; 639 ctx->buf = (void *) ans; 640 ctx->buf_length = urb->actual_length; 641 642 state = ctx->state; 643 switch (state) { 644 case EZUSB_CTX_REQ_SUBMITTED: 645 /* We have received our response URB before 646 * our request has been acknowledged. Do NOT 647 * destroy our CTX yet, because our OUT URB 648 * is still alive ... 649 */ 650 ctx->state = EZUSB_CTX_RESP_RECEIVED; 651 spin_unlock_irqrestore(&upriv->req_lock, flags); 652 653 /* Let the machine continue running. */ 654 break; 655 656 case EZUSB_CTX_REQ_COMPLETE: 657 /* This is the usual path: our request 658 * has already been acknowledged, and 659 * we have now received the reply. 660 */ 661 ctx->state = EZUSB_CTX_COMPLETE; 662 663 /* Stop the intimer */ 664 del_timer(&ctx->timer); 665 spin_unlock_irqrestore(&upriv->req_lock, flags); 666 667 /* Call the completion handler */ 668 ezusb_ctx_complete(ctx); 669 break; 670 671 default: 672 spin_unlock_irqrestore(&upriv->req_lock, flags); 673 674 pr_warn("Matched IN URB, unexpected context state(0x%x)\n", 675 state); 676 /* Throw this CTX away and try submitting another */ 677 del_timer(&ctx->timer); 678 ctx->outurb->transfer_flags |= URB_ASYNC_UNLINK; 679 usb_unlink_urb(ctx->outurb); 680 ezusb_req_queue_run(upriv); 681 break; 682 } /* switch */ 683} 684 685 686static void ezusb_req_ctx_wait(struct ezusb_priv *upriv, 687 struct request_context *ctx) 688{ 689 switch (ctx->state) { 690 case EZUSB_CTX_QUEUED: 691 case EZUSB_CTX_REQ_SUBMITTED: 692 case EZUSB_CTX_REQ_COMPLETE: 693 case EZUSB_CTX_RESP_RECEIVED: 694 if (in_softirq()) { 695 /* If we get called from a timer, timeout timers don't 696 * get the chance to run themselves. So we make sure 697 * that we don't sleep for ever */ 698 int msecs = DEF_TIMEOUT * (1000 / HZ); 699 while (!ctx->done.done && msecs--) 700 udelay(1000); 701 } else { 702 wait_event_interruptible(ctx->done.wait, 703 ctx->done.done); 704 } 705 break; 706 default: 707 /* Done or failed - nothing to wait for */ 708 break; 709 } 710} 711 712static inline u16 build_crc(struct ezusb_packet *data) 713{ 714 u16 crc = 0; 715 u8 *bytes = (u8 *)data; 716 int i; 717 718 for (i = 0; i < 8; i++) 719 crc = (crc << 1) + bytes[i]; 720 721 return crc; 722} 723 724/** 725 * ezusb_fill_req: 726 * 727 * if data == NULL and length > 0 the data is assumed to be already in 728 * the target buffer and only the header is filled. 729 * 730 */ 731static int ezusb_fill_req(struct ezusb_packet *req, u16 length, u16 rid, 732 const void *data, u16 frame_type, u8 reply_count) 733{ 734 int total_size = sizeof(*req) + length; 735 736 BUG_ON(total_size > BULK_BUF_SIZE); 737 738 req->magic = cpu_to_le16(EZUSB_MAGIC); 739 req->req_reply_count = reply_count; 740 req->ans_reply_count = 0; 741 req->frame_type = cpu_to_le16(frame_type); 742 req->size = cpu_to_le16(length + 4); 743 req->crc = cpu_to_le16(build_crc(req)); 744 req->hermes_len = cpu_to_le16(HERMES_BYTES_TO_RECLEN(length)); 745 req->hermes_rid = cpu_to_le16(rid); 746 if (data) 747 memcpy(req->data, data, length); 748 return total_size; 749} 750 751static int ezusb_submit_in_urb(struct ezusb_priv *upriv) 752{ 753 int retval = 0; 754 void *cur_buf = upriv->read_urb->transfer_buffer; 755 756 if (upriv->read_urb->status == -EINPROGRESS) { 757 netdev_dbg(upriv->dev, "urb busy, not resubmiting\n"); 758 retval = -EBUSY; 759 goto exit; 760 } 761 usb_fill_bulk_urb(upriv->read_urb, upriv->udev, upriv->read_pipe, 762 cur_buf, BULK_BUF_SIZE, 763 ezusb_bulk_in_callback, upriv); 764 upriv->read_urb->transfer_flags = 0; 765 retval = usb_submit_urb(upriv->read_urb, GFP_ATOMIC); 766 if (retval) 767 err("%s submit failed %d", __func__, retval); 768 769 exit: 770 return retval; 771} 772 773static inline int ezusb_8051_cpucs(struct ezusb_priv *upriv, int reset) 774{ 775 u8 res_val = reset; /* avoid argument promotion */ 776 777 if (!upriv->udev) { 778 err("%s: !upriv->udev", __func__); 779 return -EFAULT; 780 } 781 return usb_control_msg(upriv->udev, 782 usb_sndctrlpipe(upriv->udev, 0), 783 EZUSB_REQUEST_FW_TRANS, 784 USB_TYPE_VENDOR | USB_RECIP_DEVICE | 785 USB_DIR_OUT, EZUSB_CPUCS_REG, 0, &res_val, 786 sizeof(res_val), DEF_TIMEOUT); 787} 788 789static int ezusb_firmware_download(struct ezusb_priv *upriv, 790 struct ez_usb_fw *fw) 791{ 792 u8 *fw_buffer; 793 int retval, addr; 794 int variant_offset; 795 796 fw_buffer = kmalloc(FW_BUF_SIZE, GFP_KERNEL); 797 if (!fw_buffer) { 798 printk(KERN_ERR PFX "Out of memory for firmware buffer.