4 * Copyright (c) 2003 Manuel Estrada Sainz
6 * The contents of this file are subject to the Mozilla Public License
7 * Version 1.1 (the "License"); you may not use this file except in
8 * compliance with the License. You may obtain a copy of the License
9 * at http://www.mozilla.org/MPL/
11 * Software distributed under the License is distributed on an "AS IS"
12 * basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
13 * the License for the specific language governing rights and
14 * limitations under the License.
16 * Alternatively, the contents of this file may be used under the
17 * terms of the GNU General Public License version 2 (the "GPL"), in
18 * which case the provisions of the GPL are applicable instead of the
19 * above. If you wish to allow the use of your version of this file
20 * only under the terms of the GPL and not to allow others to use your
21 * version of this file under the MPL, indicate your decision by
22 * deleting the provisions above and replace them with the notice and
23 * other provisions required by the GPL. If you do not delete the
24 * provisions above, a recipient may use your version of this file
25 * under either the MPL or the GPL.
27 * Queueing code based on linux-wlan-ng 0.2.1-pre5
29 * Copyright (C) 1999 AbsoluteValue Systems, Inc. All Rights Reserved.
31 * The license is the same as above.
33 * Initialy based on USB Skeleton driver - 0.7
35 * Copyright (c) 2001 Greg Kroah-Hartman (greg@kroah.com)
37 * This program is free software; you can redistribute it and/or
38 * modify it under the terms of the GNU General Public License as
39 * published by the Free Software Foundation; either version 2 of
40 * the License, or (at your option) any later version.
42 * NOTE: The original USB Skeleton driver is GPL, but all that code is
43 * gone so MPL/GPL applies.
46 #define DRIVER_NAME "orinoco_usb"
47 #define PFX DRIVER_NAME ": "
49 #include <linux/module.h>
50 #include <linux/kernel.h>
51 #include <linux/sched.h>
52 #include <linux/signal.h>
53 #include <linux/errno.h>
54 #include <linux/poll.h>
55 #include <linux/slab.h>
56 #include <linux/fcntl.h>
57 #include <linux/spinlock.h>
58 #include <linux/list.h>
59 #include <linux/usb.h>
60 #include <linux/timer.h>
62 #include <linux/netdevice.h>
63 #include <linux/if_arp.h>
64 #include <linux/etherdevice.h>
65 #include <linux/wireless.h>
66 #include <linux/firmware.h>
67 #include <linux/refcount.h>
72 #ifndef URB_ASYNC_UNLINK
73 #define URB_ASYNC_UNLINK 0
76 struct header_struct {
95 static struct ez_usb_fw firmware = {
100 /* Debugging macros */
102 #define err(format, arg...) \
103 do { printk(KERN_ERR PFX format "\n", ## arg); } while (0)
108 * Under some conditions, the card gets stuck and stops paying attention
109 * to the world (i.e. data communication stalls) until we do something to
110 * it. Sending an INQ_TALLIES command seems to be enough and should be
111 * harmless otherwise. This behaviour has been observed when using the
112 * driver on a systemimager client during installation. In the past a
113 * timer was used to send INQ_TALLIES commands when there was no other
114 * activity, but it was troublesome and was removed.
117 #define USB_COMPAQ_VENDOR_ID 0x049f /* Compaq Computer Corp. */
118 #define USB_COMPAQ_WL215_ID 0x001f /* Compaq WL215 USB Adapter */
119 #define USB_COMPAQ_W200_ID 0x0076 /* Compaq W200 USB Adapter */
120 #define USB_HP_WL215_ID 0x0082 /* Compaq WL215 USB Adapter */
122 #define USB_MELCO_VENDOR_ID 0x0411
123 #define USB_BUFFALO_L11_ID 0x0006 /* BUFFALO WLI-USB-L11 */
124 #define USB_BUFFALO_L11G_WR_ID 0x000B /* BUFFALO WLI-USB-L11G-WR */
125 #define USB_BUFFALO_L11G_ID 0x000D /* BUFFALO WLI-USB-L11G */
127 #define USB_LUCENT_VENDOR_ID 0x047E /* Lucent Technologies */
128 #define USB_LUCENT_ORINOCO_ID 0x0300 /* Lucent/Agere Orinoco USB Client */
130 #define USB_AVAYA8_VENDOR_ID 0x0D98
131 #define USB_AVAYAE_VENDOR_ID 0x0D9E
132 #define USB_AVAYA_WIRELESS_ID 0x0300 /* Avaya Wireless USB Card */
134 #define USB_AGERE_VENDOR_ID 0x0D4E /* Agere Systems */
135 #define USB_AGERE_MODEL0801_ID 0x1000 /* Wireless USB Card Model 0801 */
136 #define USB_AGERE_MODEL0802_ID 0x1001 /* Wireless USB Card Model 0802 */
137 #define USB_AGERE_REBRANDED_ID 0x047A /* WLAN USB Card */
139 #define USB_ELSA_VENDOR_ID 0x05CC
140 #define USB_ELSA_AIRLANCER_ID 0x3100 /* ELSA AirLancer USB-11 */
142 #define USB_LEGEND_VENDOR_ID 0x0E7C
143 #define USB_LEGEND_JOYNET_ID 0x0300 /* Joynet WLAN USB Card */
145 #define USB_SAMSUNG_VENDOR_ID 0x04E8
146 #define USB_SAMSUNG_SEW2001U1_ID 0x5002 /* Samsung SEW-2001u Card */
147 #define USB_SAMSUNG_SEW2001U2_ID 0x5B11 /* Samsung SEW-2001u Card */
148 #define USB_SAMSUNG_SEW2003U_ID 0x7011 /* Samsung SEW-2003U Card */
150 #define USB_IGATE_VENDOR_ID 0x0681
151 #define USB_IGATE_IGATE_11M_ID 0x0012 /* I-GATE 11M USB Card */
153 #define USB_FUJITSU_VENDOR_ID 0x0BF8
154 #define USB_FUJITSU_E1100_ID 0x1002 /* connect2AIR WLAN E-1100 USB */
156 #define USB_2WIRE_VENDOR_ID 0x1630
157 #define USB_2WIRE_WIRELESS_ID 0xff81 /* 2Wire Wireless USB adapter */
160 #define EZUSB_REQUEST_FW_TRANS 0xA0
161 #define EZUSB_REQUEST_TRIGGER 0xAA
162 #define EZUSB_REQUEST_TRIG_AC 0xAC
163 #define EZUSB_CPUCS_REG 0x7F92
165 #define EZUSB_RID_TX 0x0700
166 #define EZUSB_RID_RX 0x0701
167 #define EZUSB_RID_INIT1 0x0702
168 #define EZUSB_RID_ACK 0x0710
169 #define EZUSB_RID_READ_PDA 0x0800
170 #define EZUSB_RID_PROG_INIT 0x0852
171 #define EZUSB_RID_PROG_SET_ADDR 0x0853
172 #define EZUSB_RID_PROG_BYTES 0x0854
173 #define EZUSB_RID_PROG_END 0x0855
174 #define EZUSB_RID_DOCMD 0x0860
176 /* Recognize info frames */
177 #define EZUSB_IS_INFO(id) ((id >= 0xF000) && (id <= 0xF2FF))
179 #define EZUSB_MAGIC 0x0210
181 #define EZUSB_FRAME_DATA 1
