orinoco: fix TKIP countermeasure behaviour
[~shefty/rdma-dev.git] / drivers / net / wireless / ath / ath9k / hif_usb.c
1 /*
2  * Copyright (c) 2010 Atheros Communications Inc.
3  *
4  * Permission to use, copy, modify, and/or distribute this software for any
5  * purpose with or without fee is hereby granted, provided that the above
6  * copyright notice and this permission notice appear in all copies.
7  *
8  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15  */
16
17 #include "htc.h"
18
19 /* identify firmware images */
20 #define FIRMWARE_AR7010         "ar7010.fw"
21 #define FIRMWARE_AR7010_1_1     "ar7010_1_1.fw"
22 #define FIRMWARE_AR9271         "ar9271.fw"
23
24 MODULE_FIRMWARE(FIRMWARE_AR7010);
25 MODULE_FIRMWARE(FIRMWARE_AR7010_1_1);
26 MODULE_FIRMWARE(FIRMWARE_AR9271);
27
28 static struct usb_device_id ath9k_hif_usb_ids[] = {
29         { USB_DEVICE(0x0cf3, 0x9271) }, /* Atheros */
30         { USB_DEVICE(0x0cf3, 0x1006) }, /* Atheros */
31         { USB_DEVICE(0x0cf3, 0x7010) }, /* Atheros */
32         { USB_DEVICE(0x0cf3, 0x7015) }, /* Atheros */
33         { USB_DEVICE(0x0846, 0x9030) }, /* Netgear N150 */
34         { USB_DEVICE(0x0846, 0x9018) }, /* Netgear WNDA3200 */
35         { USB_DEVICE(0x07D1, 0x3A10) }, /* Dlink Wireless 150 */
36         { USB_DEVICE(0x13D3, 0x3327) }, /* Azurewave */
37         { USB_DEVICE(0x13D3, 0x3328) }, /* Azurewave */
38         { USB_DEVICE(0x13D3, 0x3346) }, /* IMC Networks */
39         { USB_DEVICE(0x13D3, 0x3348) }, /* Azurewave */
40         { USB_DEVICE(0x13D3, 0x3349) }, /* Azurewave */
41         { USB_DEVICE(0x13D3, 0x3350) }, /* Azurewave */
42         { USB_DEVICE(0x04CA, 0x4605) }, /* Liteon */
43         { USB_DEVICE(0x083A, 0xA704) }, /* SMC Networks */
44         { USB_DEVICE(0x040D, 0x3801) }, /* VIA */
45         { USB_DEVICE(0x1668, 0x1200) }, /* Verizon */
46         { },
47 };
48
49 MODULE_DEVICE_TABLE(usb, ath9k_hif_usb_ids);
50
51 static int __hif_usb_tx(struct hif_device_usb *hif_dev);
52
53 static void hif_usb_regout_cb(struct urb *urb)
54 {
55         struct cmd_buf *cmd = (struct cmd_buf *)urb->context;
56
57         switch (urb->status) {
58         case 0:
59                 break;
60         case -ENOENT:
61         case -ECONNRESET:
62         case -ENODEV:
63         case -ESHUTDOWN:
64                 goto free;
65         default:
66                 break;
67         }
68
69         if (cmd) {
70                 ath9k_htc_txcompletion_cb(cmd->hif_dev->htc_handle,
71                                           cmd->skb, 1);
72                 kfree(cmd);
73         }
74
75         return;
76 free:
77         kfree_skb(cmd->skb);
78         kfree(cmd);
79 }
80
81 static int hif_usb_send_regout(struct hif_device_usb *hif_dev,
82                                struct sk_buff *skb)
83 {
84         struct urb *urb;
85         struct cmd_buf *cmd;
86         int ret = 0;
87
88         urb = usb_alloc_urb(0, GFP_KERNEL);
89         if (urb == NULL)
90                 return -ENOMEM;
91
92         cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
93         if (cmd == NULL) {
94                 usb_free_urb(urb);
95                 return -ENOMEM;
96         }
97
98         cmd->skb = skb;
99         cmd->hif_dev = hif_dev;
100
101         usb_fill_bulk_urb(urb, hif_dev->udev,
102                          usb_sndbulkpipe(hif_dev->udev, USB_REG_OUT_PIPE),
103                          skb->data, skb->len,
104                          hif_usb_regout_cb, cmd);
105
106         usb_anchor_urb(urb, &hif_dev->regout_submitted);
107         ret = usb_submit_urb(urb, GFP_KERNEL);
108         if (ret) {
109                 usb_unanchor_urb(urb);
110                 kfree(cmd);
111         }
112         usb_free_urb(urb);
113
114         return ret;
115 }
116
117 static inline void ath9k_skb_queue_purge(struct hif_device_usb *hif_dev,
118                                          struct sk_buff_head *list)
119 {
120         struct sk_buff *skb;
121
122         while ((skb = __skb_dequeue(list)) != NULL) {
123                 dev_kfree_skb_any(skb);
124                 TX_STAT_INC(skb_dropped);
125         }
126 }
127
128 static void hif_usb_tx_cb(struct urb *urb)
129 {
130         struct tx_buf *tx_buf = (struct tx_buf *) urb->context;
131         struct hif_device_usb *hif_dev;
132         struct sk_buff *skb;
133
134         if (!tx_buf || !tx_buf->hif_dev)
135                 return;
136
137         hif_dev = tx_buf->hif_dev;
138
139         switch (urb->status) {
140         case 0:
141                 break;
142         case -ENOENT:
143         case -ECONNRESET:
144         case -ENODEV:
145         case -ESHUTDOWN:
146                 /*
147                  * The URB has been killed, free the SKBs
148                  * and return.
