Error Trace

1 /* 2 * Copyright (c) 2010-2011 Atheros Communications Inc. 3 * 4 * Permission to use, copy, modify, and/or distribute this software for any 5 * purpose with or without fee is hereby granted, provided that the above 6 * copyright notice and this permission notice appear in all copies. 7 * 8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 */ 16 17 #include <asm/unaligned.h> 18 #include "htc.h" 19 20 MODULE_FIRMWARE(HTC_7010_MODULE_FW); 21 MODULE_FIRMWARE(HTC_9271_MODULE_FW); 22 23 static struct usb_device_id ath9k_hif_usb_ids[] = { 24 { USB_DEVICE(0x0cf3, 0x9271) }, /* Atheros */ 25 { USB_DEVICE(0x0cf3, 0x1006) }, /* Atheros */ 26 { USB_DEVICE(0x0846, 0x9030) }, /* Netgear N150 */ 27 { USB_DEVICE(0x07D1, 0x3A10) }, /* Dlink Wireless 150 */ 28 { USB_DEVICE(0x13D3, 0x3327) }, /* Azurewave */ 29 { USB_DEVICE(0x13D3, 0x3328) }, /* Azurewave */ 30 { USB_DEVICE(0x13D3, 0x3346) }, /* IMC Networks */ 31 { USB_DEVICE(0x13D3, 0x3348) }, /* Azurewave */ 32 { USB_DEVICE(0x13D3, 0x3349) }, /* Azurewave */ 33 { USB_DEVICE(0x13D3, 0x3350) }, /* Azurewave */ 34 { USB_DEVICE(0x04CA, 0x4605) }, /* Liteon */ 35 { USB_DEVICE(0x040D, 0x3801) }, /* VIA */ 36 { USB_DEVICE(0x0cf3, 0xb003) }, /* Ubiquiti WifiStation Ext */ 37 { USB_DEVICE(0x0cf3, 0xb002) }, /* Ubiquiti WifiStation */ 38 { USB_DEVICE(0x057c, 0x8403) }, /* AVM FRITZ!WLAN 11N v2 USB */ 39 { USB_DEVICE(0x0471, 0x209e) }, /* Philips (or NXP) PTA01 */ 40 41 { USB_DEVICE(0x0cf3, 0x7015), 42 .driver_info = AR9287_USB }, /* Atheros */ 43 { USB_DEVICE(0x1668, 0x1200), 44 .driver_info = AR9287_USB }, /* Verizon */ 45 46 { USB_DEVICE(0x0cf3, 0x7010), 47 .driver_info = AR9280_USB }, /* Atheros */ 48 { USB_DEVICE(0x0846, 0x9018), 49 .driver_info = AR9280_USB }, /* Netgear WNDA3200 */ 50 { USB_DEVICE(0x083A, 0xA704), 51 .driver_info = AR9280_USB }, /* SMC Networks */ 52 { USB_DEVICE(0x0411, 0x017f), 53 .driver_info = AR9280_USB }, /* Sony UWA-BR100 */ 54 { USB_DEVICE(0x0411, 0x0197), 55 .driver_info = AR9280_USB }, /* Buffalo WLI-UV-AG300P */ 56 { USB_DEVICE(0x04da, 0x3904), 57 .driver_info = AR9280_USB }, 58 59 { USB_DEVICE(0x0cf3, 0x20ff), 60 .driver_info = STORAGE_DEVICE }, 61 62 { }, 63 }; 64 65 MODULE_DEVICE_TABLE(usb, ath9k_hif_usb_ids); 66 67 static int __hif_usb_tx(struct hif_device_usb *hif_dev); 68 69 static void hif_usb_regout_cb(struct urb *urb) 70 { 71 struct cmd_buf *cmd = (struct cmd_buf *)urb->context; 72 73 switch (urb->status) { 74 case 0: 75 break; 76 case -ENOENT: 77 case -ECONNRESET: 78 case -ENODEV: 79 case -ESHUTDOWN: 80 goto free; 81 default: 82 break; 83 } 84 85 if (cmd) { 86 ath9k_htc_txcompletion_cb(cmd->hif_dev->htc_handle, 87 cmd->skb, true); 88 kfree(cmd); 89 } 90 91 return; 92 free: 93 kfree_skb(cmd->skb); 94 kfree(cmd); 95 } 96 97 static int hif_usb_send_regout(struct hif_device_usb *hif_dev, 98 struct sk_buff *skb) 99 { 100 struct urb *urb; 101 struct cmd_buf *cmd; 102 int ret = 0; 103 104 urb = usb_alloc_urb(0, GFP_KERNEL); 105 if (urb == NULL) 106 return -ENOMEM; 107 108 cmd = kzalloc(sizeof(*cmd), GFP_KERNEL); 109 if (cmd == NULL) { 110 usb_free_urb(urb); 111 return -ENOMEM; 112 } 113 114 cmd->skb = skb; 115 cmd->hif_dev = hif_dev; 116 117 usb_fill_int_urb(urb, hif_dev->udev, 118 usb_sndintpipe(hif_dev->udev, USB_REG_OUT_PIPE), 119 skb->data, skb->len, 120 hif_usb_regout_cb, cmd, 1); 121 122 usb_anchor_urb(urb, &hif_dev->regout_submitted); 123 ret = usb_submit_urb(urb, GFP_KERNEL); 124 if (ret) { 125 usb_unanchor_urb(urb); 126 kfree(cmd); 127 } 128 usb_free_urb(urb); 129 130 return ret; 131 } 132 133 static void hif_usb_mgmt_cb(struct urb *urb) 134 { 135 struct cmd_buf *cmd = (struct cmd_buf *)urb->context; 136 struct hif_device_usb *hif_dev; 137 bool txok = true; 138 139 if (!cmd || !cmd->skb || !cmd->hif_dev) 140 return; 141 142 hif_dev = cmd->hif_dev; 143 144 switch (urb->status) { 145 case 0: 146 break; 147 case -ENOENT: 148 case -ECONNRESET: 149 case -ENODEV: 150 case -ESHUTDOWN: 151 txok = false; 152 153 /* 154 * If the URBs are being flushed, no need to complete 155 * this packet. 156 */ 157 spin_lock(&hif_dev->tx.tx_lock); 158 if (hif_dev->tx.flags & HIF_USB_TX_FLUSH) { 159 spin_unlock(&hif_dev->tx.tx_lock); 160 dev_kfree_skb_any(cmd->skb); 161 kfree(cmd); 162 return; 163 } 164 spin_unlock(&hif_dev->tx.tx_lock); 165 166 break; 167 default: 168 txok = false; 169 break; 170 } 171 172 skb_pull(cmd->skb, 4); 173 ath9k_htc_txcompletion_cb(cmd->hif_dev->htc_handle, 174 cmd->skb, txok); 175 kfree(cmd); 176 } 177 178 static int hif_usb_send_mgmt(struct hif_device_usb *hif_dev, 179 struct sk_buff *skb) 180 { 181 struct urb *urb; 182 struct cmd_buf *cmd; 183 int ret = 0; 184 __le16 *hdr; 185 186 urb = usb_alloc_urb(0, GFP_ATOMIC); 187 if (urb == NULL) 188 return -ENOMEM; 189 190 cmd = kzalloc(sizeof(*cmd), GFP_ATOMIC); 191 if (cmd == NULL) { 192 usb_free_urb(urb); 193 return -ENOMEM; 194 } 195 196 cmd->skb = skb; 197 cmd->hif_dev = hif_dev; 198 199 hdr = (__le16 *) skb_push(skb, 4); 200 *hdr++ = cpu_to_le16(skb->len - 4); 201 *hdr++ = cpu_to_le16(ATH_USB_TX_STREAM_MODE_TAG); 202 203 usb_fill_bulk_urb(urb, hif_dev->udev, 204 usb_sndbulkpipe(hif_dev->udev, USB_WLAN_TX_PIPE), 205 skb->data, skb->len, 206 hif_usb_mgmt_cb, cmd); 207 208 usb_anchor_urb(urb, &hif_dev->mgmt_submitted); 209 ret = usb_submit_urb(urb, GFP_ATOMIC); 210 if (ret) { 211 usb_unanchor_urb(urb); 212 kfree(cmd); 213 } 214 usb_free_urb(urb); 215 216 return ret; 217 } 218 219 static inline void ath9k_skb_queue_purge(struct hif_device_usb *hif_dev, 220 struct sk_buff_head *list) 221 { 222 struct sk_buff *skb; 223 224 while ((skb = __skb_dequeue(list)) != NULL) { 225 dev_kfree_skb_any(skb); 226 } 227 } 228 229 static inline void ath9k_skb_queue_complete(struct hif_device_usb *hif_dev, 230 struct sk_buff_head *queue, 231 bool txok) 232 { 233 struct sk_buff *skb; 234 235 while ((skb = __skb_dequeue(queue)) != NULL) { 236 #ifdef CONFIG_ATH9K_HTC_DEBUGFS 237 int ln = skb->len; 238 #endif 239 ath9k_htc_txcompletion_cb(hif_dev->htc_handle, 240 skb, txok); 241 if (txok) { 242 TX_STAT_INC(skb_success); 243 TX_STAT_ADD(skb_success_bytes, ln); 244 } 245 else 246 TX_STAT_INC(skb_failed); 247 } 248 } 249 250 static void hif_usb_tx_cb(struct urb *urb) 251 { 252 struct tx_buf *tx_buf = (struct tx_buf *) urb->context; 253 struct hif_device_usb *hif_dev; 254 bool txok = true; 255 256 if (!tx_buf || !tx_buf->hif_dev) 257 return; 258 259 hif_dev = tx_buf->hif_dev; 260 261 switch (urb->status) { 262 case 0: 263 break; 264 case -ENOENT: 265 case -ECONNRESET: 266 case -ENODEV: 267 case -ESHUTDOWN: 268 txok = false; 269 270 /* 271 * If the URBs are being flushed, no need to add this 272 * URB to the free list. 273 */ 274 spin_lock(&hif_dev->tx.tx_lock); 275 if (hif_dev->tx.flags & HIF_USB_TX_FLUSH) { 276 spin_unlock(&hif_dev->tx.tx_lock); 277 ath9k_skb_queue_purge(hif_dev, &tx_buf->skb_queue); 278 return; 279 } 280 spin_unlock(&hif_dev->tx.tx_lock); 281 282 break; 283 default: 284 txok = false; 285 break; 286 } 287 288 ath9k_skb_queue_complete(hif_dev, &tx_buf->skb_queue, txok); 289 290 /* Re-initialize the SKB queue */ 291 tx_buf->len = tx_buf->offset = 0; 292 __skb_queue_head_init(&tx_buf->skb_queue); 293 294 /* Add this TX buffer to the free list */ 295 spin_lock(&hif_dev->tx.tx_lock); 296 list_move_tail(&tx_buf->list, &hif_dev->tx.tx_buf); 297 hif_dev->tx.tx_buf_cnt++; 298 if (!(hif_dev->tx.flags & HIF_USB_TX_STOP)) 299 __hif_usb_tx(hif_dev); /* Check for pending SKBs */ 300 TX_STAT_INC(buf_completed); 301 spin_unlock(&hif_dev->tx.tx_lock); 302 } 303 304 /* TX lock has to be taken */ 305 static int __hif_usb_tx(struct hif_device_usb *hif_dev) 306 { 307 struct tx_buf *tx_buf = NULL; 308 struct sk_buff *nskb = NULL; 309 int ret = 0, i; 310 u16 tx_skb_cnt = 0; 311 u8 *buf; 312 __le16 *hdr; 313 314 if (hif_dev->tx.tx_skb_cnt == 0) 315 return 0; 316 317 /* Check if a free TX buffer is available */ 318 if (list_empty(&hif_dev->tx.tx_buf)) 319 return 0; 320 321 tx_buf = list_first_entry(&hif_dev->tx.tx_buf, struct tx_buf, list); 322 list_move_tail(&tx_buf->list, &hif_dev->tx.tx_pending); 323 hif_dev->tx.tx_buf_cnt--; 324 325 tx_skb_cnt = min_t(u16, hif_dev->tx.tx_skb_cnt, MAX_TX_AGGR_NUM); 326 327 for (i = 0; i < tx_skb_cnt; i++) { 328 nskb = __skb_dequeue(&hif_dev->tx.tx_skb_queue); 329 330 /* Should never be NULL */ 331 BUG_ON(!nskb); 332 333 hif_dev->tx.tx_skb_cnt--; 334 335 buf = tx_buf->buf; 336 buf += tx_buf->offset; 337 hdr = (__le16 *)buf; 338 *hdr++ = cpu_to_le16(nskb->len); 339 *hdr++ = cpu_to_le16(ATH_USB_TX_STREAM_MODE_TAG); 340 buf += 4; 341 memcpy(buf, nskb->data, nskb->len); 342 tx_buf->len = nskb->len + 4; 343 344 if (i < (tx_skb_cnt - 1)) 345 tx_buf->offset += (((tx_buf->len - 1) / 4) + 1) * 4; 346 347 if (i == (tx_skb_cnt - 1)) 348 tx_buf->len += tx_buf->offset; 349 350 __skb_queue_tail(&tx_buf->skb_queue, nskb); 351 TX_STAT_INC(skb_queued); 352 } 353 354 usb_fill_bulk_urb(tx_buf->urb, hif_dev->udev, 355 usb_sndbulkpipe(hif_dev->udev, USB_WLAN_TX_PIPE), 356 tx_buf->buf, tx_buf->len, 357 hif_usb_tx_cb, tx_buf); 358 359 ret = usb_submit_urb(tx_buf->urb, GFP_ATOMIC); 360 if (ret) { 361 tx_buf->len = tx_buf->offset = 0; 362 ath9k_skb_queue_complete(hif_dev, &tx_buf->skb_queue, false); 363 __skb_queue_head_init(&tx_buf->skb_queue); 364 list_move_tail(&tx_buf->list, &hif_dev->tx.tx_buf); 365 hif_dev->tx.tx_buf_cnt++; 366 } 367 368 if (!ret) 369 TX_STAT_INC(buf_queued); 370 371 return ret; 372 } 373 374 static int hif_usb_send_tx(struct hif_device_usb *hif_dev, struct sk_buff *skb) 375 { 376 struct ath9k_htc_tx_ctl *tx_ctl; 377 unsigned long flags; 378 int ret = 0; 379 380 spin_lock_irqsave(&hif_dev->tx.tx_lock, flags); 381 382 if (hif_dev->tx.flags & HIF_USB_TX_STOP) { 383 spin_unlock_irqrestore(&hif_dev->tx.tx_lock, flags); 384 return -ENODEV; 385 } 386 387 /* Check if the max queue count has been reached */ 388 if (hif_dev->tx.tx_skb_cnt > MAX_TX_BUF_NUM) { 389 spin_unlock_irqrestore(&hif_dev->tx.tx_lock, flags); 390 return -ENOMEM; 391 } 392 393 spin_unlock_irqrestore(&hif_dev->tx.tx_lock, flags); 394 395 tx_ctl = HTC_SKB_CB(skb); 396 397 /* Mgmt/Beacon frames don't use the TX buffer pool */ 398 if ((tx_ctl->type == ATH9K_HTC_MGMT) || 399 (tx_ctl->type == ATH9K_HTC_BEACON)) { 400 ret = hif_usb_send_mgmt(hif_dev, skb); 401 } 402 403 spin_lock_irqsave(&hif_dev->tx.tx_lock, flags); 404 405 if ((tx_ctl->type == ATH9K_HTC_NORMAL) || 406 (tx_ctl->type == ATH9K_HTC_AMPDU)) { 407 __skb_queue_tail(&hif_dev->tx.tx_skb_queue, skb); 