[XFS] Fix double free of log tickets
[linux-2.6] / drivers / staging / wlan-ng / hfa384x_usb.c
1 /* src/prism2/driver/hfa384x_usb.c
2 *
3 * Functions that talk to the USB variantof the Intersil hfa384x MAC
4 *
5 * Copyright (C) 1999 AbsoluteValue Systems, Inc.  All Rights Reserved.
6 * --------------------------------------------------------------------
7 *
8 * linux-wlan
9 *
10 *   The contents of this file are subject to the Mozilla Public
11 *   License Version 1.1 (the "License"); you may not use this file
12 *   except in compliance with the License. You may obtain a copy of
13 *   the License at http://www.mozilla.org/MPL/
14 *
15 *   Software distributed under the License is distributed on an "AS
16 *   IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
17 *   implied. See the License for the specific language governing
18 *   rights and limitations under the License.
19 *
20 *   Alternatively, the contents of this file may be used under the
21 *   terms of the GNU Public License version 2 (the "GPL"), in which
22 *   case the provisions of the GPL are applicable instead of the
23 *   above.  If you wish to allow the use of your version of this file
24 *   only under the terms of the GPL and not to allow others to use
25 *   your version of this file under the MPL, indicate your decision
26 *   by deleting the provisions above and replace them with the notice
27 *   and other provisions required by the GPL.  If you do not delete
28 *   the provisions above, a recipient may use your version of this
29 *   file under either the MPL or the GPL.
30 *
31 * --------------------------------------------------------------------
32 *
33 * Inquiries regarding the linux-wlan Open Source project can be
34 * made directly to:
35 *
36 * AbsoluteValue Systems Inc.
37 * info@linux-wlan.com
38 * http://www.linux-wlan.com
39 *
40 * --------------------------------------------------------------------
41 *
42 * Portions of the development of this software were funded by
43 * Intersil Corporation as part of PRISM(R) chipset product development.
44 *
45 * --------------------------------------------------------------------
46 *
47 * This file implements functions that correspond to the prism2/hfa384x
48 * 802.11 MAC hardware and firmware host interface.
49 *
50 * The functions can be considered to represent several levels of
51 * abstraction.  The lowest level functions are simply C-callable wrappers
52 * around the register accesses.  The next higher level represents C-callable
53 * prism2 API functions that match the Intersil documentation as closely
54 * as is reasonable.  The next higher layer implements common sequences
55 * of invokations of the API layer (e.g. write to bap, followed by cmd).
56 *
57 * Common sequences:
58 * hfa384x_drvr_xxx      Highest level abstractions provided by the
59 *                       hfa384x code.  They are driver defined wrappers
60 *                       for common sequences.  These functions generally
61 *                       use the services of the lower levels.
62 *
63 * hfa384x_drvr_xxxconfig  An example of the drvr level abstraction. These
64 *                       functions are wrappers for the RID get/set
65 *                       sequence. They  call copy_[to|from]_bap() and
66 *                       cmd_access().   These functions operate on the
67 *                       RIDs and buffers without validation.  The caller
68 *                       is responsible for that.
69 *
70 * API wrapper functions:
71 * hfa384x_cmd_xxx       functions that provide access to the f/w commands.
72 *                       The function arguments correspond to each command
73 *                       argument, even command arguments that get packed
74 *                       into single registers.  These functions _just_
75 *                       issue the command by setting the cmd/parm regs
76 *                       & reading the status/resp regs.  Additional
77 *                       activities required to fully use a command
78 *                       (read/write from/to bap, get/set int status etc.)
79 *                       are implemented separately.  Think of these as
80 *                       C-callable prism2 commands.
81 *
82 * Lowest Layer Functions:
83 * hfa384x_docmd_xxx     These functions implement the sequence required
84 *                       to issue any prism2 command.  Primarily used by the
85 *                       hfa384x_cmd_xxx functions.
86 *
87 * hfa384x_bap_xxx       BAP read/write access functions.
88 *                       Note: we usually use BAP0 for non-interrupt context
89 *                        and BAP1 for interrupt context.
90 *
91 * hfa384x_dl_xxx        download related functions.
92 *
93 * Driver State Issues:
94 * Note that there are two pairs of functions that manage the
95 * 'initialized' and 'running' states of the hw/MAC combo.  The four
96 * functions are create(), destroy(), start(), and stop().  create()
97 * sets up the data structures required to support the hfa384x_*
98 * functions and destroy() cleans them up.  The start() function gets
99 * the actual hardware running and enables the interrupts.  The stop()
100 * function shuts the hardware down.  The sequence should be:
101 * create()
102 * start()
103 *  .
104 *  .  Do interesting things w/ the hardware
105 *  .
106 * stop()
107 * destroy()
108 *
109 * Note that destroy() can be called without calling stop() first.
110 * --------------------------------------------------------------------
111 */
112
113 /*================================================================*/
114 /* System Includes */
115 #define WLAN_DBVAR      prism2_debug
116
117 #include "version.h"
118
119
120 #include <linux/version.h>
121
122 #include <linux/module.h>
123 #include <linux/kernel.h>
124 #include <linux/sched.h>
125 #include <linux/types.h>
126 #include <linux/slab.h>
127 #include <linux/wireless.h>
128 #include <linux/netdevice.h>
129 #include <linux/timer.h>
130 #include <asm/io.h>
131 #include <linux/delay.h>
132 #include <asm/byteorder.h>
133 #include <asm/bitops.h>
134 #include <linux/list.h>
135 #include <linux/usb.h>
136
137 #include "wlan_compat.h"
138
139 #if (WLAN_HOSTIF != WLAN_USB)
140 #error "This file is specific to USB"
141 #endif
142
143
144 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,10)
145 static int
146 wait_for_completion_interruptible(struct completion *x)
147 {
148   int ret = 0;
149
150   might_sleep();
151
152   spin_lock_irq(&x->wait.lock);
153   if (!x->done) {
154     DECLARE_WAITQUEUE(wait, current);
155
156     wait.flags |= WQ_FLAG_EXCLUSIVE;
157     __add_wait_queue_tail(&x->wait, &wait);
158     do {
159       if (signal_pending(current)) {
160         ret = -ERESTARTSYS;
161         __remove_wait_queue(&x->wait, &wait);
162         goto out;
163       }
164       __set_current_state(TASK_INTERRUPTIBLE);
165       spin_unlock_irq(&x->wait.lock);
166       schedule();
167       spin_lock_irq(&x->wait.lock);
168     } while (!x->done);
169     __remove_wait_queue(&x->wait, &wait);
170   }
171   x->done--;
172 out:
173   spin_unlock_irq(&x->wait.lock);
174
175   return ret;
176 }
177 #endif
178
179 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,5,69)
180 static void
181 usb_init_urb(struct urb *urb)
182 {
183         memset(urb, 0, sizeof(*urb));
184 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,5,0) /* tune me! */
185         urb->count = (atomic_t)ATOMIC_INIT(1);
186 #endif
187         spin_lock_init(&urb->lock);
188 }
189 #endif
190
191 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,5,0) /* tune me! */
192 #  define SUBMIT_URB(u,f)  usb_submit_urb(u,f)
193 #else
194 #  define SUBMIT_URB(u,f)  usb_submit_urb(u)
195 #endif
196
197 /*================================================================*/
198 /* Project Includes */
199
200 #include "p80211types.h"
201 #include "p80211hdr.h"
202 #include "p80211mgmt.h"
203 #include "p80211conv.h"
204 #include "p80211msg.h"
205 #include "p80211netdev.h"
206 #include "p80211req.h"
207 #include "p80211metadef.h"
208 #include "p80211metastruct.h"
209 #include "hfa384x.h"
210 #include "prism2mgmt.h"
211
212 /*================================================================*/
213 /* Local Constants */
214
215 enum cmd_mode
216 {
217   DOWAIT = 0,
218   DOASYNC
219 };
220 typedef enum cmd_mode CMD_MODE;
221
222 #define THROTTLE_JIFFIES        (HZ/8)
223
224 /*================================================================*/
225 /* Local Macros */
226
227 #define ROUNDUP64(a) (((a)+63)&~63)
228
229 /*================================================================*/
230 /* Local Types */
231
232 /*================================================================*/
233 /* Local Static Definitions */
234 extern int prism2_debug;
235
236 /*================================================================*/
237 /* Local Function Declarations */
238
239 #ifdef DEBUG_USB
240 static void
241 dbprint_urb(struct urb* urb);
242 #endif
243
244 static void
245 hfa384x_int_rxmonitor(
246         wlandevice_t *wlandev,
247         hfa384x_usb_rxfrm_t *rxfrm);
248
249 static void
250 hfa384x_usb_defer(struct work_struct *data);
251
252 static int
253 submit_rx_urb(hfa384x_t *hw, gfp_t flags);
254
255 static int
256 submit_tx_urb(hfa384x_t *hw, struct urb *tx_urb, gfp_t flags);
257
258 /*---------------------------------------------------*/
259 /* Callbacks */
260 #ifdef URB_ONLY_CALLBACK
261 static void
262 hfa384x_usbout_callback(struct urb *urb);
263 static void
264 hfa384x_ctlxout_callback(struct urb *urb);
265 static void
266 hfa384x_usbin_callback(struct urb *urb);
267 #else
268 static void
269 hfa384x_usbout_callback(struct urb *urb, struct pt_regs *regs);
270 static void
271 hfa384x_ctlxout_callback(struct urb *urb, struct pt_regs *regs);
272 static void
273 hfa384x_usbin_callback(struct urb *urb, struct pt_regs *regs);
274 #endif
275
276 static void
277 hfa384x_usbin_txcompl(wlandevice_t *wlandev, hfa384x_usbin_t *usbin);
278
279 static void
280 hfa384x_usbin_rx(wlandevice_t *wlandev, struct sk_buff *skb);
281
282 static void
283 hfa384x_usbin_info(wlandevice_t *wlandev, hfa384x_usbin_t *usbin);
284
285 static void
286 hfa384x_usbout_tx(wlandevice_t *wlandev, hfa384x_usbout_t *usbout);
287
288 static void hfa384x_usbin_ctlx(hfa384x_t *hw, hfa384x_usbin_t *usbin,
289                                int urb_status);
290
291 /*---------------------------------------------------*/
292 /* Functions to support the prism2 usb command queue */
293
294 static void
295 hfa384x_usbctlxq_run(hfa384x_t *hw);
296
297 static void
298 hfa384x_usbctlx_reqtimerfn(unsigned long data);
299
300 static void
301 hfa384x_usbctlx_resptimerfn(unsigned long data);
302
303 static void
304 hfa384x_usb_throttlefn(unsigned long data);
305
306 static void
307 hfa384x_usbctlx_completion_task(unsigned long data);
308
309 static void
310 hfa384x_usbctlx_reaper_task(unsigned long data);
311
312 static int
313 hfa384x_usbctlx_submit(hfa384x_t *hw, hfa384x_usbctlx_t *ctlx);
314
315 static void
316 unlocked_usbctlx_complete(hfa384x_t *hw, hfa384x_usbctlx_t *ctlx);
317
318 struct usbctlx_completor
319 {
320         int (*complete)(struct usbctlx_completor*);
321 };
322 typedef struct usbctlx_completor usbctlx_completor_t;
323
324 static int
325 hfa384x_usbctlx_complete_sync(hfa384x_t *hw,
326                               hfa384x_usbctlx_t *ctlx,
327                               usbctlx_completor_t *completor);
328
329 static int
330 unlocked_usbctlx_cancel_async(hfa384x_t *hw, hfa384x_usbctlx_t *ctlx);
331
332 static void
333 hfa384x_cb_status(hfa384x_t *hw, const hfa384x_usbctlx_t *ctlx);
334
335 static void
336 hfa384x_cb_rrid(hfa384x_t *hw, const hfa384x_usbctlx_t *ctlx);
337
338 static int
339 usbctlx_get_status(const hfa384x_usb_cmdresp_t *cmdresp,
340                    hfa384x_cmdresult_t *result);
341
342 static void
343 usbctlx_get_rridresult(const hfa384x_usb_rridresp_t *rridresp,
344                        hfa384x_rridresult_t *result);
345
346 /*---------------------------------------------------*/
347 /* Low level req/resp CTLX formatters and submitters */
348 static int
349 hfa384x_docmd(
350         hfa384x_t *hw,
351         CMD_MODE mode,
352         hfa384x_metacmd_t *cmd,
353         ctlx_cmdcb_t cmdcb,
354         ctlx_usercb_t usercb,
355         void    *usercb_data);
356
357 static int
358 hfa384x_dorrid(
359         hfa384x_t *hw,
360         CMD_MODE mode,
361         UINT16  rid,
362         void    *riddata,
363         UINT    riddatalen,
364         ctlx_cmdcb_t cmdcb,
365         ctlx_usercb_t usercb,
366         void    *usercb_data);
367
368 static int
369 hfa384x_dowrid(
370         hfa384x_t *hw,
371         CMD_MODE mode,
372         UINT16  rid,
373         void    *riddata,
374         UINT    riddatalen,
375         ctlx_cmdcb_t cmdcb,
376         ctlx_usercb_t usercb,
377         void    *usercb_data);
378
379 static int
380 hfa384x_dormem(
381         hfa384x_t *hw,
382         CMD_MODE mode,
383         UINT16  page,
384         UINT16  offset,
385         void    *data,
386         UINT    len,
387         ctlx_cmdcb_t cmdcb,
388         ctlx_usercb_t usercb,
389         void    *usercb_data);
390
391 static int
392 hfa384x_dowmem(
393         hfa384x_t *hw,
394         CMD_MODE mode,
395         UINT16  page,
396         UINT16  offset,
397         void    *data,
398         UINT    len,
399         ctlx_cmdcb_t cmdcb,
400         ctlx_usercb_t usercb,
401         void    *usercb_data);
402
403 static int
404 hfa384x_isgood_pdrcode(UINT16 pdrcode);
405
406 /*================================================================*/
407 /* Function Definitions */
408 static inline const char* ctlxstr(CTLX_STATE s)
409 {
410         static const char* ctlx_str[] = {
411                 "Initial state",
412                 "Complete",
413                 "Request failed",
414                 "Request pending",
415                 "Request packet submitted",
416                 "Request packet completed",
417                 "Response packet completed"
418         };
419
420         return ctlx_str[s];
421 };
422
423
424 static inline hfa384x_usbctlx_t*
425 get_active_ctlx(hfa384x_t *hw)
426 {
427         return list_entry(hw->ctlxq.active.next, hfa384x_usbctlx_t, list);
428 }
429
430
431 #ifdef DEBUG_USB
432 void
433 dbprint_urb(struct urb* urb)
434 {
435         WLAN_LOG_DEBUG(3,"urb->pipe=0x%08x\n", urb->pipe);
436         WLAN_LOG_DEBUG(3,"urb->status=0x%08x\n", urb->status);
437         WLAN_LOG_DEBUG(3,"urb->transfer_flags=0x%08x\n", urb->transfer_flags);
438         WLAN_LOG_DEBUG(3,"urb->transfer_buffer=0x%08x\n", (UINT)urb->transfer_buffer);
439         WLAN_LOG_DEBUG(3,"urb->transfer_buffer_length=0x%08x\n", urb->transfer_buffer_length);
440         WLAN_LOG_DEBUG(3,"urb->actual_length=0x%08x\n", urb->actual_length);
441         WLAN_LOG_DEBUG(3,"urb->bandwidth=0x%08x\n", urb->bandwidth);
442         WLAN_LOG_DEBUG(3,"urb->setup_packet(ctl)=0x%08x\n", (UINT)urb->setup_packet);
443         WLAN_LOG_DEBUG(3,"urb->start_frame(iso/irq)=0x%08x\n", urb->start_frame);
444         WLAN_LOG_DEBUG(3,"urb->interval(irq)=0x%08x\n", urb->interval);
445         WLAN_LOG_DEBUG(3,"urb->error_count(iso)=0x%08x\n", urb->error_count);
446         WLAN_LOG_DEBUG(3,"urb->timeout=0x%08x\n", urb->timeout);
447         WLAN_LOG_DEBUG(3,"urb->context=0x%08x\n", (UINT)urb->context);
448         WLAN_LOG_DEBUG(3,"urb->complete=0x%08x\n", (UINT)urb->complete);
449 }
450 #endif
451
452
453 /*----------------------------------------------------------------
454 * submit_rx_urb
455 *
456 * Listen for input data on the BULK-IN pipe. If the pipe has
457 * stalled then schedule it to be reset.
458 *
459 * Arguments:
460 *       hw              device struct
461 *       memflags        memory allocation flags
462 *
463 * Returns:
464 *       error code from submission
465 *
466 * Call context:
467 *       Any
468 ----------------------------------------------------------------*/
469 static int
470 submit_rx_urb(hfa384x_t *hw, gfp_t memflags)
471 {
472         struct sk_buff *skb;
473         int result;
474
475         DBFENTER;
476
477         skb = dev_alloc_skb(sizeof(hfa384x_usbin_t));
478         if (skb == NULL) {
479                 result = -ENOMEM;
480                 goto done;
481         }
482
483         /* Post the IN urb */
484         usb_fill_bulk_urb(&hw->rx_urb, hw->usb,
485                       hw->endp_in,
486                       skb->data, sizeof(hfa384x_usbin_t),
487                       hfa384x_usbin_callback, hw->wlandev);
488
489         hw->rx_urb_skb = skb;
490
491         result = -ENOLINK;
492         if ( !hw->wlandev->hwremoved && !test_bit(WORK_RX_HALT, &hw->usb_flags)) {
493                 result = SUBMIT_URB(&hw->rx_urb, memflags);
494
495                 /* Check whether we need to reset the RX pipe */
496                 if (result == -EPIPE) {
497                         WLAN_LOG_WARNING("%s rx pipe stalled: requesting reset\n",
498                                          hw->wlandev->netdev->name);
499                         if ( !test_and_set_bit(WORK_RX_HALT, &hw->usb_flags) )
500                                 schedule_work(&hw->usb_work);
501                 }
502         }
503
504         /* Don't leak memory if anything should go wrong */
505         if (result != 0) {
506                 dev_kfree_skb(skb);
507                 hw->rx_urb_skb = NULL;
508         }
509
510  done:
511
512         DBFEXIT;
513         return result;
514 }
515
516 /*----------------------------------------------------------------
517 * submit_tx_urb
518 *
519 * Prepares and submits the URB of transmitted data. If the
520 * submission fails then it will schedule the output pipe to
521 * be reset.
522 *
523 * Arguments:
524 *       hw              device struct
525 *       tx_urb          URB of data for tranmission
526 *       memflags        memory allocation flags
527 *
528 * Returns:
529 *       error code from submission
530 *
531 * Call context:
532 *       Any
533 ----------------------------------------------------------------*/
534 static int
535 submit_tx_urb(hfa384x_t *hw, struct urb *tx_urb, gfp_t memflags)
536 {
537         struct net_device *netdev = hw->wlandev->netdev;
538         int result;
539
540         DBFENTER;
541
542         result = -ENOLINK;
543         if ( netif_running(netdev) ) {
544
545                 if ( !hw->wlandev->hwremoved && !test_bit(WORK_TX_HALT, &hw->usb_flags) ) {
546                         result = SUBMIT_URB(tx_urb, memflags);
547
548                         /* Test whether we need to reset the TX pipe */
549                         if (result == -EPIPE) {
550                                 WLAN_LOG_WARNING("%s tx pipe stalled: requesting reset\n",
551                                                  netdev->name);
552                                 set_bit(WORK_TX_HALT, &hw->usb_flags);
553                                 schedule_work(&hw->usb_work);
554                         } else if (result == 0) {
555                                 netif_stop_queue(netdev);
556                         }
557                 }
558         }
559
560         DBFEXIT;
561
562         return result;
563 }
564
565 /*----------------------------------------------------------------
566 * hfa394x_usb_defer
567 *
568 * There are some things that the USB stack cannot do while
569 * in interrupt context, so we arrange this function to run
570 * in process context.
571 *
572 * Arguments:
573 *       hw      device structure
574 *
575 * Returns:
576 *       nothing
577 *
578 * Call context:
579 *       process (by design)
580 ----------------------------------------------------------------*/
581 static void
582 hfa384x_usb_defer(struct work_struct *data)
583 {
584         hfa384x_t *hw = container_of(data, struct hfa384x, usb_work);
585         struct net_device *netdev = hw->wlandev->netdev;
586
587         DBFENTER;
588
589         /* Don't bother trying to reset anything if the plug
590          * has been pulled ...
591          */
592         if ( hw->wlandev->hwremoved ) {
593                 DBFEXIT;
594                 return;
595         }
596
597         /* Reception has stopped: try to reset the input pipe */
598         if (test_bit(WORK_RX_HALT, &hw->usb_flags)) {
599                 int ret;
600
601                 usb_kill_urb(&hw->rx_urb);  /* Cannot be holding spinlock! */
602
603                 ret = usb_clear_halt(hw->usb, hw->endp_in);
604                 if (ret != 0) {
605                         printk(KERN_ERR
606                                "Failed to clear rx pipe for %s: err=%d\n",
607                                netdev->name, ret);
608                 } else {
609                         printk(KERN_INFO "%s rx pipe reset complete.\n",
610                                          netdev->name);
611                         clear_bit(WORK_RX_HALT, &hw->usb_flags);
612                         set_bit(WORK_RX_RESUME, &hw->usb_flags);
613                 }
614         }
615
616         /* Resume receiving data back from the device. */
617         if ( test_bit(WORK_RX_RESUME, &hw->usb_flags) ) {
618                 int ret;
619
620                 ret = submit_rx_urb(hw, GFP_KERNEL);
621                 if (ret != 0) {
622                         printk(KERN_ERR
623                                "Failed to resume %s rx pipe.\n", netdev->name);
624                 } else {
625                         clear_bit(WORK_RX_RESUME, &hw->usb_flags);
626                 }
627         }
628
629         /* Transmission has stopped: try to reset the output pipe */
630         if (test_bit(WORK_TX_HALT, &hw->usb_flags)) {
631                 int ret;
632
633                 usb_kill_urb(&hw->tx_urb);
634                 ret = usb_clear_halt(hw->usb, hw->endp_out);
635                 if (ret != 0) {
636                         printk(KERN_ERR
637                                "Failed to clear tx pipe for %s: err=%d\n",
638                                netdev->name, ret);
639                 } else {
640                         printk(KERN_INFO "%s tx pipe reset complete.\n",
641                                          netdev->name);
642                         clear_bit(WORK_TX_HALT, &hw->usb_flags);
643                         set_bit(WORK_TX_RESUME, &hw->usb_flags);
644
645                         /* Stopping the BULK-OUT pipe also blocked
646                          * us from sending any more CTLX URBs, so
647                          * we need to re-run our queue ...
