1/* 2 * USB Orinoco driver 3 * 4 * Copyright (c) 2003 Manuel Estrada Sainz 5 * 6 * The contents of this file are subject to the Mozilla Public License 7 * Version 1.1 (the "License"); you may not use this file except in 8 * compliance with the License. You may obtain a copy of the License 9 * at http://www.mozilla.org/MPL/ 10 * 11 * Software distributed under the License is distributed on an "AS IS" 12 * basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See 13 * the License for the specific language governing rights and 14 * limitations under the License. 15 * 16 * Alternatively, the contents of this file may be used under the 17 * terms of the GNU General Public License version 2 (the "GPL"), in 18 * which case the provisions of the GPL are applicable instead of the 19 * above. If you wish to allow the use of your version of this file 20 * only under the terms of the GPL and not to allow others to use your 21 * version of this file under the MPL, indicate your decision by 22 * deleting the provisions above and replace them with the notice and 23 * other provisions required by the GPL. If you do not delete the 24 * provisions above, a recipient may use your version of this file 25 * under either the MPL or the GPL. 26 * 27 * Queueing code based on linux-wlan-ng 0.2.1-pre5 28 * 29 * Copyright (C) 1999 AbsoluteValue Systems, Inc. All Rights Reserved. 30 * 31 * The license is the same as above. 32 * 33 * Initialy based on USB Skeleton driver - 0.7 34 * 35 * Copyright (c) 2001 Greg Kroah-Hartman (greg@kroah.com) 36 * 37 * This program is free software; you can redistribute it and/or 38 * modify it under the terms of the GNU General Public License as 39 * published by the Free Software Foundation; either version 2 of 40 * the License, or (at your option) any later version. 41 * 42 * NOTE: The original USB Skeleton driver is GPL, but all that code is 43 * gone so MPL/GPL applies. 44 */ 45 46#define DRIVER_NAME "orinoco_usb" 47#define PFX DRIVER_NAME ": " 48 49#include <linux/module.h> 50#include <linux/kernel.h> 51#include <linux/sched.h> 52#include <linux/signal.h> 53#include <linux/errno.h> 54#include <linux/poll.h> 55#include <linux/init.h> 56#include <linux/slab.h> 57#include <linux/fcntl.h> 58#include <linux/spinlock.h> 59#include <linux/list.h> 60#include <linux/smp_lock.h> 61#include <linux/usb.h> 62#include <linux/timer.h> 63 64#include <linux/netdevice.h> 65#include <linux/if_arp.h> 66#include <linux/etherdevice.h> 67#include <linux/wireless.h> 68#include <linux/firmware.h> 69 70#include "mic.h" 71#include "orinoco.h" 72 73#ifndef URB_ASYNC_UNLINK 74#define URB_ASYNC_UNLINK 0 75#endif 76 77/* 802.2 LLC/SNAP header used for Ethernet encapsulation over 802.11 */ 78static const u8 encaps_hdr[] = {0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00}; 79#define ENCAPS_OVERHEAD (sizeof(encaps_hdr) + 2) 80 81struct header_struct { 82 /* 802.3 */ 83 u8 dest[ETH_ALEN]; 84 u8 src[ETH_ALEN]; 85 __be16 len; 86 /* 802.2 */ 87 u8 dsap; 88 u8 ssap; 89 u8 ctrl; 90 /* SNAP */ 91 u8 oui[3]; 92 __be16 ethertype; 93} __packed; 94 95struct ez_usb_fw { 96 u16 size; 97 const u8 *code; 98}; 99 100static struct ez_usb_fw firmware = { 101 .size = 0, 102 .code = NULL, 103}; 104 105#ifdef CONFIG_USB_DEBUG 106static int debug = 1; 107#else 108static int debug; 109#endif 110 111/* Debugging macros */ 112#undef dbg 113#define dbg(format, arg...) \ 114 do { if (debug) printk(KERN_DEBUG PFX "%s: " format "\n", \ 115 __func__ , ## arg); } while (0) 116#undef err 117#define err(format, arg...) \ 118 do { printk(KERN_ERR PFX format "\n", ## arg); } while (0) 119 120/* Module paramaters */ 121module_param(debug, int, 0644); 122MODULE_PARM_DESC(debug, "Debug enabled or not"); 123 124MODULE_FIRMWARE("orinoco_ezusb_fw"); 125 126/* 127 * Under some conditions, the card gets stuck and stops paying attention 128 * to the world (i.e. data communication stalls) until we do something to 129 * it. Sending an INQ_TALLIES command seems to be enough and should be 130 * harmless otherwise. This behaviour has been observed when using the 131 * driver on a systemimager client during installation. In the past a 132 * timer was used to send INQ_TALLIES commands when there was no other 133 * activity, but it was troublesome and was removed. 134 */ 135 136#define USB_COMPAQ_VENDOR_ID 0x049f /* Compaq Computer Corp. */ 137#define USB_COMPAQ_WL215_ID 0x001f /* Compaq WL215 USB Adapter */ 138#define USB_COMPAQ_W200_ID 0x0076 /* Compaq W200 USB Adapter */ 139#define USB_HP_WL215_ID 0x0082 /* Compaq WL215 USB Adapter */ 140 141#define USB_MELCO_VENDOR_ID 0x0411 142#define USB_BUFFALO_L11_ID 0x0006 /* BUFFALO WLI-USB-L11 */ 143#define USB_BUFFALO_L11G_WR_ID 0x000B /* BUFFALO WLI-USB-L11G-WR */ 144#define USB_BUFFALO_L11G_ID 0x000D /* BUFFALO WLI-USB-L11G */ 145 146#define USB_LUCENT_VENDOR_ID 0x047E /* Lucent Technologies */ 147#define USB_LUCENT_ORINOCO_ID 0x0300 /* Lucent/Agere Orinoco USB Client */ 148 149#define USB_AVAYA8_VENDOR_ID 0x0D98 150#define USB_AVAYAE_VENDOR_ID 0x0D9E 151#define USB_AVAYA_WIRELESS_ID 0x0300 /* Avaya Wireless USB Card */ 152 153#define USB_AGERE_VENDOR_ID 0x0D4E /* Agere Systems */ 154#define USB_AGERE_MODEL0801_ID 0x1000 /* Wireless USB Card Model 0801 */ 155#define USB_AGERE_MODEL0802_ID 0x1001 /* Wireless USB Card Model 0802 */ 156#define USB_AGERE_REBRANDED_ID 0x047A /* WLAN USB Card */ 157 158#define USB_ELSA_VENDOR_ID 0x05CC 159#define USB_ELSA_AIRLANCER_ID 0x3100 /* ELSA AirLancer USB-11 */ 160 161#define USB_LEGEND_VENDOR_ID 0x0E7C 162#define USB_LEGEND_JOYNET_ID 0x0300 /* Joynet WLAN USB Card */ 163 164#define USB_SAMSUNG_VENDOR_ID 0x04E8 165#define USB_SAMSUNG_SEW2001U1_ID 0x5002 /* Samsung SEW-2001u Card */ 166#define USB_SAMSUNG_SEW2001U2_ID 0x5B11 /* Samsung SEW-2001u Card */ 167#define USB_SAMSUNG_SEW2003U_ID 0x7011 /* Samsung SEW-2003U Card */ 168 169#define USB_IGATE_VENDOR_ID 0x0681 170#define USB_IGATE_IGATE_11M_ID 0x0012 /* I-GATE 11M USB Card */ 171 172#define USB_FUJITSU_VENDOR_ID 0x0BF8 173#define USB_FUJITSU_E1100_ID 0x1002 /* connect2AIR WLAN E-1100 USB */ 174 175#define USB_2WIRE_VENDOR_ID 0x1630 176#define USB_2WIRE_WIRELESS_ID 0xff81 /* 2Wire Wireless USB adapter */ 177 178 179#define EZUSB_REQUEST_FW_TRANS 0xA0 180#define EZUSB_REQUEST_TRIGER 0xAA 181#define EZUSB_REQUEST_TRIG_AC 0xAC 