linux/drivers/net/wireless/zd1211rw/zd_usb.c
<<
>>
Prefs
   1/* ZD1211 USB-WLAN driver for Linux
   2 *
   3 * Copyright (C) 2005-2007 Ulrich Kunitz <kune@deine-taler.de>
   4 * Copyright (C) 2006-2007 Daniel Drake <dsd@gentoo.org>
   5 * Copyright (C) 2006-2007 Michael Wu <flamingice@sourmilk.net>
   6 *
   7 * This program is free software; you can redistribute it and/or modify
   8 * it under the terms of the GNU General Public License as published by
   9 * the Free Software Foundation; either version 2 of the License, or
  10 * (at your option) any later version.
  11 *
  12 * This program is distributed in the hope that it will be useful,
  13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
  14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  15 * GNU General Public License for more details.
  16 *
  17 * You should have received a copy of the GNU General Public License
  18 * along with this program; if not, see <http://www.gnu.org/licenses/>.
  19 */
  20
  21#include <linux/kernel.h>
  22#include <linux/init.h>
  23#include <linux/firmware.h>
  24#include <linux/device.h>
  25#include <linux/errno.h>
  26#include <linux/slab.h>
  27#include <linux/skbuff.h>
  28#include <linux/usb.h>
  29#include <linux/workqueue.h>
  30#include <linux/module.h>
  31#include <net/mac80211.h>
  32#include <asm/unaligned.h>
  33
  34#include "zd_def.h"
  35#include "zd_mac.h"
  36#include "zd_usb.h"
  37
  38static struct usb_device_id usb_ids[] = {
  39        /* ZD1211 */
  40        { USB_DEVICE(0x0105, 0x145f), .driver_info = DEVICE_ZD1211 },
  41        { USB_DEVICE(0x0586, 0x3401), .driver_info = DEVICE_ZD1211 },
  42        { USB_DEVICE(0x0586, 0x3402), .driver_info = DEVICE_ZD1211 },
  43        { USB_DEVICE(0x0586, 0x3407), .driver_info = DEVICE_ZD1211 },
  44        { USB_DEVICE(0x0586, 0x3409), .driver_info = DEVICE_ZD1211 },
  45        { USB_DEVICE(0x079b, 0x004a), .driver_info = DEVICE_ZD1211 },
  46        { USB_DEVICE(0x07b8, 0x6001), .driver_info = DEVICE_ZD1211 },
  47        { USB_DEVICE(0x0ace, 0x1211), .driver_info = DEVICE_ZD1211 },
  48        { USB_DEVICE(0x0ace, 0xa211), .driver_info = DEVICE_ZD1211 },
  49        { USB_DEVICE(0x0b05, 0x170c), .driver_info = DEVICE_ZD1211 },
  50        { USB_DEVICE(0x0b3b, 0x1630), .driver_info = DEVICE_ZD1211 },
  51        { USB_DEVICE(0x0b3b, 0x5630), .driver_info = DEVICE_ZD1211 },
  52        { USB_DEVICE(0x0df6, 0x9071), .driver_info = DEVICE_ZD1211 },
  53        { USB_DEVICE(0x0df6, 0x9075), .driver_info = DEVICE_ZD1211 },
  54        { USB_DEVICE(0x126f, 0xa006), .driver_info = DEVICE_ZD1211 },
  55        { USB_DEVICE(0x129b, 0x1666), .driver_info = DEVICE_ZD1211 },
  56        { USB_DEVICE(0x13b1, 0x001e), .driver_info = DEVICE_ZD1211 },
  57        { USB_DEVICE(0x1435, 0x0711), .driver_info = DEVICE_ZD1211 },
  58        { USB_DEVICE(0x14ea, 0xab10), .driver_info = DEVICE_ZD1211 },
  59        { USB_DEVICE(0x14ea, 0xab13), .driver_info = DEVICE_ZD1211 },
  60        { USB_DEVICE(0x157e, 0x300a), .driver_info = DEVICE_ZD1211 },
  61        { USB_DEVICE(0x157e, 0x300b), .driver_info = DEVICE_ZD1211 },
  62        { USB_DEVICE(0x157e, 0x3204), .driver_info = DEVICE_ZD1211 },
  63        { USB_DEVICE(0x157e, 0x3207), .driver_info = DEVICE_ZD1211 },
  64        { USB_DEVICE(0x1740, 0x2000), .driver_info = DEVICE_ZD1211 },
  65        { USB_DEVICE(0x6891, 0xa727), .driver_info = DEVICE_ZD1211 },
  66        /* ZD1211B */
  67        { USB_DEVICE(0x0053, 0x5301), .driver_info = DEVICE_ZD1211B },
  68        { USB_DEVICE(0x0409, 0x0248), .driver_info = DEVICE_ZD1211B },
  69        { USB_DEVICE(0x0411, 0x00da), .driver_info = DEVICE_ZD1211B },
  70        { USB_DEVICE(0x0471, 0x1236), .driver_info = DEVICE_ZD1211B },
  71        { USB_DEVICE(0x0471, 0x1237), .driver_info = DEVICE_ZD1211B },
  72        { USB_DEVICE(0x050d, 0x705c), .driver_info = DEVICE_ZD1211B },
  73        { USB_DEVICE(0x054c, 0x0257), .driver_info = DEVICE_ZD1211B },
  74        { USB_DEVICE(0x0586, 0x340a), .driver_info = DEVICE_ZD1211B },
  75        { USB_DEVICE(0x0586, 0x340f), .driver_info = DEVICE_ZD1211B },
  76        { USB_DEVICE(0x0586, 0x3410), .driver_info = DEVICE_ZD1211B },
  77        { USB_DEVICE(0x0586, 0x3412), .driver_info = DEVICE_ZD1211B },
  78        { USB_DEVICE(0x0586, 0x3413), .driver_info = DEVICE_ZD1211B },
  79        { USB_DEVICE(0x079b, 0x0062), .driver_info = DEVICE_ZD1211B },
  80        { USB_DEVICE(0x07b8, 0x6001), .driver_info = DEVICE_ZD1211B },
  81        { USB_DEVICE(0x07fa, 0x1196), .driver_info = DEVICE_ZD1211B },
  82        { USB_DEVICE(0x083a, 0x4505), .driver_info = DEVICE_ZD1211B },
  83        { USB_DEVICE(0x083a, 0xe501), .driver_info = DEVICE_ZD1211B },
  84        { USB_DEVICE(0x083a, 0xe503), .driver_info = DEVICE_ZD1211B },
  85        { USB_DEVICE(0x083a, 0xe506), .driver_info = DEVICE_ZD1211B },
  86        { USB_DEVICE(0x0ace, 0x1215), .driver_info = DEVICE_ZD1211B },
  87        { USB_DEVICE(0x0ace, 0xb215), .driver_info = DEVICE_ZD1211B },
  88        { USB_DEVICE(0x0b05, 0x171b), .driver_info = DEVICE_ZD1211B },
  89        { USB_DEVICE(0x0baf, 0x0121), .driver_info = DEVICE_ZD1211B },
  90        { USB_DEVICE(0x0cde, 0x001a), .driver_info = DEVICE_ZD1211B },
  91        { USB_DEVICE(0x0df6, 0x0036), .driver_info = DEVICE_ZD1211B },
  92        { USB_DEVICE(0x129b, 0x1667), .driver_info = DEVICE_ZD1211B },
  93        { USB_DEVICE(0x13b1, 0x0024), .driver_info = DEVICE_ZD1211B },
  94        { USB_DEVICE(0x157e, 0x300d), .driver_info = DEVICE_ZD1211B },
  95        { USB_DEVICE(0x1582, 0x6003), .driver_info = DEVICE_ZD1211B },
  96        { USB_DEVICE(0x2019, 0x5303), .driver_info = DEVICE_ZD1211B },
  97        { USB_DEVICE(0x2019, 0xed01), .driver_info = DEVICE_ZD1211B },
  98        /* "Driverless" devices that need ejecting */
  99        { USB_DEVICE(0x0ace, 0x2011), .driver_info = DEVICE_INSTALLER },
 100        { USB_DEVICE(0x0ace, 0x20ff), .driver_info = DEVICE_INSTALLER },
 101        {}
 102};
 103
 104MODULE_LICENSE("GPL");
 105MODULE_DESCRIPTION("USB driver for devices with the ZD1211 chip.");
 106MODULE_AUTHOR("Ulrich Kunitz");
 107MODULE_AUTHOR("Daniel Drake");
 108MODULE_VERSION("1.0");
 109MODULE_DEVICE_TABLE(usb, usb_ids);
 110
 111#define FW_ZD1211_PREFIX        "zd1211/zd1211_"
 112#define FW_ZD1211B_PREFIX       "zd1211/zd1211b_"
 113
 114static bool check_read_regs(struct zd_usb *usb, struct usb_req_read_regs *req,
 115                            unsigned int count);
 116
 117/* USB device initialization */
 118static void int_urb_complete(struct urb *urb);
 119
 120static int request_fw_file(
 121        const struct firmware **fw, const char *name, struct device *device)
 122{
 123        int r;
 124
 125        dev_dbg_f(device, "fw name %s\n", name);
 126
 127        r = request_firmware(fw, name, device);
 128        if (r)
 129                dev_err(device,
 130                       "Could not load firmware file %s. Error number %d\n",
 131                       name, r);
 132        return r;
 133}
 134
 135static inline u16 get_bcdDevice(const struct usb_device *udev)
 136{
 137        return le16_to_cpu(udev->descriptor.bcdDevice);
 138}
 139
 140enum upload_code_flags {
 141        REBOOT = 1,
 142};
 143
 144/* Ensures that MAX_TRANSFER_SIZE is even. */
 145#define MAX_TRANSFER_SIZE (USB_MAX_TRANSFER_SIZE & ~1)
 146
 147static int upload_code(struct usb_device *udev,
 148        const u8 *data, size_t size, u16 code_offset, int flags)
 149{
 150        u8 *p;
 151        int r;
 152
 153        /* USB request blocks need "kmalloced" buffers.
 154         */
 155        p = kmalloc(MAX_TRANSFER_SIZE, GFP_KERNEL);
 156        if (!p) {
 157                r = -ENOMEM;
 158                goto error;
 159        }
 160
 161        size &= ~1;
 162        while (size > 0) {
 163                size_t transfer_size = size <= MAX_TRANSFER_SIZE ?
