1/***************************************************************************** 2* 3* Filename: ks959-sir.c 4* Version: 0.1.2 5* Description: Irda KingSun KS-959 USB Dongle 6* Status: Experimental 7* Author: Alex Villacís Lasso <a_villacis@palosanto.com> 8* with help from Domen Puncer <domen@coderock.org> 9* 10* Based on stir4200, mcs7780, kingsun-sir drivers. 11* 12* This program is free software; you can redistribute it and/or modify 13* it under the terms of the GNU General Public License as published by 14* the Free Software Foundation; either version 2 of the License. 15* 16* This program is distributed in the hope that it will be useful, 17* but WITHOUT ANY WARRANTY; without even the implied warranty of 18* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 19* GNU General Public License for more details. 20* 21* You should have received a copy of the GNU General Public License 22* along with this program; if not, write to the Free Software 23* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 24* 25*****************************************************************************/ 26 27/* 28 * Following is my most current (2007-07-17) understanding of how the Kingsun 29 * KS-959 dongle is supposed to work. This information was deduced by 30 * reverse-engineering and examining the USB traffic captured with USBSnoopy 31 * from the WinXP driver. Feel free to update here as more of the dongle is 32 * known. 33 * 34 * My most sincere thanks must go to Domen Puncer <domen@coderock.org> for 35 * invaluable help in cracking the obfuscation and padding required for this 36 * dongle. 37 * 38 * General: This dongle exposes one interface with one interrupt IN endpoint. 39 * However, the interrupt endpoint is NOT used at all for this dongle. Instead, 40 * this dongle uses control transfers for everything, including sending and 41 * receiving the IrDA frame data. Apparently the interrupt endpoint is just a 42 * dummy to ensure the dongle has a valid interface to present to the PC.And I 43 * thought the DonShine dongle was weird... In addition, this dongle uses 44 * obfuscation (?!?!), applied at the USB level, to hide the traffic, both sent 45 * and received, from the dongle. I call it obfuscation because the XOR keying 46 * and padding required to produce an USB traffic acceptable for the dongle can 47 * not be explained by any other technical requirement. 48 * 49 * Transmission: To transmit an IrDA frame, the driver must prepare a control 50 * URB with the following as a setup packet: 51 * bRequestType USB_DIR_OUT | USB_TYPE_CLASS | USB_RECIP_INTERFACE 52 * bRequest 0x09 53 * wValue <length of valid data before padding, little endian> 54 * wIndex 0x0000 55 * wLength <length of padded data> 56 * The payload packet must be manually wrapped and escaped (as in stir4200.c), 57 * then padded and obfuscated before being sent. Both padding and obfuscation 58 * are implemented in the procedure obfuscate_tx_buffer(). Suffice to say, the 59 * designer/programmer of the dongle used his name as a source for the 60 * obfuscation. WTF?! 61 * Apparently the dongle cannot handle payloads larger than 256 bytes. The 62 * driver has to perform fragmentation in order to send anything larger than 63 * this limit. 64 * 65 * Reception: To receive data, the driver must poll the dongle regularly (like 66 * kingsun-sir.c) with control URBs and the following as a setup packet: 67 * bRequestType USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE 68 * bRequest 0x01 69 * wValue 0x0200 70 * wIndex 0x0000 71 * wLength 0x0800 (size of available buffer) 72 * If there is data to be read, it will be returned as the response payload. 