408 hif_dev->tx.tx_skb_cnt++; 409 } 410 411 /* Check if AMPDUs have to be sent immediately */ 412 if ((hif_dev->tx.tx_buf_cnt == MAX_TX_URB_NUM) && 413 (hif_dev->tx.tx_skb_cnt < 2)) { 414 __hif_usb_tx(hif_dev); 415 } 416 417 spin_unlock_irqrestore(&hif_dev->tx.tx_lock, flags); 418 419 return ret; 420 } 421 422 static void hif_usb_start(void *hif_handle) 423 { 424 struct hif_device_usb *hif_dev = (struct hif_device_usb *)hif_handle; 425 unsigned long flags; 426 427 hif_dev->flags |= HIF_USB_START; 428 429 spin_lock_irqsave(&hif_dev->tx.tx_lock, flags); 430 hif_dev->tx.flags &= ~HIF_USB_TX_STOP; 431 spin_unlock_irqrestore(&hif_dev->tx.tx_lock, flags); 432 } 433 434 static void hif_usb_stop(void *hif_handle) 435 { 436 struct hif_device_usb *hif_dev = (struct hif_device_usb *)hif_handle; 437 struct tx_buf *tx_buf = NULL, *tx_buf_tmp = NULL; 438 unsigned long flags; 439 440 spin_lock_irqsave(&hif_dev->tx.tx_lock, flags); 441 ath9k_skb_queue_complete(hif_dev, &hif_dev->tx.tx_skb_queue, false); 442 hif_dev->tx.tx_skb_cnt = 0; 443 hif_dev->tx.flags |= HIF_USB_TX_STOP; 444 spin_unlock_irqrestore(&hif_dev->tx.tx_lock, flags); 445 446 /* The pending URBs have to be canceled. */ 447 list_for_each_entry_safe(tx_buf, tx_buf_tmp, 448 &hif_dev->tx.tx_pending, list) { 449 usb_kill_urb(tx_buf->urb); 450 } 451 452 usb_kill_anchored_urbs(&hif_dev->mgmt_submitted); 453 } 454 455 static int hif_usb_send(void *hif_handle, u8 pipe_id, struct sk_buff *skb) 456 { 457 struct hif_device_usb *hif_dev = (struct hif_device_usb *)hif_handle; 458 int ret = 0; 459 460 switch (pipe_id) { 461 case USB_WLAN_TX_PIPE: 462 ret = hif_usb_send_tx(hif_dev, skb); 463 break; 464 case USB_REG_OUT_PIPE: 465 ret = hif_usb_send_regout(hif_dev, skb); 466 break; 467 default: 468 dev_err(&hif_dev->udev->dev, 469 "ath9k_htc: Invalid TX pipe: %d\n", pipe_id); 470 ret = -EINVAL; 471 break; 472 } 473 474 return ret; 475 } 476 477 static inline bool check_index(struct sk_buff *skb, u8 idx) 478 { 479 struct ath9k_htc_tx_ctl *tx_ctl; 480 481 tx_ctl = HTC_SKB_CB(skb); 482 483 if ((tx_ctl->type == ATH9K_HTC_AMPDU) && 484 (tx_ctl->sta_idx == idx)) 485 return true; 486 487 return false; 488 } 489 490 static void hif_usb_sta_drain(void *hif_handle, u8 idx) 491 { 492 struct hif_device_usb *hif_dev = (struct hif_device_usb *)hif_handle; 493 struct sk_buff *skb, *tmp; 494 unsigned long flags; 495 496 spin_lock_irqsave(&hif_dev->tx.tx_lock, flags); 497 498 skb_queue_walk_safe(&hif_dev->tx.tx_skb_queue, skb, tmp) { 499 if (check_index(skb, idx)) { 500 __skb_unlink(skb, &hif_dev->tx.tx_skb_queue); 501 ath9k_htc_txcompletion_cb(hif_dev->htc_handle, 502 skb, false); 503 hif_dev->tx.tx_skb_cnt--; 504 TX_STAT_INC(skb_failed); 505 } 506 } 507 508 spin_unlock_irqrestore(&hif_dev->tx.tx_lock, flags); 509 } 510 511 static struct ath9k_htc_hif hif_usb = { 512 .transport = ATH9K_HIF_USB, 513 .name = "ath9k_hif_usb", 514 515 .control_ul_pipe = USB_REG_OUT_PIPE, 516 .control_dl_pipe = USB_REG_IN_PIPE, 517 518 .start = hif_usb_start, 519 .stop = hif_usb_stop, 520 .sta_drain = hif_usb_sta_drain, 521 .send = hif_usb_send, 522 }; 523 524 static void ath9k_hif_usb_rx_stream(struct hif_device_usb *hif_dev, 525 struct sk_buff *skb) 526 { 527 struct sk_buff *nskb, *skb_pool[MAX_PKT_NUM_IN_TRANSFER]; 528 int index = 0, i = 0, len = skb->len; 529 int rx_remain_len, rx_pkt_len; 530 u16 pool_index = 0; 531 u8 *ptr; 532 533 spin_lock(&hif_dev->rx_lock); 534 535 rx_remain_len = hif_dev->rx_remain_len; 536 rx_pkt_len = hif_dev->rx_transfer_len; 537 538 if (rx_remain_len != 0) { 539 struct sk_buff *remain_skb = hif_dev->remain_skb; 540 541 if (remain_skb) { 542 ptr = (u8 *) remain_skb->data; 543 544 index = rx_remain_len; 545 rx_remain_len -= hif_dev->rx_pad_len; 546 ptr += rx_pkt_len; 547 548 memcpy(ptr, skb->data, rx_remain_len); 549 550 rx_pkt_len += rx_remain_len; 551 hif_dev->rx_remain_len = 0; 552 skb_put(remain_skb, rx_pkt_len); 553 554 skb_pool[pool_index++] = remain_skb; 555 556 } else { 557 index = rx_remain_len; 558 } 559 } 560 561 spin_unlock(&hif_dev->rx_lock); 562 563 while (index < len) { 564 u16 pkt_len; 565 u16 pkt_tag; 566 u16 pad_len; 567 int chk_idx; 568 569 ptr = (u8 *) skb->data; 570 571 pkt_len = get_unaligned_le16(ptr + index); 572 pkt_tag = get_unaligned_le16(ptr + index + 2); 573 574 if (pkt_tag != ATH_USB_RX_STREAM_MODE_TAG) { 575 RX_STAT_INC(skb_dropped); 576 return; 577 } 578 579 pad_len = 4 - (pkt_len & 0x3); 580 if (pad_len == 4) 581 pad_len = 0; 582 583 chk_idx = index; 584 index = index + 4 + pkt_len + pad_len; 585 586 if (index > MAX_RX_BUF_SIZE) { 587 spin_lock(&hif_dev->rx_lock); 588 hif_dev->rx_remain_len = index - MAX_RX_BUF_SIZE; 589 hif_dev->rx_transfer_len = 590 MAX_RX_BUF_SIZE - chk_idx - 4; 591 hif_dev->rx_pad_len = pad_len; 592 593 nskb = __dev_alloc_skb(pkt_len + 32, GFP_ATOMIC); 594 if (!nskb) { 595 dev_err(&hif_dev->udev->dev, 596 "ath9k_htc: RX memory allocation error\n"); 597 spin_unlock(&hif_dev->rx_lock); 598 goto err; 599 } 600 skb_reserve(nskb, 32); 601 RX_STAT_INC(skb_allocated); 602 603 memcpy(nskb->data, &(skb->data[chk_idx+4]), 604 hif_dev->rx_transfer_len); 605 606 /* Record the buffer pointer */ 607 hif_dev->remain_skb = nskb; 608 spin_unlock(&hif_dev->rx_lock); 609 } else { 610 nskb = __dev_alloc_skb(pkt_len + 32, GFP_ATOMIC); 611 if (!nskb) { 612 dev_err(&hif_dev->udev->dev, 613 "ath9k_htc: RX memory allocation error\n"); 614 goto err; 615 } 616 skb_reserve(nskb, 32); 617 RX_STAT_INC(skb_allocated); 618 619 memcpy(nskb->data, &(skb->data[chk_idx+4]), pkt_len); 620 skb_put(nskb, pkt_len); 621 skb_pool[pool_index++] = nskb; 622 } 623 } 624 625 err: 626 for (i = 0; i < pool_index; i++) { 627 RX_STAT_ADD(skb_completed_bytes, skb_pool[i]->len); 628 ath9k_htc_rx_msg(hif_dev->htc_handle, skb_pool[i], 629 skb_pool[i]->len, USB_WLAN_RX_PIPE); 630 RX_STAT_INC(skb_completed); 631 } 632 } 633 634 static void ath9k_hif_usb_rx_cb(struct urb *urb) 635 { 636 struct sk_buff *skb = (struct sk_buff *) urb->context; 637 struct hif_device_usb *hif_dev = 638 usb_get_intfdata(usb_ifnum_to_if(urb->dev, 0)); 639 int ret; 640 641 if (!skb) 642 return; 643 644 if (!hif_dev) 645 goto free; 646 647 switch (urb->status) { 648 case 0: 649 break; 650 case -ENOENT: 651 case -ECONNRESET: 652 case -ENODEV: 653 case -ESHUTDOWN: 654 goto free; 655 default: 656 goto resubmit; 657 } 658 659 if (likely(urb->actual_length != 0)) { 660 skb_put(skb, urb->actual_length); 661 ath9k_hif_usb_rx_stream(hif_dev, skb); 662 } 663 664 resubmit: 665 skb_reset_tail_pointer(skb); 666 skb_trim(skb, 0); 667 668 usb_anchor_urb(urb, &hif_dev->rx_submitted); 669 ret = usb_submit_urb(urb, GFP_ATOMIC); 670 if (ret) { 671 usb_unanchor_urb(urb); 672 goto free; 673 } 674 675 return; 676 free: 677 kfree_skb(skb); 678 } 679 680 static void ath9k_hif_usb_reg_in_cb(struct urb *urb) 681 { 682 struct sk_buff *skb = (struct sk_buff *) urb->context; 683 struct sk_buff *nskb; 684 struct hif_device_usb *hif_dev = 685 usb_get_intfdata(usb_ifnum_to_if(urb->dev, 0)); 686 int ret; 687 688 if (!skb) 689 return; 690 691 if (!hif_dev) 692 goto free; 693 694 switch (urb->status) { 695 case 0: 696 break; 697 case -ENOENT: 698 case -ECONNRESET: 699 case -ENODEV: 700 case -ESHUTDOWN: 701 goto free; 702 default: 703 skb_reset_tail_pointer(skb); 704 skb_trim(skb, 0); 705 706 goto resubmit; 707 } 708 709 if (likely(urb->actual_length != 0)) { 710 skb_put(skb, urb->actual_length); 711 712 /* Process the command first */ 713 ath9k_htc_rx_msg(hif_dev->htc_handle, skb, 714 skb->len, USB_REG_IN_PIPE); 715 716 717 nskb = alloc_skb(MAX_REG_IN_BUF_SIZE, GFP_ATOMIC); 718 if (!nskb) { 719 dev_err(&hif_dev->udev->dev, 720 "ath9k_htc: REG_IN memory allocation failure\n"); 721 urb->context = NULL; 722 return; 723 } 724 725 usb_fill_int_urb(urb, hif_dev->udev, 726 usb_rcvintpipe(hif_dev->udev, 727 USB_REG_IN_PIPE), 728 nskb->data, MAX_REG_IN_BUF_SIZE, 729 ath9k_hif_usb_reg_in_cb, nskb, 1); 730 } 731 732 resubmit: 733 usb_anchor_urb(urb, &hif_dev->reg_in_submitted); 734 ret = usb_submit_urb(urb, GFP_ATOMIC); 735 if (ret) { 736 usb_unanchor_urb(urb); 737 goto free; 738 } 739 740 return; 741 free: 742 kfree_skb(skb); 743 urb->context = NULL; 744 } 745 746 static void ath9k_hif_usb_dealloc_tx_urbs(struct hif_device_usb *hif_dev) 747 { 748 struct tx_buf *tx_buf = NULL, *tx_buf_tmp = NULL; 749 unsigned long flags; 750 751 list_for_each_entry_safe(tx_buf, tx_buf_tmp, 752 &hif_dev->tx.tx_buf, list) { 753 usb_kill_urb(tx_buf->urb); 754 list_del(&tx_buf->list); 755 usb_free_urb(tx_buf->urb); 756 kfree(tx_buf->buf); 757 kfree(tx_buf); 758 } 759 760 spin_lock_irqsave(&hif_dev->tx.tx_lock, flags); 761 hif_dev->tx.flags |= HIF_USB_TX_FLUSH; 762 spin_unlock_irqrestore(&hif_dev->tx.tx_lock, flags); 763 764 list_for_each_entry_safe(tx_buf, tx_buf_tmp, 765 &hif_dev->tx.tx_pending, list) { 766 usb_kill_urb(tx_buf->urb); 767 list_del(&tx_buf->list); 768 usb_free_urb(tx_buf->urb); 769 kfree(tx_buf->buf); 770 kfree(tx_buf); 771 } 772 773 usb_kill_anchored_urbs(&hif_dev->mgmt_submitted); 774 } 775 776 static int ath9k_hif_usb_alloc_tx_urbs(struct hif_device_usb *hif_dev) 777 { 778 struct tx_buf *tx_buf; 779 int i; 780 781 INIT_LIST_HEAD(&hif_dev->tx.tx_buf); 782 INIT_LIST_HEAD(&hif_dev->tx.tx_pending); 783 spin_lock_init(&hif_dev->tx.tx_lock); 784 __skb_queue_head_init(&hif_dev->tx.tx_skb_queue); 785 init_usb_anchor(&hif_dev->mgmt_submitted); 786 787 for (i = 0; i < MAX_TX_URB_NUM; i++) { 788 tx_buf = kzalloc(sizeof(struct tx_buf), GFP_KERNEL); 789 if (!tx_buf) 790 goto err; 791 792 tx_buf->buf = kzalloc(MAX_TX_BUF_SIZE, GFP_KERNEL); 793 if (!tx_buf->buf) 794 goto err; 795 796 tx_buf->urb = usb_alloc_urb(0, GFP_KERNEL); 797 if (!tx_buf->urb) 798 goto err; 799 800 tx_buf->hif_dev = hif_dev; 801 __skb_queue_head_init(&tx_buf->skb_queue); 802 803 list_add_tail(&tx_buf->list, &hif_dev->tx.tx_buf); 804 } 805 806 hif_dev->tx.tx_buf_cnt = MAX_TX_URB_NUM; 807 808 return 0; 809 err: 810 if (tx_buf) { 811 kfree(tx_buf->buf); 812 kfree(tx_buf); 813 } 814 ath9k_hif_usb_dealloc_tx_urbs(hif_dev); 815 return -ENOMEM; 816 } 817 818 static void ath9k_hif_usb_dealloc_rx_urbs(struct hif_device_usb *hif_dev) 819 { 820 usb_kill_anchored_urbs(&hif_dev->rx_submitted); 821 } 822 823 static int ath9k_hif_usb_alloc_rx_urbs(struct hif_device_usb *hif_dev) 824 { 825 struct urb *urb = NULL; 826 struct sk_buff *skb = NULL; 827 int i, ret; 828 829 init_usb_anchor(&hif_dev->rx_submitted); 830 spin_lock_init(&hif_dev->rx_lock); 831 832 for (i = 0; i < MAX_RX_URB_NUM; i++) { 833 834 /* Allocate URB */ 835 urb = usb_alloc_urb(0, GFP_KERNEL); 836 if (urb == NULL) { 837 ret = -ENOMEM; 838 goto err_urb; 839 } 840 841 /* Allocate buffer */ 842 skb = alloc_skb(MAX_RX_BUF_SIZE, GFP_KERNEL); 843 if (!skb) { 844 ret = -ENOMEM; 845 goto err_skb; 846 } 847 848 usb_fill_bulk_urb(urb, hif_dev->udev, 849 usb_rcvbulkpipe(hif_dev->udev, 850 USB_WLAN_RX_PIPE), 851 skb->data, MAX_RX_BUF_SIZE, 852 ath9k_hif_usb_rx_cb, skb); 853 854 /* Anchor URB */ 855 usb_anchor_urb(urb, &hif_dev->rx_submitted); 856 857 /* Submit URB */ 858 ret = usb_submit_urb(urb, GFP_KERNEL); 859 if (ret) { 860 usb_unanchor_urb(urb); 861 goto err_submit; 862 } 863 864 /* 865 * Drop reference count. 