648                          */
649                         hfa384x_usbctlxq_run(hw);
650                 }
651         }
652
653         /* Resume transmitting. */
654         if ( test_and_clear_bit(WORK_TX_RESUME, &hw->usb_flags) ) {
655                 p80211netdev_wake_queue(hw->wlandev);
656         }
657
658         DBFEXIT;
659 }
660
661
662 /*----------------------------------------------------------------
663 * hfa384x_create
664 *
665 * Sets up the hfa384x_t data structure for use.  Note this
666 * does _not_ intialize the actual hardware, just the data structures
667 * we use to keep track of its state.
668 *
669 * Arguments:
670 *       hw              device structure
671 *       irq             device irq number
672 *       iobase          i/o base address for register access
673 *       membase         memory base address for register access
674 *
675 * Returns:
676 *       nothing
677 *
678 * Side effects:
679 *
680 * Call context:
681 *       process
682 ----------------------------------------------------------------*/
683 void
684 hfa384x_create( hfa384x_t *hw, struct usb_device *usb)
685 {
686         DBFENTER;
687
688         memset(hw, 0, sizeof(hfa384x_t));
689         hw->usb = usb;
690
691         /* set up the endpoints */
692         hw->endp_in = usb_rcvbulkpipe(usb, 1);
693         hw->endp_out = usb_sndbulkpipe(usb, 2);
694
695         /* Set up the waitq */
696         init_waitqueue_head(&hw->cmdq);
697
698         /* Initialize the command queue */
699         spin_lock_init(&hw->ctlxq.lock);
700         INIT_LIST_HEAD(&hw->ctlxq.pending);
701         INIT_LIST_HEAD(&hw->ctlxq.active);
702         INIT_LIST_HEAD(&hw->ctlxq.completing);
703         INIT_LIST_HEAD(&hw->ctlxq.reapable);
704
705         /* Initialize the authentication queue */
706         skb_queue_head_init(&hw->authq);
707
708         tasklet_init(&hw->reaper_bh,
709                      hfa384x_usbctlx_reaper_task,
710                      (unsigned long)hw);
711         tasklet_init(&hw->completion_bh,
712                      hfa384x_usbctlx_completion_task,
713                      (unsigned long)hw);
714         INIT_WORK2(&hw->link_bh, prism2sta_processing_defer);
715         INIT_WORK2(&hw->usb_work, hfa384x_usb_defer);
716
717         init_timer(&hw->throttle);
718         hw->throttle.function = hfa384x_usb_throttlefn;
719         hw->throttle.data = (unsigned long)hw;
720
721         init_timer(&hw->resptimer);
722         hw->resptimer.function = hfa384x_usbctlx_resptimerfn;
723         hw->resptimer.data = (unsigned long)hw;
724
725         init_timer(&hw->reqtimer);
726         hw->reqtimer.function = hfa384x_usbctlx_reqtimerfn;
727         hw->reqtimer.data = (unsigned long)hw;
728
729         usb_init_urb(&hw->rx_urb);
730         usb_init_urb(&hw->tx_urb);
731         usb_init_urb(&hw->ctlx_urb);
732
733         hw->link_status = HFA384x_LINK_NOTCONNECTED;
734         hw->state = HFA384x_STATE_INIT;
735
736         INIT_WORK2(&hw->commsqual_bh, prism2sta_commsqual_defer);
737         init_timer(&hw->commsqual_timer);
738         hw->commsqual_timer.data = (unsigned long) hw;
739         hw->commsqual_timer.function = prism2sta_commsqual_timer;
740
741         DBFEXIT;
742 }
743
744
745 /*----------------------------------------------------------------
746 * hfa384x_destroy
747 *
748 * Partner to hfa384x_create().  This function cleans up the hw
749 * structure so that it can be freed by the caller using a simple
750 * kfree.  Currently, this function is just a placeholder.  If, at some
751 * point in the future, an hw in the 'shutdown' state requires a 'deep'
752 * kfree, this is where it should be done.  Note that if this function
753 * is called on a _running_ hw structure, the drvr_stop() function is
754 * called.
755 *
756 * Arguments:
757 *       hw              device structure
758 *
759 * Returns:
760 *       nothing, this function is not allowed to fail.
761 *
762 * Side effects:
763 *
764 * Call context:
765 *       process
766 ----------------------------------------------------------------*/
767 void
768 hfa384x_destroy( hfa384x_t *hw)
769 {
770         struct sk_buff *skb;
771
772         DBFENTER;
773
774         if ( hw->state == HFA384x_STATE_RUNNING ) {
775                 hfa384x_drvr_stop(hw);
776         }
777         hw->state = HFA384x_STATE_PREINIT;
778
779         if (hw->scanresults) {
780                 kfree(hw->scanresults);
781                 hw->scanresults = NULL;
782         }
783
784         /* Now to clean out the auth queue */
785         while ( (skb = skb_dequeue(&hw->authq)) ) {
786                 dev_kfree_skb(skb);
787         }
788
789         DBFEXIT;
790 }
791
792
793 /*----------------------------------------------------------------
794  */
795 static hfa384x_usbctlx_t* usbctlx_alloc(void)
796 {
797         hfa384x_usbctlx_t *ctlx;
798
799         ctlx = kmalloc(sizeof(*ctlx), in_interrupt() ? GFP_ATOMIC : GFP_KERNEL);
800         if (ctlx != NULL)
801         {
802                 memset(ctlx, 0, sizeof(*ctlx));
803                 init_completion(&ctlx->done);
804         }
805
806         return ctlx;
807 }
808
809
810 /*----------------------------------------------------------------
811  *
812 ----------------------------------------------------------------*/
813 static int
814 usbctlx_get_status(const hfa384x_usb_cmdresp_t *cmdresp,
815                    hfa384x_cmdresult_t *result)
816 {
817         DBFENTER;
818
819         result->status = hfa384x2host_16(cmdresp->status);
820         result->resp0 = hfa384x2host_16(cmdresp->resp0);
821         result->resp1 = hfa384x2host_16(cmdresp->resp1);
822         result->resp2 = hfa384x2host_16(cmdresp->resp2);
823
824         WLAN_LOG_DEBUG(4, "cmdresult:status=0x%04x "
825                           "resp0=0x%04x resp1=0x%04x resp2=0x%04x\n",
826                         result->status,
827                         result->resp0,
828                         result->resp1,
829                         result->resp2);
830
831         DBFEXIT;
832         return (result->status & HFA384x_STATUS_RESULT);
833 }
834
835 static void
836 usbctlx_get_rridresult(const hfa384x_usb_rridresp_t *rridresp,
837                        hfa384x_rridresult_t *result)
838 {
839         DBFENTER;
840
841         result->rid = hfa384x2host_16(rridresp->rid);
842         result->riddata = rridresp->data;
843         result->riddata_len = ((hfa384x2host_16(rridresp->frmlen) - 1) * 2);
844
845         DBFEXIT;
846 }
847
848
849 /*----------------------------------------------------------------
850 * Completor object:
851 * This completor must be passed to hfa384x_usbctlx_complete_sync()
852 * when processing a CTLX that returns a hfa384x_cmdresult_t structure.
853 ----------------------------------------------------------------*/
854 struct usbctlx_cmd_completor
855 {
856         usbctlx_completor_t     head;
857
858         const hfa384x_usb_cmdresp_t     *cmdresp;
859         hfa384x_cmdresult_t     *result;
860 };
861 typedef struct usbctlx_cmd_completor usbctlx_cmd_completor_t;
862
863 static int usbctlx_cmd_completor_fn(usbctlx_completor_t *head)
864 {
865         usbctlx_cmd_completor_t *complete = (usbctlx_cmd_completor_t*)head;
866         return usbctlx_get_status(complete->cmdresp, complete->result);
867 }
868
869 static inline usbctlx_completor_t*
870 init_cmd_completor(usbctlx_cmd_completor_t *completor,
871                    const hfa384x_usb_cmdresp_t *cmdresp,
872                    hfa384x_cmdresult_t *result)
873 {
874         completor->head.complete = usbctlx_cmd_completor_fn;
875         completor->cmdresp = cmdresp;
876         completor->result = result;
877         return &(completor->head);
878 }
879
880 /*----------------------------------------------------------------
881 * Completor object:
882 * This completor must be passed to hfa384x_usbctlx_complete_sync()
883 * when processing a CTLX that reads a RID.
884 ----------------------------------------------------------------*/
885 struct usbctlx_rrid_completor
886 {
887         usbctlx_completor_t     head;
888
889         const hfa384x_usb_rridresp_t    *rridresp;
890         void                    *riddata;
891         UINT                    riddatalen;
892 };
893 typedef struct usbctlx_rrid_completor usbctlx_rrid_completor_t;
894
895 static int usbctlx_rrid_completor_fn(usbctlx_completor_t *head)
896 {
897         usbctlx_rrid_completor_t *complete = (usbctlx_rrid_completor_t*)head;
898         hfa384x_rridresult_t rridresult;
899
900         usbctlx_get_rridresult(complete->rridresp, &rridresult);
901
902         /* Validate the length, note body len calculation in bytes */
903         if ( rridresult.riddata_len != complete->riddatalen ) {
904                 WLAN_LOG_WARNING(
905                         "RID len mismatch, rid=0x%04x hlen=%d fwlen=%d\n",
906                         rridresult.rid,
907                         complete->riddatalen,
908                         rridresult.riddata_len);
909                 return -ENODATA;
910         }
911
912         memcpy(complete->riddata,
913                rridresult.riddata,
914                complete->riddatalen);
915         return 0;
916 }
917
918 static inline usbctlx_completor_t*
919 init_rrid_completor(usbctlx_rrid_completor_t *completor,
920                     const hfa384x_usb_rridresp_t *rridresp,
921                     void *riddata,
922                     UINT riddatalen)
923 {
924         completor->head.complete = usbctlx_rrid_completor_fn;
925         completor->rridresp = rridresp;
926         completor->riddata = riddata;
927         completor->riddatalen = riddatalen;
928         return &(completor->head);
929 }
930
931 /*----------------------------------------------------------------
932 * Completor object:
933 * Interprets the results of a synchronous RID-write
934 ----------------------------------------------------------------*/
935 typedef usbctlx_cmd_completor_t usbctlx_wrid_completor_t;
936 #define init_wrid_completor  init_cmd_completor
937
938 /*----------------------------------------------------------------
939 * Completor object:
940 * Interprets the results of a synchronous memory-write
941 ----------------------------------------------------------------*/
942 typedef usbctlx_cmd_completor_t usbctlx_wmem_completor_t;
943 #define init_wmem_completor  init_cmd_completor
944
945 /*----------------------------------------------------------------
946 * Completor object:
947 * Interprets the results of a synchronous memory-read
948 ----------------------------------------------------------------*/
949 struct usbctlx_rmem_completor
950 {
951         usbctlx_completor_t           head;
952
953         const hfa384x_usb_rmemresp_t  *rmemresp;
954         void                          *data;
955         UINT                          len;
956 };
957 typedef struct usbctlx_rmem_completor usbctlx_rmem_completor_t;
958
959 static int usbctlx_rmem_completor_fn(usbctlx_completor_t *head)
960 {
961         usbctlx_rmem_completor_t *complete = (usbctlx_rmem_completor_t*)head;
962
963         WLAN_LOG_DEBUG(4,"rmemresp:len=%d\n", complete->rmemresp->frmlen);
964         memcpy(complete->data, complete->rmemresp->data, complete->len);
965         return 0;
966 }
967
968 static inline usbctlx_completor_t*
969 init_rmem_completor(usbctlx_rmem_completor_t *completor,
970                     hfa384x_usb_rmemresp_t *rmemresp,
971                     void *data,
972                     UINT len)
973 {
974         completor->head.complete = usbctlx_rmem_completor_fn;
975         completor->rmemresp = rmemresp;
976         completor->data = data;
977         completor->len = len;
978         return &(completor->head);
979 }
980
981 /*----------------------------------------------------------------
982 * hfa384x_cb_status
983 *
984 * Ctlx_complete handler for async CMD type control exchanges.
985 * mark the hw struct as such.
986 *
987 * Note: If the handling is changed here, it should probably be
988 *       changed in docmd as well.
989 *
990 * Arguments:
991 *       hw              hw struct
992 *       ctlx            completed CTLX
993 *
994 * Returns:
995 *       nothing
996 *
997 * Side effects:
998 *
999 * Call context:
1000 *       interrupt
1001 ----------------------------------------------------------------*/
1002 static void
1003 hfa384x_cb_status(hfa384x_t *hw, const hfa384x_usbctlx_t *ctlx)
1004 {
1005         DBFENTER;
1006
1007         if ( ctlx->usercb != NULL ) {
1008                 hfa384x_cmdresult_t cmdresult;
1009
1010                 if (ctlx->state != CTLX_COMPLETE) {
1011                         memset(&cmdresult, 0, sizeof(cmdresult));
1012                         cmdresult.status = HFA384x_STATUS_RESULT_SET(HFA384x_CMD_ERR);
1013                 } else {
1014                         usbctlx_get_status(&ctlx->inbuf.cmdresp, &cmdresult);
1015                 }
1016
1017                 ctlx->usercb(hw, &cmdresult, ctlx->usercb_data);
1018         }
1019
1020         DBFEXIT;
1021 }
1022
1023
1024 /*----------------------------------------------------------------
1025 * hfa384x_cb_rrid
1026 *
1027 * CTLX completion handler for async RRID type control exchanges.
1028 *
1029 * Note: If the handling is changed here, it should probably be
1030 *       changed in dorrid as well.
1031 *
1032 * Arguments:
1033 *       hw              hw struct
1034 *       ctlx            completed CTLX
1035 *
1036 * Returns:
1037 *       nothing
1038 *
1039 * Side effects:
1040 *
1041 * Call context:
1042 *       interrupt
1043 ----------------------------------------------------------------*/
1044 static void
1045 hfa384x_cb_rrid(hfa384x_t *hw, const hfa384x_usbctlx_t *ctlx)
1046 {
1047         DBFENTER;
1048
1049         if ( ctlx->usercb != NULL ) {
1050                 hfa384x_rridresult_t rridresult;
1051
1052                 if (ctlx->state != CTLX_COMPLETE) {
1053                         memset(&rridresult, 0, sizeof(rridresult));
1054                         rridresult.rid = hfa384x2host_16(ctlx->outbuf.rridreq.rid);
1055                 } else {
1056                         usbctlx_get_rridresult(&ctlx->inbuf.rridresp, &rridresult);
1057                 }
1058
1059                 ctlx->usercb(hw, &rridresult, ctlx->usercb_data);
1060         }
1061
1062         DBFEXIT;
1063 }
1064
1065 static inline int
1066 hfa384x_docmd_wait(hfa384x_t *hw, hfa384x_metacmd_t *cmd)
1067 {
1068         return hfa384x_docmd(hw, DOWAIT, cmd, NULL, NULL, NULL);
1069 }
1070
1071 static inline int
1072 hfa384x_docmd_async(hfa384x_t *hw,
1073                     hfa384x_metacmd_t *cmd,
1074                     ctlx_cmdcb_t cmdcb,
1075                     ctlx_usercb_t usercb,
1076                     void *usercb_data)
1077 {
1078         return hfa384x_docmd(hw, DOASYNC, cmd,
1079                                 cmdcb, usercb, usercb_data);
1080 }
1081
1082 static inline int
1083 hfa384x_dorrid_wait(hfa384x_t *hw, UINT16 rid, void *riddata, UINT riddatalen)
1084 {
1085         return hfa384x_dorrid(hw, DOWAIT,
1086                               rid, riddata, riddatalen,
1087                               NULL, NULL, NULL);
1088 }
1089
1090 static inline int
1091 hfa384x_dorrid_async(hfa384x_t *hw,
1092                      UINT16 rid, void *riddata, UINT riddatalen,
1093                      ctlx_cmdcb_t cmdcb,
1094                      ctlx_usercb_t usercb,
1095                      void *usercb_data)
1096 {
1097         return hfa384x_dorrid(hw, DOASYNC,
1098                               rid, riddata, riddatalen,
1099                               cmdcb, usercb, usercb_data);
1100 }
1101
1102 static inline int
1103 hfa384x_dowrid_wait(hfa384x_t *hw, UINT16 rid, void *riddata, UINT riddatalen)
1104 {
1105         return hfa384x_dowrid(hw, DOWAIT,
1106                               rid, riddata, riddatalen,
1107                               NULL, NULL, NULL);
1108 }
1109
1110 static inline int
1111 hfa384x_dowrid_async(hfa384x_t *hw,
1112                      UINT16 rid, void *riddata, UINT riddatalen,
1113                      ctlx_cmdcb_t cmdcb,
1114                      ctlx_usercb_t usercb,
1115                      void *usercb_data)
1116 {
1117         return hfa384x_dowrid(hw, DOASYNC,
1118                               rid, riddata, riddatalen,
1119                               cmdcb, usercb, usercb_data);
1120 }
1121
1122 static inline int
1123 hfa384x_dormem_wait(hfa384x_t *hw,
1124                     UINT16 page, UINT16 offset, void *data, UINT len)
1125 {
1126         return hfa384x_dormem(hw, DOWAIT,
1127                               page, offset, data, len,
1128                               NULL, NULL, NULL);
1129 }
1130
1131 static inline int
1132 hfa384x_dormem_async(hfa384x_t *hw,
1133                      UINT16 page, UINT16 offset, void *data, UINT len,
1134                      ctlx_cmdcb_t cmdcb,
1135                      ctlx_usercb_t usercb,
1136                      void *usercb_data)
1137 {
1138         return hfa384x_dormem(hw, DOASYNC,
1139                               page, offset, data, len,
1140                               cmdcb, usercb, usercb_data);
1141 }
1142
1143 static inline int
1144 hfa384x_dowmem_wait(
1145         hfa384x_t *hw,
1146         UINT16  page,
1147         UINT16  offset,
1148         void    *data,
1149         UINT    len)
1150 {
1151         return hfa384x_dowmem(hw, DOWAIT,
1152                                   page, offset, data, len,
1153                                   NULL, NULL, NULL);
1154 }
1155
1156 static inline int
1157 hfa384x_dowmem_async(
1158         hfa384x_t *hw,
1159         UINT16  page,
1160         UINT16  offset,
1161         void    *data,
1162         UINT    len,
1163         ctlx_cmdcb_t cmdcb,
1164         ctlx_usercb_t usercb,
1165         void    *usercb_data)
1166 {
1167         return hfa384x_dowmem(hw, DOASYNC,
1168                                   page, offset, data, len,
1169                                   cmdcb, usercb, usercb_data);
1170 }
1171
1172 /*----------------------------------------------------------------
1173 * hfa384x_cmd_initialize
1174 *
1175 * Issues the initialize command and sets the hw->state based
1176 * on the result.
1177 *
1178 * Arguments:
1179 *       hw              device structure
1180 *
1181 * Returns:
1182 *       0               success
1183 *       >0              f/w reported error - f/w status code
1184 *       <0              driver reported error
1185 *
1186 * Side effects:
1187 *
1188 * Call context:
1189 *       process
1190 ----------------------------------------------------------------*/
1191 int
1192 hfa384x_cmd_initialize(hfa384x_t *hw)
1193 {
1194         int     result = 0;
1195         int     i;
1196         hfa384x_metacmd_t cmd;
1197
1198         DBFENTER;
1199
1200
1201         cmd.cmd = HFA384x_CMDCODE_INIT;
1202         cmd.parm0 = 0;
1203         cmd.parm1 = 0;
1204         cmd.parm2 = 0;
1205
1206         result = hfa384x_docmd_wait(hw, &cmd);
1207
1208
1209         WLAN_LOG_DEBUG(3,"cmdresp.init: "
1210                 "status=0x%04x, resp0=0x%04x, "
1211                 "resp1=0x%04x, resp2=0x%04x\n",
1212                 cmd.result.status,
1213                 cmd.result.resp0,
1214                 cmd.result.resp1,
1215                 cmd.result.resp2);
1216         if ( result == 0 ) {
1217                 for ( i = 0; i < HFA384x_NUMPORTS_MAX; i++) {
1218                         hw->port_enabled[i] = 0;
1219                 }
1220         }
1221
1222         hw->link_status = HFA384x_LINK_NOTCONNECTED;
1223
1224         DBFEXIT;
1225         return result;
1226 }
1227
1228
1229 /*----------------------------------------------------------------
1230 * hfa384x_cmd_disable
1231 *
1232 * Issues the disable command to stop communications on one of
1233 * the MACs 'ports'.
1234 *
1235 * Arguments:
1236 *       hw              device structure
1237 *       macport         MAC port number (host order)
1238 *
1239 * Returns:
1240 *       0               success
1241 *       >0              f/w reported failure - f/w status code
1242 *       <0              driver reported error (timeout|bad arg)
1243 *
1244 * Side effects:
1245 *
1246 * Call context:
1247 *       process
1248 ----------------------------------------------------------------*/
1249 int hfa384x_cmd_disable(hfa384x_t *hw, UINT16 macport)
1250 {
1251         int     result = 0;
1252         hfa384x_metacmd_t cmd;
1253
1254         DBFENTER;
1255
1256         cmd.cmd = HFA384x_CMD_CMDCODE_SET(HFA384x_CMDCODE_DISABLE) |
1257                   HFA384x_CMD_MACPORT_SET(macport);
1258         cmd.parm0 = 0;
1259         cmd.parm1 = 0;
1260         cmd.parm2 = 0;
1261
1262         result = hfa384x_docmd_wait(hw, &cmd);
1263
1264         DBFEXIT;
1265         return result;
1266 }
1267
1268
1269 /*----------------------------------------------------------------
1270 * hfa384x_cmd_enable
1271 *
1272 * Issues the enable command to enable communications on one of
1273 * the MACs 'ports'.
1274 *
1275 * Arguments:
1276 *       hw              device structure
1277 *       macport         MAC port number
1278 *
1279 * Returns:
1280 *       0               success
1281 *       >0              f/w reported failure - f/w status code
1282 *       <0              driver reported error (timeout|bad arg)
1283 *
1284 * Side effects:
1285 *
1286 * Call context:
1287 *       process
1288 ----------------------------------------------------------------*/
1289 int hfa384x_cmd_enable(hfa384x_t *hw, UINT16 macport)
1290 {
1291         int     result = 0;
1292         hfa384x_metacmd_t cmd;
1293
1294         DBFENTER;
1295
1296         cmd.cmd = HFA384x_CMD_CMDCODE_SET(HFA384x_CMDCODE_ENABLE) |
1297                   HFA384x_CMD_MACPORT_SET(macport);
1298         cmd.parm0 = 0;
1299         cmd.parm1 = 0;
1300         cmd.parm2 = 0;
1301
1302         result = hfa384x_docmd_wait(hw, &cmd);
1303
1304         DBFEXIT;
1305         return result;
1306 }
1307
1308
1309 /*----------------------------------------------------------------
1310 * hfa384x_cmd_notify
1311 *
1312 * Sends an info frame to the firmware to alter the behavior
1313 * of the f/w asynch processes.  Can only be called when the MAC
1314 * is in the enabled state.