\n"); 799 return -ENOMEM; 800 } 801 /* 802 * This byte is 1 and should be replaced with 0. The offset is 803 * 0x10AD in version 0.0.6. The byte in question should follow 804 * the end of the code pointed to by the jump in the beginning 805 * of the firmware. Also, it is read by code located at 0x358. 806 */ 807 variant_offset = be16_to_cpup((__be16 *) &fw->code[FW_VAR_OFFSET_PTR]); 808 if (variant_offset >= fw->size) { 809 printk(KERN_ERR PFX "Invalid firmware variant offset: " 810 "0x%04x\n", variant_offset); 811 retval = -EINVAL; 812 goto fail; 813 } 814 815 retval = ezusb_8051_cpucs(upriv, 1); 816 if (retval < 0) 817 goto fail; 818 for (addr = 0; addr < fw->size; addr += FW_BUF_SIZE) { 819 /* 0x100-0x300 should be left alone, it contains card 820 * specific data, like USB enumeration information */ 821 if ((addr >= FW_HOLE_START) && (addr < FW_HOLE_END)) 822 continue; 823 824 memcpy(fw_buffer, &fw->code[addr], FW_BUF_SIZE); 825 if (variant_offset >= addr && 826 variant_offset < addr + FW_BUF_SIZE) { 827 netdev_dbg(upriv->dev, 828 "Patching card_variant byte at 0x%04X\n", 829 variant_offset); 830 fw_buffer[variant_offset - addr] = FW_VAR_VALUE; 831 } 832 retval = usb_control_msg(upriv->udev, 833 usb_sndctrlpipe(upriv->udev, 0), 834 EZUSB_REQUEST_FW_TRANS, 835 USB_TYPE_VENDOR | USB_RECIP_DEVICE 836 | USB_DIR_OUT, 837 addr, 0x0, 838 fw_buffer, FW_BUF_SIZE, 839 DEF_TIMEOUT); 840 841 if (retval < 0) 842 goto fail; 843 } 844 retval = ezusb_8051_cpucs(upriv, 0); 845 if (retval < 0) 846 goto fail; 847 848 goto exit; 849 fail: 850 printk(KERN_ERR PFX "Firmware download failed, error %d\n", 851 retval); 852 exit: 853 kfree(fw_buffer); 854 return retval; 855} 856 857static int ezusb_access_ltv(struct ezusb_priv *upriv, 858 struct request_context *ctx, 859 u16 length, const void *data, u16 frame_type, 860 void *ans_buff, unsigned ans_size, u16 *ans_length) 861{ 862 int req_size; 863 int retval = 0; 864 enum ezusb_state state; 865 866 BUG_ON(in_irq()); 867 868 if (!upriv->udev) { 869 retval = -ENODEV; 870 goto exit; 871 } 872 873 if (upriv->read_urb->status != -EINPROGRESS) 874 err("%s: in urb not pending", __func__); 875 876 /* protect upriv->reply_count, guarantee sequential numbers */ 877 spin_lock_bh(&upriv->reply_count_lock); 878 req_size = ezusb_fill_req(ctx->buf, length, ctx->out_rid, data, 879 frame_type, upriv->reply_count); 880 usb_fill_bulk_urb(ctx->outurb, upriv->udev, upriv->write_pipe, 881 ctx->buf, req_size, 882 ezusb_request_out_callback, ctx); 883 884 if (ctx->in_rid) 885 upriv->reply_count = ezusb_reply_inc(upriv->reply_count); 886 887 ezusb_req_enqueue_run(upriv, ctx); 888 889 spin_unlock_bh(&upriv->reply_count_lock); 890 891 if (ctx->in_rid) 892 ezusb_req_ctx_wait(upriv, ctx); 893 894 state = ctx->state; 895 switch (state) { 896 case EZUSB_CTX_COMPLETE: 897 retval = ctx->outurb->status; 898 break; 899 900 case EZUSB_CTX_QUEUED: 901 case EZUSB_CTX_REQ_SUBMITTED: 902 if (!ctx->in_rid) 903 break; 904 default: 905 err("%s: Unexpected context state %d", __func__, 906 state); 907 /* fall though */ 908 case EZUSB_CTX_REQ_TIMEOUT: 909 case EZUSB_CTX_REQ_FAILED: 910 case EZUSB_CTX_RESP_TIMEOUT: 911 case EZUSB_CTX_REQSUBMIT_FAIL: 912 printk(KERN_ERR PFX "Access failed, resetting (state %d," 913 " reply_count %d)\n", state, upriv->reply_count); 