cachepc-linux

Fork of AMDESE/linux with modifications for CachePC side-channel attack
git clone https://git.sinitax.com/sinitax/cachepc-linux
Log | Files | Refs | README | LICENSE | sfeed.txt

hfa384x_usb.c (104372B)


      1// SPDX-License-Identifier: (GPL-2.0 OR MPL-1.1)
      2/*
      3 *
      4 * Functions that talk to the USB variant of the Intersil hfa384x MAC
      5 *
      6 * Copyright (C) 1999 AbsoluteValue Systems, Inc.  All Rights Reserved.
      7 * --------------------------------------------------------------------
      8 *
      9 * linux-wlan
     10 *
     11 *   The contents of this file are subject to the Mozilla Public
     12 *   License Version 1.1 (the "License"); you may not use this file
     13 *   except in compliance with the License. You may obtain a copy of
     14 *   the License at http://www.mozilla.org/MPL/
     15 *
     16 *   Software distributed under the License is distributed on an "AS
     17 *   IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
     18 *   implied. See the License for the specific language governing
     19 *   rights and limitations under the License.
     20 *
     21 *   Alternatively, the contents of this file may be used under the
     22 *   terms of the GNU Public License version 2 (the "GPL"), in which
     23 *   case the provisions of the GPL are applicable instead of the
     24 *   above.  If you wish to allow the use of your version of this file
     25 *   only under the terms of the GPL and not to allow others to use
     26 *   your version of this file under the MPL, indicate your decision
     27 *   by deleting the provisions above and replace them with the notice
     28 *   and other provisions required by the GPL.  If you do not delete
     29 *   the provisions above, a recipient may use your version of this
     30 *   file under either the MPL or the GPL.
     31 *
     32 * --------------------------------------------------------------------
     33 *
     34 * Inquiries regarding the linux-wlan Open Source project can be
     35 * made directly to:
     36 *
     37 * AbsoluteValue Systems Inc.
     38 * info@linux-wlan.com
     39 * http://www.linux-wlan.com
     40 *
     41 * --------------------------------------------------------------------
     42 *
     43 * Portions of the development of this software were funded by
     44 * Intersil Corporation as part of PRISM(R) chipset product development.
     45 *
     46 * --------------------------------------------------------------------
     47 *
     48 * This file implements functions that correspond to the prism2/hfa384x
     49 * 802.11 MAC hardware and firmware host interface.
     50 *
     51 * The functions can be considered to represent several levels of
     52 * abstraction.  The lowest level functions are simply C-callable wrappers
     53 * around the register accesses.  The next higher level represents C-callable
     54 * prism2 API functions that match the Intersil documentation as closely
     55 * as is reasonable.  The next higher layer implements common sequences
     56 * of invocations of the API layer (e.g. write to bap, followed by cmd).
     57 *
     58 * Common sequences:
     59 * hfa384x_drvr_xxx	Highest level abstractions provided by the
     60 *			hfa384x code.  They are driver defined wrappers
     61 *			for common sequences.  These functions generally
     62 *			use the services of the lower levels.
     63 *
     64 * hfa384x_drvr_xxxconfig  An example of the drvr level abstraction. These
     65 *			functions are wrappers for the RID get/set
     66 *			sequence. They call copy_[to|from]_bap() and
     67 *			cmd_access(). These functions operate on the
     68 *			RIDs and buffers without validation. The caller
     69 *			is responsible for that.
     70 *
     71 * API wrapper functions:
     72 * hfa384x_cmd_xxx	functions that provide access to the f/w commands.
     73 *			The function arguments correspond to each command
     74 *			argument, even command arguments that get packed
     75 *			into single registers.  These functions _just_
     76 *			issue the command by setting the cmd/parm regs
     77 *			& reading the status/resp regs.  Additional
     78 *			activities required to fully use a command
     79 *			(read/write from/to bap, get/set int status etc.)
     80 *			are implemented separately.  Think of these as
     81 *			C-callable prism2 commands.
     82 *
     83 * Lowest Layer Functions:
     84 * hfa384x_docmd_xxx	These functions implement the sequence required
     85 *			to issue any prism2 command.  Primarily used by the
     86 *			hfa384x_cmd_xxx functions.
     87 *
     88 * hfa384x_bap_xxx	BAP read/write access functions.
     89 *			Note: we usually use BAP0 for non-interrupt context
     90 *			 and BAP1 for interrupt context.
     91 *
     92 * hfa384x_dl_xxx	download related functions.
     93 *
     94 * Driver State Issues:
     95 * Note that there are two pairs of functions that manage the
     96 * 'initialized' and 'running' states of the hw/MAC combo.  The four
     97 * functions are create(), destroy(), start(), and stop().  create()
     98 * sets up the data structures required to support the hfa384x_*
     99 * functions and destroy() cleans them up.  The start() function gets
    100 * the actual hardware running and enables the interrupts.  The stop()
    101 * function shuts the hardware down.  The sequence should be:
    102 * create()
    103 * start()
    104 *  .
    105 *  .  Do interesting things w/ the hardware
    106 *  .
    107 * stop()
    108 * destroy()
    109 *
    110 * Note that destroy() can be called without calling stop() first.
    111 * --------------------------------------------------------------------
    112 */
    113
    114#include <linux/module.h>
    115#include <linux/kernel.h>
    116#include <linux/sched.h>
    117#include <linux/types.h>
    118#include <linux/slab.h>
    119#include <linux/wireless.h>
    120#include <linux/netdevice.h>
    121#include <linux/timer.h>
    122#include <linux/io.h>
    123#include <linux/delay.h>
    124#include <asm/byteorder.h>
    125#include <linux/bitops.h>
    126#include <linux/list.h>
    127#include <linux/usb.h>
    128#include <linux/byteorder/generic.h>
    129
    130#include "p80211types.h"
    131#include "p80211hdr.h"
    132#include "p80211mgmt.h"
    133#include "p80211conv.h"
    134#include "p80211msg.h"
    135#include "p80211netdev.h"
    136#include "p80211req.h"
    137#include "p80211metadef.h"
    138#include "p80211metastruct.h"
    139#include "hfa384x.h"
    140#include "prism2mgmt.h"
    141
    142enum cmd_mode {
    143	DOWAIT = 0,
    144	DOASYNC
    145};
    146
    147#define THROTTLE_JIFFIES	(HZ / 8)
    148#define URB_ASYNC_UNLINK 0
    149#define USB_QUEUE_BULK 0
    150
    151#define ROUNDUP64(a) (((a) + 63) & ~63)
    152
    153#ifdef DEBUG_USB
    154static void dbprint_urb(struct urb *urb);
    155#endif
    156
    157static void hfa384x_int_rxmonitor(struct wlandevice *wlandev,
    158				  struct hfa384x_usb_rxfrm *rxfrm);
    159
    160static void hfa384x_usb_defer(struct work_struct *data);
    161
    162static int submit_rx_urb(struct hfa384x *hw, gfp_t flags);
    163
    164static int submit_tx_urb(struct hfa384x *hw, struct urb *tx_urb, gfp_t flags);
    165
    166/*---------------------------------------------------*/
    167/* Callbacks */
    168static void hfa384x_usbout_callback(struct urb *urb);
    169static void hfa384x_ctlxout_callback(struct urb *urb);
    170static void hfa384x_usbin_callback(struct urb *urb);
    171
    172static void
    173hfa384x_usbin_txcompl(struct wlandevice *wlandev, union hfa384x_usbin *usbin);
    174
    175static void hfa384x_usbin_rx(struct wlandevice *wlandev, struct sk_buff *skb);
    176
    177static void hfa384x_usbin_info(struct wlandevice *wlandev,
    178			       union hfa384x_usbin *usbin);
    179
    180static void hfa384x_usbin_ctlx(struct hfa384x *hw, union hfa384x_usbin *usbin,
    181			       int urb_status);
    182
    183/*---------------------------------------------------*/
    184/* Functions to support the prism2 usb command queue */
    185
    186static void hfa384x_usbctlxq_run(struct hfa384x *hw);
    187
    188static void hfa384x_usbctlx_reqtimerfn(struct timer_list *t);
    189
    190static void hfa384x_usbctlx_resptimerfn(struct timer_list *t);
    191
    192static void hfa384x_usb_throttlefn(struct timer_list *t);
    193
    194static void hfa384x_usbctlx_completion_task(struct work_struct *work);
    195
    196static void hfa384x_usbctlx_reaper_task(struct work_struct *work);
    197
    198static int hfa384x_usbctlx_submit(struct hfa384x *hw,
    199				  struct hfa384x_usbctlx *ctlx);
    200
    201static void unlocked_usbctlx_complete(struct hfa384x *hw,
    202				      struct hfa384x_usbctlx *ctlx);
    203
    204struct usbctlx_completor {
    205	int (*complete)(struct usbctlx_completor *completor);
    206};
    207
    208static int
    209hfa384x_usbctlx_complete_sync(struct hfa384x *hw,
    210			      struct hfa384x_usbctlx *ctlx,
    211			      struct usbctlx_completor *completor);
    212
    213static int
    214unlocked_usbctlx_cancel_async(struct hfa384x *hw, struct hfa384x_usbctlx *ctlx);
    215
    216static void hfa384x_cb_status(struct hfa384x *hw,
    217			      const struct hfa384x_usbctlx *ctlx);
    218
    219static int
    220usbctlx_get_status(const struct hfa384x_usb_statusresp *cmdresp,
    221		   struct hfa384x_cmdresult *result);
    222
    223static void
    224usbctlx_get_rridresult(const struct hfa384x_usb_rridresp *rridresp,
    225		       struct hfa384x_rridresult *result);
    226
    227/*---------------------------------------------------*/
    228/* Low level req/resp CTLX formatters and submitters */
    229static inline int
    230hfa384x_docmd(struct hfa384x *hw,
    231	      struct hfa384x_metacmd *cmd);
    232
    233static int
    234hfa384x_dorrid(struct hfa384x *hw,
    235	       enum cmd_mode mode,
    236	       u16 rid,
    237	       void *riddata,
    238	       unsigned int riddatalen,
    239	       ctlx_cmdcb_t cmdcb, ctlx_usercb_t usercb, void *usercb_data);
    240
    241static int
    242hfa384x_dowrid(struct hfa384x *hw,
    243	       enum cmd_mode mode,
    244	       u16 rid,
    245	       void *riddata,
    246	       unsigned int riddatalen,
    247	       ctlx_cmdcb_t cmdcb, ctlx_usercb_t usercb, void *usercb_data);
    248
    249static int
    250hfa384x_dormem(struct hfa384x *hw,
    251	       u16 page,
    252	       u16 offset,
    253	       void *data,
    254	       unsigned int len);
    255
    256static int
    257hfa384x_dowmem(struct hfa384x *hw,
    258	       u16 page,
    259	       u16 offset,
    260	       void *data,
    261	       unsigned int len);
    262
    263static int hfa384x_isgood_pdrcode(u16 pdrcode);
    264
    265static inline const char *ctlxstr(enum ctlx_state s)
    266{
    267	static const char * const ctlx_str[] = {
    268		"Initial state",
    269		"Complete",
    270		"Request failed",
    271		"Request pending",
    272		"Request packet submitted",
    273		"Request packet completed",
    274		"Response packet completed"
    275	};
    276
    277	return ctlx_str[s];
    278};
    279
    280static inline struct hfa384x_usbctlx *get_active_ctlx(struct hfa384x *hw)
    281{
    282	return list_entry(hw->ctlxq.active.next, struct hfa384x_usbctlx, list);
    283}
    284
    285#ifdef DEBUG_USB
    286void dbprint_urb(struct urb *urb)
    287{
    288	pr_debug("urb->pipe=0x%08x\n", urb->pipe);
    289	pr_debug("urb->status=0x%08x\n", urb->status);
    290	pr_debug("urb->transfer_flags=0x%08x\n", urb->transfer_flags);
    291	pr_debug("urb->transfer_buffer=0x%08x\n",
    292		 (unsigned int)urb->transfer_buffer);
    293	pr_debug("urb->transfer_buffer_length=0x%08x\n",
    294		 urb->transfer_buffer_length);
    295	pr_debug("urb->actual_length=0x%08x\n", urb->actual_length);
    296	pr_debug("urb->setup_packet(ctl)=0x%08x\n",
    297		 (unsigned int)urb->setup_packet);
    298	pr_debug("urb->start_frame(iso/irq)=0x%08x\n", urb->start_frame);
    299	pr_debug("urb->interval(irq)=0x%08x\n", urb->interval);
    300	pr_debug("urb->error_count(iso)=0x%08x\n", urb->error_count);
    301	pr_debug("urb->context=0x%08x\n", (unsigned int)urb->context);
    302	pr_debug("urb->complete=0x%08x\n", (unsigned int)urb->complete);
    303}
    304#endif
    305
    306/*----------------------------------------------------------------
    307 * submit_rx_urb
    308 *
    309 * Listen for input data on the BULK-IN pipe. If the pipe has
    310 * stalled then schedule it to be reset.
    311 *
    312 * Arguments:
    313 *	hw		device struct
    314 *	memflags	memory allocation flags
    315 *
    316 * Returns:
    317 *	error code from submission
    318 *
    319 * Call context:
    320 *	Any
    321 *----------------------------------------------------------------
    322 */
    323static int submit_rx_urb(struct hfa384x *hw, gfp_t memflags)
    324{
    325	struct sk_buff *skb;
    326	int result;
    327
    328	skb = dev_alloc_skb(sizeof(union hfa384x_usbin));
    329	if (!skb) {
    330		result = -ENOMEM;
    331		goto done;
    332	}
    333
    334	/* Post the IN urb */
    335	usb_fill_bulk_urb(&hw->rx_urb, hw->usb,
    336			  hw->endp_in,
    337			  skb->data, sizeof(union hfa384x_usbin),
    338			  hfa384x_usbin_callback, hw->wlandev);
    339
    340	hw->rx_urb_skb = skb;
    341
    342	result = -ENOLINK;
    343	if (!hw->wlandev->hwremoved &&
    344	    !test_bit(WORK_RX_HALT, &hw->usb_flags)) {
    345		result = usb_submit_urb(&hw->rx_urb, memflags);
    346
    347		/* Check whether we need to reset the RX pipe */
    348		if (result == -EPIPE) {
    349			netdev_warn(hw->wlandev->netdev,
    350				    "%s rx pipe stalled: requesting reset\n",
    351				    hw->wlandev->netdev->name);
    352			if (!test_and_set_bit(WORK_RX_HALT, &hw->usb_flags))
    353				schedule_work(&hw->usb_work);
    354		}
    355	}
    356
    357	/* Don't leak memory if anything should go wrong */
    358	if (result != 0) {
    359		dev_kfree_skb(skb);
    360		hw->rx_urb_skb = NULL;
    361	}
    362
    363done:
    364	return result;
    365}
    366
    367/*----------------------------------------------------------------
    368 * submit_tx_urb
    369 *
    370 * Prepares and submits the URB of transmitted data. If the
    371 * submission fails then it will schedule the output pipe to
    372 * be reset.
    373 *
    374 * Arguments:
    375 *	hw		device struct
    376 *	tx_urb		URB of data for transmission
    377 *	memflags	memory allocation flags
    378 *
    379 * Returns:
    380 *	error code from submission
    381 *
    382 * Call context:
    383 *	Any
    384 *----------------------------------------------------------------
    385 */
    386static int submit_tx_urb(struct hfa384x *hw, struct urb *tx_urb, gfp_t memflags)
    387{
    388	struct net_device *netdev = hw->wlandev->netdev;
    389	int result;
    390
    391	result = -ENOLINK;
    392	if (netif_running(netdev)) {
    393		if (!hw->wlandev->hwremoved &&
    394		    !test_bit(WORK_TX_HALT, &hw->usb_flags)) {
    395			result = usb_submit_urb(tx_urb, memflags);
    396
    397			/* Test whether we need to reset the TX pipe */
    398			if (result == -EPIPE) {
    399				netdev_warn(hw->wlandev->netdev,
    400					    "%s tx pipe stalled: requesting reset\n",
    401					    netdev->name);
    402				set_bit(WORK_TX_HALT, &hw->usb_flags);
    403				schedule_work(&hw->usb_work);
    404			} else if (result == 0) {
    405				netif_stop_queue(netdev);
    406			}
    407		}
    408	}
    409
    410	return result;
    411}
    412
    413/*----------------------------------------------------------------
    414 * hfa394x_usb_defer
    415 *
    416 * There are some things that the USB stack cannot do while
    417 * in interrupt context, so we arrange this function to run
    418 * in process context.
    419 *
    420 * Arguments:
    421 *	hw	device structure
    422 *
    423 * Returns:
    424 *	nothing
    425 *
    426 * Call context:
    427 *	process (by design)
    428 *----------------------------------------------------------------
    429 */
    430static void hfa384x_usb_defer(struct work_struct *data)
    431{
    432	struct hfa384x *hw = container_of(data, struct hfa384x, usb_work);
    433	struct net_device *netdev = hw->wlandev->netdev;
    434
    435	/* Don't bother trying to reset anything if the plug
    436	 * has been pulled ...
    437	 */
    438	if (hw->wlandev->hwremoved)
    439		return;
    440
    441	/* Reception has stopped: try to reset the input pipe */
    442	if (test_bit(WORK_RX_HALT, &hw->usb_flags)) {
    443		int ret;
    444
    445		usb_kill_urb(&hw->rx_urb); /* Cannot be holding spinlock! */
    446
    447		ret = usb_clear_halt(hw->usb, hw->endp_in);
    448		if (ret != 0) {
    449			netdev_err(hw->wlandev->netdev,
    450				   "Failed to clear rx pipe for %s: err=%d\n",
    451				   netdev->name, ret);
    452		} else {
    453			netdev_info(hw->wlandev->netdev, "%s rx pipe reset complete.\n",
    454				    netdev->name);
    455			clear_bit(WORK_RX_HALT, &hw->usb_flags);
    456			set_bit(WORK_RX_RESUME, &hw->usb_flags);
    457		}
    458	}
    459
    460	/* Resume receiving data back from the device. */
    461	if (test_bit(WORK_RX_RESUME, &hw->usb_flags)) {
    462		int ret;
    463
    464		ret = submit_rx_urb(hw, GFP_KERNEL);
    465		if (ret != 0) {
    466			netdev_err(hw->wlandev->netdev,
    467				   "Failed to resume %s rx pipe.\n",
    468				   netdev->name);
    469		} else {
    470			clear_bit(WORK_RX_RESUME, &hw->usb_flags);
    471		}
    472	}
    473
    474	/* Transmission has stopped: try to reset the output pipe */
    475	if (test_bit(WORK_TX_HALT, &hw->usb_flags)) {
    476		int ret;
    477
    478		usb_kill_urb(&hw->tx_urb);
    479		ret = usb_clear_halt(hw->usb, hw->endp_out);
    480		if (ret != 0) {
    481			netdev_err(hw->wlandev->netdev,
    482				   "Failed to clear tx pipe for %s: err=%d\n",
    483				   netdev->name, ret);
    484		} else {
    485			netdev_info(hw->wlandev->netdev, "%s tx pipe reset complete.\n",
    486				    netdev->name);
    487			clear_bit(WORK_TX_HALT, &hw->usb_flags);
    488			set_bit(WORK_TX_RESUME, &hw->usb_flags);
    489
    490			/* Stopping the BULK-OUT pipe also blocked
    491			 * us from sending any more CTLX URBs, so
    492			 * we need to re-run our queue ...