1315 *
1316 * Arguments:
1317 *       hw              device structure
1318 *       reclaim         [0|1] indicates whether the given FID will
1319 *                       be handed back (via Alloc event) for reuse.
1320 *                       (host order)
1321 *       fid             FID of buffer containing the frame that was
1322 *                       previously copied to MAC memory via the bap.
1323 *                       (host order)
1324 *
1325 * Returns:
1326 *       0               success
1327 *       >0              f/w reported failure - f/w status code
1328 *       <0              driver reported error (timeout|bad arg)
1329 *
1330 * Side effects:
1331 *       hw->resp0 will contain the FID being used by async notify
1332 *       process.  If reclaim==0, resp0 will be the same as the fid
1333 *       argument.  If reclaim==1, resp0 will be the different.
1334 *
1335 * Call context:
1336 *       process
1337 ----------------------------------------------------------------*/
1338 int hfa384x_cmd_notify(hfa384x_t *hw, UINT16 reclaim, UINT16 fid,
1339                        void *buf, UINT16 len)
1340 {
1341 #if 0
1342         int     result = 0;
1343         UINT16  cmd;
1344         DBFENTER;
1345         cmd =   HFA384x_CMD_CMDCODE_SET(HFA384x_CMDCODE_NOTIFY) |
1346                 HFA384x_CMD_RECL_SET(reclaim);
1347         result = hfa384x_docmd_wait(hw, cmd);
1348
1349         DBFEXIT;
1350         return result;
1351 #endif
1352 return 0;
1353 }
1354
1355
1356 #if 0
1357 /*----------------------------------------------------------------
1358 * hfa384x_cmd_inquiry
1359 *
1360 * Requests an info frame from the firmware.  The info frame will
1361 * be delivered asynchronously via the Info event.
1362 *
1363 * Arguments:
1364 *       hw              device structure
1365 *       fid             FID of the info frame requested. (host order)
1366 *
1367 * Returns:
1368 *       0               success
1369 *       >0              f/w reported failure - f/w status code
1370 *       <0              driver reported error (timeout|bad arg)
1371 *
1372 * Side effects:
1373 *
1374 * Call context:
1375 *       process
1376 ----------------------------------------------------------------*/
1377 int hfa384x_cmd_inquiry(hfa384x_t *hw, UINT16 fid)
1378 {
1379         int     result = 0;
1380         hfa384x_metacmd_t cmd;
1381
1382         DBFENTER;
1383
1384         cmd.cmd = HFA384x_CMD_CMDCODE_SET(HFA384x_CMDCODE_INQ);
1385         cmd.parm0 = 0;
1386         cmd.parm1 = 0;
1387         cmd.parm2 = 0;
1388
1389         result = hfa384x_docmd_wait(hw, &cmd);
1390
1391         DBFEXIT;
1392         return result;
1393 }
1394 #endif
1395
1396
1397 /*----------------------------------------------------------------
1398 * hfa384x_cmd_monitor
1399 *
1400 * Enables the 'monitor mode' of the MAC.  Here's the description of
1401 * monitor mode that I've received thus far:
1402 *
1403 *  "The "monitor mode" of operation is that the MAC passes all
1404 *  frames for which the PLCP checks are correct. All received
1405 *  MPDUs are passed to the host with MAC Port = 7, with a
1406 *  receive status of good, FCS error, or undecryptable. Passing
1407 *  certain MPDUs is a violation of the 802.11 standard, but useful
1408 *  for a debugging tool."  Normal communication is not possible
1409 *  while monitor mode is enabled.
1410 *
1411 * Arguments:
1412 *       hw              device structure
1413 *       enable          a code (0x0b|0x0f) that enables/disables
1414 *                       monitor mode. (host order)
1415 *
1416 * Returns:
1417 *       0               success
1418 *       >0              f/w reported failure - f/w status code
1419 *       <0              driver reported error (timeout|bad arg)
1420 *
1421 * Side effects:
1422 *
1423 * Call context:
1424 *       process
1425 ----------------------------------------------------------------*/
1426 int hfa384x_cmd_monitor(hfa384x_t *hw, UINT16 enable)
1427 {
1428         int     result = 0;
1429         hfa384x_metacmd_t cmd;
1430
1431         DBFENTER;
1432
1433         cmd.cmd = HFA384x_CMD_CMDCODE_SET(HFA384x_CMDCODE_MONITOR) |
1434                 HFA384x_CMD_AINFO_SET(enable);
1435         cmd.parm0 = 0;
1436         cmd.parm1 = 0;
1437         cmd.parm2 = 0;
1438
1439         result = hfa384x_docmd_wait(hw, &cmd);
1440
1441         DBFEXIT;
1442         return result;
1443 }
1444
1445
1446 /*----------------------------------------------------------------
1447 * hfa384x_cmd_download
1448 *
1449 * Sets the controls for the MAC controller code/data download
1450 * process.  The arguments set the mode and address associated
1451 * with a download.  Note that the aux registers should be enabled
1452 * prior to setting one of the download enable modes.
1453 *
1454 * Arguments:
1455 *       hw              device structure
1456 *       mode            0 - Disable programming and begin code exec
1457 *                       1 - Enable volatile mem programming
1458 *                       2 - Enable non-volatile mem programming
1459 *                       3 - Program non-volatile section from NV download
1460 *                           buffer.
1461 *                       (host order)
1462 *       lowaddr
1463 *       highaddr        For mode 1, sets the high & low order bits of
1464 *                       the "destination address".  This address will be
1465 *                       the execution start address when download is
1466 *                       subsequently disabled.
1467 *                       For mode 2, sets the high & low order bits of
1468 *                       the destination in NV ram.
1469 *                       For modes 0 & 3, should be zero. (host order)
1470 *                       NOTE: these are CMD format.
1471 *       codelen         Length of the data to write in mode 2,
1472 *                       zero otherwise. (host order)
1473 *
1474 * Returns:
1475 *       0               success
1476 *       >0              f/w reported failure - f/w status code
1477 *       <0              driver reported error (timeout|bad arg)
1478 *
1479 * Side effects:
1480 *
1481 * Call context:
1482 *       process
1483 ----------------------------------------------------------------*/
1484 int hfa384x_cmd_download(hfa384x_t *hw, UINT16 mode, UINT16 lowaddr,
1485                                 UINT16 highaddr, UINT16 codelen)
1486 {
1487         int     result = 0;
1488         hfa384x_metacmd_t cmd;
1489
1490         DBFENTER;
1491         WLAN_LOG_DEBUG(5,
1492                 "mode=%d, lowaddr=0x%04x, highaddr=0x%04x, codelen=%d\n",
1493                 mode, lowaddr, highaddr, codelen);
1494
1495         cmd.cmd = (HFA384x_CMD_CMDCODE_SET(HFA384x_CMDCODE_DOWNLD) |
1496                    HFA384x_CMD_PROGMODE_SET(mode));
1497
1498         cmd.parm0 = lowaddr;
1499         cmd.parm1 = highaddr;
1500         cmd.parm2 = codelen;
1501
1502         result = hfa384x_docmd_wait(hw, &cmd);
1503
1504         DBFEXIT;
1505         return result;
1506 }
1507
1508
1509 /*----------------------------------------------------------------
1510 * hfa384x_copy_from_aux
1511 *
1512 * Copies a collection of bytes from the controller memory.  The
1513 * Auxiliary port MUST be enabled prior to calling this function.
1514 * We _might_ be in a download state.
1515 *
1516 * Arguments:
1517 *       hw              device structure
1518 *       cardaddr        address in hfa384x data space to read
1519 *       auxctl          address space select
1520 *       buf             ptr to destination host buffer
1521 *       len             length of data to transfer (in bytes)
1522 *
1523 * Returns:
1524 *       nothing
1525 *
1526 * Side effects:
1527 *       buf contains the data copied
1528 *
1529 * Call context:
1530 *       process
1531 *       interrupt
1532 ----------------------------------------------------------------*/
1533 void
1534 hfa384x_copy_from_aux(
1535         hfa384x_t *hw, UINT32 cardaddr, UINT32 auxctl, void *buf, UINT len)
1536 {
1537         DBFENTER;
1538         WLAN_LOG_ERROR("not used in USB.\n");
1539         DBFEXIT;
1540 }
1541
1542
1543 /*----------------------------------------------------------------
1544 * hfa384x_copy_to_aux
1545 *
1546 * Copies a collection of bytes to the controller memory.  The
1547 * Auxiliary port MUST be enabled prior to calling this function.
1548 * We _might_ be in a download state.
1549 *
1550 * Arguments:
1551 *       hw              device structure
1552 *       cardaddr        address in hfa384x data space to read
1553 *       auxctl          address space select
1554 *       buf             ptr to destination host buffer
1555 *       len             length of data to transfer (in bytes)
1556 *
1557 * Returns:
1558 *       nothing
1559 *
1560 * Side effects:
1561 *       Controller memory now contains a copy of buf
1562 *
1563 * Call context:
1564 *       process
1565 *       interrupt
1566 ----------------------------------------------------------------*/
1567 void
1568 hfa384x_copy_to_aux(
1569         hfa384x_t *hw, UINT32 cardaddr, UINT32 auxctl, void *buf, UINT len)
1570 {
1571         DBFENTER;
1572         WLAN_LOG_ERROR("not used in USB.\n");
1573         DBFEXIT;
1574 }
1575
1576
1577 /*----------------------------------------------------------------
1578 * hfa384x_corereset
1579 *
1580 * Perform a reset of the hfa38xx MAC core.  We assume that the hw
1581 * structure is in its "created" state.  That is, it is initialized
1582 * with proper values.  Note that if a reset is done after the
1583 * device has been active for awhile, the caller might have to clean
1584 * up some leftover cruft in the hw structure.
1585 *
1586 * Arguments:
1587 *       hw              device structure
1588 *       holdtime        how long (in ms) to hold the reset
1589 *       settletime      how long (in ms) to wait after releasing
1590 *                       the reset
1591 *
1592 * Returns:
1593 *       nothing
1594 *
1595 * Side effects:
1596 *
1597 * Call context:
1598 *       process
1599 ----------------------------------------------------------------*/
1600 int hfa384x_corereset(hfa384x_t *hw, int holdtime, int settletime, int genesis)
1601 {
1602 #if 0
1603 #if (LINUX_VERSION_CODE < KERNEL_VERSION(2,5,0))
1604         struct usb_device       *parent = hw->usb->parent;
1605         int                     i;
1606         int                     port = -1;
1607 #endif
1608 #endif
1609         int                     result = 0;
1610
1611
1612 #define P2_USB_RT_PORT          (USB_TYPE_CLASS | USB_RECIP_OTHER)
1613 #define P2_USB_FEAT_RESET       4
1614 #define P2_USB_FEAT_C_RESET     20
1615
1616         DBFENTER;
1617
1618 #if 0
1619 #if (LINUX_VERSION_CODE < KERNEL_VERSION(2,5,0))
1620         /* Find the hub port */
1621         for ( i = 0; i < parent->maxchild; i++) {
1622                 if (parent->children[i] == hw->usb) {
1623                         port = i;
1624                         break;
1625                 }
1626         }
1627         if (port < 0) return -ENOENT;
1628
1629         /* Set and clear the reset */
1630         usb_control_msg(parent, usb_sndctrlpipe(parent, 0),
1631                 USB_REQ_SET_FEATURE, P2_USB_RT_PORT, P2_USB_FEAT_RESET,
1632                 port+1, NULL, 0, 1*HZ);
1633         wait_ms(holdtime);
1634         usb_control_msg(parent, usb_sndctrlpipe(parent, 0),
1635                 USB_REQ_CLEAR_FEATURE, P2_USB_RT_PORT, P2_USB_FEAT_C_RESET,
1636                 port+1, NULL, 0, 1*HZ);
1637         wait_ms(settletime);
1638
1639         /* Set the device address */
1640         result=usb_set_address(hw->usb);
1641         if (result < 0) {
1642                 WLAN_LOG_ERROR("reset_usbdev: Dev not accepting address, "
1643                         "result=%d\n", result);
1644                 clear_bit(hw->usb->devnum, &hw->usb->bus->devmap.devicemap);
1645                 hw->usb->devnum = -1;
1646                 goto done;
1647         }
1648         /* Let the address settle */
1649         wait_ms(20);
1650
1651         /* Assume we're reusing the original descriptor data */
1652
1653         /* Set the configuration. */
1654         WLAN_LOG_DEBUG(3, "Setting Configuration %d\n",
1655                 hw->usb->config[0].bConfigurationValue);
1656         result=usb_set_configuration(hw->usb, hw->usb->config[0].bConfigurationValue);
1657         if ( result ) {
1658                 WLAN_LOG_ERROR("usb_set_configuration() failed, result=%d.\n",
1659                                 result);
1660                 goto done;
1661         }
1662         /* Let the configuration settle */
1663         wait_ms(20);
1664
1665  done:
1666 #else
1667         result=usb_reset_device(hw->usb);
1668         if(result<0) {
1669                 WLAN_LOG_ERROR("usb_reset_device() failed, result=%d.\n",result);
1670         }
1671 #endif
1672 #endif
1673
1674         result=usb_reset_device(hw->usb);
1675         if(result<0) {
1676                 WLAN_LOG_ERROR("usb_reset_device() failed, result=%d.\n",result);
1677         }
1678
1679         DBFEXIT;
1680         return result;
1681 }
1682
1683
1684 /*----------------------------------------------------------------
1685 * hfa384x_usbctlx_complete_sync
1686 *
1687 * Waits for a synchronous CTLX object to complete,
1688 * and then handles the response.
1689 *
1690 * Arguments:
1691 *       hw              device structure
1692 *       ctlx            CTLX ptr
1693 *       completor       functor object to decide what to
1694 *                       do with the CTLX's result.
1695 *
1696 * Returns:
1697 *       0               Success
1698 *       -ERESTARTSYS    Interrupted by a signal
1699 *       -EIO            CTLX failed
1700 *       -ENODEV         Adapter was unplugged
1701 *       ???             Result from completor
1702 *
1703 * Side effects:
1704 *
1705 * Call context:
1706 *       process
1707 ----------------------------------------------------------------*/
1708 static int hfa384x_usbctlx_complete_sync(hfa384x_t *hw,
1709                                          hfa384x_usbctlx_t *ctlx,
1710                                          usbctlx_completor_t *completor)
1711 {
1712         unsigned long flags;
1713         int result;
1714
1715         DBFENTER;
1716
1717         result = wait_for_completion_interruptible(&ctlx->done);
1718
1719         spin_lock_irqsave(&hw->ctlxq.lock, flags);
1720
1721         /*
1722          * We can only handle the CTLX if the USB disconnect
1723          * function has not run yet ...
1724          */
1725         cleanup:
1726         if ( hw->wlandev->hwremoved )
1727         {
1728                 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
1729                 result = -ENODEV;
1730         }
1731         else if ( result != 0 )
1732         {
1733                 int runqueue = 0;
1734
1735                 /*
1736                  * We were probably interrupted, so delete
1737                  * this CTLX asynchronously, kill the timers
1738                  * and the URB, and then start the next
1739                  * pending CTLX.
1740                  *
1741                  * NOTE: We can only delete the timers and
1742                  *       the URB if this CTLX is active.
1743                  */
1744                 if (ctlx == get_active_ctlx(hw))
1745                 {
1746                         spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
1747
1748                         del_singleshot_timer_sync(&hw->reqtimer);
1749                         del_singleshot_timer_sync(&hw->resptimer);
1750                         hw->req_timer_done = 1;
1751                         hw->resp_timer_done = 1;
1752                         usb_kill_urb(&hw->ctlx_urb);
1753
1754                         spin_lock_irqsave(&hw->ctlxq.lock, flags);
1755
1756                         runqueue = 1;
1757
1758                         /*
1759                          * This scenario is so unlikely that I'm
1760                          * happy with a grubby "goto" solution ...
1761                          */
1762                         if ( hw->wlandev->hwremoved )
1763                                 goto cleanup;
1764                 }
1765
1766                 /*
1767                  * The completion task will send this CTLX
1768                  * to the reaper the next time it runs. We
1769                  * are no longer in a hurry.
1770                  */
1771                 ctlx->reapable = 1;
1772                 ctlx->state = CTLX_REQ_FAILED;
1773                 list_move_tail(&ctlx->list, &hw->ctlxq.completing);
1774
1775                 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
1776
1777                 if (runqueue)
1778                         hfa384x_usbctlxq_run(hw);
1779         } else {
1780                 if (ctlx->state == CTLX_COMPLETE) {
1781                         result = completor->complete(completor);
1782                 } else {
1783                         WLAN_LOG_WARNING("CTLX[%d] error: state(%s)\n",
1784                                          hfa384x2host_16(ctlx->outbuf.type),
1785                                          ctlxstr(ctlx->state));
1786                         result = -EIO;
1787                 }
1788
1789                 list_del(&ctlx->list);
1790                 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
1791                 kfree(ctlx);
1792         }
1793
1794         DBFEXIT;
1795         return result;
1796 }
1797
1798 /*----------------------------------------------------------------
1799 * hfa384x_docmd
1800 *
1801 * Constructs a command CTLX and submits it.
1802 *
1803 * NOTE: Any changes to the 'post-submit' code in this function
1804 *       need to be carried over to hfa384x_cbcmd() since the handling
1805 *       is virtually identical.
1806 *
1807 * Arguments:
1808 *       hw              device structure
1809 *       mode            DOWAIT or DOASYNC
1810 *       cmd             cmd structure.  Includes all arguments and result
1811 *                       data points.  All in host order. in host order
1812 *       cmdcb           command-specific callback
1813 *       usercb          user callback for async calls, NULL for DOWAIT calls
1814 *       usercb_data     user supplied data pointer for async calls, NULL
1815 *                       for DOASYNC calls
1816 *
1817 * Returns:
1818 *       0               success
1819 *       -EIO            CTLX failure
1820 *       -ERESTARTSYS    Awakened on signal
1821 *       >0              command indicated error, Status and Resp0-2 are
1822 *                       in hw structure.
1823 *
1824 * Side effects:
1825 *
1826 *
1827 * Call context:
1828 *       process
1829 ----------------------------------------------------------------*/
1830 static int
1831 hfa384x_docmd(
1832         hfa384x_t *hw,
1833         CMD_MODE mode,
1834         hfa384x_metacmd_t *cmd,
1835         ctlx_cmdcb_t    cmdcb,
1836         ctlx_usercb_t   usercb,
1837         void    *usercb_data)
1838 {
1839         int                     result;
1840         hfa384x_usbctlx_t       *ctlx;
1841
1842         DBFENTER;
1843         ctlx = usbctlx_alloc();
1844         if ( ctlx == NULL ) {
1845                 result = -ENOMEM;
1846                 goto done;
1847         }
1848
1849         /* Initialize the command */
1850         ctlx->outbuf.cmdreq.type =      host2hfa384x_16(HFA384x_USB_CMDREQ);
1851         ctlx->outbuf.cmdreq.cmd =       host2hfa384x_16(cmd->cmd);
1852         ctlx->outbuf.cmdreq.parm0 =     host2hfa384x_16(cmd->parm0);
1853         ctlx->outbuf.cmdreq.parm1 =     host2hfa384x_16(cmd->parm1);
1854         ctlx->outbuf.cmdreq.parm2 =     host2hfa384x_16(cmd->parm2);
1855
1856         ctlx->outbufsize = sizeof(ctlx->outbuf.cmdreq);
1857
1858         WLAN_LOG_DEBUG(4, "cmdreq: cmd=0x%04x "
1859                 "parm0=0x%04x parm1=0x%04x parm2=0x%04x\n",
1860                 cmd->cmd,
1861                 cmd->parm0,
1862                 cmd->parm1,
1863                 cmd->parm2);
1864
1865         ctlx->reapable = mode;
1866         ctlx->cmdcb = cmdcb;
1867         ctlx->usercb = usercb;
1868         ctlx->usercb_data = usercb_data;
1869
1870         result = hfa384x_usbctlx_submit(hw, ctlx);
1871         if (result != 0) {
1872                 kfree(ctlx);
1873         } else if (mode == DOWAIT) {
1874                 usbctlx_cmd_completor_t completor;
1875
1876                 result = hfa384x_usbctlx_complete_sync(
1877                              hw, ctlx, init_cmd_completor(&completor,
1878                                                           &ctlx->inbuf.cmdresp,
1879                                                           &cmd->result) );
1880         }
1881
1882 done:
1883         DBFEXIT;
1884         return result;
1885 }
1886
1887
1888 /*----------------------------------------------------------------
1889 * hfa384x_dorrid
1890 *
1891 * Constructs a read rid CTLX and issues it.
1892 *
1893 * NOTE: Any changes to the 'post-submit' code in this function
1894 *       need to be carried over to hfa384x_cbrrid() since the handling
1895 *       is virtually identical.
1896 *
1897 * Arguments:
1898 *       hw              device structure
1899 *       mode            DOWAIT or DOASYNC
1900 *       rid             Read RID number (host order)
1901 *       riddata         Caller supplied buffer that MAC formatted RID.data
1902 *                       record will be written to for DOWAIT calls. Should
1903 *                       be NULL for DOASYNC calls.
1904 *       riddatalen      Buffer length for DOWAIT calls. Zero for DOASYNC calls.
1905 *       cmdcb           command callback for async calls, NULL for DOWAIT calls
1906 *       usercb          user callback for async calls, NULL for DOWAIT calls
1907 *       usercb_data     user supplied data pointer for async calls, NULL
1908 *                       for DOWAIT calls
1909 *
1910 * Returns:
1911 *       0               success
1912 *       -EIO            CTLX failure
1913 *       -ERESTARTSYS    Awakened on signal
1914 *       -ENODATA        riddatalen != macdatalen
1915 *       >0              command indicated error, Status and Resp0-2 are
1916 *                       in hw structure.
