2 * Copyright (c) 2006 Damien Bergamini <damien.bergamini@free.fr>
3 * Copyright (c) 2006 Sam Leffler, Errno Consulting
4 * Copyright (c) 2007 Christoph Hellwig <hch@lst.de>
5 * Copyright (c) 2008-2009 Weongyo Jeong <weongyo@freebsd.org>
6 * Copyright (c) 2012 Pontus Fuchs <pontus.fuchs@gmail.com>
8 * Permission to use, copy, modify, and/or distribute this software for any
9 * purpose with or without fee is hereby granted, provided that the above
10 * copyright notice and this permission notice appear in all copies.
12 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
13 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
14 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
15 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
16 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
22 * This driver is based on the uath driver written by Damien Bergamini for
23 * OpenBSD, who did black-box analysis of the Windows binary driver to find
24 * out how the hardware works. It contains a lot magic numbers because of
25 * that and only has minimal functionality.
27 #include <linux/compiler.h>
28 #include <linux/kernel.h>
29 #include <linux/module.h>
30 #include <linux/list.h>
31 #include <linux/completion.h>
32 #include <linux/firmware.h>
33 #include <linux/skbuff.h>
34 #include <linux/usb.h>
35 #include <net/mac80211.h>
38 #include "ar5523_hw.h"
41 * Various supported device vendors/products.
42 * UB51: AR5005UG 802.11b/g, UB52: AR5005UX 802.11a/b/g
45 static int ar5523_submit_rx_cmd(struct ar5523 *ar);
46 static void ar5523_data_tx_pkt_put(struct ar5523 *ar);
48 static void ar5523_read_reply(struct ar5523 *ar, struct ar5523_cmd_hdr *hdr,
49 struct ar5523_tx_cmd *cmd)
54 dlen = be32_to_cpu(hdr->len) - sizeof(*hdr);
61 ar5523_dbg(ar, "Code = %d len = %d\n", be32_to_cpu(hdr->code) & 0xff,
64 rp = (__be32 *)(hdr + 1);
65 if (dlen >= sizeof(u32)) {
66 olen = be32_to_cpu(rp[0]);
69 /* convention is 0 =>'s one word */
76 if (cmd->olen < olen) {
77 ar5523_err(ar, "olen to small %d < %d\n",
80 cmd->res = -EOVERFLOW;
83 memcpy(cmd->odata, &rp[1], olen);
92 static void ar5523_cmd_rx_cb(struct urb *urb)
94 struct ar5523 *ar = urb->context;
95 struct ar5523_tx_cmd *cmd = &ar->tx_cmd;
96 struct ar5523_cmd_hdr *hdr = ar->rx_cmd_buf;
101 if (urb->status != -ESHUTDOWN)
102 ar5523_err(ar, "RX USB error %d.\n", urb->status);
106 if (urb->actual_length < sizeof(struct ar5523_cmd_hdr)) {
107 ar5523_err(ar, "RX USB to short.\n");
111 ar5523_dbg(ar, "%s code %02x priv %d\n", __func__,
112 be32_to_cpu(hdr->code) & 0xff, hdr->priv);
114 code = be32_to_cpu(hdr->code);
115 hdrlen = be32_to_cpu(hdr->len);
117 switch (code & 0xff) {
119 /* reply to a read command */
120 if (hdr->priv != AR5523_CMD_ID) {
121 ar5523_err(ar, "Unexpected command id: %02x\n",
125 ar5523_read_reply(ar, hdr, cmd);
128 case WDCMSG_DEVICE_AVAIL:
129 ar5523_dbg(ar, "WDCMSG_DEVICE_AVAIL\n");
132 complete(&cmd->done);
135 case WDCMSG_SEND_COMPLETE:
136 ar5523_dbg(ar, "WDCMSG_SEND_COMPLETE: %d pending\n",
137 atomic_read(&ar->tx_nr_pending));
138 if (!test_bit(AR5523_HW_UP, &ar->flags))
139 ar5523_dbg(ar, "Unexpected WDCMSG_SEND_COMPLETE\n");
141 mod_timer(&ar->tx_wd_timer,
142 jiffies + AR5523_TX_WD_TIMEOUT);
143 ar5523_data_tx_pkt_put(ar);
148 case WDCMSG_TARGET_START:
149 /* This command returns a bogus id so it needs special
151 dlen = hdrlen - sizeof(*hdr);
152 if (dlen != (int)sizeof(u32)) {
153 ar5523_err(ar, "Invalid reply to WDCMSG_TARGET_START");
156 memcpy(cmd->odata, hdr + 1, sizeof(u32));
157 cmd->olen = sizeof(u32);
159 complete(&cmd->done);
162 case WDCMSG_STATS_UPDATE:
163 ar5523_dbg(ar, "WDCMSG_STATS_UPDATE\n");
168 ar5523_submit_rx_cmd(ar);
171 static int ar5523_alloc_rx_cmd(struct ar5523 *ar)
173 ar->rx_cmd_urb = usb_alloc_urb(0, GFP_KERNEL);
177 ar->rx_cmd_buf = usb_alloc_coherent(ar->dev, AR5523_MAX_RXCMDSZ,
179 &ar->rx_cmd_urb->transfer_dma);
180 if (!ar->rx_cmd_buf) {
181 usb_free_urb(ar->rx_cmd_urb);
187 static void ar5523_cancel_rx_cmd(struct ar5523 *ar)
189 usb_kill_urb(ar->rx_cmd_urb);
192 static void ar5523_free_rx_cmd(struct ar5523 *ar)
194 usb_free_coherent(ar->dev, AR5523_MAX_RXCMDSZ,
195 ar->rx_cmd_buf, ar->rx_cmd_urb->transfer_dma);
196 usb_free_urb(ar->rx_cmd_urb);
199 static int ar5523_submit_rx_cmd(struct ar5523 *ar)
203 usb_fill_bulk_urb(ar->rx_cmd_urb, ar->dev,
204 ar5523_cmd_rx_pipe(ar->dev), ar->rx_cmd_buf,
205 AR5523_MAX_RXCMDSZ, ar5523_cmd_rx_cb, ar);
206 ar->rx_cmd_urb->transfer_flags |= URB_NO_TRANSFER_DMA_MAP;
208 error = usb_submit_urb(ar->rx_cmd_urb, GFP_ATOMIC);
210 if (error != -ENODEV)
211 ar5523_err(ar, "error %d when submitting rx urb\n",
219 * Command submitted cb
221 static void ar5523_cmd_tx_cb(struct urb *urb)
223 struct ar5523_tx_cmd *cmd = urb->context;
224 struct ar5523 *ar = cmd->ar;
227 ar5523_err(ar, "Failed to TX command. Status = %d\n",
229 cmd->res = urb->status;
230 complete(&cmd->done);
234 if (!(cmd->flags & AR5523_CMD_FLAG_READ)) {
236 complete(&cmd->done);
240 static int ar5523_cmd(struct ar5523 *ar, u32 code, const void *idata,
241 int ilen, void *odata, int olen, int flags)
243 struct ar5523_cmd_hdr *hdr;
244 struct ar5523_tx_cmd *cmd = &ar->tx_cmd;
247 /* always bulk-out a multiple of 4 bytes */
248 xferlen = (sizeof(struct ar5523_cmd_hdr) + ilen + 3) & ~3;
250 hdr = (struct ar5523_cmd_hdr *)cmd->buf_tx;
251 memset(hdr, 0, sizeof(struct ar5523_cmd_hdr));
252 hdr->len = cpu_to_be32(xferlen);
253 hdr->code = cpu_to_be32(code);
254 hdr->priv = AR5523_CMD_ID;
256 if (flags & AR5523_CMD_FLAG_MAGIC)
257 hdr->magic = cpu_to_be32(1 << 24);
259 memcpy(hdr + 1, idata, ilen);
265 ar5523_dbg(ar, "do cmd %02x\n", code);
267 usb_fill_bulk_urb(cmd->urb_tx, ar->dev, ar5523_cmd_tx_pipe(ar->dev),