    493			 */
    494			hfa384x_usbctlxq_run(hw);
    495		}
    496	}
    497
    498	/* Resume transmitting. */
    499	if (test_and_clear_bit(WORK_TX_RESUME, &hw->usb_flags))
    500		netif_wake_queue(hw->wlandev->netdev);
    501}
    502
    503/*----------------------------------------------------------------
    504 * hfa384x_create
    505 *
    506 * Sets up the struct hfa384x data structure for use.  Note this
    507 * does _not_ initialize the actual hardware, just the data structures
    508 * we use to keep track of its state.
    509 *
    510 * Arguments:
    511 *	hw		device structure
    512 *	irq		device irq number
    513 *	iobase		i/o base address for register access
    514 *	membase		memory base address for register access
    515 *
    516 * Returns:
    517 *	nothing
    518 *
    519 * Side effects:
    520 *
    521 * Call context:
    522 *	process
    523 *----------------------------------------------------------------
    524 */
    525void hfa384x_create(struct hfa384x *hw, struct usb_device *usb)
    526{
    527	hw->usb = usb;
    528
    529	/* Set up the waitq */
    530	init_waitqueue_head(&hw->cmdq);
    531
    532	/* Initialize the command queue */
    533	spin_lock_init(&hw->ctlxq.lock);
    534	INIT_LIST_HEAD(&hw->ctlxq.pending);
    535	INIT_LIST_HEAD(&hw->ctlxq.active);
    536	INIT_LIST_HEAD(&hw->ctlxq.completing);
    537	INIT_LIST_HEAD(&hw->ctlxq.reapable);
    538
    539	/* Initialize the authentication queue */
    540	skb_queue_head_init(&hw->authq);
    541
    542	INIT_WORK(&hw->reaper_bh, hfa384x_usbctlx_reaper_task);
    543	INIT_WORK(&hw->completion_bh, hfa384x_usbctlx_completion_task);
    544	INIT_WORK(&hw->link_bh, prism2sta_processing_defer);
    545	INIT_WORK(&hw->usb_work, hfa384x_usb_defer);
    546
    547	timer_setup(&hw->throttle, hfa384x_usb_throttlefn, 0);
    548
    549	timer_setup(&hw->resptimer, hfa384x_usbctlx_resptimerfn, 0);
    550
    551	timer_setup(&hw->reqtimer, hfa384x_usbctlx_reqtimerfn, 0);
    552
    553	usb_init_urb(&hw->rx_urb);
    554	usb_init_urb(&hw->tx_urb);
    555	usb_init_urb(&hw->ctlx_urb);
    556
    557	hw->link_status = HFA384x_LINK_NOTCONNECTED;
    558	hw->state = HFA384x_STATE_INIT;
    559
    560	INIT_WORK(&hw->commsqual_bh, prism2sta_commsqual_defer);
    561	timer_setup(&hw->commsqual_timer, prism2sta_commsqual_timer, 0);
    562}
    563
    564/*----------------------------------------------------------------
    565 * hfa384x_destroy
    566 *
    567 * Partner to hfa384x_create().  This function cleans up the hw
    568 * structure so that it can be freed by the caller using a simple
    569 * kfree.  Currently, this function is just a placeholder.  If, at some
    570 * point in the future, an hw in the 'shutdown' state requires a 'deep'
    571 * kfree, this is where it should be done.  Note that if this function
    572 * is called on a _running_ hw structure, the drvr_stop() function is
    573 * called.
    574 *
    575 * Arguments:
    576 *	hw		device structure
    577 *
    578 * Returns:
    579 *	nothing, this function is not allowed to fail.
    580 *
    581 * Side effects:
    582 *
    583 * Call context:
    584 *	process
    585 *----------------------------------------------------------------
    586 */
    587void hfa384x_destroy(struct hfa384x *hw)
    588{
    589	struct sk_buff *skb;
    590
    591	if (hw->state == HFA384x_STATE_RUNNING)
    592		hfa384x_drvr_stop(hw);
    593	hw->state = HFA384x_STATE_PREINIT;
    594
    595	kfree(hw->scanresults);
    596	hw->scanresults = NULL;
    597
    598	/* Now to clean out the auth queue */
    599	while ((skb = skb_dequeue(&hw->authq)))
    600		dev_kfree_skb(skb);
    601}
    602
    603static struct hfa384x_usbctlx *usbctlx_alloc(void)
    604{
    605	struct hfa384x_usbctlx *ctlx;
    606
    607	ctlx = kzalloc(sizeof(*ctlx),
    608		       in_interrupt() ? GFP_ATOMIC : GFP_KERNEL);
    609	if (ctlx)
    610		init_completion(&ctlx->done);
    611
    612	return ctlx;
    613}
    614
    615static int
    616usbctlx_get_status(const struct hfa384x_usb_statusresp *cmdresp,
    617		   struct hfa384x_cmdresult *result)
    618{
    619	result->status = le16_to_cpu(cmdresp->status);
    620	result->resp0 = le16_to_cpu(cmdresp->resp0);
    621	result->resp1 = le16_to_cpu(cmdresp->resp1);
    622	result->resp2 = le16_to_cpu(cmdresp->resp2);
    623
    624	pr_debug("cmdresult:status=0x%04x resp0=0x%04x resp1=0x%04x resp2=0x%04x\n",
    625		 result->status, result->resp0, result->resp1, result->resp2);
    626
    627	return result->status & HFA384x_STATUS_RESULT;
    628}
    629
    630static void
    631usbctlx_get_rridresult(const struct hfa384x_usb_rridresp *rridresp,
    632		       struct hfa384x_rridresult *result)
    633{
    634	result->rid = le16_to_cpu(rridresp->rid);
    635	result->riddata = rridresp->data;
    636	result->riddata_len = ((le16_to_cpu(rridresp->frmlen) - 1) * 2);
    637}
    638
    639/*----------------------------------------------------------------
    640 * Completor object:
    641 * This completor must be passed to hfa384x_usbctlx_complete_sync()
    642 * when processing a CTLX that returns a struct hfa384x_cmdresult structure.
    643 *----------------------------------------------------------------
    644 */
    645struct usbctlx_cmd_completor {
    646	struct usbctlx_completor head;
    647
    648	const struct hfa384x_usb_statusresp *cmdresp;
    649	struct hfa384x_cmdresult *result;
    650};
    651
    652static inline int usbctlx_cmd_completor_fn(struct usbctlx_completor *head)
    653{
    654	struct usbctlx_cmd_completor *complete;
    655
    656	complete = (struct usbctlx_cmd_completor *)head;
    657	return usbctlx_get_status(complete->cmdresp, complete->result);
    658}
    659
    660static inline struct usbctlx_completor *
    661init_cmd_completor(struct usbctlx_cmd_completor *completor,
    662		   const struct hfa384x_usb_statusresp *cmdresp,
    663		   struct hfa384x_cmdresult *result)
    664{
    665	completor->head.complete = usbctlx_cmd_completor_fn;
    666	completor->cmdresp = cmdresp;
    667	completor->result = result;
    668	return &completor->head;
    669}
    670
    671/*----------------------------------------------------------------
    672 * Completor object:
    673 * This completor must be passed to hfa384x_usbctlx_complete_sync()
    674 * when processing a CTLX that reads a RID.
    675 *----------------------------------------------------------------
    676 */
    677struct usbctlx_rrid_completor {
    678	struct usbctlx_completor head;
    679
    680	const struct hfa384x_usb_rridresp *rridresp;
    681	void *riddata;
    682	unsigned int riddatalen;
    683};
    684
    685static int usbctlx_rrid_completor_fn(struct usbctlx_completor *head)
    686{
    687	struct usbctlx_rrid_completor *complete;
    688	struct hfa384x_rridresult rridresult;
    689
    690	complete = (struct usbctlx_rrid_completor *)head;
    691	usbctlx_get_rridresult(complete->rridresp, &rridresult);
    692
    693	/* Validate the length, note body len calculation in bytes */
    694	if (rridresult.riddata_len != complete->riddatalen) {
    695		pr_warn("RID len mismatch, rid=0x%04x hlen=%d fwlen=%d\n",
    696			rridresult.rid,
    697			complete->riddatalen, rridresult.riddata_len);
    698		return -ENODATA;
    699	}
    700
    701	memcpy(complete->riddata, rridresult.riddata, complete->riddatalen);
    702	return 0;
    703}
    704
    705static inline struct usbctlx_completor *
    706init_rrid_completor(struct usbctlx_rrid_completor *completor,
    707		    const struct hfa384x_usb_rridresp *rridresp,
    708		    void *riddata,
    709		    unsigned int riddatalen)
    710{
    711	completor->head.complete = usbctlx_rrid_completor_fn;
    712	completor->rridresp = rridresp;
    713	completor->riddata = riddata;
    714	completor->riddatalen = riddatalen;
    715	return &completor->head;
    716}
    717
    718/*----------------------------------------------------------------
    719 * Completor object:
    720 * Interprets the results of a synchronous RID-write
    721 *----------------------------------------------------------------
    722 */
    723#define init_wrid_completor  init_cmd_completor
    724
    725/*----------------------------------------------------------------
    726 * Completor object:
    727 * Interprets the results of a synchronous memory-write
    728 *----------------------------------------------------------------
    729 */
    730#define init_wmem_completor  init_cmd_completor
    731
    732/*----------------------------------------------------------------
    733 * Completor object:
    734 * Interprets the results of a synchronous memory-read
    735 *----------------------------------------------------------------
    736 */
    737struct usbctlx_rmem_completor {
    738	struct usbctlx_completor head;
    739
    740	const struct hfa384x_usb_rmemresp *rmemresp;
    741	void *data;
    742	unsigned int len;
    743};
    744
    745static int usbctlx_rmem_completor_fn(struct usbctlx_completor *head)
    746{
    747	struct usbctlx_rmem_completor *complete =
    748		(struct usbctlx_rmem_completor *)head;
    749
    750	pr_debug("rmemresp:len=%d\n", complete->rmemresp->frmlen);
    751	memcpy(complete->data, complete->rmemresp->data, complete->len);
    752	return 0;
    753}
    754
    755static inline struct usbctlx_completor *
    756init_rmem_completor(struct usbctlx_rmem_completor *completor,
    757		    struct hfa384x_usb_rmemresp *rmemresp,
    758		    void *data,
    759		    unsigned int len)
    760{
    761	completor->head.complete = usbctlx_rmem_completor_fn;
    762	completor->rmemresp = rmemresp;
    763	completor->data = data;
    764	completor->len = len;
    765	return &completor->head;
    766}
    767
    768/*----------------------------------------------------------------
    769 * hfa384x_cb_status
    770 *
    771 * Ctlx_complete handler for async CMD type control exchanges.
    772 * mark the hw struct as such.
    773 *
    774 * Note: If the handling is changed here, it should probably be
    775 *       changed in docmd as well.
    776 *
    777 * Arguments:
    778 *	hw		hw struct
    779 *	ctlx		completed CTLX
    780 *
    781 * Returns:
    782 *	nothing
    783 *
    784 * Side effects:
    785 *
    786 * Call context:
    787 *	interrupt
    788 *----------------------------------------------------------------
    789 */
    790static void hfa384x_cb_status(struct hfa384x *hw,
    791			      const struct hfa384x_usbctlx *ctlx)
    792{
    793	if (ctlx->usercb) {
    794		struct hfa384x_cmdresult cmdresult;
    795
    796		if (ctlx->state != CTLX_COMPLETE) {
    797			memset(&cmdresult, 0, sizeof(cmdresult));
    798			cmdresult.status =
    799			    HFA384x_STATUS_RESULT_SET(HFA384x_CMD_ERR);
    800		} else {
    801			usbctlx_get_status(&ctlx->inbuf.cmdresp, &cmdresult);
    802		}
    803
    804		ctlx->usercb(hw, &cmdresult, ctlx->usercb_data);
    805	}
    806}
    807
    808/*----------------------------------------------------------------
    809 * hfa384x_cmd_initialize
    810 *
    811 * Issues the initialize command and sets the hw->state based
    812 * on the result.
    813 *
    814 * Arguments:
    815 *	hw		device structure
    816 *
    817 * Returns:
    818 *	0		success
    819 *	>0		f/w reported error - f/w status code
    820 *	<0		driver reported error
    821 *
    822 * Side effects:
    823 *
    824 * Call context:
    825 *	process
    826 *----------------------------------------------------------------
    827 */
    828int hfa384x_cmd_initialize(struct hfa384x *hw)
    829{
    830	int result = 0;
    831	int i;
    832	struct hfa384x_metacmd cmd;
    833
    834	cmd.cmd = HFA384x_CMDCODE_INIT;
    835	cmd.parm0 = 0;
    836	cmd.parm1 = 0;
    837	cmd.parm2 = 0;
    838
    839	result = hfa384x_docmd(hw, &cmd);
    840
    841	pr_debug("cmdresp.init: status=0x%04x, resp0=0x%04x, resp1=0x%04x, resp2=0x%04x\n",
    842		 cmd.result.status,
    843		 cmd.result.resp0, cmd.result.resp1, cmd.result.resp2);
    844	if (result == 0) {
    845		for (i = 0; i < HFA384x_NUMPORTS_MAX; i++)
    846			hw->port_enabled[i] = 0;
    847	}
    848
    849	hw->link_status = HFA384x_LINK_NOTCONNECTED;
    850
    851	return result;
    852}
    853
    854/*----------------------------------------------------------------
    855 * hfa384x_cmd_disable
    856 *
    857 * Issues the disable command to stop communications on one of
    858 * the MACs 'ports'.
    859 *
    860 * Arguments:
    861 *	hw		device structure
    862 *	macport		MAC port number (host order)
    863 *
    864 * Returns:
    865 *	0		success
    866 *	>0		f/w reported failure - f/w status code
    867 *	<0		driver reported error (timeout|bad arg)
    868 *
    869 * Side effects:
    870 *
    871 * Call context:
    872 *	process
    873 *----------------------------------------------------------------
    874 */
    875int hfa384x_cmd_disable(struct hfa384x *hw, u16 macport)
    876{
    877	struct hfa384x_metacmd cmd;
    878
    879	cmd.cmd = HFA384x_CMD_CMDCODE_SET(HFA384x_CMDCODE_DISABLE) |
    880	    HFA384x_CMD_MACPORT_SET(macport);
    881	cmd.parm0 = 0;
    882	cmd.parm1 = 0;
    883	cmd.parm2 = 0;
    884
    885	return hfa384x_docmd(hw, &cmd);
    886}
    887
    888/*----------------------------------------------------------------
    889 * hfa384x_cmd_enable
    890 *
    891 * Issues the enable command to enable communications on one of
    892 * the MACs 'ports'.
    893 *
    894 * Arguments:
    895 *	hw		device structure
    896 *	macport		MAC port number
    897 *
    898 * Returns:
    899 *	0		success
    900 *	>0		f/w reported failure - f/w status code
    901 *	<0		driver reported error (timeout|bad arg)
    902 *
    903 * Side effects:
    904 *
    905 * Call context:
    906 *	process
    907 *----------------------------------------------------------------
    908 */
    909int hfa384x_cmd_enable(struct hfa384x *hw, u16 macport)
    910{
    911	struct hfa384x_metacmd cmd;
    912
    913	cmd.cmd = HFA384x_CMD_CMDCODE_SET(HFA384x_CMDCODE_ENABLE) |
    914	    HFA384x_CMD_MACPORT_SET(macport);
    915	cmd.parm0 = 0;
    916	cmd.parm1 = 0;
    917	cmd.parm2 = 0;
    918
    919	return hfa384x_docmd(hw, &cmd);
    920}
    921
    922/*----------------------------------------------------------------
    923 * hfa384x_cmd_monitor
    924 *
    925 * Enables the 'monitor mode' of the MAC.  Here's the description of
    926 * monitor mode that I've received thus far:
    927 *
    928 *  "The "monitor mode" of operation is that the MAC passes all
    929 *  frames for which the PLCP checks are correct. All received
    930 *  MPDUs are passed to the host with MAC Port = 7, with a
    931 *  receive status of good, FCS error, or undecryptable. Passing
    932 *  certain MPDUs is a violation of the 802.11 standard, but useful
    933 *  for a debugging tool."  Normal communication is not possible
    934 *  while monitor mode is enabled.
    935 *
    936 * Arguments:
    937 *	hw		device structure
    938 *	enable		a code (0x0b|0x0f) that enables/disables
    939 *			monitor mode. (host order)
    940 *
    941 * Returns:
    942 *	0		success
    943 *	>0		f/w reported failure - f/w status code
    944 *	<0		driver reported error (timeout|bad arg)
    945 *
    946 * Side effects:
    947 *
    948 * Call context:
    949 *	process
    950 *----------------------------------------------------------------
    951 */
    952int hfa384x_cmd_monitor(struct hfa384x *hw, u16 enable)
    953{
    954	struct hfa384x_metacmd cmd;
    955
    956	cmd.cmd = HFA384x_CMD_CMDCODE_SET(HFA384x_CMDCODE_MONITOR) |
    957	    HFA384x_CMD_AINFO_SET(enable);
    958	cmd.parm0 = 0;
    959	cmd.parm1 = 0;
    960	cmd.parm2 = 0;
    961
    962	return hfa384x_docmd(hw, &cmd);
    963}
    964
    965/*----------------------------------------------------------------
    966 * hfa384x_cmd_download
    967 *
    968 * Sets the controls for the MAC controller code/data download
    969 * process.  The arguments set the mode and address associated
    970 * with a download.  Note that the aux registers should be enabled
    971 * prior to setting one of the download enable modes.
    972 *
    973 * Arguments:
    974 *	hw		device structure
    975 *	mode		0 - Disable programming and begin code exec
    976 *			1 - Enable volatile mem programming
    977 *			2 - Enable non-volatile mem programming
    978 *			3 - Program non-volatile section from NV download
    979 *			    buffer.
    980 *			(host order)
    981 *	lowaddr
    982 *	highaddr	For mode 1, sets the high & low order bits of
    983 *			the "destination address".  This address will be
    984 *			the execution start address when download is
    985 *			subsequently disabled.
    986 *			For mode 2, sets the high & low order bits of
    987 *			the destination in NV ram.
    988 *			For modes 0 & 3, should be zero. (host order)
    989 *			NOTE: these are CMD format.