 164                        size : MAX_TRANSFER_SIZE;
 165
 166                dev_dbg_f(&udev->dev, "transfer size %zu\n", transfer_size);
 167
 168                memcpy(p, data, transfer_size);
 169                r = usb_control_msg(udev, usb_sndctrlpipe(udev, 0),
 170                        USB_REQ_FIRMWARE_DOWNLOAD,
 171                        USB_DIR_OUT | USB_TYPE_VENDOR,
 172                        code_offset, 0, p, transfer_size, 1000 /* ms */);
 173                if (r < 0) {
 174                        dev_err(&udev->dev,
 175                               "USB control request for firmware upload"
 176                               " failed. Error number %d\n", r);
 177                        goto error;
 178                }
 179                transfer_size = r & ~1;
 180
 181                size -= transfer_size;
 182                data += transfer_size;
 183                code_offset += transfer_size/sizeof(u16);
 184        }
 185
 186        if (flags & REBOOT) {
 187                u8 ret;
 188
 189                /* Use "DMA-aware" buffer. */
 190                r = usb_control_msg(udev, usb_rcvctrlpipe(udev, 0),
 191                        USB_REQ_FIRMWARE_CONFIRM,
 192                        USB_DIR_IN | USB_TYPE_VENDOR,
 193                        0, 0, p, sizeof(ret), 5000 /* ms */);
 194                if (r != sizeof(ret)) {
 195                        dev_err(&udev->dev,
 196                                "control request firmeware confirmation failed."
 197                                " Return value %d\n", r);
 198                        if (r >= 0)
 199                                r = -ENODEV;
 200                        goto error;
 201                }
 202                ret = p[0];
 203                if (ret & 0x80) {
 204                        dev_err(&udev->dev,
 205                                "Internal error while downloading."
 206                                " Firmware confirm return value %#04x\n",
 207                                (unsigned int)ret);
 208                        r = -ENODEV;
 209                        goto error;
 210                }
 211                dev_dbg_f(&udev->dev, "firmware confirm return value %#04x\n",
 212                        (unsigned int)ret);
 213        }
 214
 215        r = 0;
 216error:
 217        kfree(p);
 218        return r;
 219}
 220
 221static u16 get_word(const void *data, u16 offset)
 222{
 223        const __le16 *p = data;
 224        return le16_to_cpu(p[offset]);
 225}
 226
 227static char *get_fw_name(struct zd_usb *usb, char *buffer, size_t size,
 228                       const char* postfix)
 229{
 230        scnprintf(buffer, size, "%s%s",
 231                usb->is_zd1211b ?
 232                        FW_ZD1211B_PREFIX : FW_ZD1211_PREFIX,
 233                postfix);
 234        return buffer;
 235}
 236
 237static int handle_version_mismatch(struct zd_usb *usb,
 238        const struct firmware *ub_fw)
 239{
 240        struct usb_device *udev = zd_usb_to_usbdev(usb);
 241        const struct firmware *ur_fw = NULL;
 242        int offset;
 243        int r = 0;
 244        char fw_name[128];
 245
 246        r = request_fw_file(&ur_fw,
 247                get_fw_name(usb, fw_name, sizeof(fw_name), "ur"),
 248                &udev->dev);
 249        if (r)
 250                goto error;
 251
 252        r = upload_code(udev, ur_fw->data, ur_fw->size, FW_START, REBOOT);
 253        if (r)
 254                goto error;
 255
 256        offset = (E2P_BOOT_CODE_OFFSET * sizeof(u16));
 257        r = upload_code(udev, ub_fw->data + offset, ub_fw->size - offset,
 258                E2P_START + E2P_BOOT_CODE_OFFSET, REBOOT);
 259
 260        /* At this point, the vendor driver downloads the whole firmware
 261         * image, hacks around with version IDs, and uploads it again,
 262         * completely overwriting the boot code. We do not do this here as
 263         * it is not required on any tested devices, and it is suspected to
 264         * cause problems. */
 265error:
 266        release_firmware(ur_fw);
 267        return r;
 268}
 269
 270static int upload_firmware(struct zd_usb *usb)
 271{
 272        int r;
 273        u16 fw_bcdDevice;
 274        u16 bcdDevice;
 275        struct usb_device *udev = zd_usb_to_usbdev(usb);
 276        const struct firmware *ub_fw = NULL;
 277        const struct firmware *uph_fw = NULL;
 278        char fw_name[128];
 279
 280        bcdDevice = get_bcdDevice(udev);
 281
 282        r = request_fw_file(&ub_fw,
 283                get_fw_name(usb, fw_name, sizeof(fw_name), "ub"),
 284                &udev->dev);
 285        if (r)
 286                goto error;
 287
 288        fw_bcdDevice = get_word(ub_fw->data, E2P_DATA_OFFSET);
 289
 290        if (fw_bcdDevice != bcdDevice) {
 291                dev_info(&udev->dev,
 292                        "firmware version %#06x and device bootcode version "
 293                        "%#06x differ\n", fw_bcdDevice, bcdDevice);
 294                if (bcdDevice <= 0x4313)
 295                        dev_warn(&udev->dev, "device has old bootcode, please "
 296                                "report success or failure\n");
 297
 298                r = handle_version_mismatch(usb, ub_fw);
 299                if (r)
 300                        goto error;
 301        } else {
 302                dev_dbg_f(&udev->dev,
 303                        "firmware device id %#06x is equal to the "
 304                        "actual device id\n", fw_bcdDevice);
 305        }
 306
 307
 308        r = request_fw_file(&uph_fw,
 309                get_fw_name(usb, fw_name, sizeof(fw_name), "uphr"),
 310                &udev->dev);
 311        if (r)
 312                goto error;
 313
 314        r = upload_code(udev, uph_fw->data, uph_fw->size, FW_START, REBOOT);
 315        if (r) {
 316                dev_err(&udev->dev,
 317                        "Could not upload firmware code uph. Error number %d\n",
 318                        r);
 319        }
 320
 321        /* FALL-THROUGH */
 322error:
 323        release_firmware(ub_fw);
 324        release_firmware(uph_fw);
 325        return r;
 326}
 327
 328MODULE_FIRMWARE(FW_ZD1211B_PREFIX "ur");
 329MODULE_FIRMWARE(FW_ZD1211_PREFIX "ur");
 330MODULE_FIRMWARE(FW_ZD1211B_PREFIX "ub");
 331MODULE_FIRMWARE(FW_ZD1211_PREFIX "ub");
 332MODULE_FIRMWARE(FW_ZD1211B_PREFIX "uphr");
 333MODULE_FIRMWARE(FW_ZD1211_PREFIX "uphr");
 334
 335/* Read data from device address space using "firmware interface" which does
 336 * not require firmware to be loaded. */
 337int zd_usb_read_fw(struct zd_usb *usb, zd_addr_t addr, u8 *data, u16 len)
 338{
 339        int r;
 340        struct usb_device *udev = zd_usb_to_usbdev(usb);
 341        u8 *buf;
 342
 343        /* Use "DMA-aware" buffer. */
 344        buf = kmalloc(len, GFP_KERNEL);
 345        if (!buf)
 346                return -ENOMEM;
 347        r = usb_control_msg(udev, usb_rcvctrlpipe(udev, 0),
 348                USB_REQ_FIRMWARE_READ_DATA, USB_DIR_IN | 0x40, addr, 0,
 349                buf, len, 5000);
 350        if (r < 0) {
 351                dev_err(&udev->dev,
 352                        "read over firmware interface failed: %d\n", r);
 353                goto exit;
 354        } else if (r != len) {
 355                dev_err(&udev->dev,
 356                        "incomplete read over firmware interface: %d/%d\n",
 357                        r, len);
 358                r = -EIO;
 359                goto exit;
 360        }
 361        r = 0;
 362        memcpy(data, buf, len);
 363exit:
 364        kfree(buf);
 365        return r;
 366}
 367
 368#define urb_dev(urb) (&(urb)->dev->dev)
 369
 370static inline void handle_regs_int_override(struct urb *urb)
 371{
 372        struct zd_usb *usb = urb->context;
 373        struct zd_usb_interrupt *intr = &usb->intr;
 374
 375        spin_lock(&intr->lock);
 376        if (atomic_read(&intr->read_regs_enabled)) {
 377                atomic_set(&intr->read_regs_enabled, 0);
 378                intr->read_regs_int_overridden = 1;
 379                complete(&intr->read_regs.completion);
 380        }
 381        spin_unlock(&intr->lock);
 382}
 383
 384static inline void handle_regs_int(struct urb *urb)
 385{
 386        struct zd_usb *usb = urb->context;
 387        struct zd_usb_interrupt *intr = &usb->intr;
 388        int len;
 389        u16 int_num;
 390
 391        ZD_ASSERT(in_interrupt());
 392        spin_lock(&intr->lock);
 393
 394        int_num = le16_to_cpu(*(__le16 *)(urb->transfer_buffer+2));
 395        if (int_num == CR_INTERRUPT) {
 396                struct zd_mac *mac = zd_hw_mac(zd_usb_to_hw(urb->context));
 397                spin_lock(&mac->lock);
 398                memcpy(&mac->intr_buffer, urb->transfer_buffer,
 399                                USB_MAX_EP_INT_BUFFER);
 400                spin_unlock(&mac->lock);
 401                schedule_work(&mac->process_intr);
 402        } else if (atomic_read(&intr->read_regs_enabled)) {
 403                len = urb->actual_length;
 404                intr->read_regs.length = urb->actual_length;
 405                if (len > sizeof(intr->read_regs.buffer))
 406                        len = sizeof(intr->read_regs.buffer);
 407
 408                memcpy(intr->read_regs.buffer, urb->transfer_buffer, len);
 409
 410                /* Sometimes USB_INT_ID_REGS is not overridden, but comes after
 411                 * USB_INT_ID_RETRY_FAILED. Read-reg retry then gets this
 412                 * delayed USB_INT_ID_REGS, but leaves USB_INT_ID_REGS of
 413                 * retry unhandled. Next read-reg command then might catch
 414                 * this wrong USB_INT_ID_REGS. Fix by ignoring wrong reads.