182#define EZUSB_CPUCS_REG 0x7F92 183 184#define EZUSB_RID_TX 0x0700 185#define EZUSB_RID_RX 0x0701 186#define EZUSB_RID_INIT1 0x0702 187#define EZUSB_RID_ACK 0x0710 188#define EZUSB_RID_READ_PDA 0x0800 189#define EZUSB_RID_PROG_INIT 0x0852 190#define EZUSB_RID_PROG_SET_ADDR 0x0853 191#define EZUSB_RID_PROG_BYTES 0x0854 192#define EZUSB_RID_PROG_END 0x0855 193#define EZUSB_RID_DOCMD 0x0860 194 195/* Recognize info frames */ 196#define EZUSB_IS_INFO(id) ((id >= 0xF000) && (id <= 0xF2FF)) 197 198#define EZUSB_MAGIC 0x0210 199 200#define EZUSB_FRAME_DATA 1 201#define EZUSB_FRAME_CONTROL 2 202 203#define DEF_TIMEOUT (3*HZ) 204 205#define BULK_BUF_SIZE 2048 206 207#define MAX_DL_SIZE (BULK_BUF_SIZE - sizeof(struct ezusb_packet)) 208 209#define FW_BUF_SIZE 64 210#define FW_VAR_OFFSET_PTR 0x359 211#define FW_VAR_VALUE 0 212#define FW_HOLE_START 0x100 213#define FW_HOLE_END 0x300 214 215struct ezusb_packet { 216 __le16 magic; /* 0x0210 */ 217 u8 req_reply_count; 218 u8 ans_reply_count; 219 __le16 frame_type; /* 0x01 for data frames, 0x02 otherwise */ 220 __le16 size; /* transport size */ 221 __le16 crc; /* CRC up to here */ 222 __le16 hermes_len; 223 __le16 hermes_rid; 224 u8 data[0]; 225} __packed; 226 227/* Table of devices that work or may work with this driver */ 228static struct usb_device_id ezusb_table[] = { 229 {USB_DEVICE(USB_COMPAQ_VENDOR_ID, USB_COMPAQ_WL215_ID)}, 230 {USB_DEVICE(USB_COMPAQ_VENDOR_ID, USB_HP_WL215_ID)}, 231 {USB_DEVICE(USB_COMPAQ_VENDOR_ID, USB_COMPAQ_W200_ID)}, 232 {USB_DEVICE(USB_MELCO_VENDOR_ID, USB_BUFFALO_L11_ID)}, 233 {USB_DEVICE(USB_MELCO_VENDOR_ID, USB_BUFFALO_L11G_WR_ID)}, 234 {USB_DEVICE(USB_MELCO_VENDOR_ID, USB_BUFFALO_L11G_ID)}, 235 {USB_DEVICE(USB_LUCENT_VENDOR_ID, USB_LUCENT_ORINOCO_ID)}, 236 {USB_DEVICE(USB_AVAYA8_VENDOR_ID, USB_AVAYA_WIRELESS_ID)}, 237 {USB_DEVICE(USB_AVAYAE_VENDOR_ID, USB_AVAYA_WIRELESS_ID)}, 238 {USB_DEVICE(USB_AGERE_VENDOR_ID, USB_AGERE_MODEL0801_ID)}, 239 {USB_DEVICE(USB_AGERE_VENDOR_ID, USB_AGERE_MODEL0802_ID)}, 240 {USB_DEVICE(USB_ELSA_VENDOR_ID, USB_ELSA_AIRLANCER_ID)}, 241 {USB_DEVICE(USB_LEGEND_VENDOR_ID, USB_LEGEND_JOYNET_ID)}, 242 {USB_DEVICE_VER(USB_SAMSUNG_VENDOR_ID, USB_SAMSUNG_SEW2001U1_ID, 243 0, 0)}, 244 {USB_DEVICE(USB_SAMSUNG_VENDOR_ID, USB_SAMSUNG_SEW2001U2_ID)}, 245 {USB_DEVICE(USB_SAMSUNG_VENDOR_ID, USB_SAMSUNG_SEW2003U_ID)}, 246 {USB_DEVICE(USB_IGATE_VENDOR_ID, USB_IGATE_IGATE_11M_ID)}, 247 {USB_DEVICE(USB_FUJITSU_VENDOR_ID, USB_FUJITSU_E1100_ID)}, 248 {USB_DEVICE(USB_2WIRE_VENDOR_ID, USB_2WIRE_WIRELESS_ID)}, 249 {USB_DEVICE(USB_AGERE_VENDOR_ID, USB_AGERE_REBRANDED_ID)}, 250 {} /* Terminating entry */ 251}; 252 253MODULE_DEVICE_TABLE(usb, ezusb_table); 254 255/* Structure to hold all of our device specific stuff */ 256struct ezusb_priv { 257 struct usb_device *udev; 258 struct net_device *dev; 259 struct mutex mtx; 260 spinlock_t req_lock; 261 struct list_head req_pending; 262 struct list_head req_active; 263 spinlock_t reply_count_lock; 264 u16 hermes_reg_fake[0x40]; 265 u8 *bap_buf; 266 struct urb *read_urb; 267 int read_pipe; 268 int write_pipe; 269 u8 reply_count; 270}; 271 272enum ezusb_state { 273 EZUSB_CTX_START, 274 EZUSB_CTX_QUEUED, 275 EZUSB_CTX_REQ_SUBMITTED, 276 EZUSB_CTX_REQ_COMPLETE, 277 EZUSB_CTX_RESP_RECEIVED, 278 EZUSB_CTX_REQ_TIMEOUT, 279 EZUSB_CTX_REQ_FAILED, 280 EZUSB_CTX_RESP_TIMEOUT, 281 EZUSB_CTX_REQSUBMIT_FAIL, 282 EZUSB_CTX_COMPLETE, 283}; 284 285struct request_context { 286 struct list_head list; 287 atomic_t refcount; 288 struct completion done; /* Signals that CTX is dead */ 289 int killed; 290 struct urb *outurb; /* OUT for req pkt */ 291 struct ezusb_priv *upriv; 292 struct ezusb_packet *buf; 293 int buf_length; 294 struct timer_list timer; /* Timeout handling */ 295 enum ezusb_state state; /* Current state */ 296 /* the RID that we will wait for */ 297 u16 out_rid; 298 u16 in_rid; 299}; 300 301 302/* Forward declarations */ 303static void ezusb_ctx_complete(struct request_context *ctx); 304static void ezusb_req_queue_run(struct ezusb_priv *upriv); 305static void ezusb_bulk_in_callback(struct urb *urb); 306 307static inline u8 ezusb_reply_inc(u8 count) 308{ 309 if (count < 0x7F) 310 return count + 1; 311 else 312 return 1; 313} 314 315static void ezusb_request_context_put(struct request_context *ctx) 316{ 317 if (!atomic_dec_and_test(&ctx->refcount)) 318 return; 319 320 WARN_ON(!ctx->done.done); 321 BUG_ON(ctx->outurb->status == -EINPROGRESS); 322 BUG_ON(timer_pending(&ctx->timer)); 323 usb_free_urb(ctx->outurb); 324 kfree(ctx->buf); 325 kfree(ctx); 326} 327 328static inline void ezusb_mod_timer(struct ezusb_priv *upriv, 329 struct timer_list *timer, 330 unsigned long expire) 331{ 332 if (!upriv->udev) 333 return; 334 mod_timer(timer, expire); 335} 336 337static void ezusb_request_timerfn(u_long _ctx) 338{ 339 struct request_context *ctx = (void *) _ctx; 340 341 ctx->outurb->transfer_flags |= URB_ASYNC_UNLINK; 342 if (usb_unlink_urb(ctx->outurb) == -EINPROGRESS) { 343 ctx->state = EZUSB_CTX_REQ_TIMEOUT; 344 } else { 345 ctx->state = EZUSB_CTX_RESP_TIMEOUT; 346 dbg("couldn't unlink"); 347 atomic_inc(&ctx->refcount); 348 ctx->killed = 1; 349 ezusb_ctx_complete(ctx); 350 ezusb_request_context_put(ctx); 351 } 352}; 353 354static struct request_context *ezusb_alloc_ctx(struct ezusb_priv *upriv, 355 u16 out_rid, u16 in_rid) 356{ 357 struct request_context *ctx; 358 359 ctx = kzalloc(sizeof(*ctx), GFP_ATOMIC); 360 if (!ctx) 361 return NULL; 362 363 ctx->buf = kmalloc(BULK_BUF_SIZE, GFP_ATOMIC); 364 if (!ctx->buf) { 365 kfree(ctx); 366 return NULL; 367 } 368 ctx->outurb = usb_alloc_urb(0, GFP_ATOMIC); 369 if (!ctx->outurb) { 370 kfree(ctx->buf); 371 kfree(ctx); 372 return NULL; 373 } 374 375 ctx->upriv = upriv; 376 ctx->state = EZUSB_CTX_START; 377 ctx->out_rid = out_rid; 378 ctx->in_rid = in_rid; 379 380 atomic_set(&ctx->refcount, 1); 381 init_completion(&ctx->done); 382 383 init_timer(&ctx->timer); 384 ctx->timer.function = ezusb_request_timerfn; 385 ctx->timer.data = (u_long) ctx; 386 return ctx; 387} 388 389 390/* Hopefully the real complete_all will soon be exported, in the mean 391 * while this should work. */ 392static inline void ezusb_complete_all(struct completion *comp) 393{ 394 complete(comp); 395 complete(comp); 396 complete(comp); 397 complete(comp); 398} 399 400static void