149                  */
150                 ath9k_skb_queue_purge(hif_dev, &tx_buf->skb_queue);
151                 return;
152         default:
153                 break;
154         }
155
156         /* Check if TX has been stopped */
157         spin_lock(&hif_dev->tx.tx_lock);
158         if (hif_dev->tx.flags & HIF_USB_TX_STOP) {
159                 spin_unlock(&hif_dev->tx.tx_lock);
160                 ath9k_skb_queue_purge(hif_dev, &tx_buf->skb_queue);
161                 goto add_free;
162         }
163         spin_unlock(&hif_dev->tx.tx_lock);
164
165         /* Complete the queued SKBs. */
166         while ((skb = __skb_dequeue(&tx_buf->skb_queue)) != NULL) {
167                 ath9k_htc_txcompletion_cb(hif_dev->htc_handle,
168                                           skb, 1);
169                 TX_STAT_INC(skb_completed);
170         }
171
172 add_free:
173         /* Re-initialize the SKB queue */
174         tx_buf->len = tx_buf->offset = 0;
175         __skb_queue_head_init(&tx_buf->skb_queue);
176
177         /* Add this TX buffer to the free list */
178         spin_lock(&hif_dev->tx.tx_lock);
179         list_move_tail(&tx_buf->list, &hif_dev->tx.tx_buf);
180         hif_dev->tx.tx_buf_cnt++;
181         if (!(hif_dev->tx.flags & HIF_USB_TX_STOP))
182                 __hif_usb_tx(hif_dev); /* Check for pending SKBs */
183         TX_STAT_INC(buf_completed);
184         spin_unlock(&hif_dev->tx.tx_lock);
185 }
186
187 /* TX lock has to be taken */
188 static int __hif_usb_tx(struct hif_device_usb *hif_dev)
189 {
190         struct tx_buf *tx_buf = NULL;
191         struct sk_buff *nskb = NULL;
192         int ret = 0, i;
193         u16 *hdr, tx_skb_cnt = 0;
194         u8 *buf;
195
196         if (hif_dev->tx.tx_skb_cnt == 0)
197                 return 0;
198
199         /* Check if a free TX buffer is available */
200         if (list_empty(&hif_dev->tx.tx_buf))
201                 return 0;
202
203         tx_buf = list_first_entry(&hif_dev->tx.tx_buf, struct tx_buf, list);
204         list_move_tail(&tx_buf->list, &hif_dev->tx.tx_pending);
205         hif_dev->tx.tx_buf_cnt--;
206
207         tx_skb_cnt = min_t(u16, hif_dev->tx.tx_skb_cnt, MAX_TX_AGGR_NUM);
208
209         for (i = 0; i < tx_skb_cnt; i++) {
210                 nskb = __skb_dequeue(&hif_dev->tx.tx_skb_queue);
211
212                 /* Should never be NULL */
213                 BUG_ON(!nskb);
214
215                 hif_dev->tx.tx_skb_cnt--;
216
217                 buf = tx_buf->buf;
218                 buf += tx_buf->offset;
219                 hdr = (u16 *)buf;
220                 *hdr++ = nskb->len;
221                 *hdr++ = ATH_USB_TX_STREAM_MODE_TAG;
222                 buf += 4;
223                 memcpy(buf, nskb->data, nskb->len);
224                 tx_buf->len = nskb->len + 4;
225
226                 if (i < (tx_skb_cnt - 1))
227                         tx_buf->offset += (((tx_buf->len - 1) / 4) + 1) * 4;
228
229                 if (i == (tx_skb_cnt - 1))
230                         tx_buf->len += tx_buf->offset;
231
232                 __skb_queue_tail(&tx_buf->skb_queue, nskb);
233                 TX_STAT_INC(skb_queued);
234         }
235
236         usb_fill_bulk_urb(tx_buf->urb, hif_dev->udev,
237                           usb_sndbulkpipe(hif_dev->udev, USB_WLAN_TX_PIPE),
238                           tx_buf->buf, tx_buf->len,
239                           hif_usb_tx_cb, tx_buf);
240
241         ret = usb_submit_urb(tx_buf->urb, GFP_ATOMIC);
242         if (ret) {
243                 tx_buf->len = tx_buf->offset = 0;
244                 ath9k_skb_queue_purge(hif_dev, &tx_buf->skb_queue);
245                 __skb_queue_head_init(&tx_buf->skb_queue);
246                 list_move_tail(&tx_buf->list, &hif_dev->tx.tx_buf);
247                 hif_dev->tx.tx_buf_cnt++;
248         }
249
250         if (!ret)
251                 TX_STAT_INC(buf_queued);
252
253         return ret;
254 }
255
256 static int hif_usb_send_tx(struct hif_device_usb *hif_dev, struct sk_buff *skb,
257                            struct ath9k_htc_tx_ctl *tx_ctl)
258 {
259         unsigned long flags;
260
261         spin_lock_irqsave(&hif_dev->tx.tx_lock, flags);
262
263         if (hif_dev->tx.flags & HIF_USB_TX_STOP) {
264                 spin_unlock_irqrestore(&hif_dev->tx.tx_lock, flags);
265                 return -ENODEV;
266         }
267
268         /* Check if the max queue count has been reached */
269         if (hif_dev->tx.tx_skb_cnt > MAX_TX_BUF_NUM) {
270                 spin_unlock_irqrestore(&hif_dev->tx.tx_lock, flags);
271                 return -ENOMEM;
272         }
273
274         __skb_queue_tail(&hif_dev->tx.tx_skb_queue, skb);
275         hif_dev->tx.tx_skb_cnt++;
276
277         /* Send normal frames immediately */
278         if (!tx_ctl || (tx_ctl && (tx_ctl->type == ATH9K_HTC_NORMAL)))
279                 __hif_usb_tx(hif_dev);