    990 *	codelen		Length of the data to write in mode 2,
    991 *			zero otherwise. (host order)
    992 *
    993 * Returns:
    994 *	0		success
    995 *	>0		f/w reported failure - f/w status code
    996 *	<0		driver reported error (timeout|bad arg)
    997 *
    998 * Side effects:
    999 *
   1000 * Call context:
   1001 *	process
   1002 *----------------------------------------------------------------
   1003 */
   1004int hfa384x_cmd_download(struct hfa384x *hw, u16 mode, u16 lowaddr,
   1005			 u16 highaddr, u16 codelen)
   1006{
   1007	struct hfa384x_metacmd cmd;
   1008
   1009	pr_debug("mode=%d, lowaddr=0x%04x, highaddr=0x%04x, codelen=%d\n",
   1010		 mode, lowaddr, highaddr, codelen);
   1011
   1012	cmd.cmd = (HFA384x_CMD_CMDCODE_SET(HFA384x_CMDCODE_DOWNLD) |
   1013		   HFA384x_CMD_PROGMODE_SET(mode));
   1014
   1015	cmd.parm0 = lowaddr;
   1016	cmd.parm1 = highaddr;
   1017	cmd.parm2 = codelen;
   1018
   1019	return hfa384x_docmd(hw, &cmd);
   1020}
   1021
   1022/*----------------------------------------------------------------
   1023 * hfa384x_corereset
   1024 *
   1025 * Perform a reset of the hfa38xx MAC core.  We assume that the hw
   1026 * structure is in its "created" state.  That is, it is initialized
   1027 * with proper values.  Note that if a reset is done after the
   1028 * device has been active for awhile, the caller might have to clean
   1029 * up some leftover cruft in the hw structure.
   1030 *
   1031 * Arguments:
   1032 *	hw		device structure
   1033 *	holdtime	how long (in ms) to hold the reset
   1034 *	settletime	how long (in ms) to wait after releasing
   1035 *			the reset
   1036 *
   1037 * Returns:
   1038 *	nothing
   1039 *
   1040 * Side effects:
   1041 *
   1042 * Call context:
   1043 *	process
   1044 *----------------------------------------------------------------
   1045 */
   1046int hfa384x_corereset(struct hfa384x *hw, int holdtime,
   1047		      int settletime, int genesis)
   1048{
   1049	int result;
   1050
   1051	result = usb_reset_device(hw->usb);
   1052	if (result < 0) {
   1053		netdev_err(hw->wlandev->netdev, "usb_reset_device() failed, result=%d.\n",
   1054			   result);
   1055	}
   1056
   1057	return result;
   1058}
   1059
   1060/*----------------------------------------------------------------
   1061 * hfa384x_usbctlx_complete_sync
   1062 *
   1063 * Waits for a synchronous CTLX object to complete,
   1064 * and then handles the response.
   1065 *
   1066 * Arguments:
   1067 *	hw		device structure
   1068 *	ctlx		CTLX ptr
   1069 *	completor	functor object to decide what to
   1070 *			do with the CTLX's result.
   1071 *
   1072 * Returns:
   1073 *	0		Success
   1074 *	-ERESTARTSYS	Interrupted by a signal
   1075 *	-EIO		CTLX failed
   1076 *	-ENODEV		Adapter was unplugged
   1077 *	???		Result from completor
   1078 *
   1079 * Side effects:
   1080 *
   1081 * Call context:
   1082 *	process
   1083 *----------------------------------------------------------------
   1084 */
   1085static int hfa384x_usbctlx_complete_sync(struct hfa384x *hw,
   1086					 struct hfa384x_usbctlx *ctlx,
   1087					 struct usbctlx_completor *completor)
   1088{
   1089	unsigned long flags;
   1090	int result;
   1091
   1092	result = wait_for_completion_interruptible(&ctlx->done);
   1093
   1094	spin_lock_irqsave(&hw->ctlxq.lock, flags);
   1095
   1096	/*
   1097	 * We can only handle the CTLX if the USB disconnect
   1098	 * function has not run yet ...
   1099	 */
   1100cleanup:
   1101	if (hw->wlandev->hwremoved) {
   1102		spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
   1103		result = -ENODEV;
   1104	} else if (result != 0) {
   1105		int runqueue = 0;
   1106
   1107		/*
   1108		 * We were probably interrupted, so delete
   1109		 * this CTLX asynchronously, kill the timers
   1110		 * and the URB, and then start the next
   1111		 * pending CTLX.
   1112		 *
   1113		 * NOTE: We can only delete the timers and
   1114		 *       the URB if this CTLX is active.
   1115		 */
   1116		if (ctlx == get_active_ctlx(hw)) {
   1117			spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
   1118
   1119			del_singleshot_timer_sync(&hw->reqtimer);
   1120			del_singleshot_timer_sync(&hw->resptimer);
   1121			hw->req_timer_done = 1;
   1122			hw->resp_timer_done = 1;
   1123			usb_kill_urb(&hw->ctlx_urb);
   1124
   1125			spin_lock_irqsave(&hw->ctlxq.lock, flags);
   1126
   1127			runqueue = 1;
   1128
   1129			/*
   1130			 * This scenario is so unlikely that I'm
   1131			 * happy with a grubby "goto" solution ...
   1132			 */
   1133			if (hw->wlandev->hwremoved)
   1134				goto cleanup;
   1135		}
   1136
   1137		/*
   1138		 * The completion task will send this CTLX
   1139		 * to the reaper the next time it runs. We
   1140		 * are no longer in a hurry.
   1141		 */
   1142		ctlx->reapable = 1;
   1143		ctlx->state = CTLX_REQ_FAILED;
   1144		list_move_tail(&ctlx->list, &hw->ctlxq.completing);
   1145
   1146		spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
   1147
   1148		if (runqueue)
   1149			hfa384x_usbctlxq_run(hw);
   1150	} else {
   1151		if (ctlx->state == CTLX_COMPLETE) {
   1152			result = completor->complete(completor);
   1153		} else {
   1154			netdev_warn(hw->wlandev->netdev, "CTLX[%d] error: state(%s)\n",
   1155				    le16_to_cpu(ctlx->outbuf.type),
   1156				    ctlxstr(ctlx->state));
   1157			result = -EIO;
   1158		}
   1159
   1160		list_del(&ctlx->list);
   1161		spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
   1162		kfree(ctlx);
   1163	}
   1164
   1165	return result;
   1166}
   1167
   1168/*----------------------------------------------------------------
   1169 * hfa384x_docmd
   1170 *
   1171 * Constructs a command CTLX and submits it.
   1172 *
   1173 * NOTE: Any changes to the 'post-submit' code in this function
   1174 *       need to be carried over to hfa384x_cbcmd() since the handling
   1175 *       is virtually identical.
   1176 *
   1177 * Arguments:
   1178 *	hw		device structure
   1179 *       cmd             cmd structure.  Includes all arguments and result
   1180 *                       data points.  All in host order. in host order
   1181 *
   1182 * Returns:
   1183 *	0		success
   1184 *	-EIO		CTLX failure
   1185 *	-ERESTARTSYS	Awakened on signal
   1186 *	>0		command indicated error, Status and Resp0-2 are
   1187 *			in hw structure.
   1188 *
   1189 * Side effects:
   1190 *
   1191 *
   1192 * Call context:
   1193 *	process
   1194 *----------------------------------------------------------------
   1195 */
   1196static inline int
   1197hfa384x_docmd(struct hfa384x *hw,
   1198	      struct hfa384x_metacmd *cmd)
   1199{
   1200	int result;
   1201	struct hfa384x_usbctlx *ctlx;
   1202
   1203	ctlx = usbctlx_alloc();
   1204	if (!ctlx) {
   1205		result = -ENOMEM;
   1206		goto done;
   1207	}
   1208
   1209	/* Initialize the command */
   1210	ctlx->outbuf.cmdreq.type = cpu_to_le16(HFA384x_USB_CMDREQ);
   1211	ctlx->outbuf.cmdreq.cmd = cpu_to_le16(cmd->cmd);
   1212	ctlx->outbuf.cmdreq.parm0 = cpu_to_le16(cmd->parm0);
   1213	ctlx->outbuf.cmdreq.parm1 = cpu_to_le16(cmd->parm1);
   1214	ctlx->outbuf.cmdreq.parm2 = cpu_to_le16(cmd->parm2);
   1215
   1216	ctlx->outbufsize = sizeof(ctlx->outbuf.cmdreq);
   1217
   1218	pr_debug("cmdreq: cmd=0x%04x parm0=0x%04x parm1=0x%04x parm2=0x%04x\n",
   1219		 cmd->cmd, cmd->parm0, cmd->parm1, cmd->parm2);
   1220
   1221	ctlx->reapable = DOWAIT;
   1222	ctlx->cmdcb = NULL;
   1223	ctlx->usercb = NULL;
   1224	ctlx->usercb_data = NULL;
   1225
   1226	result = hfa384x_usbctlx_submit(hw, ctlx);
   1227	if (result != 0) {
   1228		kfree(ctlx);
   1229	} else {
   1230		struct usbctlx_cmd_completor cmd_completor;
   1231		struct usbctlx_completor *completor;
   1232
   1233		completor = init_cmd_completor(&cmd_completor,
   1234					       &ctlx->inbuf.cmdresp,
   1235					       &cmd->result);
   1236
   1237		result = hfa384x_usbctlx_complete_sync(hw, ctlx, completor);
   1238	}
   1239
   1240done:
   1241	return result;
   1242}
   1243
   1244/*----------------------------------------------------------------
   1245 * hfa384x_dorrid
   1246 *
   1247 * Constructs a read rid CTLX and issues it.
   1248 *
   1249 * NOTE: Any changes to the 'post-submit' code in this function
   1250 *       need to be carried over to hfa384x_cbrrid() since the handling
   1251 *       is virtually identical.
   1252 *
   1253 * Arguments:
   1254 *	hw		device structure
   1255 *	mode		DOWAIT or DOASYNC
   1256 *	rid		Read RID number (host order)
   1257 *	riddata		Caller supplied buffer that MAC formatted RID.data
   1258 *			record will be written to for DOWAIT calls. Should
   1259 *			be NULL for DOASYNC calls.
   1260 *	riddatalen	Buffer length for DOWAIT calls. Zero for DOASYNC calls.
   1261 *	cmdcb		command callback for async calls, NULL for DOWAIT calls
   1262 *	usercb		user callback for async calls, NULL for DOWAIT calls
   1263 *	usercb_data	user supplied data pointer for async calls, NULL
   1264 *			for DOWAIT calls
   1265 *
   1266 * Returns:
   1267 *	0		success
   1268 *	-EIO		CTLX failure
   1269 *	-ERESTARTSYS	Awakened on signal
   1270 *	-ENODATA	riddatalen != macdatalen
   1271 *	>0		command indicated error, Status and Resp0-2 are
   1272 *			in hw structure.
   1273 *
   1274 * Side effects:
   1275 *
   1276 * Call context:
   1277 *	interrupt (DOASYNC)
   1278 *	process (DOWAIT or DOASYNC)
   1279 *----------------------------------------------------------------
   1280 */
   1281static int
   1282hfa384x_dorrid(struct hfa384x *hw,
   1283	       enum cmd_mode mode,
   1284	       u16 rid,
   1285	       void *riddata,
   1286	       unsigned int riddatalen,
   1287	       ctlx_cmdcb_t cmdcb, ctlx_usercb_t usercb, void *usercb_data)
   1288{
   1289	int result;
   1290	struct hfa384x_usbctlx *ctlx;
   1291
   1292	ctlx = usbctlx_alloc();
   1293	if (!ctlx) {
   1294		result = -ENOMEM;
   1295		goto done;
   1296	}
   1297
   1298	/* Initialize the command */
   1299	ctlx->outbuf.rridreq.type = cpu_to_le16(HFA384x_USB_RRIDREQ);
   1300	ctlx->outbuf.rridreq.frmlen =
   1301	    cpu_to_le16(sizeof(ctlx->outbuf.rridreq.rid));
   1302	ctlx->outbuf.rridreq.rid = cpu_to_le16(rid);
   1303
   1304	ctlx->outbufsize = sizeof(ctlx->outbuf.rridreq);
   1305
   1306	ctlx->reapable = mode;
   1307	ctlx->cmdcb = cmdcb;
   1308	ctlx->usercb = usercb;
   1309	ctlx->usercb_data = usercb_data;
   1310
   1311	/* Submit the CTLX */
   1312	result = hfa384x_usbctlx_submit(hw, ctlx);
   1313	if (result != 0) {
   1314		kfree(ctlx);
   1315	} else if (mode == DOWAIT) {
   1316		struct usbctlx_rrid_completor completor;
   1317
   1318		result =
   1319		    hfa384x_usbctlx_complete_sync(hw, ctlx,
   1320						  init_rrid_completor
   1321						  (&completor,
   1322						   &ctlx->inbuf.rridresp,
   1323						   riddata, riddatalen));
   1324	}
   1325
   1326done:
   1327	return result;
   1328}
   1329
   1330/*----------------------------------------------------------------
   1331 * hfa384x_dowrid
   1332 *
   1333 * Constructs a write rid CTLX and issues it.
   1334 *
   1335 * NOTE: Any changes to the 'post-submit' code in this function
   1336 *       need to be carried over to hfa384x_cbwrid() since the handling
   1337 *       is virtually identical.
   1338 *
   1339 * Arguments:
   1340 *	hw		device structure
   1341 *	enum cmd_mode	DOWAIT or DOASYNC
   1342 *	rid		RID code
   1343 *	riddata		Data portion of RID formatted for MAC
   1344 *	riddatalen	Length of the data portion in bytes
   1345 *       cmdcb           command callback for async calls, NULL for DOWAIT calls
   1346 *	usercb		user callback for async calls, NULL for DOWAIT calls
   1347 *	usercb_data	user supplied data pointer for async calls
   1348 *
   1349 * Returns:
   1350 *	0		success
   1351 *	-ETIMEDOUT	timed out waiting for register ready or
   1352 *			command completion
   1353 *	>0		command indicated error, Status and Resp0-2 are
   1354 *			in hw structure.
   1355 *
   1356 * Side effects:
   1357 *
   1358 * Call context:
   1359 *	interrupt (DOASYNC)
   1360 *	process (DOWAIT or DOASYNC)
   1361 *----------------------------------------------------------------
   1362 */
   1363static int
   1364hfa384x_dowrid(struct hfa384x *hw,
   1365	       enum cmd_mode mode,
   1366	       u16 rid,
   1367	       void *riddata,
   1368	       unsigned int riddatalen,
   1369	       ctlx_cmdcb_t cmdcb, ctlx_usercb_t usercb, void *usercb_data)
   1370{
   1371	int result;
   1372	struct hfa384x_usbctlx *ctlx;
   1373
   1374	ctlx = usbctlx_alloc();
   1375	if (!ctlx) {
   1376		result = -ENOMEM;
   1377		goto done;
   1378	}
   1379
   1380	/* Initialize the command */
   1381	ctlx->outbuf.wridreq.type = cpu_to_le16(HFA384x_USB_WRIDREQ);
   1382	ctlx->outbuf.wridreq.frmlen = cpu_to_le16((sizeof
   1383						   (ctlx->outbuf.wridreq.rid) +
   1384						   riddatalen + 1) / 2);
   1385	ctlx->outbuf.wridreq.rid = cpu_to_le16(rid);
   1386	memcpy(ctlx->outbuf.wridreq.data, riddata, riddatalen);
   1387
   1388	ctlx->outbufsize = sizeof(ctlx->outbuf.wridreq.type) +
   1389	    sizeof(ctlx->outbuf.wridreq.frmlen) +
   1390	    sizeof(ctlx->outbuf.wridreq.rid) + riddatalen;
   1391
   1392	ctlx->reapable = mode;
   1393	ctlx->cmdcb = cmdcb;
   1394	ctlx->usercb = usercb;
   1395	ctlx->usercb_data = usercb_data;
   1396
   1397	/* Submit the CTLX */
   1398	result = hfa384x_usbctlx_submit(hw, ctlx);
   1399	if (result != 0) {
   1400		kfree(ctlx);
   1401	} else if (mode == DOWAIT) {
   1402		struct usbctlx_cmd_completor completor;
   1403		struct hfa384x_cmdresult wridresult;
   1404
   1405		result = hfa384x_usbctlx_complete_sync(hw,
   1406						       ctlx,
   1407						       init_wrid_completor
   1408						       (&completor,
   1409							&ctlx->inbuf.wridresp,
   1410							&wridresult));
   1411	}
   1412
   1413done:
   1414	return result;
   1415}
   1416
   1417/*----------------------------------------------------------------
   1418 * hfa384x_dormem
   1419 *
   1420 * Constructs a readmem CTLX and issues it.
   1421 *
   1422 * NOTE: Any changes to the 'post-submit' code in this function
   1423 *       need to be carried over to hfa384x_cbrmem() since the handling
   1424 *       is virtually identical.
   1425 *
   1426 * Arguments:
   1427 *	hw		device structure
   1428 *	page		MAC address space page (CMD format)
   1429 *	offset		MAC address space offset
   1430 *	data		Ptr to data buffer to receive read
   1431 *	len		Length of the data to read (max == 2048)
   1432 *
   1433 * Returns:
   1434 *	0		success
   1435 *	-ETIMEDOUT	timed out waiting for register ready or
   1436 *			command completion
   1437 *	>0		command indicated error, Status and Resp0-2 are
   1438 *			in hw structure.
   1439 *
   1440 * Side effects:
   1441 *
   1442 * Call context:
   1443 *	process (DOWAIT)
   1444 *----------------------------------------------------------------
   1445 */
   1446static int
   1447hfa384x_dormem(struct hfa384x *hw,
   1448	       u16 page,
   1449	       u16 offset,
   1450	       void *data,
   1451	       unsigned int len)
   1452{
   1453	int result;
   1454	struct hfa384x_usbctlx *ctlx;
   1455
   1456	ctlx = usbctlx_alloc();
   1457	if (!ctlx) {
   1458		result = -ENOMEM;
   1459		goto done;
   1460	}
   1461
   1462	/* Initialize the command */
   1463	ctlx->outbuf.rmemreq.type = cpu_to_le16(HFA384x_USB_RMEMREQ);
   1464	ctlx->outbuf.rmemreq.frmlen =
   1465	    cpu_to_le16(sizeof(ctlx->outbuf.rmemreq.offset) +
   1466			sizeof(ctlx->outbuf.rmemreq.page) + len);
   1467	ctlx->outbuf.rmemreq.offset = cpu_to_le16(offset);
   1468	ctlx->outbuf.rmemreq.page = cpu_to_le16(page);
   1469
   1470	ctlx->outbufsize = sizeof(ctlx->outbuf.rmemreq);
   1471
   1472	pr_debug("type=0x%04x frmlen=%d offset=0x%04x page=0x%04x\n",
   1473		 ctlx->outbuf.rmemreq.type,
   1474		 ctlx->outbuf.rmemreq.frmlen,
   1475		 ctlx->outbuf.rmemreq.offset, ctlx->outbuf.rmemreq.page);
   1476
   1477	pr_debug("pktsize=%zd\n", ROUNDUP64(sizeof(ctlx->outbuf.rmemreq)));
   1478
   1479	ctlx->reapable = DOWAIT;
   1480	ctlx->cmdcb = NULL;
   1481	ctlx->usercb = NULL;
   1482	ctlx->usercb_data = NULL;
   1483
   1484	result = hfa384x_usbctlx_submit(hw, ctlx);
   1485	if (result != 0) {
   1486		kfree(ctlx);
   1487	} else {
   1488		struct usbctlx_rmem_completor completor;
   1489
   1490		result =
   1491		    hfa384x_usbctlx_complete_sync(hw, ctlx,
   1492						  init_rmem_completor
   1493						  (&completor,
   1494						   &ctlx->inbuf.rmemresp, data,
   1495						   len));
   1496	}
   1497
   1498done:
   1499	return result;
   1500}
   1501
   1502/*----------------------------------------------------------------
   1503 * hfa384x_dowmem
   1504 *
   1505 * Constructs a writemem CTLX and issues it.