914 upriv->reply_count = 0; 915 if (state == EZUSB_CTX_REQ_TIMEOUT 916 || state == EZUSB_CTX_RESP_TIMEOUT) { 917 printk(KERN_ERR PFX "ctx timed out\n"); 918 retval = -ETIMEDOUT; 919 } else { 920 printk(KERN_ERR PFX "ctx failed\n"); 921 retval = -EFAULT; 922 } 923 goto exit; 924 } 925 if (ctx->in_rid) { 926 struct ezusb_packet *ans = ctx->buf; 927 unsigned exp_len; 928 929 if (ans->hermes_len != 0) 930 exp_len = le16_to_cpu(ans->hermes_len) * 2 + 12; 931 else 932 exp_len = 14; 933 934 if (exp_len != ctx->buf_length) { 935 err("%s: length mismatch for RID 0x%04x: " 936 "expected %d, got %d", __func__, 937 ctx->in_rid, exp_len, ctx->buf_length); 938 retval = -EIO; 939 goto exit; 940 } 941 942 if (ans_buff) 943 memcpy(ans_buff, ans->data, min(exp_len, ans_size)); 944 if (ans_length) 945 *ans_length = le16_to_cpu(ans->hermes_len); 946 } 947 exit: 948 ezusb_request_context_put(ctx); 949 return retval; 950} 951 952static int ezusb_write_ltv(struct hermes *hw, int bap, u16 rid, 953 u16 length, const void *data) 954{ 955 struct ezusb_priv *upriv = hw->priv; 956 u16 frame_type; 957 struct request_context *ctx; 958 959 if (length == 0) 960 return -EINVAL; 961 962 length = HERMES_RECLEN_TO_BYTES(length); 963 964 /* On memory mapped devices HERMES_RID_CNFGROUPADDRESSES can be 965 * set to be empty, but the USB bridge doesn't like it */ 966 if (length == 0) 967 return 0; 968 969 ctx = ezusb_alloc_ctx(upriv, rid, EZUSB_RID_ACK); 970 if (!ctx) 971 return -ENOMEM; 972 973 if (rid == EZUSB_RID_TX) 974 frame_type = EZUSB_FRAME_DATA; 975 else 976 frame_type = EZUSB_FRAME_CONTROL; 977 978 return ezusb_access_ltv(upriv, ctx, length, data, frame_type, 979 NULL, 0, NULL); 980} 981 982static int ezusb_read_ltv(struct hermes *hw, int bap, u16 rid, 983 unsigned bufsize, u16 *length, void *buf) 984{ 985 struct ezusb_priv *upriv = hw->priv; 986 struct request_context *ctx; 987 988 if (bufsize % 2) 989 return -EINVAL; 990 991 ctx = ezusb_alloc_ctx(upriv, rid, rid); 992 if (!ctx) 993 return -ENOMEM; 994 995 return ezusb_access_ltv(upriv, ctx, 0, NULL, EZUSB_FRAME_CONTROL, 996 buf, bufsize, length); 997} 998 999static int ezusb_doicmd_wait(struct hermes *hw, u16 cmd, u16 parm0, u16 parm1, 1000 u16 parm2, struct hermes_response *resp) 1001{ 1002 struct ezusb_priv *upriv = hw->priv; 1003 struct request_context *ctx; 1004 1005 __le16 data[4] = { 1006 cpu_to_le16(cmd), 1007 cpu_to_le16(parm0), 1008 cpu_to_le16(parm1), 1009 cpu_to_le16(parm2), 1010 }; 1011 netdev_dbg(upriv->dev, 1012 "0x%04X, parm0 0x%04X, parm1 0x%04X, parm2 0x%04X\n", cmd, 1013 parm0, parm1, parm2); 1014 ctx = ezusb_alloc_ctx(upriv, EZUSB_RID_DOCMD, EZUSB_RID_ACK); 1015 if (!ctx) 1016 return -ENOMEM; 1017 1018 return ezusb_access_ltv(upriv, ctx, sizeof(data), &data, 1019 EZUSB_FRAME_CONTROL, NULL, 0, NULL); 1020} 1021 1022static int ezusb_docmd_wait(struct hermes *hw, u16 cmd, u16 parm0, 1023 struct hermes_response *resp) 1024{ 1025 struct ezusb_priv *upriv = hw->priv; 1026 struct request_context *ctx; 1027 1028 __le16 data[4] = { 1029 cpu_to_le16(cmd), 1030 cpu_to_le16(parm0), 1031 0, 1032 0, 1033 }; 1034 netdev_dbg(upriv->dev, "0x%04X, parm0 0x%04X\n", cmd, parm0); 1035 ctx = ezusb_alloc_ctx(upriv, EZUSB_RID_DOCMD, EZUSB_RID_ACK); 1036 if (!ctx) 1037 return -ENOMEM; 1038 1039 return ezusb_access_ltv(upriv, ctx, sizeof(data), &data, 1040 EZUSB_FRAME_CONTROL, NULL, 0, NULL); 1041} 1042 1043static int ezusb_bap_pread(struct hermes *hw, int bap, 1044 void *buf, int len, u16 id, u16 offset) 1045{ 1046 struct ezusb_priv *upriv = hw->priv; 1047 struct ezusb_packet *ans = (void *) upriv->read_urb->transfer_buffer; 1048 int actual_length = upriv->read_urb->actual_length; 1049 1050 if (id == EZUSB_RID_RX) { 1051 if ((sizeof(*ans) + offset + len) > actual_length) { 1052 printk(KERN_ERR PFX "BAP read beyond buffer end " 1053 "in rx frame\n"); 1054 return -EINVAL; 1055 } 1056 