182 #define EZUSB_FRAME_CONTROL 2
184 #define DEF_TIMEOUT (3 * HZ)
186 #define BULK_BUF_SIZE 2048
188 #define MAX_DL_SIZE (BULK_BUF_SIZE - sizeof(struct ezusb_packet))
190 #define FW_BUF_SIZE 64
191 #define FW_VAR_OFFSET_PTR 0x359
192 #define FW_VAR_VALUE 0
193 #define FW_HOLE_START 0x100
194 #define FW_HOLE_END 0x300
196 struct ezusb_packet {
197 __le16 magic; /* 0x0210 */
200 __le16 frame_type; /* 0x01 for data frames, 0x02 otherwise */
201 __le16 size; /* transport size */
202 __le16 crc; /* CRC up to here */
208 /* Table of devices that work or may work with this driver */
209 static const struct usb_device_id ezusb_table[] = {
210 {USB_DEVICE(USB_COMPAQ_VENDOR_ID, USB_COMPAQ_WL215_ID)},
211 {USB_DEVICE(USB_COMPAQ_VENDOR_ID, USB_HP_WL215_ID)},
212 {USB_DEVICE(USB_COMPAQ_VENDOR_ID, USB_COMPAQ_W200_ID)},
213 {USB_DEVICE(USB_MELCO_VENDOR_ID, USB_BUFFALO_L11_ID)},
214 {USB_DEVICE(USB_MELCO_VENDOR_ID, USB_BUFFALO_L11G_WR_ID)},
215 {USB_DEVICE(USB_MELCO_VENDOR_ID, USB_BUFFALO_L11G_ID)},
216 {USB_DEVICE(USB_LUCENT_VENDOR_ID, USB_LUCENT_ORINOCO_ID)},
217 {USB_DEVICE(USB_AVAYA8_VENDOR_ID, USB_AVAYA_WIRELESS_ID)},
218 {USB_DEVICE(USB_AVAYAE_VENDOR_ID, USB_AVAYA_WIRELESS_ID)},
219 {USB_DEVICE(USB_AGERE_VENDOR_ID, USB_AGERE_MODEL0801_ID)},
220 {USB_DEVICE(USB_AGERE_VENDOR_ID, USB_AGERE_MODEL0802_ID)},
221 {USB_DEVICE(USB_ELSA_VENDOR_ID, USB_ELSA_AIRLANCER_ID)},
222 {USB_DEVICE(USB_LEGEND_VENDOR_ID, USB_LEGEND_JOYNET_ID)},
223 {USB_DEVICE_VER(USB_SAMSUNG_VENDOR_ID, USB_SAMSUNG_SEW2001U1_ID,
225 {USB_DEVICE(USB_SAMSUNG_VENDOR_ID, USB_SAMSUNG_SEW2001U2_ID)},
226 {USB_DEVICE(USB_SAMSUNG_VENDOR_ID, USB_SAMSUNG_SEW2003U_ID)},
227 {USB_DEVICE(USB_IGATE_VENDOR_ID, USB_IGATE_IGATE_11M_ID)},
228 {USB_DEVICE(USB_FUJITSU_VENDOR_ID, USB_FUJITSU_E1100_ID)},
229 {USB_DEVICE(USB_2WIRE_VENDOR_ID, USB_2WIRE_WIRELESS_ID)},
230 {USB_DEVICE(USB_AGERE_VENDOR_ID, USB_AGERE_REBRANDED_ID)},
231 {} /* Terminating entry */
234 MODULE_DEVICE_TABLE(usb, ezusb_table);
236 /* Structure to hold all of our device specific stuff */
238 struct usb_device *udev;
239 struct net_device *dev;
242 struct list_head req_pending;
243 struct list_head req_active;
244 spinlock_t reply_count_lock;
245 u16 hermes_reg_fake[0x40];
247 struct urb *read_urb;
256 EZUSB_CTX_REQ_SUBMITTED,
257 EZUSB_CTX_REQ_COMPLETE,
258 EZUSB_CTX_RESP_RECEIVED,
259 EZUSB_CTX_REQ_TIMEOUT,
260 EZUSB_CTX_REQ_FAILED,
261 EZUSB_CTX_RESP_TIMEOUT,
262 EZUSB_CTX_REQSUBMIT_FAIL,
266 struct request_context {
267 struct list_head list;
269 struct completion done; /* Signals that CTX is dead */
271 struct urb *outurb; /* OUT for req pkt */
272 struct ezusb_priv *upriv;
273 struct ezusb_packet *buf;
275 struct timer_list timer; /* Timeout handling */
276 enum ezusb_state state; /* Current state */
277 /* the RID that we will wait for */
283 /* Forward declarations */
284 static void ezusb_ctx_complete(struct request_context *ctx);
285 static void ezusb_req_queue_run(struct ezusb_priv *upriv);
286 static void ezusb_bulk_in_callback(struct urb *urb);
288 static inline u8 ezusb_reply_inc(u8 count)
296 static void ezusb_request_context_put(struct request_context *ctx)
298 if (!refcount_dec_and_test(&ctx->refcount))
301 WARN_ON(!ctx->done.done);
302 BUG_ON(ctx->outurb->status == -EINPROGRESS);
303 BUG_ON(timer_pending(&ctx->timer));
304 usb_free_urb(ctx->outurb);
309 static inline void ezusb_mod_timer(struct ezusb_priv *upriv,
310 struct timer_list *timer,
311 unsigned long expire)
315 mod_timer(timer, expire);
318 static void ezusb_request_timerfn(struct timer_list *t)
320 struct request_context *ctx = from_timer(ctx, t, timer);
322 ctx->outurb->transfer_flags |= URB_ASYNC_UNLINK;
323 if (usb_unlink_urb(ctx->outurb) == -EINPROGRESS) {
324 ctx->state = EZUSB_CTX_REQ_TIMEOUT;
326 ctx->state = EZUSB_CTX_RESP_TIMEOUT;
327 dev_dbg(&ctx->outurb->dev->dev, "couldn't unlink\n");
328 refcount_inc(&ctx->refcount);
330 ezusb_ctx_complete(ctx);
331 ezusb_request_context_put(ctx);
335 static struct request_context *ezusb_alloc_ctx(struct ezusb_priv *upriv,
336 u16 out_rid, u16 in_rid)
338 struct request_context *ctx;
340 ctx = kzalloc(sizeof(*ctx), GFP_ATOMIC);
344 ctx->buf = kmalloc(BULK_BUF_SIZE, GFP_ATOMIC);
349 ctx->outurb = usb_alloc_urb(0, GFP_ATOMIC);
357 ctx->state = EZUSB_CTX_START;
358 ctx->out_rid = out_rid;
359 ctx->in_rid = in_rid;
361 refcount_set(&ctx->refcount, 1);
362 init_completion(&ctx->done);
364 timer_setup(&ctx->timer, ezusb_request_timerfn, 0);
368 static void ezusb_ctx_complete(struct request_context *ctx)
370 struct ezusb_priv *upriv = ctx->upriv;
373 spin_lock_irqsave(&upriv->req_lock, flags);
375 list_del_init(&ctx->list);
377 spin_unlock_irqrestore(&upriv->req_lock, flags);
378 ezusb_req_queue_run(upriv);
379 spin_lock_irqsave(&upriv->req_lock, flags);
382 switch (ctx->state) {
383 case EZUSB_CTX_COMPLETE:
384 case EZUSB_CTX_REQSUBMIT_FAIL:
385 case EZUSB_CTX_REQ_FAILED:
386 case EZUSB_CTX_REQ_TIMEOUT:
387 case EZUSB_CTX_RESP_TIMEOUT:
388 spin_unlock_irqrestore(&upriv->req_lock, flags);
390 if ((ctx->out_rid == EZUSB_RID_TX) && upriv->dev) {
391 struct net_device *dev = upriv->dev;
392 struct net_device_stats *stats = &dev->stats;
394 if (ctx->state != EZUSB_CTX_COMPLETE)
399 netif_wake_queue(dev);
401 complete_all(&ctx->done);
402 ezusb_request_context_put(ctx);
406 spin_unlock_irqrestore(&upriv->req_lock, flags);
408 /* This is normal, as all request contexts get flushed
409 * when the device is disconnected */
410 err("Called, CTX not terminating, but device gone");
411 complete_all(&ctx->done);
412 ezusb_request_context_put(ctx);
416 err("Called, CTX not in terminating state.");
417 /* Things are really bad if this happens. Just leak
418 * the CTX because it may still be linked to the
419 * queue or the OUT urb may still be active.