280
281         /* Check if AMPDUs have to be sent immediately */
282         if (tx_ctl && (tx_ctl->type == ATH9K_HTC_AMPDU) &&
283             (hif_dev->tx.tx_buf_cnt == MAX_TX_URB_NUM) &&
284             (hif_dev->tx.tx_skb_cnt < 2)) {
285                 __hif_usb_tx(hif_dev);
286         }
287
288         spin_unlock_irqrestore(&hif_dev->tx.tx_lock, flags);
289
290         return 0;
291 }
292
293 static void hif_usb_start(void *hif_handle, u8 pipe_id)
294 {
295         struct hif_device_usb *hif_dev = (struct hif_device_usb *)hif_handle;
296         unsigned long flags;
297
298         hif_dev->flags |= HIF_USB_START;
299
300         spin_lock_irqsave(&hif_dev->tx.tx_lock, flags);
301         hif_dev->tx.flags &= ~HIF_USB_TX_STOP;
302         spin_unlock_irqrestore(&hif_dev->tx.tx_lock, flags);
303 }
304
305 static void hif_usb_stop(void *hif_handle, u8 pipe_id)
306 {
307         struct hif_device_usb *hif_dev = (struct hif_device_usb *)hif_handle;
308         unsigned long flags;
309
310         spin_lock_irqsave(&hif_dev->tx.tx_lock, flags);
311         ath9k_skb_queue_purge(hif_dev, &hif_dev->tx.tx_skb_queue);
312         hif_dev->tx.tx_skb_cnt = 0;
313         hif_dev->tx.flags |= HIF_USB_TX_STOP;
314         spin_unlock_irqrestore(&hif_dev->tx.tx_lock, flags);
315 }
316
317 static int hif_usb_send(void *hif_handle, u8 pipe_id, struct sk_buff *skb,
318                         struct ath9k_htc_tx_ctl *tx_ctl)
319 {
320         struct hif_device_usb *hif_dev = (struct hif_device_usb *)hif_handle;
321         int ret = 0;
322
323         switch (pipe_id) {
324         case USB_WLAN_TX_PIPE:
325                 ret = hif_usb_send_tx(hif_dev, skb, tx_ctl);
326                 break;
327         case USB_REG_OUT_PIPE:
328                 ret = hif_usb_send_regout(hif_dev, skb);
329                 break;
330         default:
331                 dev_err(&hif_dev->udev->dev,
332                         "ath9k_htc: Invalid TX pipe: %d\n", pipe_id);
333                 ret = -EINVAL;
334                 break;
335         }
336
337         return ret;
338 }
339
340 static struct ath9k_htc_hif hif_usb = {
341         .transport = ATH9K_HIF_USB,
342         .name = "ath9k_hif_usb",
343
344         .control_ul_pipe = USB_REG_OUT_PIPE,
345         .control_dl_pipe = USB_REG_IN_PIPE,
346
347         .start = hif_usb_start,
348         .stop = hif_usb_stop,
349         .send = hif_usb_send,
350 };
351
352 static void ath9k_hif_usb_rx_stream(struct hif_device_usb *hif_dev,
353                                     struct sk_buff *skb)
354 {
355         struct sk_buff *nskb, *skb_pool[MAX_PKT_NUM_IN_TRANSFER];
356         int index = 0, i = 0, chk_idx, len = skb->len;
357         int rx_remain_len = 0, rx_pkt_len = 0;
358         u16 pkt_len, pkt_tag, pool_index = 0;
359         u8 *ptr;
360
361         spin_lock(&hif_dev->rx_lock);
362
363         rx_remain_len = hif_dev->rx_remain_len;
364         rx_pkt_len = hif_dev->rx_transfer_len;
365
366         if (rx_remain_len != 0) {
367                 struct sk_buff *remain_skb = hif_dev->remain_skb;
368
369                 if (remain_skb) {
370                         ptr = (u8 *) remain_skb->data;
371
372                         index = rx_remain_len;
373                         rx_remain_len -= hif_dev->rx_pad_len;
374                         ptr += rx_pkt_len;
375
376                         memcpy(ptr, skb->data, rx_remain_len);
377
378                         rx_pkt_len += rx_remain_len;
379                         hif_dev->rx_remain_len = 0;
380                         skb_put(remain_skb, rx_pkt_len);
381
382                         skb_pool[pool_index++] = remain_skb;
383
384                 } else {
385                         index = rx_remain_len;
386                 }
387         }
388
389         spin_unlock(&hif_dev->rx_lock);
390
391         while (index < len) {
392                 ptr = (u8 *) skb->data;
393
394                 pkt_len = ptr[index] + (ptr[index+1] << 8);
395                 pkt_tag = ptr[index+2] + (ptr[index+3] << 8);
396
397                 if (pkt_tag == ATH_USB_RX_STREAM_MODE_TAG) {
398                         u16 pad_len;
399
400                         pad_len = 4 - (pkt_len & 0x3);
401                         if (pad_len == 4)
402                                 pad_len = 0;
403
404                         chk_idx = index;
405                         index = index + 4 + pkt_len + pad_len;
406
407                         if (index > MAX_RX_BUF_SIZE) {
408                                 spin_lock(&hif_dev->rx_lock);
409                                 hif_dev->rx_remain_len = index - MAX_RX_BUF_SIZE;
410                                 hif_dev->rx_transfer_len =
411                                         MAX_RX_BUF_SIZE - chk_idx - 4;
412                                 hif_dev->rx_pad_len = pad_len;
413