 415                 */
 416                if (!check_read_regs(usb, intr->read_regs.req,
 417                                                intr->read_regs.req_count))
 418                        goto out;
 419
 420                atomic_set(&intr->read_regs_enabled, 0);
 421                intr->read_regs_int_overridden = 0;
 422                complete(&intr->read_regs.completion);
 423
 424                goto out;
 425        }
 426
 427out:
 428        spin_unlock(&intr->lock);
 429
 430        /* CR_INTERRUPT might override read_reg too. */
 431        if (int_num == CR_INTERRUPT && atomic_read(&intr->read_regs_enabled))
 432                handle_regs_int_override(urb);
 433}
 434
 435static void int_urb_complete(struct urb *urb)
 436{
 437        int r;
 438        struct usb_int_header *hdr;
 439        struct zd_usb *usb;
 440        struct zd_usb_interrupt *intr;
 441
 442        switch (urb->status) {
 443        case 0:
 444                break;
 445        case -ESHUTDOWN:
 446        case -EINVAL:
 447        case -ENODEV:
 448        case -ENOENT:
 449        case -ECONNRESET:
 450        case -EPIPE:
 451                dev_dbg_f(urb_dev(urb), "urb %p error %d\n", urb, urb->status);
 452                return;
 453        default:
 454                dev_dbg_f(urb_dev(urb), "urb %p error %d\n", urb, urb->status);
 455                goto resubmit;
 456        }
 457
 458        if (urb->actual_length < sizeof(hdr)) {
 459                dev_dbg_f(urb_dev(urb), "error: urb %p to small\n", urb);
 460                goto resubmit;
 461        }
 462
 463        hdr = urb->transfer_buffer;
 464        if (hdr->type != USB_INT_TYPE) {
 465                dev_dbg_f(urb_dev(urb), "error: urb %p wrong type\n", urb);
 466                goto resubmit;
 467        }
 468
 469        /* USB_INT_ID_RETRY_FAILED triggered by tx-urb submit can override
 470         * pending USB_INT_ID_REGS causing read command timeout.
 471         */
 472        usb = urb->context;
 473        intr = &usb->intr;
 474        if (hdr->id != USB_INT_ID_REGS && atomic_read(&intr->read_regs_enabled))
 475                handle_regs_int_override(urb);
 476
 477        switch (hdr->id) {
 478        case USB_INT_ID_REGS:
 479                handle_regs_int(urb);
 480                break;
 481        case USB_INT_ID_RETRY_FAILED:
 482                zd_mac_tx_failed(urb);
 483                break;
 484        default:
 485                dev_dbg_f(urb_dev(urb), "error: urb %p unknown id %x\n", urb,
 486                        (unsigned int)hdr->id);
 487                goto resubmit;
 488        }
 489
 490resubmit:
 491        r = usb_submit_urb(urb, GFP_ATOMIC);
 492        if (r) {
 493                dev_dbg_f(urb_dev(urb), "error: resubmit urb %p err code %d\n",
 494                          urb, r);
 495                /* TODO: add worker to reset intr->urb */
 496        }
 497        return;
 498}
 499
 500static inline int int_urb_interval(struct usb_device *udev)
 501{
 502        switch (udev->speed) {
 503        case USB_SPEED_HIGH:
 504                return 4;
 505        case USB_SPEED_LOW:
 506                return 10;
 507        case USB_SPEED_FULL:
 508        default:
 509                return 1;
 510        }
 511}
 512
 513static inline int usb_int_enabled(struct zd_usb *usb)
 514{
 515        unsigned long flags;
 516        struct zd_usb_interrupt *intr = &usb->intr;
 517        struct urb *urb;
 518
 519        spin_lock_irqsave(&intr->lock, flags);
 520        urb = intr->urb;
 521        spin_unlock_irqrestore(&intr->lock, flags);
 522        return urb != NULL;
 523}
 524
 525int zd_usb_enable_int(struct zd_usb *usb)
 526{
 527        int r;
 528        struct usb_device *udev = zd_usb_to_usbdev(usb);
 529        struct zd_usb_interrupt *intr = &usb->intr;
 530        struct urb *urb;
 531
 532        dev_dbg_f(zd_usb_dev(usb), "\n");
 533
 534        urb = usb_alloc_urb(0, GFP_KERNEL);
 535        if (!urb) {
 536                r = -ENOMEM;
 537                goto out;
 538        }
 539
 540        ZD_ASSERT(!irqs_disabled());
 541        spin_lock_irq(&intr->lock);
 542        if (intr->urb) {
 543                spin_unlock_irq(&intr->lock);
 544                r = 0;
 545                goto error_free_urb;
 546        }
 547        intr->urb = urb;
 548        spin_unlock_irq(&intr->lock);
 549
 550        r = -ENOMEM;
 551        intr->buffer = usb_alloc_coherent(udev, USB_MAX_EP_INT_BUFFER,
 552                                          GFP_KERNEL, &intr->buffer_dma);
 553        if (!intr->buffer) {
 554                dev_dbg_f(zd_usb_dev(usb),
 555                        "couldn't allocate transfer_buffer\n");
 556                goto error_set_urb_null;
 557        }
 558
 559        usb_fill_int_urb(urb, udev, usb_rcvintpipe(udev, EP_INT_IN),
 560                         intr->buffer, USB_MAX_EP_INT_BUFFER,
 561                         int_urb_complete, usb,
 562                         intr->interval);
 563        urb->transfer_dma = intr->buffer_dma;
 564        urb->transfer_flags |= URB_NO_TRANSFER_DMA_MAP;
 565
 566        dev_dbg_f(zd_usb_dev(usb), "submit urb %p\n", intr->urb);
 567        r = usb_submit_urb(urb, GFP_KERNEL);
 568        if (r) {
 569                dev_dbg_f(zd_usb_dev(usb),
 570                         "Couldn't submit urb. Error number %d\n", r);
 571                goto error;
 572        }
 573
 574        return 0;
 575error:
 576        usb_free_coherent(udev, USB_MAX_EP_INT_BUFFER,
 577                          intr->buffer, intr->buffer_dma);
 578error_set_urb_null:
 579        spin_lock_irq(&intr->lock);
 580        intr->urb = NULL;
 581        spin_unlock_irq(&intr->lock);
 582error_free_urb:
 583        usb_free_urb(urb);
 584out:
 585        return r;
 586}
 587
 588void zd_usb_disable_int(struct zd_usb *usb)
 589{
 590        unsigned long flags;
 591        struct usb_device *udev = zd_usb_to_usbdev(usb);
 592        struct zd_usb_interrupt *intr = &usb->intr;
 593        struct urb *urb;
 594        void *buffer;
 595        dma_addr_t buffer_dma;
 596
 597        spin_lock_irqsave(&intr->lock, flags);
 598        urb = intr->urb;
 599        if (!urb) {
 600                spin_unlock_irqrestore(&intr->lock, flags);
 601                return;
 602        }
 603        intr->urb = NULL;
 604        buffer = intr->buffer;
 605        buffer_dma = intr->buffer_dma;
 606        intr->buffer = NULL;
 607        spin_unlock_irqrestore(&intr->lock, flags);
 608
 609        usb_kill_urb(urb);
 610        dev_dbg_f(zd_usb_dev(usb), "urb %p killed\n", urb);
 611        usb_free_urb(urb);
 612
 613        if (buffer)
 614                usb_free_coherent(udev, USB_MAX_EP_INT_BUFFER,
 615                                  buffer, buffer_dma);
 616}
 617
 618static void handle_rx_packet(struct zd_usb *usb, const u8 *buffer,
 619                             unsigned int length)
 620{
 621        int i;
 622        const struct rx_length_info *length_info;
 623
 624        if (length < sizeof(struct rx_length_info)) {
 625                /* It's not a complete packet anyhow. */
 626                dev_dbg_f(zd_usb_dev(usb), "invalid, small RX packet : %d\n",
 627                                           length);
 628                return;
 629        }
 630        length_info = (struct rx_length_info *)
 631                (buffer + length - sizeof(struct rx_length_info));
 632
 633        /* It might be that three frames are merged into a single URB
 634         * transaction. We have to check for the length info tag.
 635         *
 636         * While testing we discovered that length_info might be unaligned,
 637         * because if USB transactions are merged, the last packet will not
 638         * be padded. Unaligned access might also happen if the length_info
 639         * structure is not present.