420 * Just leaking at least prevents an Oops or Panic.
427 * ezusb_req_queue_run:
429 * Note: Only one active CTX at any one time, because there's no
430 * other (reliable) way to match the response URB to the correct
433 static void ezusb_req_queue_run(struct ezusb_priv *upriv)
436 struct request_context *ctx;
439 spin_lock_irqsave(&upriv->req_lock, flags);
441 if (!list_empty(&upriv->req_active))
444 if (list_empty(&upriv->req_pending))
448 list_entry(upriv->req_pending.next, struct request_context,
451 if (!ctx->upriv->udev)
454 /* We need to split this off to avoid a race condition */
455 list_move_tail(&ctx->list, &upriv->req_active);
457 if (ctx->state == EZUSB_CTX_QUEUED) {
458 refcount_inc(&ctx->refcount);
459 result = usb_submit_urb(ctx->outurb, GFP_ATOMIC);
461 ctx->state = EZUSB_CTX_REQSUBMIT_FAIL;
463 spin_unlock_irqrestore(&upriv->req_lock, flags);
465 err("Fatal, failed to submit command urb."
466 " error=%d\n", result);
468 ezusb_ctx_complete(ctx);
469 ezusb_request_context_put(ctx);
473 ctx->state = EZUSB_CTX_REQ_SUBMITTED;
474 ezusb_mod_timer(ctx->upriv, &ctx->timer,
475 jiffies + DEF_TIMEOUT);
479 spin_unlock_irqrestore(&upriv->req_lock, flags);
485 static void ezusb_req_enqueue_run(struct ezusb_priv *upriv,
486 struct request_context *ctx)
490 spin_lock_irqsave(&upriv->req_lock, flags);
492 if (!ctx->upriv->udev) {
493 spin_unlock_irqrestore(&upriv->req_lock, flags);
496 refcount_inc(&ctx->refcount);
497 list_add_tail(&ctx->list, &upriv->req_pending);
498 spin_unlock_irqrestore(&upriv->req_lock, flags);
500 ctx->state = EZUSB_CTX_QUEUED;
501 ezusb_req_queue_run(upriv);
507 static void ezusb_request_out_callback(struct urb *urb)
510 enum ezusb_state state;
511 struct request_context *ctx = urb->context;
512 struct ezusb_priv *upriv = ctx->upriv;
514 spin_lock_irqsave(&upriv->req_lock, flags);
516 del_timer(&ctx->timer);
519 spin_unlock_irqrestore(&upriv->req_lock, flags);
520 pr_warn("interrupt called with dead ctx\n");
526 if (urb->status == 0) {
528 case EZUSB_CTX_REQ_SUBMITTED:
530 ctx->state = EZUSB_CTX_REQ_COMPLETE;
531 /* reply URB still pending */
532 ezusb_mod_timer(upriv, &ctx->timer,
533 jiffies + DEF_TIMEOUT);
534 spin_unlock_irqrestore(&upriv->req_lock,
539 case EZUSB_CTX_RESP_RECEIVED:
540 /* IN already received before this OUT-ACK */
541 ctx->state = EZUSB_CTX_COMPLETE;
542 spin_unlock_irqrestore(&upriv->req_lock, flags);
543 ezusb_ctx_complete(ctx);
547 spin_unlock_irqrestore(&upriv->req_lock, flags);
548 err("Unexpected state(0x%x, %d) in OUT URB",
553 /* If someone cancels the OUT URB then its status
554 * should be either -ECONNRESET or -ENOENT.
557 case EZUSB_CTX_REQ_SUBMITTED:
558 case EZUSB_CTX_RESP_RECEIVED:
559 ctx->state = EZUSB_CTX_REQ_FAILED;
562 case EZUSB_CTX_REQ_FAILED:
563 case EZUSB_CTX_REQ_TIMEOUT:
564 spin_unlock_irqrestore(&upriv->req_lock, flags);
566 ezusb_ctx_complete(ctx);
570 spin_unlock_irqrestore(&upriv->req_lock, flags);
572 err("Unexpected state(0x%x, %d) in OUT URB",
578 ezusb_request_context_put(ctx);
581 static void ezusb_request_in_callback(struct ezusb_priv *upriv,
584 struct ezusb_packet *ans = urb->transfer_buffer;
585 struct request_context *ctx = NULL;
586 enum ezusb_state state;
589 /* Find the CTX on the active queue that requested this URB */
590 spin_lock_irqsave(&upriv->req_lock, flags);
592 struct list_head *item;
594 list_for_each(item, &upriv->req_active) {
595 struct request_context *c;
598 c = list_entry(item, struct request_context, list);
600 ezusb_reply_inc(c->buf->req_reply_count);
601 if ((ans->ans_reply_count == reply_count)
602 && (le16_to_cpu(ans->hermes_rid) == c->in_rid)) {
606 netdev_dbg(upriv->dev, "Skipped (0x%x/0x%x) (%d/%d)\n",
607 le16_to_cpu(ans->hermes_rid), c->in_rid,
608 ans->ans_reply_count, reply_count);
613 spin_unlock_irqrestore(&upriv->req_lock, flags);
614 err("%s: got unexpected RID: 0x%04X", __func__,
615 le16_to_cpu(ans->hermes_rid));
616 ezusb_req_queue_run(upriv);
620 /* The data we want is in the in buffer, exchange */
621 urb->transfer_buffer = ctx->buf;
622 ctx->buf = (void *) ans;
623 ctx->buf_length = urb->actual_length;
627 case EZUSB_CTX_REQ_SUBMITTED:
628 /* We have received our response URB before
629 * our request has been acknowledged. Do NOT
630 * destroy our CTX yet, because our OUT URB
633 ctx->state = EZUSB_CTX_RESP_RECEIVED;
634 spin_unlock_irqrestore(&upriv->req_lock, flags);
636 /* Let the machine continue running. */
639 case EZUSB_CTX_REQ_COMPLETE:
640 /* This is the usual path: our request
641 * has already been acknowledged, and
642 * we have now received the reply.