ezusb_ctx_complete(struct request_context *ctx) 401{ 402 struct ezusb_priv *upriv = ctx->upriv; 403 unsigned long flags; 404 405 spin_lock_irqsave(&upriv->req_lock, flags); 406 407 list_del_init(&ctx->list); 408 if (upriv->udev) { 409 spin_unlock_irqrestore(&upriv->req_lock, flags); 410 ezusb_req_queue_run(upriv); 411 spin_lock_irqsave(&upriv->req_lock, flags); 412 } 413 414 switch (ctx->state) { 415 case EZUSB_CTX_COMPLETE: 416 case EZUSB_CTX_REQSUBMIT_FAIL: 417 case EZUSB_CTX_REQ_FAILED: 418 case EZUSB_CTX_REQ_TIMEOUT: 419 case EZUSB_CTX_RESP_TIMEOUT: 420 spin_unlock_irqrestore(&upriv->req_lock, flags); 421 422 if ((ctx->out_rid == EZUSB_RID_TX) && upriv->dev) { 423 struct net_device *dev = upriv->dev; 424 struct orinoco_private *priv = ndev_priv(dev); 425 struct net_device_stats *stats = &priv->stats; 426 427 if (ctx->state != EZUSB_CTX_COMPLETE) 428 stats->tx_errors++; 429 else 430 stats->tx_packets++; 431 432 netif_wake_queue(dev); 433 } 434 ezusb_complete_all(&ctx->done); 435 ezusb_request_context_put(ctx); 436 break; 437 438 default: 439 spin_unlock_irqrestore(&upriv->req_lock, flags); 440 if (!upriv->udev) { 441 /* This is normal, as all request contexts get flushed 442 * when the device is disconnected */ 443 err("Called, CTX not terminating, but device gone"); 444 ezusb_complete_all(&ctx->done); 445 ezusb_request_context_put(ctx); 446 break; 447 } 448 449 err("Called, CTX not in terminating state."); 450 /* Things are really bad if this happens. Just leak 451 * the CTX because it may still be linked to the 452 * queue or the OUT urb may still be active. 453 * Just leaking at least prevents an Oops or Panic. 454 */ 455 break; 456 } 457} 458 459/** 460 * ezusb_req_queue_run: 461 * Description: 462 * Note: Only one active CTX at any one time, because there's no 463 * other (reliable) way to match the response URB to the correct 464 * CTX. 465 **/ 466static void ezusb_req_queue_run(struct ezusb_priv *upriv) 467{ 468 unsigned long flags; 469 struct request_context *ctx; 470 int result; 471 472 spin_lock_irqsave(&upriv->req_lock, flags); 473 474 if (!list_empty(&upriv->req_active)) 475 goto unlock; 476 477 if (list_empty(&upriv->req_pending)) 478 goto unlock; 479 480 ctx = 481 list_entry(upriv->req_pending.next, struct request_context, 482 list); 483 484 if (!ctx->upriv->udev) 485 goto unlock; 486 487 /* We need to split this off to avoid a race condition */ 488 list_move_tail(&ctx->list, &upriv->req_active); 489 490 if (ctx->state == EZUSB_CTX_QUEUED) { 491 atomic_inc(&ctx->refcount); 492 result = usb_submit_urb(ctx->outurb, GFP_ATOMIC); 493 if (result) { 494 ctx->state = EZUSB_CTX_REQSUBMIT_FAIL; 495 496 spin_unlock_irqrestore(&upriv->req_lock, flags); 497 498 err("Fatal, failed to submit command urb." 499 " error=%d\n", result); 500 501 ezusb_ctx_complete(ctx); 502 ezusb_request_context_put(ctx); 503 goto done; 504 } 505 506 ctx->state = EZUSB_CTX_REQ_SUBMITTED; 507 ezusb_mod_timer(ctx->upriv, &ctx->timer, 508 jiffies + DEF_TIMEOUT); 509 } 510 511 unlock: 512 spin_unlock_irqrestore(&upriv->req_lock, flags); 513 514 done: 515 return; 516} 517 518static void ezusb_req_enqueue_run(struct ezusb_priv *upriv, 519 struct request_context *ctx) 520{ 521 unsigned long flags; 522 523 spin_lock_irqsave(&upriv->req_lock, flags); 524 525 if (!ctx->upriv->udev) { 526 spin_unlock_irqrestore(&upriv->req_lock, flags); 527 goto done; 528 } 529 atomic_inc(&ctx->refcount); 530 list_add_tail(&ctx->list, &upriv->req_pending); 531 spin_unlock_irqrestore(&upriv->req_lock, flags); 532 533 ctx->state = EZUSB_CTX_QUEUED; 534 ezusb_req_queue_run(upriv); 535 536 done: 537 return; 538} 539 540static void ezusb_request_out_callback(struct urb *urb) 541{ 542 unsigned long flags; 543 enum ezusb_state state; 544 struct request_context *ctx = urb->context; 545 struct ezusb_priv *upriv = ctx->upriv; 546 547 spin_lock_irqsave(&upriv->req_lock, flags); 548 549 del_timer(&ctx->timer); 550 551 if (ctx->killed) { 552 spin_unlock_irqrestore(&upriv->req_lock, flags); 553 pr_warning("interrupt called with dead ctx"); 554 goto out; 555 } 556 557 state = ctx->state; 558 559 if (urb->status == 0) { 560 switch (state) { 561 case EZUSB_CTX_REQ_SUBMITTED: 562 if (ctx->in_rid) { 563 ctx->state = EZUSB_CTX_REQ_COMPLETE; 564 /* reply URB still pending */ 565 ezusb_mod_timer(upriv, &ctx->timer, 566 jiffies + DEF_TIMEOUT); 567 spin_unlock_irqrestore(&upriv->req_lock, 568 flags); 569 break; 570 } 571 /* fall through */ 572 case EZUSB_CTX_RESP_RECEIVED: 573 /* IN already received before this OUT-ACK */ 574 ctx->state = EZUSB_CTX_COMPLETE; 575 spin_unlock_irqrestore(&upriv->req_lock, flags); 576 ezusb_ctx_complete(ctx); 577 break; 578 579 default: 580 spin_unlock_irqrestore(&upriv->req_lock, flags); 581 err("Unexpected state(0x%x, %d) in OUT URB", 582 state, urb->status); 583 break; 584 } 585 } else { 586 /* If someone cancels the OUT URB then its status 587 * should be either -ECONNRESET or -ENOENT. 588 */ 589 switch (state) { 590 case EZUSB_CTX_REQ_SUBMITTED: 591 case EZUSB_CTX_RESP_RECEIVED: 592 ctx->state = EZUSB_CTX_REQ_FAILED; 593 /* fall through */ 594 595 case EZUSB_CTX_REQ_FAILED: 596 case EZUSB_CTX_REQ_TIMEOUT: 597 spin_unlock_irqrestore(&upriv->req_lock, flags); 598 599 ezusb_ctx_complete(ctx); 600 break; 601 602 default: 603 spin_unlock_irqrestore(&upriv->req_lock, flags); 604 605 err("Unexpected state(0x%x, %d) in OUT URB", 606 state, urb->status); 607 break; 608 } 609 } 610 out: 611 ezusb_request_context_put(ctx); 612} 613 614static void ezusb_request_in_callback(struct ezusb_priv *upriv, 615 struct urb *urb) 616{ 617 struct ezusb_packet *ans = urb->transfer_buffer; 618 struct request_context *ctx = NULL; 619 enum ezusb_state state; 620 unsigned long flags; 621 622 /* Find the CTX on the active queue that requested this URB */ 623 spin_lock_irqsave(&upriv->req_lock, flags); 624 if (upriv->udev) { 625 struct list_head *item; 626 627 list_for_each(item, &upriv->req_active) { 628 struct request_context *c; 629 int reply_count; 630 631 c = list_entry(item, struct request_context, list); 632 reply_count = 633 ezusb_reply_inc(c->buf->req_reply_count); 634 if ((ans->ans_reply_count == reply_count) 635 && (le16_to_cpu(ans->hermes_rid) == c->in_rid)) { 636 ctx = c; 637 break; 638 } 639 dbg("Skipped (0x%x/0x%x) (%d/%d)", 640 le16_to_cpu(ans->hermes_rid), 641 c->in_rid, ans->ans_reply_count, reply_count); 642 } 643 } 644 645 if (ctx == NULL) { 646 spin_unlock_irqrestore(&upriv->req_lock, flags); 647 err("%s: got unexpected RID: 0x%04X", __func__, 648 le16_to_cpu(ans->hermes_rid)); 649 ezusb_req_queue_run(upriv); 650 return; 651 } 652 653 /* The data we want is in the in buffer, exchange */ 654 urb->transfer_buffer = ctx->buf; 655 ctx->buf = (void *) ans; 656 ctx->buf_length = urb->actual_length; 657 658 state = ctx->state; 659 switch (state) { 660 case EZUSB_CTX_REQ_SUBMITTED: 661 /* We have received our response URB before 662 * our request has been acknowledged. Do NOT 663 * destroy our CTX yet, because our OUT URB 664 * is still alive ... 