leds: wm831x-status: fix use-after-free on unbind
[linux/fpc-iii.git] / drivers / bluetooth / hci_ath.c
blobdbfe34664633a1c4783d359ad9b0eb5971c15430
1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3 * Atheros Communication Bluetooth HCIATH3K UART protocol
5 * HCIATH3K (HCI Atheros AR300x Protocol) is a Atheros Communication's
6 * power management protocol extension to H4 to support AR300x Bluetooth Chip.
8 * Copyright (c) 2009-2010 Atheros Communications Inc.
10 * Acknowledgements:
11 * This file is based on hci_h4.c, which was written
12 * by Maxim Krasnyansky and Marcel Holtmann.
15 #include <linux/module.h>
16 #include <linux/kernel.h>
18 #include <linux/init.h>
19 #include <linux/slab.h>
20 #include <linux/tty.h>
21 #include <linux/errno.h>
22 #include <linux/ioctl.h>
23 #include <linux/skbuff.h>
25 #include <net/bluetooth/bluetooth.h>
26 #include <net/bluetooth/hci_core.h>
28 #include "hci_uart.h"
30 struct ath_struct {
31 struct hci_uart *hu;
32 unsigned int cur_sleep;
34 struct sk_buff *rx_skb;
35 struct sk_buff_head txq;
36 struct work_struct ctxtsw;
39 #define OP_WRITE_TAG 0x01
41 #define INDEX_BDADDR 0x01
43 struct ath_vendor_cmd {
44 __u8 opcode;
45 __le16 index;
46 __u8 len;
47 __u8 data[251];
48 } __packed;
50 static int ath_wakeup_ar3k(struct tty_struct *tty)
52 int status = tty->driver->ops->tiocmget(tty);
54 if (status & TIOCM_CTS)
55 return status;
57 /* Clear RTS first */
58 tty->driver->ops->tiocmget(tty);
59 tty->driver->ops->tiocmset(tty, 0x00, TIOCM_RTS);
60 msleep(20);
62 /* Set RTS, wake up board */
63 tty->driver->ops->tiocmget(tty);
64 tty->driver->ops->tiocmset(tty, TIOCM_RTS, 0x00);
65 msleep(20);
67 status = tty->driver->ops->tiocmget(tty);
68 return status;
71 static void ath_hci_uart_work(struct work_struct *work)
73 int status;
74 struct ath_struct *ath;
75 struct hci_uart *hu;
76 struct tty_struct *tty;
78 ath = container_of(work, struct ath_struct, ctxtsw);
80 hu = ath->hu;
81 tty = hu->tty;
83 /* verify and wake up controller */
84 if (ath->cur_sleep) {
85 status = ath_wakeup_ar3k(tty);
86 if (!(status & TIOCM_CTS))
87 return;
90 /* Ready to send Data */
91 clear_bit(HCI_UART_SENDING, &hu->tx_state);
92 hci_uart_tx_wakeup(hu);
95 static int ath_open(struct hci_uart *hu)
97 struct ath_struct *ath;
99 BT_DBG("hu %p", hu);
101 if (!hci_uart_has_flow_control(hu))
102 return -EOPNOTSUPP;
104 ath = kzalloc(sizeof(*ath), GFP_KERNEL);
105 if (!ath)
106 return -ENOMEM;
108 skb_queue_head_init(&ath->txq);
110 hu->priv = ath;
111 ath->hu = hu;
113 INIT_WORK(&ath->ctxtsw, ath_hci_uart_work);
115 return 0;
118 static int ath_close(struct hci_uart *hu)
120 struct ath_struct *ath = hu->priv;
122 BT_DBG("hu %p", hu);
124 skb_queue_purge(&ath->txq);
126 kfree_skb(ath->rx_skb);
128 cancel_work_sync(&ath->ctxtsw);
130 hu->priv = NULL;
131 kfree(ath);
133 return 0;
136 static int ath_flush(struct hci_uart *hu)