644 ctx->state = EZUSB_CTX_COMPLETE;
646 /* Stop the intimer */
647 del_timer(&ctx->timer);
648 spin_unlock_irqrestore(&upriv->req_lock, flags);
650 /* Call the completion handler */
651 ezusb_ctx_complete(ctx);
655 spin_unlock_irqrestore(&upriv->req_lock, flags);
657 pr_warn("Matched IN URB, unexpected context state(0x%x)\n",
659 /* Throw this CTX away and try submitting another */
660 del_timer(&ctx->timer);
661 ctx->outurb->transfer_flags |= URB_ASYNC_UNLINK;
662 usb_unlink_urb(ctx->outurb);
663 ezusb_req_queue_run(upriv);
668 typedef void (*ezusb_ctx_wait)(struct ezusb_priv *, struct request_context *);
670 static void ezusb_req_ctx_wait_compl(struct ezusb_priv *upriv,
671 struct request_context *ctx)
673 switch (ctx->state) {
674 case EZUSB_CTX_QUEUED:
675 case EZUSB_CTX_REQ_SUBMITTED:
676 case EZUSB_CTX_REQ_COMPLETE:
677 case EZUSB_CTX_RESP_RECEIVED:
678 wait_for_completion(&ctx->done);
681 /* Done or failed - nothing to wait for */
686 static void ezusb_req_ctx_wait_poll(struct ezusb_priv *upriv,
687 struct request_context *ctx)
691 switch (ctx->state) {
692 case EZUSB_CTX_QUEUED:
693 case EZUSB_CTX_REQ_SUBMITTED:
694 case EZUSB_CTX_REQ_COMPLETE:
695 case EZUSB_CTX_RESP_RECEIVED:
696 /* If we get called from a timer or with our lock acquired, then
697 * we can't wait for the completion and have to poll. This won't
698 * happen if the USB controller completes the URB requests in
701 msecs = DEF_TIMEOUT * (1000 / HZ);
703 while (!try_wait_for_completion(&ctx->done) && msecs--)
707 /* Done or failed - nothing to wait for */
712 static void ezusb_req_ctx_wait_skip(struct ezusb_priv *upriv,
713 struct request_context *ctx)
715 WARN(1, "Shouldn't be invoked for in_rid\n");
718 static inline u16 build_crc(struct ezusb_packet *data)
721 u8 *bytes = (u8 *)data;
724 for (i = 0; i < 8; i++)
725 crc = (crc << 1) + bytes[i];
733 * if data == NULL and length > 0 the data is assumed to be already in
734 * the target buffer and only the header is filled.
737 static int ezusb_fill_req(struct ezusb_packet *req, u16 length, u16 rid,
738 const void *data, u16 frame_type, u8 reply_count)
740 int total_size = sizeof(*req) + length;
742 BUG_ON(total_size > BULK_BUF_SIZE);
744 req->magic = cpu_to_le16(EZUSB_MAGIC);
745 req->req_reply_count = reply_count;
746 req->ans_reply_count = 0;
747 req->frame_type = cpu_to_le16(frame_type);
748 req->size = cpu_to_le16(length + 4);
749 req->crc = cpu_to_le16(build_crc(req));
750 req->hermes_len = cpu_to_le16(HERMES_BYTES_TO_RECLEN(length));
751 req->hermes_rid = cpu_to_le16(rid);
753 memcpy(req->data, data, length);
757 static int ezusb_submit_in_urb(struct ezusb_priv *upriv)
760 void *cur_buf = upriv->read_urb->transfer_buffer;
762 if (upriv->read_urb->status == -EINPROGRESS) {
763 netdev_dbg(upriv->dev, "urb busy, not resubmiting\n");
767 usb_fill_bulk_urb(upriv->read_urb, upriv->udev, upriv->read_pipe,
768 cur_buf, BULK_BUF_SIZE,
769 ezusb_bulk_in_callback, upriv);
770 upriv->read_urb->transfer_flags = 0;
771 retval = usb_submit_urb(upriv->read_urb, GFP_ATOMIC);
773 err("%s submit failed %d", __func__, retval);
779 static inline int ezusb_8051_cpucs(struct ezusb_priv *upriv, int reset)
785 err("%s: !upriv->udev", __func__);
789 res_val = kmalloc(sizeof(*res_val), GFP_KERNEL);
794 *res_val = reset; /* avoid argument promotion */
796 ret = usb_control_msg(upriv->udev,
797 usb_sndctrlpipe(upriv->udev, 0),
798 EZUSB_REQUEST_FW_TRANS,
799 USB_TYPE_VENDOR | USB_RECIP_DEVICE |
800 USB_DIR_OUT, EZUSB_CPUCS_REG, 0, res_val,
801 sizeof(*res_val), DEF_TIMEOUT);
808 static int ezusb_firmware_download(struct ezusb_priv *upriv,
809 struct ez_usb_fw *fw)
815 fw_buffer = kmalloc(FW_BUF_SIZE, GFP_KERNEL);
817 printk(KERN_ERR PFX "Out of memory for firmware buffer.\n");
821 * This byte is 1 and should be replaced with 0. The offset is
822 * 0x10AD in version 0.0.6. The byte in question should follow
823 * the end of the code pointed to by the jump in the beginning
824 * of the firmware. Also, it is read by code located at 0x358.