414                                 nskb = __dev_alloc_skb(pkt_len + 32,
415                                                        GFP_ATOMIC);
416                                 if (!nskb) {
417                                         dev_err(&hif_dev->udev->dev,
418                                         "ath9k_htc: RX memory allocation"
419                                         " error\n");
420                                         spin_unlock(&hif_dev->rx_lock);
421                                         goto err;
422                                 }
423                                 skb_reserve(nskb, 32);
424                                 RX_STAT_INC(skb_allocated);
425
426                                 memcpy(nskb->data, &(skb->data[chk_idx+4]),
427                                        hif_dev->rx_transfer_len);
428
429                                 /* Record the buffer pointer */
430                                 hif_dev->remain_skb = nskb;
431                                 spin_unlock(&hif_dev->rx_lock);
432                         } else {
433                                 nskb = __dev_alloc_skb(pkt_len + 32, GFP_ATOMIC);
434                                 if (!nskb) {
435                                         dev_err(&hif_dev->udev->dev,
436                                         "ath9k_htc: RX memory allocation"
437                                         " error\n");
438                                         goto err;
439                                 }
440                                 skb_reserve(nskb, 32);
441                                 RX_STAT_INC(skb_allocated);
442
443                                 memcpy(nskb->data, &(skb->data[chk_idx+4]), pkt_len);
444                                 skb_put(nskb, pkt_len);
445                                 skb_pool[pool_index++] = nskb;
446                         }
447                 } else {
448                         RX_STAT_INC(skb_dropped);
449                         return;
450                 }
451         }
452
453 err:
454         for (i = 0; i < pool_index; i++) {
455                 ath9k_htc_rx_msg(hif_dev->htc_handle, skb_pool[i],
456                                  skb_pool[i]->len, USB_WLAN_RX_PIPE);
457                 RX_STAT_INC(skb_completed);
458         }
459 }
460
461 static void ath9k_hif_usb_rx_cb(struct urb *urb)
462 {
463         struct sk_buff *skb = (struct sk_buff *) urb->context;
464         struct hif_device_usb *hif_dev = (struct hif_device_usb *)
465                 usb_get_intfdata(usb_ifnum_to_if(urb->dev, 0));
466         int ret;
467
468         if (!skb)
469                 return;
470
471         if (!hif_dev)
472                 goto free;
473
474         switch (urb->status) {
475         case 0:
476                 break;
477         case -ENOENT:
478         case -ECONNRESET:
479         case -ENODEV:
480         case -ESHUTDOWN:
481                 goto free;
482         default:
483                 goto resubmit;
484         }
485
486         if (likely(urb->actual_length != 0)) {
487                 skb_put(skb, urb->actual_length);
488                 ath9k_hif_usb_rx_stream(hif_dev, skb);
489         }
490
491 resubmit:
492         skb_reset_tail_pointer(skb);
493         skb_trim(skb, 0);
494
495         usb_anchor_urb(urb, &hif_dev->rx_submitted);
496         ret = usb_submit_urb(urb, GFP_ATOMIC);
497         if (ret) {
498                 usb_unanchor_urb(urb);
499                 goto free;
500         }
501
502         return;
503 free:
504         kfree_skb(skb);
505 }
506
507 static void ath9k_hif_usb_reg_in_cb(struct urb *urb)
508 {
509         struct sk_buff *skb = (struct sk_buff *) urb->context;
510         struct sk_buff *nskb;
511         struct hif_device_usb *hif_dev = (struct hif_device_usb *)
512                 usb_get_intfdata(usb_ifnum_to_if(urb->dev, 0));
513         int ret;
514
515         if (!skb)
516                 return;
517
518         if (!hif_dev)
519                 goto free;
520
521         switch (urb->status) {
522         case 0:
523                 break;
524         case -ENOENT:
525         case -ECONNRESET:
526         case -ENODEV:
527         case -ESHUTDOWN:
528                 goto free;
529         default:
530                 goto resubmit;
531         }
532
533         if (likely(urb->actual_length != 0)) {
534                 skb_put(skb, urb->actual_length);
535
536                 /* Process the command first */
537                 ath9k_htc_rx_msg(hif_dev->htc_handle, skb,
538                                  skb->len, USB_REG_IN_PIPE);
539
540
541                 nskb = alloc_skb(MAX_REG_IN_BUF_SIZE, GFP_ATOMIC);
542                 if (!nskb) {
543                         dev_err(&hif_dev->udev->dev,
544                                 "ath9k_htc: REG_IN memory allocation failure\n");
545                         urb->context = NULL;