73 * This data is (apparently) not padded, but it is obfuscated. To de-obfuscate 74 * it, the driver must XOR every byte, in sequence, with a value that starts at 75 * 1 and is incremented with each byte processed, and then with 0x55. The value 76 * incremented with each byte processed overflows as an unsigned char. The 77 * resulting bytes form a wrapped SIR frame that is unwrapped and unescaped 78 * as in stir4200.c The incremented value is NOT reset with each frame, but is 79 * kept across the entire session with the dongle. Also, the dongle inserts an 80 * extra garbage byte with value 0x95 (after decoding) every 0xff bytes, which 81 * must be skipped. 82 * 83 * Speed change: To change the speed of the dongle, the driver prepares a 84 * control URB with the following as a setup packet: 85 * bRequestType USB_DIR_OUT | USB_TYPE_CLASS | USB_RECIP_INTERFACE 86 * bRequest 0x09 87 * wValue 0x0200 88 * wIndex 0x0001 89 * wLength 0x0008 (length of the payload) 90 * The payload is a 8-byte record, apparently identical to the one used in 91 * drivers/usb/serial/cypress_m8.c to change speed: 92 * __u32 baudSpeed; 93 * unsigned int dataBits : 2; // 0 - 5 bits 3 - 8 bits 94 * unsigned int : 1; 95 * unsigned int stopBits : 1; 96 * unsigned int parityEnable : 1; 97 * unsigned int parityType : 1; 98 * unsigned int : 1; 99 * unsigned int reset : 1; 100 * unsigned char reserved[3]; // set to 0 101 * 102 * For now only SIR speeds have been observed with this dongle. Therefore, 103 * nothing is known on what changes (if any) must be done to frame wrapping / 104 * unwrapping for higher than SIR speeds. This driver assumes no change is 105 * necessary and announces support for all the way to 57600 bps. Although the 106 * package announces support for up to 4MBps, tests with a Sony Ericcson K300 107 * phone show corruption when receiving large frames at 115200 bps, the highest 108 * speed announced by the phone. However, transmission at 115200 bps is OK. Go 109 * figure. Since I don't know whether the phone or the dongle is at fault, max 110 * announced speed is 57600 bps until someone produces a device that can run 111 * at higher speeds with this dongle. 112 */ 113 114#include <linux/module.h> 115#include <linux/moduleparam.h> 116#include <linux/kernel.h> 117#include <linux/types.h> 118#include <linux/errno.h> 119#include <linux/slab.h> 120#include <linux/usb.h> 121#include <linux/device.h> 122#include <linux/crc32.h> 123 124#include <asm/unaligned.h> 125#include <asm/byteorder.h> 126#include <asm/uaccess.h> 127 128#include <net/irda/irda.h> 129#include <net/irda/wrapper.h> 130#include <net/irda/crc.h> 131 132#define KS959_VENDOR_ID 0x07d0 133#define KS959_PRODUCT_ID 0x4959 134 135/* These are the currently known USB ids */ 136static struct usb_device_id dongles[] = { 137 /* KingSun Co,Ltd IrDA/USB Bridge */ 138 {USB_DEVICE(KS959_VENDOR_ID, KS959_PRODUCT_ID)}, 139 {} 140}; 141 142MODULE_DEVICE_TABLE(usb, dongles); 143 144#define KINGSUN_MTT 0x07 145#define KINGSUN_REQ_RECV 0x01 146#define KINGSUN_REQ_SEND 0x09 147 148#define KINGSUN_RCV_FIFO_SIZE 2048 /* Max length we can receive */ 149#define KINGSUN_SND_FIFO_SIZE 2048 /* Max packet we can send */ 150#define KINGSUN_SND_PACKET_SIZE 256 /* Max packet dongle can handle */ 151 152struct ks959_speedparams { 153 __le32 baudrate; /* baud rate, little endian */ 154 __u8 flags; 155 __u8 reserved[3]; 156} __packed; 157 158#define KS_DATA_5_BITS 0x00 159#define KS_DATA_6_BITS 0x01 160#define KS_DATA_7_BITS 0x02 161#define KS_DATA_8_BITS 0x03 162 163#define KS_STOP_BITS_1 0x00 164#define KS_STOP_BITS_2 0x08 165 166#define KS_PAR_DISABLE 0x00 167#define KS_PAR_EVEN 0x10 168#define KS_PAR_ODD 0x30 169#define KS_RESET 0x80 170 171struct ks959_cb { 172 struct usb_device *usbdev; /* init: probe_irda */ 173 struct net_device *netdev; /* network layer */ 174 struct irlap_cb *irlap; /* The link layer we are binded to */ 175 176 struct qos_info qos; 177 178 struct usb_ctrlrequest *tx_setuprequest; 179 struct urb *tx_urb; 180 __u8 *tx_buf_clear; 181 unsigned int tx_buf_clear_used; 182 unsigned int tx_buf_clear_sent; 183 __u8 *tx_buf_xored; 184 185 struct usb_ctrlrequest *rx_setuprequest; 186 struct urb *rx_urb; 187 __u8 *rx_buf; 188 __u8 rx_variable_xormask; 189 iobuff_t rx_unwrap_buff; 190 191 struct usb_ctrlrequest *speed_setuprequest; 192 struct urb *speed_urb; 193 struct ks959_speedparams speedparams; 194 unsigned int new_speed; 195 196 spinlock_t lock; 197 int receiving; 198}; 199 200/* Procedure to perform the obfuscation/padding expected by the dongle 201 * 202 * buf_cleartext (IN) Cleartext version of the IrDA frame to transmit 203 * len_cleartext (IN) Length of the cleartext version of IrDA frame 204 * buf_xoredtext (OUT) Obfuscated version of frame built by proc 205 * len_maxbuf (OUT) Maximum space available at buf_xoredtext 206 * 207 * (return) length of obfuscated frame with padding 208 * 209 * If not enough space (as indicated by len_maxbuf vs. required padding), 210 * zero is returned 211 * 212 * The value of lookup_string is actually a required portion of the algorithm. 213 * Seems the designer of the dongle wanted to state who exactly is responsible 214 * for implementing obfuscation. Send your best (or other) wishes to him ]:-) 215 */ 216static unsigned int obfuscate_tx_buffer(const __u8 * buf_cleartext, 217 unsigned int len_cleartext, 218 __u8 * buf_xoredtext, 219 unsigned int len_maxbuf) 220{ 221 unsigned int len_xoredtext; 222 223 /* Calculate required length with padding, check for necessary space */ 224 len_xoredtext = ((len_cleartext + 7) & ~0x7) + 0x10; 225 if (len_xoredtext <= len_maxbuf) { 226 static const __u8 lookup_string[] = "wangshuofei19710"; 227 __u8 xor_mask; 228 229 /* Unlike the WinXP driver, we *do* clear out the padding */ 230 memset(buf_xoredtext, 0, len_xoredtext); 231 232 xor_mask = lookup_string[(len_cleartext & 0x0f) ^ 0x06] ^ 0x55; 233 234 while (len_cleartext-- > 0) { 235 *buf_xoredtext++ = *buf_cleartext++ ^ xor_mask; 236 } 237 } else { 238 len_xoredtext = 0; 239 } 240 return len_xoredtext; 241} 242 243/* Callback transmission routine */ 244static void ks959_speed_irq(struct urb *urb) 245{ 246 /* unlink, shutdown, unplug, other nasties */ 247 if (urb->status != 0) { 248 dev_err(&urb->dev->dev, 249 "ks959_speed_irq: urb asynchronously failed - %d\n", 250 urb->status); 251 } 252} 253 254/* Send a control request to change speed of the dongle */ 255static int ks959_change_speed(struct ks959_cb *kingsun, unsigned speed) 256{ 257 static unsigned int supported_speeds[] = { 2400, 9600, 19200, 38400, 258 57600, 115200, 576000, 1152000, 4000000, 0 259 }; 260 int err; 261 unsigned int i; 262 263 if (kingsun->speed_setuprequest == NULL || kingsun->speed_urb == NULL) 264 return -ENOMEM; 265 266 /* Check that requested speed is among the supported ones */ 267 for (i = 0; supported_speeds[i] && supported_speeds[i] != speed; i++) ; 268 if (supported_speeds[i] == 0) 269 return -EOPNOTSUPP; 270 271 memset(&(kingsun->speedparams), 0, sizeof(struct ks959_speedparams)); 272 kingsun->speedparams.baudrate = cpu_to_le32(speed); 273 kingsun->speedparams.flags = KS_DATA_8_BITS; 274 275 /* speed_setuprequest pre-filled in ks959_probe */ 276 usb_fill_control_urb(kingsun->speed_urb, kingsun->usbdev, 277 usb_sndctrlpipe(kingsun->usbdev, 0), 278 (unsigned char *)kingsun->speed_setuprequest, 279 &(kingsun->speedparams), 280 sizeof(struct ks959_speedparams), ks959_speed_irq, 281 kingsun); 282 kingsun->speed_urb->status = 0; 283 err = usb_submit_urb(kingsun->speed_urb, GFP_ATOMIC); 284 285 return err; 286} 287 288/* Submit one fragment of an IrDA frame to the