665 */ 666 ctx->state = EZUSB_CTX_RESP_RECEIVED; 667 spin_unlock_irqrestore(&upriv->req_lock, flags); 668 669 /* Let the machine continue running. */ 670 break; 671 672 case EZUSB_CTX_REQ_COMPLETE: 673 /* This is the usual path: our request 674 * has already been acknowledged, and 675 * we have now received the reply. 676 */ 677 ctx->state = EZUSB_CTX_COMPLETE; 678 679 /* Stop the intimer */ 680 del_timer(&ctx->timer); 681 spin_unlock_irqrestore(&upriv->req_lock, flags); 682 683 /* Call the completion handler */ 684 ezusb_ctx_complete(ctx); 685 break; 686 687 default: 688 spin_unlock_irqrestore(&upriv->req_lock, flags); 689 690 pr_warning("Matched IN URB, unexpected context state(0x%x)", 691 state); 692 /* Throw this CTX away and try submitting another */ 693 del_timer(&ctx->timer); 694 ctx->outurb->transfer_flags |= URB_ASYNC_UNLINK; 695 usb_unlink_urb(ctx->outurb); 696 ezusb_req_queue_run(upriv); 697 break; 698 } /* switch */ 699} 700 701 702static void ezusb_req_ctx_wait(struct ezusb_priv *upriv, 703 struct request_context *ctx) 704{ 705 switch (ctx->state) { 706 case EZUSB_CTX_QUEUED: 707 case EZUSB_CTX_REQ_SUBMITTED: 708 case EZUSB_CTX_REQ_COMPLETE: 709 case EZUSB_CTX_RESP_RECEIVED: 710 if (in_softirq()) { 711 /* If we get called from a timer, timeout timers don't 712 * get the chance to run themselves. So we make sure 713 * that we don't sleep for ever */ 714 int msecs = DEF_TIMEOUT * (1000 / HZ); 715 while (!ctx->done.done && msecs--) 716 udelay(1000); 717 } else { 718 wait_event_interruptible(ctx->done.wait, 719 ctx->done.done); 720 } 721 break; 722 default: 723 /* Done or failed - nothing to wait for */ 724 break; 725 } 726} 727 728static inline u16 build_crc(struct ezusb_packet *data) 729{ 730 u16 crc = 0; 731 u8 *bytes = (u8 *)data; 732 int i; 733 734 for (i = 0; i < 8; i++) 735 crc = (crc << 1) + bytes[i]; 736 737 return crc; 738} 739 740/** 741 * ezusb_fill_req: 742 * 743 * if data == NULL and length > 0 the data is assumed to be already in 744 * the target buffer and only the header is filled. 745 * 746 */ 747static int ezusb_fill_req(struct ezusb_packet *req, u16 length, u16 rid, 748 const void *data, u16 frame_type, u8 reply_count) 749{ 750 int total_size = sizeof(*req) + length; 751 752 BUG_ON(total_size > BULK_BUF_SIZE); 753 754 req->magic = cpu_to_le16(EZUSB_MAGIC); 755 req->req_reply_count = reply_count; 756 req->ans_reply_count = 0; 757 req->frame_type = cpu_to_le16(frame_type); 758 req->size = cpu_to_le16(length + 4); 759 req->crc = cpu_to_le16(build_crc(req)); 760 req->hermes_len = cpu_to_le16(HERMES_BYTES_TO_RECLEN(length)); 761 req->hermes_rid = cpu_to_le16(rid); 762 if (data) 763 memcpy(req->data, data, length); 764 return total_size; 765} 766 767static int ezusb_submit_in_urb(struct ezusb_priv *upriv) 768{ 769 int retval = 0; 770 void *cur_buf = upriv->read_urb->transfer_buffer; 771 772 if (upriv->read_urb->status == -EINPROGRESS) { 773 dbg("urb busy, not resubmiting"); 774 retval = -EBUSY; 775 goto exit; 776 } 777 usb_fill_bulk_urb(upriv->read_urb, upriv->udev, upriv->read_pipe, 778 cur_buf, BULK_BUF_SIZE, 779 ezusb_bulk_in_callback, upriv); 780 upriv->read_urb->transfer_flags = 0; 781 retval = usb_submit_urb(upriv->read_urb, GFP_ATOMIC); 782 if (retval) 783 err("%s submit failed %d", __func__, retval); 784 785 exit: 786 return retval; 787} 788 789static inline int ezusb_8051_cpucs(struct ezusb_priv *upriv, int reset) 790{ 791 u8 res_val = reset; /* avoid argument promotion */ 792 793 if (!upriv->udev) { 794 err("%s: !upriv->udev", __func__); 795 return -EFAULT; 796 } 797 return usb_control_msg(upriv->udev, 798 usb_sndctrlpipe(upriv->udev, 0), 799 EZUSB_REQUEST_FW_TRANS, 800 USB_TYPE_VENDOR | USB_RECIP_DEVICE | 801 USB_DIR_OUT, EZUSB_CPUCS_REG, 0, &res_val, 802 sizeof(res_val), DEF_TIMEOUT); 803} 804 805static int ezusb_firmware_download(struct ezusb_priv *upriv, 806 struct ez_usb_fw *fw) 807{ 808 u8 fw_buffer[FW_BUF_SIZE]; 809 int retval, addr; 810 int variant_offset; 811 812 /* 813 * This byte is 1 and should be replaced with 0. The offset is 814 * 0x10AD in version 0.0.6. The byte in question should follow 815 * the end of the code pointed to by the jump in the beginning 816 * of the firmware. Also, it is read by code located at 0x358. 817 */ 818 variant_offset = be16_to_cpup((__be16 *) &fw->code[FW_VAR_OFFSET_PTR]); 819 if (variant_offset >= fw->size) { 820 printk(KERN_ERR PFX "Invalid firmware variant offset: " 821 "0x%04x\n", variant_offset); 822 retval = -EINVAL; 823 goto fail; 824 } 825 826 retval = ezusb_8051_cpucs(upriv, 1); 827 if (retval < 0) 828 goto fail; 829 for (addr = 0; addr < fw->size; addr += FW_BUF_SIZE) { 830 /* 0x100-0x300 should be left alone, it contains card 831 * specific data, like USB enumeration information */ 832 if ((addr >= FW_HOLE_START) && (addr < FW_HOLE_END)) 833 continue; 834 835 memcpy(fw_buffer, &fw->code[addr], FW_BUF_SIZE); 836 if (variant_offset >= addr && 837 variant_offset < addr + FW_BUF_SIZE) { 838 dbg("Patching card_variant byte at 0x%04X", 839 variant_offset); 840 fw_buffer[variant_offset - addr] = FW_VAR_VALUE; 841 } 842 retval = usb_control_msg(upriv->udev, 843 usb_sndctrlpipe(upriv->udev, 0), 844 EZUSB_REQUEST_FW_TRANS, 845 USB_TYPE_VENDOR | USB_RECIP_DEVICE 846 | USB_DIR_OUT, 847 addr, 0x0, 848 fw_buffer, FW_BUF_SIZE, 849 DEF_TIMEOUT); 850 851 if (retval < 0) 852 goto fail; 853 } 854 retval = ezusb_8051_cpucs(upriv, 0); 855 if (retval < 0) 856 goto fail; 857 858 goto exit; 859 fail: 860 printk(KERN_ERR PFX "Firmware download failed, error %d\n", 861 retval); 862 exit: 863 return retval; 864} 865 866static int ezusb_access_ltv(struct