546                         return;
547                 }
548
549                 usb_fill_bulk_urb(urb, hif_dev->udev,
550                                  usb_rcvbulkpipe(hif_dev->udev,
551                                                  USB_REG_IN_PIPE),
552                                  nskb->data, MAX_REG_IN_BUF_SIZE,
553                                  ath9k_hif_usb_reg_in_cb, nskb);
554
555                 ret = usb_submit_urb(urb, GFP_ATOMIC);
556                 if (ret) {
557                         kfree_skb(nskb);
558                         urb->context = NULL;
559                 }
560
561                 return;
562         }
563
564 resubmit:
565         skb_reset_tail_pointer(skb);
566         skb_trim(skb, 0);
567
568         ret = usb_submit_urb(urb, GFP_ATOMIC);
569         if (ret)
570                 goto free;
571
572         return;
573 free:
574         kfree_skb(skb);
575         urb->context = NULL;
576 }
577
578 static void ath9k_hif_usb_dealloc_tx_urbs(struct hif_device_usb *hif_dev)
579 {
580         struct tx_buf *tx_buf = NULL, *tx_buf_tmp = NULL;
581
582         list_for_each_entry_safe(tx_buf, tx_buf_tmp,
583                                  &hif_dev->tx.tx_buf, list) {
584                 usb_kill_urb(tx_buf->urb);
585                 list_del(&tx_buf->list);
586                 usb_free_urb(tx_buf->urb);
587                 kfree(tx_buf->buf);
588                 kfree(tx_buf);
589         }
590
591         list_for_each_entry_safe(tx_buf, tx_buf_tmp,
592                                  &hif_dev->tx.tx_pending, list) {
593                 usb_kill_urb(tx_buf->urb);
594                 list_del(&tx_buf->list);
595                 usb_free_urb(tx_buf->urb);
596                 kfree(tx_buf->buf);
597                 kfree(tx_buf);
598         }
599 }
600
601 static int ath9k_hif_usb_alloc_tx_urbs(struct hif_device_usb *hif_dev)
602 {
603         struct tx_buf *tx_buf;
604         int i;
605
606         INIT_LIST_HEAD(&hif_dev->tx.tx_buf);
607         INIT_LIST_HEAD(&hif_dev->tx.tx_pending);
608         spin_lock_init(&hif_dev->tx.tx_lock);
609         __skb_queue_head_init(&hif_dev->tx.tx_skb_queue);
610
611         for (i = 0; i < MAX_TX_URB_NUM; i++) {
612                 tx_buf = kzalloc(sizeof(struct tx_buf), GFP_KERNEL);
613                 if (!tx_buf)
614                         goto err;
615
616                 tx_buf->buf = kzalloc(MAX_TX_BUF_SIZE, GFP_KERNEL);
617                 if (!tx_buf->buf)
618                         goto err;
619
620                 tx_buf->urb = usb_alloc_urb(0, GFP_KERNEL);
621                 if (!tx_buf->urb)
622                         goto err;
623
624                 tx_buf->hif_dev = hif_dev;
625                 __skb_queue_head_init(&tx_buf->skb_queue);
626
627                 list_add_tail(&tx_buf->list, &hif_dev->tx.tx_buf);
628         }
629
630         hif_dev->tx.tx_buf_cnt = MAX_TX_URB_NUM;
631
632         return 0;
633 err:
634         if (tx_buf) {
635                 kfree(tx_buf->buf);
636                 kfree(tx_buf);
637         }
638         ath9k_hif_usb_dealloc_tx_urbs(hif_dev);
639         return -ENOMEM;
640 }
641
642 static void ath9k_hif_usb_dealloc_rx_urbs(struct hif_device_usb *hif_dev)
643 {
644         usb_kill_anchored_urbs(&hif_dev->rx_submitted);
645 }
646
647 static int ath9k_hif_usb_alloc_rx_urbs(struct hif_device_usb *hif_dev)
648 {
649         struct urb *urb = NULL;
650         struct sk_buff *skb = NULL;
651         int i, ret;
652
653         init_usb_anchor(&hif_dev->rx_submitted);
654         spin_lock_init(&hif_dev->rx_lock);
655
656         for (i = 0; i < MAX_RX_URB_NUM; i++) {
657
658                 /* Allocate URB */
659                 urb = usb_alloc_urb(0, GFP_KERNEL);
660                 if (urb == NULL) {
661                         ret = -ENOMEM;
662                         goto err_urb;
663                 }
664
665                 /* Allocate buffer */
666                 skb = alloc_skb(MAX_RX_BUF_SIZE, GFP_KERNEL);
667                 if (!skb) {
668                         ret = -ENOMEM;
669                         goto err_skb;
670                 }
671
672                 usb_fill_bulk_urb(urb, hif_dev->udev,
673                                   usb_rcvbulkpipe(hif_dev->udev,
674                                                   USB_WLAN_RX_PIPE),
675                                   skb->data, MAX_RX_BUF_SIZE,
676                                   ath9k_hif_usb_rx_cb, skb);
677
678                 /* Anchor URB */
679                 usb_anchor_urb(urb, &hif_dev->rx_submitted);
680
681                 /* Submit URB */
682                 ret = usb_submit_urb(urb, GFP_KERNEL);
683                 if (ret) {
684                         usb_unanchor_urb(urb);
685                         goto err_submit;
686                 }
687
688                 /*
689                  * Drop reference count.