1917 *
1918 * Side effects:
1919 *
1920 * Call context:
1921 *       interrupt (DOASYNC)
1922 *       process (DOWAIT or DOASYNC)
1923 ----------------------------------------------------------------*/
1924 static int
1925 hfa384x_dorrid(
1926         hfa384x_t *hw,
1927         CMD_MODE mode,
1928         UINT16  rid,
1929         void    *riddata,
1930         UINT    riddatalen,
1931         ctlx_cmdcb_t cmdcb,
1932         ctlx_usercb_t usercb,
1933         void    *usercb_data)
1934 {
1935         int                     result;
1936         hfa384x_usbctlx_t       *ctlx;
1937
1938         DBFENTER;
1939         ctlx = usbctlx_alloc();
1940         if ( ctlx == NULL ) {
1941                 result = -ENOMEM;
1942                 goto done;
1943         }
1944
1945         /* Initialize the command */
1946         ctlx->outbuf.rridreq.type =   host2hfa384x_16(HFA384x_USB_RRIDREQ);
1947         ctlx->outbuf.rridreq.frmlen =
1948                 host2hfa384x_16(sizeof(ctlx->outbuf.rridreq.rid));
1949         ctlx->outbuf.rridreq.rid =    host2hfa384x_16(rid);
1950
1951         ctlx->outbufsize = sizeof(ctlx->outbuf.rridreq);
1952
1953         ctlx->reapable = mode;
1954         ctlx->cmdcb = cmdcb;
1955         ctlx->usercb = usercb;
1956         ctlx->usercb_data = usercb_data;
1957
1958         /* Submit the CTLX */
1959         result = hfa384x_usbctlx_submit(hw, ctlx);
1960         if (result != 0) {
1961                 kfree(ctlx);
1962         } else if (mode == DOWAIT) {
1963                 usbctlx_rrid_completor_t completor;
1964
1965                 result = hfa384x_usbctlx_complete_sync(
1966                            hw, ctlx, init_rrid_completor(&completor,
1967                                                          &ctlx->inbuf.rridresp,
1968                                                          riddata,
1969                                                          riddatalen) );
1970         }
1971
1972 done:
1973         DBFEXIT;
1974         return result;
1975 }
1976
1977
1978 /*----------------------------------------------------------------
1979 * hfa384x_dowrid
1980 *
1981 * Constructs a write rid CTLX and issues it.
1982 *
1983 * NOTE: Any changes to the 'post-submit' code in this function
1984 *       need to be carried over to hfa384x_cbwrid() since the handling
1985 *       is virtually identical.
1986 *
1987 * Arguments:
1988 *       hw              device structure
1989 *       CMD_MODE        DOWAIT or DOASYNC
1990 *       rid             RID code
1991 *       riddata         Data portion of RID formatted for MAC
1992 *       riddatalen      Length of the data portion in bytes
1993 *       cmdcb           command callback for async calls, NULL for DOWAIT calls
1994 *       usercb          user callback for async calls, NULL for DOWAIT calls
1995 *       usercb_data     user supplied data pointer for async calls
1996 *
1997 * Returns:
1998 *       0               success
1999 *       -ETIMEDOUT      timed out waiting for register ready or
2000 *                       command completion
2001 *       >0              command indicated error, Status and Resp0-2 are
2002 *                       in hw structure.
2003 *
2004 * Side effects:
2005 *
2006 * Call context:
2007 *       interrupt (DOASYNC)
2008 *       process (DOWAIT or DOASYNC)
2009 ----------------------------------------------------------------*/
2010 static int
2011 hfa384x_dowrid(
2012         hfa384x_t *hw,
2013         CMD_MODE mode,
2014         UINT16  rid,
2015         void    *riddata,
2016         UINT    riddatalen,
2017         ctlx_cmdcb_t cmdcb,
2018         ctlx_usercb_t usercb,
2019         void    *usercb_data)
2020 {
2021         int                     result;
2022         hfa384x_usbctlx_t       *ctlx;
2023
2024         DBFENTER;
2025         ctlx = usbctlx_alloc();
2026         if ( ctlx == NULL ) {
2027                 result = -ENOMEM;
2028                 goto done;
2029         }
2030
2031         /* Initialize the command */
2032         ctlx->outbuf.wridreq.type =   host2hfa384x_16(HFA384x_USB_WRIDREQ);
2033         ctlx->outbuf.wridreq.frmlen = host2hfa384x_16(
2034                                         (sizeof(ctlx->outbuf.wridreq.rid) +
2035                                         riddatalen + 1) / 2);
2036         ctlx->outbuf.wridreq.rid =    host2hfa384x_16(rid);
2037         memcpy(ctlx->outbuf.wridreq.data, riddata, riddatalen);
2038
2039         ctlx->outbufsize = sizeof(ctlx->outbuf.wridreq.type) +
2040                            sizeof(ctlx->outbuf.wridreq.frmlen) +
2041                            sizeof(ctlx->outbuf.wridreq.rid) +
2042                            riddatalen;
2043
2044         ctlx->reapable = mode;
2045         ctlx->cmdcb = cmdcb;
2046         ctlx->usercb = usercb;
2047         ctlx->usercb_data = usercb_data;
2048
2049         /* Submit the CTLX */
2050         result = hfa384x_usbctlx_submit(hw, ctlx);
2051         if (result != 0) {
2052                 kfree(ctlx);
2053         } else if (mode == DOWAIT) {
2054                 usbctlx_wrid_completor_t completor;
2055                 hfa384x_cmdresult_t wridresult;
2056
2057                 result = hfa384x_usbctlx_complete_sync(
2058                                hw,
2059                                ctlx,
2060                                init_wrid_completor(&completor,
2061                                                    &ctlx->inbuf.wridresp,
2062                                                    &wridresult) );
2063         }
2064
2065 done:
2066         DBFEXIT;
2067         return result;
2068 }
2069
2070 /*----------------------------------------------------------------
2071 * hfa384x_dormem
2072 *
2073 * Constructs a readmem CTLX and issues it.
2074 *
2075 * NOTE: Any changes to the 'post-submit' code in this function
2076 *       need to be carried over to hfa384x_cbrmem() since the handling
2077 *       is virtually identical.
2078 *
2079 * Arguments:
2080 *       hw              device structure
2081 *       mode            DOWAIT or DOASYNC
2082 *       page            MAC address space page (CMD format)
2083 *       offset          MAC address space offset
2084 *       data            Ptr to data buffer to receive read
2085 *       len             Length of the data to read (max == 2048)
2086 *       cmdcb           command callback for async calls, NULL for DOWAIT calls
2087 *       usercb          user callback for async calls, NULL for DOWAIT calls
2088 *       usercb_data     user supplied data pointer for async calls
2089 *
2090 * Returns:
2091 *       0               success
2092 *       -ETIMEDOUT      timed out waiting for register ready or
2093 *                       command completion
2094 *       >0              command indicated error, Status and Resp0-2 are
2095 *                       in hw structure.
2096 *
2097 * Side effects:
2098 *
2099 * Call context:
2100 *       interrupt (DOASYNC)
2101 *       process (DOWAIT or DOASYNC)
2102 ----------------------------------------------------------------*/
2103 static int
2104 hfa384x_dormem(
2105         hfa384x_t *hw,
2106         CMD_MODE mode,
2107         UINT16  page,
2108         UINT16  offset,
2109         void    *data,
2110         UINT    len,
2111         ctlx_cmdcb_t cmdcb,
2112         ctlx_usercb_t usercb,
2113         void    *usercb_data)
2114 {
2115         int                     result;
2116         hfa384x_usbctlx_t       *ctlx;
2117
2118         DBFENTER;
2119         ctlx = usbctlx_alloc();
2120         if ( ctlx == NULL ) {
2121                 result = -ENOMEM;
2122                 goto done;
2123         }
2124
2125         /* Initialize the command */
2126         ctlx->outbuf.rmemreq.type =    host2hfa384x_16(HFA384x_USB_RMEMREQ);
2127         ctlx->outbuf.rmemreq.frmlen =  host2hfa384x_16(
2128                                         sizeof(ctlx->outbuf.rmemreq.offset) +
2129                                         sizeof(ctlx->outbuf.rmemreq.page) +
2130                                         len);
2131         ctlx->outbuf.rmemreq.offset =   host2hfa384x_16(offset);
2132         ctlx->outbuf.rmemreq.page =     host2hfa384x_16(page);
2133
2134         ctlx->outbufsize = sizeof(ctlx->outbuf.rmemreq);
2135
2136         WLAN_LOG_DEBUG(4,
2137                 "type=0x%04x frmlen=%d offset=0x%04x page=0x%04x\n",
2138                 ctlx->outbuf.rmemreq.type,
2139                 ctlx->outbuf.rmemreq.frmlen,
2140                 ctlx->outbuf.rmemreq.offset,
2141                 ctlx->outbuf.rmemreq.page);
2142
2143         WLAN_LOG_DEBUG(4,"pktsize=%zd\n",
2144                 ROUNDUP64(sizeof(ctlx->outbuf.rmemreq)));
2145
2146         ctlx->reapable = mode;
2147         ctlx->cmdcb = cmdcb;
2148         ctlx->usercb = usercb;
2149         ctlx->usercb_data = usercb_data;
2150
2151         result = hfa384x_usbctlx_submit(hw, ctlx);
2152         if (result != 0) {
2153                 kfree(ctlx);
2154         } else if ( mode == DOWAIT ) {
2155                 usbctlx_rmem_completor_t completor;
2156
2157                 result = hfa384x_usbctlx_complete_sync(
2158                            hw, ctlx, init_rmem_completor(&completor,
2159                                                          &ctlx->inbuf.rmemresp,
2160                                                          data,
2161                                                          len) );
2162         }
2163
2164 done:
2165         DBFEXIT;
2166         return result;
2167 }
2168
2169
2170
2171 /*----------------------------------------------------------------
2172 * hfa384x_dowmem
2173 *
2174 * Constructs a writemem CTLX and issues it.
2175 *
2176 * NOTE: Any changes to the 'post-submit' code in this function
2177 *       need to be carried over to hfa384x_cbwmem() since the handling
2178 *       is virtually identical.
2179 *
2180 * Arguments:
2181 *       hw              device structure
2182 *       mode            DOWAIT or DOASYNC
2183 *       page            MAC address space page (CMD format)
2184 *       offset          MAC address space offset
2185 *       data            Ptr to data buffer containing write data
2186 *       len             Length of the data to read (max == 2048)
2187 *       cmdcb           command callback for async calls, NULL for DOWAIT calls
2188 *       usercb          user callback for async calls, NULL for DOWAIT calls
2189 *       usercb_data     user supplied data pointer for async calls.
2190 *
2191 * Returns:
2192 *       0               success
2193 *       -ETIMEDOUT      timed out waiting for register ready or
2194 *                       command completion
2195 *       >0              command indicated error, Status and Resp0-2 are
2196 *                       in hw structure.
2197 *
2198 * Side effects:
2199 *
2200 * Call context:
2201 *       interrupt (DOWAIT)
2202 *       process (DOWAIT or DOASYNC)
2203 ----------------------------------------------------------------*/
2204 static int
2205 hfa384x_dowmem(
2206         hfa384x_t *hw,
2207         CMD_MODE mode,
2208         UINT16  page,
2209         UINT16  offset,
2210         void    *data,
2211         UINT    len,
2212         ctlx_cmdcb_t cmdcb,
2213         ctlx_usercb_t usercb,
2214         void    *usercb_data)
2215 {
2216         int                     result;
2217         hfa384x_usbctlx_t       *ctlx;
2218
2219         DBFENTER;
2220         WLAN_LOG_DEBUG(5, "page=0x%04x offset=0x%04x len=%d\n",
2221                 page,offset,len);
2222
2223         ctlx = usbctlx_alloc();
2224         if ( ctlx == NULL ) {
2225                 result = -ENOMEM;
2226                 goto done;
2227         }
2228
2229         /* Initialize the command */
2230         ctlx->outbuf.wmemreq.type =   host2hfa384x_16(HFA384x_USB_WMEMREQ);
2231         ctlx->outbuf.wmemreq.frmlen = host2hfa384x_16(
2232                                         sizeof(ctlx->outbuf.wmemreq.offset) +
2233                                         sizeof(ctlx->outbuf.wmemreq.page) +
2234                                         len);
2235         ctlx->outbuf.wmemreq.offset = host2hfa384x_16(offset);
2236         ctlx->outbuf.wmemreq.page =   host2hfa384x_16(page);
2237         memcpy(ctlx->outbuf.wmemreq.data, data, len);
2238
2239         ctlx->outbufsize = sizeof(ctlx->outbuf.wmemreq.type) +
2240                            sizeof(ctlx->outbuf.wmemreq.frmlen) +
2241                            sizeof(ctlx->outbuf.wmemreq.offset) +
2242                            sizeof(ctlx->outbuf.wmemreq.page) +
2243                            len;
2244
2245         ctlx->reapable = mode;
2246         ctlx->cmdcb = cmdcb;
2247         ctlx->usercb = usercb;
2248         ctlx->usercb_data = usercb_data;
2249
2250         result = hfa384x_usbctlx_submit(hw, ctlx);
2251         if (result != 0) {
2252                 kfree(ctlx);
2253         } else if ( mode == DOWAIT ) {
2254                 usbctlx_wmem_completor_t completor;
2255                 hfa384x_cmdresult_t wmemresult;
2256
2257                 result = hfa384x_usbctlx_complete_sync(
2258                                hw,
2259                                ctlx,
2260                                init_wmem_completor(&completor,
2261                                                    &ctlx->inbuf.wmemresp,
2262                                                    &wmemresult) );
2263         }
2264
2265 done:
2266         DBFEXIT;
2267         return result;
2268 }
2269
2270
2271 /*----------------------------------------------------------------
2272 * hfa384x_drvr_commtallies
2273 *
2274 * Send a commtallies inquiry to the MAC.  Note that this is an async
2275 * call that will result in an info frame arriving sometime later.
2276 *
2277 * Arguments:
2278 *       hw              device structure
2279 *
2280 * Returns:
2281 *       zero            success.
2282 *
2283 * Side effects:
2284 *
2285 * Call context:
2286 *       process
2287 ----------------------------------------------------------------*/
2288 int hfa384x_drvr_commtallies( hfa384x_t *hw )
2289 {
2290         hfa384x_metacmd_t cmd;
2291
2292         DBFENTER;
2293
2294         cmd.cmd = HFA384x_CMDCODE_INQ;
2295         cmd.parm0 = HFA384x_IT_COMMTALLIES;
2296         cmd.parm1 = 0;
2297         cmd.parm2 = 0;
2298
2299         hfa384x_docmd_async(hw, &cmd, NULL, NULL, NULL);
2300
2301         DBFEXIT;
2302         return 0;
2303 }
2304
2305
2306 /*----------------------------------------------------------------
2307 * hfa384x_drvr_disable
2308 *
2309 * Issues the disable command to stop communications on one of
2310 * the MACs 'ports'.  Only macport 0 is valid  for stations.
2311 * APs may also disable macports 1-6.  Only ports that have been
2312 * previously enabled may be disabled.
2313 *
2314 * Arguments:
2315 *       hw              device structure
2316 *       macport         MAC port number (host order)
2317 *
2318 * Returns:
2319 *       0               success
2320 *       >0              f/w reported failure - f/w status code
2321 *       <0              driver reported error (timeout|bad arg)
2322 *
2323 * Side effects:
2324 *
2325 * Call context:
2326 *       process
2327 ----------------------------------------------------------------*/
2328 int hfa384x_drvr_disable(hfa384x_t *hw, UINT16 macport)
2329 {
2330         int     result = 0;
2331
2332         DBFENTER;
2333         if ((!hw->isap && macport != 0) ||
2334             (hw->isap && !(macport <= HFA384x_PORTID_MAX)) ||
2335             !(hw->port_enabled[macport]) ){
2336                 result = -EINVAL;
2337         } else {
2338                 result = hfa384x_cmd_disable(hw, macport);
2339                 if ( result == 0 ) {
2340                         hw->port_enabled[macport] = 0;
2341                 }
2342         }
2343         DBFEXIT;
2344         return result;
2345 }
2346
2347
2348 /*----------------------------------------------------------------
2349 * hfa384x_drvr_enable
2350 *
2351 * Issues the enable command to enable communications on one of
2352 * the MACs 'ports'.  Only macport 0 is valid  for stations.
2353 * APs may also enable macports 1-6.  Only ports that are currently
2354 * disabled may be enabled.
2355 *
2356 * Arguments:
2357 *       hw              device structure
2358 *       macport         MAC port number
2359 *
2360 * Returns:
2361 *       0               success
2362 *       >0              f/w reported failure - f/w status code
2363 *       <0              driver reported error (timeout|bad arg)
2364 *
2365 * Side effects:
2366 *
2367 * Call context:
2368 *       process
2369 ----------------------------------------------------------------*/
2370 int hfa384x_drvr_enable(hfa384x_t *hw, UINT16 macport)
2371 {
2372         int     result = 0;
2373
2374         DBFENTER;
2375         if ((!hw->isap && macport != 0) ||
2376             (hw->isap && !(macport <= HFA384x_PORTID_MAX)) ||
2377             (hw->port_enabled[macport]) ){
2378                 result = -EINVAL;
2379         } else {
2380                 result = hfa384x_cmd_enable(hw, macport);
2381                 if ( result == 0 ) {
2382                         hw->port_enabled[macport] = 1;
2383                 }
2384         }
2385         DBFEXIT;
2386         return result;
2387 }
2388
2389
2390 /*----------------------------------------------------------------
2391 * hfa384x_drvr_flashdl_enable
2392 *
2393 * Begins the flash download state.  Checks to see that we're not
2394 * already in a download state and that a port isn't enabled.
2395 * Sets the download state and retrieves the flash download
2396 * buffer location, buffer size, and timeout length.
2397 *
2398 * Arguments:
2399 *       hw              device structure
2400 *
2401 * Returns:
2402 *       0               success
2403 *       >0              f/w reported error - f/w status code
2404 *       <0              driver reported error
2405 *
2406 * Side effects:
2407 *
2408 * Call context:
2409 *       process
2410 ----------------------------------------------------------------*/
2411 int hfa384x_drvr_flashdl_enable(hfa384x_t *hw)
2412 {
2413         int             result = 0;
2414         int             i;
2415
2416         DBFENTER;
2417         /* Check that a port isn't active */
2418         for ( i = 0; i < HFA384x_PORTID_MAX; i++) {
2419                 if ( hw->port_enabled[i] ) {
2420                         WLAN_LOG_DEBUG(1,"called when port enabled.\n");
2421                         return -EINVAL;
2422                 }
2423         }
2424
2425         /* Check that we're not already in a download state */
2426         if ( hw->dlstate != HFA384x_DLSTATE_DISABLED ) {
2427                 return -EINVAL;
2428         }
2429
2430         /* Retrieve the buffer loc&size and timeout */
2431         if ( (result = hfa384x_drvr_getconfig(hw, HFA384x_RID_DOWNLOADBUFFER,
2432                                 &(hw->bufinfo), sizeof(hw->bufinfo))) ) {
2433                 return result;
2434         }
2435         hw->bufinfo.page = hfa384x2host_16(hw->bufinfo.page);
2436         hw->bufinfo.offset = hfa384x2host_16(hw->bufinfo.offset);
2437         hw->bufinfo.len = hfa384x2host_16(hw->bufinfo.len);
2438         if ( (result = hfa384x_drvr_getconfig16(hw, HFA384x_RID_MAXLOADTIME,
2439                                 &(hw->dltimeout))) ) {
2440                 return result;
2441         }
2442         hw->dltimeout = hfa384x2host_16(hw->dltimeout);
2443
2444         WLAN_LOG_DEBUG(1,"flashdl_enable\n");
2445
2446         hw->dlstate = HFA384x_DLSTATE_FLASHENABLED;
2447         DBFEXIT;
2448         return result;
2449 }
2450
2451
2452 /*----------------------------------------------------------------
2453 * hfa384x_drvr_flashdl_disable
2454 *
2455 * Ends the flash download state.  Note that this will cause the MAC
2456 * firmware to restart.
2457 *
2458 * Arguments:
2459 *       hw              device structure
2460 *
2461 * Returns:
2462 *       0               success
2463 *       >0              f/w reported error - f/w status code
2464 *       <0              driver reported error
2465 *
2466 * Side effects:
2467 *
2468 * Call context:
2469 *       process
2470 ----------------------------------------------------------------*/
2471 int hfa384x_drvr_flashdl_disable(hfa384x_t *hw)
2472 {
2473         DBFENTER;
2474         /* Check that we're already in the download state */
2475         if ( hw->dlstate != HFA384x_DLSTATE_FLASHENABLED ) {
2476                 return -EINVAL;
2477         }
2478
2479         WLAN_LOG_DEBUG(1,"flashdl_enable\n");
2480
2481         /* There isn't much we can do at this point, so I don't */
2482         /*  bother  w/ the return value */
2483         hfa384x_cmd_download(hw, HFA384x_PROGMODE_DISABLE, 0, 0 , 0);
2484         hw->dlstate = HFA384x_DLSTATE_DISABLED;
2485
2486         DBFEXIT;
2487         return 0;
2488 }
2489
2490
2491 /*----------------------------------------------------------------
2492 * hfa384x_drvr_flashdl_write
2493 *
2494 * Performs a FLASH download of a chunk of data. First checks to see
2495 * that we're in the FLASH download state, then sets the download
2496 * mode, uses the aux functions to 1) copy the data to the flash
2497 * buffer, 2) sets the download 'write flash' mode, 3) readback and
2498 * compare.  Lather rinse, repeat as many times an necessary to get
2499 * all the given data into flash.
2500 * When all data has been written using this function (possibly
2501 * repeatedly), call drvr_flashdl_disable() to end the download state
2502 * and restart the MAC.
2503 *
2504 * Arguments:
2505 *       hw              device structure
2506 *       daddr           Card address to write to. (host order)
2507 *       buf             Ptr to data to write.
2508 *       len             Length of data (host order).
2509 *
2510 * Returns:
2511 *       0               success
2512 *       >0              f/w reported error - f/w status code
2513 *       <0              driver reported error
2514 *
2515 * Side effects:
2516 *
2517 * Call context:
2518 *       process
2519 ----------------------------------------------------------------*/
2520 int
2521 hfa384x_drvr_flashdl_write(
2522         hfa384x_t       *hw,
2523         UINT32          daddr,
2524         void            *buf,
2525         UINT32          len)
2526 {
2527         int             result = 0;
2528         UINT32          dlbufaddr;
2529         int             nburns;
2530         UINT32          burnlen;
2531         UINT32          burndaddr;
2532         UINT16          burnlo;
2533         UINT16          burnhi;
2534         int             nwrites;
2535         UINT8           *writebuf;
2536         UINT16          writepage;
2537         UINT16          writeoffset;
2538         UINT32          writelen;
2539         int             i;
2540         int             j;
2541
2542         DBFENTER;
2543         WLAN_LOG_DEBUG(5,"daddr=0x%08x len=%d\n", daddr, len);
2544
2545         /* Check that we're in the flash download state */
2546         if ( hw->dlstate != HFA384x_DLSTATE_FLASHENABLED ) {
2547                 return -EINVAL;
2548         }
2549
2550         WLAN_LOG_INFO("Download %d bytes to flash @0x%06x\n", len, daddr);
2551
2552         /* Convert to flat address for arithmetic */
2553         /* NOTE: dlbuffer RID stores the address in AUX format */
2554         dlbufaddr = HFA384x_ADDR_AUX_MKFLAT(
2555                         hw->bufinfo.page, hw->bufinfo.offset);
2556         WLAN_LOG_DEBUG(5,
2557                 "dlbuf.page=0x%04x dlbuf.offset=0x%04x dlbufaddr=0x%08x\n",
2558                 hw->bufinfo.page, hw->bufinfo.offset, dlbufaddr);
2559
2560 #if 0
2561 WLAN_LOG_WARNING("dlbuf@0x%06lx len=%d to=%d\n", dlbufaddr, hw->bufinfo.len, hw->dltimeout);
2562 #endif
2563         /* Calculations to determine how many fills of the dlbuffer to do
2564          * and how many USB wmemreq's to do for each fill.  At this point
2565          * in time, the dlbuffer size and the wmemreq size are the same.