   1506 *
   1507 * NOTE: Any changes to the 'post-submit' code in this function
   1508 *       need to be carried over to hfa384x_cbwmem() since the handling
   1509 *       is virtually identical.
   1510 *
   1511 * Arguments:
   1512 *	hw		device structure
   1513 *	page		MAC address space page (CMD format)
   1514 *	offset		MAC address space offset
   1515 *	data		Ptr to data buffer containing write data
   1516 *	len		Length of the data to read (max == 2048)
   1517 *
   1518 * Returns:
   1519 *	0		success
   1520 *	-ETIMEDOUT	timed out waiting for register ready or
   1521 *			command completion
   1522 *	>0		command indicated error, Status and Resp0-2 are
   1523 *			in hw structure.
   1524 *
   1525 * Side effects:
   1526 *
   1527 * Call context:
   1528 *	interrupt (DOWAIT)
   1529 *	process (DOWAIT)
   1530 *----------------------------------------------------------------
   1531 */
   1532static int
   1533hfa384x_dowmem(struct hfa384x *hw,
   1534	       u16 page,
   1535	       u16 offset,
   1536	       void *data,
   1537	       unsigned int len)
   1538{
   1539	int result;
   1540	struct hfa384x_usbctlx *ctlx;
   1541
   1542	pr_debug("page=0x%04x offset=0x%04x len=%d\n", page, offset, len);
   1543
   1544	ctlx = usbctlx_alloc();
   1545	if (!ctlx) {
   1546		result = -ENOMEM;
   1547		goto done;
   1548	}
   1549
   1550	/* Initialize the command */
   1551	ctlx->outbuf.wmemreq.type = cpu_to_le16(HFA384x_USB_WMEMREQ);
   1552	ctlx->outbuf.wmemreq.frmlen =
   1553	    cpu_to_le16(sizeof(ctlx->outbuf.wmemreq.offset) +
   1554			sizeof(ctlx->outbuf.wmemreq.page) + len);
   1555	ctlx->outbuf.wmemreq.offset = cpu_to_le16(offset);
   1556	ctlx->outbuf.wmemreq.page = cpu_to_le16(page);
   1557	memcpy(ctlx->outbuf.wmemreq.data, data, len);
   1558
   1559	ctlx->outbufsize = sizeof(ctlx->outbuf.wmemreq.type) +
   1560	    sizeof(ctlx->outbuf.wmemreq.frmlen) +
   1561	    sizeof(ctlx->outbuf.wmemreq.offset) +
   1562	    sizeof(ctlx->outbuf.wmemreq.page) + len;
   1563
   1564	ctlx->reapable = DOWAIT;
   1565	ctlx->cmdcb = NULL;
   1566	ctlx->usercb = NULL;
   1567	ctlx->usercb_data = NULL;
   1568
   1569	result = hfa384x_usbctlx_submit(hw, ctlx);
   1570	if (result != 0) {
   1571		kfree(ctlx);
   1572	} else {
   1573		struct usbctlx_cmd_completor completor;
   1574		struct hfa384x_cmdresult wmemresult;
   1575
   1576		result = hfa384x_usbctlx_complete_sync(hw,
   1577						       ctlx,
   1578						       init_wmem_completor
   1579						       (&completor,
   1580							&ctlx->inbuf.wmemresp,
   1581							&wmemresult));
   1582	}
   1583
   1584done:
   1585	return result;
   1586}
   1587
   1588/*----------------------------------------------------------------
   1589 * hfa384x_drvr_disable
   1590 *
   1591 * Issues the disable command to stop communications on one of
   1592 * the MACs 'ports'.  Only macport 0 is valid  for stations.
   1593 * APs may also disable macports 1-6.  Only ports that have been
   1594 * previously enabled may be disabled.
   1595 *
   1596 * Arguments:
   1597 *	hw		device structure
   1598 *	macport		MAC port number (host order)
   1599 *
   1600 * Returns:
   1601 *	0		success
   1602 *	>0		f/w reported failure - f/w status code
   1603 *	<0		driver reported error (timeout|bad arg)
   1604 *
   1605 * Side effects:
   1606 *
   1607 * Call context:
   1608 *	process
   1609 *----------------------------------------------------------------
   1610 */
   1611int hfa384x_drvr_disable(struct hfa384x *hw, u16 macport)
   1612{
   1613	int result = 0;
   1614
   1615	if ((!hw->isap && macport != 0) ||
   1616	    (hw->isap && !(macport <= HFA384x_PORTID_MAX)) ||
   1617	    !(hw->port_enabled[macport])) {
   1618		result = -EINVAL;
   1619	} else {
   1620		result = hfa384x_cmd_disable(hw, macport);
   1621		if (result == 0)
   1622			hw->port_enabled[macport] = 0;
   1623	}
   1624	return result;
   1625}
   1626
   1627/*----------------------------------------------------------------
   1628 * hfa384x_drvr_enable
   1629 *
   1630 * Issues the enable command to enable communications on one of
   1631 * the MACs 'ports'.  Only macport 0 is valid  for stations.
   1632 * APs may also enable macports 1-6.  Only ports that are currently
   1633 * disabled may be enabled.
   1634 *
   1635 * Arguments:
   1636 *	hw		device structure
   1637 *	macport		MAC port number
   1638 *
   1639 * Returns:
   1640 *	0		success
   1641 *	>0		f/w reported failure - f/w status code
   1642 *	<0		driver reported error (timeout|bad arg)
   1643 *
   1644 * Side effects:
   1645 *
   1646 * Call context:
   1647 *	process
   1648 *----------------------------------------------------------------
   1649 */
   1650int hfa384x_drvr_enable(struct hfa384x *hw, u16 macport)
   1651{
   1652	int result = 0;
   1653
   1654	if ((!hw->isap && macport != 0) ||
   1655	    (hw->isap && !(macport <= HFA384x_PORTID_MAX)) ||
   1656	    (hw->port_enabled[macport])) {
   1657		result = -EINVAL;
   1658	} else {
   1659		result = hfa384x_cmd_enable(hw, macport);
   1660		if (result == 0)
   1661			hw->port_enabled[macport] = 1;
   1662	}
   1663	return result;
   1664}
   1665
   1666/*----------------------------------------------------------------
   1667 * hfa384x_drvr_flashdl_enable
   1668 *
   1669 * Begins the flash download state.  Checks to see that we're not
   1670 * already in a download state and that a port isn't enabled.
   1671 * Sets the download state and retrieves the flash download
   1672 * buffer location, buffer size, and timeout length.
   1673 *
   1674 * Arguments:
   1675 *	hw		device structure
   1676 *
   1677 * Returns:
   1678 *	0		success
   1679 *	>0		f/w reported error - f/w status code
   1680 *	<0		driver reported error
   1681 *
   1682 * Side effects:
   1683 *
   1684 * Call context:
   1685 *	process
   1686 *----------------------------------------------------------------
   1687 */
   1688int hfa384x_drvr_flashdl_enable(struct hfa384x *hw)
   1689{
   1690	int result = 0;
   1691	int i;
   1692
   1693	/* Check that a port isn't active */
   1694	for (i = 0; i < HFA384x_PORTID_MAX; i++) {
   1695		if (hw->port_enabled[i]) {
   1696			pr_debug("called when port enabled.\n");
   1697			return -EINVAL;
   1698		}
   1699	}
   1700
   1701	/* Check that we're not already in a download state */
   1702	if (hw->dlstate != HFA384x_DLSTATE_DISABLED)
   1703		return -EINVAL;
   1704
   1705	/* Retrieve the buffer loc&size and timeout */
   1706	result = hfa384x_drvr_getconfig(hw, HFA384x_RID_DOWNLOADBUFFER,
   1707					&hw->bufinfo, sizeof(hw->bufinfo));
   1708	if (result)
   1709		return result;
   1710
   1711	le16_to_cpus(&hw->bufinfo.page);
   1712	le16_to_cpus(&hw->bufinfo.offset);
   1713	le16_to_cpus(&hw->bufinfo.len);
   1714	result = hfa384x_drvr_getconfig16(hw, HFA384x_RID_MAXLOADTIME,
   1715					  &hw->dltimeout);
   1716	if (result)
   1717		return result;
   1718
   1719	le16_to_cpus(&hw->dltimeout);
   1720
   1721	pr_debug("flashdl_enable\n");
   1722
   1723	hw->dlstate = HFA384x_DLSTATE_FLASHENABLED;
   1724
   1725	return result;
   1726}
   1727
   1728/*----------------------------------------------------------------
   1729 * hfa384x_drvr_flashdl_disable
   1730 *
   1731 * Ends the flash download state.  Note that this will cause the MAC
   1732 * firmware to restart.
   1733 *
   1734 * Arguments:
   1735 *	hw		device structure
   1736 *
   1737 * Returns:
   1738 *	0		success
   1739 *	>0		f/w reported error - f/w status code
   1740 *	<0		driver reported error
   1741 *
   1742 * Side effects:
   1743 *
   1744 * Call context:
   1745 *	process
   1746 *----------------------------------------------------------------
   1747 */
   1748int hfa384x_drvr_flashdl_disable(struct hfa384x *hw)
   1749{
   1750	/* Check that we're already in the download state */
   1751	if (hw->dlstate != HFA384x_DLSTATE_FLASHENABLED)
   1752		return -EINVAL;
   1753
   1754	pr_debug("flashdl_enable\n");
   1755
   1756	/* There isn't much we can do at this point, so I don't */
   1757	/*  bother  w/ the return value */
   1758	hfa384x_cmd_download(hw, HFA384x_PROGMODE_DISABLE, 0, 0, 0);
   1759	hw->dlstate = HFA384x_DLSTATE_DISABLED;
   1760
   1761	return 0;
   1762}
   1763
   1764/*----------------------------------------------------------------
   1765 * hfa384x_drvr_flashdl_write
   1766 *
   1767 * Performs a FLASH download of a chunk of data. First checks to see
   1768 * that we're in the FLASH download state, then sets the download
   1769 * mode, uses the aux functions to 1) copy the data to the flash
   1770 * buffer, 2) sets the download 'write flash' mode, 3) readback and
   1771 * compare.  Lather rinse, repeat as many times an necessary to get
   1772 * all the given data into flash.
   1773 * When all data has been written using this function (possibly
   1774 * repeatedly), call drvr_flashdl_disable() to end the download state
   1775 * and restart the MAC.
   1776 *
   1777 * Arguments:
   1778 *	hw		device structure
   1779 *	daddr		Card address to write to. (host order)
   1780 *	buf		Ptr to data to write.
   1781 *	len		Length of data (host order).
   1782 *
   1783 * Returns:
   1784 *	0		success
   1785 *	>0		f/w reported error - f/w status code
   1786 *	<0		driver reported error
   1787 *
   1788 * Side effects:
   1789 *
   1790 * Call context:
   1791 *	process
   1792 *----------------------------------------------------------------
   1793 */
   1794int hfa384x_drvr_flashdl_write(struct hfa384x *hw, u32 daddr,
   1795			       void *buf, u32 len)
   1796{
   1797	int result = 0;
   1798	u32 dlbufaddr;
   1799	int nburns;
   1800	u32 burnlen;
   1801	u32 burndaddr;
   1802	u16 burnlo;
   1803	u16 burnhi;
   1804	int nwrites;
   1805	u8 *writebuf;
   1806	u16 writepage;
   1807	u16 writeoffset;
   1808	u32 writelen;
   1809	int i;
   1810	int j;
   1811
   1812	pr_debug("daddr=0x%08x len=%d\n", daddr, len);
   1813
   1814	/* Check that we're in the flash download state */
   1815	if (hw->dlstate != HFA384x_DLSTATE_FLASHENABLED)
   1816		return -EINVAL;
   1817
   1818	netdev_info(hw->wlandev->netdev,
   1819		    "Download %d bytes to flash @0x%06x\n", len, daddr);
   1820
   1821	/* Convert to flat address for arithmetic */
   1822	/* NOTE: dlbuffer RID stores the address in AUX format */
   1823	dlbufaddr =
   1824	    HFA384x_ADDR_AUX_MKFLAT(hw->bufinfo.page, hw->bufinfo.offset);
   1825	pr_debug("dlbuf.page=0x%04x dlbuf.offset=0x%04x dlbufaddr=0x%08x\n",
   1826		 hw->bufinfo.page, hw->bufinfo.offset, dlbufaddr);
   1827	/* Calculations to determine how many fills of the dlbuffer to do
   1828	 * and how many USB wmemreq's to do for each fill.  At this point
   1829	 * in time, the dlbuffer size and the wmemreq size are the same.
   1830	 * Therefore, nwrites should always be 1.  The extra complexity
   1831	 * here is a hedge against future changes.
   1832	 */
   1833
   1834	/* Figure out how many times to do the flash programming */
   1835	nburns = len / hw->bufinfo.len;
   1836	nburns += (len % hw->bufinfo.len) ? 1 : 0;
   1837
   1838	/* For each flash program cycle, how many USB wmemreq's are needed? */
   1839	nwrites = hw->bufinfo.len / HFA384x_USB_RWMEM_MAXLEN;
   1840	nwrites += (hw->bufinfo.len % HFA384x_USB_RWMEM_MAXLEN) ? 1 : 0;
   1841
   1842	/* For each burn */
   1843	for (i = 0; i < nburns; i++) {
   1844		/* Get the dest address and len */
   1845		burnlen = (len - (hw->bufinfo.len * i)) > hw->bufinfo.len ?
   1846		    hw->bufinfo.len : (len - (hw->bufinfo.len * i));
   1847		burndaddr = daddr + (hw->bufinfo.len * i);
   1848		burnlo = HFA384x_ADDR_CMD_MKOFF(burndaddr);
   1849		burnhi = HFA384x_ADDR_CMD_MKPAGE(burndaddr);
   1850
   1851		netdev_info(hw->wlandev->netdev, "Writing %d bytes to flash @0x%06x\n",
   1852			    burnlen, burndaddr);
   1853
   1854		/* Set the download mode */
   1855		result = hfa384x_cmd_download(hw, HFA384x_PROGMODE_NV,
   1856					      burnlo, burnhi, burnlen);
   1857		if (result) {
   1858			netdev_err(hw->wlandev->netdev,
   1859				   "download(NV,lo=%x,hi=%x,len=%x) cmd failed, result=%d. Aborting d/l\n",
   1860				   burnlo, burnhi, burnlen, result);
   1861			goto exit_proc;
   1862		}
   1863
   1864		/* copy the data to the flash download buffer */
   1865		for (j = 0; j < nwrites; j++) {
   1866			writebuf = buf +
   1867			    (i * hw->bufinfo.len) +
   1868			    (j * HFA384x_USB_RWMEM_MAXLEN);
   1869
   1870			writepage = HFA384x_ADDR_CMD_MKPAGE(dlbufaddr +
   1871						(j * HFA384x_USB_RWMEM_MAXLEN));
   1872			writeoffset = HFA384x_ADDR_CMD_MKOFF(dlbufaddr +
   1873						(j * HFA384x_USB_RWMEM_MAXLEN));
   1874
   1875			writelen = burnlen - (j * HFA384x_USB_RWMEM_MAXLEN);
   1876			writelen = writelen > HFA384x_USB_RWMEM_MAXLEN ?
   1877			    HFA384x_USB_RWMEM_MAXLEN : writelen;
   1878
   1879			result = hfa384x_dowmem(hw,
   1880						writepage,
   1881						writeoffset,
   1882						writebuf, writelen);
   1883		}
   1884
   1885		/* set the download 'write flash' mode */
   1886		result = hfa384x_cmd_download(hw,
   1887					      HFA384x_PROGMODE_NVWRITE,
   1888					      0, 0, 0);
   1889		if (result) {
   1890			netdev_err(hw->wlandev->netdev,
   1891				   "download(NVWRITE,lo=%x,hi=%x,len=%x) cmd failed, result=%d. Aborting d/l\n",
   1892				   burnlo, burnhi, burnlen, result);
   1893			goto exit_proc;
   1894		}
   1895
   1896		/* TODO: We really should do a readback and compare. */
   1897	}
   1898
   1899exit_proc:
   1900
   1901	/* Leave the firmware in the 'post-prog' mode.  flashdl_disable will */
   1902	/*  actually disable programming mode.  Remember, that will cause the */
   1903	/*  the firmware to effectively reset itself. */
   1904
   1905	return result;
   1906}
   1907
   1908/*----------------------------------------------------------------
   1909 * hfa384x_drvr_getconfig
   1910 *
   1911 * Performs the sequence necessary to read a config/info item.
   1912 *
   1913 * Arguments:
   1914 *	hw		device structure
   1915 *	rid		config/info record id (host order)
   1916 *	buf		host side record buffer.  Upon return it will
   1917 *			contain the body portion of the record (minus the
   1918 *			RID and len).
   1919 *	len		buffer length (in bytes, should match record length)
   1920 *
   1921 * Returns:
   1922 *	0		success
   1923 *	>0		f/w reported error - f/w status code
   1924 *	<0		driver reported error
   1925 *	-ENODATA	length mismatch between argument and retrieved
   1926 *			record.
   1927 *
   1928 * Side effects:
   1929 *
   1930 * Call context:
   1931 *	process
   1932 *----------------------------------------------------------------
   1933 */
   1934int hfa384x_drvr_getconfig(struct hfa384x *hw, u16 rid, void *buf, u16 len)
   1935{
   1936	return hfa384x_dorrid(hw, DOWAIT, rid, buf, len, NULL, NULL, NULL);
   1937}
   1938
   1939/*----------------------------------------------------------------
   1940 * hfa384x_drvr_setconfig_async
   1941 *
   1942 * Performs the sequence necessary to write a config/info item.