826 variant_offset = be16_to_cpup((__be16 *) &fw->code[FW_VAR_OFFSET_PTR]);
827 if (variant_offset >= fw->size) {
828 printk(KERN_ERR PFX "Invalid firmware variant offset: "
829 "0x%04x\n", variant_offset);
834 retval = ezusb_8051_cpucs(upriv, 1);
837 for (addr = 0; addr < fw->size; addr += FW_BUF_SIZE) {
838 /* 0x100-0x300 should be left alone, it contains card
839 * specific data, like USB enumeration information */
840 if ((addr >= FW_HOLE_START) && (addr < FW_HOLE_END))
843 memcpy(fw_buffer, &fw->code[addr], FW_BUF_SIZE);
844 if (variant_offset >= addr &&
845 variant_offset < addr + FW_BUF_SIZE) {
846 netdev_dbg(upriv->dev,
847 "Patching card_variant byte at 0x%04X\n",
849 fw_buffer[variant_offset - addr] = FW_VAR_VALUE;
851 retval = usb_control_msg(upriv->udev,
852 usb_sndctrlpipe(upriv->udev, 0),
853 EZUSB_REQUEST_FW_TRANS,
854 USB_TYPE_VENDOR | USB_RECIP_DEVICE
857 fw_buffer, FW_BUF_SIZE,
863 retval = ezusb_8051_cpucs(upriv, 0);
869 printk(KERN_ERR PFX "Firmware download failed, error %d\n",
876 static int ezusb_access_ltv(struct ezusb_priv *upriv,
877 struct request_context *ctx,
878 u16 length, const void *data, u16 frame_type,
879 void *ans_buff, unsigned ans_size, u16 *ans_length,
880 ezusb_ctx_wait ezusb_ctx_wait_func)
884 enum ezusb_state state;
891 if (upriv->read_urb->status != -EINPROGRESS)
892 err("%s: in urb not pending", __func__);
894 /* protect upriv->reply_count, guarantee sequential numbers */
895 spin_lock_bh(&upriv->reply_count_lock);
896 req_size = ezusb_fill_req(ctx->buf, length, ctx->out_rid, data,
897 frame_type, upriv->reply_count);
898 usb_fill_bulk_urb(ctx->outurb, upriv->udev, upriv->write_pipe,
900 ezusb_request_out_callback, ctx);
903 upriv->reply_count = ezusb_reply_inc(upriv->reply_count);
905 ezusb_req_enqueue_run(upriv, ctx);
907 spin_unlock_bh(&upriv->reply_count_lock);
910 ezusb_ctx_wait_func(upriv, ctx);
914 case EZUSB_CTX_COMPLETE:
915 retval = ctx->outurb->status;
918 case EZUSB_CTX_QUEUED:
919 case EZUSB_CTX_REQ_SUBMITTED:
924 err("%s: Unexpected context state %d", __func__,
927 case EZUSB_CTX_REQ_TIMEOUT:
928 case EZUSB_CTX_REQ_FAILED:
929 case EZUSB_CTX_RESP_TIMEOUT:
930 case EZUSB_CTX_REQSUBMIT_FAIL:
931 printk(KERN_ERR PFX "Access failed, resetting (state %d,"
932 " reply_count %d)\n", state, upriv->reply_count);
933 upriv->reply_count = 0;
934 if (state == EZUSB_CTX_REQ_TIMEOUT
935 || state == EZUSB_CTX_RESP_TIMEOUT) {
936 printk(KERN_ERR PFX "ctx timed out\n");
939 printk(KERN_ERR PFX "ctx failed\n");
945 struct ezusb_packet *ans = ctx->buf;
948 if (ans->hermes_len != 0)
949 exp_len = le16_to_cpu(ans->hermes_len) * 2 + 12;
953 if (exp_len != ctx->buf_length) {
954 err("%s: length mismatch for RID 0x%04x: "
955 "expected %d, got %d", __func__,
956 ctx->in_rid, exp_len, ctx->buf_length);
962 memcpy(ans_buff, ans->data, min(exp_len, ans_size));
964 *ans_length = le16_to_cpu(ans->hermes_len);
967 ezusb_request_context_put(ctx);
971 static int __ezusb_write_ltv(struct hermes *hw, int bap, u16 rid,
972 u16 length, const void *data,
973 ezusb_ctx_wait ezusb_ctx_wait_func)
975 struct ezusb_priv *upriv = hw->priv;
977 struct request_context *ctx;
982 length = HERMES_RECLEN_TO_BYTES(length);
984 /* On memory mapped devices HERMES_RID_CNFGROUPADDRESSES can be
985 * set to be empty, but the USB bridge doesn't like it */
989 ctx = ezusb_alloc_ctx(upriv, rid, EZUSB_RID_ACK);
993 if (rid == EZUSB_RID_TX)
994 frame_type = EZUSB_FRAME_DATA;
996 frame_type = EZUSB_FRAME_CONTROL;
998 return ezusb_access_ltv(upriv, ctx, length, data, frame_type,
999 NULL, 0, NULL, ezusb_ctx_wait_func);
1002 static int ezusb_write_ltv(struct hermes *hw, int bap, u16 rid,
1003 u16 length, const void *data)
1005 return __ezusb_write_ltv(hw, bap, rid, length, data,
1006 ezusb_req_ctx_wait_poll);
1009 static int __ezusb_read_ltv(struct hermes *hw, int bap, u16 rid,
1010 unsigned bufsize, u16 *length, void *buf,
1011 ezusb_ctx_wait ezusb_ctx_wait_func)
1014 struct ezusb_priv *upriv = hw->priv;
1015 struct request_context *ctx;
1020 ctx = ezusb_alloc_ctx(upriv, rid, rid);
1024 return ezusb_access_ltv(upriv, ctx, 0, NULL, EZUSB_FRAME_CONTROL,
1025 buf, bufsize, length, ezusb_req_ctx_wait_poll);
1028 static int ezusb_read_ltv(struct hermes *hw, int bap, u16 rid,
1029 unsigned bufsize, u16 *length, void *buf)
1031 return __ezusb_read_ltv(hw, bap, rid, bufsize, length, buf,
1032 ezusb_req_ctx_wait_poll);
1035 static int ezusb_read_ltv_preempt(struct hermes *hw, int bap, u16 rid,
1036 unsigned bufsize, u16 *length, void *buf)
1038 return __ezusb_read_ltv(hw, bap, rid, bufsize, length, buf,
1039 ezusb_req_ctx_wait_compl);
1042 static int ezusb_doicmd_wait(struct hermes *hw, u16 cmd, u16 parm0, u16 parm1,
1043 u16 parm2, struct hermes_response *resp)
1049 static int __ezusb_docmd_wait(struct hermes *hw, u16 cmd, u16 parm0,
1050 struct hermes_response *resp,
1051 ezusb_ctx_wait ezusb_ctx_wait_func)
1053 struct ezusb_priv *upriv = hw->priv;
1054 struct request_context *ctx;
1062 netdev_dbg(upriv->dev, "0x%04X, parm0 0x%04X\n", cmd, parm0);
1063 ctx = ezusb_alloc_ctx(upriv, EZUSB_RID_DOCMD, EZUSB_RID_ACK);
1067 return ezusb_access_ltv(upriv, ctx, sizeof(data), &data,
1068 EZUSB_FRAME_CONTROL, NULL, 0, NULL,
1069 ezusb_ctx_wait_func);
1072 static int ezusb_docmd_wait(struct hermes *hw, u16 cmd, u16 parm0,
1073 struct hermes_response *resp)
1075 return __ezusb_docmd_wait(hw, cmd, parm0, resp, ezusb_req_ctx_wait_poll);
1078 static int ezusb_bap_pread(struct hermes *hw, int bap,
1079 void *buf, int len, u16 id, u16 offset)
1081 struct ezusb_priv *upriv = hw->priv;
1082 struct ezusb_packet *ans = (void *) upriv->read_urb->transfer_buffer;
1083 int actual_length = upriv->read_urb->actual_length;
1085 if (id == EZUSB_RID_RX) {
1086 if ((sizeof(*ans) + offset + len) > actual_length) {
1087 printk(KERN_ERR PFX "BAP read beyond buffer end "
1091 memcpy(buf, ans->data + offset, len);
1095 if (EZUSB_IS_INFO(id)) {
1096 /* Include 4 bytes for length/type */
1097 if ((sizeof(*ans) + offset + len - 4) > actual_length) {
1098 printk(KERN_ERR PFX "BAP read beyond buffer end "
1102 memcpy(buf, ans->data + offset - 4, len);
1104 printk(KERN_ERR PFX "Unexpected fid 0x%04x\n", id);
1111 static int ezusb_read_pda(struct hermes *hw, __le16 *pda,
1112 u32 pda_addr, u16 pda_len)
1114 struct ezusb_priv *upriv = hw->priv;
1115 struct request_context *ctx;
1117 cpu_to_le16(pda_addr & 0xffff),
1118 cpu_to_le16(pda_len - 4)
1120 ctx = ezusb_alloc_ctx(upriv, EZUSB_RID_READ_PDA, EZUSB_RID_READ_PDA);
1124 /* wl_lkm does not include PDA size in the PDA area.