2566          * Therefore, nwrites should always be 1.  The extra complexity
2567          * here is a hedge against future changes.
2568          */
2569
2570         /* Figure out how many times to do the flash programming */
2571         nburns = len / hw->bufinfo.len;
2572         nburns += (len % hw->bufinfo.len) ? 1 : 0;
2573
2574         /* For each flash program cycle, how many USB wmemreq's are needed? */
2575         nwrites = hw->bufinfo.len / HFA384x_USB_RWMEM_MAXLEN;
2576         nwrites += (hw->bufinfo.len % HFA384x_USB_RWMEM_MAXLEN) ? 1 : 0;
2577
2578         /* For each burn */
2579         for ( i = 0; i < nburns; i++) {
2580                 /* Get the dest address and len */
2581                 burnlen = (len - (hw->bufinfo.len * i)) > hw->bufinfo.len ?
2582                                 hw->bufinfo.len :
2583                                 (len - (hw->bufinfo.len * i));
2584                 burndaddr = daddr + (hw->bufinfo.len * i);
2585                 burnlo = HFA384x_ADDR_CMD_MKOFF(burndaddr);
2586                 burnhi = HFA384x_ADDR_CMD_MKPAGE(burndaddr);
2587
2588                 WLAN_LOG_INFO("Writing %d bytes to flash @0x%06x\n",
2589                         burnlen, burndaddr);
2590
2591                 /* Set the download mode */
2592                 result = hfa384x_cmd_download(hw, HFA384x_PROGMODE_NV,
2593                                 burnlo, burnhi, burnlen);
2594                 if ( result ) {
2595                         WLAN_LOG_ERROR("download(NV,lo=%x,hi=%x,len=%x) "
2596                                 "cmd failed, result=%d. Aborting d/l\n",
2597                                 burnlo, burnhi, burnlen, result);
2598                         goto exit_proc;
2599                 }
2600
2601                 /* copy the data to the flash download buffer */
2602                 for ( j=0; j < nwrites; j++) {
2603                         writebuf = buf +
2604                                 (i*hw->bufinfo.len) +
2605                                 (j*HFA384x_USB_RWMEM_MAXLEN);
2606
2607                         writepage = HFA384x_ADDR_CMD_MKPAGE(
2608                                         dlbufaddr +
2609                                         (j*HFA384x_USB_RWMEM_MAXLEN));
2610                         writeoffset = HFA384x_ADDR_CMD_MKOFF(
2611                                         dlbufaddr +
2612                                         (j*HFA384x_USB_RWMEM_MAXLEN));
2613
2614                         writelen = burnlen-(j*HFA384x_USB_RWMEM_MAXLEN);
2615                         writelen = writelen  > HFA384x_USB_RWMEM_MAXLEN ?
2616                                         HFA384x_USB_RWMEM_MAXLEN :
2617                                         writelen;
2618
2619                         result = hfa384x_dowmem_wait( hw,
2620                                         writepage,
2621                                         writeoffset,
2622                                         writebuf,
2623                                         writelen );
2624 #if 0
2625
2626 Comment out for debugging, assume the write was successful.
2627                         if (result) {
2628                                 WLAN_LOG_ERROR(
2629                                         "Write to dl buffer failed, "
2630                                         "result=0x%04x. Aborting.\n",
2631                                         result);
2632                                 goto exit_proc;
2633                         }
2634 #endif
2635
2636                 }
2637
2638                 /* set the download 'write flash' mode */
2639                 result = hfa384x_cmd_download(hw,
2640                                 HFA384x_PROGMODE_NVWRITE,
2641                                 0,0,0);
2642                 if ( result ) {
2643                         WLAN_LOG_ERROR(
2644                                 "download(NVWRITE,lo=%x,hi=%x,len=%x) "
2645                                 "cmd failed, result=%d. Aborting d/l\n",
2646                                 burnlo, burnhi, burnlen, result);
2647                         goto exit_proc;
2648                 }
2649
2650                 /* TODO: We really should do a readback and compare. */
2651         }
2652
2653 exit_proc:
2654
2655         /* Leave the firmware in the 'post-prog' mode.  flashdl_disable will */
2656         /*  actually disable programming mode.  Remember, that will cause the */
2657         /*  the firmware to effectively reset itself. */
2658
2659         DBFEXIT;
2660         return result;
2661 }
2662
2663
2664 /*----------------------------------------------------------------
2665 * hfa384x_drvr_getconfig
2666 *
2667 * Performs the sequence necessary to read a config/info item.
2668 *
2669 * Arguments:
2670 *       hw              device structure
2671 *       rid             config/info record id (host order)
2672 *       buf             host side record buffer.  Upon return it will
2673 *                       contain the body portion of the record (minus the
2674 *                       RID and len).
2675 *       len             buffer length (in bytes, should match record length)
2676 *
2677 * Returns:
2678 *       0               success
2679 *       >0              f/w reported error - f/w status code
2680 *       <0              driver reported error
2681 *       -ENODATA        length mismatch between argument and retrieved
2682 *                       record.
2683 *
2684 * Side effects:
2685 *
2686 * Call context:
2687 *       process
2688 ----------------------------------------------------------------*/
2689 int hfa384x_drvr_getconfig(hfa384x_t *hw, UINT16 rid, void *buf, UINT16 len)
2690 {
2691         int                     result;
2692         DBFENTER;
2693
2694         result = hfa384x_dorrid_wait(hw, rid, buf, len);
2695
2696         DBFEXIT;
2697         return result;
2698 }
2699
2700 /*----------------------------------------------------------------
2701  * hfa384x_drvr_getconfig_async
2702  *
2703  * Performs the sequence necessary to perform an async read of
2704  * of a config/info item.
2705  *
2706  * Arguments:
2707  *       hw              device structure
2708  *       rid             config/info record id (host order)
2709  *       buf             host side record buffer.  Upon return it will
2710  *                       contain the body portion of the record (minus the
2711  *                       RID and len).
2712  *       len             buffer length (in bytes, should match record length)
2713  *       cbfn            caller supplied callback, called when the command
2714  *                       is done (successful or not).
2715  *       cbfndata        pointer to some caller supplied data that will be
2716  *                       passed in as an argument to the cbfn.
2717  *
2718  * Returns:
2719  *       nothing         the cbfn gets a status argument identifying if
2720  *                       any errors occur.
2721  * Side effects:
2722  *       Queues an hfa384x_usbcmd_t for subsequent execution.
2723  *
2724  * Call context:
2725  *       Any
2726  ----------------------------------------------------------------*/
2727 int
2728 hfa384x_drvr_getconfig_async(
2729          hfa384x_t               *hw,
2730          UINT16                  rid,
2731          ctlx_usercb_t           usercb,
2732          void                    *usercb_data)
2733 {
2734          return hfa384x_dorrid_async(hw, rid, NULL, 0,
2735                                      hfa384x_cb_rrid, usercb, usercb_data);
2736 }
2737
2738 /*----------------------------------------------------------------
2739  * hfa384x_drvr_setconfig_async
2740  *
2741  * Performs the sequence necessary to write a config/info item.
2742  *
2743  * Arguments:
2744  *       hw              device structure
2745  *       rid             config/info record id (in host order)
2746  *       buf             host side record buffer
2747  *       len             buffer length (in bytes)
2748  *       usercb          completion callback
2749  *       usercb_data     completion callback argument
2750  *
2751  * Returns:
2752  *       0               success
2753  *       >0              f/w reported error - f/w status code
2754  *       <0              driver reported error
2755  *
2756  * Side effects:
2757  *
2758  * Call context:
2759  *       process
2760  ----------------------------------------------------------------*/
2761 int
2762 hfa384x_drvr_setconfig_async(
2763          hfa384x_t       *hw,
2764          UINT16          rid,
2765          void            *buf,
2766          UINT16          len,
2767          ctlx_usercb_t   usercb,
2768          void            *usercb_data)
2769 {
2770         return hfa384x_dowrid_async(hw, rid, buf, len,
2771                                     hfa384x_cb_status, usercb, usercb_data);
2772 }
2773
2774 /*----------------------------------------------------------------
2775 * hfa384x_drvr_handover
2776 *
2777 * Sends a handover notification to the MAC.
2778 *
2779 * Arguments:
2780 *       hw              device structure
2781 *       addr            address of station that's left
2782 *
2783 * Returns:
2784 *       zero            success.
2785 *       -ERESTARTSYS    received signal while waiting for semaphore.
2786 *       -EIO            failed to write to bap, or failed in cmd.
2787 *
2788 * Side effects:
2789 *
2790 * Call context:
2791 *       process
2792 ----------------------------------------------------------------*/
2793 int hfa384x_drvr_handover( hfa384x_t *hw, UINT8 *addr)
2794 {
2795         DBFENTER;
2796         WLAN_LOG_ERROR("Not currently supported in USB!\n");
2797         DBFEXIT;
2798         return -EIO;
2799 }
2800
2801 /*----------------------------------------------------------------
2802 * hfa384x_drvr_low_level
2803 *
2804 * Write test commands to the card.  Some test commands don't make
2805 * sense without prior set-up.  For example, continous TX isn't very
2806 * useful until you set the channel.  That functionality should be
2807 *
2808 * Side effects:
2809 *
2810 * Call context:
2811 *      process thread
2812 * -----------------------------------------------------------------*/
2813 int hfa384x_drvr_low_level(hfa384x_t *hw, hfa384x_metacmd_t *cmd)
2814 {
2815         int             result;
2816         DBFENTER;
2817
2818         /* Do i need a host2hfa... conversion ? */
2819
2820         result = hfa384x_docmd_wait(hw, cmd);
2821
2822         DBFEXIT;
2823         return result;
2824 }
2825
2826 /*----------------------------------------------------------------
2827 * hfa384x_drvr_mmi_read
2828 *
2829 * Read mmi registers.  mmi is intersil-speak for the baseband
2830 * processor registers.
2831 *
2832 * Arguments:
2833 *       hw              device structure
2834 *       register        The test register to be accessed (must be even #).
2835 *
2836 * Returns:
2837 *       0               success
2838 *       >0              f/w reported error - f/w status code
2839 *       <0              driver reported error
2840 *
2841 * Side effects:
2842 *
2843 * Call context:
2844 *       process
2845 ----------------------------------------------------------------*/
2846 int hfa384x_drvr_mmi_read(hfa384x_t *hw, UINT32 addr, UINT32 *resp)
2847 {
2848 #if 0
2849         int             result = 0;
2850         UINT16  cmd_code = (UINT16) 0x30;
2851         UINT16 param = (UINT16) addr;
2852         DBFENTER;
2853
2854         /* Do i need a host2hfa... conversion ? */
2855         result = hfa384x_docmd_wait(hw, cmd_code);
2856
2857         DBFEXIT;
2858         return result;
2859 #endif
2860 return 0;
2861 }
2862
2863 /*----------------------------------------------------------------
2864 * hfa384x_drvr_mmi_write
2865 *
2866 * Read mmi registers.  mmi is intersil-speak for the baseband
2867 * processor registers.
2868 *
2869 * Arguments:
2870 *       hw              device structure
2871 *       addr            The test register to be accessed (must be even #).
2872 *       data            The data value to write to the register.
2873 *
2874 * Returns:
2875 *       0               success
2876 *       >0              f/w reported error - f/w status code
2877 *       <0              driver reported error
2878 *
2879 * Side effects:
2880 *
2881 * Call context:
2882 *       process
2883 ----------------------------------------------------------------*/
2884
2885 int
2886 hfa384x_drvr_mmi_write(hfa384x_t *hw, UINT32 addr, UINT32 data)
2887 {
2888 #if 0
2889         int             result = 0;
2890         UINT16  cmd_code = (UINT16) 0x31;
2891         UINT16 param0 = (UINT16) addr;
2892         UINT16 param1 = (UINT16) data;
2893         DBFENTER;
2894
2895         WLAN_LOG_DEBUG(1,"mmi write : addr = 0x%08lx\n", addr);
2896         WLAN_LOG_DEBUG(1,"mmi write : data = 0x%08lx\n", data);
2897
2898         /* Do i need a host2hfa... conversion ? */
2899         result = hfa384x_docmd_wait(hw, cmd_code);
2900
2901         DBFEXIT;
2902         return result;
2903 #endif
2904 return 0;
2905 }
2906
2907
2908 /*----------------------------------------------------------------
2909 * hfa384x_drvr_ramdl_disable
2910 *
2911 * Ends the ram download state.
2912 *
2913 * Arguments:
2914 *       hw              device structure
2915 *
2916 * Returns:
2917 *       0               success
2918 *       >0              f/w reported error - f/w status code
2919 *       <0              driver reported error
2920 *
2921 * Side effects:
2922 *
2923 * Call context:
2924 *       process
2925 ----------------------------------------------------------------*/
2926 int
2927 hfa384x_drvr_ramdl_disable(hfa384x_t *hw)
2928 {
2929         DBFENTER;
2930         /* Check that we're already in the download state */
2931         if ( hw->dlstate != HFA384x_DLSTATE_RAMENABLED ) {
2932                 return -EINVAL;
2933         }
2934
2935         WLAN_LOG_DEBUG(3,"ramdl_disable()\n");
2936
2937         /* There isn't much we can do at this point, so I don't */
2938         /*  bother  w/ the return value */
2939         hfa384x_cmd_download(hw, HFA384x_PROGMODE_DISABLE, 0, 0 , 0);
2940         hw->dlstate = HFA384x_DLSTATE_DISABLED;
2941
2942         DBFEXIT;
2943         return 0;
2944 }
2945
2946
2947 /*----------------------------------------------------------------
2948 * hfa384x_drvr_ramdl_enable
2949 *
2950 * Begins the ram download state.  Checks to see that we're not
2951 * already in a download state and that a port isn't enabled.
2952 * Sets the download state and calls cmd_download with the
2953 * ENABLE_VOLATILE subcommand and the exeaddr argument.
2954 *
2955 * Arguments:
2956 *       hw              device structure
2957 *       exeaddr         the card execution address that will be
2958 *                       jumped to when ramdl_disable() is called
2959 *                       (host order).
2960 *
2961 * Returns:
2962 *       0               success
2963 *       >0              f/w reported error - f/w status code
2964 *       <0              driver reported error
2965 *
2966 * Side effects:
2967 *
2968 * Call context:
2969 *       process
2970 ----------------------------------------------------------------*/
2971 int
2972 hfa384x_drvr_ramdl_enable(hfa384x_t *hw, UINT32 exeaddr)
2973 {
2974         int             result = 0;
2975         UINT16          lowaddr;
2976         UINT16          hiaddr;
2977         int             i;
2978         DBFENTER;
2979         /* Check that a port isn't active */
2980         for ( i = 0; i < HFA384x_PORTID_MAX; i++) {
2981                 if ( hw->port_enabled[i] ) {
2982                         WLAN_LOG_ERROR(
2983                                 "Can't download with a macport enabled.\n");
2984                         return -EINVAL;
2985                 }
2986         }
2987
2988         /* Check that we're not already in a download state */
2989         if ( hw->dlstate != HFA384x_DLSTATE_DISABLED ) {
2990                 WLAN_LOG_ERROR(
2991                         "Download state not disabled.\n");
2992                 return -EINVAL;
2993         }
2994
2995         WLAN_LOG_DEBUG(3,"ramdl_enable, exeaddr=0x%08x\n", exeaddr);
2996
2997         /* Call the download(1,addr) function */
2998         lowaddr = HFA384x_ADDR_CMD_MKOFF(exeaddr);
2999         hiaddr =  HFA384x_ADDR_CMD_MKPAGE(exeaddr);
3000
3001         result = hfa384x_cmd_download(hw, HFA384x_PROGMODE_RAM,
3002                         lowaddr, hiaddr, 0);
3003
3004         if ( result == 0) {
3005                 /* Set the download state */
3006                 hw->dlstate = HFA384x_DLSTATE_RAMENABLED;
3007         } else {
3008                 WLAN_LOG_DEBUG(1,
3009                         "cmd_download(0x%04x, 0x%04x) failed, result=%d.\n",
3010                         lowaddr,
3011                         hiaddr,
3012                         result);
3013         }
3014
3015         DBFEXIT;
3016         return result;
3017 }
3018
3019
3020 /*----------------------------------------------------------------
3021 * hfa384x_drvr_ramdl_write
3022 *
3023 * Performs a RAM download of a chunk of data. First checks to see
3024 * that we're in the RAM download state, then uses the [read|write]mem USB
3025 * commands to 1) copy the data, 2) readback and compare.  The download
3026 * state is unaffected.  When all data has been written using
3027 * this function, call drvr_ramdl_disable() to end the download state
3028 * and restart the MAC.
3029 *
3030 * Arguments:
3031 *       hw              device structure
3032 *       daddr           Card address to write to. (host order)
3033 *       buf             Ptr to data to write.
3034 *       len             Length of data (host order).
3035 *
3036 * Returns:
3037 *       0               success
3038 *       >0              f/w reported error - f/w status code
3039 *       <0              driver reported error
3040 *
3041 * Side effects:
3042 *
3043 * Call context:
3044 *       process
3045 ----------------------------------------------------------------*/
3046 int
3047 hfa384x_drvr_ramdl_write(hfa384x_t *hw, UINT32 daddr, void* buf, UINT32 len)
3048 {
3049         int             result = 0;
3050         int             nwrites;
3051         UINT8           *data = buf;
3052         int             i;
3053         UINT32          curraddr;
3054         UINT16          currpage;
3055         UINT16          curroffset;
3056         UINT16          currlen;
3057         DBFENTER;
3058         /* Check that we're in the ram download state */
3059         if ( hw->dlstate != HFA384x_DLSTATE_RAMENABLED ) {
3060                 return -EINVAL;
3061         }
3062
3063         WLAN_LOG_INFO("Writing %d bytes to ram @0x%06x\n", len, daddr);
3064
3065         /* How many dowmem calls?  */
3066         nwrites = len / HFA384x_USB_RWMEM_MAXLEN;
3067         nwrites += len % HFA384x_USB_RWMEM_MAXLEN ? 1 : 0;
3068
3069         /* Do blocking wmem's */
3070         for(i=0; i < nwrites; i++) {
3071                 /* make address args */
3072                 curraddr = daddr + (i * HFA384x_USB_RWMEM_MAXLEN);
3073                 currpage = HFA384x_ADDR_CMD_MKPAGE(curraddr);
3074                 curroffset = HFA384x_ADDR_CMD_MKOFF(curraddr);
3075                 currlen = len - (i * HFA384x_USB_RWMEM_MAXLEN);
3076                 if ( currlen > HFA384x_USB_RWMEM_MAXLEN) {
3077                         currlen = HFA384x_USB_RWMEM_MAXLEN;
3078                 }
3079
3080                 /* Do blocking ctlx */
3081                 result = hfa384x_dowmem_wait( hw,
3082                                 currpage,
3083                                 curroffset,
3084                                 data + (i*HFA384x_USB_RWMEM_MAXLEN),
3085                                 currlen );
3086
3087                 if (result) break;
3088
3089                 /* TODO: We really should have a readback. */
3090         }
3091
3092         DBFEXIT;
3093         return result;
3094 }
3095
3096
3097 /*----------------------------------------------------------------
3098 * hfa384x_drvr_readpda
3099 *
3100 * Performs the sequence to read the PDA space.  Note there is no
3101 * drvr_writepda() function.  Writing a PDA is
3102 * generally implemented by a calling component via calls to
3103 * cmd_download and writing to the flash download buffer via the
3104 * aux regs.
3105 *
3106 * Arguments:
3107 *       hw              device structure
3108 *       buf             buffer to store PDA in
3109 *       len             buffer length
3110 *
3111 * Returns:
3112 *       0               success
3113 *       >0              f/w reported error - f/w status code
3114 *       <0              driver reported error
3115 *       -ETIMEOUT       timout waiting for the cmd regs to become
3116 *                       available, or waiting for the control reg
3117 *                       to indicate the Aux port is enabled.
3118 *       -ENODATA        the buffer does NOT contain a valid PDA.
3119 *                       Either the card PDA is bad, or the auxdata
3120 *                       reads are giving us garbage.
3121
3122 *
3123 * Side effects:
3124 *
3125 * Call context:
3126 *       process or non-card interrupt.