866 * This ensures that the URB is freed when killing them. 867 */ 868 usb_free_urb(urb); 869 } 870 871 return 0; 872 873 err_submit: 874 kfree_skb(skb); 875 err_skb: 876 usb_free_urb(urb); 877 err_urb: 878 ath9k_hif_usb_dealloc_rx_urbs(hif_dev); 879 return ret; 880 } 881 882 static void ath9k_hif_usb_dealloc_reg_in_urbs(struct hif_device_usb *hif_dev) 883 { 884 usb_kill_anchored_urbs(&hif_dev->reg_in_submitted); 885 } 886 887 static int ath9k_hif_usb_alloc_reg_in_urbs(struct hif_device_usb *hif_dev) 888 { 889 struct urb *urb = NULL; 890 struct sk_buff *skb = NULL; 891 int i, ret; 892 893 init_usb_anchor(&hif_dev->reg_in_submitted); 894 895 for (i = 0; i < MAX_REG_IN_URB_NUM; i++) { 896 897 /* Allocate URB */ 898 urb = usb_alloc_urb(0, GFP_KERNEL); 899 if (urb == NULL) { 900 ret = -ENOMEM; 901 goto err_urb; 902 } 903 904 /* Allocate buffer */ 905 skb = alloc_skb(MAX_REG_IN_BUF_SIZE, GFP_KERNEL); 906 if (!skb) { 907 ret = -ENOMEM; 908 goto err_skb; 909 } 910 911 usb_fill_int_urb(urb, hif_dev->udev, 912 usb_rcvintpipe(hif_dev->udev, 913 USB_REG_IN_PIPE), 914 skb->data, MAX_REG_IN_BUF_SIZE, 915 ath9k_hif_usb_reg_in_cb, skb, 1); 916 917 /* Anchor URB */ 918 usb_anchor_urb(urb, &hif_dev->reg_in_submitted); 919 920 /* Submit URB */ 921 ret = usb_submit_urb(urb, GFP_KERNEL); 922 if (ret) { 923 usb_unanchor_urb(urb); 924 goto err_submit; 925 } 926 927 /* 928 * Drop reference count. 929 * This ensures that the URB is freed when killing them. 930 */ 931 usb_free_urb(urb); 932 } 933 934 return 0; 935 936 err_submit: 937 kfree_skb(skb); 938 err_skb: 939 usb_free_urb(urb); 940 err_urb: 941 ath9k_hif_usb_dealloc_reg_in_urbs(hif_dev); 942 return ret; 943 } 944 945 static int ath9k_hif_usb_alloc_urbs(struct hif_device_usb *hif_dev) 946 { 947 /* Register Write */ 948 init_usb_anchor(&hif_dev->regout_submitted); 949 950 /* TX */ 951 if (ath9k_hif_usb_alloc_tx_urbs(hif_dev) < 0) 952 goto err; 953 954 /* RX */ 955 if (ath9k_hif_usb_alloc_rx_urbs(hif_dev) < 0) 956 goto err_rx; 957 958 /* Register Read */ 959 if (ath9k_hif_usb_alloc_reg_in_urbs(hif_dev) < 0) 960 goto err_reg; 961 962 return 0; 963 err_reg: 964 ath9k_hif_usb_dealloc_rx_urbs(hif_dev); 965 err_rx: 966 ath9k_hif_usb_dealloc_tx_urbs(hif_dev); 967 err: 968 return -ENOMEM; 969 } 970 971 static void ath9k_hif_usb_dealloc_urbs(struct hif_device_usb *hif_dev) 972 { 973 usb_kill_anchored_urbs(&hif_dev->regout_submitted); 974 ath9k_hif_usb_dealloc_reg_in_urbs(hif_dev); 975 ath9k_hif_usb_dealloc_tx_urbs(hif_dev); 976 ath9k_hif_usb_dealloc_rx_urbs(hif_dev); 977 } 978 979 static int ath9k_hif_usb_download_fw(struct hif_device_usb *hif_dev) 980 { 981 int transfer, err; 982 const void *data = hif_dev->fw_data; 983 size_t len = hif_dev->fw_size; 984 u32 addr = AR9271_FIRMWARE; 985 u8 *buf = kzalloc(4096, GFP_KERNEL); 986 u32 firm_offset; 987 988 if (!buf) 989 return -ENOMEM; 990 991 while (len) { 992 transfer = min_t(size_t, len, 4096); 993 memcpy(buf, data, transfer); 994 995 err = usb_control_msg(hif_dev->udev, 996 usb_sndctrlpipe(hif_dev->udev, 0), 997 FIRMWARE_DOWNLOAD, 0x40 | USB_DIR_OUT, 998 addr >> 8, 0, buf, transfer, HZ); 999 if (err < 0) { 1000 kfree(buf); 1001 return err; 1002 } 1003 1004 len -= transfer; 1005 data += transfer; 1006 addr += transfer; 1007 } 1008 kfree(buf); 1009 1010 if (IS_AR7010_DEVICE(hif_dev->usb_device_id->driver_info)) 1011 firm_offset = AR7010_FIRMWARE_TEXT; 1012 else 1013 firm_offset = AR9271_FIRMWARE_TEXT; 1014 1015 /* 1016 * Issue FW download complete command to firmware. 1017 */ 1018 err = usb_control_msg(hif_dev->udev, usb_sndctrlpipe(hif_dev->udev, 0), 1019 FIRMWARE_DOWNLOAD_COMP, 1020 0x40 | USB_DIR_OUT, 1021 firm_offset >> 8, 0, NULL, 0, HZ); 1022 if (err) 1023 return -EIO; 1024 1025 dev_info(&hif_dev->udev->dev, "ath9k_htc: Transferred FW: %s, size: %ld\n", 1026 hif_dev->fw_name, (unsigned long) hif_dev->fw_size); 1027 1028 return 0; 1029 } 1030 1031 static int ath9k_hif_usb_dev_init(struct hif_device_usb *hif_dev) 1032 { 1033 int ret; 1034 1035 ret = ath9k_hif_usb_download_fw(hif_dev); 1036 if (ret) { 1037 dev_err(&hif_dev->udev->dev, 1038 "ath9k_htc: Firmware - %s download failed\n", 1039 hif_dev->fw_name); 1040 return ret; 1041 } 1042 1043 /* Alloc URBs */ 1044 ret = ath9k_hif_usb_alloc_urbs(hif_dev); 1045 if (ret) { 1046 dev_err(&hif_dev->udev->dev, 1047 "ath9k_htc: Unable to allocate URBs\n"); 1048 return ret; 1049 } 1050 1051 return 0; 1052 } 1053 1054 static void ath9k_hif_usb_dev_deinit(struct hif_device_usb *hif_dev) 1055 { 1056 ath9k_hif_usb_dealloc_urbs(hif_dev); 1057 } 1058 1059 /* 1060 * If initialization fails or the FW cannot be retrieved, 1061 * detach the device. 1062 */ 1063 static void ath9k_hif_usb_firmware_fail(struct hif_device_usb *hif_dev) 1064 { 1065 struct device *dev = &hif_dev->udev->dev; 1066 struct device *parent = dev->parent; 1067 1068 complete_all(&hif_dev->fw_done); 1069 1070 if (parent) 1071 device_lock(parent); 1072 1073 device_release_driver(dev); 1074 1075 if (parent) 1076 device_unlock(parent); 1077 } 1078 1079 static void ath9k_hif_usb_firmware_cb(const struct firmware *fw, void *context); 1080 1081 /* taken from iwlwifi */ 1082 static int ath9k_hif_request_firmware(struct hif_device_usb *hif_dev, 1083 bool first) 1084 { 1085 char index[8], *chip; 1086 int ret; 1087 1088 if (first) { 1089 if (htc_use_dev_fw) { 1090 hif_dev->fw_minor_index = FIRMWARE_MINOR_IDX_MAX + 1; 1091 sprintf(index, "%s", "dev"); 1092 } else { 1093 hif_dev->fw_minor_index = FIRMWARE_MINOR_IDX_MAX; 1094 sprintf(index, "%d", hif_dev->fw_minor_index); 1095 } 1096 } else { 1097 hif_dev->fw_minor_index--; 1098 sprintf(index, "%d", hif_dev->fw_minor_index); 1099 } 1100 1101 /* test for FW 1.3 */ 1102 if (MAJOR_VERSION_REQ == 1 && hif_dev->fw_minor_index == 3) { 1103 const char *filename; 1104 1105 if (IS_AR7010_DEVICE(hif_dev->usb_device_id->driver_info)) 1106 filename = FIRMWARE_AR7010_1_1; 1107 else 1108 filename = FIRMWARE_AR9271; 1109 1110 /* expected fw locations: 1111 * - htc_9271.fw (stable version 1.3, depricated) 1112 */ 1113 snprintf(hif_dev->fw_name, sizeof(hif_dev->fw_name), 1114 "%s", filename); 1115 1116 } else if (hif_dev->fw_minor_index < FIRMWARE_MINOR_IDX_MIN) { 1117 dev_err(&hif_dev->udev->dev, "no suitable firmware found!\n"); 1118 1119 return -ENOENT; 1120 } else { 1121 if (IS_AR7010_DEVICE(hif_dev->usb_device_id->driver_info)) 1122 chip = "7010"; 1123 else 1124 chip = "9271"; 1125 1126 /* expected fw locations: 1127 * - ath9k_htc/htc_9271-1.dev.0.fw (development version) 1128 * - ath9k_htc/htc_9271-1.4.0.fw (stable version) 1129 */ 1130 snprintf(hif_dev->fw_name, sizeof(hif_dev->fw_name), 1131 "%s/htc_%s-%d.%s.0.fw", HTC_FW_PATH, 1132 chip, MAJOR_VERSION_REQ, index); 1133 } 1134 1135 ret = request_firmware_nowait(THIS_MODULE, true, hif_dev->fw_name, 1136 &hif_dev->udev->dev, GFP_KERNEL, 1137 hif_dev, ath9k_hif_usb_firmware_cb); 1138 if (ret) { 1139 dev_err(&hif_dev->udev->dev, 1140 "ath9k_htc: Async request for firmware %s failed\n", 1141 hif_dev->fw_name); 1142 return ret; 1143 } 1144 1145 dev_info(&hif_dev->udev->dev, "ath9k_htc: Firmware %s requested\n", 1146 hif_dev->fw_name); 1147 1148 return ret; 1149 } 1150 1151 static void ath9k_hif_usb_firmware_cb(const struct firmware *fw, void *context) 1152 { 1153 struct hif_device_usb *hif_dev = context; 1154 int ret; 1155 1156 if (!fw) { 1157 ret = ath9k_hif_request_firmware(hif_dev, false); 1158 if (!ret) 1159 return; 1160 1161 dev_err(&hif_dev->udev->dev, 1162 "ath9k_htc: Failed to get firmware %s\n", 1163 hif_dev->fw_name); 1164 goto err_fw; 1165 } 1166 1167 hif_dev->htc_handle = ath9k_htc_hw_alloc(hif_dev, &hif_usb, 1168 &hif_dev->udev->dev); 1169 if (hif_dev->htc_handle == NULL) 1170 goto err_dev_alloc; 1171 1172 hif_dev->fw_data = fw->data; 1173 hif_dev->fw_size = fw->size; 1174 1175 /* Proceed with initialization */ 1176 1177 ret = ath9k_hif_usb_dev_init(hif_dev); 1178 if (ret) 1179 goto err_dev_init; 1180 1181 ret = ath9k_htc_hw_init(hif_dev->htc_handle, 1182 &hif_dev->interface->dev, 1183 hif_dev->usb_device_id->idProduct, 1184 hif_dev->udev->product, 1185 hif_dev->usb_device_id->driver_info); 1186 if (ret) { 1187 ret = -EINVAL; 1188 goto err_htc_hw_init; 1189 } 1190 1191 release_firmware(fw); 1192 hif_dev->flags |= HIF_USB_READY; 1193 complete_all(&hif_dev->fw_done); 1194 1195 return; 1196 1197 err_htc_hw_init: 1198 ath9k_hif_usb_dev_deinit(hif_dev); 1199 err_dev_init: 1200 ath9k_htc_hw_free(hif_dev->htc_handle); 1201 err_dev_alloc: 1202 release_firmware(fw); 1203 err_fw: 1204 ath9k_hif_usb_firmware_fail(hif_dev); 1205 } 1206 1207 /* 1208 * An exact copy of the function from zd1211rw. 1209 */ 1210 static int send_eject_command(struct usb_interface *interface) 1211 { 1212 struct usb_device *udev = interface_to_usbdev(interface); 1213 struct usb_host_interface *iface_desc = &interface->altsetting[0]; 1214 struct usb_endpoint_descriptor *endpoint; 1215 unsigned char *cmd; 1216 u8 bulk_out_ep; 1217 int r; 1218 1219 /* Find bulk out endpoint */ 1220 for (r = 1; r >= 0; r--) { 1221 endpoint = &iface_desc->endpoint[r].desc; 1222 if (usb_endpoint_dir_out(endpoint) && 1223 usb_endpoint_xfer_bulk(endpoint)) { 1224 bulk_out_ep = endpoint->bEndpointAddress; 1225 break; 1226 } 1227 } 1228 if (r == -1) { 1229 dev_err(&udev->dev, 1230 "ath9k_htc: Could not find bulk out endpoint\n"); 1231 return -ENODEV; 1232 } 1233 1234 cmd = kzalloc(31, GFP_KERNEL); 1235 if (cmd == NULL) 1236 return -ENODEV; 1237 1238 /* USB bulk command block */ 1239 cmd[0] = 0x55; /* bulk command signature */ 1240 cmd[1] = 0x53; /* bulk command signature */ 1241 cmd[2] = 0x42; /* bulk command signature */ 1242 cmd[3] = 0x43; /* bulk command signature */ 1243 cmd[14] = 6; /* command length */ 1244 1245 cmd[15] = 0x1b; /* SCSI command: START STOP UNIT */ 1246 cmd[19] = 0x2; /* eject disc */ 1247 1248 dev_info(&udev->dev, "Ejecting storage device...