   1943 *
   1944 * Arguments:
   1945 *       hw              device structure
   1946 *       rid             config/info record id (in host order)
   1947 *       buf             host side record buffer
   1948 *       len             buffer length (in bytes)
   1949 *       usercb          completion callback
   1950 *       usercb_data     completion callback argument
   1951 *
   1952 * Returns:
   1953 *       0               success
   1954 *       >0              f/w reported error - f/w status code
   1955 *       <0              driver reported error
   1956 *
   1957 * Side effects:
   1958 *
   1959 * Call context:
   1960 *       process
   1961 *----------------------------------------------------------------
   1962 */
   1963int
   1964hfa384x_drvr_setconfig_async(struct hfa384x *hw,
   1965			     u16 rid,
   1966			     void *buf,
   1967			     u16 len, ctlx_usercb_t usercb, void *usercb_data)
   1968{
   1969	return hfa384x_dowrid(hw, DOASYNC, rid, buf, len, hfa384x_cb_status,
   1970			      usercb, usercb_data);
   1971}
   1972
   1973/*----------------------------------------------------------------
   1974 * hfa384x_drvr_ramdl_disable
   1975 *
   1976 * Ends the ram download state.
   1977 *
   1978 * Arguments:
   1979 *	hw		device structure
   1980 *
   1981 * Returns:
   1982 *	0		success
   1983 *	>0		f/w reported error - f/w status code
   1984 *	<0		driver reported error
   1985 *
   1986 * Side effects:
   1987 *
   1988 * Call context:
   1989 *	process
   1990 *----------------------------------------------------------------
   1991 */
   1992int hfa384x_drvr_ramdl_disable(struct hfa384x *hw)
   1993{
   1994	/* Check that we're already in the download state */
   1995	if (hw->dlstate != HFA384x_DLSTATE_RAMENABLED)
   1996		return -EINVAL;
   1997
   1998	pr_debug("ramdl_disable()\n");
   1999
   2000	/* There isn't much we can do at this point, so I don't */
   2001	/*  bother  w/ the return value */
   2002	hfa384x_cmd_download(hw, HFA384x_PROGMODE_DISABLE, 0, 0, 0);
   2003	hw->dlstate = HFA384x_DLSTATE_DISABLED;
   2004
   2005	return 0;
   2006}
   2007
   2008/*----------------------------------------------------------------
   2009 * hfa384x_drvr_ramdl_enable
   2010 *
   2011 * Begins the ram download state.  Checks to see that we're not
   2012 * already in a download state and that a port isn't enabled.
   2013 * Sets the download state and calls cmd_download with the
   2014 * ENABLE_VOLATILE subcommand and the exeaddr argument.
   2015 *
   2016 * Arguments:
   2017 *	hw		device structure
   2018 *	exeaddr		the card execution address that will be
   2019 *                       jumped to when ramdl_disable() is called
   2020 *			(host order).
   2021 *
   2022 * Returns:
   2023 *	0		success
   2024 *	>0		f/w reported error - f/w status code
   2025 *	<0		driver reported error
   2026 *
   2027 * Side effects:
   2028 *
   2029 * Call context:
   2030 *	process
   2031 *----------------------------------------------------------------
   2032 */
   2033int hfa384x_drvr_ramdl_enable(struct hfa384x *hw, u32 exeaddr)
   2034{
   2035	int result = 0;
   2036	u16 lowaddr;
   2037	u16 hiaddr;
   2038	int i;
   2039
   2040	/* Check that a port isn't active */
   2041	for (i = 0; i < HFA384x_PORTID_MAX; i++) {
   2042		if (hw->port_enabled[i]) {
   2043			netdev_err(hw->wlandev->netdev,
   2044				   "Can't download with a macport enabled.\n");
   2045			return -EINVAL;
   2046		}
   2047	}
   2048
   2049	/* Check that we're not already in a download state */
   2050	if (hw->dlstate != HFA384x_DLSTATE_DISABLED) {
   2051		netdev_err(hw->wlandev->netdev,
   2052			   "Download state not disabled.\n");
   2053		return -EINVAL;
   2054	}
   2055
   2056	pr_debug("ramdl_enable, exeaddr=0x%08x\n", exeaddr);
   2057
   2058	/* Call the download(1,addr) function */
   2059	lowaddr = HFA384x_ADDR_CMD_MKOFF(exeaddr);
   2060	hiaddr = HFA384x_ADDR_CMD_MKPAGE(exeaddr);
   2061
   2062	result = hfa384x_cmd_download(hw, HFA384x_PROGMODE_RAM,
   2063				      lowaddr, hiaddr, 0);
   2064
   2065	if (result == 0) {
   2066		/* Set the download state */
   2067		hw->dlstate = HFA384x_DLSTATE_RAMENABLED;
   2068	} else {
   2069		pr_debug("cmd_download(0x%04x, 0x%04x) failed, result=%d.\n",
   2070			 lowaddr, hiaddr, result);
   2071	}
   2072
   2073	return result;
   2074}
   2075
   2076/*----------------------------------------------------------------
   2077 * hfa384x_drvr_ramdl_write
   2078 *
   2079 * Performs a RAM download of a chunk of data. First checks to see
   2080 * that we're in the RAM download state, then uses the [read|write]mem USB
   2081 * commands to 1) copy the data, 2) readback and compare.  The download
   2082 * state is unaffected.  When all data has been written using
   2083 * this function, call drvr_ramdl_disable() to end the download state
   2084 * and restart the MAC.
   2085 *
   2086 * Arguments:
   2087 *	hw		device structure
   2088 *	daddr		Card address to write to. (host order)
   2089 *	buf		Ptr to data to write.
   2090 *	len		Length of data (host order).
   2091 *
   2092 * Returns:
   2093 *	0		success
   2094 *	>0		f/w reported error - f/w status code
   2095 *	<0		driver reported error
   2096 *
   2097 * Side effects:
   2098 *
   2099 * Call context:
   2100 *	process
   2101 *----------------------------------------------------------------
   2102 */
   2103int hfa384x_drvr_ramdl_write(struct hfa384x *hw, u32 daddr, void *buf, u32 len)
   2104{
   2105	int result = 0;
   2106	int nwrites;
   2107	u8 *data = buf;
   2108	int i;
   2109	u32 curraddr;
   2110	u16 currpage;
   2111	u16 curroffset;
   2112	u16 currlen;
   2113
   2114	/* Check that we're in the ram download state */
   2115	if (hw->dlstate != HFA384x_DLSTATE_RAMENABLED)
   2116		return -EINVAL;
   2117
   2118	netdev_info(hw->wlandev->netdev, "Writing %d bytes to ram @0x%06x\n",
   2119		    len, daddr);
   2120
   2121	/* How many dowmem calls?  */
   2122	nwrites = len / HFA384x_USB_RWMEM_MAXLEN;
   2123	nwrites += len % HFA384x_USB_RWMEM_MAXLEN ? 1 : 0;
   2124
   2125	/* Do blocking wmem's */
   2126	for (i = 0; i < nwrites; i++) {
   2127		/* make address args */
   2128		curraddr = daddr + (i * HFA384x_USB_RWMEM_MAXLEN);
   2129		currpage = HFA384x_ADDR_CMD_MKPAGE(curraddr);
   2130		curroffset = HFA384x_ADDR_CMD_MKOFF(curraddr);
   2131		currlen = len - (i * HFA384x_USB_RWMEM_MAXLEN);
   2132		if (currlen > HFA384x_USB_RWMEM_MAXLEN)
   2133			currlen = HFA384x_USB_RWMEM_MAXLEN;
   2134
   2135		/* Do blocking ctlx */
   2136		result = hfa384x_dowmem(hw,
   2137					currpage,
   2138					curroffset,
   2139					data + (i * HFA384x_USB_RWMEM_MAXLEN),
   2140					currlen);
   2141
   2142		if (result)
   2143			break;
   2144
   2145		/* TODO: We really should have a readback. */
   2146	}
   2147
   2148	return result;
   2149}
   2150
   2151/*----------------------------------------------------------------
   2152 * hfa384x_drvr_readpda
   2153 *
   2154 * Performs the sequence to read the PDA space.  Note there is no
   2155 * drvr_writepda() function.  Writing a PDA is
   2156 * generally implemented by a calling component via calls to
   2157 * cmd_download and writing to the flash download buffer via the
   2158 * aux regs.
   2159 *
   2160 * Arguments:
   2161 *	hw		device structure
   2162 *	buf		buffer to store PDA in
   2163 *	len		buffer length
   2164 *
   2165 * Returns:
   2166 *	0		success
   2167 *	>0		f/w reported error - f/w status code
   2168 *	<0		driver reported error
   2169 *	-ETIMEDOUT	timeout waiting for the cmd regs to become
   2170 *			available, or waiting for the control reg
   2171 *			to indicate the Aux port is enabled.
   2172 *	-ENODATA	the buffer does NOT contain a valid PDA.
   2173 *			Either the card PDA is bad, or the auxdata
   2174 *			reads are giving us garbage.
   2175 *
   2176 *
   2177 * Side effects:
   2178 *
   2179 * Call context:
   2180 *	process or non-card interrupt.
   2181 *----------------------------------------------------------------
   2182 */
   2183int hfa384x_drvr_readpda(struct hfa384x *hw, void *buf, unsigned int len)
   2184{
   2185	int result = 0;
   2186	__le16 *pda = buf;
   2187	int pdaok = 0;
   2188	int morepdrs = 1;
   2189	int currpdr = 0;	/* word offset of the current pdr */
   2190	size_t i;
   2191	u16 pdrlen;		/* pdr length in bytes, host order */
   2192	u16 pdrcode;		/* pdr code, host order */
   2193	u16 currpage;
   2194	u16 curroffset;
   2195	struct pdaloc {
   2196		u32 cardaddr;
   2197		u16 auxctl;
   2198	} pdaloc[] = {
   2199		{
   2200		HFA3842_PDA_BASE, 0}, {
   2201		HFA3841_PDA_BASE, 0}, {
   2202		HFA3841_PDA_BOGUS_BASE, 0}
   2203	};
   2204
   2205	/* Read the pda from each known address.  */
   2206	for (i = 0; i < ARRAY_SIZE(pdaloc); i++) {
   2207		/* Make address */
   2208		currpage = HFA384x_ADDR_CMD_MKPAGE(pdaloc[i].cardaddr);
   2209		curroffset = HFA384x_ADDR_CMD_MKOFF(pdaloc[i].cardaddr);
   2210
   2211		/* units of bytes */
   2212		result = hfa384x_dormem(hw, currpage, curroffset, buf,
   2213					len);
   2214
   2215		if (result) {
   2216			netdev_warn(hw->wlandev->netdev,
   2217				    "Read from index %zd failed, continuing\n",
   2218				    i);
   2219			continue;
   2220		}
   2221
   2222		/* Test for garbage */
   2223		pdaok = 1;	/* initially assume good */
   2224		morepdrs = 1;
   2225		while (pdaok && morepdrs) {
   2226			pdrlen = le16_to_cpu(pda[currpdr]) * 2;
   2227			pdrcode = le16_to_cpu(pda[currpdr + 1]);
   2228			/* Test the record length */
   2229			if (pdrlen > HFA384x_PDR_LEN_MAX || pdrlen == 0) {
   2230				netdev_err(hw->wlandev->netdev,
   2231					   "pdrlen invalid=%d\n", pdrlen);
   2232				pdaok = 0;
   2233				break;
   2234			}
   2235			/* Test the code */
   2236			if (!hfa384x_isgood_pdrcode(pdrcode)) {
   2237				netdev_err(hw->wlandev->netdev, "pdrcode invalid=%d\n",
   2238					   pdrcode);
   2239				pdaok = 0;
   2240				break;
   2241			}
   2242			/* Test for completion */
   2243			if (pdrcode == HFA384x_PDR_END_OF_PDA)
   2244				morepdrs = 0;
   2245
   2246			/* Move to the next pdr (if necessary) */
   2247			if (morepdrs) {
   2248				/* note the access to pda[], need words here */
   2249				currpdr += le16_to_cpu(pda[currpdr]) + 1;
   2250			}
   2251		}
   2252		if (pdaok) {
   2253			netdev_info(hw->wlandev->netdev,
   2254				    "PDA Read from 0x%08x in %s space.\n",
   2255				    pdaloc[i].cardaddr,
   2256				    pdaloc[i].auxctl == 0 ? "EXTDS" :
   2257				    pdaloc[i].auxctl == 1 ? "NV" :
   2258				    pdaloc[i].auxctl == 2 ? "PHY" :
   2259				    pdaloc[i].auxctl == 3 ? "ICSRAM" :
   2260				    "<bogus auxctl>");
   2261			break;
   2262		}
   2263	}
   2264	result = pdaok ? 0 : -ENODATA;
   2265
   2266	if (result)
   2267		pr_debug("Failure: pda is not okay\n");
   2268
   2269	return result;
   2270}
   2271
   2272/*----------------------------------------------------------------
   2273 * hfa384x_drvr_setconfig
   2274 *
   2275 * Performs the sequence necessary to write a config/info item.
   2276 *
   2277 * Arguments:
   2278 *	hw		device structure
   2279 *	rid		config/info record id (in host order)
   2280 *	buf		host side record buffer
   2281 *	len		buffer length (in bytes)
   2282 *
   2283 * Returns:
   2284 *	0		success
   2285 *	>0		f/w reported error - f/w status code
   2286 *	<0		driver reported error
   2287 *
   2288 * Side effects:
   2289 *
   2290 * Call context:
   2291 *	process
   2292 *----------------------------------------------------------------
   2293 */
   2294int hfa384x_drvr_setconfig(struct hfa384x *hw, u16 rid, void *buf, u16 len)
   2295{
   2296	return hfa384x_dowrid(hw, DOWAIT, rid, buf, len, NULL, NULL, NULL);
   2297}
   2298
   2299/*----------------------------------------------------------------
   2300 * hfa384x_drvr_start
   2301 *
   2302 * Issues the MAC initialize command, sets up some data structures,
   2303 * and enables the interrupts.  After this function completes, the
   2304 * low-level stuff should be ready for any/all commands.
   2305 *
   2306 * Arguments:
   2307 *	hw		device structure
   2308 * Returns:
   2309 *	0		success
   2310 *	>0		f/w reported error - f/w status code
   2311 *	<0		driver reported error
   2312 *
   2313 * Side effects:
   2314 *
   2315 * Call context:
   2316 *	process
   2317 *----------------------------------------------------------------
   2318 */
   2319int hfa384x_drvr_start(struct hfa384x *hw)
   2320{
   2321	int result, result1, result2;
   2322	u16 status;
   2323
   2324	might_sleep();
   2325
   2326	/* Clear endpoint stalls - but only do this if the endpoint
   2327	 * is showing a stall status. Some prism2 cards seem to behave
   2328	 * badly if a clear_halt is called when the endpoint is already
   2329	 * ok
   2330	 */
   2331	result =
   2332	    usb_get_std_status(hw->usb, USB_RECIP_ENDPOINT, hw->endp_in,
   2333			       &status);
   2334	if (result < 0) {
   2335		netdev_err(hw->wlandev->netdev, "Cannot get bulk in endpoint status.\n");
   2336		goto done;
   2337	}
   2338	if ((status == 1) && usb_clear_halt(hw->usb, hw->endp_in))
   2339		netdev_err(hw->wlandev->netdev, "Failed to reset bulk in endpoint.\n");
   2340
   2341	result =
   2342	    usb_get_std_status(hw->usb, USB_RECIP_ENDPOINT, hw->endp_out,
   2343			       &status);
   2344	if (result < 0) {
   2345		netdev_err(hw->wlandev->netdev, "Cannot get bulk out endpoint status.\n");
   2346		goto done;
   2347	}
   2348	if ((status == 1) && usb_clear_halt(hw->usb, hw->endp_out))
   2349		netdev_err(hw->wlandev->netdev, "Failed to reset bulk out endpoint.\n");
   2350
   2351	/* Synchronous unlink, in case we're trying to restart the driver */
   2352	usb_kill_urb(&hw->rx_urb);
   2353
   2354	/* Post the IN urb */
   2355	result = submit_rx_urb(hw, GFP_KERNEL);
   2356	if (result != 0) {
   2357		netdev_err(hw->wlandev->netdev,
   2358			   "Fatal, failed to submit RX URB, result=%d\n",
   2359			   result);
   2360		goto done;
   2361	}
   2362
   2363	/* Call initialize twice, with a 1 second sleep in between.
   2364	 * This is a nasty work-around since many prism2 cards seem to
   2365	 * need time to settle after an init from cold. The second
   2366	 * call to initialize in theory is not necessary - but we call
   2367	 * it anyway as a double insurance policy:
   2368	 * 1) If the first init should fail, the second may well succeed
   2369	 *    and the card can still be used
   2370	 * 2) It helps ensures all is well with the card after the first
   2371	 *    init and settle time.
   2372	 */
   2373	result1 = hfa384x_cmd_initialize(hw);
   2374	msleep(1000);
   2375	result = hfa384x_cmd_initialize(hw);
   2376	result2 = result;
   2377	if (result1 != 0) {
   2378		if (result2 != 0) {
   2379			netdev_err(hw->wlandev->netdev,
   2380				   "cmd_initialize() failed on two attempts, results %d and %d\n",
   2381				   result1, result2);
   2382			usb_kill_urb(&hw->rx_urb);
   2383			goto done;
   2384		} else {
   2385			pr_debug("First cmd_initialize() failed (result %d),\n",
   2386				 result1);
   2387			pr_debug("but second attempt succeeded. All should be ok\n");
   2388		}
   2389	} else if (result2 != 0) {
   2390		netdev_warn(hw->wlandev->netdev, "First cmd_initialize() succeeded, but second attempt failed (result=%d)\n",
   2391			    result2);
   2392		netdev_warn(hw->wlandev->netdev,
   2393			    "Most likely the card will be functional\n");
   2394		goto done;
   2395	}
   2396
   2397	hw->state = HFA384x_STATE_RUNNING;
   2398
   2399done:
   2400	return result;
   2401}
   2402
   2403/*----------------------------------------------------------------
   2404 * hfa384x_drvr_stop
   2405 *
   2406 * Shuts down the MAC to the point where it is safe to unload the
   2407 * driver.  Any subsystem that may be holding a data or function
   2408 * ptr into the driver must be cleared/deinitialized.
   2409 *
   2410 * Arguments:
   2411 *	hw		device structure
   2412 * Returns:
   2413 *	0		success
   2414 *	>0		f/w reported error - f/w status code
   2415 *	<0		driver reported error
   2416 *
   2417 * Side effects:
   2418 *
   2419 * Call context:
   2420 *	process
   2421 *----------------------------------------------------------------
   2422 */
   2423int hfa384x_drvr_stop(struct hfa384x *hw)
   2424{
   2425	int i;
   2426
   2427	might_sleep();
   2428
   2429	/* There's no need for spinlocks here. The USB "disconnect"
   2430	 * function sets this "removed" flag and then calls us.