dongle */ 289static void ks959_send_irq(struct urb *urb); 290static int ks959_submit_tx_fragment(struct ks959_cb *kingsun) 291{ 292 unsigned int padlen; 293 unsigned int wraplen; 294 int ret; 295 296 /* Check whether current plaintext can produce a padded buffer that fits 297 within the range handled by the dongle */ 298 wraplen = (KINGSUN_SND_PACKET_SIZE & ~0x7) - 0x10; 299 if (wraplen > kingsun->tx_buf_clear_used) 300 wraplen = kingsun->tx_buf_clear_used; 301 302 /* Perform dongle obfuscation. Also remove the portion of the frame that 303 was just obfuscated and will now be sent to the dongle. */ 304 padlen = obfuscate_tx_buffer(kingsun->tx_buf_clear, wraplen, 305 kingsun->tx_buf_xored, 306 KINGSUN_SND_PACKET_SIZE); 307 308 /* Calculate how much data can be transmitted in this urb */ 309 kingsun->tx_setuprequest->wValue = cpu_to_le16(wraplen); 310 kingsun->tx_setuprequest->wLength = cpu_to_le16(padlen); 311 /* Rest of the fields were filled in ks959_probe */ 312 usb_fill_control_urb(kingsun->tx_urb, kingsun->usbdev, 313 usb_sndctrlpipe(kingsun->usbdev, 0), 314 (unsigned char *)kingsun->tx_setuprequest, 315 kingsun->tx_buf_xored, padlen, 316 ks959_send_irq, kingsun); 317 kingsun->tx_urb->status = 0; 318 ret = usb_submit_urb(kingsun->tx_urb, GFP_ATOMIC); 319 320 /* Remember how much data was sent, in order to update at callback */ 321 kingsun->tx_buf_clear_sent = (ret == 0) ? wraplen : 0; 322 return ret; 323} 324 325/* Callback transmission routine */ 326static void ks959_send_irq(struct urb *urb) 327{ 328 struct ks959_cb *kingsun = urb->context; 329 struct net_device *netdev = kingsun->netdev; 330 int ret = 0; 331 332 /* in process of stopping, just drop data */ 333 if (!netif_running(kingsun->netdev)) { 334 dev_err(&kingsun->usbdev->dev, 335 "ks959_send_irq: Network not running!\n"); 336 return; 337 } 338 339 /* unlink, shutdown, unplug, other nasties */ 340 if (urb->status != 0) { 341 dev_err(&kingsun->usbdev->dev, 342 "ks959_send_irq: urb asynchronously failed - %d\n", 343 urb->status); 344 return; 345 } 346 347 if (kingsun->tx_buf_clear_used > 0) { 348 /* Update data remaining to be sent */ 349 if (kingsun->tx_buf_clear_sent < kingsun->tx_buf_clear_used) { 350 memmove(kingsun->tx_buf_clear, 351 kingsun->tx_buf_clear + 352 kingsun->tx_buf_clear_sent, 353 kingsun->tx_buf_clear_used - 354 kingsun->tx_buf_clear_sent); 355 } 356 kingsun->tx_buf_clear_used -= kingsun->tx_buf_clear_sent; 357 kingsun->tx_buf_clear_sent = 0; 358 359 if (kingsun->tx_buf_clear_used > 0) { 360 /* There is more data to be sent */ 361 if ((ret = ks959_submit_tx_fragment(kingsun)) != 0) { 362 dev_err(&kingsun->usbdev->dev, 363 "ks959_send_irq: failed tx_urb submit: %d\n", 364 ret); 365 switch (ret) { 366 case -ENODEV: 367 case -EPIPE: 368 break; 369 default: 370 netdev->stats.tx_errors++; 371 netif_start_queue(netdev); 372 } 373 } 374 } else { 375 /* All data sent, send next speed && wake network queue */ 376 if (kingsun->new_speed != -1 && 377 cpu_to_le32(kingsun->new_speed) != 378 kingsun->speedparams.baudrate) 379 ks959_change_speed(kingsun, kingsun->new_speed); 380 381 netif_wake_queue(netdev); 382 } 383 } 384} 385 386/* 387 * Called from net/core when new frame is available. 