\n"); 1249 r = usb_bulk_msg(udev, usb_sndbulkpipe(udev, bulk_out_ep), 1250 cmd, 31, NULL, 2000); 1251 kfree(cmd); 1252 if (r) 1253 return r; 1254 1255 /* At this point, the device disconnects and reconnects with the real 1256 * ID numbers. */ 1257 1258 usb_set_intfdata(interface, NULL); 1259 return 0; 1260 } 1261 1262 static int ath9k_hif_usb_probe(struct usb_interface *interface, 1263 const struct usb_device_id *id) 1264 { 1265 struct usb_device *udev = interface_to_usbdev(interface); 1266 struct hif_device_usb *hif_dev; 1267 int ret = 0; 1268 1269 if (id->driver_info == STORAGE_DEVICE) 1270 return send_eject_command(interface); 1271 1272 hif_dev = kzalloc(sizeof(struct hif_device_usb), GFP_KERNEL); 1273 if (!hif_dev) { 1274 ret = -ENOMEM; 1275 goto err_alloc; 1276 } 1277 1278 usb_get_dev(udev); 1279 1280 hif_dev->udev = udev; 1281 hif_dev->interface = interface; 1282 hif_dev->usb_device_id = id; 1283 #ifdef CONFIG_PM 1284 udev->reset_resume = 1; 1285 #endif 1286 usb_set_intfdata(interface, hif_dev); 1287 1288 init_completion(&hif_dev->fw_done); 1289 1290 ret = ath9k_hif_request_firmware(hif_dev, true); 1291 if (ret) 1292 goto err_fw_req; 1293 1294 return ret; 1295 1296 err_fw_req: 1297 usb_set_intfdata(interface, NULL); 1298 kfree(hif_dev); 1299 usb_put_dev(udev); 1300 err_alloc: 1301 return ret; 1302 } 1303 1304 static void ath9k_hif_usb_reboot(struct usb_device *udev) 1305 { 1306 u32 reboot_cmd = 0xffffffff; 1307 void *buf; 1308 int ret; 1309 1310 buf = kmemdup(&reboot_cmd, 4, GFP_KERNEL); 1311 if (!buf) 1312 return; 1313 1314 ret = usb_interrupt_msg(udev, usb_sndintpipe(udev, USB_REG_OUT_PIPE), 1315 buf, 4, NULL, HZ); 1316 if (ret) 1317 dev_err(&udev->dev, "ath9k_htc: USB reboot failed\n"); 1318 1319 kfree(buf); 1320 } 1321 1322 static void ath9k_hif_usb_disconnect(struct usb_interface *interface) 1323 { 1324 struct usb_device *udev = interface_to_usbdev(interface); 1325 struct hif_device_usb *hif_dev = usb_get_intfdata(interface); 1326 bool unplugged = (udev->state == USB_STATE_NOTATTACHED) ? true : false; 1327 1328 if (!hif_dev) 1329 return; 1330 1331 wait_for_completion(&hif_dev->fw_done); 1332 1333 if (hif_dev->flags & HIF_USB_READY) { 1334 ath9k_htc_hw_deinit(hif_dev->htc_handle, unplugged); 1335 ath9k_htc_hw_free(hif_dev->htc_handle); 1336 ath9k_hif_usb_dev_deinit(hif_dev); 1337 } 1338 1339 usb_set_intfdata(interface, NULL); 1340 1341 /* If firmware was loaded we should drop it 1342 * go back to first stage bootloader. */ 1343 if (!unplugged && (hif_dev->flags & HIF_USB_READY)) 1344 ath9k_hif_usb_reboot(udev); 1345 1346 kfree(hif_dev); 1347 dev_info(&udev->dev, "ath9k_htc: USB layer deinitialized\n"); 1348 usb_put_dev(udev); 1349 } 1350 1351 #ifdef CONFIG_PM 1352 static int ath9k_hif_usb_suspend(struct usb_interface *interface, 1353 pm_message_t message) 1354 { 1355 struct hif_device_usb *hif_dev = usb_get_intfdata(interface); 1356 1357 /* 1358 * The device has to be set to FULLSLEEP mode in case no 1359 * interface is up. 1360 */ 1361 if (!(hif_dev->flags & HIF_USB_START)) 1362 ath9k_htc_suspend(hif_dev->htc_handle); 1363 1364 wait_for_completion(&hif_dev->fw_done); 1365 1366 if (hif_dev->flags & HIF_USB_READY) 1367 ath9k_hif_usb_dealloc_urbs(hif_dev); 1368 1369 return 0; 1370 } 1371 1372 static int ath9k_hif_usb_resume(struct usb_interface *interface) 1373 { 1374 struct hif_device_usb *hif_dev = usb_get_intfdata(interface); 1375 struct htc_target *htc_handle = hif_dev->htc_handle; 1376 int ret; 1377 const struct firmware *fw; 1378 1379 ret = ath9k_hif_usb_alloc_urbs(hif_dev); 1380 if (ret) 1381 return ret; 1382 1383 if (hif_dev->flags & HIF_USB_READY) { 1384 /* request cached firmware during suspend/resume cycle */ 1385 ret = request_firmware(&fw, hif_dev->fw_name, 1386 &hif_dev->udev->dev); 1387 if (ret) 1388 goto fail_resume; 1389 1390 hif_dev->fw_data = fw->data; 1391 hif_dev->fw_size = fw->size; 1392 ret = ath9k_hif_usb_download_fw(hif_dev); 1393 release_firmware(fw); 1394 if (ret) 1395 goto fail_resume; 1396 } else { 1397 ath9k_hif_usb_dealloc_urbs(hif_dev); 1398 return -EIO; 1399 } 1400 1401 mdelay(100); 1402 1403 ret = ath9k_htc_resume(htc_handle); 1404 1405 if (ret) 1406 goto fail_resume; 1407 1408 return 0; 1409 1410 fail_resume: 1411 ath9k_hif_usb_dealloc_urbs(hif_dev); 1412 1413 return ret; 1414 } 1415 #endif 1416 1417 static struct usb_driver ath9k_hif_usb_driver = { 1418 .name = KBUILD_MODNAME, 1419 .probe = ath9k_hif_usb_probe, 1420 .disconnect = ath9k_hif_usb_disconnect, 1421 #ifdef CONFIG_PM 1422 .suspend = ath9k_hif_usb_suspend, 1423 .resume = ath9k_hif_usb_resume, 1424 .reset_resume = ath9k_hif_usb_resume, 1425 #endif 1426 .id_table = ath9k_hif_usb_ids, 1427 .soft_unbind = 1, 1428 .disable_hub_initiated_lpm = 1, 1429 }; 1430 1431 int ath9k_hif_usb_init(void) 1432 { 1433 return usb_register(&ath9k_hif_usb_driver); 1434 } 1435 1436 void ath9k_hif_usb_exit(void) 1437 { 1438 usb_deregister(&ath9k_hif_usb_driver); 1439 }

1 2 #include <linux/kernel.h> 3 #include <linux/mutex.h> 4 #include <linux/spinlock.h> 5 #include <linux/errno.h> 6 #include <verifier/rcv.h> 7 #include <linux/list.h> 8 9 /* mutexes */ 10 extern int mutex_lock_interruptible(struct mutex *lock); 11 extern int mutex_lock_killable(struct mutex *lock); 12 extern void mutex_lock(struct mutex *lock); 13 14 /* mutex model functions */ 15 extern void ldv_mutex_lock(struct mutex *lock, char *sign); 16 extern int ldv_mutex_is_locked(struct mutex *lock, char *sign); 17 extern void ldv_mutex_unlock(struct mutex *lock, char *sign); 18 19 20 /* Spin locks */ 21 extern void __ldv_spin_lock(spinlock_t *lock); 22 extern void __ldv_spin_unlock(spinlock_t *lock); 23 extern int __ldv_spin_trylock(spinlock_t *lock); 24 extern void __ldv_spin_unlock_wait(spinlock_t *lock); 25 extern void __ldv_spin_can_lock(spinlock_t *lock); 26 extern int __ldv_atomic_dec_and_lock(spinlock_t *lock); 27 28 /* spin model functions */ 29 extern void ldv_spin_lock(spinlock_t *lock, char *sign); 30 extern void ldv_spin_unlock(spinlock_t *lock, char *sign); 31 extern int ldv_spin_is_locked(spinlock_t *lock, char *sign); 32 33 /* Support for list binder functions */ 34 static inline struct list_head *ldv_list_get_first(struct list_head *head) { 35 return head->next; 36 } 37 38 static inline int ldv_list_is_stop(struct list_head *pos, struct list_head *head) { 39 return pos==head; 40 } 41 42 static inline struct list_head *ldv_list_get_next(struct list_head *pos) { 43 return pos->next; 44 } 45 46 #include <linux/mutex.h> 47 #include <linux/slab.h> 48 #include <verifier/rcv.h> 49 #include <linux/timer.h> 50 #include <linux/rtnetlink.h> 51 #include <linux/gfp.h> 52 extern struct file *fops_xmit_group2; 53 extern int ldv_state_variable_8; 54 extern int ldv_timer_1_3; 55 extern struct ath_common *ath9k_usb_bus_ops_group0; 56 extern struct inode *fops_debug_group1; 57 extern struct inode *fops_queue_group1; 58 extern struct ath_common *ath9k_htc_ps_ops_group0; 59 extern int ldv_state_variable_0; 60 extern int ldv_state_variable_5; 61 extern int ldv_state_variable_13; 62 extern int ldv_state_variable_12; 63 extern struct file *fops_tgt_tx_stats_group2; 64 extern struct file *fops_queue_group2; 65 extern int ldv_state_variable_14; 66 extern int ldv_timer_1_0; 67 extern int ldv_state_variable_9; 68 extern struct inode *fops_tgt_tx_stats_group1; 69 extern struct file *fops_debug_group2; 70 extern int ref_cnt; 71 extern struct mutex key_mtx; 72 extern int ldv_state_variable_1; 73 extern int ldv_state_variable_7; 74 extern struct inode *fops_xmit_group1; 75 extern struct inode *fops_skb_rx_group1; 76 extern struct file *fops_tgt_int_stats_group2; 77 extern struct usb_interface *ath9k_hif_usb_driver_group1; 78 extern struct timer_list * ldv_timer_list_1_3; 79 extern int ldv_state_variable_10; 80 extern struct timer_list * ldv_timer_list_1_1; 81 extern struct timer_list * ldv_timer_list_1_0; 82 extern int ldv_state_variable_6; 83 extern int ldv_timer_1_2; 84 extern int ldv_timer_1_1; 85 extern int ldv_state_variable_2; 86 extern struct timer_list * ldv_timer_list_1_2; 87 extern struct inode *fops_tgt_int_stats_group1; 88 extern struct ieee80211_hw *ath9k_htc_ops_group0; 89 extern int usb_counter; 90 extern int ldv_state_variable_11; 91 extern struct file *fops_slot_group2; 92 extern int LDV_IN_INTERRUPT = 1; 93 extern struct inode *fops_slot_group1; 94 extern struct inode *fops_tgt_rx_stats_group1; 95 extern struct file *fops_tgt_rx_stats_group2; 96 extern struct mutex fs_mutex; 97 extern int ldv_state_variable_3; 98 extern struct mutex ar_mutex; 99 extern struct file *fops_skb_rx_group2; 100 extern int ldv_state_variable_4; 101 extern void ldv_file_operations_7(void); 102 extern void ldv_file_operations_6(void); 103 extern void ldv_file_operations_2(void); 104 extern void activate_pending_timer_1(struct timer_list * timer, unsigned long data, int pending_flag); 105 extern void ldv_initialyze_ath_bus_ops_10(void); 106 extern int evil_hack_12(void); 107 extern void timer_init_1(void); 108 extern void ldv_file_operations_9(void); 109 extern void ldv_usb_driver_13(void); 110 extern void ldv_file_operations_3(void); 111 extern void ldv_file_operations_8(void); 112 extern int reg_timer_1(struct timer_list * timer, void (*function)(unsigned long), unsigned long data); 113 extern void ldv_initialyze_ath_ps_ops_11(void); 114 extern int evil_hack_key_12(void); 115 extern void ldv_initialyze_ieee80211_ops_12(void); 116 extern void disable_suitable_timer_1(struct timer_list * timer); 117 extern void activate_suitable_timer_1(struct timer_list * timer, unsigned long data); 118 extern int evil_hack_fs_lock(void); 119 extern int __VERIFIER_nondet_int(void); 120 extern void ldv_file_operations_5(void); 121 extern void choose_timer_1(void); 122 extern void ldv_timer_1(int state, struct timer_list * timer); 123 extern int evil_hack_ar_lock(void); 124 extern void ldv_file_operations_4(void); 125 #line 1 "/work/ldvuser/andrianov/work/current--X--drivers/net/wireless/ath/ath9k/--X--defaultlinux-4.5-rc7--X--races--X--cpachecker/linux-4.5-rc7/csd_deg_dscv/74/dscv_tempdir/dscv/ri/races/drivers/net/wireless/ath/ath9k/hif_usb.c" 126 /* 127 * Copyright (c) 2010-2011 Atheros Communications Inc. 128 * 129 * Permission to use, copy, modify, and/or distribute this software for any 130 * purpose with or without fee is hereby granted, provided that the above 131 * copyright notice and this permission notice appear in all copies. 