 640         */
 641        if (get_unaligned_le16(&length_info->tag) == RX_LENGTH_INFO_TAG)
 642        {
 643                unsigned int l, k, n;
 644                for (i = 0, l = 0;; i++) {
 645                        k = get_unaligned_le16(&length_info->length[i]);
 646                        if (k == 0)
 647                                return;
 648                        n = l+k;
 649                        if (n > length)
 650                                return;
 651                        zd_mac_rx(zd_usb_to_hw(usb), buffer+l, k);
 652                        if (i >= 2)
 653                                return;
 654                        l = (n+3) & ~3;
 655                }
 656        } else {
 657                zd_mac_rx(zd_usb_to_hw(usb), buffer, length);
 658        }
 659}
 660
 661static void rx_urb_complete(struct urb *urb)
 662{
 663        int r;
 664        struct zd_usb *usb;
 665        struct zd_usb_rx *rx;
 666        const u8 *buffer;
 667        unsigned int length;
 668
 669        switch (urb->status) {
 670        case 0:
 671                break;
 672        case -ESHUTDOWN:
 673        case -EINVAL:
 674        case -ENODEV:
 675        case -ENOENT:
 676        case -ECONNRESET:
 677        case -EPIPE:
 678                dev_dbg_f(urb_dev(urb), "urb %p error %d\n", urb, urb->status);
 679                return;
 680        default:
 681                dev_dbg_f(urb_dev(urb), "urb %p error %d\n", urb, urb->status);
 682                goto resubmit;
 683        }
 684
 685        buffer = urb->transfer_buffer;
 686        length = urb->actual_length;
 687        usb = urb->context;
 688        rx = &usb->rx;
 689
 690        tasklet_schedule(&rx->reset_timer_tasklet);
 691
 692        if (length%rx->usb_packet_size > rx->usb_packet_size-4) {
 693                /* If there is an old first fragment, we don't care. */
 694                dev_dbg_f(urb_dev(urb), "*** first fragment ***\n");
 695                ZD_ASSERT(length <= ARRAY_SIZE(rx->fragment));
 696                spin_lock(&rx->lock);
 697                memcpy(rx->fragment, buffer, length);
 698                rx->fragment_length = length;
 699                spin_unlock(&rx->lock);
 700                goto resubmit;
 701        }
 702
 703        spin_lock(&rx->lock);
 704        if (rx->fragment_length > 0) {
 705                /* We are on a second fragment, we believe */
 706                ZD_ASSERT(length + rx->fragment_length <=
 707                          ARRAY_SIZE(rx->fragment));
 708                dev_dbg_f(urb_dev(urb), "*** second fragment ***\n");
 709                memcpy(rx->fragment+rx->fragment_length, buffer, length);
 710                handle_rx_packet(usb, rx->fragment,
 711                                 rx->fragment_length + length);
 712                rx->fragment_length = 0;
 713                spin_unlock(&rx->lock);
 714        } else {
 715                spin_unlock(&rx->lock);
 716                handle_rx_packet(usb, buffer, length);
 717        }
 718
 719resubmit:
 720        r = usb_submit_urb(urb, GFP_ATOMIC);
 721        if (r)
 722                dev_dbg_f(urb_dev(urb), "urb %p resubmit error %d\n", urb, r);
 723}
 724
 725static struct urb *alloc_rx_urb(struct zd_usb *usb)
 726{
 727        struct usb_device *udev = zd_usb_to_usbdev(usb);
 728        struct urb *urb;
 729        void *buffer;
 730
 731        urb = usb_alloc_urb(0, GFP_KERNEL);
 732        if (!urb)
 733                return NULL;
 734        buffer = usb_alloc_coherent(udev, USB_MAX_RX_SIZE, GFP_KERNEL,
 735                                    &urb->transfer_dma);
 736        if (!buffer) {
 737                usb_free_urb(urb);
 738                return NULL;
 739        }
 740
 741        usb_fill_bulk_urb(urb, udev, usb_rcvbulkpipe(udev, EP_DATA_IN),
 742                          buffer, USB_MAX_RX_SIZE,
 743                          rx_urb_complete, usb);
 744        urb->transfer_flags |= URB_NO_TRANSFER_DMA_MAP;
 745
 746        return urb;
 747}
 748
 749static void free_rx_urb(struct urb *urb)
 750{
 751        if (!urb)
 752                return;
 753        usb_free_coherent(urb->dev, urb->transfer_buffer_length,
 754                          urb->transfer_buffer, urb->transfer_dma);
 755        usb_free_urb(urb);
 756}
 757
 758static int __zd_usb_enable_rx(struct zd_usb *usb)
 759{
 760        int i, r;
 761        struct zd_usb_rx *rx = &usb->rx;
 762        struct urb **urbs;
 763
 764        dev_dbg_f(zd_usb_dev(usb), "\n");
 765
 766        r = -ENOMEM;
 767        urbs = kcalloc(RX_URBS_COUNT, sizeof(struct urb *), GFP_KERNEL);
 768        if (!urbs)
 769                goto error;
 770        for (i = 0; i < RX_URBS_COUNT; i++) {
 771                urbs[i] = alloc_rx_urb(usb);
 772                if (!urbs[i])
 773                        goto error;
 774        }
 775
 776        ZD_ASSERT(!irqs_disabled());
 777        spin_lock_irq(&rx->lock);
 778        if (rx->urbs) {
 779                spin_unlock_irq(&rx->lock);
 780                r = 0;
 781                goto error;
 782        }
 783        rx->urbs = urbs;
 784        rx->urbs_count = RX_URBS_COUNT;
 785        spin_unlock_irq(&rx->lock);
 786
 787        for (i = 0; i < RX_URBS_COUNT; i++) {
 788                r = usb_submit_urb(urbs[i], GFP_KERNEL);
 789                if (r)
 790                        goto error_submit;
 791        }
 792
 793        return 0;
 794error_submit:
 795        for (i = 0; i < RX_URBS_COUNT; i++) {
 796                usb_kill_urb(urbs[i]);
 797        }
 798        spin_lock_irq(&rx->lock);
 799        rx->urbs = NULL;
 800        rx->urbs_count = 0;
 801        spin_unlock_irq(&rx->lock);
 802error:
 803        if (urbs) {
 804                for (i = 0; i < RX_URBS_COUNT; i++)
 805                        free_rx_urb(urbs[i]);
 806        }
 807        return r;
 808}
 809
 810int zd_usb_enable_rx(struct zd_usb *usb)
 811{
 812        int r;
 813        struct zd_usb_rx *rx = &usb->rx;
 814
 815        mutex_lock(&rx->setup_mutex);
 816        r = __zd_usb_enable_rx(usb);
 817        mutex_unlock(&rx->setup_mutex);
 818
 819        zd_usb_reset_rx_idle_timer(usb);
 820
 821        return r;
 822}
 823
 824static void __zd_usb_disable_rx(struct zd_usb *usb)
 825{
 826        int i;
 827        unsigned long flags;
 828        struct urb **urbs;
 829        unsigned int count;
 830        struct zd_usb_rx *rx = &usb->rx;
 831
 832        spin_lock_irqsave(&rx->lock, flags);
 833        urbs = rx->urbs;
 834        count = rx->urbs_count;
 835        spin_unlock_irqrestore(&rx->lock, flags);
 836        if (!urbs)
 837                return;
 838
 839        for (i = 0; i < count; i++) {
 840                usb_kill_urb(urbs[i]);
 841                free_rx_urb(urbs[i]);
 842        }
 843        kfree(urbs);
 844
 845        spin_lock_irqsave(&rx->lock, flags);
 846        rx->urbs = NULL;
 847        rx->urbs_count = 0;
 848        spin_unlock_irqrestore(&rx->lock, flags);
 849}
 850
 851void zd_usb_disable_rx(struct zd_usb *usb)
 852{
 853        struct zd_usb_rx *rx = &usb->rx;
 854
 855        mutex_lock(&rx->setup_mutex);
 856        __zd_usb_disable_rx(usb);
 857        mutex_unlock(&rx->setup_mutex);
 858
 859        tasklet_kill(&rx->reset_timer_tasklet);
 860        cancel_delayed_work_sync(&rx->idle_work);
 861}
 862
 863static void zd_usb_reset_rx(struct zd_usb *usb)
 864{
 865        bool do_reset;
 866        struct zd_usb_rx *rx = &usb->rx;
 867        unsigned long flags;
 868
 869        mutex_lock(&rx->setup_mutex);
 870
 871        spin_lock_irqsave(&rx->lock, flags);
 872        do_reset = rx->urbs != NULL;
 873        spin_unlock_irqrestore(&rx->lock, flags);
 874
 875        if (do_reset) {
 876                __zd_usb_disable_rx(usb);
 877                __zd_usb_enable_rx(usb);
 878        }
 879
 880        mutex_unlock(&rx->setup_mutex);
 881
 882        if (do_reset)
 883                zd_usb_reset_rx_idle_timer(usb);
 884}
 885
 886/**
 887 * zd_usb_disable_tx - disable transmission
 888 * @usb: the zd1211rw-private USB structure
 889 *
 890 * Frees all URBs in the free list and marks the transmission as disabled.
 891 */
 892void zd_usb_disable_tx(struct zd_usb *usb)
 893{
 894        struct zd_usb_tx *tx = &usb->tx;
 895        unsigned long flags;
 896
 897        atomic_set(&tx->enabled, 0);
 898
 899        /* kill all submitted tx-urbs */
 900        usb_kill_anchored_urbs(&tx->submitted);
 901
 902        spin_lock_irqsave(&tx->lock, flags);
 903        WARN_ON(!skb_queue_empty(&tx->submitted_skbs));
 904        WARN_ON(tx->submitted_urbs != 0);
 905        tx->submitted_urbs = 0;
 906        spin_unlock_irqrestore(&tx->lock, flags);
 907
 908        /* The stopped state is ignored, relying on ieee80211_wake_queues()
 909         * in a potentionally following zd_usb_enable_tx().
 910         */
 911}
 912
 913/**
 914 * zd_usb_enable_tx - enables transmission
 915 * @usb: a &struct zd_usb pointer
 916 *
 917 * This function enables transmission and prepares the &zd_usb_tx data
 918 * structure.
 919 */
 920void zd_usb_enable_tx(struct zd_usb *usb)
 921{
 922        unsigned long flags;
 923        struct zd_usb_tx *tx = &usb->tx;
 924
 925        spin_lock_irqsave(&tx->lock, flags);
 926        atomic_set(&tx->enabled, 1);
 927        tx->submitted_urbs = 0;
 928        ieee80211_wake_queues(zd_usb_to_hw(usb));
 929        tx->stopped = 0;
 930        spin_unlock_irqrestore(&tx->lock, flags);
 931}
 932
 933static void tx_dec_submitted_urbs(struct zd_usb *usb)
 934{
 935        struct zd_usb_tx *tx = &usb->tx;
 936        unsigned long flags;
 937
 938        spin_lock_irqsave(&tx->lock, flags);
 939        --tx->submitted_urbs;
 940        if (tx->stopped && tx->submitted_urbs <= ZD_USB_TX_LOW) {
 941                ieee80211_wake_queues(zd_usb_to_hw(usb));
 942                tx->stopped = 0;
 943        }
 944        spin_unlock_irqrestore(&tx->lock, flags);
 945}
 946
 947static void tx_inc_submitted_urbs(struct zd_usb *usb)
 948{
 949        struct zd_usb_tx *tx = &usb->tx;
 950        unsigned long flags;
 951
 952        spin_lock_irqsave(&tx->lock, flags);
 953        ++tx->submitted_urbs;
 954        if (!tx->stopped && tx->submitted_urbs > ZD_USB_TX_HIGH) {
 955                ieee80211_stop_queues(zd_usb_to_hw(usb));
 956                tx->stopped = 1;
 957        }
 958        spin_unlock_irqrestore(&tx->lock, flags);
 959}
 960
 961/**
 962 * tx_urb_complete - completes the execution of an URB
 963 * @urb: a URB
 964 *
 965 * This function is called if the URB has been transferred to a device or an
 966 * error has happened.