memcpy(buf, ans->data + offset, len); 1057 return 0; 1058 } 1059 1060 if (EZUSB_IS_INFO(id)) { 1061 /* Include 4 bytes for length/type */ 1062 if ((sizeof(*ans) + offset + len - 4) > actual_length) { 1063 printk(KERN_ERR PFX "BAP read beyond buffer end " 1064 "in info frame\n"); 1065 return -EFAULT; 1066 } 1067 memcpy(buf, ans->data + offset - 4, len); 1068 } else { 1069 printk(KERN_ERR PFX "Unexpected fid 0x%04x\n", id); 1070 return -EINVAL; 1071 } 1072 1073 return 0; 1074} 1075 1076static int ezusb_read_pda(struct hermes *hw, __le16 *pda, 1077 u32 pda_addr, u16 pda_len) 1078{ 1079 struct ezusb_priv *upriv = hw->priv; 1080 struct request_context *ctx; 1081 __le16 data[] = { 1082 cpu_to_le16(pda_addr & 0xffff), 1083 cpu_to_le16(pda_len - 4) 1084 }; 1085 ctx = ezusb_alloc_ctx(upriv, EZUSB_RID_READ_PDA, EZUSB_RID_READ_PDA); 1086 if (!ctx) 1087 return -ENOMEM; 1088 1089 /* wl_lkm does not include PDA size in the PDA area. 1090 * We will pad the information into pda, so other routines 1091 * don't have to be modified */ 1092 pda[0] = cpu_to_le16(pda_len - 2); 1093 /* Includes CFG_PROD_DATA but not itself */ 1094 pda[1] = cpu_to_le16(0x0800); /* CFG_PROD_DATA */ 1095 1096 return ezusb_access_ltv(upriv, ctx, sizeof(data), &data, 1097 EZUSB_FRAME_CONTROL, &pda[2], pda_len - 4, 1098 NULL); 1099} 1100 1101static int ezusb_program_init(struct hermes *hw, u32 entry_point) 1102{ 1103 struct ezusb_priv *upriv = hw->priv; 1104 struct request_context *ctx; 1105 __le32 data = cpu_to_le32(entry_point); 1106 1107 ctx = ezusb_alloc_ctx(upriv, EZUSB_RID_PROG_INIT, EZUSB_RID_ACK); 1108 if (!ctx) 1109 return -ENOMEM; 1110 1111 return ezusb_access_ltv(upriv, ctx, sizeof(data), &data, 1112 EZUSB_FRAME_CONTROL, NULL, 0, NULL); 1113} 1114 1115static int ezusb_program_end(struct hermes *hw) 1116{ 1117 struct ezusb_priv *upriv = hw->priv; 1118 struct request_context *ctx; 1119 1120 ctx = ezusb_alloc_ctx(upriv, EZUSB_RID_PROG_END, EZUSB_RID_ACK); 1121 if (!ctx) 1122 return -ENOMEM; 1123 1124 return ezusb_access_ltv(upriv, ctx, 0, NULL, 1125 EZUSB_FRAME_CONTROL, NULL, 0, NULL); 1126} 1127 1128static int ezusb_program_bytes(struct hermes *hw, const char *buf, 1129 u32 addr, u32 len) 1130{ 1131 struct ezusb_priv *upriv = hw->priv; 1132 struct request_context *ctx; 1133 __le32 data = cpu_to_le32(addr); 1134 int err; 1135 1136 ctx = ezusb_alloc_ctx(upriv, EZUSB_RID_PROG_SET_ADDR, EZUSB_RID_ACK); 1137 if (!ctx) 1138 return -ENOMEM; 1139 1140 err = ezusb_access_ltv(upriv, ctx, sizeof(data), &data, 1141 EZUSB_FRAME_CONTROL, NULL, 0, NULL); 1142 if (err) 1143 return err; 1144 1145 ctx = ezusb_alloc_ctx(upriv, EZUSB_RID_PROG_BYTES, EZUSB_RID_ACK); 1146 if (!ctx) 1147 return -ENOMEM; 1148 1149 return ezusb_access_ltv(upriv, ctx, len, buf, 1150 EZUSB_FRAME_CONTROL, NULL, 0, NULL); 1151} 1152 1153static int ezusb_program(struct hermes *hw, const char *buf, 1154 u32 addr, u32 len) 1155{ 1156 u32 ch_addr; 1157 u32 ch_len; 1158 int err = 0; 1159 1160 /* We can only send 2048 bytes out of the bulk xmit at a time, 1161 * so we have to split any programming into chunks of <2048 1162 * bytes. */ 1163 1164 ch_len = (len < MAX_DL_SIZE) ? len : MAX_DL_SIZE; 1165 ch_addr = addr; 1166 1167 while (ch_addr < (addr + len)) { 1168 pr_debug("Programming subblock of length %d " 1169 "to address 0x%08x. Data @ %p\n", 1170 ch_len, ch_addr, &buf[ch_addr - addr]); 1171 1172 err = ezusb_program_bytes(hw, &buf[ch_addr - addr], 1173 ch_addr, ch_len); 1174 if (err) 1175 break; 1176 1177 ch_addr += ch_len; 1178 ch_len = ((addr + len - ch_addr) < MAX_DL_SIZE) ? 1179 (addr + len - ch_addr) : MAX_DL_SIZE; 1180 } 1181 1182 return err; 1183} 1184 1185static netdev_tx_t ezusb_xmit(struct sk_buff *skb, struct net_device *dev) 1186{ 1187 struct orinoco_private *priv = ndev_priv(dev); 1188 struct net_device_stats *stats = &priv->stats; 1189 struct ezusb_priv *upriv = priv->card; 1190 u8 mic[MICHAEL_MIC_LEN + 1]; 1191 int err = 0; 1192 int tx_control; 1193 unsigned long flags; 1194 struct request_context *ctx; 1195 u8 *buf; 1196 int tx_size; 1197 1198 if (!netif_running(dev)) { 1199 printk(KERN_ERR "%s: Tx on stopped device!