ezusb_priv *upriv, 867 struct request_context *ctx, 868 u16 length, const void *data, u16 frame_type, 869 void *ans_buff, int ans_size, u16 *ans_length) 870{ 871 int req_size; 872 int retval = 0; 873 enum ezusb_state state; 874 875 BUG_ON(in_irq()); 876 877 if (!upriv->udev) { 878 dbg("Device disconnected"); 879 return -ENODEV; 880 } 881 882 if (upriv->read_urb->status != -EINPROGRESS) 883 err("%s: in urb not pending", __func__); 884 885 /* protect upriv->reply_count, guarantee sequential numbers */ 886 spin_lock_bh(&upriv->reply_count_lock); 887 req_size = ezusb_fill_req(ctx->buf, length, ctx->out_rid, data, 888 frame_type, upriv->reply_count); 889 usb_fill_bulk_urb(ctx->outurb, upriv->udev, upriv->write_pipe, 890 ctx->buf, req_size, 891 ezusb_request_out_callback, ctx); 892 893 if (ctx->in_rid) 894 upriv->reply_count = ezusb_reply_inc(upriv->reply_count); 895 896 ezusb_req_enqueue_run(upriv, ctx); 897 898 spin_unlock_bh(&upriv->reply_count_lock); 899 900 if (ctx->in_rid) 901 ezusb_req_ctx_wait(upriv, ctx); 902 903 state = ctx->state; 904 switch (state) { 905 case EZUSB_CTX_COMPLETE: 906 retval = ctx->outurb->status; 907 break; 908 909 case EZUSB_CTX_QUEUED: 910 case EZUSB_CTX_REQ_SUBMITTED: 911 if (!ctx->in_rid) 912 break; 913 default: 914 err("%s: Unexpected context state %d", __func__, 915 state); 916 /* fall though */ 917 case EZUSB_CTX_REQ_TIMEOUT: 918 case EZUSB_CTX_REQ_FAILED: 919 case EZUSB_CTX_RESP_TIMEOUT: 920 case EZUSB_CTX_REQSUBMIT_FAIL: 921 printk(KERN_ERR PFX "Access failed, resetting (state %d," 922 " reply_count %d)\n", state, upriv->reply_count); 923 upriv->reply_count = 0; 924 if (state == EZUSB_CTX_REQ_TIMEOUT 925 || state == EZUSB_CTX_RESP_TIMEOUT) { 926 printk(KERN_ERR PFX "ctx timed out\n"); 927 retval = -ETIMEDOUT; 928 } else { 929 printk(KERN_ERR PFX "ctx failed\n"); 930 retval = -EFAULT; 931 } 932 goto exit; 933 break; 934 } 935 if (ctx->in_rid) { 936 struct ezusb_packet *ans = ctx->buf; 937 int exp_len; 938 939 if (ans->hermes_len != 0) 940 exp_len = le16_to_cpu(ans->hermes_len) * 2 + 12; 941 else 942 exp_len = 14; 943 944 if (exp_len != ctx->buf_length) { 945 err("%s: length mismatch for RID 0x%04x: " 946 "expected %d, got %d", __func__, 947 ctx->in_rid, exp_len, ctx->buf_length); 948 retval = -EIO; 949 goto exit; 950 } 951 952 if (ans_buff) 953 memcpy(ans_buff, ans->data, 954 min_t(int, exp_len, ans_size)); 955 if (ans_length) 956 *ans_length = le16_to_cpu(ans->hermes_len); 957 } 958 exit: 959 ezusb_request_context_put(ctx); 960 return retval; 961} 962 963static int ezusb_write_ltv(hermes_t *hw, int bap, u16 rid, 964 u16 length, const void *data) 965{ 966 struct ezusb_priv *upriv = hw->priv; 967 u16 frame_type; 968 struct request_context *ctx; 969 970 if (length == 0) 971 return -EINVAL; 972 973 length = HERMES_RECLEN_TO_BYTES(length); 974 975 /* On memory mapped devices HERMES_RID_CNFGROUPADDRESSES can be 976 * set to be empty, but the USB bridge doesn't like it */ 977 if (length == 0) 978 return 0; 979 980 ctx = ezusb_alloc_ctx(upriv, rid, EZUSB_RID_ACK); 981 if (!ctx) 982 return -ENOMEM; 983 984 if (rid == EZUSB_RID_TX) 985 frame_type = EZUSB_FRAME_DATA; 986 else 987 frame_type = EZUSB_FRAME_CONTROL; 988 989 return ezusb_access_ltv(upriv, ctx, length, data, frame_type, 990 NULL, 0, NULL); 991} 992 993static int ezusb_read_ltv(hermes_t *hw, int bap, u16 rid, 994 unsigned bufsize, u16 *length, void *buf) 995{ 996 struct ezusb_priv *upriv = hw->priv; 997 struct request_context *ctx; 998 999 if ((bufsize < 0) || (bufsize % 2)) 1000 return -EINVAL; 1001 1002 ctx = ezusb_alloc_ctx(upriv, rid, rid); 1003 if (!ctx) 1004 return -ENOMEM; 1005 1006 return ezusb_access_ltv(upriv, ctx, 0, NULL, EZUSB_FRAME_CONTROL, 1007 buf, bufsize, length); 1008} 1009 1010static int ezusb_doicmd_wait(hermes_t *hw, u16 cmd, u16 parm0, u16 parm1, 1011 u16 parm2, struct hermes_response *resp) 1012{ 1013 struct ezusb_priv *upriv = hw->priv; 1014 struct request_context *ctx; 1015 1016 __le16 data[4] = { 1017 cpu_to_le16(cmd), 1018 cpu_to_le16(parm0), 1019 cpu_to_le16(parm1), 1020 cpu_to_le16(parm2), 1021 }; 1022 dbg("0x%04X, parm0 0x%04X, parm1 0x%04X, parm2 0x%04X", 1023 cmd, parm0, parm1, parm2); 1024 ctx = ezusb_alloc_ctx(upriv, EZUSB_RID_DOCMD, EZUSB_RID_ACK); 1025 if (!ctx) 1026 return -ENOMEM; 1027 1028 return ezusb_access_ltv(upriv, ctx, sizeof(data), &data, 1029 EZUSB_FRAME_CONTROL, NULL, 0, NULL); 1030} 1031 1032static int ezusb_docmd_wait(hermes_t *hw, u16 cmd, u16 parm0, 1033 struct hermes_response *resp) 1034{ 1035 struct ezusb_priv *upriv = hw->priv; 1036 struct request_context *ctx; 1037 1038 __le16 data[4] = { 1039 cpu_to_le16(cmd), 1040 cpu_to_le16(parm0), 1041 0, 1042 0, 1043 }; 1044 dbg("0x%04X, parm0 0x%04X", cmd, parm0); 1045 ctx = ezusb_alloc_ctx(upriv, EZUSB_RID_DOCMD, EZUSB_RID_ACK); 1046 if (!ctx) 1047 return -ENOMEM; 1048 1049 return ezusb_access_ltv(upriv, ctx, sizeof(data), &data, 1050 EZUSB_FRAME_CONTROL, NULL, 0, NULL); 1051} 1052 1053static int ezusb_bap_pread(struct hermes *hw, int bap, 1054 void *buf, int len, u16 id, u16 offset) 1055{ 1056 struct ezusb_priv *upriv = hw->priv; 1057 struct ezusb_packet *ans = (void *) upriv->read_urb->transfer_buffer; 1058 int actual_length = upriv->read_urb->actual_length; 1059 1060 if (id == EZUSB_RID_RX) { 1061 if ((sizeof(*ans) + offset + len) > actual_length) { 1062 printk(KERN_ERR PFX "BAP read beyond buffer end " 1063 "in rx frame\n"); 1064 return -EINVAL; 1065 } 1066 memcpy(buf, ans->data + offset, len); 1067 return 0; 1068 } 1069 1070 if (EZUSB_IS_INFO(id)) { 1071 /* Include 4 bytes for length/type */ 1072 if ((sizeof(*ans) + offset + len - 4) > actual_length) { 1073 printk(KERN_ERR PFX "BAP read beyond buffer end " 1074 "in info frame\n"); 1075 return -EFAULT; 1076 } 1077 memcpy(buf, ans->data + offset - 4, len); 1078 } else { 1079 printk(KERN_ERR PFX "Unexpected fid 0x%04x\n", id); 1080 return -EINVAL; 1081 } 1082 1083 return 0; 1084} 1085 1086static int ezusb_read_pda(struct hermes *hw, __le16 *pda, 1087 u32 pda_addr, u16 pda_len) 1088{ 1089 struct ezusb_priv *upriv = hw->priv; 1090 struct request_context *ctx; 1091 __le16 data[] = { 1092 cpu_to_le16(pda_addr & 0xffff), 1093 cpu_to_le16(pda_len - 4) 1094 }; 1095 ctx = ezusb_alloc_ctx(upriv, EZUSB_RID_READ_PDA, EZUSB_RID_READ_PDA); 1096 if (!ctx) 1097 return -ENOMEM; 1098 1099 /* wl_lkm does not include PDA size in the PDA area. 1100 * We will pad the information into pda, so other routines 1101 * don't have to be modified */ 1102 pda[0] = cpu_to_le16(pda_len - 2); 1103 /* Includes CFG_PROD_DATA but not itself */ 1104 pda[1] = cpu_to_le16(0x0800); /* CFG_PROD_DATA */ 1105 1106 return ezusb_access_ltv(upriv, ctx, sizeof(data), &data, 1107 EZUSB_FRAME_CONTROL, &pda[2], pda_len - 4, 1108 NULL); 1109} 1110 1111static int ezusb_program_init(struct hermes *hw, u32 entry_point) 1112{ 1113 struct ezusb_priv *upriv = hw->priv; 1114 struct request_context *ctx; 1115 __le32 data = cpu_to_le32(entry_point); 1116 1117 ctx = ezusb_alloc_ctx(upriv, EZUSB_RID_PROG_INIT, EZUSB_RID_ACK); 1118 if (!ctx) 1119 return -ENOMEM; 1120 1121 return ezusb_access_ltv(upriv, ctx, sizeof(data), &data, 1122 EZUSB_FRAME_CONTROL, NULL, 0, NULL); 1123} 1124 1125static int ezusb_program_end(struct hermes *hw) 1126{ 1127 struct ezusb_priv *upriv = hw->priv; 1128 struct request_context *ctx; 1129 1130 ctx = ezusb_alloc_ctx(upriv, EZUSB_RID_PROG_END, EZUSB_RID_ACK); 1131 if (!ctx) 1132 return -ENOMEM; 1133 1134 return ezusb_access_ltv(upriv, ctx, 0, NULL, 1135 EZUSB_FRAME_CONTROL, NULL, 0, NULL); 1136} 1137 1138static int ezusb_program_bytes(struct hermes *hw, const char *buf, 1139 u32 addr, u32 len) 1140{ 1141 struct ezusb_priv *upriv = hw->priv; 1142 struct request_context *ctx; 1143 __le32 data = cpu_to_le32(addr); 1144 int err; 1145 1146 ctx = ezusb_alloc_ctx(upriv, EZUSB_RID_PROG_SET_ADDR, EZUSB_RID_ACK); 1147 if (!ctx) 1148 return -ENOMEM; 1149 1150 err = ezusb_access_ltv(upriv, ctx, sizeof(data), &data, 1151 EZUSB_FRAME_CONTROL, NULL, 0, NULL); 1152 if (err) 1153 return err; 1154 1155 ctx = ezusb_alloc_ctx(upriv, EZUSB_RID_PROG_BYTES, EZUSB_RID_ACK); 1156 if (!ctx) 1157 return -ENOMEM; 1158 1159 return ezusb_access_ltv(upriv, ctx, len, buf, 1160 EZUSB_FRAME_CONTROL, NULL, 0, NULL); 1161} 1162 1163static int ezusb_program(struct hermes *hw, const char *buf, 1164 u32 addr, u32 len) 1165{ 1166 u32 ch_addr; 1167 u32 ch_len; 1168 int err = 0; 1169 1170 /* We can only send 2048 bytes out of the bulk xmit at a time, 1171 * so we have to split any programming into chunks of <2048 1172 * bytes. */ 1173 1174 ch_len = (len < MAX_DL_SIZE) ? len : MAX_DL_SIZE; 1175 ch_addr = addr; 1176 1177 while (ch_addr < (addr + len)) { 1178 pr_debug("Programming subblock of length %d " 1179 "to address 0x%08x. Data @ %p\n", 1180 ch_len, ch_addr, &buf[ch_addr - addr]); 1181 1182 err = ezusb_program_bytes(hw, &buf[ch_addr - addr], 1183 ch_addr, ch_len); 1184 if (err) 1185 break; 1186 1187 ch_addr += ch_len; 1188 ch_len = ((addr + len - ch_addr) < MAX_DL_SIZE) ? 1189 (addr + len - ch_addr) : MAX_DL_SIZE; 1190 } 1191 1192 return err; 1193} 1194 1195static netdev_tx_t ezusb_xmit(struct sk_buff *skb, struct net_device *dev) 1196{ 1197 struct orinoco_private *priv = ndev_priv(dev); 1198 struct net_device_stats *stats = &priv->stats; 1199 struct ezusb_priv *upriv = priv->card; 1200 u8 mic[MICHAEL_MIC_LEN+1]; 1201 int err = 0; 1202 int tx_control; 1203 unsigned long flags; 1204 struct request_context *ctx; 1205 u8 *buf; 1206 int tx_size; 1207 1208 if (!netif_running(dev)) { 1209 printk(KERN_ERR "%s: Tx on stopped device!\n", 1210 dev->name); 1211 return NETDEV_TX_BUSY; 1212 } 1213 1214 if (netif_queue_stopped(dev)) { 1215 printk(KERN_DEBUG "%s: Tx while transmitter busy!\n", 1216 dev->name); 1217 return NETDEV_TX_BUSY; 1218 } 1219 1220 if (orinoco_lock(priv, &flags) != 0) { 1221 printk(KERN_ERR 1222 "%s: ezusb_xmit() called while hw_unavailable\n", 1223 dev->name); 1224 return NETDEV_TX_BUSY; 1225 } 1226 1227 if (!netif_carrier_ok(dev) || 1228 (priv->iw_mode == NL80211_IFTYPE_MONITOR)) { 1229 /* Oops, the firmware hasn't established a connection, 1230 silently drop the packet (this seems to be the 1231 safest approach). */ 1232 goto drop; 1233 } 1234 1235 /* Check packet length */ 1236 if (skb->len < ETH_HLEN) 1237 goto drop; 1238 1239 ctx = ezusb_alloc_ctx(upriv, EZUSB_RID_TX, 0); 1240 if (!ctx) 1241 goto busy; 1242 1243 memset(ctx->buf, 0, BULK_BUF_SIZE); 1244 buf = ctx->buf->data; 1245 1246 tx_control = 0; 1247 1248 err = orinoco_process_xmit_skb(skb, dev, priv, &tx_control, 1249 &mic[0]); 1250 if (err) 1251 goto drop; 1252 1253 { 1254 __le16 *tx_cntl = (__le16 *)buf; 1255 *tx_cntl = cpu_to_le16(tx_control); 1256 buf += sizeof(*tx_cntl); 1257 } 1258 1259 memcpy(buf, skb->data, skb->len); 1260 buf += skb->len; 1261 1262 if (tx_control & HERMES_TXCTRL_MIC) { 1263 u8 *m = mic; 1264 /* Mic has been offset so it can be copied to an even 1265 * address. We're copying eveything anyway, so we 1266 * don't need to copy that first byte. */ 1267 if (skb->len % 2) 1268 m++; 1269 memcpy(buf, m, MICHAEL_MIC_LEN); 1270 buf += MICHAEL_MIC_LEN; 1271 } 1272 1273 /* Finally, we actually initiate the send */ 1274 netif_stop_queue(dev); 1275 1276 /* The card may behave better if we send evenly sized usb transfers */ 1277 tx_size = ALIGN(buf - ctx->buf->data, 2); 1278 1279 err = ezusb_access_ltv(upriv, ctx, tx_size, NULL, 1280 EZUSB_FRAME_DATA, NULL, 0, NULL); 1281 1282 if (err) { 1283 netif_start_queue(dev); 1284 if (net_ratelimit()) 1285 printk(KERN_ERR "%s: Error %d transmitting packet\n", 1286 dev->name, err); 1287 goto busy; 1288 } 1289 1290 dev->trans_start = jiffies; 1291 stats->tx_bytes += skb->len; 1292 goto ok; 1293 1294 drop: 1295 stats->tx_errors++; 1296 stats->tx_dropped++; 1297 1298 ok: 1299 orinoco_unlock(priv, &flags); 1300 dev_kfree_skb(skb); 1301 return NETDEV_TX_OK; 1302 1303 busy: 1304 orinoco_unlock(priv, &flags); 1305 return NETDEV_TX_BUSY; 1306} 1307 1308static int ezusb_allocate(struct hermes *hw, u16 size, u16 *fid) 1309{ 1310 *fid = EZUSB_RID_TX; 1311 return 0; 1312} 1313 1314 1315static int ezusb_hard_reset(struct orinoco_private *priv) 1316{ 1317 struct ezusb_priv *upriv = priv->card; 1318 int retval = ezusb_8051_cpucs(upriv, 1); 1319 1320 if (retval < 0) { 1321 err("Failed to reset"); 1322 return retval; 1323 } 1324 1325 retval = ezusb_8051_cpucs(upriv, 0); 1326 if (retval < 0) { 1327 err("Failed to unreset"); 1328 return retval; 1329 } 1330 1331 dbg("sending control message"); 1332 retval = usb_control_msg(upriv->udev, 1333 usb_sndctrlpipe(upriv->udev, 0), 1334 EZUSB_REQUEST_TRIGER, 1335 USB_TYPE_VENDOR | USB_RECIP_DEVICE | 1336 USB_DIR_OUT, 0x0, 0x0, NULL, 0, 1337 DEF_TIMEOUT); 1338 if (retval < 0) { 1339 err("EZUSB_REQUEST_TRIGER failed retval %d", retval); 1340 return retval; 1341 } 1342 1343 return 0; 1344} 1345 1346 1347static int ezusb_init(hermes_t *hw) 1348{ 1349 struct ezusb_priv *upriv = hw->priv; 1350 int retval; 1351 1352 BUG_ON(in_interrupt()); 1353 BUG_ON(!upriv); 1354 1355 upriv->reply_count = 0; 1356 /* Write the MAGIC number on the simulated registers to keep 1357 * orinoco.c happy */ 1358 hermes_write_regn(hw, SWSUPPORT0, HERMES_MAGIC); 1359 hermes_write_regn(hw, RXFID, EZUSB_RID_RX); 1360 1361 usb_kill_urb(upriv->read_urb); 1362 ezusb_submit_in_urb(upriv); 1363 1364 retval = ezusb_write_ltv(hw, 0, EZUSB_RID_INIT1, 1365 HERMES_BYTES_TO_RECLEN(2), "\x10\x00"); 1366 if (retval < 0) { 1367 printk(KERN_ERR PFX "EZUSB_RID_INIT1 error %d\n", retval); 1368 return retval; 1369 } 1370 1371 retval = ezusb_docmd_wait(hw, HERMES_CMD_INIT, 0, NULL); 1372 if (retval < 0) { 1373 printk(KERN_ERR PFX "HERMES_CMD_INIT error %d\n", retval); 1374 return retval; 1375 } 1376 1377 return 0; 1378} 1379 1380static void ezusb_bulk_in_callback(struct urb *urb) 1381{ 1382 struct ezusb_priv *upriv = (struct ezusb_priv *) urb->context; 1383 struct ezusb_packet *ans = urb->transfer_buffer; 1384 u16 crc; 1385 u16 hermes_rid; 1386 1387 if (upriv->udev == NULL) { 1388 dbg("disconnected"); 1389 return; 1390 } 1391 1392 if (urb->status == -ETIMEDOUT) { 1393 /* When a device gets unplugged we get this every time 1394 * we resubmit, flooding the logs. Since we don't use 1395 * USB timeouts, it shouldn't happen any other time*/ 1396 pr_warning("%s: urb timed out, not resubmiting", __func__); 1397 return; 1398 } 1399 if (urb->status == -ECONNABORTED) { 1400 pr_warning("%s: connection abort, resubmiting urb", 1401 __func__); 1402 goto resubmit; 1403 } 1404 if ((urb->status == -EILSEQ) 1405 || (urb->status == -ENOENT) 1406 || (urb->status == -ECONNRESET)) { 1407 dbg("status %d, not resubmiting", urb->status); 1408 return; 1409 } 1410 if (urb->status) 1411 dbg("status: %d length: %d", 1412 urb->status, urb->actual_length); 1413 if (urb->actual_length < sizeof(*ans)) { 1414 err("%s: short read, ignoring", __func__); 1415 goto resubmit; 1416 } 1417 crc = build_crc(ans); 1418 if (le16_to_cpu(ans->crc) != crc) { 1419 err("CRC error, ignoring packet"); 1420 goto resubmit; 1421 } 1422 1423 hermes_rid = le16_to_cpu(ans->hermes_rid); 1424 if ((hermes_rid != EZUSB_RID_RX) && !EZUSB_IS_INFO(hermes_rid)) { 1425 ezusb_request_in_callback(upriv, urb); 1426 } else if (upriv->dev) { 1427 struct net_device *dev = upriv->dev; 1428 struct orinoco_private *priv = ndev_priv(dev); 1429 hermes_t *hw = &priv->hw; 1430 1431 if (hermes_rid == EZUSB_RID_RX) { 1432 __orinoco_ev_rx(dev, hw); 1433 } else { 1434 hermes_write_regn(hw, INFOFID, 1435 le16_to_cpu(ans->hermes_rid)); 1436 __orinoco_ev_info(dev, hw); 1437 } 1438 } 1439 1440 resubmit: 1441 if (upriv->udev) 1442 ezusb_submit_in_urb(upriv); 1443} 1444 1445static inline void ezusb_delete(struct ezusb_priv *upriv) 1446{ 1447 struct net_device *dev; 1448 struct list_head *item; 1449 struct list_head *tmp_item; 1450 unsigned long flags; 1451 1452 BUG_ON(in_interrupt()); 1453 BUG_ON(!upriv); 1454 1455 dev = upriv->dev; 1456 mutex_lock(&upriv->mtx); 1457 1458 upriv->udev = NULL; /* No timer will be rearmed from here */ 1459 1460 usb_kill_urb(upriv->read_urb); 1461 1462 spin_lock_irqsave(&upriv->req_lock, flags); 1463 list_for_each_safe(item, tmp_item, &upriv->req_active) { 1464 struct request_context *ctx; 1465 int err; 1466 1467 ctx = list_entry(item, struct request_context, list); 1468 atomic_inc(&ctx->refcount); 1469 1470 ctx->outurb->transfer_flags |= URB_ASYNC_UNLINK; 1471 err = usb_unlink_urb(ctx->outurb); 1472 1473 spin_unlock_irqrestore(&upriv->req_lock, flags); 1474 if (err == -EINPROGRESS) 1475 wait_for_completion(&ctx->done); 1476 1477 del_timer_sync(&ctx->timer); 1478 if (!list_empty(&ctx->list)) 1479 ezusb_ctx_complete(ctx); 1480 1481 ezusb_request_context_put(ctx); 1482 spin_lock_irqsave(&upriv->req_lock, flags); 1483 } 1484 spin_unlock_irqrestore(&upriv->req_lock, flags); 1485 1486 list_for_each_safe(item, tmp_item, &upriv->req_pending) 1487 ezusb_ctx_complete(list_entry(item, 1488 struct request_context, list)); 1489 1490 if (upriv->read_urb && upriv->read_urb->status == -EINPROGRESS) 1491 printk(KERN_ERR PFX "Some URB in progress\n"); 1492 1493 mutex_unlock(&upriv->mtx); 1494 1495 if (upriv->read_urb) { 1496 kfree(upriv->read_urb->transfer_buffer); 1497 usb_free_urb(upriv->read_urb); 1498 } 1499 kfree(upriv->bap_buf); 1500 if (upriv->dev) { 1501 struct orinoco_private *priv = ndev_priv(upriv->dev); 1502 orinoco_if_del(priv); 1503 free_orinocodev(priv); 1504 } 1505} 1506 1507static void ezusb_lock_irqsave(spinlock_t *lock, 1508 unsigned long *flags) __acquires(lock) 1509{ 1510 spin_lock_bh(lock); 1511} 1512 1513static void ezusb_unlock_irqrestore(spinlock_t *lock, 1514 unsigned long *flags) __releases(lock) 1515{ 1516 spin_unlock_bh(lock); 1517} 1518 1519static void ezusb_lock_irq(spinlock_t *lock) __acquires(lock) 1520{ 1521 spin_lock_bh(lock); 1522} 1523 1524static void ezusb_unlock_irq(spinlock_t *lock) __releases(lock) 1525{ 1526 spin_unlock_bh(lock); 1527} 1528 1529static const struct hermes_ops ezusb_ops = { 1530 .init = ezusb_init, 1531 .cmd_wait = ezusb_docmd_wait, 1532 .init_cmd_wait = ezusb_doicmd_wait, 1533 .allocate = ezusb_allocate, 1534 .read_ltv = ezusb_read_ltv, 1535 .write_ltv = ezusb_write_ltv, 1536 .bap_pread = ezusb_bap_pread, 1537 .read_pda = ezusb_read_pda, 1538 .program_init = ezusb_program_init, 1539 .program_end = ezusb_program_end, 1540 .program = ezusb_program, 1541 .lock_irqsave = ezusb_lock_irqsave, 1542 .unlock_irqrestore = ezusb_unlock_irqrestore, 1543 .lock_irq = ezusb_lock_irq, 1544 .unlock_irq = ezusb_unlock_irq, 1545}; 1546 1547static const struct net_device_ops ezusb_netdev_ops = { 1548 .ndo_open = orinoco_open, 1549 .ndo_stop = orinoco_stop, 1550 .ndo_start_xmit = ezusb_xmit, 1551 .ndo_set_multicast_list = orinoco_set_multicast_list, 1552 .ndo_change_mtu = orinoco_change_mtu, 1553 .ndo_set_mac_address = eth_mac_addr, 1554 .ndo_validate_addr = eth_validate_addr, 1555 .ndo_tx_timeout = orinoco_tx_timeout, 1556 .ndo_get_stats = orinoco_get_stats, 