388 */ 389static netdev_tx_t ks959_hard_xmit(struct sk_buff *skb, 390 struct net_device *netdev) 391{ 392 struct ks959_cb *kingsun; 393 unsigned int wraplen; 394 int ret = 0; 395 396 netif_stop_queue(netdev); 397 398 /* the IRDA wrapping routines don't deal with non linear skb */ 399 SKB_LINEAR_ASSERT(skb); 400 401 kingsun = netdev_priv(netdev); 402 403 spin_lock(&kingsun->lock); 404 kingsun->new_speed = irda_get_next_speed(skb); 405 406 /* Append data to the end of whatever data remains to be transmitted */ 407 wraplen = 408 async_wrap_skb(skb, kingsun->tx_buf_clear, KINGSUN_SND_FIFO_SIZE); 409 kingsun->tx_buf_clear_used = wraplen; 410 411 if ((ret = ks959_submit_tx_fragment(kingsun)) != 0) { 412 dev_err(&kingsun->usbdev->dev, 413 "ks959_hard_xmit: failed tx_urb submit: %d\n", ret); 414 switch (ret) { 415 case -ENODEV: 416 case -EPIPE: 417 break; 418 default: 419 netdev->stats.tx_errors++; 420 netif_start_queue(netdev); 421 } 422 } else { 423 netdev->stats.tx_packets++; 424 netdev->stats.tx_bytes += skb->len; 425 426 } 427 428 dev_kfree_skb(skb); 429 spin_unlock(&kingsun->lock); 430 431 return NETDEV_TX_OK; 432} 433 434/* Receive callback function */ 435static void ks959_rcv_irq(struct urb *urb) 436{ 437 struct ks959_cb *kingsun = urb->context; 438 int ret; 439 440 /* in process of stopping, just drop data */ 441 if (!netif_running(kingsun->netdev)) { 442 kingsun->receiving = 0; 443 return; 444 } 445 446 /* unlink, shutdown, unplug, other nasties */ 447 if (urb->status != 0) { 448 dev_err(&kingsun->usbdev->dev, 449 "kingsun_rcv_irq: urb asynchronously failed - %d\n", 450 urb->status); 451 kingsun->receiving = 0; 452 return; 453 } 454 455 if (urb->actual_length > 0) { 456 __u8 *bytes = urb->transfer_buffer; 457 unsigned int i; 458 459 for (i = 0; i < urb->actual_length; i++) { 460 /* De-obfuscation implemented here: variable portion of 461 xormask is incremented, and then used with the encoded 462 byte for the XOR. The result of the operation is used 463 to unwrap the SIR frame. */ 464 kingsun->rx_variable_xormask++; 465 bytes[i] = 466 bytes[i] ^ kingsun->rx_variable_xormask ^ 0x55u; 467 468 /* rx_variable_xormask doubles as an index counter so we 469 can skip the byte at 0xff (wrapped around to 0). 470 */ 471 if (kingsun->rx_variable_xormask != 0) { 472 async_unwrap_char(kingsun->netdev, 473 &kingsun->netdev->stats, 474 &kingsun->rx_unwrap_buff, 475 bytes[i]); 476 } 477 } 478 kingsun->receiving = 479 (kingsun->rx_unwrap_buff.state != OUTSIDE_FRAME) ? 1 : 0; 480 } 481 482 /* This urb has already been filled in kingsun_net_open. Setup 483 packet must be re-filled, but it is assumed that urb keeps the 484 pointer to the initial setup packet, as well as the payload buffer. 485 Setup packet is already pre-filled at ks959_probe. 486 */ 487 urb->status = 0; 488 ret = usb_submit_urb(urb, GFP_ATOMIC); 489} 490 491/* 492 * Function kingsun_net_open (dev) 493 * 494 * Network device is taken up. Usually this is done by "ifconfig irda0 up" 495 */ 496static int ks959_net_open(struct net_device *netdev) 497{ 498 struct ks959_cb *kingsun = netdev_priv(netdev); 499 int err = -ENOMEM; 500 char hwname[16]; 501 502 /* At this point, urbs are NULL, and skb is NULL (see kingsun_probe) */ 503 kingsun->receiving = 0; 504 505 /* Initialize for SIR to copy data directly into skb. */ 506 kingsun->rx_unwrap_buff.in_frame = FALSE; 507 kingsun->rx_unwrap_buff.state = OUTSIDE_FRAME; 508 kingsun->rx_unwrap_buff.truesize = IRDA_SKB_MAX_MTU; 509 kingsun->rx_unwrap_buff.skb = dev_alloc_skb(IRDA_SKB_MAX_MTU); 510 if (!kingsun->rx_unwrap_buff.skb) 511 goto free_mem; 512 513 skb_reserve(kingsun->rx_unwrap_buff.skb, 1); 514 kingsun->rx_unwrap_buff.head = kingsun->rx_unwrap_buff.skb->data; 515 516 kingsun->rx_urb = usb_alloc_urb(0, GFP_KERNEL); 517 if (!kingsun->rx_urb) 518 goto free_mem; 519 520 kingsun->tx_urb = usb_alloc_urb(0, GFP_KERNEL); 521 if (!kingsun->tx_urb) 522 goto free_mem; 523 524 kingsun->speed_urb = usb_alloc_urb(0, GFP_KERNEL); 525 if (!kingsun->speed_urb) 526 goto free_mem; 527 528 /* Initialize speed for dongle */ 529 kingsun->new_speed = 9600; 530 err = ks959_change_speed(kingsun, 9600); 531 if (err < 0) 532 goto free_mem; 533 534 /* 535 * Now that everything should be initialized properly, 536 * Open new IrLAP layer instance to take care of us... 537 */ 538 