\n", 1200 dev->name); 1201 return NETDEV_TX_BUSY; 1202 } 1203 1204 if (netif_queue_stopped(dev)) { 1205 printk(KERN_DEBUG "%s: Tx while transmitter busy!\n", 1206 dev->name); 1207 return NETDEV_TX_BUSY; 1208 } 1209 1210 if (orinoco_lock(priv, &flags) != 0) { 1211 printk(KERN_ERR 1212 "%s: ezusb_xmit() called while hw_unavailable\n", 1213 dev->name); 1214 return NETDEV_TX_BUSY; 1215 } 1216 1217 if (!netif_carrier_ok(dev) || 1218 (priv->iw_mode == NL80211_IFTYPE_MONITOR)) { 1219 /* Oops, the firmware hasn't established a connection, 1220 silently drop the packet (this seems to be the 1221 safest approach). */ 1222 goto drop; 1223 } 1224 1225 /* Check packet length */ 1226 if (skb->len < ETH_HLEN) 1227 goto drop; 1228 1229 ctx = ezusb_alloc_ctx(upriv, EZUSB_RID_TX, 0); 1230 if (!ctx) 1231 goto busy; 1232 1233 memset(ctx->buf, 0, BULK_BUF_SIZE); 1234 buf = ctx->buf->data; 1235 1236 tx_control = 0; 1237 1238 err = orinoco_process_xmit_skb(skb, dev, priv, &tx_control, 1239 &mic[0]); 1240 if (err) 1241 goto drop; 1242 1243 { 1244 __le16 *tx_cntl = (__le16 *)buf; 1245 *tx_cntl = cpu_to_le16(tx_control); 1246 buf += sizeof(*tx_cntl); 1247 } 1248 1249 memcpy(buf, skb->data, skb->len); 1250 buf += skb->len; 1251 1252 if (tx_control & HERMES_TXCTRL_MIC) { 1253 u8 *m = mic; 1254 /* Mic has been offset so it can be copied to an even 1255 * address. We're copying eveything anyway, so we 1256 * don't need to copy that first byte. */ 1257 if (skb->len % 2) 1258 m++; 1259 memcpy(buf, m, MICHAEL_MIC_LEN); 1260 buf += MICHAEL_MIC_LEN; 1261 } 1262 1263 /* Finally, we actually initiate the send */ 1264 netif_stop_queue(dev); 1265 1266 /* The card may behave better if we send evenly sized usb transfers */ 1267 tx_size = ALIGN(buf - ctx->buf->data, 2); 1268 1269 err = ezusb_access_ltv(upriv, ctx, tx_size, NULL, 1270 EZUSB_FRAME_DATA, NULL, 0, NULL); 1271 1272 if (err) { 1273 netif_start_queue(dev); 1274 if (net_ratelimit()) 1275 printk(KERN_ERR "%s: Error %d transmitting packet\n", 1276 dev->name, err); 1277 goto busy; 1278 } 1279 1280 dev->trans_start = jiffies; 1281 stats->tx_bytes += skb->len; 1282 goto ok; 1283 1284 drop: 1285 stats->tx_errors++; 1286 stats->tx_dropped++; 1287 1288 ok: 1289 orinoco_unlock(priv, &flags); 1290 dev_kfree_skb(skb); 1291 return NETDEV_TX_OK; 1292 1293 busy: 1294 orinoco_unlock(priv, &flags); 1295 return NETDEV_TX_BUSY; 1296} 1297 1298static int ezusb_allocate(struct hermes *hw, u16 size, u16 *fid) 1299{ 1300 *fid = EZUSB_RID_TX; 1301 return 0; 1302} 1303 1304 1305static int ezusb_hard_reset(struct orinoco_private *priv) 1306{ 1307 struct ezusb_priv *upriv = priv->card; 1308 int retval = ezusb_8051_cpucs(upriv, 1); 1309 1310 if (retval < 0) { 1311 err("Failed to reset"); 1312 return retval; 1313 } 1314 1315 retval = ezusb_8051_cpucs(upriv, 0); 1316 if (retval < 0) { 1317 err("Failed to unreset"); 1318 return retval; 1319 } 1320 1321 netdev_dbg(upriv->dev, "sending control message\n"); 1322 retval = usb_control_msg(upriv->udev, 1323 usb_sndctrlpipe(upriv->udev, 0), 1324 EZUSB_REQUEST_TRIGER, 1325 USB_TYPE_VENDOR | USB_RECIP_DEVICE | 1326 USB_DIR_OUT, 0x0, 0x0, NULL, 0, 1327 DEF_TIMEOUT); 1328 if (retval < 0) { 1329 err("EZUSB_REQUEST_TRIGER failed retval %d", retval); 1330 return retval; 1331 } 1332#if 0 1333 dbg("Sending EZUSB_REQUEST_TRIG_AC"); 1334 retval = usb_control_msg(upriv->udev, 1335 usb_sndctrlpipe(upriv->udev, 0), 1336 EZUSB_REQUEST_TRIG_AC, 1337 USB_TYPE_VENDOR | USB_RECIP_DEVICE | 1338 USB_DIR_OUT, 0x00FA, 0x0, NULL, 0, 1339 DEF_TIMEOUT); 1340 if (retval < 0) { 1341 err("EZUSB_REQUEST_TRIG_AC failed retval %d", retval); 1342 return