1125 * We will pad the information into pda, so other routines
1126 * don't have to be modified */
1127 pda[0] = cpu_to_le16(pda_len - 2);
1128 /* Includes CFG_PROD_DATA but not itself */
1129 pda[1] = cpu_to_le16(0x0800); /* CFG_PROD_DATA */
1131 return ezusb_access_ltv(upriv, ctx, sizeof(data), &data,
1132 EZUSB_FRAME_CONTROL, &pda[2], pda_len - 4,
1133 NULL, ezusb_req_ctx_wait_compl);
1136 static int ezusb_program_init(struct hermes *hw, u32 entry_point)
1138 struct ezusb_priv *upriv = hw->priv;
1139 struct request_context *ctx;
1140 __le32 data = cpu_to_le32(entry_point);
1142 ctx = ezusb_alloc_ctx(upriv, EZUSB_RID_PROG_INIT, EZUSB_RID_ACK);
1146 return ezusb_access_ltv(upriv, ctx, sizeof(data), &data,
1147 EZUSB_FRAME_CONTROL, NULL, 0, NULL,
1148 ezusb_req_ctx_wait_compl);
1151 static int ezusb_program_end(struct hermes *hw)
1153 struct ezusb_priv *upriv = hw->priv;
1154 struct request_context *ctx;
1156 ctx = ezusb_alloc_ctx(upriv, EZUSB_RID_PROG_END, EZUSB_RID_ACK);
1160 return ezusb_access_ltv(upriv, ctx, 0, NULL,
1161 EZUSB_FRAME_CONTROL, NULL, 0, NULL,
1162 ezusb_req_ctx_wait_compl);
1165 static int ezusb_program_bytes(struct hermes *hw, const char *buf,
1168 struct ezusb_priv *upriv = hw->priv;
1169 struct request_context *ctx;
1170 __le32 data = cpu_to_le32(addr);
1173 ctx = ezusb_alloc_ctx(upriv, EZUSB_RID_PROG_SET_ADDR, EZUSB_RID_ACK);
1177 err = ezusb_access_ltv(upriv, ctx, sizeof(data), &data,
1178 EZUSB_FRAME_CONTROL, NULL, 0, NULL,
1179 ezusb_req_ctx_wait_compl);
1183 ctx = ezusb_alloc_ctx(upriv, EZUSB_RID_PROG_BYTES, EZUSB_RID_ACK);
1187 return ezusb_access_ltv(upriv, ctx, len, buf,
1188 EZUSB_FRAME_CONTROL, NULL, 0, NULL,
1189 ezusb_req_ctx_wait_compl);
1192 static int ezusb_program(struct hermes *hw, const char *buf,
1199 /* We can only send 2048 bytes out of the bulk xmit at a time,
1200 * so we have to split any programming into chunks of <2048
1203 ch_len = (len < MAX_DL_SIZE) ? len : MAX_DL_SIZE;
1206 while (ch_addr < (addr + len)) {
1207 pr_debug("Programming subblock of length %d "
1208 "to address 0x%08x. Data @ %p\n",
1209 ch_len, ch_addr, &buf[ch_addr - addr]);
1211 err = ezusb_program_bytes(hw, &buf[ch_addr - addr],
1217 ch_len = ((addr + len - ch_addr) < MAX_DL_SIZE) ?
1218 (addr + len - ch_addr) : MAX_DL_SIZE;
1224 static netdev_tx_t ezusb_xmit(struct sk_buff *skb, struct net_device *dev)
1226 struct orinoco_private *priv = ndev_priv(dev);
1227 struct net_device_stats *stats = &dev->stats;
1228 struct ezusb_priv *upriv = priv->card;
1229 u8 mic[MICHAEL_MIC_LEN + 1];
1232 unsigned long flags;
1233 struct request_context *ctx;
1237 if (!netif_running(dev)) {
1238 printk(KERN_ERR "%s: Tx on stopped device!\n",
1240 return NETDEV_TX_BUSY;
1243 if (netif_queue_stopped(dev)) {
1244 printk(KERN_DEBUG "%s: Tx while transmitter busy!\n",
1246 return NETDEV_TX_BUSY;
1249 if (orinoco_lock(priv, &flags) != 0) {
1251 "%s: ezusb_xmit() called while hw_unavailable\n",
1253 return NETDEV_TX_BUSY;
1256 if (!netif_carrier_ok(dev) ||
1257 (priv->iw_mode == NL80211_IFTYPE_MONITOR)) {
1258 /* Oops, the firmware hasn't established a connection,
1259 silently drop the packet (this seems to be the
1260 safest approach). */
1264 /* Check packet length */
1265 if (skb->len < ETH_HLEN)
1270 err = orinoco_process_xmit_skb(skb, dev, priv, &tx_control,
1275 ctx = ezusb_alloc_ctx(upriv, EZUSB_RID_TX, 0);
1279 memset(ctx->buf, 0, BULK_BUF_SIZE);
1280 buf = ctx->buf->data;
1283 __le16 *tx_cntl = (__le16 *)buf;
1284 *tx_cntl = cpu_to_le16(tx_control);
1285 buf += sizeof(*tx_cntl);
1288 memcpy(buf, skb->data, skb->len);
1291 if (tx_control & HERMES_TXCTRL_MIC) {
1293 /* Mic has been offset so it can be copied to an even
1294 * address. We're copying eveything anyway, so we
1295 * don't need to copy that first byte. */
1298 memcpy(buf, m, MICHAEL_MIC_LEN);
1299 buf += MICHAEL_MIC_LEN;
1302 /* Finally, we actually initiate the send */
1303 netif_stop_queue(dev);
1305 /* The card may behave better if we send evenly sized usb transfers */
1306 tx_size = ALIGN(buf - ctx->buf->data, 2);
1308 err = ezusb_access_ltv(upriv, ctx, tx_size, NULL,
1309 EZUSB_FRAME_DATA, NULL, 0, NULL,
1310 ezusb_req_ctx_wait_skip);
1313 netif_start_queue(dev);
1314 if (net_ratelimit())
1315 printk(KERN_ERR "%s: Error %d transmitting packet\n",
1320 netif_trans_update(dev);
1321 stats->tx_bytes += skb->len;
1326 stats->tx_dropped++;
1329 orinoco_unlock(priv, &flags);
1331 return NETDEV_TX_OK;
1334 orinoco_unlock(priv, &flags);
1335 return NETDEV_TX_BUSY;
1338 static int ezusb_allocate(struct hermes *hw, u16 size, u16 *fid)
1340 *fid = EZUSB_RID_TX;
1345 static int ezusb_hard_reset(struct orinoco_private *priv)
1347 struct ezusb_priv *upriv = priv->card;
1348 int retval = ezusb_8051_cpucs(upriv, 1);
1351 err("Failed to reset");
1355 retval = ezusb_8051_cpucs(upriv, 0);
1357 err("Failed to unreset");
1361 netdev_dbg(upriv->dev, "sending control message\n");
1362 retval = usb_control_msg(upriv->udev,
1363 usb_sndctrlpipe(upriv->udev, 0),
1364 EZUSB_REQUEST_TRIGGER,
1365 USB_TYPE_VENDOR | USB_RECIP_DEVICE |