268 cmd->buf_tx, xferlen, ar5523_cmd_tx_cb, cmd);
269 cmd->urb_tx->transfer_flags |= URB_NO_TRANSFER_DMA_MAP;
271 error = usb_submit_urb(cmd->urb_tx, GFP_KERNEL);
273 ar5523_err(ar, "could not send command 0x%x, error=%d\n",
278 if (!wait_for_completion_timeout(&cmd->done, 2 * HZ)) {
280 ar5523_err(ar, "timeout waiting for command %02x reply\n",
282 cmd->res = -ETIMEDOUT;
287 static int ar5523_cmd_write(struct ar5523 *ar, u32 code, const void *data,
290 flags &= ~AR5523_CMD_FLAG_READ;
291 return ar5523_cmd(ar, code, data, len, NULL, 0, flags);
294 static int ar5523_cmd_read(struct ar5523 *ar, u32 code, const void *idata,
295 int ilen, void *odata, int olen, int flags)
297 flags |= AR5523_CMD_FLAG_READ;
298 return ar5523_cmd(ar, code, idata, ilen, odata, olen, flags);
301 static int ar5523_config(struct ar5523 *ar, u32 reg, u32 val)
303 struct ar5523_write_mac write;
306 write.reg = cpu_to_be32(reg);
307 write.len = cpu_to_be32(0); /* 0 = single write */
308 *(__be32 *)write.data = cpu_to_be32(val);
310 error = ar5523_cmd_write(ar, WDCMSG_TARGET_SET_CONFIG, &write,
313 ar5523_err(ar, "could not write register 0x%02x\n", reg);
317 static int ar5523_config_multi(struct ar5523 *ar, u32 reg, const void *data,
320 struct ar5523_write_mac write;
323 write.reg = cpu_to_be32(reg);
324 write.len = cpu_to_be32(len);
325 memcpy(write.data, data, len);
327 /* properly handle the case where len is zero (reset) */
328 error = ar5523_cmd_write(ar, WDCMSG_TARGET_SET_CONFIG, &write,
329 (len == 0) ? sizeof(u32) : 2 * sizeof(u32) + len, 0);
331 ar5523_err(ar, "could not write %d bytes to register 0x%02x\n",
336 static int ar5523_get_status(struct ar5523 *ar, u32 which, void *odata,
342 which_be = cpu_to_be32(which);
343 error = ar5523_cmd_read(ar, WDCMSG_TARGET_GET_STATUS,
344 &which_be, sizeof(which_be), odata, olen, AR5523_CMD_FLAG_MAGIC);
346 ar5523_err(ar, "could not read EEPROM offset 0x%02x\n", which);
350 static int ar5523_get_capability(struct ar5523 *ar, u32 cap, u32 *val)
353 __be32 cap_be, val_be;
355 cap_be = cpu_to_be32(cap);
356 error = ar5523_cmd_read(ar, WDCMSG_TARGET_GET_CAPABILITY, &cap_be,
357 sizeof(cap_be), &val_be, sizeof(__be32),
358 AR5523_CMD_FLAG_MAGIC);
360 ar5523_err(ar, "could not read capability %u\n", cap);
363 *val = be32_to_cpu(val_be);
367 static int ar5523_get_devcap(struct ar5523 *ar)
369 #define GETCAP(x) do { \
370 error = ar5523_get_capability(ar, x, &cap); \
373 ar5523_info(ar, "Cap: " \
374 "%s=0x%08x\n", #x, cap); \
379 /* collect device capabilities */
380 GETCAP(CAP_TARGET_VERSION);
381 GETCAP(CAP_TARGET_REVISION);
382 GETCAP(CAP_MAC_VERSION);
383 GETCAP(CAP_MAC_REVISION);
384 GETCAP(CAP_PHY_REVISION);
385 GETCAP(CAP_ANALOG_5GHz_REVISION);
386 GETCAP(CAP_ANALOG_2GHz_REVISION);
388 GETCAP(CAP_REG_DOMAIN);
389 GETCAP(CAP_REG_CAP_BITS);
390 GETCAP(CAP_WIRELESS_MODES);
391 GETCAP(CAP_CHAN_SPREAD_SUPPORT);
392 GETCAP(CAP_COMPRESS_SUPPORT);
393 GETCAP(CAP_BURST_SUPPORT);
394 GETCAP(CAP_FAST_FRAMES_SUPPORT);
395 GETCAP(CAP_CHAP_TUNING_SUPPORT);
396 GETCAP(CAP_TURBOG_SUPPORT);
397 GETCAP(CAP_TURBO_PRIME_SUPPORT);
398 GETCAP(CAP_DEVICE_TYPE);
399 GETCAP(CAP_WME_SUPPORT);
400 GETCAP(CAP_TOTAL_QUEUES);
401 GETCAP(CAP_CONNECTION_ID_MAX);
403 GETCAP(CAP_LOW_5GHZ_CHAN);
404 GETCAP(CAP_HIGH_5GHZ_CHAN);
405 GETCAP(CAP_LOW_2GHZ_CHAN);
406 GETCAP(CAP_HIGH_2GHZ_CHAN);
407 GETCAP(CAP_TWICE_ANTENNAGAIN_5G);
408 GETCAP(CAP_TWICE_ANTENNAGAIN_2G);
410 GETCAP(CAP_CIPHER_AES_CCM);
411 GETCAP(CAP_CIPHER_TKIP);
412 GETCAP(CAP_MIC_TKIP);
416 static int ar5523_set_ledsteady(struct ar5523 *ar, int lednum, int ledmode)
418 struct ar5523_cmd_ledsteady led;
420 led.lednum = cpu_to_be32(lednum);
421 led.ledmode = cpu_to_be32(ledmode);
423 ar5523_dbg(ar, "set %s led %s (steady)\n",
424 (lednum == UATH_LED_LINK) ? "link" : "activity",
425 ledmode ? "on" : "off");
426 return ar5523_cmd_write(ar, WDCMSG_SET_LED_STEADY, &led, sizeof(led),
430 static int ar5523_set_rxfilter(struct ar5523 *ar, u32 bits, u32 op)
432 struct ar5523_cmd_rx_filter rxfilter;
434 rxfilter.bits = cpu_to_be32(bits);
435 rxfilter.op = cpu_to_be32(op);
437 ar5523_dbg(ar, "setting Rx filter=0x%x flags=0x%x\n", bits, op);
438 return ar5523_cmd_write(ar, WDCMSG_RX_FILTER, &rxfilter,
439 sizeof(rxfilter), 0);
442 static int ar5523_reset_tx_queues(struct ar5523 *ar)
444 __be32 qid = cpu_to_be32(0);
446 ar5523_dbg(ar, "resetting Tx queue\n");
447 return ar5523_cmd_write(ar, WDCMSG_RELEASE_TX_QUEUE,
448 &qid, sizeof(qid), 0);
451 static int ar5523_set_chan(struct ar5523 *ar)
453 struct ieee80211_conf *conf = &ar->hw->conf;
455 struct ar5523_cmd_reset reset;
457 memset(&reset, 0, sizeof(reset));
458 reset.flags |= cpu_to_be32(UATH_CHAN_2GHZ);
459 reset.flags |= cpu_to_be32(UATH_CHAN_OFDM);
460 reset.freq = cpu_to_be32(conf->chandef.chan->center_freq);
461 reset.maxrdpower = cpu_to_be32(50); /* XXX */
462 reset.channelchange = cpu_to_be32(1);
463 reset.keeprccontent = cpu_to_be32(0);
465 ar5523_dbg(ar, "set chan flags 0x%x freq %d\n",
466 be32_to_cpu(reset.flags),
467 conf->chandef.chan->center_freq);
468 return ar5523_cmd_write(ar, WDCMSG_RESET, &reset, sizeof(reset), 0);
471 static int ar5523_queue_init(struct ar5523 *ar)
473 struct ar5523_cmd_txq_setup qinfo;
475 ar5523_dbg(ar, "setting up Tx queue\n");
476 qinfo.qid = cpu_to_be32(0);
477 qinfo.len = cpu_to_be32(sizeof(qinfo.attr));
478 qinfo.attr.priority = cpu_to_be32(0); /* XXX */
479 qinfo.attr.aifs = cpu_to_be32(3);
480 qinfo.attr.logcwmin = cpu_to_be32(4);
481 qinfo.attr.logcwmax = cpu_to_be32(10);
482 qinfo.attr.bursttime = cpu_to_be32(0);
483 qinfo.attr.mode = cpu_to_be32(0);
484 qinfo.attr.qflags = cpu_to_be32(1); /* XXX? */
485 return ar5523_cmd_write(ar, WDCMSG_SETUP_TX_QUEUE, &qinfo,