sprintf(hwname, "usb#%d", kingsun->usbdev->devnum); 539 kingsun->irlap = irlap_open(netdev, &kingsun->qos, hwname); 540 if (!kingsun->irlap) { 541 err = -ENOMEM; 542 dev_err(&kingsun->usbdev->dev, "irlap_open failed\n"); 543 goto free_mem; 544 } 545 546 /* Start reception. Setup request already pre-filled in ks959_probe */ 547 usb_fill_control_urb(kingsun->rx_urb, kingsun->usbdev, 548 usb_rcvctrlpipe(kingsun->usbdev, 0), 549 (unsigned char *)kingsun->rx_setuprequest, 550 kingsun->rx_buf, KINGSUN_RCV_FIFO_SIZE, 551 ks959_rcv_irq, kingsun); 552 kingsun->rx_urb->status = 0; 553 err = usb_submit_urb(kingsun->rx_urb, GFP_KERNEL); 554 if (err) { 555 dev_err(&kingsun->usbdev->dev, 556 "first urb-submit failed: %d\n", err); 557 goto close_irlap; 558 } 559 560 netif_start_queue(netdev); 561 562 /* Situation at this point: 563 - all work buffers allocated 564 - urbs allocated and ready to fill 565 - max rx packet known (in max_rx) 566 - unwrap state machine initialized, in state outside of any frame 567 - receive request in progress 568 - IrLAP layer started, about to hand over packets to send 569 */ 570 571 return 0; 572 573 close_irlap: 574 irlap_close(kingsun->irlap); 575 free_mem: 576 usb_free_urb(kingsun->speed_urb); 577 kingsun->speed_urb = NULL; 578 usb_free_urb(kingsun->tx_urb); 579 kingsun->tx_urb = NULL; 580 usb_free_urb(kingsun->rx_urb); 581 kingsun->rx_urb = NULL; 582 if (kingsun->rx_unwrap_buff.skb) { 583 kfree_skb(kingsun->rx_unwrap_buff.skb); 584 kingsun->rx_unwrap_buff.skb = NULL; 585 kingsun->rx_unwrap_buff.head = NULL; 586 } 587 return err; 588} 589 590/* 591 * Function kingsun_net_close (kingsun) 592 * 593 * Network device is taken down. Usually this is done by 594 * "ifconfig irda0 down" 595 */ 596static int ks959_net_close(struct net_device *netdev) 597{ 598 struct ks959_cb *kingsun = netdev_priv(netdev); 599 600 /* Stop transmit processing */ 601 netif_stop_queue(netdev); 602 603 /* Mop up receive && transmit urb's */ 604 usb_kill_urb(kingsun->tx_urb); 605 usb_free_urb(kingsun->tx_urb); 606 kingsun->tx_urb = NULL; 607 608 usb_kill_urb(kingsun->speed_urb); 609 usb_free_urb(kingsun->speed_urb); 610 kingsun->speed_urb = NULL; 611 612 usb_kill_urb(kingsun->rx_urb); 613 usb_free_urb(kingsun->rx_urb); 614 kingsun->rx_urb = NULL; 615 616 kfree_skb(kingsun->rx_unwrap_buff.skb); 617 kingsun->rx_unwrap_buff.skb = NULL; 618 kingsun->rx_unwrap_buff.head = NULL; 619 kingsun->rx_unwrap_buff.in_frame = FALSE; 620 kingsun->rx_unwrap_buff.state = OUTSIDE_FRAME; 621 kingsun->receiving = 0; 622 623 /* Stop and remove instance of IrLAP */ 624 if (kingsun->irlap) 625 irlap_close(kingsun->irlap); 626 627 kingsun->irlap = NULL; 628 629 return 0; 630} 631 632/* 633 * IOCTLs : Extra out-of-band network commands... 634 */ 635static int ks959_net_ioctl(struct net_device *netdev, struct ifreq *rq, int cmd) 636{ 637 struct if_irda_req *irq = (struct if_irda_req *)rq; 638 struct ks959_cb *kingsun = netdev_priv(netdev); 639 int ret = 0; 640 641 switch (cmd) { 642 case SIOCSBANDWIDTH: /* Set bandwidth */ 643 if (!capable(CAP_NET_ADMIN)) 644 return -EPERM; 645 646 /* Check if the device is still there */ 647 if (netif_device_present(kingsun->netdev)) 648 return ks959_change_speed(kingsun, irq->ifr_baudrate); 649 break; 650 651 case SIOCSMEDIABUSY: /* Set media busy */ 652 if (!capable(CAP_NET_ADMIN)) 653 return -EPERM; 654 655 /* Check if the IrDA stack is still there */ 656 if (netif_running(kingsun->netdev)) 657 irda_device_set_media_busy(kingsun->netdev, TRUE); 658 break; 659 660 case SIOCGRECEIVING: 661 /* Only approximately true */ 662 irq->ifr_receiving = kingsun->receiving; 663 break; 664 665 default: 666 ret = -EOPNOTSUPP; 667 } 668 669 return ret; 670} 671 672static const struct net_device_ops ks959_ops = { 673 .ndo_start_xmit = ks959_hard_xmit, 674 .ndo_open = ks959_net_open, 675 .ndo_stop = ks959_net_close, 676 .ndo_do_ioctl = ks959_net_ioctl, 677}; 678/* 679 * This routine is called by the USB subsystem for each new device 680 * in the system. We need to check if the device is ours, and in 681 * this case start handling it. 682 */ 683static int ks959_probe(struct usb_interface *intf, 684 const struct usb_device_id *id) 685{ 686 struct usb_device *dev = interface_to_usbdev(intf); 687 struct ks959_cb *kingsun = NULL; 688 struct net_device *net = NULL; 689 int ret = -ENOMEM; 690 691 /* Allocate network device container. */ 692 net = alloc_irdadev(sizeof(*kingsun)); 693 if (!net) 694 goto err_out1; 695 696 SET_NETDEV_DEV(net, &intf->dev); 697 kingsun = netdev_priv(net); 698 kingsun->netdev = net; 699 kingsun->usbdev = dev; 700 kingsun->irlap = NULL; 701 kingsun->tx_setuprequest = NULL; 702 kingsun->tx_urb = NULL; 703 kingsun->tx_buf_clear = NULL; 704 kingsun->tx_buf_xored = NULL; 705 kingsun->tx_buf_clear_used = 0; 706 kingsun->tx_buf_clear_sent = 0; 707 708 kingsun->rx_setuprequest = NULL; 709 kingsun->rx_urb = NULL; 710 kingsun->rx_buf = NULL; 711 kingsun->rx_variable_xormask = 0; 712 kingsun->rx_unwrap_buff.in_frame = FALSE; 713 kingsun->rx_unwrap_buff.state = OUTSIDE_FRAME; 714 kingsun->rx_unwrap_buff.skb = NULL; 715 kingsun->receiving = 0; 716 spin_lock_init(&kingsun->lock); 717 718 kingsun->speed_setuprequest = NULL; 719 kingsun->speed_urb = NULL; 720 kingsun->speedparams.baudrate = 0; 721 722 /* Allocate input buffer */ 723 kingsun->rx_buf = kmalloc(KINGSUN_RCV_FIFO_SIZE, GFP_KERNEL); 724 if (!kingsun->rx_buf) 725 goto free_mem; 726 727 /* Allocate input setup packet */ 728 kingsun->rx_setuprequest = 729 kmalloc(sizeof(struct usb_ctrlrequest), GFP_KERNEL); 730 if (!kingsun->rx_setuprequest) 731 goto free_mem; 732 kingsun->rx_setuprequest->bRequestType = 733 USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE; 734 kingsun->rx_setuprequest->bRequest = KINGSUN_REQ_RECV; 735 kingsun->rx_setuprequest->wValue = cpu_to_le16(0x0200); 736 kingsun->rx_setuprequest->wIndex = 0; 737 kingsun->rx_setuprequest->wLength = cpu_to_le16(KINGSUN_RCV_FIFO_SIZE); 738 739 /* Allocate output buffer */ 740 kingsun->tx_buf_clear = kmalloc(KINGSUN_SND_FIFO_SIZE, GFP_KERNEL); 741 if (!kingsun->tx_buf_clear) 742 goto free_mem; 743 kingsun->tx_buf_xored = kmalloc(KINGSUN_SND_PACKET_SIZE, GFP_KERNEL); 744 if (!kingsun->tx_buf_xored) 745 goto free_mem; 746 747 /* Allocate and initialize output setup packet */ 748 kingsun->tx_setuprequest = 749 kmalloc(sizeof(struct usb_ctrlrequest), GFP_KERNEL); 750 if (!kingsun->tx_setuprequest) 751 goto free_mem; 752 kingsun->tx_setuprequest->bRequestType = 753 USB_DIR_OUT | USB_TYPE_CLASS | USB_RECIP_INTERFACE; 754 kingsun->tx_setuprequest->bRequest = KINGSUN_REQ_SEND; 755 kingsun->tx_setuprequest->wValue = 0; 756 kingsun->tx_setuprequest->wIndex = 0; 757 kingsun->tx_setuprequest->wLength = 0; 758 759 /* Allocate and initialize speed setup packet */ 760 kingsun->speed_setuprequest = 761 kmalloc(sizeof(struct usb_ctrlrequest), GFP_KERNEL); 762 if (!kingsun->speed_setuprequest) 763 goto free_mem; 764 kingsun->speed_setuprequest->bRequestType = 765 USB_DIR_OUT | USB_TYPE_CLASS | USB_RECIP_INTERFACE; 766 kingsun->speed_setuprequest->bRequest = KINGSUN_REQ_SEND; 767 kingsun->speed_setuprequest->wValue = cpu_to_le16(0x0200); 768 kingsun->speed_setuprequest->wIndex = cpu_to_le16(0x0001); 769 kingsun->speed_setuprequest->wLength = 770 cpu_to_le16(sizeof(struct ks959_speedparams)); 771 772 printk(KERN_INFO "KingSun KS-959 IRDA/USB found at address %d, " 773 "Vendor: %x, Product: %x\n", 774 dev->devnum, le16_to_cpu(dev->descriptor.idVendor), 775 le16_to_cpu(dev->descriptor.idProduct)); 776 777 /* Initialize QoS for this device */ 778 irda_init_max_qos_capabilies(&kingsun->qos); 779 780 /* Baud rates known to be supported. Please uncomment if devices (other 781 than a SonyEriccson K300 phone) can be shown to support higher speed 782 with this dongle. 