retval; 1343 } 1344#endif 1345 1346 return 0; 1347} 1348 1349 1350static int ezusb_init(struct hermes *hw) 1351{ 1352 struct ezusb_priv *upriv = hw->priv; 1353 int retval; 1354 1355 BUG_ON(in_interrupt()); 1356 BUG_ON(!upriv); 1357 1358 upriv->reply_count = 0; 1359 /* Write the MAGIC number on the simulated registers to keep 1360 * orinoco.c happy */ 1361 hermes_write_regn(hw, SWSUPPORT0, HERMES_MAGIC); 1362 hermes_write_regn(hw, RXFID, EZUSB_RID_RX); 1363 1364 usb_kill_urb(upriv->read_urb); 1365 ezusb_submit_in_urb(upriv); 1366 1367 retval = ezusb_write_ltv(hw, 0, EZUSB_RID_INIT1, 1368 HERMES_BYTES_TO_RECLEN(2), "\x10\x00"); 1369 if (retval < 0) { 1370 printk(KERN_ERR PFX "EZUSB_RID_INIT1 error %d\n", retval); 1371 return retval; 1372 } 1373 1374 retval = ezusb_docmd_wait(hw, HERMES_CMD_INIT, 0, NULL); 1375 if (retval < 0) { 1376 printk(KERN_ERR PFX "HERMES_CMD_INIT error %d\n", retval); 1377 return retval; 1378 } 1379 1380 return 0; 1381} 1382 1383static void ezusb_bulk_in_callback(struct urb *urb) 1384{ 1385 struct ezusb_priv *upriv = (struct ezusb_priv *) urb->context; 1386 struct ezusb_packet *ans = urb->transfer_buffer; 1387 u16 crc; 1388 u16 hermes_rid; 1389 1390 if (upriv->udev == NULL) 1391 return; 1392 1393 if (urb->status == -ETIMEDOUT) { 1394 /* When a device gets unplugged we get this every time 1395 * we resubmit, flooding the logs. Since we don't use 1396 * USB timeouts, it shouldn't happen any other time*/ 1397 pr_warn("%s: urb timed out, not resubmitting\n", __func__); 1398 return; 1399 } 1400 if (urb->status == -ECONNABORTED) { 1401 pr_warn("%s: connection abort, resubmitting urb\n", 1402 __func__); 1403 goto resubmit; 1404 } 1405 if ((urb->status == -EILSEQ) 1406 || (urb->status == -ENOENT) 1407 || (urb->status == -ECONNRESET)) { 1408 netdev_dbg(upriv->dev, "status %d, not resubmiting\n", 1409 urb->status); 1410 return; 1411 } 1412 if (urb->status) 1413 netdev_dbg(upriv->dev, "status: %d length: %d\n", 1414 urb->status, urb->actual_length); 1415 if (urb->actual_length < sizeof(*ans)) { 1416 err("%s: short read, ignoring", __func__); 1417 goto resubmit; 1418 } 1419 crc = build_crc(ans); 1420 if (le16_to_cpu(ans->crc) != crc) { 1421 err("CRC error, ignoring packet"); 1422 goto resubmit; 1423 } 1424 1425 hermes_rid = le16_to_cpu(ans->hermes_rid); 1426 if ((hermes_rid != EZUSB_RID_RX) && !EZUSB_IS_INFO(hermes_rid)) { 1427 ezusb_request_in_callback(upriv, urb); 1428 } else if (upriv->dev) { 1429 struct net_device *dev = upriv->dev; 1430 struct orinoco_private *priv = ndev_priv(dev); 1431 struct hermes *hw = &priv->hw; 1432 1433 if (hermes_rid == EZUSB_RID_RX) { 1434 __orinoco_ev_rx(dev, hw); 1435 } else { 1436 hermes_write_regn(hw, INFOFID, 1437 le16_to_cpu(ans->hermes_rid)); 1438 __orinoco_ev_info(dev, hw); 1439 } 1440 } 1441 1442 resubmit: 1443 if (upriv->udev) 1444 ezusb_submit_in_urb(upriv); 1445} 1446 1447static inline void ezusb_delete(struct ezusb_priv *upriv) 1448{ 1449 struct net_device *dev; 1450 struct list_head *item; 1451 struct list_head *tmp_item; 1452 unsigned long flags; 1453 1454 BUG_ON(in_interrupt()); 1455 BUG_ON(!upriv); 1456 1457 dev = upriv->dev; 1458 mutex_lock(&upriv->mtx); 1459 1460 upriv->udev = NULL; /* No timer will be rearmed from here */ 1461 1462 usb_kill_urb(upriv->read_urb); 1463 1464 spin_lock_irqsave(&upriv->req_lock, flags); 1465 list_for_each_safe(item, tmp_item, &upriv->req_active) { 1466 struct request_context *ctx; 1467 int err; 1468 1469 ctx = list_entry(item, struct request_context, list); 1470 atomic_inc(&ctx->refcount); 1471 1472 ctx->outurb->transfer_flags |= URB_ASYNC_UNLINK; 1473 err = usb_unlink_urb(ctx->outurb); 1474 1475 spin_unlock_irqrestore(&upriv->req_lock, flags); 1476 if (err == -EINPROGRESS) 1477 wait_for_completion(&ctx->done); 1478 1479 del_timer_sync(&ctx->timer); 1480 /* FIXME: there is an slight chance for the irq handler to 