489 static int ar5523_switch_chan(struct ar5523 *ar)
493 error = ar5523_set_chan(ar);
495 ar5523_err(ar, "could not set chan, error %d\n", error);
500 error = ar5523_reset_tx_queues(ar);
502 ar5523_err(ar, "could not reset Tx queues, error %d\n",
506 /* set Tx rings WME properties */
507 error = ar5523_queue_init(ar);
509 ar5523_err(ar, "could not init wme, error %d\n", error);
515 static void ar5523_rx_data_put(struct ar5523 *ar,
516 struct ar5523_rx_data *data)
519 spin_lock_irqsave(&ar->rx_data_list_lock, flags);
520 list_move(&data->list, &ar->rx_data_free);
521 spin_unlock_irqrestore(&ar->rx_data_list_lock, flags);
524 static void ar5523_data_rx_cb(struct urb *urb)
526 struct ar5523_rx_data *data = urb->context;
527 struct ar5523 *ar = data->ar;
528 struct ar5523_rx_desc *desc;
529 struct ar5523_chunk *chunk;
530 struct ieee80211_hw *hw = ar->hw;
531 struct ieee80211_rx_status *rx_status;
533 int usblen = urb->actual_length;
536 ar5523_dbg(ar, "%s\n", __func__);
537 /* sync/async unlink faults aren't errors */
539 if (urb->status != -ESHUTDOWN)
540 ar5523_err(ar, "%s: USB err: %d\n", __func__,
545 if (usblen < AR5523_MIN_RXBUFSZ) {
546 ar5523_err(ar, "RX: wrong xfer size (usblen=%d)\n", usblen);
550 chunk = (struct ar5523_chunk *) data->skb->data;
552 if (((chunk->flags & UATH_CFLAGS_FINAL) == 0) ||
553 chunk->seqnum != 0) {
554 ar5523_dbg(ar, "RX: No final flag. s: %d f: %02x l: %d\n",
555 chunk->seqnum, chunk->flags,
556 be16_to_cpu(chunk->length));
560 /* Rx descriptor is located at the end, 32-bit aligned */
561 desc = (struct ar5523_rx_desc *)
562 (data->skb->data + usblen - sizeof(struct ar5523_rx_desc));
564 rxlen = be32_to_cpu(desc->len);
565 if (rxlen > ar->rxbufsz) {
566 ar5523_dbg(ar, "RX: Bad descriptor (len=%d)\n",
567 be32_to_cpu(desc->len));
572 ar5523_dbg(ar, "RX: rxlen is 0\n");
576 if (be32_to_cpu(desc->status) != 0) {
577 ar5523_dbg(ar, "Bad RX status (0x%x len = %d). Skip\n",
578 be32_to_cpu(desc->status), be32_to_cpu(desc->len));
582 skb_reserve(data->skb, sizeof(*chunk));
583 skb_put(data->skb, rxlen - sizeof(struct ar5523_rx_desc));
585 hdrlen = ieee80211_get_hdrlen_from_skb(data->skb);
586 if (!IS_ALIGNED(hdrlen, 4)) {
587 ar5523_dbg(ar, "eek, alignment workaround activated\n");
588 pad = ALIGN(hdrlen, 4) - hdrlen;
589 memmove(data->skb->data + pad, data->skb->data, hdrlen);
590 skb_pull(data->skb, pad);
591 skb_put(data->skb, pad);
594 rx_status = IEEE80211_SKB_RXCB(data->skb);
595 memset(rx_status, 0, sizeof(*rx_status));
596 rx_status->freq = be32_to_cpu(desc->channel);
597 rx_status->band = hw->conf.chandef.chan->band;
598 rx_status->signal = -95 + be32_to_cpu(desc->rssi);
600 ieee80211_rx_irqsafe(hw, data->skb);
605 dev_kfree_skb_irq(data->skb);
609 ar5523_rx_data_put(ar, data);
610 if (atomic_inc_return(&ar->rx_data_free_cnt) >=
611 AR5523_RX_DATA_REFILL_COUNT &&
612 test_bit(AR5523_HW_UP, &ar->flags))
613 queue_work(ar->wq, &ar->rx_refill_work);
616 static void ar5523_rx_refill_work(struct work_struct *work)
618 struct ar5523 *ar = container_of(work, struct ar5523, rx_refill_work);
619 struct ar5523_rx_data *data;
623 ar5523_dbg(ar, "%s\n", __func__);
625 spin_lock_irqsave(&ar->rx_data_list_lock, flags);
627 if (!list_empty(&ar->rx_data_free))
628 data = (struct ar5523_rx_data *) ar->rx_data_free.next;
631 spin_unlock_irqrestore(&ar->rx_data_list_lock, flags);
636 data->skb = alloc_skb(ar->rxbufsz, GFP_KERNEL);
638 ar5523_err(ar, "could not allocate rx skbuff\n");
642 usb_fill_bulk_urb(data->urb, ar->dev,
643 ar5523_data_rx_pipe(ar->dev), data->skb->data,
644 ar->rxbufsz, ar5523_data_rx_cb, data);
646 spin_lock_irqsave(&ar->rx_data_list_lock, flags);
647 list_move(&data->list, &ar->rx_data_used);
648 spin_unlock_irqrestore(&ar->rx_data_list_lock, flags);
649 atomic_dec(&ar->rx_data_free_cnt);
651 error = usb_submit_urb(data->urb, GFP_KERNEL);
653 kfree_skb(data->skb);
654 if (error != -ENODEV)
655 ar5523_err(ar, "Err sending rx data urb %d\n",
657 ar5523_rx_data_put(ar, data);
658 atomic_inc(&ar->rx_data_free_cnt);
667 static void ar5523_cancel_rx_bufs(struct ar5523 *ar)
669 struct ar5523_rx_data *data;
673 spin_lock_irqsave(&ar->rx_data_list_lock, flags);
674 if (!list_empty(&ar->rx_data_used))
675 data = (struct ar5523_rx_data *) ar->rx_data_used.next;
678 spin_unlock_irqrestore(&ar->rx_data_list_lock, flags);
683 usb_kill_urb(data->urb);
684 list_move(&data->list, &ar->rx_data_free);
685 atomic_inc(&ar->rx_data_free_cnt);
689 static void ar5523_free_rx_bufs(struct ar5523 *ar)
691 struct ar5523_rx_data *data;
693 ar5523_cancel_rx_bufs(ar);
694 while (!list_empty(&ar->rx_data_free)) {
695 data = (struct ar5523_rx_data *) ar->rx_data_free.next;
696 list_del(&data->list);
697 usb_free_urb(data->urb);
701 static int ar5523_alloc_rx_bufs(struct ar5523 *ar)
705 for (i = 0; i < AR5523_RX_DATA_COUNT; i++) {
706 struct ar5523_rx_data *data = &ar->rx_data[i];
709 data->urb = usb_alloc_urb(0, GFP_KERNEL);
711 ar5523_err(ar, "could not allocate rx data urb\n");
714 list_add_tail(&data->list, &ar->rx_data_free);
715 atomic_inc(&ar->rx_data_free_cnt);
720 ar5523_free_rx_bufs(ar);
724 static void ar5523_data_tx_pkt_put(struct ar5523 *ar)
726 atomic_dec(&ar->tx_nr_total);
727 if (!atomic_dec_return(&ar->tx_nr_pending)) {
728 del_timer(&ar->tx_wd_timer);
729 wake_up(&ar->tx_flush_waitq);
732 if (atomic_read(&ar->tx_nr_total) < AR5523_TX_DATA_RESTART_COUNT) {
733 ar5523_dbg(ar, "restart tx queue\n");
734 ieee80211_wake_queues(ar->hw);
738 static void ar5523_data_tx_cb(struct urb *urb)
740 struct sk_buff *skb = urb->context;
741 struct ieee80211_tx_info *txi = IEEE80211_SKB_CB(skb);
742 struct ar5523_tx_data *data = (struct ar5523_tx_data *)
744 struct ar5523 *ar = data->ar;