690                  * This ensures that the URB is freed when killing them.
691                  */
692                 usb_free_urb(urb);
693         }
694
695         return 0;
696
697 err_submit:
698         kfree_skb(skb);
699 err_skb:
700         usb_free_urb(urb);
701 err_urb:
702         ath9k_hif_usb_dealloc_rx_urbs(hif_dev);
703         return ret;
704 }
705
706 static void ath9k_hif_usb_dealloc_reg_in_urb(struct hif_device_usb *hif_dev)
707 {
708         if (hif_dev->reg_in_urb) {
709                 usb_kill_urb(hif_dev->reg_in_urb);
710                 if (hif_dev->reg_in_urb->context)
711                         kfree_skb((void *)hif_dev->reg_in_urb->context);
712                 usb_free_urb(hif_dev->reg_in_urb);
713                 hif_dev->reg_in_urb = NULL;
714         }
715 }
716
717 static int ath9k_hif_usb_alloc_reg_in_urb(struct hif_device_usb *hif_dev)
718 {
719         struct sk_buff *skb;
720
721         hif_dev->reg_in_urb = usb_alloc_urb(0, GFP_KERNEL);
722         if (hif_dev->reg_in_urb == NULL)
723                 return -ENOMEM;
724
725         skb = alloc_skb(MAX_REG_IN_BUF_SIZE, GFP_KERNEL);
726         if (!skb)
727                 goto err;
728
729         usb_fill_bulk_urb(hif_dev->reg_in_urb, hif_dev->udev,
730                          usb_rcvbulkpipe(hif_dev->udev,
731                                          USB_REG_IN_PIPE),
732                          skb->data, MAX_REG_IN_BUF_SIZE,
733                          ath9k_hif_usb_reg_in_cb, skb);
734
735         if (usb_submit_urb(hif_dev->reg_in_urb, GFP_KERNEL) != 0)
736                 goto err;
737
738         return 0;
739
740 err:
741         ath9k_hif_usb_dealloc_reg_in_urb(hif_dev);
742         return -ENOMEM;
743 }
744
745 static int ath9k_hif_usb_alloc_urbs(struct hif_device_usb *hif_dev)
746 {
747         /* Register Write */
748         init_usb_anchor(&hif_dev->regout_submitted);
749
750         /* TX */
751         if (ath9k_hif_usb_alloc_tx_urbs(hif_dev) < 0)
752                 goto err;
753
754         /* RX */
755         if (ath9k_hif_usb_alloc_rx_urbs(hif_dev) < 0)
756                 goto err_rx;
757
758         /* Register Read */
759         if (ath9k_hif_usb_alloc_reg_in_urb(hif_dev) < 0)
760                 goto err_reg;
761
762         return 0;
763 err_reg:
764         ath9k_hif_usb_dealloc_rx_urbs(hif_dev);
765 err_rx:
766         ath9k_hif_usb_dealloc_tx_urbs(hif_dev);
767 err:
768         return -ENOMEM;
769 }
770
771 static void ath9k_hif_usb_dealloc_urbs(struct hif_device_usb *hif_dev)
772 {
773         usb_kill_anchored_urbs(&hif_dev->regout_submitted);
774         ath9k_hif_usb_dealloc_reg_in_urb(hif_dev);
775         ath9k_hif_usb_dealloc_tx_urbs(hif_dev);
776         ath9k_hif_usb_dealloc_rx_urbs(hif_dev);
777 }
778
779 static int ath9k_hif_usb_download_fw(struct hif_device_usb *hif_dev)
780 {
781         int transfer, err;
782         const void *data = hif_dev->firmware->data;
783         size_t len = hif_dev->firmware->size;
784         u32 addr = AR9271_FIRMWARE;
785         u8 *buf = kzalloc(4096, GFP_KERNEL);
786         u32 firm_offset;
787
788         if (!buf)
789                 return -ENOMEM;
790
791         while (len) {
792                 transfer = min_t(int, len, 4096);
793                 memcpy(buf, data, transfer);
794
795                 err = usb_control_msg(hif_dev->udev,
796                                       usb_sndctrlpipe(hif_dev->udev, 0),
797                                       FIRMWARE_DOWNLOAD, 0x40 | USB_DIR_OUT,
798                                       addr >> 8, 0, buf, transfer, HZ);
799                 if (err < 0) {
800                         kfree(buf);
801                         return err;
802                 }
803
804                 len -= transfer;
805                 data += transfer;
806                 addr += transfer;
807         }
808         kfree(buf);
809
810         switch (hif_dev->device_id) {
811         case 0x7010:
812         case 0x7015:
813         case 0x9018:
814         case 0xA704:
815         case 0x1200:
816                 firm_offset = AR7010_FIRMWARE_TEXT;
817                 break;
818         default:
819                 firm_offset = AR9271_FIRMWARE_TEXT;
820                 break;
821         }
822
823         /*
824          * Issue FW download complete command to firmware.