1481 * be running */ 1482 if (!list_empty(&ctx->list)) 1483 ezusb_ctx_complete(ctx); 1484 1485 ezusb_request_context_put(ctx); 1486 spin_lock_irqsave(&upriv->req_lock, flags); 1487 } 1488 spin_unlock_irqrestore(&upriv->req_lock, flags); 1489 1490 list_for_each_safe(item, tmp_item, &upriv->req_pending) 1491 ezusb_ctx_complete(list_entry(item, 1492 struct request_context, list)); 1493 1494 if (upriv->read_urb && upriv->read_urb->status == -EINPROGRESS) 1495 printk(KERN_ERR PFX "Some URB in progress\n"); 1496 1497 mutex_unlock(&upriv->mtx); 1498 1499 if (upriv->read_urb) { 1500 kfree(upriv->read_urb->transfer_buffer); 1501 usb_free_urb(upriv->read_urb); 1502 } 1503 kfree(upriv->bap_buf); 1504 if (upriv->dev) { 1505 struct orinoco_private *priv = ndev_priv(upriv->dev); 1506 orinoco_if_del(priv); 1507 free_orinocodev(priv); 1508 } 1509} 1510 1511static void ezusb_lock_irqsave(spinlock_t *lock, 1512 unsigned long *flags) __acquires(lock) 1513{ 1514 spin_lock_bh(lock); 1515} 1516 1517static void ezusb_unlock_irqrestore(spinlock_t *lock, 1518 unsigned long *flags) __releases(lock) 1519{ 1520 spin_unlock_bh(lock); 1521} 1522 1523static void ezusb_lock_irq(spinlock_t *lock) __acquires(lock) 1524{ 1525 spin_lock_bh(lock); 1526} 1527 1528static void ezusb_unlock_irq(spinlock_t *lock) __releases(lock) 1529{ 1530 spin_unlock_bh(lock); 1531} 1532 1533static const struct hermes_ops ezusb_ops = { 1534 .init = ezusb_init, 1535 .cmd_wait = ezusb_docmd_wait, 1536 .init_cmd_wait = ezusb_doicmd_wait, 1537 .allocate = ezusb_allocate, 1538 .read_ltv = ezusb_read_ltv, 1539 .write_ltv = ezusb_write_ltv, 1540 .bap_pread = ezusb_bap_pread, 1541 .read_pda = ezusb_read_pda, 1542 .program_init = ezusb_program_init, 1543 .program_end = ezusb_program_end, 1544 .program = ezusb_program, 1545 .lock_irqsave = ezusb_lock_irqsave, 1546 .unlock_irqrestore = ezusb_unlock_irqrestore, 1547 .lock_irq = ezusb_lock_irq, 1548 .unlock_irq = ezusb_unlock_irq, 1549}; 1550 1551static const struct net_device_ops ezusb_netdev_ops = { 1552 .ndo_open = orinoco_open, 1553 .ndo_stop = orinoco_stop, 1554 .ndo_start_xmit = ezusb_xmit, 1555 .ndo_set_rx_mode = orinoco_set_multicast_list, 1556 .ndo_change_mtu = orinoco_change_mtu, 1557 .ndo_set_mac_address = eth_mac_addr, 1558 .ndo_validate_addr = eth_validate_addr, 1559 .ndo_tx_timeout = orinoco_tx_timeout, 1560 .ndo_get_stats = orinoco_get_stats, 1561}; 1562 1563static int ezusb_probe(struct usb_interface *interface, 1564 const struct usb_device_id *id) 1565{ 1566 struct usb_device *udev = interface_to_usbdev(interface); 1567 struct orinoco_private *priv; 1568 struct hermes *hw; 1569 struct ezusb_priv *upriv = NULL; 1570 struct usb_interface_descriptor *iface_desc; 1571 struct usb_endpoint_descriptor *ep; 1572 const struct firmware *fw_entry = NULL; 1573 int retval = 0; 1574 int i; 1575 1576 priv = alloc_orinocodev(sizeof(*upriv), &udev->dev, 1577 ezusb_hard_reset, NULL); 1578 if (!priv) { 1579 err("Couldn't allocate orinocodev"); 1580 goto exit; 1581 } 1582 1583 hw = &priv->hw; 1584 1585 upriv = priv->card; 1586 1587 mutex_init(&upriv->mtx); 1588 spin_lock_init(&upriv->reply_count_lock); 1589 1590 spin_lock_init(&upriv->req_lock); 1591 INIT_LIST_HEAD(&upriv->req_pending); 1592 INIT_LIST_HEAD(&upriv->req_active); 1593 1594 upriv->udev = udev; 1595 1596 hw->iobase = (void __force __iomem *) &upriv->hermes_reg_fake; 1597 hw->reg_spacing = HERMES_16BIT_REGSPACING; 1598 hw->priv = upriv; 1599 hw->ops = &ezusb_ops; 1600 1601 /* set up the endpoint information */ 1602 /* check out the endpoints */ 1603 1604 iface_desc = &interface->altsetting[0].desc; 1605 for (i = 0; i < iface_desc->bNumEndpoints; ++i) { 1606 ep = &interface->altsetting[0].endpoint[i].desc; 1607 1608 if (usb_endpoint_is_bulk_in(ep)) { 1609 /* we found a bulk in endpoint */ 1610 if (upriv->read_urb != NULL) { 1611 pr_warn("Found a second bulk in ep, ignored\n"); 1612 continue; 1613 } 1614 1615 upriv->read_urb = usb_alloc_urb(0, GFP_KERNEL); 1616 if (!upriv->read_urb) { 1617 err("No free urbs available"); 1618 goto error; 1619 } 1620 if (le16_to_cpu(ep->wMaxPacketSize) != 64) 1621 pr_warn("bulk in: wMaxPacketSize!