1366 USB_DIR_OUT, 0x0, 0x0, NULL, 0,
1369 err("EZUSB_REQUEST_TRIGGER failed retval %d", retval);
1373 dbg("Sending EZUSB_REQUEST_TRIG_AC");
1374 retval = usb_control_msg(upriv->udev,
1375 usb_sndctrlpipe(upriv->udev, 0),
1376 EZUSB_REQUEST_TRIG_AC,
1377 USB_TYPE_VENDOR | USB_RECIP_DEVICE |
1378 USB_DIR_OUT, 0x00FA, 0x0, NULL, 0,
1381 err("EZUSB_REQUEST_TRIG_AC failed retval %d", retval);
1390 static int ezusb_init(struct hermes *hw)
1392 struct ezusb_priv *upriv = hw->priv;
1398 upriv->reply_count = 0;
1399 /* Write the MAGIC number on the simulated registers to keep
1400 * orinoco.c happy */
1401 hermes_write_regn(hw, SWSUPPORT0, HERMES_MAGIC);
1402 hermes_write_regn(hw, RXFID, EZUSB_RID_RX);
1404 usb_kill_urb(upriv->read_urb);
1405 ezusb_submit_in_urb(upriv);
1407 retval = __ezusb_write_ltv(hw, 0, EZUSB_RID_INIT1,
1408 HERMES_BYTES_TO_RECLEN(2), "\x10\x00",
1409 ezusb_req_ctx_wait_compl);
1411 printk(KERN_ERR PFX "EZUSB_RID_INIT1 error %d\n", retval);
1415 retval = __ezusb_docmd_wait(hw, HERMES_CMD_INIT, 0, NULL,
1416 ezusb_req_ctx_wait_compl);
1418 printk(KERN_ERR PFX "HERMES_CMD_INIT error %d\n", retval);
1425 static void ezusb_bulk_in_callback(struct urb *urb)
1427 struct ezusb_priv *upriv = (struct ezusb_priv *) urb->context;
1428 struct ezusb_packet *ans = urb->transfer_buffer;
1432 if (upriv->udev == NULL)
1435 if (urb->status == -ETIMEDOUT) {
1436 /* When a device gets unplugged we get this every time
1437 * we resubmit, flooding the logs. Since we don't use
1438 * USB timeouts, it shouldn't happen any other time*/
1439 pr_warn("%s: urb timed out, not resubmitting\n", __func__);
1442 if (urb->status == -ECONNABORTED) {
1443 pr_warn("%s: connection abort, resubmitting urb\n",
1447 if ((urb->status == -EILSEQ)
1448 || (urb->status == -ENOENT)
1449 || (urb->status == -ECONNRESET)) {
1450 netdev_dbg(upriv->dev, "status %d, not resubmiting\n",
1455 netdev_dbg(upriv->dev, "status: %d length: %d\n",
1456 urb->status, urb->actual_length);
1457 if (urb->actual_length < sizeof(*ans)) {
1458 err("%s: short read, ignoring", __func__);
1461 crc = build_crc(ans);
1462 if (le16_to_cpu(ans->crc) != crc) {
1463 err("CRC error, ignoring packet");
1467 hermes_rid = le16_to_cpu(ans->hermes_rid);
1468 if ((hermes_rid != EZUSB_RID_RX) && !EZUSB_IS_INFO(hermes_rid)) {
1469 ezusb_request_in_callback(upriv, urb);
1470 } else if (upriv->dev) {
1471 struct net_device *dev = upriv->dev;
1472 struct orinoco_private *priv = ndev_priv(dev);
1473 struct hermes *hw = &priv->hw;
1475 if (hermes_rid == EZUSB_RID_RX) {
1476 __orinoco_ev_rx(dev, hw);
1478 hermes_write_regn(hw, INFOFID,
1479 le16_to_cpu(ans->hermes_rid));
1480 __orinoco_ev_info(dev, hw);
1486 ezusb_submit_in_urb(upriv);
1489 static inline void ezusb_delete(struct ezusb_priv *upriv)
1491 struct list_head *item;
1492 struct list_head *tmp_item;
1493 unsigned long flags;
1497 mutex_lock(&upriv->mtx);
1499 upriv->udev = NULL; /* No timer will be rearmed from here */
1501 usb_kill_urb(upriv->read_urb);
1503 spin_lock_irqsave(&upriv->req_lock, flags);
1504 list_for_each_safe(item, tmp_item, &upriv->req_active) {
1505 struct request_context *ctx;
1508 ctx = list_entry(item, struct request_context, list);
1509 refcount_inc(&ctx->refcount);
1511 ctx->outurb->transfer_flags |= URB_ASYNC_UNLINK;
1512 err = usb_unlink_urb(ctx->outurb);
1514 spin_unlock_irqrestore(&upriv->req_lock, flags);
1515 if (err == -EINPROGRESS)
1516 wait_for_completion(&ctx->done);
1518 del_timer_sync(&ctx->timer);
1519 /* FIXME: there is an slight chance for the irq handler to
1521 if (!list_empty(&ctx->list))
1522 ezusb_ctx_complete(ctx);
1524 ezusb_request_context_put(ctx);
1525 spin_lock_irqsave(&upriv->req_lock, flags);
1527 spin_unlock_irqrestore(&upriv->req_lock, flags);
1529 list_for_each_safe(item, tmp_item, &upriv->req_pending)
1530 ezusb_ctx_complete(list_entry(item,
1531 struct request_context, list));
1533 if (upriv->read_urb && upriv->read_urb->status == -EINPROGRESS)
1534 printk(KERN_ERR PFX "Some URB in progress\n");
1536 mutex_unlock(&upriv->mtx);
1538 if (upriv->read_urb) {
1539 kfree(upriv->read_urb->transfer_buffer);
1540 usb_free_urb(upriv->read_urb);
1542 kfree(upriv->bap_buf);
1544 struct orinoco_private *priv = ndev_priv(upriv->dev);
1545 orinoco_if_del(priv);
1546 wiphy_unregister(priv_to_wiphy(upriv));
1547 free_orinocodev(priv);
1551 static void ezusb_lock_irqsave(spinlock_t *lock,
1552 unsigned long *flags) __acquires(lock)
1557 static void ezusb_unlock_irqrestore(spinlock_t *lock,
1558 unsigned long *flags) __releases(lock)
1560 spin_unlock_bh(lock);
1563 static void ezusb_lock_irq(spinlock_t *lock) __acquires(lock)
1568 static void ezusb_unlock_irq(spinlock_t *lock) __releases(lock)
1570 spin_unlock_bh(lock);
1573 static const struct hermes_ops ezusb_ops = {
1575 .cmd_wait = ezusb_docmd_wait,
1576 .init_cmd_wait = ezusb_doicmd_wait,
1577 .allocate = ezusb_allocate,
1578 .read_ltv = ezusb_read_ltv,
1579 .read_ltv_pr = ezusb_read_ltv_preempt,
1580 .write_ltv = ezusb_write_ltv,
1581 .bap_pread = ezusb_bap_pread,
1582 .read_pda = ezusb_read_pda,