747 ar5523_dbg(ar, "data tx urb completed: %d\n", urb->status);
749 spin_lock_irqsave(&ar->tx_data_list_lock, flags);
750 list_del(&data->list);
751 spin_unlock_irqrestore(&ar->tx_data_list_lock, flags);
754 ar5523_dbg(ar, "%s: urb status: %d\n", __func__, urb->status);
755 ar5523_data_tx_pkt_put(ar);
756 ieee80211_free_txskb(ar->hw, skb);
758 skb_pull(skb, sizeof(struct ar5523_tx_desc) + sizeof(__be32));
759 ieee80211_tx_status_irqsafe(ar->hw, skb);
764 static void ar5523_tx(struct ieee80211_hw *hw,
765 struct ieee80211_tx_control *control,
768 struct ieee80211_tx_info *txi = IEEE80211_SKB_CB(skb);
769 struct ar5523_tx_data *data = (struct ar5523_tx_data *)
771 struct ar5523 *ar = hw->priv;
774 ar5523_dbg(ar, "tx called\n");
775 if (atomic_inc_return(&ar->tx_nr_total) >= AR5523_TX_DATA_COUNT) {
776 ar5523_dbg(ar, "tx queue full\n");
777 ar5523_dbg(ar, "stop queues (tot %d pend %d)\n",
778 atomic_read(&ar->tx_nr_total),
779 atomic_read(&ar->tx_nr_pending));
780 ieee80211_stop_queues(hw);
783 spin_lock_irqsave(&ar->tx_data_list_lock, flags);
784 list_add_tail(&data->list, &ar->tx_queue_pending);
785 spin_unlock_irqrestore(&ar->tx_data_list_lock, flags);
787 ieee80211_queue_work(ar->hw, &ar->tx_work);
790 static void ar5523_tx_work_locked(struct ar5523 *ar)
792 struct ar5523_tx_data *data;
793 struct ar5523_tx_desc *desc;
794 struct ar5523_chunk *chunk;
795 struct ieee80211_tx_info *txi;
798 int error = 0, paylen;
802 BUILD_BUG_ON(sizeof(struct ar5523_tx_data) >
803 IEEE80211_TX_INFO_DRIVER_DATA_SIZE);
805 ar5523_dbg(ar, "%s\n", __func__);
807 spin_lock_irqsave(&ar->tx_data_list_lock, flags);
808 if (!list_empty(&ar->tx_queue_pending)) {
809 data = (struct ar5523_tx_data *)
810 ar->tx_queue_pending.next;
811 list_del(&data->list);
814 spin_unlock_irqrestore(&ar->tx_data_list_lock, flags);
819 txi = container_of((void *)data, struct ieee80211_tx_info,
823 skb = container_of((void *)txi, struct sk_buff, cb);
826 urb = usb_alloc_urb(0, GFP_KERNEL);
828 ar5523_err(ar, "Failed to allocate TX urb\n");
829 ieee80211_free_txskb(ar->hw, skb);
836 desc = (struct ar5523_tx_desc *)skb_push(skb, sizeof(*desc));
837 chunk = (struct ar5523_chunk *)skb_push(skb, sizeof(*chunk));
840 chunk->flags = UATH_CFLAGS_FINAL;
841 chunk->length = cpu_to_be16(skb->len);
843 desc->msglen = cpu_to_be32(skb->len);
844 desc->msgid = AR5523_DATA_ID;
845 desc->buflen = cpu_to_be32(paylen);
846 desc->type = cpu_to_be32(WDCMSG_SEND);
847 desc->flags = cpu_to_be32(UATH_TX_NOTIFY);
849 if (test_bit(AR5523_CONNECTED, &ar->flags))
850 desc->connid = cpu_to_be32(AR5523_ID_BSS);
852 desc->connid = cpu_to_be32(AR5523_ID_BROADCAST);
854 if (txi->flags & IEEE80211_TX_CTL_USE_MINRATE)
855 txqid |= UATH_TXQID_MINRATE;
857 desc->txqid = cpu_to_be32(txqid);
859 urb->transfer_flags = URB_ZERO_PACKET;
860 usb_fill_bulk_urb(urb, ar->dev, ar5523_data_tx_pipe(ar->dev),
861 skb->data, skb->len, ar5523_data_tx_cb, skb);
863 spin_lock_irqsave(&ar->tx_data_list_lock, flags);
864 list_add_tail(&data->list, &ar->tx_queue_submitted);
865 spin_unlock_irqrestore(&ar->tx_data_list_lock, flags);
866 mod_timer(&ar->tx_wd_timer, jiffies + AR5523_TX_WD_TIMEOUT);
867 atomic_inc(&ar->tx_nr_pending);
869 ar5523_dbg(ar, "TX Frame (%d pending)\n",
870 atomic_read(&ar->tx_nr_pending));
871 error = usb_submit_urb(urb, GFP_KERNEL);
873 ar5523_err(ar, "error %d when submitting tx urb\n",
875 spin_lock_irqsave(&ar->tx_data_list_lock, flags);
876 list_del(&data->list);
877 spin_unlock_irqrestore(&ar->tx_data_list_lock, flags);
878 atomic_dec(&ar->tx_nr_pending);
879 ar5523_data_tx_pkt_put(ar);
881 ieee80211_free_txskb(ar->hw, skb);
886 static void ar5523_tx_work(struct work_struct *work)
888 struct ar5523 *ar = container_of(work, struct ar5523, tx_work);
890 ar5523_dbg(ar, "%s\n", __func__);
891 mutex_lock(&ar->mutex);
892 ar5523_tx_work_locked(ar);
893 mutex_unlock(&ar->mutex);
896 static void ar5523_tx_wd_timer(unsigned long arg)
898 struct ar5523 *ar = (struct ar5523 *) arg;
900 ar5523_dbg(ar, "TX watchdog timer triggered\n");
901 ieee80211_queue_work(ar->hw, &ar->tx_wd_work);
904 static void ar5523_tx_wd_work(struct work_struct *work)
906 struct ar5523 *ar = container_of(work, struct ar5523, tx_wd_work);
908 /* Occasionally the TX queues stop responding. The only way to
909 * recover seems to be to reset the dongle.
912 mutex_lock(&ar->mutex);
913 ar5523_err(ar, "TX queue stuck (tot %d pend %d)\n",
914 atomic_read(&ar->tx_nr_total),
915 atomic_read(&ar->tx_nr_pending));
917 ar5523_err(ar, "Will restart dongle.\n");
918 ar5523_cmd_write(ar, WDCMSG_TARGET_RESET, NULL, 0, 0);
919 mutex_unlock(&ar->mutex);
922 static void ar5523_flush_tx(struct ar5523 *ar)
924 ar5523_tx_work_locked(ar);
926 /* Don't waste time trying to flush if USB is disconnected */
927 if (test_bit(AR5523_USB_DISCONNECTED, &ar->flags))
929 if (!wait_event_timeout(ar->tx_flush_waitq,
930 !atomic_read(&ar->tx_nr_pending), AR5523_FLUSH_TIMEOUT))
931 ar5523_err(ar, "flush timeout (tot %d pend %d)\n",
932 atomic_read(&ar->tx_nr_total),
933 atomic_read(&ar->tx_nr_pending));
936 static void ar5523_free_tx_cmd(struct ar5523 *ar)
938 struct ar5523_tx_cmd *cmd = &ar->tx_cmd;
940 usb_free_coherent(ar->dev, AR5523_MAX_RXCMDSZ, cmd->buf_tx,
941 cmd->urb_tx->transfer_dma);
942 usb_free_urb(cmd->urb_tx);
945 static int ar5523_alloc_tx_cmd(struct ar5523 *ar)
947 struct ar5523_tx_cmd *cmd = &ar->tx_cmd;
950 init_completion(&cmd->done);
952 cmd->urb_tx = usb_alloc_urb(0, GFP_KERNEL);
954 ar5523_err(ar, "could not allocate urb\n");
957 cmd->buf_tx = usb_alloc_coherent(ar->dev, AR5523_MAX_TXCMDSZ,
959 &cmd->urb_tx->transfer_dma);
961 usb_free_urb(cmd->urb_tx);
968 * This function is called periodically (every second) when associated to
969 * query device statistics.