1557}; 1558 1559static int ezusb_probe(struct usb_interface *interface, 1560 const struct usb_device_id *id) 1561{ 1562 struct usb_device *udev = interface_to_usbdev(interface); 1563 struct orinoco_private *priv; 1564 hermes_t *hw; 1565 struct ezusb_priv *upriv = NULL; 1566 struct usb_interface_descriptor *iface_desc; 1567 struct usb_endpoint_descriptor *ep; 1568 const struct firmware *fw_entry; 1569 int retval = 0; 1570 int i; 1571 1572 priv = alloc_orinocodev(sizeof(*upriv), &udev->dev, 1573 ezusb_hard_reset, NULL); 1574 if (!priv) { 1575 err("Couldn't allocate orinocodev"); 1576 goto exit; 1577 } 1578 1579 hw = &priv->hw; 1580 1581 upriv = priv->card; 1582 1583 mutex_init(&upriv->mtx); 1584 spin_lock_init(&upriv->reply_count_lock); 1585 1586 spin_lock_init(&upriv->req_lock); 1587 INIT_LIST_HEAD(&upriv->req_pending); 1588 INIT_LIST_HEAD(&upriv->req_active); 1589 1590 upriv->udev = udev; 1591 1592 hw->iobase = (void __force __iomem *) &upriv->hermes_reg_fake; 1593 hw->reg_spacing = HERMES_16BIT_REGSPACING; 1594 hw->priv = upriv; 1595 hw->ops = &ezusb_ops; 1596 1597 /* set up the endpoint information */ 1598 /* check out the endpoints */ 1599 1600 iface_desc = &interface->altsetting[0].desc; 1601 for (i = 0; i < iface_desc->bNumEndpoints; ++i) { 1602 ep = &interface->altsetting[0].endpoint[i].desc; 1603 1604 if (((ep->bEndpointAddress & USB_ENDPOINT_DIR_MASK) 1605 == USB_DIR_IN) && 1606 ((ep->bmAttributes & USB_ENDPOINT_XFERTYPE_MASK) 1607 == USB_ENDPOINT_XFER_BULK)) { 1608 /* we found a bulk in endpoint */ 1609 if (upriv->read_urb != NULL) { 1610 pr_warning("Found a second bulk in ep, ignored"); 1611 continue; 1612 } 1613 1614 upriv->read_urb = usb_alloc_urb(0, GFP_KERNEL); 1615 if (!upriv->read_urb) { 1616 err("No free urbs available"); 1617 goto error; 1618 } 1619 if (le16_to_cpu(ep->wMaxPacketSize) != 64) 1620 pr_warning("bulk in: wMaxPacketSize!= 64"); 1621 if (ep->bEndpointAddress != (2 | USB_DIR_IN)) 1622 pr_warning("bulk in: bEndpointAddress: %d", 1623 ep->bEndpointAddress); 1624 upriv->read_pipe = usb_rcvbulkpipe(udev, 1625 ep-> 1626 bEndpointAddress); 1627 upriv->read_urb->transfer_buffer = 1628 kmalloc(BULK_BUF_SIZE, GFP_KERNEL); 1629 if (!upriv->read_urb->transfer_buffer) { 1630 err("Couldn't allocate IN buffer"); 1631 goto error; 1632 } 1633 } 1634 1635 if (((ep->bEndpointAddress & USB_ENDPOINT_DIR_MASK) 1636 == USB_DIR_OUT) && 1637 ((ep->bmAttributes & USB_ENDPOINT_XFERTYPE_MASK) 1638 == USB_ENDPOINT_XFER_BULK)) { 1639 /* we found a bulk out endpoint */ 1640 if (upriv->bap_buf != NULL) { 1641 pr_warning("Found a second bulk out ep, ignored"); 1642 continue; 1643 } 1644 1645 if (le16_to_cpu(ep->wMaxPacketSize) != 64) 1646 pr_warning("bulk out: wMaxPacketSize != 64"); 1647 if (ep->bEndpointAddress != 2) 1648 pr_warning("bulk out: bEndpointAddress: %d", 1649 ep->bEndpointAddress); 1650 upriv->write_pipe = usb_sndbulkpipe(udev, 1651 ep-> 1652 bEndpointAddress); 1653 upriv->bap_buf = kmalloc(BULK_BUF_SIZE, GFP_KERNEL); 1654 if (!upriv->bap_buf) { 1655 err("Couldn't allocate bulk_out_buffer"); 1656 goto error; 1657 } 1658 } 1659 } 1660 if (!upriv->bap_buf || !upriv->read_urb) { 1661 err("Didn't find the required bulk endpoints"); 1662 goto error; 1663 } 1664 1665 if (request_firmware(&fw_entry, "orinoco_ezusb_fw", 1666 &interface->dev) == 0) { 1667 firmware.size = fw_entry->size; 1668 firmware.code = fw_entry->data; 1669 } 1670 if (firmware.size && firmware.code) { 1671 ezusb_firmware_download(upriv, &firmware); 1672 } else { 1673 err("No firmware to download"); 1674 goto error; 1675 } 1676 1677 if (ezusb_hard_reset(priv) < 0) { 1678 err("Cannot reset the device"); 1679 goto error; 1680 } 1681 1682 /* If the firmware is already downloaded orinoco.c will call 1683 * ezusb_init but if the firmware is not already there, that will make 1684 * the kernel very unstable, so we try initializing here and quit in 1685 * case of error */ 1686 if (ezusb_init(hw) < 0) { 1687 err("Couldn't initialize the device"); 1688 err("Firmware may not be downloaded or may be wrong."); 1689 goto error; 1690 } 1691 1692 /* Initialise the main driver */ 1693 if (orinoco_init(priv) != 0) { 1694 err("orinoco_init() failed\n"); 1695 goto error; 1696 } 1697 1698 if (orinoco_if_add(priv, 0, 0, &ezusb_netdev_ops) != 0) { 1699 upriv->dev = NULL; 1700 err("%s: orinoco_if_add() failed", __func__); 1701 goto error; 1702 } 1703 upriv->dev = priv->ndev; 1704 1705 goto exit; 1706 1707 error: 1708 ezusb_delete(upriv); 1709 if (upriv->dev) { 1710 /* upriv->dev was 0, so ezusb_delete() didn't free it */ 1711 free_orinocodev(priv); 1712 } 1713 upriv = NULL; 1714 retval = -EFAULT; 1715 exit: 1716 if (fw_entry) { 1717 firmware.code = NULL; 1718 firmware.size = 0; 1719 release_firmware(fw_entry); 1720 } 1721 usb_set_intfdata(interface, upriv); 1722 return retval; 1723} 1724 1725 1726static void ezusb_disconnect(struct usb_interface *intf) 1727{ 1728 struct ezusb_priv *upriv = usb_get_intfdata(intf); 1729 usb_set_intfdata(intf, NULL); 1730 ezusb_delete(upriv); 1731 printk(KERN_INFO PFX "Disconnected\n"); 1732} 1733 1734 1735/* usb specific object needed to register this driver with the usb subsystem */ 1736static struct usb_driver orinoco_driver = { 1737 .name = DRIVER_NAME, 1738 .probe = ezusb_probe, 1739 .disconnect = ezusb_disconnect, 1740 .id_table = ezusb_table, 1741}; 1742 1743/* Can't be declared "const" or the whole __initdata section will 1744 * become const */ 1745static char version[] __initdata = DRIVER_NAME " " DRIVER_VERSION 1746 " (Manuel Estrada Sainz)"; 1747 1748static int __init ezusb_module_init(void) 1749{ 1750 int err; 1751 1752 printk(KERN_DEBUG "%s\n", version); 1753 1754 /* register this driver with the USB subsystem */ 1755 err = usb_register(&orinoco_driver); 1756 if (err < 0) { 1757 printk(KERN_ERR PFX "usb_register failed, error %d\n", 1758 err); 1759 return err; 1760 } 1761 1762 return 0; 1763} 1764 1765static void __exit ezusb_module_exit(void) 1766{ 1767 /* deregister this driver with the USB subsystem */ 1768 usb_deregister(&orinoco_driver); 1769} 1770 1771 1772module_init(ezusb_module_init); 1773module_exit(ezusb_module_exit); 1774 1775MODULE_AUTHOR("Manuel Estrada Sainz"); 1776MODULE_DESCRIPTION 1777 ("Driver for Orinoco wireless LAN cards using EZUSB bridge"); 1778MODULE_LICENSE("Dual MPL/GPL"); 1779