3127 ----------------------------------------------------------------*/
3128 int hfa384x_drvr_readpda(hfa384x_t *hw, void *buf, UINT len)
3129 {
3130         int             result = 0;
3131         UINT16          *pda = buf;
3132         int             pdaok = 0;
3133         int             morepdrs = 1;
3134         int             currpdr = 0;    /* word offset of the current pdr */
3135         size_t          i;
3136         UINT16          pdrlen;         /* pdr length in bytes, host order */
3137         UINT16          pdrcode;        /* pdr code, host order */
3138         UINT16          currpage;
3139         UINT16          curroffset;
3140         struct pdaloc {
3141                 UINT32  cardaddr;
3142                 UINT16  auxctl;
3143         } pdaloc[] =
3144         {
3145                 { HFA3842_PDA_BASE,             0},
3146                 { HFA3841_PDA_BASE,             0},
3147                 { HFA3841_PDA_BOGUS_BASE,       0}
3148         };
3149
3150         DBFENTER;
3151
3152         /* Read the pda from each known address.  */
3153         for ( i = 0; i < ARRAY_SIZE(pdaloc); i++) {
3154                 /* Make address */
3155                 currpage = HFA384x_ADDR_CMD_MKPAGE(pdaloc[i].cardaddr);
3156                 curroffset = HFA384x_ADDR_CMD_MKOFF(pdaloc[i].cardaddr);
3157
3158                 result = hfa384x_dormem_wait(hw,
3159                         currpage,
3160                         curroffset,
3161                         buf,
3162                         len);           /* units of bytes */
3163
3164                 if (result) {
3165                         WLAN_LOG_WARNING(
3166                                           "Read from index %zd failed, continuing\n",
3167                                 i );
3168                         continue;
3169                 }
3170
3171                 /* Test for garbage */
3172                 pdaok = 1;      /* initially assume good */
3173                 morepdrs = 1;
3174                 while ( pdaok && morepdrs ) {
3175                         pdrlen = hfa384x2host_16(pda[currpdr]) * 2;
3176                         pdrcode = hfa384x2host_16(pda[currpdr+1]);
3177                         /* Test the record length */
3178                         if ( pdrlen > HFA384x_PDR_LEN_MAX || pdrlen == 0) {
3179                                 WLAN_LOG_ERROR("pdrlen invalid=%d\n",
3180                                         pdrlen);
3181                                 pdaok = 0;
3182                                 break;
3183                         }
3184                         /* Test the code */
3185                         if ( !hfa384x_isgood_pdrcode(pdrcode) ) {
3186                                 WLAN_LOG_ERROR("pdrcode invalid=%d\n",
3187                                         pdrcode);
3188                                 pdaok = 0;
3189                                 break;
3190                         }
3191                         /* Test for completion */
3192                         if ( pdrcode == HFA384x_PDR_END_OF_PDA) {
3193                                 morepdrs = 0;
3194                         }
3195
3196                         /* Move to the next pdr (if necessary) */
3197                         if ( morepdrs ) {
3198                                 /* note the access to pda[], need words here */
3199                                 currpdr += hfa384x2host_16(pda[currpdr]) + 1;
3200                         }
3201                 }
3202                 if ( pdaok ) {
3203                         WLAN_LOG_INFO(
3204                                 "PDA Read from 0x%08x in %s space.\n",
3205                                 pdaloc[i].cardaddr,
3206                                 pdaloc[i].auxctl == 0 ? "EXTDS" :
3207                                 pdaloc[i].auxctl == 1 ? "NV" :
3208                                 pdaloc[i].auxctl == 2 ? "PHY" :
3209                                 pdaloc[i].auxctl == 3 ? "ICSRAM" :
3210                                 "<bogus auxctl>");
3211                         break;
3212                 }
3213         }
3214         result = pdaok ? 0 : -ENODATA;
3215
3216         if ( result ) {
3217                 WLAN_LOG_DEBUG(3,"Failure: pda is not okay\n");
3218         }
3219
3220         DBFEXIT;
3221         return result;
3222 }
3223
3224
3225 /*----------------------------------------------------------------
3226 * hfa384x_drvr_setconfig
3227 *
3228 * Performs the sequence necessary to write a config/info item.
3229 *
3230 * Arguments:
3231 *       hw              device structure
3232 *       rid             config/info record id (in host order)
3233 *       buf             host side record buffer
3234 *       len             buffer length (in bytes)
3235 *
3236 * Returns:
3237 *       0               success
3238 *       >0              f/w reported error - f/w status code
3239 *       <0              driver reported error
3240 *
3241 * Side effects:
3242 *
3243 * Call context:
3244 *       process
3245 ----------------------------------------------------------------*/
3246 int hfa384x_drvr_setconfig(hfa384x_t *hw, UINT16 rid, void *buf, UINT16 len)
3247 {
3248         return hfa384x_dowrid_wait(hw, rid, buf, len);
3249 }
3250
3251 /*----------------------------------------------------------------
3252 * hfa384x_drvr_start
3253 *
3254 * Issues the MAC initialize command, sets up some data structures,
3255 * and enables the interrupts.  After this function completes, the
3256 * low-level stuff should be ready for any/all commands.
3257 *
3258 * Arguments:
3259 *       hw              device structure
3260 * Returns:
3261 *       0               success
3262 *       >0              f/w reported error - f/w status code
3263 *       <0              driver reported error
3264 *
3265 * Side effects:
3266 *
3267 * Call context:
3268 *       process
3269 ----------------------------------------------------------------*/
3270 int hfa384x_drvr_start(hfa384x_t *hw)
3271 {
3272         int             result;
3273         DBFENTER;
3274
3275         might_sleep();
3276
3277         if (usb_clear_halt(hw->usb, hw->endp_in)) {
3278                 WLAN_LOG_ERROR(
3279                         "Failed to reset bulk in endpoint.\n");
3280         }
3281
3282         if (usb_clear_halt(hw->usb, hw->endp_out)) {
3283                 WLAN_LOG_ERROR(
3284                         "Failed to reset bulk out endpoint.\n");
3285         }
3286
3287         /* Synchronous unlink, in case we're trying to restart the driver */
3288         usb_kill_urb(&hw->rx_urb);
3289
3290         /* Post the IN urb */
3291         result = submit_rx_urb(hw, GFP_KERNEL);
3292         if (result != 0) {
3293                 WLAN_LOG_ERROR(
3294                         "Fatal, failed to submit RX URB, result=%d\n",
3295                         result);
3296                 goto done;
3297         }
3298
3299         /* call initialize */
3300         result = hfa384x_cmd_initialize(hw);
3301         if (result != 0) {
3302                 usb_kill_urb(&hw->rx_urb);
3303                 WLAN_LOG_ERROR(
3304                         "cmd_initialize() failed, result=%d\n",
3305                         result);
3306                 goto done;
3307         }
3308
3309         hw->state = HFA384x_STATE_RUNNING;
3310
3311 done:
3312         DBFEXIT;
3313         return result;
3314 }
3315
3316
3317 /*----------------------------------------------------------------
3318 * hfa384x_drvr_stop
3319 *
3320 * Shuts down the MAC to the point where it is safe to unload the
3321 * driver.  Any subsystem that may be holding a data or function
3322 * ptr into the driver must be cleared/deinitialized.
3323 *
3324 * Arguments:
3325 *       hw              device structure
3326 * Returns:
3327 *       0               success
3328 *       >0              f/w reported error - f/w status code
3329 *       <0              driver reported error
3330 *
3331 * Side effects:
3332 *
3333 * Call context:
3334 *       process
3335 ----------------------------------------------------------------*/
3336 int
3337 hfa384x_drvr_stop(hfa384x_t *hw)
3338 {
3339         int     result = 0;
3340         int     i;
3341         DBFENTER;
3342
3343         might_sleep();
3344
3345         /* There's no need for spinlocks here. The USB "disconnect"
3346          * function sets this "removed" flag and then calls us.
3347          */
3348         if ( !hw->wlandev->hwremoved ) {
3349                 /* Call initialize to leave the MAC in its 'reset' state */
3350                 hfa384x_cmd_initialize(hw);
3351
3352                 /* Cancel the rxurb */
3353                 usb_kill_urb(&hw->rx_urb);
3354         }
3355
3356         hw->link_status = HFA384x_LINK_NOTCONNECTED;
3357         hw->state = HFA384x_STATE_INIT;
3358
3359         del_timer_sync(&hw->commsqual_timer);
3360
3361         /* Clear all the port status */
3362         for ( i = 0; i < HFA384x_NUMPORTS_MAX; i++) {
3363                 hw->port_enabled[i] = 0;
3364         }
3365
3366         DBFEXIT;
3367         return result;
3368 }
3369
3370 /*----------------------------------------------------------------
3371 * hfa384x_drvr_txframe
3372 *
3373 * Takes a frame from prism2sta and queues it for transmission.
3374 *
3375 * Arguments:
3376 *       hw              device structure
3377 *       skb             packet buffer struct.  Contains an 802.11
3378 *                       data frame.
3379 *       p80211_hdr      points to the 802.11 header for the packet.
3380 * Returns:
3381 *       0               Success and more buffs available
3382 *       1               Success but no more buffs
3383 *       2               Allocation failure
3384 *       4               Buffer full or queue busy
3385 *
3386 * Side effects:
3387 *
3388 * Call context:
3389 *       interrupt
3390 ----------------------------------------------------------------*/
3391 int hfa384x_drvr_txframe(hfa384x_t *hw, struct sk_buff *skb, p80211_hdr_t *p80211_hdr, p80211_metawep_t *p80211_wep)
3392
3393 {
3394         int             usbpktlen = sizeof(hfa384x_tx_frame_t);
3395         int             result;
3396         int             ret;
3397         char            *ptr;
3398
3399         DBFENTER;
3400
3401         if (hw->tx_urb.status == -EINPROGRESS) {
3402                 WLAN_LOG_WARNING("TX URB already in use\n");
3403                 result = 3;
3404                 goto exit;
3405         }
3406
3407         /* Build Tx frame structure */
3408         /* Set up the control field */
3409         memset(&hw->txbuff.txfrm.desc, 0, sizeof(hw->txbuff.txfrm.desc));
3410
3411         /* Setup the usb type field */
3412         hw->txbuff.type = host2hfa384x_16(HFA384x_USB_TXFRM);
3413
3414         /* Set up the sw_support field to identify this frame */
3415         hw->txbuff.txfrm.desc.sw_support = 0x0123;
3416
3417 /* Tx complete and Tx exception disable per dleach.  Might be causing
3418  * buf depletion
3419  */
3420 //#define DOEXC  SLP -- doboth breaks horribly under load, doexc less so.
3421 #if defined(DOBOTH)
3422         hw->txbuff.txfrm.desc.tx_control =
3423                 HFA384x_TX_MACPORT_SET(0) | HFA384x_TX_STRUCTYPE_SET(1) |
3424                 HFA384x_TX_TXEX_SET(1) | HFA384x_TX_TXOK_SET(1);
3425 #elif defined(DOEXC)
3426         hw->txbuff.txfrm.desc.tx_control =
3427                 HFA384x_TX_MACPORT_SET(0) | HFA384x_TX_STRUCTYPE_SET(1) |
3428                 HFA384x_TX_TXEX_SET(1) | HFA384x_TX_TXOK_SET(0);
3429 #else
3430         hw->txbuff.txfrm.desc.tx_control =
3431                 HFA384x_TX_MACPORT_SET(0) | HFA384x_TX_STRUCTYPE_SET(1) |
3432                 HFA384x_TX_TXEX_SET(0) | HFA384x_TX_TXOK_SET(0);
3433 #endif
3434         hw->txbuff.txfrm.desc.tx_control =
3435                 host2hfa384x_16(hw->txbuff.txfrm.desc.tx_control);
3436
3437         /* copy the header over to the txdesc */
3438         memcpy(&(hw->txbuff.txfrm.desc.frame_control), p80211_hdr, sizeof(p80211_hdr_t));
3439
3440         /* if we're using host WEP, increase size by IV+ICV */
3441         if (p80211_wep->data) {
3442                 hw->txbuff.txfrm.desc.data_len = host2hfa384x_16(skb->len+8);
3443                 // hw->txbuff.txfrm.desc.tx_control |= HFA384x_TX_NOENCRYPT_SET(1);
3444                 usbpktlen+=8;
3445         } else {
3446                 hw->txbuff.txfrm.desc.data_len = host2hfa384x_16(skb->len);
3447         }
3448
3449         usbpktlen += skb->len;
3450
3451         /* copy over the WEP IV if we are using host WEP */
3452         ptr = hw->txbuff.txfrm.data;
3453         if (p80211_wep->data) {
3454                 memcpy(ptr, p80211_wep->iv, sizeof(p80211_wep->iv));
3455                 ptr+= sizeof(p80211_wep->iv);
3456                 memcpy(ptr, p80211_wep->data, skb->len);
3457         } else {
3458                 memcpy(ptr, skb->data, skb->len);
3459         }
3460         /* copy over the packet data */
3461         ptr+= skb->len;
3462
3463         /* copy over the WEP ICV if we are using host WEP */
3464         if (p80211_wep->data) {
3465                 memcpy(ptr, p80211_wep->icv, sizeof(p80211_wep->icv));
3466         }
3467
3468         /* Send the USB packet */
3469         usb_fill_bulk_urb( &(hw->tx_urb), hw->usb,
3470                        hw->endp_out,
3471                        &(hw->txbuff), ROUNDUP64(usbpktlen),
3472                        hfa384x_usbout_callback, hw->wlandev );
3473         hw->tx_urb.transfer_flags |= USB_QUEUE_BULK;
3474
3475         result = 1;
3476         ret = submit_tx_urb(hw, &hw->tx_urb, GFP_ATOMIC);
3477         if ( ret != 0 ) {
3478                 WLAN_LOG_ERROR(
3479                         "submit_tx_urb() failed, error=%d\n", ret);
3480                 result = 3;
3481         }
3482
3483  exit:
3484         DBFEXIT;
3485         return result;
3486 }
3487
3488 void hfa384x_tx_timeout(wlandevice_t *wlandev)
3489 {
3490         hfa384x_t       *hw = wlandev->priv;
3491         unsigned long flags;
3492
3493         DBFENTER;
3494
3495         spin_lock_irqsave(&hw->ctlxq.lock, flags);
3496
3497         if ( !hw->wlandev->hwremoved &&
3498              /* Note the bitwise OR, not the logical OR. */
3499              ( !test_and_set_bit(WORK_TX_HALT, &hw->usb_flags) |
3500                !test_and_set_bit(WORK_RX_HALT, &hw->usb_flags) ) )
3501         {
3502                 schedule_work(&hw->usb_work);
3503         }
3504
3505         spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
3506
3507         DBFEXIT;
3508 }
3509
3510 /*----------------------------------------------------------------
3511 * hfa384x_usbctlx_reaper_task
3512 *
3513 * Tasklet to delete dead CTLX objects
3514 *
3515 * Arguments:
3516 *       data    ptr to a hfa384x_t
3517 *
3518 * Returns:
3519 *
3520 * Call context:
3521 *       Interrupt
3522 ----------------------------------------------------------------*/
3523 static void hfa384x_usbctlx_reaper_task(unsigned long data)
3524 {
3525         hfa384x_t       *hw = (hfa384x_t*)data;
3526         struct list_head *entry;
3527         struct list_head *temp;
3528         unsigned long   flags;
3529
3530         DBFENTER;
3531
3532         spin_lock_irqsave(&hw->ctlxq.lock, flags);
3533
3534         /* This list is guaranteed to be empty if someone
3535          * has unplugged the adapter.
3536          */
3537         list_for_each_safe(entry, temp, &hw->ctlxq.reapable) {
3538                 hfa384x_usbctlx_t       *ctlx;
3539
3540                 ctlx = list_entry(entry, hfa384x_usbctlx_t, list);
3541                 list_del(&ctlx->list);
3542                 kfree(ctlx);
3543         }
3544
3545         spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
3546
3547         DBFEXIT;
3548 }
3549
3550 /*----------------------------------------------------------------
3551 * hfa384x_usbctlx_completion_task
3552 *
3553 * Tasklet to call completion handlers for returned CTLXs
3554 *
3555 * Arguments:
3556 *       data    ptr to hfa384x_t
3557 *
3558 * Returns:
3559 *       Nothing
3560 *
3561 * Call context:
3562 *       Interrupt
3563 ----------------------------------------------------------------*/
3564 static void hfa384x_usbctlx_completion_task(unsigned long data)
3565 {
3566         hfa384x_t *hw = (hfa384x_t*)data;
3567         struct list_head *entry;
3568         struct list_head *temp;
3569         unsigned long flags;
3570
3571         int reap = 0;
3572
3573         DBFENTER;
3574
3575         spin_lock_irqsave(&hw->ctlxq.lock, flags);
3576
3577         /* This list is guaranteed to be empty if someone
3578          * has unplugged the adapter ...
3579          */
3580         list_for_each_safe(entry, temp, &hw->ctlxq.completing) {
3581                 hfa384x_usbctlx_t *ctlx;
3582
3583                 ctlx = list_entry(entry, hfa384x_usbctlx_t, list);
3584
3585                 /* Call the completion function that this
3586                  * command was assigned, assuming it has one.
3587                  */
3588                 if ( ctlx->cmdcb != NULL ) {
3589                         spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
3590                         ctlx->cmdcb(hw, ctlx);
3591                         spin_lock_irqsave(&hw->ctlxq.lock, flags);
3592
3593                         /* Make sure we don't try and complete
3594                          * this CTLX more than once!
3595                          */
3596                         ctlx->cmdcb = NULL;
3597
3598                         /* Did someone yank the adapter out
3599                          * while our list was (briefly) unlocked?
3600                          */
3601                         if ( hw->wlandev->hwremoved )
3602                         {
3603                                 reap = 0;
3604                                 break;
3605                         }
3606                 }
3607
3608                 /*
3609                  * "Reapable" CTLXs are ones which don't have any
3610                  * threads waiting for them to die. Hence they must
3611                  * be delivered to The Reaper!
3612                  */
3613                 if ( ctlx->reapable ) {
3614                         /* Move the CTLX off the "completing" list (hopefully)
3615                          * on to the "reapable" list where the reaper task
3616                          * can find it. And "reapable" means that this CTLX
3617                          * isn't sitting on a wait-queue somewhere.
3618                          */
3619                         list_move_tail(&ctlx->list, &hw->ctlxq.reapable);
3620                         reap = 1;
3621                 }
3622
3623                 complete(&ctlx->done);
3624         }
3625         spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
3626
3627         if (reap)
3628                 tasklet_schedule(&hw->reaper_bh);
3629
3630         DBFEXIT;
3631 }
3632
3633 /*----------------------------------------------------------------
3634 * unlocked_usbctlx_cancel_async
3635 *
3636 * Mark the CTLX dead asynchronously, and ensure that the
3637 * next command on the queue is run afterwards.
3638 *
3639 * Arguments:
3640 *       hw      ptr to the hfa384x_t structure
3641 *       ctlx    ptr to a CTLX structure
3642 *
3643 * Returns:
3644 *       0       the CTLX's URB is inactive
3645 * -EINPROGRESS  the URB is currently being unlinked
3646 *
3647 * Call context:
3648 *       Either process or interrupt, but presumably interrupt
3649 ----------------------------------------------------------------*/
3650 static int unlocked_usbctlx_cancel_async(hfa384x_t *hw, hfa384x_usbctlx_t *ctlx)
3651 {
3652         int ret;
3653
3654         DBFENTER;
3655
3656         /*
3657          * Try to delete the URB containing our request packet.
3658          * If we succeed, then its completion handler will be
3659          * called with a status of -ECONNRESET.
3660          */
3661         hw->ctlx_urb.transfer_flags |= URB_ASYNC_UNLINK;
3662         ret = usb_unlink_urb(&hw->ctlx_urb);
3663
3664         if (ret != -EINPROGRESS) {
3665                 /*
3666                  * The OUT URB had either already completed
3667                  * or was still in the pending queue, so the
3668                  * URB's completion function will not be called.
3669                  * We will have to complete the CTLX ourselves.
3670                  */
3671                 ctlx->state = CTLX_REQ_FAILED;
3672                 unlocked_usbctlx_complete(hw, ctlx);
3673                 ret = 0;
3674         }
3675
3676         DBFEXIT;
3677
3678         return ret;
3679 }
3680
3681 /*----------------------------------------------------------------
3682 * unlocked_usbctlx_complete
3683 *
3684 * A CTLX has completed.  It may have been successful, it may not
3685 * have been. At this point, the CTLX should be quiescent.  The URBs
3686 * aren't active and the timers should have been stopped.
3687 *
3688 * The CTLX is migrated to the "completing" queue, and the completing
3689 * tasklet is scheduled.
3690 *
3691 * Arguments:
3692 *       hw              ptr to a hfa384x_t structure
3693 *       ctlx            ptr to a ctlx structure
3694 *
3695 * Returns:
3696 *       nothing
3697 *
3698 * Side effects:
3699 *
3700 * Call context:
3701 *       Either, assume interrupt
3702 ----------------------------------------------------------------*/
3703 static void unlocked_usbctlx_complete(hfa384x_t *hw, hfa384x_usbctlx_t *ctlx)
3704 {
3705         DBFENTER;
3706
3707         /* Timers have been stopped, and ctlx should be in
3708          * a terminal state. Retire it from the "active"
3709          * queue.
3710          */
3711         list_move_tail(&ctlx->list, &hw->ctlxq.completing);
3712         tasklet_schedule(&hw->completion_bh);
3713
3714         switch (ctlx->state) {
3715         case CTLX_COMPLETE:
3716         case CTLX_REQ_FAILED:
3717                 /* This are the correct terminating states. */
3718                 break;
3719
3720         default:
3721                 WLAN_LOG_ERROR("CTLX[%d] not in a terminating state(%s)\n",
3722                                hfa384x2host_16(ctlx->outbuf.type),
3723                                ctlxstr(ctlx->state));
3724                 break;
3725         } /* switch */
3726
3727         DBFEXIT;
3728 }
3729
3730 /*----------------------------------------------------------------
3731 * hfa384x_usbctlxq_run
3732 *
3733 * Checks to see if the head item is running.  If not, starts it.
3734 *
3735 * Arguments:
3736 *       hw      ptr to hfa384x_t
3737 *
3738 * Returns:
3739 *       nothing
3740 *
3741 * Side effects:
3742 *
3743 * Call context:
3744 *       any
3745 ----------------------------------------------------------------*/
3746 static void
3747 hfa384x_usbctlxq_run(hfa384x_t  *hw)
3748 {
3749         unsigned long           flags;
3750         DBFENTER;
3751
3752         /* acquire lock */
3753         spin_lock_irqsave(&hw->ctlxq.lock, flags);
3754
3755         /* Only one active CTLX at any one time, because there's no
3756          * other (reliable) way to match the response URB to the
3757          * correct CTLX.
3758          *
3759          * Don't touch any of these CTLXs if the hardware
3760          * has been removed or the USB subsystem is stalled.
3761          */
3762         if ( !list_empty(&hw->ctlxq.active) ||
3763              test_bit(WORK_TX_HALT, &hw->usb_flags) ||
3764              hw->wlandev->hwremoved )
3765                 goto unlock;
3766
3767         while ( !list_empty(&hw->ctlxq.pending) ) {
3768                 hfa384x_usbctlx_t       *head;
3769                 int                     result;
3770
3771                 /* This is the first pending command */
3772                 head = list_entry(hw->ctlxq.pending.next,
3773                                   hfa384x_usbctlx_t,
3774                                   list);
3775
3776                 /* We need to split this off to avoid a race condition */
3777                 list_move_tail(&head->list, &hw->ctlxq.active);
3778
3779                 /* Fill the out packet */
3780                 usb_fill_bulk_urb( &(hw->ctlx_urb), hw->usb,
3781                                    hw->endp_out,
3782                                    &(head->outbuf), ROUNDUP64(head->outbufsize),
3783                                    hfa384x_ctlxout_callback, hw);
3784                 hw->ctlx_urb.transfer_flags |= USB_QUEUE_BULK;
3785
3786                 /* Now submit the URB and update the CTLX's state
3787                  */
3788                 if ((result = SUBMIT_URB(&hw->ctlx_urb, GFP_ATOMIC)) == 0) {
3789                         /* This CTLX is now running on the active queue */
3790                         head->state = CTLX_REQ_SUBMITTED;
3791
3792                         /* Start the OUT wait timer */
3793                         hw->req_timer_done = 0;
3794                         hw->reqtimer.expires = jiffies + HZ;
3795                         add_timer(&hw->reqtimer);
3796
3797                         /* Start the IN wait timer */
3798                         hw->resp_timer_done = 0;
3799                         hw->resptimer.expires = jiffies + 2*HZ;
3800                         add_timer(&hw->resptimer);
3801
3802                         break;
3803                 }
3804
3805                 if (result == -EPIPE) {
3806                         /* The OUT pipe needs resetting, so put
3807                          * this CTLX back in the "pending" queue
3808                          * and schedule a reset ...