971 static void ar5523_stat_work(struct work_struct *work)
973 struct ar5523 *ar = container_of(work, struct ar5523, stat_work.work);
976 ar5523_dbg(ar, "%s\n", __func__);
977 mutex_lock(&ar->mutex);
980 * Send request for statistics asynchronously once a second. This
981 * seems to be important. Throughput is a lot better if this is done.
983 error = ar5523_cmd_write(ar, WDCMSG_TARGET_GET_STATS, NULL, 0, 0);
985 ar5523_err(ar, "could not query stats, error %d\n", error);
986 mutex_unlock(&ar->mutex);
987 ieee80211_queue_delayed_work(ar->hw, &ar->stat_work, HZ);
991 * Interface routines to the mac80211 stack.
993 static int ar5523_start(struct ieee80211_hw *hw)
995 struct ar5523 *ar = hw->priv;
999 ar5523_dbg(ar, "start called\n");
1001 mutex_lock(&ar->mutex);
1002 val = cpu_to_be32(0);
1003 ar5523_cmd_write(ar, WDCMSG_BIND, &val, sizeof(val), 0);
1005 /* set MAC address */
1006 ar5523_config_multi(ar, CFG_MAC_ADDR, &ar->hw->wiphy->perm_addr,
1009 /* XXX honor net80211 state */
1010 ar5523_config(ar, CFG_RATE_CONTROL_ENABLE, 0x00000001);
1011 ar5523_config(ar, CFG_DIVERSITY_CTL, 0x00000001);
1012 ar5523_config(ar, CFG_ABOLT, 0x0000003f);
1013 ar5523_config(ar, CFG_WME_ENABLED, 0x00000000);
1015 ar5523_config(ar, CFG_SERVICE_TYPE, 1);
1016 ar5523_config(ar, CFG_TP_SCALE, 0x00000000);
1017 ar5523_config(ar, CFG_TPC_HALF_DBM5, 0x0000003c);
1018 ar5523_config(ar, CFG_TPC_HALF_DBM2, 0x0000003c);
1019 ar5523_config(ar, CFG_OVERRD_TX_POWER, 0x00000000);
1020 ar5523_config(ar, CFG_GMODE_PROTECTION, 0x00000000);
1021 ar5523_config(ar, CFG_GMODE_PROTECT_RATE_INDEX, 0x00000003);
1022 ar5523_config(ar, CFG_PROTECTION_TYPE, 0x00000000);
1023 ar5523_config(ar, CFG_MODE_CTS, 0x00000002);
1025 error = ar5523_cmd_read(ar, WDCMSG_TARGET_START, NULL, 0,
1026 &val, sizeof(val), AR5523_CMD_FLAG_MAGIC);
1028 ar5523_dbg(ar, "could not start target, error %d\n", error);
1031 ar5523_dbg(ar, "WDCMSG_TARGET_START returns handle: 0x%x\n",
1034 ar5523_switch_chan(ar);
1036 val = cpu_to_be32(TARGET_DEVICE_AWAKE);
1037 ar5523_cmd_write(ar, WDCMSG_SET_PWR_MODE, &val, sizeof(val), 0);
1039 ar5523_cmd_write(ar, WDCMSG_RESET_KEY_CACHE, NULL, 0, 0);
1041 set_bit(AR5523_HW_UP, &ar->flags);
1042 queue_work(ar->wq, &ar->rx_refill_work);
1045 ar5523_set_rxfilter(ar, 0, UATH_FILTER_OP_INIT);
1046 ar5523_set_rxfilter(ar,
1047 UATH_FILTER_RX_UCAST | UATH_FILTER_RX_MCAST |
1048 UATH_FILTER_RX_BCAST | UATH_FILTER_RX_BEACON,
1049 UATH_FILTER_OP_SET);
1051 ar5523_set_ledsteady(ar, UATH_LED_ACTIVITY, UATH_LED_ON);
1052 ar5523_dbg(ar, "start OK\n");
1055 mutex_unlock(&ar->mutex);
1059 static void ar5523_stop(struct ieee80211_hw *hw)
1061 struct ar5523 *ar = hw->priv;
1063 ar5523_dbg(ar, "stop called\n");
1065 cancel_delayed_work_sync(&ar->stat_work);
1066 mutex_lock(&ar->mutex);
1067 clear_bit(AR5523_HW_UP, &ar->flags);
1069 ar5523_set_ledsteady(ar, UATH_LED_LINK, UATH_LED_OFF);
1070 ar5523_set_ledsteady(ar, UATH_LED_ACTIVITY, UATH_LED_OFF);
1072 ar5523_cmd_write(ar, WDCMSG_TARGET_STOP, NULL, 0, 0);
1074 del_timer_sync(&ar->tx_wd_timer);
1075 cancel_work_sync(&ar->tx_wd_work);
1076 cancel_work_sync(&ar->rx_refill_work);
1077 ar5523_cancel_rx_bufs(ar);
1078 mutex_unlock(&ar->mutex);
1081 static int ar5523_set_rts_threshold(struct ieee80211_hw *hw, u32 value)
1083 struct ar5523 *ar = hw->priv;
1086 ar5523_dbg(ar, "set_rts_threshold called\n");
1087 mutex_lock(&ar->mutex);
1089 ret = ar5523_config(ar, CFG_USER_RTS_THRESHOLD, value);
1091 mutex_unlock(&ar->mutex);
1095 static void ar5523_flush(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
1096 u32 queues, bool drop)
1098 struct ar5523 *ar = hw->priv;
1100 ar5523_dbg(ar, "flush called\n");
1101 ar5523_flush_tx(ar);
1104 static int ar5523_add_interface(struct ieee80211_hw *hw,
1105 struct ieee80211_vif *vif)
1107 struct ar5523 *ar = hw->priv;
1109 ar5523_dbg(ar, "add interface called\n");
1112 ar5523_dbg(ar, "invalid add_interface\n");
1116 switch (vif->type) {
1117 case NL80211_IFTYPE_STATION:
1126 static void ar5523_remove_interface(struct ieee80211_hw *hw,
1127 struct ieee80211_vif *vif)
1129 struct ar5523 *ar = hw->priv;
1131 ar5523_dbg(ar, "remove interface called\n");
1135 static int ar5523_hwconfig(struct ieee80211_hw *hw, u32 changed)
1137 struct ar5523 *ar = hw->priv;
1139 ar5523_dbg(ar, "config called\n");
1140 mutex_lock(&ar->mutex);
1141 if (changed & IEEE80211_CONF_CHANGE_CHANNEL) {
1142 ar5523_dbg(ar, "Do channel switch\n");
1143 ar5523_flush_tx(ar);
1144 ar5523_switch_chan(ar);
1146 mutex_unlock(&ar->mutex);
1150 static int ar5523_get_wlan_mode(struct ar5523 *ar,
1151 struct ieee80211_bss_conf *bss_conf)
1153 struct ieee80211_supported_band *band;
1155 struct ieee80211_sta *sta;
1158 band = ar->hw->wiphy->bands[ar->hw->conf.chandef.chan->band];
1159 sta = ieee80211_find_sta(ar->vif, bss_conf->bssid);
1161 ar5523_info(ar, "STA not found!\n");
1162 return WLAN_MODE_11b;
1164 sta_rate_set = sta->supp_rates[ar->hw->conf.chandef.chan->band];
1166 for (bit = 0; bit < band->n_bitrates; bit++) {
1167 if (sta_rate_set & 1) {
1168 int rate = band->bitrates[bit].bitrate;
1178 return WLAN_MODE_11g;
1183 return WLAN_MODE_11b;
1186 static void ar5523_create_rateset(struct ar5523 *ar,
1187 struct ieee80211_bss_conf *bss_conf,
1188 struct ar5523_cmd_rateset *rs,
1191 struct ieee80211_supported_band *band;
1192 struct ieee80211_sta *sta;
1194 u32 sta_rate_set, basic_rate_set;
1196 sta = ieee80211_find_sta(ar->vif, bss_conf->bssid);
1197 basic_rate_set = bss_conf->basic_rates;
1199 ar5523_info(ar, "STA not found. Cannot set rates\n");
1200 sta_rate_set = bss_conf->basic_rates;
1202 sta_rate_set = sta->supp_rates[ar->hw->conf.chandef.chan->band];
1204 ar5523_dbg(ar, "sta rate_set = %08x\n", sta_rate_set);