 967 */
 968static void tx_urb_complete(struct urb *urb)
 969{
 970        int r;
 971        struct sk_buff *skb;
 972        struct ieee80211_tx_info *info;
 973        struct zd_usb *usb;
 974        struct zd_usb_tx *tx;
 975
 976        skb = (struct sk_buff *)urb->context;
 977        info = IEEE80211_SKB_CB(skb);
 978        /*
 979         * grab 'usb' pointer before handing off the skb (since
 980         * it might be freed by zd_mac_tx_to_dev or mac80211)
 981         */
 982        usb = &zd_hw_mac(info->rate_driver_data[0])->chip.usb;
 983        tx = &usb->tx;
 984
 985        switch (urb->status) {
 986        case 0:
 987                break;
 988        case -ESHUTDOWN:
 989        case -EINVAL:
 990        case -ENODEV:
 991        case -ENOENT:
 992        case -ECONNRESET:
 993        case -EPIPE:
 994                dev_dbg_f(urb_dev(urb), "urb %p error %d\n", urb, urb->status);
 995                break;
 996        default:
 997                dev_dbg_f(urb_dev(urb), "urb %p error %d\n", urb, urb->status);
 998                goto resubmit;
 999        }
1000free_urb:
1001        skb_unlink(skb, &usb->tx.submitted_skbs);
1002        zd_mac_tx_to_dev(skb, urb->status);
1003        usb_free_urb(urb);
1004        tx_dec_submitted_urbs(usb);
1005        return;
1006resubmit:
1007        usb_anchor_urb(urb, &tx->submitted);
1008        r = usb_submit_urb(urb, GFP_ATOMIC);
1009        if (r) {
1010                usb_unanchor_urb(urb);
1011                dev_dbg_f(urb_dev(urb), "error resubmit urb %p %d\n", urb, r);
1012                goto free_urb;
1013        }
1014}
1015
1016/**
1017 * zd_usb_tx: initiates transfer of a frame of the device
1018 *
1019 * @usb: the zd1211rw-private USB structure
1020 * @skb: a &struct sk_buff pointer
1021 *
1022 * This function tranmits a frame to the device. It doesn't wait for
1023 * completion. The frame must contain the control set and have all the
1024 * control set information available.
1025 *
1026 * The function returns 0 if the transfer has been successfully initiated.
1027 */
1028int zd_usb_tx(struct zd_usb *usb, struct sk_buff *skb)
1029{
1030        int r;
1031        struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
1032        struct usb_device *udev = zd_usb_to_usbdev(usb);
1033        struct urb *urb;
1034        struct zd_usb_tx *tx = &usb->tx;
1035
1036        if (!atomic_read(&tx->enabled)) {
1037                r = -ENOENT;
1038                goto out;
1039        }
1040
1041        urb = usb_alloc_urb(0, GFP_ATOMIC);
1042        if (!urb) {
1043                r = -ENOMEM;
1044                goto out;
1045        }
1046
1047        usb_fill_bulk_urb(urb, udev, usb_sndbulkpipe(udev, EP_DATA_OUT),
1048                          skb->data, skb->len, tx_urb_complete, skb);
1049
1050        info->rate_driver_data[1] = (void *)jiffies;
1051        skb_queue_tail(&tx->submitted_skbs, skb);
1052        usb_anchor_urb(urb, &tx->submitted);
1053
1054        r = usb_submit_urb(urb, GFP_ATOMIC);
1055        if (r) {
1056                dev_dbg_f(zd_usb_dev(usb), "error submit urb %p %d\n", urb, r);
1057                usb_unanchor_urb(urb);
1058                skb_unlink(skb, &tx->submitted_skbs);
1059                goto error;
1060        }
1061        tx_inc_submitted_urbs(usb);
1062        return 0;
1063error:
1064        usb_free_urb(urb);
1065out:
1066        return r;
1067}
1068
1069static bool zd_tx_timeout(struct zd_usb *usb)
1070{
1071        struct zd_usb_tx *tx = &usb->tx;
1072        struct sk_buff_head *q = &tx->submitted_skbs;
1073        struct sk_buff *skb, *skbnext;
1074        struct ieee80211_tx_info *info;
1075        unsigned long flags, trans_start;
1076        bool have_timedout = false;
1077
1078        spin_lock_irqsave(&q->lock, flags);
1079        skb_queue_walk_safe(q, skb, skbnext) {
1080                info = IEEE80211_SKB_CB(skb);
1081                trans_start = (unsigned long)info->rate_driver_data[1];
1082
1083                if (time_is_before_jiffies(trans_start + ZD_TX_TIMEOUT)) {
1084                        have_timedout = true;
1085                        break;
1086                }
1087        }
1088        spin_unlock_irqrestore(&q->lock, flags);
1089
1090        return have_timedout;
1091}
1092
1093static void zd_tx_watchdog_handler(struct work_struct *work)
1094{
1095        struct zd_usb *usb =
1096                container_of(work, struct zd_usb, tx.watchdog_work.work);
1097        struct zd_usb_tx *tx = &usb->tx;
1098
1099        if (!atomic_read(&tx->enabled) || !tx->watchdog_enabled)
1100                goto out;
1101        if (!zd_tx_timeout(usb))
1102                goto out;
1103
1104        /* TX halted, try reset */
1105        dev_warn(zd_usb_dev(usb), "TX-stall detected, resetting device...");
1106
1107        usb_queue_reset_device(usb->intf);
1108
1109        /* reset will stop this worker, don't rearm */
1110        return;
1111out:
1112        queue_delayed_work(zd_workqueue, &tx->watchdog_work,
1113                           ZD_TX_WATCHDOG_INTERVAL);
1114}
1115
1116void zd_tx_watchdog_enable(struct zd_usb *usb)
1117{
1118        struct zd_usb_tx *tx = &usb->tx;
1119
1120        if (!tx->watchdog_enabled) {
1121                dev_dbg_f(zd_usb_dev(usb), "\n");
1122                queue_delayed_work(zd_workqueue, &tx->watchdog_work,
1123                                   ZD_TX_WATCHDOG_INTERVAL);
1124                tx->watchdog_enabled = 1;
1125        }
1126}
1127
1128void zd_tx_watchdog_disable(struct zd_usb *usb)
1129{
1130        struct zd_usb_tx *tx = &usb->tx;
1131
1132        if (tx->watchdog_enabled) {
1133                dev_dbg_f(zd_usb_dev(usb), "\n");
1134                tx->watchdog_enabled = 0;
1135                cancel_delayed_work_sync(&tx->watchdog_work);
1136        }
1137}
1138
1139static void zd_rx_idle_timer_handler(struct work_struct *work)
1140{
1141        struct zd_usb *usb =
1142                container_of(work, struct zd_usb, rx.idle_work.work);
1143        struct zd_mac *mac = zd_usb_to_mac(usb);
1144
1145        if (!test_bit(ZD_DEVICE_RUNNING, &mac->flags))
1146                return;
1147
1148        dev_dbg_f(zd_usb_dev(usb), "\n");
1149
1150        /* 30 seconds since last rx, reset rx */
1151        zd_usb_reset_rx(usb);
1152}
1153
1154static void zd_usb_reset_rx_idle_timer_tasklet(unsigned long param)
1155{
1156        struct zd_usb *usb = (struct zd_usb *)param;
1157
1158        zd_usb_reset_rx_idle_timer(usb);
1159}
1160
1161void zd_usb_reset_rx_idle_timer(struct zd_usb *usb)
1162{
1163        struct zd_usb_rx *rx = &usb->rx;
1164
1165        mod_delayed_work(zd_workqueue, &rx->idle_work, ZD_RX_IDLE_INTERVAL);
1166}
1167
1168static inline void init_usb_interrupt(struct zd_usb *usb)
1169{
1170        struct zd_usb_interrupt *intr = &usb->intr;
1171
1172        spin_lock_init(&intr->lock);
1173        intr->interval = int_urb_interval(zd_usb_to_usbdev(usb));
1174        init_completion(&intr->read_regs.completion);
1175        atomic_set(&intr->read_regs_enabled, 0);
1176        intr->read_regs.cr_int_addr = cpu_to_le16((u16)CR_INTERRUPT);
1177}
1178
1179static inline void init_usb_rx(struct zd_usb *usb)
1180{
1181        struct zd_usb_rx *rx = &usb->rx;
1182
1183        spin_lock_init(&rx->lock);
1184        mutex_init(&rx->setup_mutex);
1185        if (interface_to_usbdev(usb->intf)->speed == USB_SPEED_HIGH) {
1186                rx->usb_packet_size = 512;
1187        } else {
1188                rx->usb_packet_size = 64;
1189        }
1190        ZD_ASSERT(rx->fragment_length == 0);
1191        INIT_DELAYED_WORK(&rx->idle_work, zd_rx_idle_timer_handler);
1192        rx->reset_timer_tasklet.func = zd_usb_reset_rx_idle_timer_tasklet;
1193        rx->reset_timer_tasklet.data = (unsigned long)usb;
1194}
1195
1196static inline void init_usb_tx(struct zd_usb *usb)
1197{
1198        struct zd_usb_tx *tx = &usb->tx;
1199
1200        spin_lock_init(&tx->lock);
1201        atomic_set(&tx->enabled, 0);
1202        tx->stopped = 0;
1203        skb_queue_head_init(&tx->submitted_skbs);
1204        init_usb_anchor(&tx->submitted);
1205        tx->submitted_urbs = 0;
1206        tx->watchdog_enabled = 0;
1207        INIT_DELAYED_WORK(&tx->watchdog_work, zd_tx_watchdog_handler);
1208}
1209
1210void zd_usb_init(struct zd_usb *usb, struct ieee80211_hw *hw,
1211                 struct usb_interface *intf)
1212{
1213        memset(usb, 0, sizeof(*usb));
1214        usb->intf = usb_get_intf(intf);
1215        usb_set_intfdata(usb->intf, hw);
1216        init_usb_anchor(&usb->submitted_cmds);
1217        init_usb_interrupt(usb);
1218        init_usb_tx(usb);
1219        init_usb_rx(usb);
1220}
1221
1222void zd_usb_clear(struct zd_usb *usb)
1223{
1224        usb_set_intfdata(usb->intf, NULL);
1225        usb_put_intf(usb->intf);
1226        ZD_MEMCLEAR(usb, sizeof(*usb));
1227        /* FIXME: usb_interrupt, usb_tx, usb_rx? */
1228}
1229
1230static const char *speed(enum usb_device_speed speed)
1231{
1232        switch (speed) {
1233        case USB_SPEED_LOW:
1234                return "low";
1235        case USB_SPEED_FULL:
1236                return "full";
1237        case USB_SPEED_HIGH:
1238                return "high";
1239        default:
1240                return "unknown speed";
1241        }
1242}
1243
1244static int scnprint_id(struct usb_device *udev, char *buffer, size_t size)
1245{
1246        return scnprintf(buffer, size, "%04hx:%04hx v%04hx %s",
1247                le16_to_cpu(udev->descriptor.idVendor),
1248                le16_to_cpu(udev->descriptor.idProduct),
1249                get_bcdDevice(udev),
1250                speed(udev->speed));
1251}
1252
1253int zd_usb_scnprint_id(struct zd_usb *usb, char *buffer, size_t size)
1254{
1255        struct usb_device *udev = interface_to_usbdev(usb->intf);
1256        return scnprint_id(udev, buffer, size);
1257}
1258
1259#ifdef DEBUG
1260static void print_id(struct usb_device *udev)
1261{
1262        char buffer[40];
1263
1264        scnprint_id(udev, buffer, sizeof(buffer));
1265        buffer[sizeof(buffer)-1] = 0;
1266        dev_dbg_f(&udev->dev, "%s\n", buffer);
1267}
1268#else
1269#define print_id(udev) do { } while (0)
1270#endif
1271