825          */
826         err = usb_control_msg(hif_dev->udev, usb_sndctrlpipe(hif_dev->udev, 0),
827                               FIRMWARE_DOWNLOAD_COMP,
828                               0x40 | USB_DIR_OUT,
829                               firm_offset >> 8, 0, NULL, 0, HZ);
830         if (err)
831                 return -EIO;
832
833         dev_info(&hif_dev->udev->dev, "ath9k_htc: Transferred FW: %s, size: %ld\n",
834                  hif_dev->fw_name, (unsigned long) hif_dev->firmware->size);
835
836         return 0;
837 }
838
839 static int ath9k_hif_usb_dev_init(struct hif_device_usb *hif_dev)
840 {
841         int ret, idx;
842         struct usb_host_interface *alt = &hif_dev->interface->altsetting[0];
843         struct usb_endpoint_descriptor *endp;
844
845         /* Request firmware */
846         ret = request_firmware(&hif_dev->firmware, hif_dev->fw_name,
847                                &hif_dev->udev->dev);
848         if (ret) {
849                 dev_err(&hif_dev->udev->dev,
850                         "ath9k_htc: Firmware - %s not found\n", hif_dev->fw_name);
851                 goto err_fw_req;
852         }
853
854         /* Download firmware */
855         ret = ath9k_hif_usb_download_fw(hif_dev);
856         if (ret) {
857                 dev_err(&hif_dev->udev->dev,
858                         "ath9k_htc: Firmware - %s download failed\n",
859                         hif_dev->fw_name);
860                 goto err_fw_download;
861         }
862
863         /* On downloading the firmware to the target, the USB descriptor of EP4
864          * is 'patched' to change the type of the endpoint to Bulk. This will
865          * bring down CPU usage during the scan period.
866          */
867         for (idx = 0; idx < alt->desc.bNumEndpoints; idx++) {
868                 endp = &alt->endpoint[idx].desc;
869                 if ((endp->bmAttributes & USB_ENDPOINT_XFERTYPE_MASK)
870                                 == USB_ENDPOINT_XFER_INT) {
871                         endp->bmAttributes &= ~USB_ENDPOINT_XFERTYPE_MASK;
872                         endp->bmAttributes |= USB_ENDPOINT_XFER_BULK;
873                         endp->bInterval = 0;
874                 }
875         }
876
877         /* Alloc URBs */
878         ret = ath9k_hif_usb_alloc_urbs(hif_dev);
879         if (ret) {
880                 dev_err(&hif_dev->udev->dev,
881                         "ath9k_htc: Unable to allocate URBs\n");
882                 goto err_urb;
883         }
884
885         return 0;
886
887 err_fw_download:
888         ath9k_hif_usb_dealloc_urbs(hif_dev);
889 err_urb:
890         release_firmware(hif_dev->firmware);
891 err_fw_req:
892         hif_dev->firmware = NULL;
893         return ret;
894 }
895
896 static void ath9k_hif_usb_dev_deinit(struct hif_device_usb *hif_dev)
897 {
898         ath9k_hif_usb_dealloc_urbs(hif_dev);
899         if (hif_dev->firmware)
900                 release_firmware(hif_dev->firmware);
901 }
902
903 static int ath9k_hif_usb_probe(struct usb_interface *interface,
904                                const struct usb_device_id *id)
905 {
906         struct usb_device *udev = interface_to_usbdev(interface);
907         struct hif_device_usb *hif_dev;
908         int ret = 0;
909
910         hif_dev = kzalloc(sizeof(struct hif_device_usb), GFP_KERNEL);
911         if (!hif_dev) {
912                 ret = -ENOMEM;
913                 goto err_alloc;
914         }
915
916         usb_get_dev(udev);
917         hif_dev->udev = udev;
918         hif_dev->interface = interface;
919         hif_dev->device_id = id->idProduct;
920 #ifdef CONFIG_PM
921         udev->reset_resume = 1;
922 #endif
923         usb_set_intfdata(interface, hif_dev);
924
925         hif_dev->htc_handle = ath9k_htc_hw_alloc(hif_dev, &hif_usb,
926                                                  &hif_dev->udev->dev);
927         if (hif_dev->htc_handle == NULL) {
928                 ret = -ENOMEM;
929                 goto err_htc_hw_alloc;
930         }
931
932         /* Find out which firmware to load */
933
934         switch(hif_dev->device_id) {
935         case 0x7010:
936         case 0x7015:
937         case 0x9018:
938         case 0xA704:
939         case 0x1200:
940                 if (le16_to_cpu(udev->descriptor.bcdDevice) == 0x0202)
941                         hif_dev->fw_name = FIRMWARE_AR7010_1_1;
942                 else
943                         hif_dev->fw_name = FIRMWARE_AR7010;
944                 break;
945         default:
946                 hif_dev->fw_name = FIRMWARE_AR9271;
947                 break;