   2431	 */
   2432	if (!hw->wlandev->hwremoved) {
   2433		/* Call initialize to leave the MAC in its 'reset' state */
   2434		hfa384x_cmd_initialize(hw);
   2435
   2436		/* Cancel the rxurb */
   2437		usb_kill_urb(&hw->rx_urb);
   2438	}
   2439
   2440	hw->link_status = HFA384x_LINK_NOTCONNECTED;
   2441	hw->state = HFA384x_STATE_INIT;
   2442
   2443	del_timer_sync(&hw->commsqual_timer);
   2444
   2445	/* Clear all the port status */
   2446	for (i = 0; i < HFA384x_NUMPORTS_MAX; i++)
   2447		hw->port_enabled[i] = 0;
   2448
   2449	return 0;
   2450}
   2451
   2452/*----------------------------------------------------------------
   2453 * hfa384x_drvr_txframe
   2454 *
   2455 * Takes a frame from prism2sta and queues it for transmission.
   2456 *
   2457 * Arguments:
   2458 *	hw		device structure
   2459 *	skb		packet buffer struct.  Contains an 802.11
   2460 *			data frame.
   2461 *       p80211_hdr      points to the 802.11 header for the packet.
   2462 * Returns:
   2463 *	0		Success and more buffs available
   2464 *	1		Success but no more buffs
   2465 *	2		Allocation failure
   2466 *	4		Buffer full or queue busy
   2467 *
   2468 * Side effects:
   2469 *
   2470 * Call context:
   2471 *	interrupt
   2472 *----------------------------------------------------------------
   2473 */
   2474int hfa384x_drvr_txframe(struct hfa384x *hw, struct sk_buff *skb,
   2475			 struct p80211_hdr *p80211_hdr,
   2476			 struct p80211_metawep *p80211_wep)
   2477{
   2478	int usbpktlen = sizeof(struct hfa384x_tx_frame);
   2479	int result;
   2480	int ret;
   2481	char *ptr;
   2482
   2483	if (hw->tx_urb.status == -EINPROGRESS) {
   2484		netdev_warn(hw->wlandev->netdev, "TX URB already in use\n");
   2485		result = 3;
   2486		goto exit;
   2487	}
   2488
   2489	/* Build Tx frame structure */
   2490	/* Set up the control field */
   2491	memset(&hw->txbuff.txfrm.desc, 0, sizeof(hw->txbuff.txfrm.desc));
   2492
   2493	/* Setup the usb type field */
   2494	hw->txbuff.type = cpu_to_le16(HFA384x_USB_TXFRM);
   2495
   2496	/* Set up the sw_support field to identify this frame */
   2497	hw->txbuff.txfrm.desc.sw_support = 0x0123;
   2498
   2499/* Tx complete and Tx exception disable per dleach.  Might be causing
   2500 * buf depletion
   2501 */
   2502/* #define DOEXC  SLP -- doboth breaks horribly under load, doexc less so. */
   2503#if defined(DOBOTH)
   2504	hw->txbuff.txfrm.desc.tx_control =
   2505	    HFA384x_TX_MACPORT_SET(0) | HFA384x_TX_STRUCTYPE_SET(1) |
   2506	    HFA384x_TX_TXEX_SET(1) | HFA384x_TX_TXOK_SET(1);
   2507#elif defined(DOEXC)
   2508	hw->txbuff.txfrm.desc.tx_control =
   2509	    HFA384x_TX_MACPORT_SET(0) | HFA384x_TX_STRUCTYPE_SET(1) |
   2510	    HFA384x_TX_TXEX_SET(1) | HFA384x_TX_TXOK_SET(0);
   2511#else
   2512	hw->txbuff.txfrm.desc.tx_control =
   2513	    HFA384x_TX_MACPORT_SET(0) | HFA384x_TX_STRUCTYPE_SET(1) |
   2514	    HFA384x_TX_TXEX_SET(0) | HFA384x_TX_TXOK_SET(0);
   2515#endif
   2516	cpu_to_le16s(&hw->txbuff.txfrm.desc.tx_control);
   2517
   2518	/* copy the header over to the txdesc */
   2519	hw->txbuff.txfrm.desc.hdr = *p80211_hdr;
   2520
   2521	/* if we're using host WEP, increase size by IV+ICV */
   2522	if (p80211_wep->data) {
   2523		hw->txbuff.txfrm.desc.data_len = cpu_to_le16(skb->len + 8);
   2524		usbpktlen += 8;
   2525	} else {
   2526		hw->txbuff.txfrm.desc.data_len = cpu_to_le16(skb->len);
   2527	}
   2528
   2529	usbpktlen += skb->len;
   2530
   2531	/* copy over the WEP IV if we are using host WEP */
   2532	ptr = hw->txbuff.txfrm.data;
   2533	if (p80211_wep->data) {
   2534		memcpy(ptr, p80211_wep->iv, sizeof(p80211_wep->iv));
   2535		ptr += sizeof(p80211_wep->iv);
   2536		memcpy(ptr, p80211_wep->data, skb->len);
   2537	} else {
   2538		memcpy(ptr, skb->data, skb->len);
   2539	}
   2540	/* copy over the packet data */
   2541	ptr += skb->len;
   2542
   2543	/* copy over the WEP ICV if we are using host WEP */
   2544	if (p80211_wep->data)
   2545		memcpy(ptr, p80211_wep->icv, sizeof(p80211_wep->icv));
   2546
   2547	/* Send the USB packet */
   2548	usb_fill_bulk_urb(&hw->tx_urb, hw->usb,
   2549			  hw->endp_out,
   2550			  &hw->txbuff, ROUNDUP64(usbpktlen),
   2551			  hfa384x_usbout_callback, hw->wlandev);
   2552	hw->tx_urb.transfer_flags |= USB_QUEUE_BULK;
   2553
   2554	result = 1;
   2555	ret = submit_tx_urb(hw, &hw->tx_urb, GFP_ATOMIC);
   2556	if (ret != 0) {
   2557		netdev_err(hw->wlandev->netdev,
   2558			   "submit_tx_urb() failed, error=%d\n", ret);
   2559		result = 3;
   2560	}
   2561
   2562exit:
   2563	return result;
   2564}
   2565
   2566void hfa384x_tx_timeout(struct wlandevice *wlandev)
   2567{
   2568	struct hfa384x *hw = wlandev->priv;
   2569	unsigned long flags;
   2570
   2571	spin_lock_irqsave(&hw->ctlxq.lock, flags);
   2572
   2573	if (!hw->wlandev->hwremoved) {
   2574		int sched;
   2575
   2576		sched = !test_and_set_bit(WORK_TX_HALT, &hw->usb_flags);
   2577		sched |= !test_and_set_bit(WORK_RX_HALT, &hw->usb_flags);
   2578		if (sched)
   2579			schedule_work(&hw->usb_work);
   2580	}
   2581
   2582	spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
   2583}
   2584
   2585/*----------------------------------------------------------------
   2586 * hfa384x_usbctlx_reaper_task
   2587 *
   2588 * Deferred work callback to delete dead CTLX objects
   2589 *
   2590 * Arguments:
   2591 *	work	contains ptr to a struct hfa384x
   2592 *
   2593 * Returns:
   2594 *
   2595 * Call context:
   2596 *      Task
   2597 *----------------------------------------------------------------
   2598 */
   2599static void hfa384x_usbctlx_reaper_task(struct work_struct *work)
   2600{
   2601	struct hfa384x *hw = container_of(work, struct hfa384x, reaper_bh);
   2602	struct hfa384x_usbctlx *ctlx, *temp;
   2603	unsigned long flags;
   2604
   2605	spin_lock_irqsave(&hw->ctlxq.lock, flags);
   2606
   2607	/* This list is guaranteed to be empty if someone
   2608	 * has unplugged the adapter.
   2609	 */
   2610	list_for_each_entry_safe(ctlx, temp, &hw->ctlxq.reapable, list) {
   2611		list_del(&ctlx->list);
   2612		kfree(ctlx);
   2613	}
   2614
   2615	spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
   2616}
   2617
   2618/*----------------------------------------------------------------
   2619 * hfa384x_usbctlx_completion_task
   2620 *
   2621 * Deferred work callback to call completion handlers for returned CTLXs
   2622 *
   2623 * Arguments:
   2624 *	work	contains ptr to a struct hfa384x
   2625 *
   2626 * Returns:
   2627 *	Nothing
   2628 *
   2629 * Call context:
   2630 *      Task
   2631 *----------------------------------------------------------------
   2632 */
   2633static void hfa384x_usbctlx_completion_task(struct work_struct *work)
   2634{
   2635	struct hfa384x *hw = container_of(work, struct hfa384x, completion_bh);
   2636	struct hfa384x_usbctlx *ctlx, *temp;
   2637	unsigned long flags;
   2638
   2639	int reap = 0;
   2640
   2641	spin_lock_irqsave(&hw->ctlxq.lock, flags);
   2642
   2643	/* This list is guaranteed to be empty if someone
   2644	 * has unplugged the adapter ...
   2645	 */
   2646	list_for_each_entry_safe(ctlx, temp, &hw->ctlxq.completing, list) {
   2647		/* Call the completion function that this
   2648		 * command was assigned, assuming it has one.
   2649		 */
   2650		if (ctlx->cmdcb) {
   2651			spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
   2652			ctlx->cmdcb(hw, ctlx);
   2653			spin_lock_irqsave(&hw->ctlxq.lock, flags);
   2654
   2655			/* Make sure we don't try and complete
   2656			 * this CTLX more than once!
   2657			 */
   2658			ctlx->cmdcb = NULL;
   2659
   2660			/* Did someone yank the adapter out
   2661			 * while our list was (briefly) unlocked?
   2662			 */
   2663			if (hw->wlandev->hwremoved) {
   2664				reap = 0;
   2665				break;
   2666			}
   2667		}
   2668
   2669		/*
   2670		 * "Reapable" CTLXs are ones which don't have any
   2671		 * threads waiting for them to die. Hence they must
   2672		 * be delivered to The Reaper!
   2673		 */
   2674		if (ctlx->reapable) {
   2675			/* Move the CTLX off the "completing" list (hopefully)
   2676			 * on to the "reapable" list where the reaper task
   2677			 * can find it. And "reapable" means that this CTLX
   2678			 * isn't sitting on a wait-queue somewhere.
   2679			 */
   2680			list_move_tail(&ctlx->list, &hw->ctlxq.reapable);
   2681			reap = 1;
   2682		}
   2683
   2684		complete(&ctlx->done);
   2685	}
   2686	spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
   2687
   2688	if (reap)
   2689		schedule_work(&hw->reaper_bh);
   2690}
   2691
   2692/*----------------------------------------------------------------
   2693 * unlocked_usbctlx_cancel_async
   2694 *
   2695 * Mark the CTLX dead asynchronously, and ensure that the
   2696 * next command on the queue is run afterwards.
   2697 *
   2698 * Arguments:
   2699 *	hw	ptr to the struct hfa384x structure
   2700 *	ctlx	ptr to a CTLX structure
   2701 *
   2702 * Returns:
   2703 *	0	the CTLX's URB is inactive
   2704 * -EINPROGRESS	the URB is currently being unlinked
   2705 *
   2706 * Call context:
   2707 *	Either process or interrupt, but presumably interrupt
   2708 *----------------------------------------------------------------
   2709 */
   2710static int unlocked_usbctlx_cancel_async(struct hfa384x *hw,
   2711					 struct hfa384x_usbctlx *ctlx)
   2712{
   2713	int ret;
   2714
   2715	/*
   2716	 * Try to delete the URB containing our request packet.
   2717	 * If we succeed, then its completion handler will be
   2718	 * called with a status of -ECONNRESET.
   2719	 */
   2720	hw->ctlx_urb.transfer_flags |= URB_ASYNC_UNLINK;
   2721	ret = usb_unlink_urb(&hw->ctlx_urb);
   2722
   2723	if (ret != -EINPROGRESS) {
   2724		/*
   2725		 * The OUT URB had either already completed
   2726		 * or was still in the pending queue, so the
   2727		 * URB's completion function will not be called.
   2728		 * We will have to complete the CTLX ourselves.
   2729		 */
   2730		ctlx->state = CTLX_REQ_FAILED;
   2731		unlocked_usbctlx_complete(hw, ctlx);
   2732		ret = 0;
   2733	}
   2734
   2735	return ret;
   2736}
   2737
   2738/*----------------------------------------------------------------
   2739 * unlocked_usbctlx_complete
   2740 *
   2741 * A CTLX has completed.  It may have been successful, it may not
   2742 * have been. At this point, the CTLX should be quiescent.  The URBs
   2743 * aren't active and the timers should have been stopped.
   2744 *
   2745 * The CTLX is migrated to the "completing" queue, and the completing
   2746 * work is scheduled.
   2747 *
   2748 * Arguments:
   2749 *	hw		ptr to a struct hfa384x structure
   2750 *	ctlx		ptr to a ctlx structure
   2751 *
   2752 * Returns:
   2753 *	nothing
   2754 *
   2755 * Side effects:
   2756 *
   2757 * Call context:
   2758 *	Either, assume interrupt
   2759 *----------------------------------------------------------------
   2760 */
   2761static void unlocked_usbctlx_complete(struct hfa384x *hw,
   2762				      struct hfa384x_usbctlx *ctlx)
   2763{
   2764	/* Timers have been stopped, and ctlx should be in
   2765	 * a terminal state. Retire it from the "active"
   2766	 * queue.
   2767	 */
   2768	list_move_tail(&ctlx->list, &hw->ctlxq.completing);
   2769	schedule_work(&hw->completion_bh);
   2770
   2771	switch (ctlx->state) {
   2772	case CTLX_COMPLETE:
   2773	case CTLX_REQ_FAILED:
   2774		/* This are the correct terminating states. */
   2775		break;
   2776
   2777	default:
   2778		netdev_err(hw->wlandev->netdev, "CTLX[%d] not in a terminating state(%s)\n",
   2779			   le16_to_cpu(ctlx->outbuf.type),
   2780			   ctlxstr(ctlx->state));
   2781		break;
   2782	}			/* switch */
   2783}
   2784
   2785/*----------------------------------------------------------------
   2786 * hfa384x_usbctlxq_run
   2787 *
   2788 * Checks to see if the head item is running.  If not, starts it.
   2789 *
   2790 * Arguments:
   2791 *	hw	ptr to struct hfa384x
   2792 *
   2793 * Returns:
   2794 *	nothing
   2795 *
   2796 * Side effects:
   2797 *
   2798 * Call context:
   2799 *	any
   2800 *----------------------------------------------------------------
   2801 */
   2802static void hfa384x_usbctlxq_run(struct hfa384x *hw)
   2803{
   2804	unsigned long flags;
   2805
   2806	/* acquire lock */
   2807	spin_lock_irqsave(&hw->ctlxq.lock, flags);
   2808
   2809	/* Only one active CTLX at any one time, because there's no
   2810	 * other (reliable) way to match the response URB to the
   2811	 * correct CTLX.
   2812	 *
   2813	 * Don't touch any of these CTLXs if the hardware
   2814	 * has been removed or the USB subsystem is stalled.
   2815	 */
   2816	if (!list_empty(&hw->ctlxq.active) ||
   2817	    test_bit(WORK_TX_HALT, &hw->usb_flags) || hw->wlandev->hwremoved)
   2818		goto unlock;
   2819
   2820	while (!list_empty(&hw->ctlxq.pending)) {
   2821		struct hfa384x_usbctlx *head;
   2822		int result;
   2823
   2824		/* This is the first pending command */
   2825		head = list_entry(hw->ctlxq.pending.next,
   2826				  struct hfa384x_usbctlx, list);
   2827
   2828		/* We need to split this off to avoid a race condition */
   2829		list_move_tail(&head->list, &hw->ctlxq.active);
   2830
   2831		/* Fill the out packet */
   2832		usb_fill_bulk_urb(&hw->ctlx_urb, hw->usb,
   2833				  hw->endp_out,
   2834				  &head->outbuf, ROUNDUP64(head->outbufsize),
   2835				  hfa384x_ctlxout_callback, hw);
   2836		hw->ctlx_urb.transfer_flags |= USB_QUEUE_BULK;
   2837
   2838		/* Now submit the URB and update the CTLX's state */
   2839		result = usb_submit_urb(&hw->ctlx_urb, GFP_ATOMIC);
   2840		if (result == 0) {
   2841			/* This CTLX is now running on the active queue */
   2842			head->state = CTLX_REQ_SUBMITTED;
   2843
   2844			/* Start the OUT wait timer */
   2845			hw->req_timer_done = 0;
   2846			hw->reqtimer.expires = jiffies + HZ;
   2847			add_timer(&hw->reqtimer);
   2848
   2849			/* Start the IN wait timer */
   2850			hw->resp_timer_done = 0;
   2851			hw->resptimer.expires = jiffies + 2 * HZ;
   2852			add_timer(&hw->resptimer);
   2853
   2854			break;
   2855		}
   2856
   2857		if (result == -EPIPE) {
   2858			/* The OUT pipe needs resetting, so put
   2859			 * this CTLX back in the "pending" queue
   2860			 * and schedule a reset ...
   2861			 */
   2862			netdev_warn(hw->wlandev->netdev,
   2863				    "%s tx pipe stalled: requesting reset\n",
   2864				    hw->wlandev->netdev->name);
   2865			list_move(&head->list, &hw->ctlxq.pending);
   2866			set_bit(WORK_TX_HALT, &hw->usb_flags);
   2867			schedule_work(&hw->usb_work);
   2868			break;
   2869		}
   2870
   2871		if (result == -ESHUTDOWN) {
   2872			netdev_warn(hw->wlandev->netdev, "%s urb shutdown!\n",
   2873				    hw->wlandev->netdev->name);
   2874			break;
   2875		}
   2876
   2877		netdev_err(hw->wlandev->netdev, "Failed to submit CTLX[%d]: error=%d\n",
   2878			   le16_to_cpu(head->outbuf.type), result);
   2879		unlocked_usbctlx_complete(hw, head);
   2880	}			/* while */
   2881
   2882unlock:
   2883	spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
   2884}
   2885
   2886/*----------------------------------------------------------------
   2887 * hfa384x_usbin_callback
   2888 *
   2889 * Callback for URBs on the BULKIN endpoint.