1272static int eject_installer(struct usb_interface *intf)
1273{
1274        struct usb_device *udev = interface_to_usbdev(intf);
1275        struct usb_host_interface *iface_desc = &intf->altsetting[0];
1276        struct usb_endpoint_descriptor *endpoint;
1277        unsigned char *cmd;
1278        u8 bulk_out_ep;
1279        int r;
1280
1281        /* Find bulk out endpoint */
1282        for (r = 1; r >= 0; r--) {
1283                endpoint = &iface_desc->endpoint[r].desc;
1284                if (usb_endpoint_dir_out(endpoint) &&
1285                    usb_endpoint_xfer_bulk(endpoint)) {
1286                        bulk_out_ep = endpoint->bEndpointAddress;
1287                        break;
1288                }
1289        }
1290        if (r == -1) {
1291                dev_err(&udev->dev,
1292                        "zd1211rw: Could not find bulk out endpoint\n");
1293                return -ENODEV;
1294        }
1295
1296        cmd = kzalloc(31, GFP_KERNEL);
1297        if (cmd == NULL)
1298                return -ENODEV;
1299
1300        /* USB bulk command block */
1301        cmd[0] = 0x55;  /* bulk command signature */
1302        cmd[1] = 0x53;  /* bulk command signature */
1303        cmd[2] = 0x42;  /* bulk command signature */
1304        cmd[3] = 0x43;  /* bulk command signature */
1305        cmd[14] = 6;    /* command length */
1306
1307        cmd[15] = 0x1b; /* SCSI command: START STOP UNIT */
1308        cmd[19] = 0x2;  /* eject disc */
1309
1310        dev_info(&udev->dev, "Ejecting virtual installer media...\n");
1311        r = usb_bulk_msg(udev, usb_sndbulkpipe(udev, bulk_out_ep),
1312                cmd, 31, NULL, 2000);
1313        kfree(cmd);
1314        if (r)
1315                return r;
1316
1317        /* At this point, the device disconnects and reconnects with the real
1318         * ID numbers. */
1319
1320        usb_set_intfdata(intf, NULL);
1321        return 0;
1322}
1323
1324int zd_usb_init_hw(struct zd_usb *usb)
1325{
1326        int r;
1327        struct zd_mac *mac = zd_usb_to_mac(usb);
1328
1329        dev_dbg_f(zd_usb_dev(usb), "\n");
1330
1331        r = upload_firmware(usb);
1332        if (r) {
1333                dev_err(zd_usb_dev(usb),
1334                       "couldn't load firmware. Error number %d\n", r);
1335                return r;
1336        }
1337
1338        r = usb_reset_configuration(zd_usb_to_usbdev(usb));
1339        if (r) {
1340                dev_dbg_f(zd_usb_dev(usb),
1341                        "couldn't reset configuration. Error number %d\n", r);
1342                return r;
1343        }
1344
1345        r = zd_mac_init_hw(mac->hw);
1346        if (r) {
1347                dev_dbg_f(zd_usb_dev(usb),
1348                         "couldn't initialize mac. Error number %d\n", r);
1349                return r;
1350        }
1351
1352        usb->initialized = 1;
1353        return 0;
1354}
1355
1356static int probe(struct usb_interface *intf, const struct usb_device_id *id)
1357{
1358        int r;
1359        struct usb_device *udev = interface_to_usbdev(intf);
1360        struct zd_usb *usb;
1361        struct ieee80211_hw *hw = NULL;
1362
1363        print_id(udev);
1364
1365        if (id->driver_info & DEVICE_INSTALLER)
1366                return eject_installer(intf);
1367
1368        switch (udev->speed) {
1369        case USB_SPEED_LOW:
1370        case USB_SPEED_FULL:
1371        case USB_SPEED_HIGH:
1372                break;
1373        default:
1374                dev_dbg_f(&intf->dev, "Unknown USB speed\n");
1375                r = -ENODEV;
1376                goto error;
1377        }
1378
1379        r = usb_reset_device(udev);
1380        if (r) {
1381                dev_err(&intf->dev,
1382                        "couldn't reset usb device. Error number %d\n", r);
1383                goto error;
1384        }
1385
1386        hw = zd_mac_alloc_hw(intf);
1387        if (hw == NULL) {
1388                r = -ENOMEM;
1389                goto error;
1390        }
1391
1392        usb = &zd_hw_mac(hw)->chip.usb;
1393        usb->is_zd1211b = (id->driver_info == DEVICE_ZD1211B) != 0;
1394
1395        r = zd_mac_preinit_hw(hw);
1396        if (r) {
1397                dev_dbg_f(&intf->dev,
1398                         "couldn't initialize mac. Error number %d\n", r);
1399                goto error;
1400        }
1401
1402        r = ieee80211_register_hw(hw);
1403        if (r) {
1404                dev_dbg_f(&intf->dev,
1405                         "couldn't register device. Error number %d\n", r);
1406                goto error;
1407        }
1408
1409        dev_dbg_f(&intf->dev, "successful\n");
1410        dev_info(&intf->dev, "%s\n", wiphy_name(hw->wiphy));
1411        return 0;
1412error:
1413        usb_reset_device(interface_to_usbdev(intf));
1414        if (hw) {
1415                zd_mac_clear(zd_hw_mac(hw));
1416                ieee80211_free_hw(hw);
1417        }
1418        return r;
1419}
1420
1421static void disconnect(struct usb_interface *intf)
1422{
1423        struct ieee80211_hw *hw = zd_intf_to_hw(intf);
1424        struct zd_mac *mac;
1425        struct zd_usb *usb;
1426
1427        /* Either something really bad happened, or we're just dealing with
1428         * a DEVICE_INSTALLER. */
1429        if (hw == NULL)
1430                return;
1431
1432        mac = zd_hw_mac(hw);
1433        usb = &mac->chip.usb;
1434
1435        dev_dbg_f(zd_usb_dev(usb), "\n");
1436
1437        ieee80211_unregister_hw(hw);
1438
1439        /* Just in case something has gone wrong! */
1440        zd_usb_disable_tx(usb);
1441        zd_usb_disable_rx(usb);
1442        zd_usb_disable_int(usb);
1443
1444        /* If the disconnect has been caused by a removal of the
1445         * driver module, the reset allows reloading of the driver. If the
1446         * reset will not be executed here, the upload of the firmware in the
1447         * probe function caused by the reloading of the driver will fail.
1448         */
1449        usb_reset_device(interface_to_usbdev(intf));
1450
1451        zd_mac_clear(mac);
1452        ieee80211_free_hw(hw);
1453        dev_dbg(&intf->dev, "disconnected\n");
1454}
1455
1456static void zd_usb_resume(struct zd_usb *usb)
1457{
1458        struct zd_mac *mac = zd_usb_to_mac(usb);
1459        int r;
1460
1461        dev_dbg_f(zd_usb_dev(usb), "\n");
1462
1463        r = zd_op_start(zd_usb_to_hw(usb));
1464        if (r < 0) {
1465                dev_warn(zd_usb_dev(usb), "Device resume failed "
1466                         "with error code %d. Retrying...\n", r);
1467                if (usb->was_running)
1468                        set_bit(ZD_DEVICE_RUNNING, &mac->flags);
1469                usb_queue_reset_device(usb->intf);
1470                return;
1471        }
1472
1473        if (mac->type != NL80211_IFTYPE_UNSPECIFIED) {
1474                r = zd_restore_settings(mac);
1475                if (r < 0) {
1476                        dev_dbg(zd_usb_dev(usb),
1477                                "failed to restore settings, %d\n", r);
1478                        return;
1479                }
1480        }
1481}
1482
1483static void zd_usb_stop(struct zd_usb *usb)
1484{
1485        dev_dbg_f(zd_usb_dev(usb), "\n");
1486
1487        zd_op_stop(zd_usb_to_hw(usb));
1488
1489        zd_usb_disable_tx(usb);
1490        zd_usb_disable_rx(usb);
1491        zd_usb_disable_int(usb);
1492
1493        usb->initialized = 0;
1494}
1495
1496static int pre_reset(struct usb_interface *intf)
1497{
1498        struct ieee80211_hw *hw = usb_get_intfdata(intf);
1499        struct zd_mac *mac;
1500        struct zd_usb *usb;
1501
1502        if (!hw || intf->condition != USB_INTERFACE_BOUND)
1503                return 0;
1504
1505        mac = zd_hw_mac(hw);
1506        usb = &mac->chip.usb;
1507
1508        usb->was_running = test_bit(ZD_DEVICE_RUNNING, &mac->flags);
1509
1510        zd_usb_stop(usb);
1511
1512        mutex_lock(&mac->chip.mutex);
1513        return 0;
1514}
1515
1516static int post_reset(struct usb_interface *intf)
1517{
1518        struct ieee80211_hw *hw = usb_get_intfdata(intf);
1519        struct zd_mac *mac;
1520        struct zd_usb *usb;
1521
1522        if (!hw || intf->condition != USB_INTERFACE_BOUND)
1523                return 0;
1524
1525        mac = zd_hw_mac(hw);
1526        usb = &mac->chip.usb;
1527
1528        mutex_unlock(&mac->chip.mutex);
1529
1530        if (usb->was_running)
1531                zd_usb_resume(usb);
1532        return 0;
1533}
1534
1535static struct usb_driver driver = {
1536        .name           = KBUILD_MODNAME,
1537        .id_table       = usb_ids,
1538        .probe          = probe,
1539        .disconnect     = disconnect,
1540        .pre_reset      = pre_reset,
1541        .post_reset     = post_reset,
1542        .disable_hub_initiated_lpm = 1,
1543};
1544
1545struct workqueue_struct *zd_workqueue;
1546
1547static int __init usb_init(void)
1548{
1549        int r;
1550
1551        pr_debug("%s usb_init()\n", driver.name);
1552
1553        zd_workqueue = create_singlethread_workqueue(driver.name);
1554        if (zd_workqueue == NULL) {
1555                printk(KERN_ERR "%s couldn't create workqueue\n", driver.name);
1556                return -ENOMEM;
1557        }
1558
1559        r = usb_register(&driver);
1560        if (r) {
1561                destroy_workqueue(zd_workqueue);
1562                printk(KERN_ERR "%s usb_register() failed. Error number %d\n",
1563                       driver.name, r);
1564                return r;
1565        }
1566
1567        pr_debug("%s initialized\n", driver.name);
1568        return 0;
1569}
1570
1571static void __exit usb_exit(void)
1572{
1573        pr_debug("%s usb_exit()\n", driver.name);
1574        usb_deregister(&driver);
1575        destroy_workqueue(zd_workqueue);
1576}
1577
1578module_init(usb_init);
1579module_exit(usb_exit);
1580
1581static int zd_ep_regs_out_msg(struct usb_device *udev, void *data, int len,
1582                              int *actual_length, int timeout)
1583{
1584        /* In USB 2.0 mode EP_REGS_OUT endpoint is interrupt type. However in
1585         * USB 1.1 mode endpoint is bulk. Select correct type URB by endpoint
1586         * descriptor.