1206 band = ar->hw->wiphy->bands[ar->hw->conf.chandef.chan->band];
1207 for (bit = 0; bit < band->n_bitrates; bit++) {
1208 BUG_ON(i >= AR5523_MAX_NRATES);
1209 ar5523_dbg(ar, "Considering rate %d : %d\n",
1210 band->bitrates[bit].hw_value, sta_rate_set & 1);
1211 if (sta_rate_set & 1) {
1212 rs->set[i] = band->bitrates[bit].hw_value;
1213 if (basic_rate_set & 1 && basic)
1218 basic_rate_set >>= 1;
1224 static int ar5523_set_basic_rates(struct ar5523 *ar,
1225 struct ieee80211_bss_conf *bss)
1227 struct ar5523_cmd_rates rates;
1229 memset(&rates, 0, sizeof(rates));
1230 rates.connid = cpu_to_be32(2); /* XXX */
1231 rates.size = cpu_to_be32(sizeof(struct ar5523_cmd_rateset));
1232 ar5523_create_rateset(ar, bss, &rates.rateset, true);
1234 return ar5523_cmd_write(ar, WDCMSG_SET_BASIC_RATE, &rates,
1238 static int ar5523_create_connection(struct ar5523 *ar,
1239 struct ieee80211_vif *vif,
1240 struct ieee80211_bss_conf *bss)
1242 struct ar5523_cmd_create_connection create;
1245 memset(&create, 0, sizeof(create));
1246 create.connid = cpu_to_be32(2);
1247 create.bssid = cpu_to_be32(0);
1248 /* XXX packed or not? */
1249 create.size = cpu_to_be32(sizeof(struct ar5523_cmd_rateset));
1251 ar5523_create_rateset(ar, bss, &create.connattr.rateset, false);
1253 wlan_mode = ar5523_get_wlan_mode(ar, bss);
1254 create.connattr.wlanmode = cpu_to_be32(wlan_mode);
1256 return ar5523_cmd_write(ar, WDCMSG_CREATE_CONNECTION, &create,
1260 static int ar5523_write_associd(struct ar5523 *ar,
1261 struct ieee80211_bss_conf *bss)
1263 struct ar5523_cmd_set_associd associd;
1265 memset(&associd, 0, sizeof(associd));
1266 associd.defaultrateix = cpu_to_be32(0); /* XXX */
1267 associd.associd = cpu_to_be32(bss->aid);
1268 associd.timoffset = cpu_to_be32(0x3b); /* XXX */
1269 memcpy(associd.bssid, bss->bssid, ETH_ALEN);
1270 return ar5523_cmd_write(ar, WDCMSG_WRITE_ASSOCID, &associd,
1271 sizeof(associd), 0);
1274 static void ar5523_bss_info_changed(struct ieee80211_hw *hw,
1275 struct ieee80211_vif *vif,
1276 struct ieee80211_bss_conf *bss,
1279 struct ar5523 *ar = hw->priv;
1282 ar5523_dbg(ar, "bss_info_changed called\n");
1283 mutex_lock(&ar->mutex);
1285 if (!(changed & BSS_CHANGED_ASSOC))
1289 error = ar5523_create_connection(ar, vif, bss);
1291 ar5523_err(ar, "could not create connection\n");
1295 error = ar5523_set_basic_rates(ar, bss);
1297 ar5523_err(ar, "could not set negotiated rate set\n");
1301 error = ar5523_write_associd(ar, bss);
1303 ar5523_err(ar, "could not set association\n");
1307 /* turn link LED on */
1308 ar5523_set_ledsteady(ar, UATH_LED_LINK, UATH_LED_ON);
1309 set_bit(AR5523_CONNECTED, &ar->flags);
1310 ieee80211_queue_delayed_work(hw, &ar->stat_work, HZ);
1313 cancel_delayed_work(&ar->stat_work);
1314 clear_bit(AR5523_CONNECTED, &ar->flags);
1315 ar5523_set_ledsteady(ar, UATH_LED_LINK, UATH_LED_OFF);
1319 mutex_unlock(&ar->mutex);
1323 #define AR5523_SUPPORTED_FILTERS (FIF_ALLMULTI | \
1327 static void ar5523_configure_filter(struct ieee80211_hw *hw,
1328 unsigned int changed_flags,
1329 unsigned int *total_flags,
1332 struct ar5523 *ar = hw->priv;
1335 ar5523_dbg(ar, "configure_filter called\n");
1336 mutex_lock(&ar->mutex);
1337 ar5523_flush_tx(ar);
1339 *total_flags &= AR5523_SUPPORTED_FILTERS;
1341 /* The filters seems strange. UATH_FILTER_RX_BCAST and
1342 * UATH_FILTER_RX_MCAST does not result in those frames being RXed.
1343 * The only way I have found to get [mb]cast frames seems to be
1344 * to set UATH_FILTER_RX_PROM. */
1345 filter |= UATH_FILTER_RX_UCAST | UATH_FILTER_RX_MCAST |
1346 UATH_FILTER_RX_BCAST | UATH_FILTER_RX_BEACON |
1347 UATH_FILTER_RX_PROM;
1349 ar5523_set_rxfilter(ar, 0, UATH_FILTER_OP_INIT);
1350 ar5523_set_rxfilter(ar, filter, UATH_FILTER_OP_SET);
1352 mutex_unlock(&ar->mutex);
1355 static const struct ieee80211_ops ar5523_ops = {
1356 .start = ar5523_start,
1357 .stop = ar5523_stop,
1359 .set_rts_threshold = ar5523_set_rts_threshold,
1360 .add_interface = ar5523_add_interface,
1361 .remove_interface = ar5523_remove_interface,
1362 .config = ar5523_hwconfig,
1363 .bss_info_changed = ar5523_bss_info_changed,
1364 .configure_filter = ar5523_configure_filter,
1365 .flush = ar5523_flush,
1368 static int ar5523_host_available(struct ar5523 *ar)
1370 struct ar5523_cmd_host_available setup;
1372 /* inform target the host is available */
1373 setup.sw_ver_major = cpu_to_be32(ATH_SW_VER_MAJOR);
1374 setup.sw_ver_minor = cpu_to_be32(ATH_SW_VER_MINOR);
1375 setup.sw_ver_patch = cpu_to_be32(ATH_SW_VER_PATCH);
1376 setup.sw_ver_build = cpu_to_be32(ATH_SW_VER_BUILD);
1377 return ar5523_cmd_read(ar, WDCMSG_HOST_AVAILABLE,
1378 &setup, sizeof(setup), NULL, 0, 0);
1381 static int ar5523_get_devstatus(struct ar5523 *ar)
1383 u8 macaddr[ETH_ALEN];
1386 /* retrieve MAC address */
1387 error = ar5523_get_status(ar, ST_MAC_ADDR, macaddr, ETH_ALEN);
1389 ar5523_err(ar, "could not read MAC address\n");
1393 SET_IEEE80211_PERM_ADDR(ar->hw, macaddr);
1395 error = ar5523_get_status(ar, ST_SERIAL_NUMBER,
1396 &ar->serial[0], sizeof(ar->serial));
1398 ar5523_err(ar, "could not read device serial number\n");
1404 #define AR5523_SANE_RXBUFSZ 2000
1406 static int ar5523_get_max_rxsz(struct ar5523 *ar)
1411 /* Get max rx size */
1412 error = ar5523_get_status(ar, ST_WDC_TRANSPORT_CHUNK_SIZE, &rxsize,
1415 ar5523_err(ar, "could not read max RX size\n");
1419 ar->rxbufsz = be32_to_cpu(rxsize);
1421 if (!ar->rxbufsz || ar->rxbufsz > AR5523_SANE_RXBUFSZ) {
1422 ar5523_err(ar, "Bad rxbufsz from device. Using %d instead\n",
1423 AR5523_SANE_RXBUFSZ);
1424 ar->rxbufsz = AR5523_SANE_RXBUFSZ;
1427 ar5523_dbg(ar, "Max RX buf size: %d\n", ar->rxbufsz);
1432 * This is copied from rtl818x, but we should probably move this
1433 * to common code as in OpenBSD.