   2890 *
   2891 * Arguments:
   2892 *	urb		ptr to the completed urb
   2893 *
   2894 * Returns:
   2895 *	nothing
   2896 *
   2897 * Side effects:
   2898 *
   2899 * Call context:
   2900 *	interrupt
   2901 *----------------------------------------------------------------
   2902 */
   2903static void hfa384x_usbin_callback(struct urb *urb)
   2904{
   2905	struct wlandevice *wlandev = urb->context;
   2906	struct hfa384x *hw;
   2907	union hfa384x_usbin *usbin;
   2908	struct sk_buff *skb = NULL;
   2909	int result;
   2910	int urb_status;
   2911	u16 type;
   2912
   2913	enum USBIN_ACTION {
   2914		HANDLE,
   2915		RESUBMIT,
   2916		ABORT
   2917	} action;
   2918
   2919	if (!wlandev || !wlandev->netdev || wlandev->hwremoved)
   2920		goto exit;
   2921
   2922	hw = wlandev->priv;
   2923	if (!hw)
   2924		goto exit;
   2925
   2926	skb = hw->rx_urb_skb;
   2927	if (!skb || (skb->data != urb->transfer_buffer)) {
   2928		WARN_ON(1);
   2929		return;
   2930	}
   2931
   2932	hw->rx_urb_skb = NULL;
   2933
   2934	/* Check for error conditions within the URB */
   2935	switch (urb->status) {
   2936	case 0:
   2937		action = HANDLE;
   2938
   2939		/* Check for short packet */
   2940		if (urb->actual_length == 0) {
   2941			wlandev->netdev->stats.rx_errors++;
   2942			wlandev->netdev->stats.rx_length_errors++;
   2943			action = RESUBMIT;
   2944		}
   2945		break;
   2946
   2947	case -EPIPE:
   2948		netdev_warn(hw->wlandev->netdev, "%s rx pipe stalled: requesting reset\n",
   2949			    wlandev->netdev->name);
   2950		if (!test_and_set_bit(WORK_RX_HALT, &hw->usb_flags))
   2951			schedule_work(&hw->usb_work);
   2952		wlandev->netdev->stats.rx_errors++;
   2953		action = ABORT;
   2954		break;
   2955
   2956	case -EILSEQ:
   2957	case -ETIMEDOUT:
   2958	case -EPROTO:
   2959		if (!test_and_set_bit(THROTTLE_RX, &hw->usb_flags) &&
   2960		    !timer_pending(&hw->throttle)) {
   2961			mod_timer(&hw->throttle, jiffies + THROTTLE_JIFFIES);
   2962		}
   2963		wlandev->netdev->stats.rx_errors++;
   2964		action = ABORT;
   2965		break;
   2966
   2967	case -EOVERFLOW:
   2968		wlandev->netdev->stats.rx_over_errors++;
   2969		action = RESUBMIT;
   2970		break;
   2971
   2972	case -ENODEV:
   2973	case -ESHUTDOWN:
   2974		pr_debug("status=%d, device removed.\n", urb->status);
   2975		action = ABORT;
   2976		break;
   2977
   2978	case -ENOENT:
   2979	case -ECONNRESET:
   2980		pr_debug("status=%d, urb explicitly unlinked.\n", urb->status);
   2981		action = ABORT;
   2982		break;
   2983
   2984	default:
   2985		pr_debug("urb status=%d, transfer flags=0x%x\n",
   2986			 urb->status, urb->transfer_flags);
   2987		wlandev->netdev->stats.rx_errors++;
   2988		action = RESUBMIT;
   2989		break;
   2990	}
   2991
   2992	/* Save values from the RX URB before reposting overwrites it. */
   2993	urb_status = urb->status;
   2994	usbin = (union hfa384x_usbin *)urb->transfer_buffer;
   2995
   2996	if (action != ABORT) {
   2997		/* Repost the RX URB */
   2998		result = submit_rx_urb(hw, GFP_ATOMIC);
   2999
   3000		if (result != 0) {
   3001			netdev_err(hw->wlandev->netdev,
   3002				   "Fatal, failed to resubmit rx_urb. error=%d\n",
   3003				   result);
   3004		}
   3005	}
   3006
   3007	/* Handle any USB-IN packet */
   3008	/* Note: the check of the sw_support field, the type field doesn't
   3009	 *       have bit 12 set like the docs suggest.
   3010	 */
   3011	type = le16_to_cpu(usbin->type);
   3012	if (HFA384x_USB_ISRXFRM(type)) {
   3013		if (action == HANDLE) {
   3014			if (usbin->txfrm.desc.sw_support == 0x0123) {
   3015				hfa384x_usbin_txcompl(wlandev, usbin);
   3016			} else {
   3017				skb_put(skb, sizeof(*usbin));
   3018				hfa384x_usbin_rx(wlandev, skb);
   3019				skb = NULL;
   3020			}
   3021		}
   3022		goto exit;
   3023	}
   3024	if (HFA384x_USB_ISTXFRM(type)) {
   3025		if (action == HANDLE)
   3026			hfa384x_usbin_txcompl(wlandev, usbin);
   3027		goto exit;
   3028	}
   3029	switch (type) {
   3030	case HFA384x_USB_INFOFRM:
   3031		if (action == ABORT)
   3032			goto exit;
   3033		if (action == HANDLE)
   3034			hfa384x_usbin_info(wlandev, usbin);
   3035		break;
   3036
   3037	case HFA384x_USB_CMDRESP:
   3038	case HFA384x_USB_WRIDRESP:
   3039	case HFA384x_USB_RRIDRESP:
   3040	case HFA384x_USB_WMEMRESP:
   3041	case HFA384x_USB_RMEMRESP:
   3042		/* ALWAYS, ALWAYS, ALWAYS handle this CTLX!!!! */
   3043		hfa384x_usbin_ctlx(hw, usbin, urb_status);
   3044		break;
   3045
   3046	case HFA384x_USB_BUFAVAIL:
   3047		pr_debug("Received BUFAVAIL packet, frmlen=%d\n",
   3048			 usbin->bufavail.frmlen);
   3049		break;
   3050
   3051	case HFA384x_USB_ERROR:
   3052		pr_debug("Received USB_ERROR packet, errortype=%d\n",
   3053			 usbin->usberror.errortype);
   3054		break;
   3055
   3056	default:
   3057		pr_debug("Unrecognized USBIN packet, type=%x, status=%d\n",
   3058			 usbin->type, urb_status);
   3059		break;
   3060	}			/* switch */
   3061
   3062exit:
   3063
   3064	if (skb)
   3065		dev_kfree_skb(skb);
   3066}
   3067
   3068/*----------------------------------------------------------------
   3069 * hfa384x_usbin_ctlx
   3070 *
   3071 * We've received a URB containing a Prism2 "response" message.
   3072 * This message needs to be matched up with a CTLX on the active
   3073 * queue and our state updated accordingly.
   3074 *
   3075 * Arguments:
   3076 *	hw		ptr to struct hfa384x
   3077 *	usbin		ptr to USB IN packet
   3078 *	urb_status	status of this Bulk-In URB
   3079 *
   3080 * Returns:
   3081 *	nothing
   3082 *
   3083 * Side effects:
   3084 *
   3085 * Call context:
   3086 *	interrupt
   3087 *----------------------------------------------------------------
   3088 */
   3089static void hfa384x_usbin_ctlx(struct hfa384x *hw, union hfa384x_usbin *usbin,
   3090			       int urb_status)
   3091{
   3092	struct hfa384x_usbctlx *ctlx;
   3093	int run_queue = 0;
   3094	unsigned long flags;
   3095
   3096retry:
   3097	spin_lock_irqsave(&hw->ctlxq.lock, flags);
   3098
   3099	/* There can be only one CTLX on the active queue
   3100	 * at any one time, and this is the CTLX that the
   3101	 * timers are waiting for.
   3102	 */
   3103	if (list_empty(&hw->ctlxq.active))
   3104		goto unlock;
   3105
   3106	/* Remove the "response timeout". It's possible that
   3107	 * we are already too late, and that the timeout is
   3108	 * already running. And that's just too bad for us,
   3109	 * because we could lose our CTLX from the active
   3110	 * queue here ...
   3111	 */
   3112	if (del_timer(&hw->resptimer) == 0) {
   3113		if (hw->resp_timer_done == 0) {
   3114			spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
   3115			goto retry;
   3116		}
   3117	} else {
   3118		hw->resp_timer_done = 1;
   3119	}
   3120
   3121	ctlx = get_active_ctlx(hw);
   3122
   3123	if (urb_status != 0) {
   3124		/*
   3125		 * Bad CTLX, so get rid of it. But we only
   3126		 * remove it from the active queue if we're no
   3127		 * longer expecting the OUT URB to complete.
   3128		 */
   3129		if (unlocked_usbctlx_cancel_async(hw, ctlx) == 0)
   3130			run_queue = 1;
   3131	} else {
   3132		const __le16 intype = (usbin->type & ~cpu_to_le16(0x8000));
   3133
   3134		/*
   3135		 * Check that our message is what we're expecting ...
   3136		 */
   3137		if (ctlx->outbuf.type != intype) {
   3138			netdev_warn(hw->wlandev->netdev,
   3139				    "Expected IN[%d], received IN[%d] - ignored.\n",
   3140				    le16_to_cpu(ctlx->outbuf.type),
   3141				    le16_to_cpu(intype));
   3142			goto unlock;
   3143		}
   3144
   3145		/* This URB has succeeded, so grab the data ... */
   3146		memcpy(&ctlx->inbuf, usbin, sizeof(ctlx->inbuf));
   3147
   3148		switch (ctlx->state) {
   3149		case CTLX_REQ_SUBMITTED:
   3150			/*
   3151			 * We have received our response URB before
   3152			 * our request has been acknowledged. Odd,
   3153			 * but our OUT URB is still alive...
   3154			 */
   3155			pr_debug("Causality violation: please reboot Universe\n");
   3156			ctlx->state = CTLX_RESP_COMPLETE;
   3157			break;
   3158
   3159		case CTLX_REQ_COMPLETE:
   3160			/*
   3161			 * This is the usual path: our request
   3162			 * has already been acknowledged, and
   3163			 * now we have received the reply too.
   3164			 */
   3165			ctlx->state = CTLX_COMPLETE;
   3166			unlocked_usbctlx_complete(hw, ctlx);
   3167			run_queue = 1;
   3168			break;
   3169
   3170		default:
   3171			/*
   3172			 * Throw this CTLX away ...
   3173			 */
   3174			netdev_err(hw->wlandev->netdev,
   3175				   "Matched IN URB, CTLX[%d] in invalid state(%s). Discarded.\n",
   3176				   le16_to_cpu(ctlx->outbuf.type),
   3177				   ctlxstr(ctlx->state));
   3178			if (unlocked_usbctlx_cancel_async(hw, ctlx) == 0)
   3179				run_queue = 1;
   3180			break;
   3181		}		/* switch */
   3182	}
   3183
   3184unlock:
   3185	spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
   3186
   3187	if (run_queue)
   3188		hfa384x_usbctlxq_run(hw);
   3189}
   3190
   3191/*----------------------------------------------------------------
   3192 * hfa384x_usbin_txcompl
   3193 *
   3194 * At this point we have the results of a previous transmit.
   3195 *
   3196 * Arguments:
   3197 *	wlandev		wlan device
   3198 *	usbin		ptr to the usb transfer buffer
   3199 *
   3200 * Returns:
   3201 *	nothing
   3202 *
   3203 * Side effects:
   3204 *
   3205 * Call context:
   3206 *	interrupt
   3207 *----------------------------------------------------------------
   3208 */
   3209static void hfa384x_usbin_txcompl(struct wlandevice *wlandev,
   3210				  union hfa384x_usbin *usbin)
   3211{
   3212	u16 status;
   3213
   3214	status = le16_to_cpu(usbin->type); /* yeah I know it says type... */
   3215
   3216	/* Was there an error? */
   3217	if (HFA384x_TXSTATUS_ISERROR(status))
   3218		prism2sta_ev_txexc(wlandev, status);
   3219	else
   3220		prism2sta_ev_tx(wlandev, status);
   3221}
   3222
   3223/*----------------------------------------------------------------
   3224 * hfa384x_usbin_rx
   3225 *
   3226 * At this point we have a successful received a rx frame packet.
   3227 *
   3228 * Arguments:
   3229 *	wlandev		wlan device
   3230 *	usbin		ptr to the usb transfer buffer
   3231 *
   3232 * Returns:
   3233 *	nothing
   3234 *
   3235 * Side effects:
   3236 *
   3237 * Call context:
   3238 *	interrupt
   3239 *----------------------------------------------------------------
   3240 */
   3241static void hfa384x_usbin_rx(struct wlandevice *wlandev, struct sk_buff *skb)
   3242{
   3243	union hfa384x_usbin *usbin = (union hfa384x_usbin *)skb->data;
   3244	struct hfa384x *hw = wlandev->priv;
   3245	int hdrlen;
   3246	struct p80211_rxmeta *rxmeta;
   3247	u16 data_len;
   3248	u16 fc;
   3249	u16 status;
   3250
   3251	/* Byte order convert once up front. */
   3252	le16_to_cpus(&usbin->rxfrm.desc.status);
   3253	le32_to_cpus(&usbin->rxfrm.desc.time);
   3254
   3255	/* Now handle frame based on port# */
   3256	status = HFA384x_RXSTATUS_MACPORT_GET(usbin->rxfrm.desc.status);
   3257
   3258	switch (status) {
   3259	case 0:
   3260		fc = le16_to_cpu(usbin->rxfrm.desc.hdr.frame_control);
   3261
   3262		/* If exclude and we receive an unencrypted, drop it */
   3263		if ((wlandev->hostwep & HOSTWEP_EXCLUDEUNENCRYPTED) &&
   3264		    !WLAN_GET_FC_ISWEP(fc)) {
   3265			break;
   3266		}
   3267
   3268		data_len = le16_to_cpu(usbin->rxfrm.desc.data_len);
   3269
   3270		/* How much header data do we have? */
   3271		hdrlen = p80211_headerlen(fc);
   3272
   3273		/* Pull off the descriptor */
   3274		skb_pull(skb, sizeof(struct hfa384x_rx_frame));
   3275
   3276		/* Now shunt the header block up against the data block
   3277		 * with an "overlapping" copy
   3278		 */
   3279		memmove(skb_push(skb, hdrlen),
   3280			&usbin->rxfrm.desc.hdr, hdrlen);
   3281
   3282		skb->dev = wlandev->netdev;
   3283
   3284		/* And set the frame length properly */
   3285		skb_trim(skb, data_len + hdrlen);
   3286
   3287		/* The prism2 series does not return the CRC */
   3288		memset(skb_put(skb, WLAN_CRC_LEN), 0xff, WLAN_CRC_LEN);
   3289
   3290		skb_reset_mac_header(skb);
   3291
   3292		/* Attach the rxmeta, set some stuff */
   3293		p80211skb_rxmeta_attach(wlandev, skb);
   3294		rxmeta = p80211skb_rxmeta(skb);
   3295		rxmeta->mactime = usbin->rxfrm.desc.time;
   3296		rxmeta->rxrate = usbin->rxfrm.desc.rate;
   3297		rxmeta->signal = usbin->rxfrm.desc.signal - hw->dbmadjust;
   3298		rxmeta->noise = usbin->rxfrm.desc.silence - hw->dbmadjust;
   3299
   3300		p80211netdev_rx(wlandev, skb);
   3301
   3302		break;
   3303
   3304	case 7:
   3305		if (!HFA384x_RXSTATUS_ISFCSERR(usbin->rxfrm.desc.status)) {
   3306			/* Copy to wlansnif skb */
   3307			hfa384x_int_rxmonitor(wlandev, &usbin->rxfrm);
   3308			dev_kfree_skb(skb);
   3309		} else {
   3310			pr_debug("Received monitor frame: FCSerr set\n");
   3311		}
   3312		break;
   3313
   3314	default:
   3315		netdev_warn(hw->wlandev->netdev,
   3316			    "Received frame on unsupported port=%d\n",
   3317			    status);
   3318		break;
   3319	}
   3320}
   3321
   3322/*----------------------------------------------------------------
   3323 * hfa384x_int_rxmonitor
   3324 *
   3325 * Helper function for int_rx.  Handles monitor frames.
   3326 * Note that this function allocates space for the FCS and sets it
   3327 * to 0xffffffff.  The hfa384x doesn't give us the FCS value but the
   3328 * higher layers expect it.  0xffffffff is used as a flag to indicate
   3329 * the FCS is bogus.
   3330 *
   3331 * Arguments:
   3332 *	wlandev		wlan device structure
   3333 *	rxfrm		rx descriptor read from card in int_rx
   3334 *
   3335 * Returns:
   3336 *	nothing
   3337 *
   3338 * Side effects:
   3339 *	Allocates an skb and passes it up via the PF_PACKET interface.
   3340 * Call context:
   3341 *	interrupt
   3342 *----------------------------------------------------------------
   3343 */
   3344static void hfa384x_int_rxmonitor(struct wlandevice *wlandev,
   3345				  struct hfa384x_usb_rxfrm *rxfrm)
   3346{
   3347	struct hfa384x_rx_frame *rxdesc = &rxfrm->desc;
   3348	unsigned int hdrlen = 0;
   3349	unsigned int datalen = 0;
   3350	unsigned int skblen = 0;
   3351	u8 *datap;
   3352	u16 fc;
   3353	struct sk_buff *skb;
   3354	struct hfa384x *hw = wlandev->priv;
   3355
   3356	/* Remember the status, time, and data_len fields are in host order */
   3357	/* Figure out how big the frame is */
   3358	fc = le16_to_cpu(rxdesc->hdr.frame_control);
   3359	hdrlen = p80211_headerlen(fc);
   3360	datalen = le16_to_cpu(rxdesc->data_len);
   3361
   3362	/* Allocate an ind message+framesize skb */
   3363	skblen = sizeof(struct p80211_caphdr) + hdrlen + datalen + WLAN_CRC_LEN;
   3364
   3365	/* sanity check the length */
   3366	if (skblen >
   3367	    (sizeof(struct p80211_caphdr) +
   3368	     WLAN_HDR_A4_LEN + WLAN_DATA_MAXLEN + WLAN_CRC_LEN)) {
   3369		pr_debug("overlen frm: len=%zd\n",
   3370			 skblen - sizeof(struct p80211_caphdr));
   3371
   3372		return;
   3373	}
   3374
   3375	skb = dev_alloc_skb(skblen);
   3376	if (!skb)
   3377		return;
   3378
   3379	/* only prepend the prism header if in the right mode */
   3380	if ((wlandev->netdev->type == ARPHRD_IEEE80211_PRISM) &&
   3381	    (hw->sniffhdr != 0)) {
   3382		struct p80211_caphdr *caphdr;
   3383		/* The NEW header format! */
   3384		datap = skb_put(skb, sizeof(struct p80211_caphdr));
   3385		caphdr = (struct p80211_caphdr *)datap;
   3386
   3387		caphdr->version = htonl(P80211CAPTURE_VERSION);
   3388		caphdr->length = htonl(sizeof(struct p80211_caphdr));
   3389		caphdr->mactime = __cpu_to_be64(rxdesc->time * 1000);
   3390		caphdr->hosttime = __cpu_to_be64(jiffies);
   3391		caphdr->phytype = htonl(4);	/* dss_dot11_b */
   3392		caphdr->channel = htonl(hw->sniff_channel);
   3393		caphdr->datarate = htonl(rxdesc->rate);
   3394		caphdr->antenna = htonl(0);	/* unknown */
   3395		caphdr->priority = htonl(0);	/* unknown */
   3396		caphdr->ssi_type = htonl(3);	/* rssi_raw */
   3397		caphdr->ssi_signal = htonl(rxdesc->signal);
   3398		caphdr->ssi_noise = htonl(rxdesc->silence);
   3399		caphdr->preamble = htonl(0);	/* unknown */
   3400		caphdr->encoding = htonl(1);	/* cck */
   3401	}
   3402
   3403	/* Copy the 802.11 header to the skb
   3404	 * (ctl frames may be less than a full header)
   3405	 */
   3406	skb_put_data(skb, &rxdesc->hdr.frame_control, hdrlen);
   3407
   3408	/* If any, copy the data from the card to the skb */
   3409	if (datalen > 0) {
   3410		datap = skb_put_data(skb, rxfrm->data, datalen);
   3411
   3412		/* check for unencrypted stuff if WEP bit set. */
   3413		if (*(datap - hdrlen + 1) & 0x40)	/* wep set */
   3414			if ((*(datap) == 0xaa) && (*(datap + 1) == 0xaa))
   3415				/* clear wep; it's the 802.2 header! */
   3416				*(datap - hdrlen + 1) &= 0xbf;
   3417	}
   3418
   3419	if (hw->sniff_fcs) {
   3420		/* Set the FCS */
   3421		datap = skb_put(skb, WLAN_CRC_LEN);
   3422		memset(datap, 0xff, WLAN_CRC_LEN);
   3423	}
   3424
   3425	/* pass it back up */
   3426	p80211netdev_rx(wlandev, skb);
   3427}
   3428
   3429/*----------------------------------------------------------------
   3430 * hfa384x_usbin_info
   3431 *
   3432 * At this point we have a successful received a Prism2 info frame.