132 * 133 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 134 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 135 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 136 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 137 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 138 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 139 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 140 */ 141 142 #include <asm/unaligned.h> 143 #include "htc.h" 144 145 MODULE_FIRMWARE(HTC_7010_MODULE_FW); 146 MODULE_FIRMWARE(HTC_9271_MODULE_FW); 147 148 static struct usb_device_id ath9k_hif_usb_ids[] = { 149 { USB_DEVICE(0x0cf3, 0x9271) }, /* Atheros */ 150 { USB_DEVICE(0x0cf3, 0x1006) }, /* Atheros */ 151 { USB_DEVICE(0x0846, 0x9030) }, /* Netgear N150 */ 152 { USB_DEVICE(0x07D1, 0x3A10) }, /* Dlink Wireless 150 */ 153 { USB_DEVICE(0x13D3, 0x3327) }, /* Azurewave */ 154 { USB_DEVICE(0x13D3, 0x3328) }, /* Azurewave */ 155 { USB_DEVICE(0x13D3, 0x3346) }, /* IMC Networks */ 156 { USB_DEVICE(0x13D3, 0x3348) }, /* Azurewave */ 157 { USB_DEVICE(0x13D3, 0x3349) }, /* Azurewave */ 158 { USB_DEVICE(0x13D3, 0x3350) }, /* Azurewave */ 159 { USB_DEVICE(0x04CA, 0x4605) }, /* Liteon */ 160 { USB_DEVICE(0x040D, 0x3801) }, /* VIA */ 161 { USB_DEVICE(0x0cf3, 0xb003) }, /* Ubiquiti WifiStation Ext */ 162 { USB_DEVICE(0x0cf3, 0xb002) }, /* Ubiquiti WifiStation */ 163 { USB_DEVICE(0x057c, 0x8403) }, /* AVM FRITZ!WLAN 11N v2 USB */ 164 { USB_DEVICE(0x0471, 0x209e) }, /* Philips (or NXP) PTA01 */ 165 166 { USB_DEVICE(0x0cf3, 0x7015), 167 .driver_info = AR9287_USB }, /* Atheros */ 168 { USB_DEVICE(0x1668, 0x1200), 169 .driver_info = AR9287_USB }, /* Verizon */ 170 171 { USB_DEVICE(0x0cf3, 0x7010), 172 .driver_info = AR9280_USB }, /* Atheros */ 173 { USB_DEVICE(0x0846, 0x9018), 174 .driver_info = AR9280_USB }, /* Netgear WNDA3200 */ 175 { USB_DEVICE(0x083A, 0xA704), 176 .driver_info = AR9280_USB }, /* SMC Networks */ 177 { USB_DEVICE(0x0411, 0x017f), 178 .driver_info = AR9280_USB }, /* Sony UWA-BR100 */ 179 { USB_DEVICE(0x0411, 0x0197), 180 .driver_info = AR9280_USB }, /* Buffalo WLI-UV-AG300P */ 181 { USB_DEVICE(0x04da, 0x3904), 182 .driver_info = AR9280_USB }, 183 184 { USB_DEVICE(0x0cf3, 0x20ff), 185 .driver_info = STORAGE_DEVICE }, 186 187 { }, 188 }; 189 190 MODULE_DEVICE_TABLE(usb, ath9k_hif_usb_ids); 191 192 static int __hif_usb_tx(struct hif_device_usb *hif_dev); 193 194 static void hif_usb_regout_cb(struct urb *urb) 195 { 196 struct cmd_buf *cmd = (struct cmd_buf *)urb->context; 197 198 switch (urb->status) { 199 case 0: 200 break; 201 case -ENOENT: 202 case -ECONNRESET: 203 case -ENODEV: 204 case -ESHUTDOWN: 205 goto free; 206 default: 207 break; 208 } 209 210 if (cmd) { 211 ath9k_htc_txcompletion_cb(cmd->hif_dev->htc_handle, 212 cmd->skb, true); 213 kfree(cmd); 214 } 215 216 return; 217 free: 218 kfree_skb(cmd->skb); 219 kfree(cmd); 220 } 221 222 static int hif_usb_send_regout(struct hif_device_usb *hif_dev, 223 struct sk_buff *skb) 224 { 225 struct urb *urb; 226 struct cmd_buf *cmd; 227 int ret = 0; 228 229 urb = usb_alloc_urb(0, GFP_KERNEL); 230 if (urb == NULL) 231 return -ENOMEM; 232 233 cmd = kzalloc(sizeof(*cmd), GFP_KERNEL); 234 if (cmd == NULL) { 235 usb_free_urb(urb); 236 return -ENOMEM; 237 } 238 239 cmd->skb = skb; 240 cmd->hif_dev = hif_dev; 241 242 usb_fill_int_urb(urb, hif_dev->udev, 243 usb_sndintpipe(hif_dev->udev, USB_REG_OUT_PIPE), 244 skb->data, skb->len, 245 hif_usb_regout_cb, cmd, 1); 246 247 usb_anchor_urb(urb, &hif_dev->regout_submitted); 248 ret = usb_submit_urb(urb, GFP_KERNEL); 249 if (ret) { 250 usb_unanchor_urb(urb); 251 kfree(cmd); 252 } 253 usb_free_urb(urb); 254 255 return ret; 256 } 257 258 static void hif_usb_mgmt_cb(struct urb *urb) 259 { 260 struct cmd_buf *cmd = (struct cmd_buf *)urb->context; 261 struct hif_device_usb *hif_dev; 262 bool txok = true; 263 264 if (!cmd || !cmd->skb || !cmd->hif_dev) 265 return; 266 267 hif_dev = cmd->hif_dev; 268 269 switch (urb->status) { 270 case 0: 271 break; 272 case -ENOENT: 273 case -ECONNRESET: 274 case -ENODEV: 275 case -ESHUTDOWN: 276 txok = false; 277 278 /* 279 * If the URBs are being flushed, no need to complete 280 * this packet. 281 */ 282 spin_lock(&hif_dev->tx.tx_lock); 283 if (hif_dev->tx.flags & HIF_USB_TX_FLUSH) { 284 spin_unlock(&hif_dev->tx.tx_lock); 285 dev_kfree_skb_any(cmd->skb); 286 kfree(cmd); 287 return; 288 } 289 spin_unlock(&hif_dev->tx.tx_lock); 290 291 break; 292 default: 293 txok = false; 294 break; 295 } 296 297 skb_pull(cmd->skb, 4); 298 ath9k_htc_txcompletion_cb(cmd->hif_dev->htc_handle, 299 cmd->skb, txok); 300 kfree(cmd); 301 } 302 303 static int hif_usb_send_mgmt(struct hif_device_usb *hif_dev, 304 struct sk_buff *skb) 305 { 306 struct urb *urb; 307 struct cmd_buf *cmd; 308 int ret = 0; 309 __le16 *hdr; 310 311 urb = usb_alloc_urb(0, GFP_ATOMIC); 312 if (urb == NULL) 313 return -ENOMEM; 314 315 cmd = kzalloc(sizeof(*cmd), GFP_ATOMIC); 316 if (cmd == NULL) { 317 usb_free_urb(urb); 318 return -ENOMEM; 319 } 320 321 cmd->skb = skb; 322 cmd->hif_dev = hif_dev; 323 324 hdr = (__le16 *) skb_push(skb, 4); 325 *hdr++ = cpu_to_le16(skb->len - 4); 326 *hdr++ = cpu_to_le16(ATH_USB_TX_STREAM_MODE_TAG); 327 328 usb_fill_bulk_urb(urb, hif_dev->udev, 329 usb_sndbulkpipe(hif_dev->udev, USB_WLAN_TX_PIPE), 330 skb->data, skb->len, 331 hif_usb_mgmt_cb, cmd); 332 333 usb_anchor_urb(urb, &hif_dev->mgmt_submitted); 334 ret = usb_submit_urb(urb, GFP_ATOMIC); 335 if (ret) { 336 usb_unanchor_urb(urb); 337 kfree(cmd); 338 } 339 usb_free_urb(urb); 340 341 return ret; 342 } 343 344 static inline void ath9k_skb_queue_purge(struct hif_device_usb *hif_dev, 345 struct sk_buff_head *list) 346 { 347 struct sk_buff *skb; 348 349 while ((skb = __skb_dequeue(list)) != NULL) { 350 dev_kfree_skb_any(skb); 351 } 352 } 353 354 static inline void ath9k_skb_queue_complete(struct hif_device_usb *hif_dev, 355 struct sk_buff_head *queue, 356 bool txok) 357 { 358 struct sk_buff *skb; 359 360 while ((skb = __skb_dequeue(queue)) != NULL) { 361 #ifdef CONFIG_ATH9K_HTC_DEBUGFS 362 int ln = skb->len; 363 #endif 364 ath9k_htc_txcompletion_cb(hif_dev->htc_handle, 365 skb, txok); 366 if (txok) { 367 TX_STAT_INC(skb_success); 368 TX_STAT_ADD(skb_success_bytes, ln); 369 } 370 else 371 TX_STAT_INC(skb_failed); 372 } 373 } 374 375 static void hif_usb_tx_cb(struct urb *urb) 376 { 377 struct tx_buf *tx_buf = (struct tx_buf *) urb->context; 378 struct hif_device_usb *hif_dev; 379 bool txok = true; 380 381 if (!tx_buf || !tx_buf->hif_dev) 382 return; 383 384 hif_dev = tx_buf->hif_dev; 385 386 switch (urb->status) { 387 case 0: 388 break; 389 case -ENOENT: 390 case -ECONNRESET: 391 case -ENODEV: 392 case -ESHUTDOWN: 393 txok = false; 394 395 /* 396 * If the URBs are being flushed, no need to add this 397 * URB to the free list. 398 */ 399 spin_lock(&hif_dev->tx.tx_lock); 400 if (hif_dev->tx.flags & HIF_USB_TX_FLUSH) { 401 spin_unlock(&hif_dev->tx.tx_lock); 402 ath9k_skb_queue_purge(hif_dev, &tx_buf->skb_queue); 403 return; 404 } 405 spin_unlock(&hif_dev->tx.tx_lock); 406 407 break; 408 default: 409 txok = false; 410 break; 411 } 412 413 ath9k_skb_queue_complete(hif_dev, &tx_buf->skb_queue, txok); 414 415 /* Re-initialize the SKB queue */ 416 tx_buf->len = tx_buf->offset = 0; 417 __skb_queue_head_init(&tx_buf->skb_queue); 418 419 /* Add this TX buffer to the free list */ 420 spin_lock(&hif_dev->tx.tx_lock); 421 list_move_tail(&tx_buf->list, &hif_dev->tx.tx_buf); 422 hif_dev->tx.tx_buf_cnt++; 423 if (!(hif_dev->tx.flags & HIF_USB_TX_STOP)) 424 __hif_usb_tx(hif_dev); /* Check for pending SKBs */ 425 TX_STAT_INC(buf_completed); 426 spin_unlock(&hif_dev->tx.tx_lock); 427 } 428 429 /* TX lock has to be taken */ 430 static int __hif_usb_tx(struct hif_device_usb *hif_dev) 431 { 432 struct tx_buf *tx_buf = NULL; 433 struct sk_buff *nskb = NULL; 434 int ret = 0, i; 435 u16 tx_skb_cnt = 0; 436 u8 *buf; 437 __le16 *hdr; 438 439 if (hif_dev->tx.tx_skb_cnt == 0) 440 return 0; 441 442 /* Check if a free TX buffer is available */ 443 if (list_empty(&hif_dev->tx.tx_buf)) 444 return 0; 445 446 tx_buf = list_first_entry(&hif_dev->tx.tx_buf, struct tx_buf, list); 447 list_move_tail(&tx_buf->list, &hif_dev->tx.tx_pending); 448 hif_dev->tx.tx_buf_cnt--; 449 450 tx_skb_cnt = min_t(u16, hif_dev->tx.tx_skb_cnt, MAX_TX_AGGR_NUM); 451 452 for (i = 0; i < tx_skb_cnt; i++) { 453 nskb = __skb_dequeue(&hif_dev->tx.tx_skb_queue); 454 455 /* Should never be NULL */ 456 BUG_ON(!nskb); 457 458 hif_dev->tx.tx_skb_cnt--; 459 460 buf = tx_buf->buf; 461 buf += tx_buf->offset; 462 hdr = (__le16 *)buf; 463 *hdr++ = cpu_to_le16(nskb->len); 464 *hdr++ = cpu_to_le16(ATH_USB_TX_STREAM_MODE_TAG); 465 buf += 4; 466 memcpy(buf, nskb->data, nskb->len); 467 tx_buf->len = nskb->len + 4; 468 469 if (i < (tx_skb_cnt - 1)) 470 tx_buf->offset += (((tx_buf->len - 1) / 4) + 1) * 4; 471 472 if (i == (tx_skb_cnt - 1)) 473 tx_buf->len += tx_buf->offset; 474 475 __skb_queue_tail(&tx_buf->skb_queue, nskb); 476 TX_STAT_INC(skb_queued); 477 } 478 479 usb_fill_bulk_urb(tx_buf->urb, hif_dev->udev, 480 usb_sndbulkpipe(hif_dev->udev, USB_WLAN_TX_PIPE), 481 tx_buf->buf, tx_buf->len, 482 hif_usb_tx_cb, tx_buf); 483 484 ret = usb_submit_urb(tx_buf->urb, GFP_ATOMIC); 485 if (ret) { 486 tx_buf->len = tx_buf->offset = 0; 487 ath9k_skb_queue_complete(hif_dev, &tx_buf->skb_queue, false); 488 __skb_queue_head_init(&tx_buf->skb_queue); 489 list_move_tail(&tx_buf->list, &hif_dev->tx.tx_buf); 490 hif_dev->tx.tx_buf_cnt++; 491 } 492 493 if (!ret) 494 TX_STAT_INC(buf_queued); 495 496 return ret; 497 } 498 499 static int hif_usb_send_tx(struct hif_device_usb *hif_dev, struct sk_buff *skb) 500 { 501 struct ath9k_htc_tx_ctl *tx_ctl; 502 unsigned long flags; 503 int ret = 0; 504 505 spin_lock_irqsave(&hif_dev->tx.tx_lock, flags); 506 507 if (hif_dev->tx.flags & HIF_USB_TX_STOP) { 508 spin_unlock_irqrestore(&hif_dev->tx.tx_lock, flags); 509 return -ENODEV; 510 } 511 512 /* Check if the max queue count has been reached */ 513 if (hif_dev->tx.tx_skb_cnt > MAX_TX_BUF_NUM) { 514 spin_unlock_irqrestore(&hif_dev->tx.tx_lock, flags); 515 return -ENOMEM; 516 } 517 518 spin_unlock_irqrestore(&hif_dev->tx.tx_lock, flags); 519 520 tx_ctl = HTC_SKB_CB(skb); 521 522 /* Mgmt/Beacon frames don't use the TX buffer pool */ 523 if ((tx_ctl->type == ATH9K_HTC_MGMT) || 524 (tx_ctl->type == ATH9K_HTC_BEACON)) { 