1435 static const struct ieee80211_rate ar5523_rates[] = {
1436 { .bitrate = 10, .hw_value = 2, },
1437 { .bitrate = 20, .hw_value = 4 },
1438 { .bitrate = 55, .hw_value = 11, },
1439 { .bitrate = 110, .hw_value = 22, },
1440 { .bitrate = 60, .hw_value = 12, },
1441 { .bitrate = 90, .hw_value = 18, },
1442 { .bitrate = 120, .hw_value = 24, },
1443 { .bitrate = 180, .hw_value = 36, },
1444 { .bitrate = 240, .hw_value = 48, },
1445 { .bitrate = 360, .hw_value = 72, },
1446 { .bitrate = 480, .hw_value = 96, },
1447 { .bitrate = 540, .hw_value = 108, },
1450 static const struct ieee80211_channel ar5523_channels[] = {
1451 { .center_freq = 2412 },
1452 { .center_freq = 2417 },
1453 { .center_freq = 2422 },
1454 { .center_freq = 2427 },
1455 { .center_freq = 2432 },
1456 { .center_freq = 2437 },
1457 { .center_freq = 2442 },
1458 { .center_freq = 2447 },
1459 { .center_freq = 2452 },
1460 { .center_freq = 2457 },
1461 { .center_freq = 2462 },
1462 { .center_freq = 2467 },
1463 { .center_freq = 2472 },
1464 { .center_freq = 2484 },
1467 static int ar5523_init_modes(struct ar5523 *ar)
1469 BUILD_BUG_ON(sizeof(ar->channels) != sizeof(ar5523_channels));
1470 BUILD_BUG_ON(sizeof(ar->rates) != sizeof(ar5523_rates));
1472 memcpy(ar->channels, ar5523_channels, sizeof(ar5523_channels));
1473 memcpy(ar->rates, ar5523_rates, sizeof(ar5523_rates));
1475 ar->band.band = IEEE80211_BAND_2GHZ;
1476 ar->band.channels = ar->channels;
1477 ar->band.n_channels = ARRAY_SIZE(ar5523_channels);
1478 ar->band.bitrates = ar->rates;
1479 ar->band.n_bitrates = ARRAY_SIZE(ar5523_rates);
1480 ar->hw->wiphy->bands[IEEE80211_BAND_2GHZ] = &ar->band;
1485 * Load the MIPS R4000 microcode into the device. Once the image is loaded,
1486 * the device will detach itself from the bus and reattach later with a new
1487 * product Id (a la ezusb).
1489 static int ar5523_load_firmware(struct usb_device *dev)
1491 struct ar5523_fwblock *txblock, *rxblock;
1492 const struct firmware *fw;
1495 int foolen; /* XXX(hch): handle short transfers */
1498 if (reject_firmware(&fw, AR5523_FIRMWARE_FILE, &dev->dev)) {
1499 dev_err(&dev->dev, "no firmware found: %s\n",
1500 AR5523_FIRMWARE_FILE);
1504 txblock = kmalloc(sizeof(*txblock), GFP_KERNEL);
1508 rxblock = kmalloc(sizeof(*rxblock), GFP_KERNEL);
1510 goto out_free_txblock;
1512 fwbuf = kmalloc(AR5523_MAX_FWBLOCK_SIZE, GFP_KERNEL);
1514 goto out_free_rxblock;
1516 memset(txblock, 0, sizeof(struct ar5523_fwblock));
1517 txblock->flags = cpu_to_be32(AR5523_WRITE_BLOCK);
1518 txblock->total = cpu_to_be32(fw->size);
1523 int mlen = min(len, AR5523_MAX_FWBLOCK_SIZE);
1525 txblock->remain = cpu_to_be32(len - mlen);
1526 txblock->len = cpu_to_be32(mlen);
1528 /* send firmware block meta-data */
1529 error = usb_bulk_msg(dev, ar5523_cmd_tx_pipe(dev),
1530 txblock, sizeof(*txblock), &foolen,
1531 AR5523_CMD_TIMEOUT);
1534 "could not send firmware block info\n");
1535 goto out_free_fwbuf;
1538 /* send firmware block data */
1539 memcpy(fwbuf, fw->data + offset, mlen);
1540 error = usb_bulk_msg(dev, ar5523_data_tx_pipe(dev),
1541 fwbuf, mlen, &foolen,
1542 AR5523_DATA_TIMEOUT);
1545 "could not send firmware block data\n");
1546 goto out_free_fwbuf;
1549 /* wait for ack from firmware */
1550 error = usb_bulk_msg(dev, ar5523_cmd_rx_pipe(dev),
1551 rxblock, sizeof(*rxblock), &foolen,
1552 AR5523_CMD_TIMEOUT);
1555 "could not read firmware answer\n");
1556 goto out_free_fwbuf;
1564 * Set the error to -ENXIO to make sure we continue probing for
1576 release_firmware(fw);
1580 static int ar5523_probe(struct usb_interface *intf,
1581 const struct usb_device_id *id)
1583 struct usb_device *dev = interface_to_usbdev(intf);
1584 struct ieee80211_hw *hw;
1586 int error = -ENOMEM;
1589 * Load firmware if the device requires it. This will return
1590 * -ENXIO on success and we'll get called back afer the usb
1591 * id changes to indicate that the firmware is present.
1593 if (id->driver_info & AR5523_FLAG_PRE_FIRMWARE)
1594 return ar5523_load_firmware(dev);
1597 hw = ieee80211_alloc_hw(sizeof(*ar), &ar5523_ops);
1600 SET_IEEE80211_DEV(hw, &intf->dev);
1605 mutex_init(&ar->mutex);
1607 INIT_DELAYED_WORK(&ar->stat_work, ar5523_stat_work);
1608 init_timer(&ar->tx_wd_timer);
1609 setup_timer(&ar->tx_wd_timer, ar5523_tx_wd_timer, (unsigned long) ar);
1610 INIT_WORK(&ar->tx_wd_work, ar5523_tx_wd_work);
1611 INIT_WORK(&ar->tx_work, ar5523_tx_work);
1612 INIT_LIST_HEAD(&ar->tx_queue_pending);
1613 INIT_LIST_HEAD(&ar->tx_queue_submitted);
1614 spin_lock_init(&ar->tx_data_list_lock);
1615 atomic_set(&ar->tx_nr_total, 0);
1616 atomic_set(&ar->tx_nr_pending, 0);
1617 init_waitqueue_head(&ar->tx_flush_waitq);
1619 atomic_set(&ar->rx_data_free_cnt, 0);
1620 INIT_WORK(&ar->rx_refill_work, ar5523_rx_refill_work);
1621 INIT_LIST_HEAD(&ar->rx_data_free);
1622 INIT_LIST_HEAD(&ar->rx_data_used);
1623 spin_lock_init(&ar->rx_data_list_lock);
1625 ar->wq = create_singlethread_workqueue("ar5523");
1627 ar5523_err(ar, "Could not create wq\n");
1631 error = ar5523_alloc_rx_bufs(ar);
1633 ar5523_err(ar, "Could not allocate rx buffers\n");
1637 error = ar5523_alloc_rx_cmd(ar);
1639 ar5523_err(ar, "Could not allocate rx command buffers\n");
1640 goto out_free_rx_bufs;
1643 error = ar5523_alloc_tx_cmd(ar);
1645 ar5523_err(ar, "Could not allocate tx command buffers\n");
1646 goto out_free_rx_cmd;
1649 error = ar5523_submit_rx_cmd(ar);
1651 ar5523_err(ar, "Failed to submit rx cmd\n");
1652 goto out_free_tx_cmd;
1656 * We're now ready to send/receive firmware commands.