138 struct ath_struct *ath = hu->priv;
140 BT_DBG("hu %p", hu);
142 skb_queue_purge(&ath->txq);
144 return 0;
147 static int ath_vendor_cmd(struct hci_dev *hdev, uint8_t opcode, uint16_t index,
148 const void *data, size_t dlen)
150 struct sk_buff *skb;
151 struct ath_vendor_cmd cmd;
153 if (dlen > sizeof(cmd.data))
154 return -EINVAL;
156 cmd.opcode = opcode;
157 cmd.index = cpu_to_le16(index);
158 cmd.len = dlen;
159 memcpy(cmd.data, data, dlen);
161 skb = __hci_cmd_sync(hdev, 0xfc0b, dlen + 4, &cmd, HCI_INIT_TIMEOUT);
162 if (IS_ERR(skb))
163 return PTR_ERR(skb);
164 kfree_skb(skb);
166 return 0;
169 static int ath_set_bdaddr(struct hci_dev *hdev, const bdaddr_t *bdaddr)
171 return ath_vendor_cmd(hdev, OP_WRITE_TAG, INDEX_BDADDR, bdaddr,
172 sizeof(*bdaddr));
175 static int ath_setup(struct hci_uart *hu)
177 BT_DBG("hu %p", hu);
179 hu->hdev->set_bdaddr = ath_set_bdaddr;
181 return 0;
184 static const struct h4_recv_pkt ath_recv_pkts[] = {
185 { H4_RECV_ACL, .recv = hci_recv_frame },
186 { H4_RECV_SCO, .recv = hci_recv_frame },
187 { H4_RECV_EVENT, .recv = hci_recv_frame },
190 static int ath_recv(struct hci_uart *hu, const void *data, int count)
192 struct ath_struct *ath = hu->priv;
194 ath->rx_skb = h4_recv_buf(hu->hdev, ath->rx_skb, data, count,
195 ath_recv_pkts, ARRAY_SIZE(ath_recv_pkts));
196 if (IS_ERR(ath->rx_skb)) {
197 int err = PTR_ERR(ath->rx_skb);
198 bt_dev_err(hu->hdev, "Frame reassembly failed (%d)", err);
199 ath->rx_skb = NULL;
200 return err;
203 return count;
206 #define HCI_OP_ATH_SLEEP 0xFC04
208 static int ath_enqueue(struct hci_uart *hu, struct sk_buff *skb)
210 struct ath_struct *ath = hu->priv;
212 if (hci_skb_pkt_type(skb) == HCI_SCODATA_PKT) {
213 kfree_skb(skb);
214 return 0;
217 /* Update power management enable flag with parameters of
218 * HCI sleep enable vendor specific HCI command.
220 if (hci_skb_pkt_type(skb) == HCI_COMMAND_PKT) {
221 struct hci_command_hdr *hdr = (void *)skb->data;
223 if (__le16_to_cpu(hdr->opcode) == HCI_OP_ATH_SLEEP)
224 ath->cur_sleep = skb->data[HCI_COMMAND_HDR_SIZE];
227 BT_DBG("hu %p skb %p", hu, skb);
229 /* Prepend skb with frame type */
230 memcpy(skb_push(skb, 1), &hci_skb_pkt_type(skb), 1);
232 skb_queue_tail(&ath->txq, skb);
233 set_bit(HCI_UART_SENDING, &hu->tx_state);
235 schedule_work(&ath->ctxtsw);
237 return 0;
240 static struct sk_buff *ath_dequeue(struct hci_uart *hu)
242 struct ath_struct *ath = hu->priv;
244 return skb_dequeue(&ath->txq);
247 static const struct hci_uart_proto athp = {
248 .id = HCI_UART_ATH3K,
249 .name = "ATH3K",
250 .manufacturer = 69,
251 .open = ath_open,
252 .close = ath_close,
253 .flush = ath_flush,
254 .setup = ath_setup,
255 .recv = ath_recv,
256 .enqueue = ath_enqueue,
257 .dequeue = ath_dequeue,
260 int __init ath_init(void)
262 return hci_uart_register_proto(&athp);
265 int __exit ath_deinit(void)
267 return hci_uart_unregister_proto(&athp);