783 */ 784 kingsun->qos.baud_rate.bits = 785 IR_2400 | IR_9600 | IR_19200 | IR_38400 | IR_57600; 786 kingsun->qos.min_turn_time.bits &= KINGSUN_MTT; 787 irda_qos_bits_to_value(&kingsun->qos); 788 789 /* Override the network functions we need to use */ 790 net->netdev_ops = &ks959_ops; 791 792 ret = register_netdev(net); 793 if (ret != 0) 794 goto free_mem; 795 796 dev_info(&net->dev, "IrDA: Registered KingSun KS-959 device %s\n", 797 net->name); 798 799 usb_set_intfdata(intf, kingsun); 800 801 /* Situation at this point: 802 - all work buffers allocated 803 - setup requests pre-filled 804 - urbs not allocated, set to NULL 805 - max rx packet known (is KINGSUN_FIFO_SIZE) 806 - unwrap state machine (partially) initialized, but skb == NULL 807 */ 808 809 return 0; 810 811 free_mem: 812 kfree(kingsun->speed_setuprequest); 813 kfree(kingsun->tx_setuprequest); 814 kfree(kingsun->tx_buf_xored); 815 kfree(kingsun->tx_buf_clear); 816 kfree(kingsun->rx_setuprequest); 817 kfree(kingsun->rx_buf); 818 free_netdev(net); 819 err_out1: 820 return ret; 821} 822 823/* 824 * The current device is removed, the USB layer tell us to shut it down... 825 */ 826static void ks959_disconnect(struct usb_interface *intf) 827{ 828 struct ks959_cb *kingsun = usb_get_intfdata(intf); 829 830 if (!kingsun) 831 return; 832 833 unregister_netdev(kingsun->netdev); 834 835 /* Mop up receive && transmit urb's */ 836 if (kingsun->speed_urb != NULL) { 837 usb_kill_urb(kingsun->speed_urb); 838 usb_free_urb(kingsun->speed_urb); 839 kingsun->speed_urb = NULL; 840 } 841 if (kingsun->tx_urb != NULL) { 842 usb_kill_urb(kingsun->tx_urb); 843 usb_free_urb(kingsun->tx_urb); 844 kingsun->tx_urb = NULL; 845 } 846 if (kingsun->rx_urb != NULL) { 847 usb_kill_urb(kingsun->rx_urb); 848 usb_free_urb(kingsun->rx_urb); 849 kingsun->rx_urb = NULL; 850 } 851 852 kfree(kingsun->speed_setuprequest); 853 kfree(kingsun->tx_setuprequest); 854 kfree(kingsun->tx_buf_xored); 855 kfree(kingsun->tx_buf_clear); 856 kfree(kingsun->rx_setuprequest); 857 kfree(kingsun->rx_buf); 858 free_netdev(kingsun->netdev); 859 860 usb_set_intfdata(intf, NULL); 861} 862 863#ifdef CONFIG_PM 864/* USB suspend, so power off the transmitter/receiver */ 865static int ks959_suspend(struct usb_interface *intf, pm_message_t message) 866{ 867 struct ks959_cb *kingsun = usb_get_intfdata(intf); 868 869 netif_device_detach(kingsun->netdev); 870 if (kingsun->speed_urb != NULL) 871 usb_kill_urb(kingsun->speed_urb); 872 if (kingsun->tx_urb != NULL) 873 usb_kill_urb(kingsun->tx_urb); 874 if (kingsun->rx_urb != NULL) 875 usb_kill_urb(kingsun->rx_urb); 876 return 0; 877} 878 879/* Coming out of suspend, so reset hardware */ 880static int ks959_resume(struct usb_interface *intf) 881{ 882 struct ks959_cb *kingsun = usb_get_intfdata(intf); 883 884 if (kingsun->rx_urb != NULL) { 885 /* Setup request already filled in ks959_probe */ 886 usb_submit_urb(kingsun->rx_urb, GFP_KERNEL); 887 } 888 netif_device_attach(kingsun->netdev); 889 890 return 0; 891} 892#endif 893 894/* 895 * USB device callbacks 896 */ 897static struct usb_driver irda_driver = { 898 .name = "ks959-sir", 899 .probe = ks959_probe, 900 .disconnect = ks959_disconnect, 901 .id_table = dongles, 902#ifdef CONFIG_PM 903 .suspend = ks959_suspend, 904 .resume = ks959_resume, 905#endif 906}; 907 908module_usb_driver(irda_driver); 909 910MODULE_AUTHOR("Alex Villacís Lasso <a_villacis@palosanto.com>"); 911MODULE_DESCRIPTION("IrDA-USB Dongle Driver for KingSun KS-959"); 912MODULE_LICENSE("GPL"); 913