1658 error = ar5523_host_available(ar);
1660 ar5523_err(ar, "could not initialize adapter\n");
1661 goto out_cancel_rx_cmd;
1664 error = ar5523_get_max_rxsz(ar);
1666 ar5523_err(ar, "could not get caps from adapter\n");
1667 goto out_cancel_rx_cmd;
1670 error = ar5523_get_devcap(ar);
1672 ar5523_err(ar, "could not get caps from adapter\n");
1673 goto out_cancel_rx_cmd;
1676 error = ar5523_get_devstatus(ar);
1678 ar5523_err(ar, "could not get device status\n");
1679 goto out_cancel_rx_cmd;
1682 ar5523_info(ar, "MAC/BBP AR5523, RF AR%c112\n",
1683 (id->driver_info & AR5523_FLAG_ABG) ? '5' : '2');
1686 ieee80211_hw_set(hw, HAS_RATE_CONTROL);
1687 ieee80211_hw_set(hw, RX_INCLUDES_FCS);
1688 ieee80211_hw_set(hw, SIGNAL_DBM);
1689 hw->extra_tx_headroom = sizeof(struct ar5523_tx_desc) +
1690 sizeof(struct ar5523_chunk);
1691 hw->wiphy->interface_modes = BIT(NL80211_IFTYPE_STATION);
1694 error = ar5523_init_modes(ar);
1696 goto out_cancel_rx_cmd;
1698 usb_set_intfdata(intf, hw);
1700 error = ieee80211_register_hw(hw);
1702 ar5523_err(ar, "could not register device\n");
1703 goto out_cancel_rx_cmd;
1706 ar5523_info(ar, "Found and initialized AR5523 device\n");
1710 ar5523_cancel_rx_cmd(ar);
1712 ar5523_free_tx_cmd(ar);
1714 ar5523_free_rx_cmd(ar);
1716 ar5523_free_rx_bufs(ar);
1718 destroy_workqueue(ar->wq);
1720 ieee80211_free_hw(hw);
1725 static void ar5523_disconnect(struct usb_interface *intf)
1727 struct ieee80211_hw *hw = usb_get_intfdata(intf);
1728 struct ar5523 *ar = hw->priv;
1730 ar5523_dbg(ar, "detaching\n");
1731 set_bit(AR5523_USB_DISCONNECTED, &ar->flags);
1733 ieee80211_unregister_hw(hw);
1735 ar5523_cancel_rx_cmd(ar);
1736 ar5523_free_tx_cmd(ar);
1737 ar5523_free_rx_cmd(ar);
1738 ar5523_free_rx_bufs(ar);
1740 destroy_workqueue(ar->wq);
1742 ieee80211_free_hw(hw);
1743 usb_set_intfdata(intf, NULL);
1746 #define AR5523_DEVICE_UG(vendor, device) \
1747 { USB_DEVICE((vendor), (device)) }, \
1748 { USB_DEVICE((vendor), (device) + 1), \
1749 .driver_info = AR5523_FLAG_PRE_FIRMWARE }
1750 #define AR5523_DEVICE_UX(vendor, device) \
1751 { USB_DEVICE((vendor), (device)), \
1752 .driver_info = AR5523_FLAG_ABG }, \
1753 { USB_DEVICE((vendor), (device) + 1), \
1754 .driver_info = AR5523_FLAG_ABG|AR5523_FLAG_PRE_FIRMWARE }
1756 static struct usb_device_id ar5523_id_table[] = {
1757 AR5523_DEVICE_UG(0x168c, 0x0001), /* Atheros / AR5523 */
1758 AR5523_DEVICE_UG(0x0cf3, 0x0001), /* Atheros2 / AR5523_1 */
1759 AR5523_DEVICE_UG(0x0cf3, 0x0003), /* Atheros2 / AR5523_2 */
1760 AR5523_DEVICE_UX(0x0cf3, 0x0005), /* Atheros2 / AR5523_3 */
1761 AR5523_DEVICE_UG(0x0d8e, 0x7801), /* Conceptronic / AR5523_1 */
1762 AR5523_DEVICE_UX(0x0d8e, 0x7811), /* Conceptronic / AR5523_2 */
1763 AR5523_DEVICE_UX(0x2001, 0x3a00), /* Dlink / DWLAG132 */
1764 AR5523_DEVICE_UG(0x2001, 0x3a02), /* Dlink / DWLG132 */
1765 AR5523_DEVICE_UX(0x2001, 0x3a04), /* Dlink / DWLAG122 */
1766 AR5523_DEVICE_UG(0x07d1, 0x3a07), /* D-Link / WUA-2340 rev A1 */
1767 AR5523_DEVICE_UG(0x1690, 0x0712), /* Gigaset / AR5523 */
1768 AR5523_DEVICE_UG(0x1690, 0x0710), /* Gigaset / SMCWUSBTG */
1769 AR5523_DEVICE_UG(0x129b, 0x160b), /* Gigaset / USB stick 108
1770 (CyberTAN Technology) */
1771 AR5523_DEVICE_UG(0x16ab, 0x7801), /* Globalsun / AR5523_1 */
1772 AR5523_DEVICE_UX(0x16ab, 0x7811), /* Globalsun / AR5523_2 */
1773 AR5523_DEVICE_UG(0x0d8e, 0x7802), /* Globalsun / AR5523_3 */
1774 AR5523_DEVICE_UX(0x0846, 0x4300), /* Netgear / WG111U */
1775 AR5523_DEVICE_UG(0x0846, 0x4250), /* Netgear / WG111T */
1776 AR5523_DEVICE_UG(0x0846, 0x5f00), /* Netgear / WPN111 */
1777 AR5523_DEVICE_UG(0x083a, 0x4506), /* SMC / EZ Connect
1779 AR5523_DEVICE_UG(0x157e, 0x3006), /* Umedia / AR5523_1 */
1780 AR5523_DEVICE_UX(0x157e, 0x3205), /* Umedia / AR5523_2 */
1781 AR5523_DEVICE_UG(0x157e, 0x3006), /* Umedia / TEW444UBEU */
1782 AR5523_DEVICE_UG(0x1435, 0x0826), /* Wistronneweb / AR5523_1 */
1783 AR5523_DEVICE_UX(0x1435, 0x0828), /* Wistronneweb / AR5523_2 */
1784 AR5523_DEVICE_UG(0x0cde, 0x0012), /* Zcom / AR5523 */
1785 AR5523_DEVICE_UG(0x1385, 0x4250), /* Netgear3 / WG111T (2) */
1786 AR5523_DEVICE_UG(0x1385, 0x5f00), /* Netgear / WPN111 */
1787 AR5523_DEVICE_UG(0x1385, 0x5f02), /* Netgear / WPN111 */
1790 MODULE_DEVICE_TABLE(usb, ar5523_id_table);
1792 static struct usb_driver ar5523_driver = {
1794 .id_table = ar5523_id_table,
1795 .probe = ar5523_probe,
1796 .disconnect = ar5523_disconnect,
1799 module_usb_driver(ar5523_driver);
1801 MODULE_LICENSE("Dual BSD/GPL");