   3433 *
   3434 * Arguments:
   3435 *	wlandev		wlan device
   3436 *	usbin		ptr to the usb transfer buffer
   3437 *
   3438 * Returns:
   3439 *	nothing
   3440 *
   3441 * Side effects:
   3442 *
   3443 * Call context:
   3444 *	interrupt
   3445 *----------------------------------------------------------------
   3446 */
   3447static void hfa384x_usbin_info(struct wlandevice *wlandev,
   3448			       union hfa384x_usbin *usbin)
   3449{
   3450	le16_to_cpus(&usbin->infofrm.info.framelen);
   3451	prism2sta_ev_info(wlandev, &usbin->infofrm.info);
   3452}
   3453
   3454/*----------------------------------------------------------------
   3455 * hfa384x_usbout_callback
   3456 *
   3457 * Callback for URBs on the BULKOUT endpoint.
   3458 *
   3459 * Arguments:
   3460 *	urb		ptr to the completed urb
   3461 *
   3462 * Returns:
   3463 *	nothing
   3464 *
   3465 * Side effects:
   3466 *
   3467 * Call context:
   3468 *	interrupt
   3469 *----------------------------------------------------------------
   3470 */
   3471static void hfa384x_usbout_callback(struct urb *urb)
   3472{
   3473	struct wlandevice *wlandev = urb->context;
   3474
   3475#ifdef DEBUG_USB
   3476	dbprint_urb(urb);
   3477#endif
   3478
   3479	if (wlandev && wlandev->netdev) {
   3480		switch (urb->status) {
   3481		case 0:
   3482			prism2sta_ev_alloc(wlandev);
   3483			break;
   3484
   3485		case -EPIPE: {
   3486			struct hfa384x *hw = wlandev->priv;
   3487
   3488			netdev_warn(hw->wlandev->netdev,
   3489				    "%s tx pipe stalled: requesting reset\n",
   3490				    wlandev->netdev->name);
   3491			if (!test_and_set_bit(WORK_TX_HALT, &hw->usb_flags))
   3492				schedule_work(&hw->usb_work);
   3493			wlandev->netdev->stats.tx_errors++;
   3494			break;
   3495		}
   3496
   3497		case -EPROTO:
   3498		case -ETIMEDOUT:
   3499		case -EILSEQ: {
   3500			struct hfa384x *hw = wlandev->priv;
   3501
   3502			if (!test_and_set_bit(THROTTLE_TX, &hw->usb_flags) &&
   3503			    !timer_pending(&hw->throttle)) {
   3504				mod_timer(&hw->throttle,
   3505					  jiffies + THROTTLE_JIFFIES);
   3506			}
   3507			wlandev->netdev->stats.tx_errors++;
   3508			netif_stop_queue(wlandev->netdev);
   3509			break;
   3510		}
   3511
   3512		case -ENOENT:
   3513		case -ESHUTDOWN:
   3514			/* Ignorable errors */
   3515			break;
   3516
   3517		default:
   3518			netdev_info(wlandev->netdev, "unknown urb->status=%d\n",
   3519				    urb->status);
   3520			wlandev->netdev->stats.tx_errors++;
   3521			break;
   3522		}		/* switch */
   3523	}
   3524}
   3525
   3526/*----------------------------------------------------------------
   3527 * hfa384x_ctlxout_callback
   3528 *
   3529 * Callback for control data on the BULKOUT endpoint.
   3530 *
   3531 * Arguments:
   3532 *	urb		ptr to the completed urb
   3533 *
   3534 * Returns:
   3535 * nothing
   3536 *
   3537 * Side effects:
   3538 *
   3539 * Call context:
   3540 * interrupt
   3541 *----------------------------------------------------------------
   3542 */
   3543static void hfa384x_ctlxout_callback(struct urb *urb)
   3544{
   3545	struct hfa384x *hw = urb->context;
   3546	int delete_resptimer = 0;
   3547	int timer_ok = 1;
   3548	int run_queue = 0;
   3549	struct hfa384x_usbctlx *ctlx;
   3550	unsigned long flags;
   3551
   3552	pr_debug("urb->status=%d\n", urb->status);
   3553#ifdef DEBUG_USB
   3554	dbprint_urb(urb);
   3555#endif
   3556	if ((urb->status == -ESHUTDOWN) ||
   3557	    (urb->status == -ENODEV) || !hw)
   3558		return;
   3559
   3560retry:
   3561	spin_lock_irqsave(&hw->ctlxq.lock, flags);
   3562
   3563	/*
   3564	 * Only one CTLX at a time on the "active" list, and
   3565	 * none at all if we are unplugged. However, we can
   3566	 * rely on the disconnect function to clean everything
   3567	 * up if someone unplugged the adapter.
   3568	 */
   3569	if (list_empty(&hw->ctlxq.active)) {
   3570		spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
   3571		return;
   3572	}
   3573
   3574	/*
   3575	 * Having something on the "active" queue means
   3576	 * that we have timers to worry about ...
   3577	 */
   3578	if (del_timer(&hw->reqtimer) == 0) {
   3579		if (hw->req_timer_done == 0) {
   3580			/*
   3581			 * This timer was actually running while we
   3582			 * were trying to delete it. Let it terminate
   3583			 * gracefully instead.
   3584			 */
   3585			spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
   3586			goto retry;
   3587		}
   3588	} else {
   3589		hw->req_timer_done = 1;
   3590	}
   3591
   3592	ctlx = get_active_ctlx(hw);
   3593
   3594	if (urb->status == 0) {
   3595		/* Request portion of a CTLX is successful */
   3596		switch (ctlx->state) {
   3597		case CTLX_REQ_SUBMITTED:
   3598			/* This OUT-ACK received before IN */
   3599			ctlx->state = CTLX_REQ_COMPLETE;
   3600			break;
   3601
   3602		case CTLX_RESP_COMPLETE:
   3603			/* IN already received before this OUT-ACK,
   3604			 * so this command must now be complete.
   3605			 */
   3606			ctlx->state = CTLX_COMPLETE;
   3607			unlocked_usbctlx_complete(hw, ctlx);
   3608			run_queue = 1;
   3609			break;
   3610
   3611		default:
   3612			/* This is NOT a valid CTLX "success" state! */
   3613			netdev_err(hw->wlandev->netdev,
   3614				   "Illegal CTLX[%d] success state(%s, %d) in OUT URB\n",
   3615				   le16_to_cpu(ctlx->outbuf.type),
   3616				   ctlxstr(ctlx->state), urb->status);
   3617			break;
   3618		}		/* switch */
   3619	} else {
   3620		/* If the pipe has stalled then we need to reset it */
   3621		if ((urb->status == -EPIPE) &&
   3622		    !test_and_set_bit(WORK_TX_HALT, &hw->usb_flags)) {
   3623			netdev_warn(hw->wlandev->netdev,
   3624				    "%s tx pipe stalled: requesting reset\n",
   3625				    hw->wlandev->netdev->name);
   3626			schedule_work(&hw->usb_work);
   3627		}
   3628
   3629		/* If someone cancels the OUT URB then its status
   3630		 * should be either -ECONNRESET or -ENOENT.
   3631		 */
   3632		ctlx->state = CTLX_REQ_FAILED;
   3633		unlocked_usbctlx_complete(hw, ctlx);
   3634		delete_resptimer = 1;
   3635		run_queue = 1;
   3636	}
   3637
   3638delresp:
   3639	if (delete_resptimer) {
   3640		timer_ok = del_timer(&hw->resptimer);
   3641		if (timer_ok != 0)
   3642			hw->resp_timer_done = 1;
   3643	}
   3644
   3645	spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
   3646
   3647	if (!timer_ok && (hw->resp_timer_done == 0)) {
   3648		spin_lock_irqsave(&hw->ctlxq.lock, flags);
   3649		goto delresp;
   3650	}
   3651
   3652	if (run_queue)
   3653		hfa384x_usbctlxq_run(hw);
   3654}
   3655
   3656/*----------------------------------------------------------------
   3657 * hfa384x_usbctlx_reqtimerfn
   3658 *
   3659 * Timer response function for CTLX request timeouts.  If this
   3660 * function is called, it means that the callback for the OUT
   3661 * URB containing a Prism2.x XXX_Request was never called.
   3662 *
   3663 * Arguments:
   3664 *	data		a ptr to the struct hfa384x
   3665 *
   3666 * Returns:
   3667 *	nothing
   3668 *
   3669 * Side effects:
   3670 *
   3671 * Call context:
   3672 *	interrupt
   3673 *----------------------------------------------------------------
   3674 */
   3675static void hfa384x_usbctlx_reqtimerfn(struct timer_list *t)
   3676{
   3677	struct hfa384x *hw = from_timer(hw, t, reqtimer);
   3678	unsigned long flags;
   3679
   3680	spin_lock_irqsave(&hw->ctlxq.lock, flags);
   3681
   3682	hw->req_timer_done = 1;
   3683
   3684	/* Removing the hardware automatically empties
   3685	 * the active list ...
   3686	 */
   3687	if (!list_empty(&hw->ctlxq.active)) {
   3688		/*
   3689		 * We must ensure that our URB is removed from
   3690		 * the system, if it hasn't already expired.
   3691		 */
   3692		hw->ctlx_urb.transfer_flags |= URB_ASYNC_UNLINK;
   3693		if (usb_unlink_urb(&hw->ctlx_urb) == -EINPROGRESS) {
   3694			struct hfa384x_usbctlx *ctlx = get_active_ctlx(hw);
   3695
   3696			ctlx->state = CTLX_REQ_FAILED;
   3697
   3698			/* This URB was active, but has now been
   3699			 * cancelled. It will now have a status of
   3700			 * -ECONNRESET in the callback function.
   3701			 *
   3702			 * We are cancelling this CTLX, so we're
   3703			 * not going to need to wait for a response.
   3704			 * The URB's callback function will check
   3705			 * that this timer is truly dead.
   3706			 */
   3707			if (del_timer(&hw->resptimer) != 0)
   3708				hw->resp_timer_done = 1;
   3709		}
   3710	}
   3711
   3712	spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
   3713}
   3714
   3715/*----------------------------------------------------------------
   3716 * hfa384x_usbctlx_resptimerfn
   3717 *
   3718 * Timer response function for CTLX response timeouts.  If this
   3719 * function is called, it means that the callback for the IN
   3720 * URB containing a Prism2.x XXX_Response was never called.
   3721 *
   3722 * Arguments:
   3723 *	data		a ptr to the struct hfa384x
   3724 *
   3725 * Returns:
   3726 *	nothing
   3727 *
   3728 * Side effects:
   3729 *
   3730 * Call context:
   3731 *	interrupt
   3732 *----------------------------------------------------------------
   3733 */
   3734static void hfa384x_usbctlx_resptimerfn(struct timer_list *t)
   3735{
   3736	struct hfa384x *hw = from_timer(hw, t, resptimer);
   3737	unsigned long flags;
   3738
   3739	spin_lock_irqsave(&hw->ctlxq.lock, flags);
   3740
   3741	hw->resp_timer_done = 1;
   3742
   3743	/* The active list will be empty if the
   3744	 * adapter has been unplugged ...
   3745	 */
   3746	if (!list_empty(&hw->ctlxq.active)) {
   3747		struct hfa384x_usbctlx *ctlx = get_active_ctlx(hw);
   3748
   3749		if (unlocked_usbctlx_cancel_async(hw, ctlx) == 0) {
   3750			spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
   3751			hfa384x_usbctlxq_run(hw);
   3752			return;
   3753		}
   3754	}
   3755	spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
   3756}
   3757
   3758/*----------------------------------------------------------------
   3759 * hfa384x_usb_throttlefn
   3760 *
   3761 *
   3762 * Arguments:
   3763 *	data	ptr to hw
   3764 *
   3765 * Returns:
   3766 *	Nothing
   3767 *
   3768 * Side effects:
   3769 *
   3770 * Call context:
   3771 *	Interrupt
   3772 *----------------------------------------------------------------
   3773 */
   3774static void hfa384x_usb_throttlefn(struct timer_list *t)
   3775{
   3776	struct hfa384x *hw = from_timer(hw, t, throttle);
   3777	unsigned long flags;
   3778
   3779	spin_lock_irqsave(&hw->ctlxq.lock, flags);
   3780
   3781	pr_debug("flags=0x%lx\n", hw->usb_flags);
   3782	if (!hw->wlandev->hwremoved) {
   3783		bool rx_throttle = test_and_clear_bit(THROTTLE_RX, &hw->usb_flags) &&
   3784				   !test_and_set_bit(WORK_RX_RESUME, &hw->usb_flags);
   3785		bool tx_throttle = test_and_clear_bit(THROTTLE_TX, &hw->usb_flags) &&
   3786				   !test_and_set_bit(WORK_TX_RESUME, &hw->usb_flags);
   3787		/*
   3788		 * We need to check BOTH the RX and the TX throttle controls,
   3789		 * so we use the bitwise OR instead of the logical OR.
   3790		 */
   3791		if (rx_throttle | tx_throttle)
   3792			schedule_work(&hw->usb_work);
   3793	}
   3794
   3795	spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
   3796}
   3797
   3798/*----------------------------------------------------------------
   3799 * hfa384x_usbctlx_submit
   3800 *
   3801 * Called from the doxxx functions to submit a CTLX to the queue
   3802 *
   3803 * Arguments:
   3804 *	hw		ptr to the hw struct
   3805 *	ctlx		ctlx structure to enqueue
   3806 *
   3807 * Returns:
   3808 *	-ENODEV if the adapter is unplugged
   3809 *	0
   3810 *
   3811 * Side effects:
   3812 *
   3813 * Call context:
   3814 *	process or interrupt
   3815 *----------------------------------------------------------------
   3816 */
   3817static int hfa384x_usbctlx_submit(struct hfa384x *hw,
   3818				  struct hfa384x_usbctlx *ctlx)
   3819{
   3820	unsigned long flags;
   3821
   3822	spin_lock_irqsave(&hw->ctlxq.lock, flags);
   3823
   3824	if (hw->wlandev->hwremoved) {
   3825		spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
   3826		return -ENODEV;
   3827	}
   3828
   3829	ctlx->state = CTLX_PENDING;
   3830	list_add_tail(&ctlx->list, &hw->ctlxq.pending);
   3831	spin_unlock_irqrestore(&hw->ctlxq.lock, flags);
   3832	hfa384x_usbctlxq_run(hw);
   3833
   3834	return 0;
   3835}
   3836
   3837/*----------------------------------------------------------------
   3838 * hfa384x_isgood_pdrcore
   3839 *
   3840 * Quick check of PDR codes.
   3841 *
   3842 * Arguments:
   3843 *	pdrcode		PDR code number (host order)
   3844 *
   3845 * Returns:
   3846 *	zero		not good.
   3847 *	one		is good.
   3848 *
   3849 * Side effects:
   3850 *
   3851 * Call context:
   3852 *----------------------------------------------------------------
   3853 */
   3854static int hfa384x_isgood_pdrcode(u16 pdrcode)
   3855{
   3856	switch (pdrcode) {
   3857	case HFA384x_PDR_END_OF_PDA:
   3858	case HFA384x_PDR_PCB_PARTNUM:
   3859	case HFA384x_PDR_PDAVER:
   3860	case HFA384x_PDR_NIC_SERIAL:
   3861	case HFA384x_PDR_MKK_MEASUREMENTS:
   3862	case HFA384x_PDR_NIC_RAMSIZE:
   3863	case HFA384x_PDR_MFISUPRANGE:
   3864	case HFA384x_PDR_CFISUPRANGE:
   3865	case HFA384x_PDR_NICID:
   3866	case HFA384x_PDR_MAC_ADDRESS:
   3867	case HFA384x_PDR_REGDOMAIN:
   3868	case HFA384x_PDR_ALLOWED_CHANNEL:
   3869	case HFA384x_PDR_DEFAULT_CHANNEL:
   3870	case HFA384x_PDR_TEMPTYPE:
   3871	case HFA384x_PDR_IFR_SETTING:
   3872	case HFA384x_PDR_RFR_SETTING:
   3873	case HFA384x_PDR_HFA3861_BASELINE:
   3874	case HFA384x_PDR_HFA3861_SHADOW:
   3875	case HFA384x_PDR_HFA3861_IFRF:
   3876	case HFA384x_PDR_HFA3861_CHCALSP:
   3877	case HFA384x_PDR_HFA3861_CHCALI:
   3878	case HFA384x_PDR_3842_NIC_CONFIG:
   3879	case HFA384x_PDR_USB_ID:
   3880	case HFA384x_PDR_PCI_ID:
   3881	case HFA384x_PDR_PCI_IFCONF:
   3882	case HFA384x_PDR_PCI_PMCONF:
   3883	case HFA384x_PDR_RFENRGY:
   3884	case HFA384x_PDR_HFA3861_MANF_TESTSP:
   3885	case HFA384x_PDR_HFA3861_MANF_TESTI:
   3886		/* code is OK */
   3887		return 1;
   3888	default:
   3889		if (pdrcode < 0x1000) {
   3890			/* code is OK, but we don't know exactly what it is */
   3891			pr_debug("Encountered unknown PDR#=0x%04x, assuming it's ok.\n",
   3892				 pdrcode);
   3893			return 1;
   3894		}
   3895		break;
   3896	}
   3897	/* bad code */
   3898	pr_debug("Encountered unknown PDR#=0x%04x, (>=0x1000), assuming it's bad.\n",
   3899		 pdrcode);
   3900	return 0;
   3901}