525 ret = hif_usb_send_mgmt(hif_dev, skb); 526 } 527 528 spin_lock_irqsave(&hif_dev->tx.tx_lock, flags); 529 530 if ((tx_ctl->type == ATH9K_HTC_NORMAL) || 531 (tx_ctl->type == ATH9K_HTC_AMPDU)) { 532 __skb_queue_tail(&hif_dev->tx.tx_skb_queue, skb); 533 hif_dev->tx.tx_skb_cnt++; 534 } 535 536 /* Check if AMPDUs have to be sent immediately */ 537 if ((hif_dev->tx.tx_buf_cnt == MAX_TX_URB_NUM) && 538 (hif_dev->tx.tx_skb_cnt < 2)) { 539 __hif_usb_tx(hif_dev); 540 } 541 542 spin_unlock_irqrestore(&hif_dev->tx.tx_lock, flags); 543 544 return ret; 545 } 546 547 static void hif_usb_start(void *hif_handle) 548 { 549 struct hif_device_usb *hif_dev = (struct hif_device_usb *)hif_handle; 550 unsigned long flags; 551 552 hif_dev->flags |= HIF_USB_START; 553 554 spin_lock_irqsave(&hif_dev->tx.tx_lock, flags); 555 hif_dev->tx.flags &= ~HIF_USB_TX_STOP; 556 spin_unlock_irqrestore(&hif_dev->tx.tx_lock, flags); 557 } 558 559 static void hif_usb_stop(void *hif_handle) 560 { 561 struct hif_device_usb *hif_dev = (struct hif_device_usb *)hif_handle; 562 struct tx_buf *tx_buf = NULL, *tx_buf_tmp = NULL; 563 unsigned long flags; 564 565 spin_lock_irqsave(&hif_dev->tx.tx_lock, flags); 566 ath9k_skb_queue_complete(hif_dev, &hif_dev->tx.tx_skb_queue, false); 567 hif_dev->tx.tx_skb_cnt = 0; 568 hif_dev->tx.flags |= HIF_USB_TX_STOP; 569 spin_unlock_irqrestore(&hif_dev->tx.tx_lock, flags); 570 571 /* The pending URBs have to be canceled. */ 572 list_for_each_entry_safe(tx_buf, tx_buf_tmp, 573 &hif_dev->tx.tx_pending, list) { 574 usb_kill_urb(tx_buf->urb); 575 } 576 577 usb_kill_anchored_urbs(&hif_dev->mgmt_submitted); 578 } 579 580 static int hif_usb_send(void *hif_handle, u8 pipe_id, struct sk_buff *skb) 581 { 582 struct hif_device_usb *hif_dev = (struct hif_device_usb *)hif_handle; 583 int ret = 0; 584 585 switch (pipe_id) { 586 case USB_WLAN_TX_PIPE: 587 ret = hif_usb_send_tx(hif_dev, skb); 588 break; 589 case USB_REG_OUT_PIPE: 590 ret = hif_usb_send_regout(hif_dev, skb); 591 break; 592 default: 593 dev_err(&hif_dev->udev->dev, 594 "ath9k_htc: Invalid TX pipe: %d\n", pipe_id); 595 ret = -EINVAL; 596 break; 597 } 598 599 return ret; 600 } 601 602 static inline bool check_index(struct sk_buff *skb, u8 idx) 603 { 604 struct ath9k_htc_tx_ctl *tx_ctl; 605 606 tx_ctl = HTC_SKB_CB(skb); 607 608 if ((tx_ctl->type == ATH9K_HTC_AMPDU) && 609 (tx_ctl->sta_idx == idx)) 610 return true; 611 612 return false; 613 } 614 615 static void hif_usb_sta_drain(void *hif_handle, u8 idx) 616 { 617 struct hif_device_usb *hif_dev = (struct hif_device_usb *)hif_handle; 618 struct sk_buff *skb, *tmp; 619 unsigned long flags; 620 621 spin_lock_irqsave(&hif_dev->tx.tx_lock, flags); 622 623 skb_queue_walk_safe(&hif_dev->tx.tx_skb_queue, skb, tmp) { 624 if (check_index(skb, idx)) { 625 __skb_unlink(skb, &hif_dev->tx.tx_skb_queue); 626 ath9k_htc_txcompletion_cb(hif_dev->htc_handle, 627 skb, false); 628 hif_dev->tx.tx_skb_cnt--; 629 TX_STAT_INC(skb_failed); 630 } 631 } 632 633 spin_unlock_irqrestore(&hif_dev->tx.tx_lock, flags); 634 } 635 636 static struct ath9k_htc_hif hif_usb = { 637 .transport = ATH9K_HIF_USB, 638 .name = "ath9k_hif_usb", 639 640 .control_ul_pipe = USB_REG_OUT_PIPE, 641 .control_dl_pipe = USB_REG_IN_PIPE, 642 643 .start = hif_usb_start, 644 .stop = hif_usb_stop, 645 .sta_drain = hif_usb_sta_drain, 646 .send = hif_usb_send, 647 }; 648 649 static void ath9k_hif_usb_rx_stream(struct hif_device_usb *hif_dev, 650 struct sk_buff *skb) 651 { 652 struct sk_buff *nskb, *skb_pool[MAX_PKT_NUM_IN_TRANSFER]; 653 int index = 0, i = 0, len = skb->len; 654 int rx_remain_len, rx_pkt_len; 655 u16 pool_index = 0; 656 u8 *ptr; 657 658 spin_lock(&hif_dev->rx_lock); 659 660 rx_remain_len = hif_dev->rx_remain_len; 661 rx_pkt_len = hif_dev->rx_transfer_len; 662 663 if (rx_remain_len != 0) { 664 struct sk_buff *remain_skb = hif_dev->remain_skb; 665 666 if (remain_skb) { 667 ptr = (u8 *) remain_skb->data; 668 669 index = rx_remain_len; 670 rx_remain_len -= hif_dev->rx_pad_len; 671 ptr += rx_pkt_len; 672 673 memcpy(ptr, skb->data, rx_remain_len); 674 675 rx_pkt_len += rx_remain_len; 676 hif_dev->rx_remain_len = 0; 677 skb_put(remain_skb, rx_pkt_len); 678 679 skb_pool[pool_index++] = remain_skb; 680 681 } else { 682 index = rx_remain_len; 683 } 684 } 685 686 spin_unlock(&hif_dev->rx_lock); 687 688 while (index < len) { 689 u16 pkt_len; 690 u16 pkt_tag; 691 u16 pad_len; 692 int chk_idx; 693 694 ptr = (u8 *) skb->data; 695 696 pkt_len = get_unaligned_le16(ptr + index); 697 pkt_tag = get_unaligned_le16(ptr + index + 2); 698 699 if (pkt_tag != ATH_USB_RX_STREAM_MODE_TAG) { 700 RX_STAT_INC(skb_dropped); 701 return; 702 } 703 704 pad_len = 4 - (pkt_len & 0x3); 705 if (pad_len == 4) 706 pad_len = 0; 707 708 chk_idx = index; 709 index = index + 4 + pkt_len + pad_len; 710 711 if (index > MAX_RX_BUF_SIZE) { 712 spin_lock(&hif_dev->rx_lock); 713 hif_dev->rx_remain_len = index - MAX_RX_BUF_SIZE; 714 hif_dev->rx_transfer_len = 715 MAX_RX_BUF_SIZE - chk_idx - 4; 716 hif_dev->rx_pad_len = pad_len; 717 718 nskb = __dev_alloc_skb(pkt_len + 32, GFP_ATOMIC); 719 if (!nskb) { 720 dev_err(&hif_dev->udev->dev, 721 "ath9k_htc: RX memory allocation error\n"); 722 spin_unlock(&hif_dev->rx_lock); 723 goto err; 724 } 725 skb_reserve(nskb, 32); 726 RX_STAT_INC(skb_allocated); 727 728 memcpy(nskb->data, &(skb->data[chk_idx+4]), 729 hif_dev->rx_transfer_len); 730 731 /* Record the buffer pointer */ 732 hif_dev->remain_skb = nskb; 733 spin_unlock(&hif_dev->rx_lock); 734 } else { 735 nskb = __dev_alloc_skb(pkt_len + 32, GFP_ATOMIC); 736 if (!nskb) { 737 dev_err(&hif_dev->udev->dev, 738 "ath9k_htc: RX memory allocation error\n"); 739 goto err; 740 } 741 skb_reserve(nskb, 32); 742 RX_STAT_INC(skb_allocated); 743 744 memcpy(nskb->data, &(skb->data[chk_idx+4]), pkt_len); 745 skb_put(nskb, pkt_len); 746 skb_pool[pool_index++] = nskb; 747 } 748 } 749 750 err: 751 for (i = 0; i < pool_index; i++) { 752 RX_STAT_ADD(skb_completed_bytes, skb_pool[i]->len); 753 ath9k_htc_rx_msg(hif_dev->htc_handle, skb_pool[i], 754 skb_pool[i]->len, USB_WLAN_RX_PIPE); 755 RX_STAT_INC(skb_completed); 756 } 757 } 758 759 static void ath9k_hif_usb_rx_cb(struct urb *urb) 760 { 761 struct sk_buff *skb = (struct sk_buff *) urb->context; 762 struct hif_device_usb *hif_dev = 763 usb_get_intfdata(usb_ifnum_to_if(urb->dev, 0)); 764 int ret; 765 766 if (!skb) 767 return; 768 769 if (!hif_dev) 770 goto free; 771 772 switch (urb->status) { 773 case 0: 774 break; 775 case -ENOENT: 776 case -ECONNRESET: 777 case -ENODEV: 778 case -ESHUTDOWN: 779 goto free; 780 default: 781 goto resubmit; 782 } 783 784 if (likely(urb->actual_length != 0)) { 785 skb_put(skb, urb->actual_length); 786 ath9k_hif_usb_rx_stream(hif_dev, skb); 787 } 788 789 resubmit: 790 skb_reset_tail_pointer(skb); 791 skb_trim(skb, 0); 792 793 usb_anchor_urb(urb, &hif_dev->rx_submitted); 794 ret = usb_submit_urb(urb, GFP_ATOMIC); 795 if (ret) { 796 usb_unanchor_urb(urb); 797 goto free; 798 } 799 800 return; 801 free: 802 kfree_skb(skb); 803 } 804 805 static void ath9k_hif_usb_reg_in_cb(struct urb *urb) 806 { 807 struct sk_buff *skb = (struct sk_buff *) urb->context; 808 struct sk_buff *nskb; 809 struct hif_device_usb *hif_dev = 810 usb_get_intfdata(usb_ifnum_to_if(urb->dev, 0)); 811 int ret; 812 813 if (!skb) 814 return; 815 816 if (!hif_dev) 817 goto free; 818 819 switch (urb->status) { 820 case 0: 821 break; 822 case -ENOENT: 823 case -ECONNRESET: 824 case -ENODEV: 825 case -ESHUTDOWN: 826 goto free; 827 default: 828 skb_reset_tail_pointer(skb); 829 skb_trim(skb, 0); 830 831 goto resubmit; 832 } 833 834 if (likely(urb->actual_length != 0)) { 835 skb_put(skb, urb->actual_length); 836 837 /* Process the command first */ 838 ath9k_htc_rx_msg(hif_dev->htc_handle, skb, 839 skb->len, USB_REG_IN_PIPE); 840 841 842 nskb = alloc_skb(MAX_REG_IN_BUF_SIZE, GFP_ATOMIC); 843 if (!nskb) { 844 dev_err(&hif_dev->udev->dev, 845 "ath9k_htc: REG_IN memory allocation failure\n"); 846 urb->context = NULL; 847 return; 848 } 849 850 usb_fill_int_urb(urb, hif_dev->udev, 851 usb_rcvintpipe(hif_dev->udev, 852 USB_REG_IN_PIPE), 853 nskb->data, MAX_REG_IN_BUF_SIZE, 854 ath9k_hif_usb_reg_in_cb, nskb, 1); 855 } 856 857 resubmit: 858 usb_anchor_urb(urb, &hif_dev->reg_in_submitted); 859 ret = usb_submit_urb(urb, GFP_ATOMIC); 860 if (ret) { 861 usb_unanchor_urb(urb); 862 goto free; 863 } 864 865 return; 866 free: 867 kfree_skb(skb); 868 urb->context = NULL; 869 } 870 871 static void ath9k_hif_usb_dealloc_tx_urbs(struct hif_device_usb *hif_dev) 872 { 873 struct tx_buf *tx_buf = NULL, *tx_buf_tmp = NULL; 874 unsigned long flags; 875 876 list_for_each_entry_safe(tx_buf, tx_buf_tmp, 877 &hif_dev->tx.tx_buf, list) { 878 usb_kill_urb(tx_buf->urb); 879 list_del(&tx_buf->list); 880 usb_free_urb(tx_buf->urb); 881 kfree(tx_buf->buf); 882 kfree(tx_buf); 883 } 884 885 spin_lock_irqsave(&hif_dev->tx.tx_lock, flags); 886 hif_dev->tx.flags |= HIF_USB_TX_FLUSH; 887 spin_unlock_irqrestore(&hif_dev->tx.tx_lock, flags); 888 889 list_for_each_entry_safe(tx_buf, tx_buf_tmp, 890 &hif_dev->tx.tx_pending, list) { 891 usb_kill_urb(tx_buf->urb); 892 list_del(&tx_buf->list); 893 usb_free_urb(tx_buf->urb); 894 kfree(tx_buf->buf); 895 kfree(tx_buf); 896 } 897 898 usb_kill_anchored_urbs(&hif_dev->mgmt_submitted); 899 } 900 901 static int ath9k_hif_usb_alloc_tx_urbs(struct hif_device_usb *hif_dev) 902 { 903 struct tx_buf *tx_buf; 904 int i; 905 906 INIT_LIST_HEAD(&hif_dev->tx.tx_buf); 907 INIT_LIST_HEAD(&hif_dev->tx.tx_pending); 908 spin_lock_init(&hif_dev->tx.tx_lock); 909 __skb_queue_head_init(&hif_dev->tx.tx_skb_queue); 910 init_usb_anchor(&hif_dev->mgmt_submitted); 911 912 for (i = 0; i < MAX_TX_URB_NUM; i++) { 913 tx_buf = kzalloc(sizeof(struct tx_buf), GFP_KERNEL); 914 if (!tx_buf) 915 goto err; 916 917 tx_buf->buf = kzalloc(MAX_TX_BUF_SIZE, GFP_KERNEL); 918 if (!tx_buf->buf) 919 goto err; 920 921 tx_buf->urb = usb_alloc_urb(0, GFP_KERNEL); 922 if (!tx_buf->urb) 923 goto err; 924 925 tx_buf->hif_dev = hif_dev; 926 __skb_queue_head_init(&tx_buf->skb_queue); 927 928 list_add_tail(&tx_buf->list, &hif_dev->tx.tx_buf); 929 } 930 931 hif_dev->tx.tx_buf_cnt = MAX_TX_URB_NUM; 932 933 return 0; 934 err: 935 if (tx_buf) { 936 kfree(tx_buf->buf); 937 kfree(tx_buf); 938 } 939 ath9k_hif_usb_dealloc_tx_urbs(hif_dev); 940 return -ENOMEM; 941 } 942 943 static void ath9k_hif_usb_dealloc_rx_urbs(struct hif_device_usb *hif_dev) 944 { 945 usb_kill_anchored_urbs(&hif_dev->rx_submitted); 946 } 947 948 static int ath9k_hif_usb_alloc_rx_urbs(struct hif_device_usb *hif_dev) 949 { 950 struct urb *urb = NULL; 951 struct sk_buff *skb = NULL; 952 int i, ret; 953 954 init_usb_anchor(&hif_dev->rx_submitted); 955 spin_lock_init(&hif_dev->rx_lock); 956 957 for (i = 0; i < MAX_RX_URB_NUM; i++) { 958 959 /* Allocate URB */ 960 urb = usb_alloc_urb(0, GFP_KERNEL); 961 if (urb == NULL) { 962 ret = -ENOMEM; 963 goto err_urb; 964 } 965 966 /* Allocate buffer */ 967 skb = alloc_skb(MAX_RX_BUF_SIZE, GFP_KERNEL); 968 if (!skb) { 969 ret = -ENOMEM; 970 goto err_skb; 971 } 972 973 usb_fill_bulk_urb(urb, hif_dev->udev, 974 usb_rcvbulkpipe(hif_dev->udev, 975 USB_WLAN_RX_PIPE), 976 skb->data, MAX_RX_BUF_SIZE, 977 ath9k_hif_usb_rx_cb, skb); 978 979 /* Anchor URB */ 980 usb_anchor_urb(urb, &hif_dev->rx_submitted); 981 982 /* Submit URB */ 983 ret = usb_submit_urb(urb, GFP_KERNEL); 984 if (ret) { 985 usb_unanchor_urb(urb); 986 goto err_submit; 987 } 988 989 /* 990 * Drop reference count. 