3809                          */
3810                         WLAN_LOG_WARNING("%s tx pipe stalled: requesting reset\n",
3811                                          hw->wlandev->netdev->name);
3812                         list_move(&head->list, &hw->ctlxq.pending);
3813                         set_bit(WORK_TX_HALT, &hw->usb_flags);
3814                         schedule_work(&hw->usb_work);
3815                         break;
3816                 }
3817
3818                 if (result == -ESHUTDOWN) {
3819                         WLAN_LOG_WARNING("%s urb shutdown!\n",
3820                                          hw->wlandev->netdev->name);
3821                         break;
3822                 }
3823
3824                 WLAN_LOG_ERROR("Failed to submit CTLX[%d]: error=%d\n",
3825                                hfa384x2host_16(head->outbuf.type), result);
3826                 unlocked_usbctlx_complete(hw, head);
3827         } /* while */
3828
3829         unlock:
3830         spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
3831
3832         DBFEXIT;
3833 }
3834
3835
3836 /*----------------------------------------------------------------
3837 * hfa384x_usbin_callback
3838 *
3839 * Callback for URBs on the BULKIN endpoint.
3840 *
3841 * Arguments:
3842 *       urb             ptr to the completed urb
3843 *
3844 * Returns:
3845 *       nothing
3846 *
3847 * Side effects:
3848 *
3849 * Call context:
3850 *       interrupt
3851 ----------------------------------------------------------------*/
3852 #ifdef URB_ONLY_CALLBACK
3853 static void hfa384x_usbin_callback(struct urb *urb)
3854 #else
3855 static void hfa384x_usbin_callback(struct urb *urb, struct pt_regs *regs)
3856 #endif
3857 {
3858         wlandevice_t            *wlandev = urb->context;
3859         hfa384x_t               *hw;
3860         hfa384x_usbin_t         *usbin = (hfa384x_usbin_t *) urb->transfer_buffer;
3861         struct sk_buff          *skb = NULL;
3862         int                     result;
3863         int                     urb_status;
3864         UINT16                  type;
3865
3866         enum USBIN_ACTION {
3867                 HANDLE,
3868                 RESUBMIT,
3869                 ABORT
3870         } action;
3871
3872         DBFENTER;
3873
3874         if ( !wlandev ||
3875              !wlandev->netdev ||
3876              !netif_device_present(wlandev->netdev) )
3877                 goto exit;
3878
3879         hw = wlandev->priv;
3880         if (!hw)
3881                 goto exit;
3882
3883         skb = hw->rx_urb_skb;
3884         if (!skb || (skb->data != urb->transfer_buffer)) {
3885                 BUG();
3886         }
3887         hw->rx_urb_skb = NULL;
3888
3889         /* Check for error conditions within the URB */
3890         switch (urb->status) {
3891         case 0:
3892                 action = HANDLE;
3893
3894                 /* Check for short packet */
3895                 if ( urb->actual_length == 0 ) {
3896                         ++(wlandev->linux_stats.rx_errors);
3897                         ++(wlandev->linux_stats.rx_length_errors);
3898                         action = RESUBMIT;
3899                 }
3900                 break;
3901
3902         case -EPIPE:
3903                 WLAN_LOG_WARNING("%s rx pipe stalled: requesting reset\n",
3904                                  wlandev->netdev->name);
3905                 if ( !test_and_set_bit(WORK_RX_HALT, &hw->usb_flags) )
3906                         schedule_work(&hw->usb_work);
3907                 ++(wlandev->linux_stats.rx_errors);
3908                 action = ABORT;
3909                 break;
3910
3911         case -EILSEQ:
3912         case -ETIMEDOUT:
3913         case -EPROTO:
3914                 if ( !test_and_set_bit(THROTTLE_RX, &hw->usb_flags) &&
3915                      !timer_pending(&hw->throttle) ) {
3916                         mod_timer(&hw->throttle, jiffies + THROTTLE_JIFFIES);
3917                 }
3918                 ++(wlandev->linux_stats.rx_errors);
3919                 action = ABORT;
3920                 break;
3921
3922         case -EOVERFLOW:
3923                 ++(wlandev->linux_stats.rx_over_errors);
3924                 action = RESUBMIT;
3925                 break;
3926
3927         case -ENODEV:
3928         case -ESHUTDOWN:
3929                 WLAN_LOG_DEBUG(3,"status=%d, device removed.\n", urb->status);
3930                 action = ABORT;
3931                 break;
3932
3933         case -ENOENT:
3934         case -ECONNRESET:
3935                 WLAN_LOG_DEBUG(3,"status=%d, urb explicitly unlinked.\n", urb->status);
3936                 action = ABORT;
3937                 break;
3938
3939         default:
3940                 WLAN_LOG_DEBUG(3,"urb status=%d, transfer flags=0x%x\n",
3941                                  urb->status, urb->transfer_flags);
3942                 ++(wlandev->linux_stats.rx_errors);
3943                 action = RESUBMIT;
3944                 break;
3945         }
3946
3947         urb_status = urb->status;
3948
3949         if (action != ABORT) {
3950                 /* Repost the RX URB */
3951                 result = submit_rx_urb(hw, GFP_ATOMIC);
3952
3953                 if (result != 0) {
3954                         WLAN_LOG_ERROR(
3955                                 "Fatal, failed to resubmit rx_urb. error=%d\n",
3956                                 result);
3957                 }
3958         }
3959
3960         /* Handle any USB-IN packet */
3961         /* Note: the check of the sw_support field, the type field doesn't
3962          *       have bit 12 set like the docs suggest.
3963          */
3964         type = hfa384x2host_16(usbin->type);
3965         if (HFA384x_USB_ISRXFRM(type)) {
3966                 if (action == HANDLE) {
3967                         if (usbin->txfrm.desc.sw_support == 0x0123) {
3968                                 hfa384x_usbin_txcompl(wlandev, usbin);
3969                         } else {
3970                                 skb_put(skb, sizeof(*usbin));
3971                                 hfa384x_usbin_rx(wlandev, skb);
3972                                 skb = NULL;
3973                         }
3974                 }
3975                 goto exit;
3976         }
3977         if (HFA384x_USB_ISTXFRM(type)) {
3978                 if (action == HANDLE)
3979                         hfa384x_usbin_txcompl(wlandev, usbin);
3980                 goto exit;
3981         }
3982         switch (type) {
3983         case HFA384x_USB_INFOFRM:
3984                 if (action == ABORT)
3985                         goto exit;
3986                 if (action == HANDLE)
3987                         hfa384x_usbin_info(wlandev, usbin);
3988                 break;
3989
3990         case HFA384x_USB_CMDRESP:
3991         case HFA384x_USB_WRIDRESP:
3992         case HFA384x_USB_RRIDRESP:
3993         case HFA384x_USB_WMEMRESP:
3994         case HFA384x_USB_RMEMRESP:
3995                 /* ALWAYS, ALWAYS, ALWAYS handle this CTLX!!!! */
3996                 hfa384x_usbin_ctlx(hw, usbin, urb_status);
3997                 break;
3998
3999         case HFA384x_USB_BUFAVAIL:
4000                 WLAN_LOG_DEBUG(3,"Received BUFAVAIL packet, frmlen=%d\n",
4001                         usbin->bufavail.frmlen);
4002                 break;
4003
4004         case HFA384x_USB_ERROR:
4005                 WLAN_LOG_DEBUG(3,"Received USB_ERROR packet, errortype=%d\n",
4006                         usbin->usberror.errortype);
4007                 break;
4008
4009         default:
4010                 WLAN_LOG_DEBUG(3,"Unrecognized USBIN packet, type=%x, status=%d\n",
4011                         usbin->type, urb_status);
4012                 break;
4013         } /* switch */
4014
4015 exit:
4016
4017         if (skb)
4018                 dev_kfree_skb(skb);
4019
4020         DBFEXIT;
4021 }
4022
4023
4024 /*----------------------------------------------------------------
4025 * hfa384x_usbin_ctlx
4026 *
4027 * We've received a URB containing a Prism2 "response" message.
4028 * This message needs to be matched up with a CTLX on the active
4029 * queue and our state updated accordingly.
4030 *
4031 * Arguments:
4032 *       hw              ptr to hfa384x_t
4033 *       usbin           ptr to USB IN packet
4034 *       urb_status      status of this Bulk-In URB
4035 *
4036 * Returns:
4037 *       nothing
4038 *
4039 * Side effects:
4040 *
4041 * Call context:
4042 *       interrupt
4043 ----------------------------------------------------------------*/
4044 static void hfa384x_usbin_ctlx(hfa384x_t *hw, hfa384x_usbin_t *usbin,
4045                                int urb_status)
4046 {
4047         hfa384x_usbctlx_t       *ctlx;
4048         int                     run_queue = 0;
4049         unsigned long           flags;
4050
4051         DBFENTER;
4052
4053 retry:
4054         spin_lock_irqsave(&hw->ctlxq.lock, flags);
4055
4056         /* There can be only one CTLX on the active queue
4057          * at any one time, and this is the CTLX that the
4058          * timers are waiting for.
4059          */
4060         if ( list_empty(&hw->ctlxq.active) ) {
4061                 goto unlock;
4062         }
4063
4064         /* Remove the "response timeout". It's possible that
4065          * we are already too late, and that the timeout is
4066          * already running. And that's just too bad for us,
4067          * because we could lose our CTLX from the active
4068          * queue here ...
4069          */
4070         if (del_timer(&hw->resptimer) == 0) {
4071                 if (hw->resp_timer_done == 0) {
4072                         spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
4073                         goto retry;
4074                 }
4075         }
4076         else {
4077                 hw->resp_timer_done = 1;
4078         }
4079
4080         ctlx = get_active_ctlx(hw);
4081
4082         if (urb_status != 0) {
4083                 /*
4084                  * Bad CTLX, so get rid of it. But we only
4085                  * remove it from the active queue if we're no
4086                  * longer expecting the OUT URB to complete.
4087                  */
4088                 if (unlocked_usbctlx_cancel_async(hw, ctlx) == 0)
4089                         run_queue = 1;
4090         } else {
4091                 const UINT16 intype = (usbin->type&~host2hfa384x_16(0x8000));
4092
4093                 /*
4094                  * Check that our message is what we're expecting ...
4095                  */
4096                 if (ctlx->outbuf.type != intype) {
4097                         WLAN_LOG_WARNING("Expected IN[%d], received IN[%d] - ignored.\n",
4098                                          hfa384x2host_16(ctlx->outbuf.type),
4099                                          hfa384x2host_16(intype));
4100                         goto unlock;
4101                 }
4102
4103                 /* This URB has succeeded, so grab the data ... */
4104                 memcpy(&ctlx->inbuf, usbin, sizeof(ctlx->inbuf));
4105
4106                 switch (ctlx->state) {
4107                 case CTLX_REQ_SUBMITTED:
4108                         /*
4109                          * We have received our response URB before
4110                          * our request has been acknowledged. Odd,
4111                          * but our OUT URB is still alive...
4112                          */
4113                         WLAN_LOG_DEBUG(0, "Causality violation: please reboot Universe, or email linux-wlan-devel@lists.linux-wlan.com\n");
4114                         ctlx->state = CTLX_RESP_COMPLETE;
4115                         break;
4116
4117                 case CTLX_REQ_COMPLETE:
4118                         /*
4119                          * This is the usual path: our request
4120                          * has already been acknowledged, and
4121                          * now we have received the reply too.
4122                          */
4123                         ctlx->state = CTLX_COMPLETE;
4124                         unlocked_usbctlx_complete(hw, ctlx);
4125                         run_queue = 1;
4126                         break;
4127
4128                 default:
4129                         /*
4130                          * Throw this CTLX away ...
4131                          */
4132                         WLAN_LOG_ERROR("Matched IN URB, CTLX[%d] in invalid state(%s)."
4133                                        " Discarded.\n",
4134                                        hfa384x2host_16(ctlx->outbuf.type),
4135                                        ctlxstr(ctlx->state));
4136                         if (unlocked_usbctlx_cancel_async(hw, ctlx) == 0)
4137                                 run_queue = 1;
4138                         break;
4139                 } /* switch */
4140         }
4141
4142 unlock:
4143         spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
4144
4145         if (run_queue)
4146                 hfa384x_usbctlxq_run(hw);
4147
4148         DBFEXIT;
4149 }
4150
4151
4152 /*----------------------------------------------------------------
4153 * hfa384x_usbin_txcompl
4154 *
4155 * At this point we have the results of a previous transmit.
4156 *
4157 * Arguments:
4158 *       wlandev         wlan device
4159 *       usbin           ptr to the usb transfer buffer
4160 *
4161 * Returns:
4162 *       nothing
4163 *
4164 * Side effects:
4165 *
4166 * Call context:
4167 *       interrupt
4168 ----------------------------------------------------------------*/
4169 static void hfa384x_usbin_txcompl(wlandevice_t *wlandev, hfa384x_usbin_t *usbin)
4170 {
4171         UINT16                  status;
4172         DBFENTER;
4173
4174         status = hfa384x2host_16(usbin->type); /* yeah I know it says type...*/
4175
4176         /* Was there an error? */
4177         if (HFA384x_TXSTATUS_ISERROR(status)) {
4178                 prism2sta_ev_txexc(wlandev, status);
4179         } else {
4180                 prism2sta_ev_tx(wlandev, status);
4181         }
4182         // prism2sta_ev_alloc(wlandev);
4183
4184         DBFEXIT;
4185 }
4186
4187
4188 /*----------------------------------------------------------------
4189 * hfa384x_usbin_rx
4190 *
4191 * At this point we have a successful received a rx frame packet.
4192 *
4193 * Arguments:
4194 *       wlandev         wlan device
4195 *       usbin           ptr to the usb transfer buffer
4196 *
4197 * Returns:
4198 *       nothing
4199 *
4200 * Side effects:
4201 *
4202 * Call context:
4203 *       interrupt
4204 ----------------------------------------------------------------*/
4205 static void hfa384x_usbin_rx(wlandevice_t *wlandev, struct sk_buff *skb)
4206 {
4207         hfa384x_usbin_t         *usbin = (hfa384x_usbin_t *) skb->data;
4208         hfa384x_t               *hw = wlandev->priv;
4209         int                     hdrlen;
4210         p80211_rxmeta_t         *rxmeta;
4211         UINT16                  data_len;
4212         UINT16                  fc;
4213
4214         DBFENTER;
4215
4216         /* Byte order convert once up front. */
4217         usbin->rxfrm.desc.status =
4218                 hfa384x2host_16(usbin->rxfrm.desc.status);
4219         usbin->rxfrm.desc.time =
4220                 hfa384x2host_32(usbin->rxfrm.desc.time);
4221
4222         /* Now handle frame based on port# */
4223         switch( HFA384x_RXSTATUS_MACPORT_GET(usbin->rxfrm.desc.status) )
4224         {
4225         case 0:
4226                 fc = ieee2host16(usbin->rxfrm.desc.frame_control);
4227
4228                 /* If exclude and we receive an unencrypted, drop it */
4229                 if ( (wlandev->hostwep & HOSTWEP_EXCLUDEUNENCRYPTED) &&
4230                      !WLAN_GET_FC_ISWEP(fc)){
4231                         goto done;
4232                 }
4233
4234                 data_len = hfa384x2host_16(usbin->rxfrm.desc.data_len);
4235
4236                 /* How much header data do we have? */
4237                 hdrlen = p80211_headerlen(fc);
4238
4239                 /* Pull off the descriptor */
4240                 skb_pull(skb, sizeof(hfa384x_rx_frame_t));
4241
4242                 /* Now shunt the header block up against the data block
4243                  * with an "overlapping" copy
4244                  */
4245                 memmove(skb_push(skb, hdrlen),
4246                         &usbin->rxfrm.desc.frame_control,
4247                         hdrlen);
4248
4249                 skb->dev = wlandev->netdev;
4250                 skb->dev->last_rx = jiffies;
4251
4252                 /* And set the frame length properly */
4253                 skb_trim(skb, data_len + hdrlen);
4254
4255                 /* The prism2 series does not return the CRC */
4256                 memset(skb_put(skb, WLAN_CRC_LEN), 0xff, WLAN_CRC_LEN);
4257
4258                 skb_reset_mac_header(skb);
4259
4260                 /* Attach the rxmeta, set some stuff */
4261                 p80211skb_rxmeta_attach(wlandev, skb);
4262                 rxmeta = P80211SKB_RXMETA(skb);
4263                 rxmeta->mactime = usbin->rxfrm.desc.time;
4264                 rxmeta->rxrate = usbin->rxfrm.desc.rate;
4265                 rxmeta->signal = usbin->rxfrm.desc.signal - hw->dbmadjust;
4266                 rxmeta->noise = usbin->rxfrm.desc.silence - hw->dbmadjust;
4267
4268                 prism2sta_ev_rx(wlandev, skb);
4269
4270                 break;
4271
4272         case 7:
4273                 if ( ! HFA384x_RXSTATUS_ISFCSERR(usbin->rxfrm.desc.status) ) {
4274                         /* Copy to wlansnif skb */
4275                         hfa384x_int_rxmonitor( wlandev, &usbin->rxfrm);
4276                         dev_kfree_skb(skb);
4277                 } else {
4278                         WLAN_LOG_DEBUG(3,"Received monitor frame: FCSerr set\n");
4279                 }
4280                 break;
4281
4282         default:
4283                 WLAN_LOG_WARNING("Received frame on unsupported port=%d\n",
4284                         HFA384x_RXSTATUS_MACPORT_GET(usbin->rxfrm.desc.status) );
4285                 goto done;
4286                 break;
4287         }
4288
4289 done:
4290         DBFEXIT;
4291         return;
4292 }
4293
4294 /*----------------------------------------------------------------
4295 * hfa384x_int_rxmonitor
4296 *
4297 * Helper function for int_rx.  Handles monitor frames.
4298 * Note that this function allocates space for the FCS and sets it
4299 * to 0xffffffff.  The hfa384x doesn't give us the FCS value but the
4300 * higher layers expect it.  0xffffffff is used as a flag to indicate
4301 * the FCS is bogus.
4302 *
4303 * Arguments:
4304 *       wlandev         wlan device structure
4305 *       rxfrm           rx descriptor read from card in int_rx
4306 *
4307 * Returns:
4308 *       nothing
4309 *
4310 * Side effects:
4311 *       Allocates an skb and passes it up via the PF_PACKET interface.
4312 * Call context:
4313 *       interrupt
4314 ----------------------------------------------------------------*/
4315 static void hfa384x_int_rxmonitor( wlandevice_t *wlandev, hfa384x_usb_rxfrm_t *rxfrm)
4316 {
4317         hfa384x_rx_frame_t              *rxdesc = &(rxfrm->desc);
4318         UINT                            hdrlen = 0;
4319         UINT                            datalen = 0;
4320         UINT                            skblen = 0;
4321         p80211msg_lnxind_wlansniffrm_t  *msg;
4322         UINT8                           *datap;
4323         UINT16                          fc;
4324         struct sk_buff                  *skb;
4325         hfa384x_t                       *hw = wlandev->priv;
4326
4327
4328         DBFENTER;
4329         /* Don't forget the status, time, and data_len fields are in host order */
4330         /* Figure out how big the frame is */
4331         fc = ieee2host16(rxdesc->frame_control);
4332         hdrlen = p80211_headerlen(fc);
4333         datalen = hfa384x2host_16(rxdesc->data_len);
4334
4335         /* Allocate an ind message+framesize skb */
4336         skblen = sizeof(p80211msg_lnxind_wlansniffrm_t) +
4337                 hdrlen + datalen + WLAN_CRC_LEN;
4338
4339         /* sanity check the length */
4340         if ( skblen >
4341                 (sizeof(p80211msg_lnxind_wlansniffrm_t) +
4342                 WLAN_HDR_A4_LEN + WLAN_DATA_MAXLEN + WLAN_CRC_LEN) ) {
4343                 WLAN_LOG_DEBUG(1, "overlen frm: len=%zd\n",
4344                         skblen - sizeof(p80211msg_lnxind_wlansniffrm_t));
4345         }
4346
4347         if ( (skb = dev_alloc_skb(skblen)) == NULL ) {
4348                 WLAN_LOG_ERROR("alloc_skb failed trying to allocate %d bytes\n", skblen);
4349                 return;
4350         }
4351
4352         /* only prepend the prism header if in the right mode */
4353         if ((wlandev->netdev->type == ARPHRD_IEEE80211_PRISM) &&
4354             (hw->sniffhdr == 0)) {
4355                 datap = skb_put(skb, sizeof(p80211msg_lnxind_wlansniffrm_t));
4356                 msg = (p80211msg_lnxind_wlansniffrm_t*) datap;
4357
4358                 /* Initialize the message members */
4359                 msg->msgcode = DIDmsg_lnxind_wlansniffrm;
4360                 msg->msglen = sizeof(p80211msg_lnxind_wlansniffrm_t);
4361                 strcpy(msg->devname, wlandev->name);
4362
4363                 msg->hosttime.did = DIDmsg_lnxind_wlansniffrm_hosttime;
4364                 msg->hosttime.status = 0;
4365                 msg->hosttime.len = 4;
4366                 msg->hosttime.data = jiffies;
4367
4368                 msg->mactime.did = DIDmsg_lnxind_wlansniffrm_mactime;
4369                 msg->mactime.status = 0;
4370                 msg->mactime.len = 4;
4371                 msg->mactime.data = rxdesc->time;
4372
4373                 msg->channel.did = DIDmsg_lnxind_wlansniffrm_channel;
4374                 msg->channel.status = 0;
4375                 msg->channel.len = 4;
4376                 msg->channel.data = hw->sniff_channel;
4377
4378                 msg->rssi.did = DIDmsg_lnxind_wlansniffrm_rssi;
4379                 msg->rssi.status = P80211ENUM_msgitem_status_no_value;
4380                 msg->rssi.len = 4;
4381                 msg->rssi.data = 0;
4382
4383                 msg->sq.did = DIDmsg_lnxind_wlansniffrm_sq;
4384                 msg->sq.status = P80211ENUM_msgitem_status_no_value;
4385                 msg->sq.len = 4;
4386                 msg->sq.data = 0;
4387
4388                 msg->signal.did = DIDmsg_lnxind_wlansniffrm_signal;
4389                 msg->signal.status = 0;
4390                 msg->signal.len = 4;
4391                 msg->signal.data = rxdesc->signal;
4392
4393                 msg->noise.did = DIDmsg_lnxind_wlansniffrm_noise;
4394                 msg->noise.status = 0;
4395                 msg->noise.len = 4;
4396                 msg->noise.data = rxdesc->silence;
4397
4398                 msg->rate.did = DIDmsg_lnxind_wlansniffrm_rate;
4399                 msg->rate.status = 0;
4400                 msg->rate.len = 4;
4401                 msg->rate.data = rxdesc->rate / 5; /* set to 802.11 units */
4402
4403                 msg->istx.did = DIDmsg_lnxind_wlansniffrm_istx;
4404                 msg->istx.status = 0;
4405                 msg->istx.len = 4;
4406                 msg->istx.data = P80211ENUM_truth_false;
4407
4408                 msg->frmlen.did = DIDmsg_lnxind_wlansniffrm_frmlen;
4409                 msg->frmlen.status = 0;
4410                 msg->frmlen.len = 4;
4411                 msg->frmlen.data = hdrlen + datalen + WLAN_CRC_LEN;
4412         } else if ((wlandev->netdev->type == ARPHRD_IEEE80211_PRISM) &&
4413                    (hw->sniffhdr != 0)) {
4414                 p80211_caphdr_t         *caphdr;
4415                 /* The NEW header format! */
4416                 datap = skb_put(skb, sizeof(p80211_caphdr_t));
4417                 caphdr = (p80211_caphdr_t*) datap;
4418
4419                 caphdr->version =       htonl(P80211CAPTURE_VERSION);
4420                 caphdr->length =        htonl(sizeof(p80211_caphdr_t));
4421                 caphdr->mactime =       __cpu_to_be64(rxdesc->time) * 1000;
4422                 caphdr->hosttime =      __cpu_to_be64(jiffies);
4423                 caphdr->phytype =       htonl(4); /* dss_dot11_b */
4424                 caphdr->channel =       htonl(hw->sniff_channel);
4425                 caphdr->datarate =      htonl(rxdesc->rate);
4426                 caphdr->antenna =       htonl(0); /* unknown */
4427                 caphdr->priority =      htonl(0); /* unknown */
4428                 caphdr->ssi_type =      htonl(3); /* rssi_raw */
4429                 caphdr->ssi_signal =    htonl(rxdesc->signal);
4430                 caphdr->ssi_noise =     htonl(rxdesc->silence);
4431                 caphdr->preamble =      htonl(0); /* unknown */
4432                 caphdr->encoding =      htonl(1); /* cck */
4433         }
4434
4435         /* Copy the 802.11 header to the skb (ctl frames may be less than a full header) */
4436         datap = skb_put(skb, hdrlen);
4437         memcpy( datap, &(rxdesc->frame_control), hdrlen);
4438
4439         /* If any, copy the data from the card to the skb */
4440         if ( datalen > 0 )
4441         {
4442                 datap = skb_put(skb, datalen);
4443                 memcpy(datap, rxfrm->data, datalen);
4444
4445                 /* check for unencrypted stuff if WEP bit set. */
4446                 if (*(datap - hdrlen + 1) & 0x40) // wep set
4447                   if ((*(datap) == 0xaa) && (*(datap+1) == 0xaa))
4448                     *(datap - hdrlen + 1) &= 0xbf; // clear wep; it's the 802.2 header!