948         }
949
950         ret = ath9k_hif_usb_dev_init(hif_dev);
951         if (ret) {
952                 ret = -EINVAL;
953                 goto err_hif_init_usb;
954         }
955
956         ret = ath9k_htc_hw_init(hif_dev->htc_handle,
957                                 &hif_dev->udev->dev, hif_dev->device_id,
958                                 hif_dev->udev->product);
959         if (ret) {
960                 ret = -EINVAL;
961                 goto err_htc_hw_init;
962         }
963
964         dev_info(&hif_dev->udev->dev, "ath9k_htc: USB layer initialized\n");
965
966         return 0;
967
968 err_htc_hw_init:
969         ath9k_hif_usb_dev_deinit(hif_dev);
970 err_hif_init_usb:
971         ath9k_htc_hw_free(hif_dev->htc_handle);
972 err_htc_hw_alloc:
973         usb_set_intfdata(interface, NULL);
974         kfree(hif_dev);
975         usb_put_dev(udev);
976 err_alloc:
977         return ret;
978 }
979
980 static void ath9k_hif_usb_reboot(struct usb_device *udev)
981 {
982         u32 reboot_cmd = 0xffffffff;
983         void *buf;
984         int ret;
985
986         buf = kmemdup(&reboot_cmd, 4, GFP_KERNEL);
987         if (!buf)
988                 return;
989
990         ret = usb_bulk_msg(udev, usb_sndbulkpipe(udev, USB_REG_OUT_PIPE),
991                            buf, 4, NULL, HZ);
992         if (ret)
993                 dev_err(&udev->dev, "ath9k_htc: USB reboot failed\n");
994
995         kfree(buf);
996 }
997
998 static void ath9k_hif_usb_disconnect(struct usb_interface *interface)
999 {
1000         struct usb_device *udev = interface_to_usbdev(interface);
1001         struct hif_device_usb *hif_dev =
1002                 (struct hif_device_usb *) usb_get_intfdata(interface);
1003
1004         if (hif_dev) {
1005                 ath9k_htc_hw_deinit(hif_dev->htc_handle,
1006                     (udev->state == USB_STATE_NOTATTACHED) ? true : false);
1007                 ath9k_htc_hw_free(hif_dev->htc_handle);
1008                 ath9k_hif_usb_dev_deinit(hif_dev);
1009                 usb_set_intfdata(interface, NULL);
1010         }
1011
1012         if (hif_dev->flags & HIF_USB_START)
1013                 ath9k_hif_usb_reboot(udev);
1014
1015         kfree(hif_dev);
1016         dev_info(&udev->dev, "ath9k_htc: USB layer deinitialized\n");
1017         usb_put_dev(udev);
1018 }
1019
1020 #ifdef CONFIG_PM
1021 static int ath9k_hif_usb_suspend(struct usb_interface *interface,
1022                                  pm_message_t message)
1023 {
1024         struct hif_device_usb *hif_dev =
1025                 (struct hif_device_usb *) usb_get_intfdata(interface);
1026
1027         /*
1028          * The device has to be set to FULLSLEEP mode in case no
1029          * interface is up.
1030          */
1031         if (!(hif_dev->flags & HIF_USB_START))
1032                 ath9k_htc_suspend(hif_dev->htc_handle);
1033
1034         ath9k_hif_usb_dealloc_urbs(hif_dev);
1035
1036         return 0;
1037 }
1038
1039 static int ath9k_hif_usb_resume(struct usb_interface *interface)
1040 {
1041         struct hif_device_usb *hif_dev =
1042                 (struct hif_device_usb *) usb_get_intfdata(interface);
1043         int ret;
1044
1045         ret = ath9k_hif_usb_alloc_urbs(hif_dev);
1046         if (ret)
1047                 return ret;
1048
1049         if (hif_dev->firmware) {
1050                 ret = ath9k_hif_usb_download_fw(hif_dev);
1051                 if (ret)
1052                         goto fail_resume;
1053         } else {
1054                 ath9k_hif_usb_dealloc_urbs(hif_dev);
1055                 return -EIO;
1056         }
1057
1058         mdelay(100);
1059
1060         ret = ath9k_htc_resume(hif_dev->htc_handle);
1061
1062         if (ret)
1063                 goto fail_resume;
1064
1065         return 0;
1066
1067 fail_resume:
1068         ath9k_hif_usb_dealloc_urbs(hif_dev);
1069
1070         return ret;
1071 }
1072 #endif
1073
1074 static struct usb_driver ath9k_hif_usb_driver = {
1075         .name = "ath9k_hif_usb",
1076         .probe = ath9k_hif_usb_probe,
1077         .disconnect = ath9k_hif_usb_disconnect,
1078 #ifdef CONFIG_PM
1079         .suspend = ath9k_hif_usb_suspend,
1080         .resume = ath9k_hif_usb_resume,
1081         .reset_resume = ath9k_hif_usb_resume,
1082 #endif
1083         .id_table = ath9k_hif_usb_ids,
1084         .soft_unbind = 1,
1085 };
1086
1087 int ath9k_hif_usb_init(void)
1088 {
1089         return usb_register(&ath9k_hif_usb_driver);
1090 }
1091
1092 void ath9k_hif_usb_exit(void)
1093 {
1094         usb_deregister(&ath9k_hif_usb_driver);
1095 }