991 * This ensures that the URB is freed when killing them. 992 */ 993 usb_free_urb(urb); 994 } 995 996 return 0; 997 998 err_submit: 999 kfree_skb(skb); 1000 err_skb: 1001 usb_free_urb(urb); 1002 err_urb: 1003 ath9k_hif_usb_dealloc_rx_urbs(hif_dev); 1004 return ret; 1005 } 1006 1007 static void ath9k_hif_usb_dealloc_reg_in_urbs(struct hif_device_usb *hif_dev) 1008 { 1009 usb_kill_anchored_urbs(&hif_dev->reg_in_submitted); 1010 } 1011 1012 static int ath9k_hif_usb_alloc_reg_in_urbs(struct hif_device_usb *hif_dev) 1013 { 1014 struct urb *urb = NULL; 1015 struct sk_buff *skb = NULL; 1016 int i, ret; 1017 1018 init_usb_anchor(&hif_dev->reg_in_submitted); 1019 1020 for (i = 0; i < MAX_REG_IN_URB_NUM; i++) { 1021 1022 /* Allocate URB */ 1023 urb = usb_alloc_urb(0, GFP_KERNEL); 1024 if (urb == NULL) { 1025 ret = -ENOMEM; 1026 goto err_urb; 1027 } 1028 1029 /* Allocate buffer */ 1030 skb = alloc_skb(MAX_REG_IN_BUF_SIZE, GFP_KERNEL); 1031 if (!skb) { 1032 ret = -ENOMEM; 1033 goto err_skb; 1034 } 1035 1036 usb_fill_int_urb(urb, hif_dev->udev, 1037 usb_rcvintpipe(hif_dev->udev, 1038 USB_REG_IN_PIPE), 1039 skb->data, MAX_REG_IN_BUF_SIZE, 1040 ath9k_hif_usb_reg_in_cb, skb, 1); 1041 1042 /* Anchor URB */ 1043 usb_anchor_urb(urb, &hif_dev->reg_in_submitted); 1044 1045 /* Submit URB */ 1046 ret = usb_submit_urb(urb, GFP_KERNEL); 1047 if (ret) { 1048 usb_unanchor_urb(urb); 1049 goto err_submit; 1050 } 1051 1052 /* 1053 * Drop reference count. 1054 * This ensures that the URB is freed when killing them. 1055 */ 1056 usb_free_urb(urb); 1057 } 1058 1059 return 0; 1060 1061 err_submit: 1062 kfree_skb(skb); 1063 err_skb: 1064 usb_free_urb(urb); 1065 err_urb: 1066 ath9k_hif_usb_dealloc_reg_in_urbs(hif_dev); 1067 return ret; 1068 } 1069 1070 static int ath9k_hif_usb_alloc_urbs(struct hif_device_usb *hif_dev) 1071 { 1072 /* Register Write */ 1073 init_usb_anchor(&hif_dev->regout_submitted); 1074 1075 /* TX */ 1076 if (ath9k_hif_usb_alloc_tx_urbs(hif_dev) < 0) 1077 goto err; 1078 1079 /* RX */ 1080 if (ath9k_hif_usb_alloc_rx_urbs(hif_dev) < 0) 1081 goto err_rx; 1082 1083 /* Register Read */ 1084 if (ath9k_hif_usb_alloc_reg_in_urbs(hif_dev) < 0) 1085 goto err_reg; 1086 1087 return 0; 1088 err_reg: 1089 ath9k_hif_usb_dealloc_rx_urbs(hif_dev); 1090 err_rx: 1091 ath9k_hif_usb_dealloc_tx_urbs(hif_dev); 1092 err: 1093 return -ENOMEM; 1094 } 1095 1096 static void ath9k_hif_usb_dealloc_urbs(struct hif_device_usb *hif_dev) 1097 { 1098 usb_kill_anchored_urbs(&hif_dev->regout_submitted); 1099 ath9k_hif_usb_dealloc_reg_in_urbs(hif_dev); 1100 ath9k_hif_usb_dealloc_tx_urbs(hif_dev); 1101 ath9k_hif_usb_dealloc_rx_urbs(hif_dev); 1102 } 1103 1104 static int ath9k_hif_usb_download_fw(struct hif_device_usb *hif_dev) 1105 { 1106 int transfer, err; 1107 const void *data = hif_dev->fw_data; 1108 size_t len = hif_dev->fw_size; 1109 u32 addr = AR9271_FIRMWARE; 1110 u8 *buf = kzalloc(4096, GFP_KERNEL); 1111 u32 firm_offset; 1112 1113 if (!buf) 1114 return -ENOMEM; 1115 1116 while (len) { 1117 transfer = min_t(size_t, len, 4096); 1118 memcpy(buf, data, transfer); 1119 1120 err = usb_control_msg(hif_dev->udev, 1121 usb_sndctrlpipe(hif_dev->udev, 0), 1122 FIRMWARE_DOWNLOAD, 0x40 | USB_DIR_OUT, 1123 addr >> 8, 0, buf, transfer, HZ); 1124 if (err < 0) { 1125 kfree(buf); 1126 return err; 1127 } 1128 1129 len -= transfer; 1130 data += transfer; 1131 addr += transfer; 1132 } 1133 kfree(buf); 1134 1135 if (IS_AR7010_DEVICE(hif_dev->usb_device_id->driver_info)) 1136 firm_offset = AR7010_FIRMWARE_TEXT; 1137 else 1138 firm_offset = AR9271_FIRMWARE_TEXT; 1139 1140 /* 1141 * Issue FW download complete command to firmware. 1142 */ 1143 err = usb_control_msg(hif_dev->udev, usb_sndctrlpipe(hif_dev->udev, 0), 1144 FIRMWARE_DOWNLOAD_COMP, 1145 0x40 | USB_DIR_OUT, 1146 firm_offset >> 8, 0, NULL, 0, HZ); 1147 if (err) 1148 return -EIO; 1149 1150 dev_info(&hif_dev->udev->dev, "ath9k_htc: Transferred FW: %s, size: %ld\n", 1151 hif_dev->fw_name, (unsigned long) hif_dev->fw_size); 1152 1153 return 0; 1154 } 1155 1156 static int ath9k_hif_usb_dev_init(struct hif_device_usb *hif_dev) 1157 { 1158 int ret; 1159 1160 ret = ath9k_hif_usb_download_fw(hif_dev); 1161 if (ret) { 1162 dev_err(&hif_dev->udev->dev, 1163 "ath9k_htc: Firmware - %s download failed\n", 1164 hif_dev->fw_name); 1165 return ret; 1166 } 1167 1168 /* Alloc URBs */ 1169 ret = ath9k_hif_usb_alloc_urbs(hif_dev); 1170 if (ret) { 1171 dev_err(&hif_dev->udev->dev, 1172 "ath9k_htc: Unable to allocate URBs\n"); 1173 return ret; 1174 } 1175 1176 return 0; 1177 } 1178 1179 static void ath9k_hif_usb_dev_deinit(struct hif_device_usb *hif_dev) 1180 { 1181 ath9k_hif_usb_dealloc_urbs(hif_dev); 1182 } 1183 1184 /* 1185 * If initialization fails or the FW cannot be retrieved, 1186 * detach the device. 1187 */ 1188 static void ath9k_hif_usb_firmware_fail(struct hif_device_usb *hif_dev) 1189 { 1190 struct device *dev = &hif_dev->udev->dev; 1191 struct device *parent = dev->parent; 1192 1193 complete_all(&hif_dev->fw_done); 1194 1195 if (parent) 1196 device_lock(parent); 1197 1198 device_release_driver(dev); 1199 1200 if (parent) 1201 device_unlock(parent); 1202 } 1203 1204 static void ath9k_hif_usb_firmware_cb(const struct firmware *fw, void *context); 1205 1206 /* taken from iwlwifi */ 1207 static int ath9k_hif_request_firmware(struct hif_device_usb *hif_dev, 1208 bool first) 1209 { 1210 char index[8], *chip; 1211 int ret; 1212 1213 if (first) { 1214 if (htc_use_dev_fw) { 1215 hif_dev->fw_minor_index = FIRMWARE_MINOR_IDX_MAX + 1; 1216 sprintf(index, "%s", "dev"); 1217 } else { 1218 hif_dev->fw_minor_index = FIRMWARE_MINOR_IDX_MAX; 1219 sprintf(index, "%d", hif_dev->fw_minor_index); 1220 } 1221 } else { 1222 hif_dev->fw_minor_index--; 1223 sprintf(index, "%d", hif_dev->fw_minor_index); 1224 } 1225 1226 /* test for FW 1.3 */ 1227 if (MAJOR_VERSION_REQ == 1 && hif_dev->fw_minor_index == 3) { 1228 const char *filename; 1229 1230 if (IS_AR7010_DEVICE(hif_dev->usb_device_id->driver_info)) 1231 filename = FIRMWARE_AR7010_1_1; 1232 else 1233 filename = FIRMWARE_AR9271; 1234 1235 /* expected fw locations: 1236 * - htc_9271.fw (stable version 1.3, depricated) 1237 */ 1238 snprintf(hif_dev->fw_name, sizeof(hif_dev->fw_name), 1239 "%s", filename); 1240 1241 } else if (hif_dev->fw_minor_index < FIRMWARE_MINOR_IDX_MIN) { 1242 dev_err(&hif_dev->udev->dev, "no suitable firmware found!\n"); 1243 1244 return -ENOENT; 1245 } else { 1246 if (IS_AR7010_DEVICE(hif_dev->usb_device_id->driver_info)) 1247 chip = "7010"; 1248 else 1249 chip = "9271"; 1250 1251 /* expected fw locations: 1252 * - ath9k_htc/htc_9271-1.dev.0.fw (development version) 1253 * - ath9k_htc/htc_9271-1.4.0.fw (stable version) 1254 */ 1255 snprintf(hif_dev->fw_name, sizeof(hif_dev->fw_name), 1256 "%s/htc_%s-%d.%s.0.fw", HTC_FW_PATH, 1257 chip, MAJOR_VERSION_REQ, index); 1258 } 1259 1260 ret = request_firmware_nowait(THIS_MODULE, true, hif_dev->fw_name, 1261 &hif_dev->udev->dev, GFP_KERNEL, 1262 hif_dev, ath9k_hif_usb_firmware_cb); 1263 if (ret) { 1264 dev_err(&hif_dev->udev->dev, 1265 "ath9k_htc: Async request for firmware %s failed\n", 1266 hif_dev->fw_name); 1267 return ret; 1268 } 1269 1270 dev_info(&hif_dev->udev->dev, "ath9k_htc: Firmware %s requested\n", 1271 hif_dev->fw_name); 1272 1273 return ret; 1274 } 1275 1276 static void ath9k_hif_usb_firmware_cb(const struct firmware *fw, void *context) 1277 { 1278 struct hif_device_usb *hif_dev = context; 1279 int ret; 1280 1281 if (!fw) { 1282 ret = ath9k_hif_request_firmware(hif_dev, false); 1283 if (!ret) 1284 return; 1285 1286 dev_err(&hif_dev->udev->dev, 1287 "ath9k_htc: Failed to get firmware %s\n", 1288 hif_dev->fw_name); 1289 goto err_fw; 1290 } 1291 1292 hif_dev->htc_handle = ath9k_htc_hw_alloc(hif_dev, &hif_usb, 1293 &hif_dev->udev->dev); 1294 if (hif_dev->htc_handle == NULL) 1295 goto err_dev_alloc; 1296 1297 hif_dev->fw_data = fw->data; 1298 hif_dev->fw_size = fw->size; 1299 1300 /* Proceed with initialization */ 1301 1302 ret = ath9k_hif_usb_dev_init(hif_dev); 1303 if (ret) 1304 goto err_dev_init; 1305 1306 ret = ath9k_htc_hw_init(hif_dev->htc_handle, 1307 &hif_dev->interface->dev, 1308 hif_dev->usb_device_id->idProduct, 1309 hif_dev->udev->product, 1310 hif_dev->usb_device_id->driver_info); 1311 if (ret) { 1312 ret = -EINVAL; 1313 goto err_htc_hw_init; 1314 } 1315 1316 release_firmware(fw); 1317 hif_dev->flags |= HIF_USB_READY; 1318 complete_all(&hif_dev->fw_done); 1319 1320 return; 1321 1322 err_htc_hw_init: 1323 ath9k_hif_usb_dev_deinit(hif_dev); 1324 err_dev_init: 1325 ath9k_htc_hw_free(hif_dev->htc_handle); 1326 err_dev_alloc: 1327 release_firmware(fw); 1328 err_fw: 1329 ath9k_hif_usb_firmware_fail(hif_dev); 1330 } 1331 1332 /* 1333 * An exact copy of the function from zd1211rw. 1334 */ 1335 static int send_eject_command(struct usb_interface *interface) 1336 { 1337 struct usb_device *udev = interface_to_usbdev(interface); 1338 struct usb_host_interface *iface_desc = &interface->altsetting[0]; 1339 struct usb_endpoint_descriptor *endpoint; 1340 unsigned char *cmd; 1341 u8 bulk_out_ep; 1342 int r; 1343 1344 /* Find bulk out endpoint */ 1345 for (r = 1; r >= 0; r--) { 1346 endpoint = &iface_desc->endpoint[r].desc; 1347 if (usb_endpoint_dir_out(endpoint) && 1348 usb_endpoint_xfer_bulk(endpoint)) { 1349 bulk_out_ep = endpoint->bEndpointAddress; 1350 break; 1351 } 1352 } 1353 if (r == -1) { 1354 dev_err(&udev->dev, 1355 "ath9k_htc: Could not find bulk out endpoint\n"); 1356 return -ENODEV; 1357 } 1358 1359 cmd = kzalloc(31, GFP_KERNEL); 1360 if (cmd == NULL) 1361 return -ENODEV; 1362 1363 /* USB bulk command block */ 1364 cmd[0] = 0x55; /* bulk command signature */ 1365 cmd[1] = 0x53; /* bulk command signature */ 1366 cmd[2] = 0x42; /* bulk command signature */ 1367 cmd[3] = 0x43; /* bulk command signature */ 1368 cmd[14] = 6; /* command length */ 1369 1370 cmd[15] = 0x1b; /* SCSI command: START STOP UNIT */ 1371 cmd[19] = 0x2; /* eject disc */ 1372 1373 dev_info(&udev->dev, "Ejecting storage device...