= 64\n"); 1622 if (ep->bEndpointAddress != (2 | USB_DIR_IN)) 1623 pr_warn("bulk in: bEndpointAddress: %d\n", 1624 ep->bEndpointAddress); 1625 upriv->read_pipe = usb_rcvbulkpipe(udev, 1626 ep-> 1627 bEndpointAddress); 1628 upriv->read_urb->transfer_buffer = 1629 kmalloc(BULK_BUF_SIZE, GFP_KERNEL); 1630 if (!upriv->read_urb->transfer_buffer) { 1631 err("Couldn't allocate IN buffer"); 1632 goto error; 1633 } 1634 } 1635 1636 if (usb_endpoint_is_bulk_out(ep)) { 1637 /* we found a bulk out endpoint */ 1638 if (upriv->bap_buf != NULL) { 1639 pr_warn("Found a second bulk out ep, ignored\n"); 1640 continue; 1641 } 1642 1643 if (le16_to_cpu(ep->wMaxPacketSize) != 64) 1644 pr_warn("bulk out: wMaxPacketSize != 64\n"); 1645 if (ep->bEndpointAddress != 2) 1646 pr_warn("bulk out: bEndpointAddress: %d\n", 1647 ep->bEndpointAddress); 1648 upriv->write_pipe = usb_sndbulkpipe(udev, 1649 ep-> 1650 bEndpointAddress); 1651 upriv->bap_buf = kmalloc(BULK_BUF_SIZE, GFP_KERNEL); 1652 if (!upriv->bap_buf) { 1653 err("Couldn't allocate bulk_out_buffer"); 1654 goto error; 1655 } 1656 } 1657 } 1658 if (!upriv->bap_buf || !upriv->read_urb) { 1659 err("Didn't find the required bulk endpoints"); 1660 goto error; 1661 } 1662 1663 if (request_firmware(&fw_entry, "orinoco_ezusb_fw", 1664 &interface->dev) == 0) { 1665 firmware.size = fw_entry->size; 1666 firmware.code = fw_entry->data; 1667 } 1668 if (firmware.size && firmware.code) { 1669 if (ezusb_firmware_download(upriv, &firmware) < 0) 1670 goto error; 1671 } else { 1672 err("No firmware to download"); 1673 goto error; 1674 } 1675 1676 if (ezusb_hard_reset(priv) < 0) { 1677 err("Cannot reset the device"); 1678 goto error; 1679 } 1680 1681 /* If the firmware is already downloaded orinoco.c will call 1682 * ezusb_init but if the firmware is not already there, that will make 1683 * the kernel very unstable, so we try initializing here and quit in 1684 * case of error */ 1685 if (ezusb_init(hw) < 0) { 1686 err("Couldn't initialize the device"); 1687 err("Firmware may not be downloaded or may be wrong."); 1688 goto error; 1689 } 1690 1691 /* Initialise the main driver */ 1692 if (orinoco_init(priv) != 0) { 1693 err("orinoco_init() failed\n"); 1694 goto error; 1695 } 1696 1697 if (orinoco_if_add(priv, 0, 0, &ezusb_netdev_ops) != 0) { 1698 upriv->dev = NULL; 1699 err("%s: orinoco_if_add() failed", __func__); 1700 goto error; 1701 } 1702 upriv->dev = priv->ndev; 1703 1704 goto exit; 1705 1706 error: 1707 ezusb_delete(upriv); 1708 if (upriv->dev) { 1709 /* upriv->dev was 0, so ezusb_delete() didn't free it */ 1710 free_orinocodev(priv); 1711 } 1712 upriv = NULL; 1713 retval = -EFAULT; 1714 exit: 1715 if (fw_entry) { 1716 firmware.code = NULL; 1717 firmware.size = 0; 1718 release_firmware(fw_entry); 1719 } 1720 usb_set_intfdata(interface, upriv); 1721 return retval; 1722} 1723 1724 1725static void ezusb_disconnect(struct usb_interface *intf) 1726{ 1727 struct ezusb_priv *upriv = usb_get_intfdata(intf); 1728 usb_set_intfdata(intf, NULL); 1729 ezusb_delete(upriv); 1730 printk(KERN_INFO PFX "Disconnected\n"); 1731} 1732 1733 1734/* usb specific object needed to register this driver with the usb subsystem */ 1735static struct usb_driver orinoco_driver = { 1736 .name = DRIVER_NAME, 1737 .probe = ezusb_probe, 1738 .disconnect = ezusb_disconnect, 1739 .id_table = ezusb_table, 1740 .disable_hub_initiated_lpm = 1, 1741}; 1742 1743module_usb_driver(orinoco_driver); 1744 1745MODULE_AUTHOR("Manuel Estrada Sainz"); 1746MODULE_DESCRIPTION("Driver for Orinoco wireless LAN cards using EZUSB bridge"); 1747MODULE_LICENSE("Dual MPL/GPL"); 1748