1587         */
1588        struct usb_host_endpoint *ep;
1589        unsigned int pipe;
1590
1591        pipe = usb_sndintpipe(udev, EP_REGS_OUT);
1592        ep = usb_pipe_endpoint(udev, pipe);
1593        if (!ep)
1594                return -EINVAL;
1595
1596        if (usb_endpoint_xfer_int(&ep->desc)) {
1597                return usb_interrupt_msg(udev, pipe, data, len,
1598                                         actual_length, timeout);
1599        } else {
1600                pipe = usb_sndbulkpipe(udev, EP_REGS_OUT);
1601                return usb_bulk_msg(udev, pipe, data, len, actual_length,
1602                                    timeout);
1603        }
1604}
1605
1606static int usb_int_regs_length(unsigned int count)
1607{
1608        return sizeof(struct usb_int_regs) + count * sizeof(struct reg_data);
1609}
1610
1611static void prepare_read_regs_int(struct zd_usb *usb,
1612                                  struct usb_req_read_regs *req,
1613                                  unsigned int count)
1614{
1615        struct zd_usb_interrupt *intr = &usb->intr;
1616
1617        spin_lock_irq(&intr->lock);
1618        atomic_set(&intr->read_regs_enabled, 1);
1619        intr->read_regs.req = req;
1620        intr->read_regs.req_count = count;
1621        reinit_completion(&intr->read_regs.completion);
1622        spin_unlock_irq(&intr->lock);
1623}
1624
1625static void disable_read_regs_int(struct zd_usb *usb)
1626{
1627        struct zd_usb_interrupt *intr = &usb->intr;
1628
1629        spin_lock_irq(&intr->lock);
1630        atomic_set(&intr->read_regs_enabled, 0);
1631        spin_unlock_irq(&intr->lock);
1632}
1633
1634static bool check_read_regs(struct zd_usb *usb, struct usb_req_read_regs *req,
1635                            unsigned int count)
1636{
1637        int i;
1638        struct zd_usb_interrupt *intr = &usb->intr;
1639        struct read_regs_int *rr = &intr->read_regs;
1640        struct usb_int_regs *regs = (struct usb_int_regs *)rr->buffer;
1641
1642        /* The created block size seems to be larger than expected.
1643         * However results appear to be correct.
1644         */
1645        if (rr->length < usb_int_regs_length(count)) {
1646                dev_dbg_f(zd_usb_dev(usb),
1647                         "error: actual length %d less than expected %d\n",
1648                         rr->length, usb_int_regs_length(count));
1649                return false;
1650        }
1651
1652        if (rr->length > sizeof(rr->buffer)) {
1653                dev_dbg_f(zd_usb_dev(usb),
1654                         "error: actual length %d exceeds buffer size %zu\n",
1655                         rr->length, sizeof(rr->buffer));
1656                return false;
1657        }
1658
1659        for (i = 0; i < count; i++) {
1660                struct reg_data *rd = &regs->regs[i];
1661                if (rd->addr != req->addr[i]) {
1662                        dev_dbg_f(zd_usb_dev(usb),
1663                                 "rd[%d] addr %#06hx expected %#06hx\n", i,
1664                                 le16_to_cpu(rd->addr),
1665                                 le16_to_cpu(req->addr[i]));
1666                        return false;
1667                }
1668        }
1669
1670        return true;
1671}
1672
1673static int get_results(struct zd_usb *usb, u16 *values,
1674                       struct usb_req_read_regs *req, unsigned int count,
1675                       bool *retry)
1676{
1677        int r;
1678        int i;
1679        struct zd_usb_interrupt *intr = &usb->intr;
1680        struct read_regs_int *rr = &intr->read_regs;
1681        struct usb_int_regs *regs = (struct usb_int_regs *)rr->buffer;
1682
1683        spin_lock_irq(&intr->lock);
1684
1685        r = -EIO;
1686
1687        /* Read failed because firmware bug? */
1688        *retry = !!intr->read_regs_int_overridden;
1689        if (*retry)
1690                goto error_unlock;
1691
1692        if (!check_read_regs(usb, req, count)) {
1693                dev_dbg_f(zd_usb_dev(usb), "error: invalid read regs\n");
1694                goto error_unlock;
1695        }
1696
1697        for (i = 0; i < count; i++) {
1698                struct reg_data *rd = &regs->regs[i];
1699                values[i] = le16_to_cpu(rd->value);
1700        }
1701
1702        r = 0;
1703error_unlock:
1704        spin_unlock_irq(&intr->lock);
1705        return r;
1706}
1707
1708int zd_usb_ioread16v(struct zd_usb *usb, u16 *values,
1709                     const zd_addr_t *addresses, unsigned int count)
1710{
1711        int r, i, req_len, actual_req_len, try_count = 0;
1712        struct usb_device *udev;
1713        struct usb_req_read_regs *req = NULL;
1714        unsigned long timeout;
1715        bool retry = false;
1716
1717        if (count < 1) {
1718                dev_dbg_f(zd_usb_dev(usb), "error: count is zero\n");
1719                return -EINVAL;
1720        }
1721        if (count > USB_MAX_IOREAD16_COUNT) {
1722                dev_dbg_f(zd_usb_dev(usb),
1723                         "error: count %u exceeds possible max %u\n",
1724                         count, USB_MAX_IOREAD16_COUNT);
1725                return -EINVAL;
1726        }
1727        if (in_atomic()) {
1728                dev_dbg_f(zd_usb_dev(usb),
1729                         "error: io in atomic context not supported\n");
1730                return -EWOULDBLOCK;
1731        }
1732        if (!usb_int_enabled(usb)) {
1733                dev_dbg_f(zd_usb_dev(usb),
1734                          "error: usb interrupt not enabled\n");
1735                return -EWOULDBLOCK;
1736        }
1737
1738        ZD_ASSERT(mutex_is_locked(&zd_usb_to_chip(usb)->mutex));
1739        BUILD_BUG_ON(sizeof(struct usb_req_read_regs) + USB_MAX_IOREAD16_COUNT *
1740                     sizeof(__le16) > sizeof(usb->req_buf));
1741        BUG_ON(sizeof(struct usb_req_read_regs) + count * sizeof(__le16) >
1742               sizeof(usb->req_buf));
1743
1744        req_len = sizeof(struct usb_req_read_regs) + count * sizeof(__le16);
1745        req = (void *)usb->req_buf;
1746
1747        req->id = cpu_to_le16(USB_REQ_READ_REGS);
1748        for (i = 0; i < count; i++)
1749                req->addr[i] = cpu_to_le16((u16)addresses[i]);
1750
1751retry_read:
1752        try_count++;
1753        udev = zd_usb_to_usbdev(usb);
1754        prepare_read_regs_int(usb, req, count);
1755        r = zd_ep_regs_out_msg(udev, req, req_len, &actual_req_len, 50 /*ms*/);
1756        if (r) {
1757                dev_dbg_f(zd_usb_dev(usb),
1758                        "error in zd_ep_regs_out_msg(). Error number %d\n", r);
1759                goto error;
1760        }
1761        if (req_len != actual_req_len) {
1762                dev_dbg_f(zd_usb_dev(usb), "error in zd_ep_regs_out_msg()\n"
1763                        " req_len %d != actual_req_len %d\n",
1764                        req_len, actual_req_len);
1765                r = -EIO;
1766                goto error;
1767        }
1768
1769        timeout = wait_for_completion_timeout(&usb->intr.read_regs.completion,
1770                                              msecs_to_jiffies(50));
1771        if (!timeout) {
1772                disable_read_regs_int(usb);
1773                dev_dbg_f(zd_usb_dev(usb), "read timed out\n");
1774                r = -ETIMEDOUT;
1775                goto error;
1776        }
1777
1778        r = get_results(usb, values, req, count, &retry);
1779        if (retry && try_count < 20) {
1780                dev_dbg_f(zd_usb_dev(usb), "read retry, tries so far: %d\n",
1781                                try_count);
1782                goto retry_read;
1783        }
1784error:
1785        return r;
1786}
1787
1788static void iowrite16v_urb_complete(struct urb *urb)
1789{
1790        struct zd_usb *usb = urb->context;
1791
1792        if (urb->status && !usb->cmd_error)
1793                usb->cmd_error = urb->status;
1794
1795        if (!usb->cmd_error &&
1796                        urb->actual_length != urb->transfer_buffer_length)
1797                usb->cmd_error = -EIO;
1798}
1799
1800static int zd_submit_waiting_urb(struct zd_usb *usb, bool last)
1801{
1802        int r = 0;
1803        struct urb *urb = usb->urb_async_waiting;
1804
1805        if (!urb)
1806                return 0;
1807
1808        usb->urb_async_waiting = NULL;
1809
1810        if (!last)
1811                urb->transfer_flags |= URB_NO_INTERRUPT;
1812
1813        usb_anchor_urb(urb, &usb->submitted_cmds);
1814        r = usb_submit_urb(urb, GFP_KERNEL);
1815        if (r) {
1816                usb_unanchor_urb(urb);
1817                dev_dbg_f(zd_usb_dev(usb),
1818                        "error in usb_submit_urb(). Error number %d\n", r);
1819                goto error;
1820        }
1821
1822        /* fall-through with r == 0 */
1823error:
1824        usb_free_urb(urb);
1825        return r;
1826}
1827
1828void zd_usb_iowrite16v_async_start(struct zd_usb *usb)
1829{
1830        ZD_ASSERT(usb_anchor_empty(&usb->submitted_cmds));
1831        ZD_ASSERT(usb->urb_async_waiting == NULL);
1832        ZD_ASSERT(!usb->in_async);
1833
1834        ZD_ASSERT(mutex_is_locked(&zd_usb_to_chip(usb)->mutex));
1835
1836        usb->in_async = 1;
1837        usb->cmd_error = 0;
1838        usb->urb_async_waiting = NULL;
1839}
1840
1841int zd_usb_iowrite16v_async_end(struct zd_usb *usb, unsigned int timeout)
1842{
1843        int r;
1844
1845        ZD_ASSERT(mutex_is_locked(&zd_usb_to_chip(usb)->mutex));
1846        ZD_ASSERT(usb->in_async);
1847
1848        /* Submit last iowrite16v URB */
1849        r = zd_submit_waiting_urb(usb, true);
1850        if (r) {
1851                dev_dbg_f(zd_usb_dev(usb),
1852                        "error in zd_submit_waiting_usb(). "
1853                        "Error number %d\n", r);
1854
1855                usb_kill_anchored_urbs(&usb->submitted_cmds);
1856                goto error;
1857        }
1858
1859        if (timeout)
1860                timeout = usb_wait_anchor_empty_timeout(&usb->submitted_cmds,
1861                                                        timeout);
1862        if (!timeout) {
1863                usb_kill_anchored_urbs(&usb->submitted_cmds);
1864                if (usb->cmd_error == -ENOENT) {
1865                        dev_dbg_f(zd_usb_dev(usb), "timed out");
1866                        r = -ETIMEDOUT;
1867                        goto error;
1868                }
1869        }
1870
1871        r = usb->cmd_error;
1872error:
1873        usb->in_async = 0;
1874        return r;
1875}
1876
1877int zd_usb_iowrite16v_async(struct zd_usb *usb, const struct zd_ioreq16 *ioreqs,
1878                            unsigned int count)
1879{
1880        int r;
1881        struct usb_device *udev;
1882        struct usb_req_write_regs *req = NULL;
1883        int i, req_len;
1884        struct urb *urb;
1885        struct usb_host_endpoint *ep;
1886
1887        ZD_ASSERT(mutex_is_locked(&zd_usb_to_chip(usb)->mutex));
1888        ZD_ASSERT(usb->in_async);
1889
1890        if (count == 0)
1891                return 0;
1892        if (count > USB_MAX_IOWRITE16_COUNT) {
1893                dev_dbg_f(zd_usb_dev(usb),
1894                        "error: count %u exceeds possible max %u\n",
1895                        count, USB_MAX_IOWRITE16_COUNT);
1896                return -EINVAL;
1897        }
1898        if (in_atomic()) {
1899                dev_dbg_f(zd_usb_dev(usb),
1900                        "error: io in atomic context not supported\n");
1901                return -EWOULDBLOCK;
1902        }
1903
1904        udev = zd_usb_to_usbdev(usb);
1905
1906        ep = usb_pipe_endpoint(udev, usb_sndintpipe(udev, EP_REGS_OUT));
1907        if (!ep)
1908                return -ENOENT;
1909
1910        urb = usb_alloc_urb(0, GFP_KERNEL);
1911        if (!urb)
1912                return -ENOMEM;
1913
1914        req_len = sizeof(struct usb_req_write_regs) +
1915                  count * sizeof(struct reg_data);
1916        req = kmalloc(req_len, GFP_KERNEL);
1917        if (!req) {
1918                r = -ENOMEM;
1919                goto error;
1920        }
1921
1922        req->id = cpu_to_le16(USB_REQ_WRITE_REGS);
1923        for (i = 0; i < count; i++) {
1924                struct reg_data *rw  = &req->reg_writes[i];
1925                rw->addr = cpu_to_le16((u16)ioreqs[i].addr);
1926                rw->value = cpu_to_le16(ioreqs[i].value);
1927        }
1928
1929        /* In USB 2.0 mode endpoint is interrupt type. However in USB 1.1 mode
1930         * endpoint is bulk. Select correct type URB by endpoint descriptor.
1931         */
1932        if (usb_endpoint_xfer_int(&ep->desc))
1933                usb_fill_int_urb(urb, udev, usb_sndintpipe(udev, EP_REGS_OUT),
1934                                 req, req_len, iowrite16v_urb_complete, usb,
1935                                 ep->desc.bInterval);
1936        else
1937                usb_fill_bulk_urb(urb, udev, usb_sndbulkpipe(udev, EP_REGS_OUT),
1938                                  req, req_len, iowrite16v_urb_complete, usb);
1939
1940        urb->transfer_flags |= URB_FREE_BUFFER;
1941
1942        /* Submit previous URB */
1943        r = zd_submit_waiting_urb(usb, false);
1944        if (r) {
1945                dev_dbg_f(zd_usb_dev(usb),
1946                        "error in zd_submit_waiting_usb(). "
1947                        "Error number %d\n", r);
1948                goto error;
1949        }
1950
1951        /* Delay submit so that URB_NO_INTERRUPT flag can be set for all URBs
1952         * of currect batch except for very last.
1953         */
1954        usb->urb_async_waiting = urb;
1955        return 0;
1956error:
1957        usb_free_urb(urb);
1958        return r;
1959}
1960
1961int zd_usb_iowrite16v(struct zd_usb *usb, const struct zd_ioreq16 *ioreqs,
1962                        unsigned int count)
1963{
1964        int r;
1965
1966        zd_usb_iowrite16v_async_start(usb);
1967        r = zd_usb_iowrite16v_async(usb, ioreqs, count);
1968        if (r) {
1969                zd_usb_iowrite16v_async_end(usb, 0);
1970                return r;
1971        }
1972        return zd_usb_iowrite16v_async_end(usb, 50 /* ms */);
1973}
1974
1975int zd_usb_rfwrite(struct zd_usb *usb, u32 value, u8 bits)
1976{
1977        int r;
1978        struct usb_device *udev;
1979        struct usb_req_rfwrite *req = NULL;
1980        int i, req_len, actual_req_len;
1981        u16 bit_value_template;
1982
1983        if (in_atomic()) {
1984                dev_dbg_f(zd_usb_dev(usb),
1985                        "error: io in atomic context not supported\n");
1986                return -EWOULDBLOCK;
1987        }
1988        if (bits < USB_MIN_RFWRITE_BIT_COUNT) {
1989                dev_dbg_f(zd_usb_dev(usb),
1990                        "error: bits %d are smaller than"
1991                        " USB_MIN_RFWRITE_BIT_COUNT %d\n",
1992                        bits, USB_MIN_RFWRITE_BIT_COUNT);
1993                return -EINVAL;
1994        }
1995        if (bits > USB_MAX_RFWRITE_BIT_COUNT) {
1996                dev_dbg_f(zd_usb_dev(usb),
1997                        "error: bits %d exceed USB_MAX_RFWRITE_BIT_COUNT %d\n",
1998                        bits, USB_MAX_RFWRITE_BIT_COUNT);
1999                return -EINVAL;
2000        }
2001#ifdef DEBUG
2002        if (value & (~0UL << bits)) {
2003                dev_dbg_f(zd_usb_dev(usb),
2004                        "error: value %#09x has bits >= %d set\n",
2005                        value, bits);
2006                return -EINVAL;
2007        }
2008#endif /* DEBUG */
2009
2010        dev_dbg_f(zd_usb_dev(usb), "value %#09x bits %d\n", value, bits);
2011
2012        r = zd_usb_ioread16(usb, &bit_value_template, ZD_CR203);
2013        if (r) {
2014                dev_dbg_f(zd_usb_dev(usb),
2015                        "error %d: Couldn't read ZD_CR203\n", r);
2016                return r;
2017        }
2018        bit_value_template &= ~(RF_IF_LE|RF_CLK|RF_DATA);
2019
2020        ZD_ASSERT(mutex_is_locked(&zd_usb_to_chip(usb)->mutex));
2021        BUILD_BUG_ON(sizeof(struct usb_req_rfwrite) +
2022                     USB_MAX_RFWRITE_BIT_COUNT * sizeof(__le16) >
2023                     sizeof(usb->req_buf));
2024        BUG_ON(sizeof(struct usb_req_rfwrite) + bits * sizeof(__le16) >
2025               sizeof(usb->req_buf));
2026
2027        req_len = sizeof(struct usb_req_rfwrite) + bits * sizeof(__le16);
2028        req = (void *)usb->req_buf;
2029
2030        req->id = cpu_to_le16(USB_REQ_WRITE_RF);
2031        /* 1: 3683a, but not used in ZYDAS driver */
2032        req->value = cpu_to_le16(2);
2033        req->bits = cpu_to_le16(bits);
2034
2035        for (i = 0; i < bits; i++) {
2036                u16 bv = bit_value_template;
2037                if (value & (1 << (bits-1-i)))
2038                        bv |= RF_DATA;
2039                req->bit_values[i] = cpu_to_le16(bv);
2040        }
2041
2042        udev = zd_usb_to_usbdev(usb);
2043        r = zd_ep_regs_out_msg(udev, req, req_len, &actual_req_len, 50 /*ms*/);
2044        if (r) {
2045                dev_dbg_f(zd_usb_dev(usb),
2046                        "error in zd_ep_regs_out_msg(). Error number %d\n", r);
2047                goto out;
2048        }
2049        if (req_len != actual_req_len) {
2050                dev_dbg_f(zd_usb_dev(usb), "error in zd_ep_regs_out_msg()"
2051                        " req_len %d != actual_req_len %d\n",
2052                        req_len, actual_req_len);
2053                r = -EIO;
2054                goto out;
2055        }
2056
2057        /* FALL-THROUGH with r == 0 */
2058out:
2059        return r;
2060}
2061