\n"); 1374 r = usb_bulk_msg(udev, usb_sndbulkpipe(udev, bulk_out_ep), 1375 cmd, 31, NULL, 2000); 1376 kfree(cmd); 1377 if (r) 1378 return r; 1379 1380 /* At this point, the device disconnects and reconnects with the real 1381 * ID numbers. */ 1382 1383 usb_set_intfdata(interface, NULL); 1384 return 0; 1385 } 1386 1387 static int ath9k_hif_usb_probe(struct usb_interface *interface, 1388 const struct usb_device_id *id) 1389 { 1390 struct usb_device *udev = interface_to_usbdev(interface); 1391 struct hif_device_usb *hif_dev; 1392 int ret = 0; 1393 1394 if (id->driver_info == STORAGE_DEVICE) 1395 return send_eject_command(interface); 1396 1397 hif_dev = kzalloc(sizeof(struct hif_device_usb), GFP_KERNEL); 1398 if (!hif_dev) { 1399 ret = -ENOMEM; 1400 goto err_alloc; 1401 } 1402 1403 usb_get_dev(udev); 1404 1405 hif_dev->udev = udev; 1406 hif_dev->interface = interface; 1407 hif_dev->usb_device_id = id; 1408 #ifdef CONFIG_PM 1409 udev->reset_resume = 1; 1410 #endif 1411 usb_set_intfdata(interface, hif_dev); 1412 1413 init_completion(&hif_dev->fw_done); 1414 1415 ret = ath9k_hif_request_firmware(hif_dev, true); 1416 if (ret) 1417 goto err_fw_req; 1418 1419 return ret; 1420 1421 err_fw_req: 1422 usb_set_intfdata(interface, NULL); 1423 kfree(hif_dev); 1424 usb_put_dev(udev); 1425 err_alloc: 1426 return ret; 1427 } 1428 1429 static void ath9k_hif_usb_reboot(struct usb_device *udev) 1430 { 1431 u32 reboot_cmd = 0xffffffff; 1432 void *buf; 1433 int ret; 1434 1435 buf = kmemdup(&reboot_cmd, 4, GFP_KERNEL); 1436 if (!buf) 1437 return; 1438 1439 ret = usb_interrupt_msg(udev, usb_sndintpipe(udev, USB_REG_OUT_PIPE), 1440 buf, 4, NULL, HZ); 1441 if (ret) 1442 dev_err(&udev->dev, "ath9k_htc: USB reboot failed\n"); 1443 1444 kfree(buf); 1445 } 1446 1447 static void ath9k_hif_usb_disconnect(struct usb_interface *interface) 1448 { 1449 struct usb_device *udev = interface_to_usbdev(interface); 1450 struct hif_device_usb *hif_dev = usb_get_intfdata(interface); 1451 bool unplugged = (udev->state == USB_STATE_NOTATTACHED) ? true : false; 1452 1453 if (!hif_dev) 1454 return; 1455 1456 wait_for_completion(&hif_dev->fw_done); 1457 1458 if (hif_dev->flags & HIF_USB_READY) { 1459 ath9k_htc_hw_deinit(hif_dev->htc_handle, unplugged); 1460 ath9k_htc_hw_free(hif_dev->htc_handle); 1461 ath9k_hif_usb_dev_deinit(hif_dev); 1462 } 1463 1464 usb_set_intfdata(interface, NULL); 1465 1466 /* If firmware was loaded we should drop it 1467 * go back to first stage bootloader. */ 1468 if (!unplugged && (hif_dev->flags & HIF_USB_READY)) 1469 ath9k_hif_usb_reboot(udev); 1470 1471 kfree(hif_dev); 1472 dev_info(&udev->dev, "ath9k_htc: USB layer deinitialized\n"); 1473 usb_put_dev(udev); 1474 } 1475 1476 #ifdef CONFIG_PM 1477 static int ath9k_hif_usb_suspend(struct usb_interface *interface, 1478 pm_message_t message) 1479 { 1480 struct hif_device_usb *hif_dev = usb_get_intfdata(interface); 1481 1482 /* 1483 * The device has to be set to FULLSLEEP mode in case no 1484 * interface is up. 1485 */ 1486 if (!(hif_dev->flags & HIF_USB_START)) 1487 ath9k_htc_suspend(hif_dev->htc_handle); 1488 1489 wait_for_completion(&hif_dev->fw_done); 1490 1491 if (hif_dev->flags & HIF_USB_READY) 1492 ath9k_hif_usb_dealloc_urbs(hif_dev); 1493 1494 return 0; 1495 } 1496 1497 static int ath9k_hif_usb_resume(struct usb_interface *interface) 1498 { 1499 struct hif_device_usb *hif_dev = usb_get_intfdata(interface); 1500 struct htc_target *htc_handle = hif_dev->htc_handle; 1501 int ret; 1502 const struct firmware *fw; 1503 1504 ret = ath9k_hif_usb_alloc_urbs(hif_dev); 1505 if (ret) 1506 return ret; 1507 1508 if (hif_dev->flags & HIF_USB_READY) { 1509 /* request cached firmware during suspend/resume cycle */ 1510 ret = request_firmware(&fw, hif_dev->fw_name, 1511 &hif_dev->udev->dev); 1512 if (ret) 1513 goto fail_resume; 1514 1515 hif_dev->fw_data = fw->data; 1516 hif_dev->fw_size = fw->size; 1517 ret = ath9k_hif_usb_download_fw(hif_dev); 1518 release_firmware(fw); 1519 if (ret) 1520 goto fail_resume; 1521 } else { 1522 ath9k_hif_usb_dealloc_urbs(hif_dev); 1523 return -EIO; 1524 } 1525 1526 mdelay(100); 1527 1528 ret = ath9k_htc_resume(htc_handle); 1529 1530 if (ret) 1531 goto fail_resume; 1532 1533 return 0; 1534 1535 fail_resume: 1536 ath9k_hif_usb_dealloc_urbs(hif_dev); 1537 1538 return ret; 1539 } 1540 #endif 1541 1542 static struct usb_driver ath9k_hif_usb_driver = { 1543 .name = KBUILD_MODNAME, 1544 .probe = ath9k_hif_usb_probe, 1545 .disconnect = ath9k_hif_usb_disconnect, 1546 #ifdef CONFIG_PM 1547 .suspend = ath9k_hif_usb_suspend, 1548 .resume = ath9k_hif_usb_resume, 1549 .reset_resume = ath9k_hif_usb_resume, 1550 #endif 1551 .id_table = ath9k_hif_usb_ids, 1552 .soft_unbind = 1, 1553 .disable_hub_initiated_lpm = 1, 1554 }; 1555 1556 int ath9k_hif_usb_init(void) 1557 { 1558 return usb_register(&ath9k_hif_usb_driver); 1559 } 1560 1561 void ath9k_hif_usb_exit(void) 1562 { 1563 usb_deregister(&ath9k_hif_usb_driver); 1564 } 1565 1566 #line 125 "/work/ldvuser/andrianov/work/current--X--drivers/net/wireless/ath/ath9k/--X--defaultlinux-4.5-rc7--X--races--X--cpachecker/linux-4.5-rc7/csd_deg_dscv/74/dscv_tempdir/dscv/ri/races/drivers/net/wireless/ath/ath9k/hif_usb.o.c.prepared" 1567 1568 int ldv_retval_11; 1569 int ldv_retval_10; 1570 int ldv_retval_9; 1571 1572 1573 void ldv_usb_driver_13(void){ 1574 ath9k_hif_usb_driver_group1 = ldv_undef_ptr(); 1575 } 1576 1577 1578 void ldv_main_exported_13(void){ 1579 pm_message_t ldvarg101; 1580 struct usb_device_id const *ldvarg102; 1581 /*DEG-struct: handlers from structure ath9k_hif_usb_driver*/ 1582 switch(__VERIFIER_nondet_int()){ 1583 case 0:{ 1584 /*DEG-state: state 1 (look at corresponding state-chart diagram for details)*/ 1585 if(ldv_state_variable_13 == 1){ 1586 /*DEG-CALL: handler probe from ath9k_hif_usb_driver*/ 1587 ldv_retval_11=(& ath9k_hif_usb_probe)(ath9k_hif_usb_driver_group1,ldvarg102); 1588 if(ldv_retval_11==0){ 1589 ldv_state_variable_13 = 2; 1590 ref_cnt++; 1591 } 1592 } 1593 } 1594 break; 1595 case 1:{ 1596 /*DEG-state: state 3 (look at corresponding state-chart diagram for details)*/ 1597 if(ldv_state_variable_13 == 3){ 1598 /*DEG-CALL: handler reset_resume from ath9k_hif_usb_driver*/ 1599 ldv_retval_10=(& ath9k_hif_usb_resume)(ath9k_hif_usb_driver_group1); 1600 if(ldv_retval_10==0){ 1601 ldv_state_variable_13 = 2; 1602 } 1603 } 1604 } 1605 break; 1606 case 2:{ 1607 /*DEG-state: state 3 (look at corresponding state-chart diagram for details)*/ 1608 if(ldv_state_variable_13 == 3 && usb_counter==0){ 1609 /*DEG-CALL: handler disconnect from ath9k_hif_usb_driver*/ 1610 (& ath9k_hif_usb_disconnect)(ath9k_hif_usb_driver_group1); 1611 ldv_state_variable_13 = 1; 1612 ref_cnt--; 1613 } 1614 /*DEG-state: state 2 (look at corresponding state-chart diagram for details)*/ 1615 if(ldv_state_variable_13 == 2 && usb_counter==0){ 1616 /*DEG-CALL: handler disconnect from ath9k_hif_usb_driver*/ 1617 (& ath9k_hif_usb_disconnect)(ath9k_hif_usb_driver_group1); 1618 ldv_state_variable_13 = 1; 1619 ref_cnt--; 1620 } 1621 } 1622 break; 1623 case 3:{ 1624 /*DEG-state: state 2 (look at corresponding state-chart diagram for details)*/ 1625 if(ldv_state_variable_13 == 2){ 1626 /*DEG-CALL: handler suspend from ath9k_hif_usb_driver*/ 1627 (& ath9k_hif_usb_suspend)(ath9k_hif_usb_driver_group1,ldvarg101); 1628 ldv_state_variable_13 = 3; 1629 } 1630 } 1631 break; 1632 case 4:{ 1633 /*DEG-state: state 3 (look at corresponding state-chart diagram for details)*/ 1634 if(ldv_state_variable_13 == 3){ 1635 /*DEG-CALL: handler resume from ath9k_hif_usb_driver*/ 1636 ldv_retval_9=(& ath9k_hif_usb_resume)(ath9k_hif_usb_driver_group1); 1637 if(ldv_retval_9==0){ 1638 ldv_state_variable_13 = 2; 1639 } 1640 } 1641 } 1642 break; 1643 default: ldv_assume(0); 1644 } 1645 1646 }; 1647 1648 1649 void ldv_main_exported_14(void){ 1650 void *ldvarg86; 1651 struct sk_buff *ldvarg87; 1652 void *ldvarg90; 1653 void *ldvarg89; 1654 u8 ldvarg88; 1655 u8 ldvarg84; 1656 void *ldvarg85; 1657 /*DEG-struct: handlers from structure hif_usb*/ 1658 switch(__VERIFIER_nondet_int()){ 1659 case 0:{ 1660 /*DEG-state: state 1 (look at corresponding state-chart diagram for details)*/ 1661 if(ldv_state_variable_14 == 1){ 1662 /*DEG-CALL: handler start from hif_usb*/ 1663 (& hif_usb_start)(ldvarg90); 1664 /*DEG-postcall: get module*/ 1665 ldv_state_variable_14 = 2; 1666 ref_cnt++; 1667 } 1668 } 1669 break; 1670 case 1:{ 1671 /*DEG-state: state 1 (look at corresponding state-chart diagram for details)*/ 1672 if(ldv_state_variable_14 == 1){ 1673 /*DEG-CALL: handler send from hif_usb*/ 1674 (& hif_usb_send)(ldvarg89,ldvarg88,ldvarg87); 1675 /*DEG-postcall: default*/ 1676 ldv_state_variable_14 = 1; 1677 } 1678 /*DEG-state: state 2 (look at corresponding state-chart diagram for details)*/ 1679 if(ldv_state_variable_14 == 2){ 1680 /*DEG-CALL: handler send from hif_usb*/ 1681 (& hif_usb_send)(ldvarg89,ldvarg88,ldvarg87); 1682 /*DEG-postcall: default*/ 1683 ldv_state_variable_14 = 2; 1684 } 1685 } 1686 break; 1687 case 2:{ 1688 /*DEG-state: state 2 (look at corresponding state-chart diagram for details)*/ 1689 if(ldv_state_variable_14 == 2){ 1690 /*DEG-CALL: handler stop from hif_usb*/ 1691 (& hif_usb_stop)(ldvarg86); 1692 /*DEG-postcall: module put*/ 1693 ldv_state_variable_14 = 1; 1694 ref_cnt--; 1695 } 1696 } 1697 break; 1698 case 3:{ 1699 /*DEG-state: state 1 (look at corresponding state-chart diagram for details)*/ 1700 if(ldv_state_variable_14 == 1){ 1701 /*DEG-CALL: handler sta_drain from hif_usb*/ 1702 (& hif_usb_sta_drain)(ldvarg85,ldvarg84); 1703 /*DEG-postcall: default*/ 1704 ldv_state_variable_14 = 1; 1705 } 1706 /*DEG-state: state 2 (look at corresponding state-chart diagram for details)*/ 1707 if(ldv_state_variable_14 == 2){ 1708 /*DEG-CALL: handler sta_drain from hif_usb*/ 1709 (& hif_usb_sta_drain)(ldvarg85,ldvarg84); 1710 /*DEG-postcall: default*/ 1711 ldv_state_variable_14 = 2; 1712 } 1713 } 1714 break; 1715 default: ldv_assume(0); 1716 } 1717 1718 };