1583 .program_init = ezusb_program_init,
1584 .program_end = ezusb_program_end,
1585 .program = ezusb_program,
1586 .lock_irqsave = ezusb_lock_irqsave,
1587 .unlock_irqrestore = ezusb_unlock_irqrestore,
1588 .lock_irq = ezusb_lock_irq,
1589 .unlock_irq = ezusb_unlock_irq,
1592 static const struct net_device_ops ezusb_netdev_ops = {
1593 .ndo_open = orinoco_open,
1594 .ndo_stop = orinoco_stop,
1595 .ndo_start_xmit = ezusb_xmit,
1596 .ndo_set_rx_mode = orinoco_set_multicast_list,
1597 .ndo_change_mtu = orinoco_change_mtu,
1598 .ndo_set_mac_address = eth_mac_addr,
1599 .ndo_validate_addr = eth_validate_addr,
1600 .ndo_tx_timeout = orinoco_tx_timeout,
1603 static int ezusb_probe(struct usb_interface *interface,
1604 const struct usb_device_id *id)
1606 struct usb_device *udev = interface_to_usbdev(interface);
1607 struct orinoco_private *priv;
1609 struct ezusb_priv *upriv = NULL;
1610 struct usb_interface_descriptor *iface_desc;
1611 struct usb_endpoint_descriptor *ep;
1612 const struct firmware *fw_entry = NULL;
1616 priv = alloc_orinocodev(sizeof(*upriv), &udev->dev,
1617 ezusb_hard_reset, NULL);
1619 err("Couldn't allocate orinocodev");
1628 mutex_init(&upriv->mtx);
1629 spin_lock_init(&upriv->reply_count_lock);
1631 spin_lock_init(&upriv->req_lock);
1632 INIT_LIST_HEAD(&upriv->req_pending);
1633 INIT_LIST_HEAD(&upriv->req_active);
1637 hw->iobase = (void __force __iomem *) &upriv->hermes_reg_fake;
1638 hw->reg_spacing = HERMES_16BIT_REGSPACING;
1640 hw->ops = &ezusb_ops;
1642 /* set up the endpoint information */
1643 /* check out the endpoints */
1645 iface_desc = &interface->cur_altsetting->desc;
1646 for (i = 0; i < iface_desc->bNumEndpoints; ++i) {
1647 ep = &interface->cur_altsetting->endpoint[i].desc;
1649 if (usb_endpoint_is_bulk_in(ep)) {
1650 /* we found a bulk in endpoint */
1651 if (upriv->read_urb != NULL) {
1652 pr_warn("Found a second bulk in ep, ignored\n");
1656 upriv->read_urb = usb_alloc_urb(0, GFP_KERNEL);
1657 if (!upriv->read_urb)
1659 if (le16_to_cpu(ep->wMaxPacketSize) != 64)
1660 pr_warn("bulk in: wMaxPacketSize!= 64\n");
1661 if (ep->bEndpointAddress != (2 | USB_DIR_IN))
1662 pr_warn("bulk in: bEndpointAddress: %d\n",
1663 ep->bEndpointAddress);
1664 upriv->read_pipe = usb_rcvbulkpipe(udev,
1667 upriv->read_urb->transfer_buffer =
1668 kmalloc(BULK_BUF_SIZE, GFP_KERNEL);
1669 if (!upriv->read_urb->transfer_buffer) {
1670 err("Couldn't allocate IN buffer");
1675 if (usb_endpoint_is_bulk_out(ep)) {
1676 /* we found a bulk out endpoint */
1677 if (upriv->bap_buf != NULL) {
1678 pr_warn("Found a second bulk out ep, ignored\n");
1682 if (le16_to_cpu(ep->wMaxPacketSize) != 64)
1683 pr_warn("bulk out: wMaxPacketSize != 64\n");
1684 if (ep->bEndpointAddress != 2)
1685 pr_warn("bulk out: bEndpointAddress: %d\n",
1686 ep->bEndpointAddress);
1687 upriv->write_pipe = usb_sndbulkpipe(udev,
1690 upriv->bap_buf = kmalloc(BULK_BUF_SIZE, GFP_KERNEL);
1691 if (!upriv->bap_buf) {
1692 err("Couldn't allocate bulk_out_buffer");
1697 if (!upriv->bap_buf || !upriv->read_urb) {
1698 err("Didn't find the required bulk endpoints");
1702 if (reject_firmware(&fw_entry, "/*(DEBLOBBED)*/",
1703 &interface->dev) == 0) {
1704 firmware.size = fw_entry->size;
1705 firmware.code = fw_entry->data;
1707 if (firmware.size && firmware.code) {
1708 if (ezusb_firmware_download(upriv, &firmware) < 0)
1711 err("No firmware to download");
1715 if (ezusb_hard_reset(priv) < 0) {
1716 err("Cannot reset the device");
1720 /* If the firmware is already downloaded orinoco.c will call
1721 * ezusb_init but if the firmware is not already there, that will make
1722 * the kernel very unstable, so we try initializing here and quit in
1724 if (ezusb_init(hw) < 0) {
1725 err("Couldn't initialize the device");
1726 err("Firmware may not be downloaded or may be wrong.");
1730 /* Initialise the main driver */
1731 if (orinoco_init(priv) != 0) {
1732 err("orinoco_init() failed\n");
1736 if (orinoco_if_add(priv, 0, 0, &ezusb_netdev_ops) != 0) {
1738 err("%s: orinoco_if_add() failed", __func__);
1739 wiphy_unregister(priv_to_wiphy(priv));
1742 upriv->dev = priv->ndev;
1747 ezusb_delete(upriv);
1749 /* upriv->dev was 0, so ezusb_delete() didn't free it */
1750 free_orinocodev(priv);
1756 firmware.code = NULL;
1758 release_firmware(fw_entry);
1760 usb_set_intfdata(interface, upriv);
1765 static void ezusb_disconnect(struct usb_interface *intf)
1767 struct ezusb_priv *upriv = usb_get_intfdata(intf);
1768 usb_set_intfdata(intf, NULL);
1769 ezusb_delete(upriv);
1770 printk(KERN_INFO PFX "Disconnected\n");
1774 /* usb specific object needed to register this driver with the usb subsystem */
1775 static struct usb_driver orinoco_driver = {
1776 .name = DRIVER_NAME,
1777 .probe = ezusb_probe,
1778 .disconnect = ezusb_disconnect,
1779 .id_table = ezusb_table,
1780 .disable_hub_initiated_lpm = 1,
1783 module_usb_driver(orinoco_driver);
1785 MODULE_AUTHOR("Manuel Estrada Sainz");
1786 MODULE_DESCRIPTION("Driver for Orinoco wireless LAN cards using EZUSB bridge");
1787 MODULE_LICENSE("Dual MPL/GPL");
projects / releases.git / blob