4449         }
4450
4451         if (hw->sniff_fcs) {
4452                 /* Set the FCS */
4453                 datap = skb_put(skb, WLAN_CRC_LEN);
4454                 memset( datap, 0xff, WLAN_CRC_LEN);
4455         }
4456
4457         /* pass it back up */
4458         prism2sta_ev_rx(wlandev, skb);
4459
4460         DBFEXIT;
4461         return;
4462 }
4463
4464
4465
4466 /*----------------------------------------------------------------
4467 * hfa384x_usbin_info
4468 *
4469 * At this point we have a successful received a Prism2 info frame.
4470 *
4471 * Arguments:
4472 *       wlandev         wlan device
4473 *       usbin           ptr to the usb transfer buffer
4474 *
4475 * Returns:
4476 *       nothing
4477 *
4478 * Side effects:
4479 *
4480 * Call context:
4481 *       interrupt
4482 ----------------------------------------------------------------*/
4483 static void hfa384x_usbin_info(wlandevice_t *wlandev, hfa384x_usbin_t *usbin)
4484 {
4485         DBFENTER;
4486
4487         usbin->infofrm.info.framelen = hfa384x2host_16(usbin->infofrm.info.framelen);
4488         prism2sta_ev_info(wlandev, &usbin->infofrm.info);
4489
4490         DBFEXIT;
4491 }
4492
4493
4494
4495 /*----------------------------------------------------------------
4496 * hfa384x_usbout_callback
4497 *
4498 * Callback for URBs on the BULKOUT endpoint.
4499 *
4500 * Arguments:
4501 *       urb             ptr to the completed urb
4502 *
4503 * Returns:
4504 *       nothing
4505 *
4506 * Side effects:
4507 *
4508 * Call context:
4509 *       interrupt
4510 ----------------------------------------------------------------*/
4511 #ifdef URB_ONLY_CALLBACK
4512 static void hfa384x_usbout_callback(struct urb *urb)
4513 #else
4514 static void hfa384x_usbout_callback(struct urb *urb, struct pt_regs *regs)
4515 #endif
4516 {
4517         wlandevice_t            *wlandev = urb->context;
4518         hfa384x_usbout_t        *usbout = urb->transfer_buffer;
4519         DBFENTER;
4520
4521 #ifdef DEBUG_USB
4522         dbprint_urb(urb);
4523 #endif
4524
4525         if ( wlandev &&
4526              wlandev->netdev ) {
4527
4528                 switch(urb->status) {
4529                 case 0:
4530                         hfa384x_usbout_tx(wlandev, usbout);
4531                         break;
4532
4533                 case -EPIPE:
4534                 {
4535                         hfa384x_t *hw = wlandev->priv;
4536                         WLAN_LOG_WARNING("%s tx pipe stalled: requesting reset\n",
4537                                          wlandev->netdev->name);
4538                         if ( !test_and_set_bit(WORK_TX_HALT, &hw->usb_flags) )
4539                                 schedule_work(&hw->usb_work);
4540                         ++(wlandev->linux_stats.tx_errors);
4541                         break;
4542                 }
4543
4544                 case -EPROTO:
4545                 case -ETIMEDOUT:
4546                 case -EILSEQ:
4547                 {
4548                         hfa384x_t *hw = wlandev->priv;
4549
4550                         if ( !test_and_set_bit(THROTTLE_TX, &hw->usb_flags)
4551                              && !timer_pending(&hw->throttle) ) {
4552                                 mod_timer(&hw->throttle,
4553                                           jiffies + THROTTLE_JIFFIES);
4554                         }
4555                         ++(wlandev->linux_stats.tx_errors);
4556                         netif_stop_queue(wlandev->netdev);
4557                         break;
4558                 }
4559
4560                 case -ENOENT:
4561                 case -ESHUTDOWN:
4562                         /* Ignorable errors */
4563                         break;
4564
4565                 default:
4566                         WLAN_LOG_INFO("unknown urb->status=%d\n", urb->status);
4567                         ++(wlandev->linux_stats.tx_errors);
4568                         break;
4569                 } /* switch */
4570         }
4571
4572         DBFEXIT;
4573 }
4574
4575
4576 /*----------------------------------------------------------------
4577 * hfa384x_ctlxout_callback
4578 *
4579 * Callback for control data on the BULKOUT endpoint.
4580 *
4581 * Arguments:
4582 *       urb             ptr to the completed urb
4583 *
4584 * Returns:
4585 * nothing
4586 *
4587 * Side effects:
4588 *
4589 * Call context:
4590 * interrupt
4591 ----------------------------------------------------------------*/
4592 #ifdef URB_ONLY_CALLBACK
4593 static void hfa384x_ctlxout_callback(struct urb *urb)
4594 #else
4595 static void hfa384x_ctlxout_callback(struct urb *urb, struct pt_regs *regs)
4596 #endif
4597 {
4598         hfa384x_t       *hw = urb->context;
4599         int             delete_resptimer = 0;
4600         int             timer_ok = 1;
4601         int             run_queue = 0;
4602         hfa384x_usbctlx_t       *ctlx;
4603         unsigned long   flags;
4604
4605         DBFENTER;
4606
4607         WLAN_LOG_DEBUG(3,"urb->status=%d\n", urb->status);
4608 #ifdef DEBUG_USB
4609         dbprint_urb(urb);
4610 #endif
4611         if ( (urb->status == -ESHUTDOWN) ||
4612              (urb->status == -ENODEV) ||
4613              (hw == NULL) )
4614                 goto done;
4615
4616 retry:
4617         spin_lock_irqsave(&hw->ctlxq.lock, flags);
4618
4619         /*
4620          * Only one CTLX at a time on the "active" list, and
4621          * none at all if we are unplugged. However, we can
4622          * rely on the disconnect function to clean everything
4623          * up if someone unplugged the adapter.
4624          */
4625         if ( list_empty(&hw->ctlxq.active) ) {
4626                 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
4627                 goto done;
4628         }
4629
4630         /*
4631          * Having something on the "active" queue means
4632          * that we have timers to worry about ...
4633          */
4634         if (del_timer(&hw->reqtimer) == 0) {
4635                 if (hw->req_timer_done == 0) {
4636                         /*
4637                          * This timer was actually running while we
4638                          * were trying to delete it. Let it terminate
4639                          * gracefully instead.
4640                          */
4641                         spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
4642                         goto retry;
4643                 }
4644         }
4645         else {
4646                 hw->req_timer_done = 1;
4647         }
4648
4649         ctlx = get_active_ctlx(hw);
4650
4651         if ( urb->status == 0 ) {
4652                 /* Request portion of a CTLX is successful */
4653                 switch ( ctlx->state ) {
4654                 case CTLX_REQ_SUBMITTED:
4655                         /* This OUT-ACK received before IN */
4656                         ctlx->state = CTLX_REQ_COMPLETE;
4657                         break;
4658
4659                 case CTLX_RESP_COMPLETE:
4660                         /* IN already received before this OUT-ACK,
4661                          * so this command must now be complete.
4662                          */
4663                         ctlx->state = CTLX_COMPLETE;
4664                         unlocked_usbctlx_complete(hw, ctlx);
4665                         run_queue = 1;
4666                         break;
4667
4668                 default:
4669                         /* This is NOT a valid CTLX "success" state! */
4670                         WLAN_LOG_ERROR(
4671                             "Illegal CTLX[%d] success state(%s, %d) in OUT URB\n",
4672                             hfa384x2host_16(ctlx->outbuf.type),
4673                             ctlxstr(ctlx->state), urb->status);
4674                         break;
4675                 } /* switch */
4676         } else {
4677                 /* If the pipe has stalled then we need to reset it */
4678                 if ( (urb->status == -EPIPE) &&
4679                       !test_and_set_bit(WORK_TX_HALT, &hw->usb_flags) ) {
4680                         WLAN_LOG_WARNING("%s tx pipe stalled: requesting reset\n",
4681                                          hw->wlandev->netdev->name);
4682                         schedule_work(&hw->usb_work);
4683                 }
4684
4685                 /* If someone cancels the OUT URB then its status
4686                  * should be either -ECONNRESET or -ENOENT.
4687                  */
4688                 ctlx->state = CTLX_REQ_FAILED;
4689                 unlocked_usbctlx_complete(hw, ctlx);
4690                 delete_resptimer = 1;
4691                 run_queue = 1;
4692         }
4693
4694  delresp:
4695         if (delete_resptimer) {
4696                 if ((timer_ok = del_timer(&hw->resptimer)) != 0) {
4697                         hw->resp_timer_done = 1;
4698                 }
4699         }
4700
4701         spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
4702
4703         if ( !timer_ok && (hw->resp_timer_done == 0) ) {
4704                 spin_lock_irqsave(&hw->ctlxq.lock, flags);
4705                 goto delresp;
4706         }
4707
4708         if (run_queue)
4709                 hfa384x_usbctlxq_run(hw);
4710
4711  done:
4712         DBFEXIT;
4713 }
4714
4715
4716 /*----------------------------------------------------------------
4717 * hfa384x_usbctlx_reqtimerfn
4718 *
4719 * Timer response function for CTLX request timeouts.  If this
4720 * function is called, it means that the callback for the OUT
4721 * URB containing a Prism2.x XXX_Request was never called.
4722 *
4723 * Arguments:
4724 *       data            a ptr to the hfa384x_t
4725 *
4726 * Returns:
4727 *       nothing
4728 *
4729 * Side effects:
4730 *
4731 * Call context:
4732 *       interrupt
4733 ----------------------------------------------------------------*/
4734 static void
4735 hfa384x_usbctlx_reqtimerfn(unsigned long data)
4736 {
4737         hfa384x_t       *hw = (hfa384x_t*)data;
4738         unsigned long   flags;
4739         DBFENTER;
4740
4741         spin_lock_irqsave(&hw->ctlxq.lock, flags);
4742
4743         hw->req_timer_done = 1;
4744
4745         /* Removing the hardware automatically empties
4746          * the active list ...
4747          */
4748         if ( !list_empty(&hw->ctlxq.active) )
4749         {
4750                 /*
4751                  * We must ensure that our URB is removed from
4752                  * the system, if it hasn't already expired.
4753                  */
4754                 hw->ctlx_urb.transfer_flags |= URB_ASYNC_UNLINK;
4755                 if (usb_unlink_urb(&hw->ctlx_urb) == -EINPROGRESS)
4756                 {
4757                         hfa384x_usbctlx_t *ctlx = get_active_ctlx(hw);
4758
4759                         ctlx->state = CTLX_REQ_FAILED;
4760
4761                         /* This URB was active, but has now been
4762                          * cancelled. It will now have a status of
4763                          * -ECONNRESET in the callback function.
4764                          *
4765                          * We are cancelling this CTLX, so we're
4766                          * not going to need to wait for a response.
4767                          * The URB's callback function will check
4768                          * that this timer is truly dead.
4769                          */
4770                         if (del_timer(&hw->resptimer) != 0)
4771                                 hw->resp_timer_done = 1;
4772                 }
4773         }
4774
4775         spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
4776
4777         DBFEXIT;
4778 }
4779
4780
4781 /*----------------------------------------------------------------
4782 * hfa384x_usbctlx_resptimerfn
4783 *
4784 * Timer response function for CTLX response timeouts.  If this
4785 * function is called, it means that the callback for the IN
4786 * URB containing a Prism2.x XXX_Response was never called.
4787 *
4788 * Arguments:
4789 *       data            a ptr to the hfa384x_t
4790 *
4791 * Returns:
4792 *       nothing
4793 *
4794 * Side effects:
4795 *
4796 * Call context:
4797 *       interrupt
4798 ----------------------------------------------------------------*/
4799 static void
4800 hfa384x_usbctlx_resptimerfn(unsigned long data)
4801 {
4802         hfa384x_t *hw = (hfa384x_t*)data;
4803         unsigned long   flags;
4804
4805         DBFENTER;
4806
4807         spin_lock_irqsave(&hw->ctlxq.lock, flags);
4808
4809         hw->resp_timer_done = 1;
4810
4811         /* The active list will be empty if the
4812          * adapter has been unplugged ...
4813          */
4814         if ( !list_empty(&hw->ctlxq.active) )
4815         {
4816                 hfa384x_usbctlx_t *ctlx = get_active_ctlx(hw);
4817
4818                 if ( unlocked_usbctlx_cancel_async(hw, ctlx) == 0 )
4819                 {
4820                         spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
4821                         hfa384x_usbctlxq_run(hw);
4822                         goto done;
4823                 }
4824         }
4825
4826         spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
4827
4828  done:
4829         DBFEXIT;
4830 }
4831
4832 /*----------------------------------------------------------------
4833 * hfa384x_usb_throttlefn
4834 *
4835 *
4836 * Arguments:
4837 *       data    ptr to hw
4838 *
4839 * Returns:
4840 *       Nothing
4841 *
4842 * Side effects:
4843 *
4844 * Call context:
4845 *       Interrupt
4846 ----------------------------------------------------------------*/
4847 static void
4848 hfa384x_usb_throttlefn(unsigned long data)
4849 {
4850         hfa384x_t *hw = (hfa384x_t*)data;
4851         unsigned long   flags;
4852
4853         DBFENTER;
4854
4855         spin_lock_irqsave(&hw->ctlxq.lock, flags);
4856
4857         /*
4858          * We need to check BOTH the RX and the TX throttle controls,
4859          * so we use the bitwise OR instead of the logical OR.
4860          */
4861         WLAN_LOG_DEBUG(3, "flags=0x%lx\n", hw->usb_flags);
4862         if ( !hw->wlandev->hwremoved &&
4863              (
4864                (test_and_clear_bit(THROTTLE_RX, &hw->usb_flags) &&
4865                !test_and_set_bit(WORK_RX_RESUME, &hw->usb_flags))
4866                |
4867                (test_and_clear_bit(THROTTLE_TX, &hw->usb_flags) &&
4868                 !test_and_set_bit(WORK_TX_RESUME, &hw->usb_flags))
4869              ) )
4870         {
4871                 schedule_work(&hw->usb_work);
4872         }
4873
4874         spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
4875
4876         DBFEXIT;
4877 }
4878
4879
4880 /*----------------------------------------------------------------
4881 * hfa384x_usbctlx_submit
4882 *
4883 * Called from the doxxx functions to submit a CTLX to the queue
4884 *
4885 * Arguments:
4886 *       hw              ptr to the hw struct
4887 *       ctlx            ctlx structure to enqueue
4888 *
4889 * Returns:
4890 *       -ENODEV if the adapter is unplugged
4891 *       0
4892 *
4893 * Side effects:
4894 *
4895 * Call context:
4896 *       process or interrupt
4897 ----------------------------------------------------------------*/
4898 static int
4899 hfa384x_usbctlx_submit(
4900         hfa384x_t               *hw,
4901         hfa384x_usbctlx_t       *ctlx)
4902 {
4903         unsigned long flags;
4904         int ret;
4905
4906         DBFENTER;
4907
4908         spin_lock_irqsave(&hw->ctlxq.lock, flags);
4909
4910         if (hw->wlandev->hwremoved) {
4911                 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
4912                 ret = -ENODEV;
4913         } else {
4914                 ctlx->state = CTLX_PENDING;
4915                 list_add_tail(&ctlx->list, &hw->ctlxq.pending);
4916
4917                 spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
4918                 hfa384x_usbctlxq_run(hw);
4919                 ret = 0;
4920         }
4921
4922         DBFEXIT;
4923         return ret;
4924 }
4925
4926
4927 /*----------------------------------------------------------------
4928 * hfa384x_usbout_tx
4929 *
4930 * At this point we have finished a send of a frame.  Mark the URB
4931 * as available and call ev_alloc to notify higher layers we're
4932 * ready for more.
4933 *
4934 * Arguments:
4935 *       wlandev         wlan device
4936 *       usbout          ptr to the usb transfer buffer
4937 *
4938 * Returns:
4939 *       nothing
4940 *
4941 * Side effects:
4942 *
4943 * Call context:
4944 *       interrupt
4945 ----------------------------------------------------------------*/
4946 static void hfa384x_usbout_tx(wlandevice_t *wlandev, hfa384x_usbout_t *usbout)
4947 {
4948         DBFENTER;
4949
4950         prism2sta_ev_alloc(wlandev);
4951
4952         DBFEXIT;
4953 }
4954
4955 /*----------------------------------------------------------------
4956 * hfa384x_isgood_pdrcore
4957 *
4958 * Quick check of PDR codes.
4959 *
4960 * Arguments:
4961 *       pdrcode         PDR code number (host order)
4962 *
4963 * Returns:
4964 *       zero            not good.
4965 *       one             is good.
4966 *
4967 * Side effects:
4968 *
4969 * Call context:
4970 ----------------------------------------------------------------*/
4971 static int
4972 hfa384x_isgood_pdrcode(UINT16 pdrcode)
4973 {
4974         switch(pdrcode) {
4975         case HFA384x_PDR_END_OF_PDA:
4976         case HFA384x_PDR_PCB_PARTNUM:
4977         case HFA384x_PDR_PDAVER:
4978         case HFA384x_PDR_NIC_SERIAL:
4979         case HFA384x_PDR_MKK_MEASUREMENTS:
4980         case HFA384x_PDR_NIC_RAMSIZE:
4981         case HFA384x_PDR_MFISUPRANGE:
4982         case HFA384x_PDR_CFISUPRANGE:
4983         case HFA384x_PDR_NICID:
4984         case HFA384x_PDR_MAC_ADDRESS:
4985         case HFA384x_PDR_REGDOMAIN:
4986         case HFA384x_PDR_ALLOWED_CHANNEL:
4987         case HFA384x_PDR_DEFAULT_CHANNEL:
4988         case HFA384x_PDR_TEMPTYPE:
4989         case HFA384x_PDR_IFR_SETTING:
4990         case HFA384x_PDR_RFR_SETTING:
4991         case HFA384x_PDR_HFA3861_BASELINE:
4992         case HFA384x_PDR_HFA3861_SHADOW:
4993         case HFA384x_PDR_HFA3861_IFRF:
4994         case HFA384x_PDR_HFA3861_CHCALSP:
4995         case HFA384x_PDR_HFA3861_CHCALI:
4996         case HFA384x_PDR_3842_NIC_CONFIG:
4997         case HFA384x_PDR_USB_ID:
4998         case HFA384x_PDR_PCI_ID:
4999         case HFA384x_PDR_PCI_IFCONF:
5000         case HFA384x_PDR_PCI_PMCONF:
5001         case HFA384x_PDR_RFENRGY:
5002         case HFA384x_PDR_HFA3861_MANF_TESTSP:
5003         case HFA384x_PDR_HFA3861_MANF_TESTI:
5004                 /* code is OK */
5005                 return 1;
5006                 break;
5007         default:
5008                 if ( pdrcode < 0x1000 ) {
5009                         /* code is OK, but we don't know exactly what it is */
5010                         WLAN_LOG_DEBUG(3,
5011                                 "Encountered unknown PDR#=0x%04x, "
5012                                 "assuming it's ok.\n",
5013                                 pdrcode);
5014                         return 1;
5015                 } else {
5016                         /* bad code */
5017                         WLAN_LOG_DEBUG(3,
5018                                 "Encountered unknown PDR#=0x%04x, "
5019                                 "(>=0x1000), assuming it's bad.\n",
5020                                 pdrcode);
5021                         return 0;
5022                 }
5023                 break;
5024         }
5025         return 0; /* avoid compiler warnings */
5026 }
5027