HID: hiddev: Fix slab-out-of-bounds write in hiddev_ioctl_usage()
[linux/fpc-iii.git] / drivers / bluetooth / btwilink.c
blob57eb935aedc73b4a782d42f676ec06a0ad5bed5a
1 /*
2 * Texas Instrument's Bluetooth Driver For Shared Transport.
4 * Bluetooth Driver acts as interface between HCI core and
5 * TI Shared Transport Layer.
7 * Copyright (C) 2009-2010 Texas Instruments
8 * Author: Raja Mani <raja_mani@ti.com>
9 * Pavan Savoy <pavan_savoy@ti.com>
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License version 2 as
13 * published by the Free Software Foundation.
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, write to the Free Software
22 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
26 #include <linux/platform_device.h>
27 #include <net/bluetooth/bluetooth.h>
28 #include <net/bluetooth/hci_core.h>
29 #include <net/bluetooth/hci.h>
31 #include <linux/ti_wilink_st.h>
32 #include <linux/module.h>
34 /* Bluetooth Driver Version */
35 #define VERSION "1.0"
36 #define MAX_BT_CHNL_IDS 3
38 /* Number of seconds to wait for registration completion
39 * when ST returns PENDING status.
41 #define BT_REGISTER_TIMEOUT 6000 /* 6 sec */
43 /**
44 * struct ti_st - driver operation structure
45 * @hdev: hci device pointer which binds to bt driver
46 * @reg_status: ST registration callback status
47 * @st_write: write function provided by the ST driver
48 * to be used by the driver during send_frame.
49 * @wait_reg_completion - completion sync between ti_st_open
50 * and st_reg_completion_cb.
52 struct ti_st {
53 struct hci_dev *hdev;
54 char reg_status;
55 long (*st_write) (struct sk_buff *);
56 struct completion wait_reg_completion;
59 /* Increments HCI counters based on pocket ID (cmd,acl,sco) */
60 static inline void ti_st_tx_complete(struct ti_st *hst, int pkt_type)
62 struct hci_dev *hdev = hst->hdev;
64 /* Update HCI stat counters */
65 switch (pkt_type) {
66 case HCI_COMMAND_PKT:
67 hdev->stat.cmd_tx++;
68 break;
70 case HCI_ACLDATA_PKT:
71 hdev->stat.acl_tx++;
72 break;
74 case HCI_SCODATA_PKT:
75 hdev->stat.sco_tx++;
76 break;
80 /* ------- Interfaces to Shared Transport ------ */
82 /* Called by ST layer to indicate protocol registration completion
83 * status.ti_st_open() function will wait for signal from this
84 * API when st_register() function returns ST_PENDING.
86 static void st_reg_completion_cb(void *priv_data, char data)
88 struct ti_st *lhst = priv_data;
90 /* Save registration status for use in ti_st_open() */
91 lhst->reg_status = data;
92 /* complete the wait in ti_st_open() */
93 complete(&lhst->wait_reg_completion);
96 /* Called by Shared Transport layer when receive data is
97 * available */
98 static long st_receive(void *priv_data, struct sk_buff *skb)
100 struct ti_st *lhst = priv_data;
101 int err;
103 if (!skb)
104 return -EFAULT;
106 if (!lhst) {
107 kfree_skb(skb);
108 return -EFAULT;
111 /* Forward skb to HCI core layer */
112 err = hci_recv_frame(lhst->hdev, skb);
113 if (err < 0) {
114 BT_ERR("Unable to push skb to HCI core(%d)", err);
115 return err;
118 lhst->hdev->stat.byte_rx += skb->len;
120 return 0;
123 /* ------- Interfaces to HCI layer ------ */
124 /* protocol structure registered with shared transport */
125 static struct st_proto_s ti_st_proto[MAX_BT_CHNL_IDS] = {
127 .chnl_id = HCI_EVENT_PKT, /* HCI Events */
128 .hdr_len = sizeof(struct hci_event_hdr),
129 .offset_len_in_hdr = offsetof(struct hci_event_hdr, plen),
130 .len_size = 1, /* sizeof(plen) in struct hci_event_hdr */
131 .reserve = 8,
134 .chnl_id = HCI_ACLDATA_PKT, /* ACL */
135 .hdr_len = sizeof(struct hci_acl_hdr),
136 .offset_len_in_hdr = offsetof(struct hci_acl_hdr, dlen),
137 .len_size = 2, /* sizeof(dlen) in struct hci_acl_hdr */
138 .reserve = 8,
141 .chnl_id = HCI_SCODATA_PKT, /* SCO */
142 .hdr_len = sizeof(struct hci_sco_hdr),
143 .offset_len_in_hdr = offsetof(struct hci_sco_hdr, dlen),
144 .len_size = 1, /* sizeof(dlen) in struct hci_sco_hdr */
145 .reserve = 8,
149 /* Called from HCI core to initialize the device */
150 static int ti_st_open(struct hci_dev *hdev)
152 unsigned long timeleft;
153 struct ti_st *hst;
154 int err, i;
156 BT_DBG("%s %p", hdev->name, hdev);
158 /* provide contexts for callbacks from ST */
159 hst = hci_get_drvdata(hdev);
161 for (i = 0; i < MAX_BT_CHNL_IDS; i++) {
162 ti_st_proto[i].priv_data = hst;
163 ti_st_proto[i].max_frame_size = HCI_MAX_FRAME_SIZE;
164 ti_st_proto[i].recv = st_receive;
165 ti_st_proto[i].reg_complete_cb = st_reg_completion_cb;
167 /* Prepare wait-for-completion handler */
168 init_completion(&hst->wait_reg_completion);
169 /* Reset ST registration callback status flag,
170 * this value will be updated in
171 * st_reg_completion_cb()
172 * function whenever it called from ST driver.
174 hst->reg_status = -EINPROGRESS;
176 err = st_register(&ti_st_proto[i]);
177 if (!err)
178 goto done;
180 if (err != -EINPROGRESS) {
181 BT_ERR("st_register failed %d", err);
182 return err;
185 /* ST is busy with either protocol
186 * registration or firmware download.
188 BT_DBG("waiting for registration "
189 "completion signal from ST");
190 timeleft = wait_for_completion_timeout
191 (&hst->wait_reg_completion,
192 msecs_to_jiffies(BT_REGISTER_TIMEOUT));
193 if (!timeleft) {
194 BT_ERR("Timeout(%d sec),didn't get reg "
195 "completion signal from ST",
196 BT_REGISTER_TIMEOUT / 1000);
197 return -ETIMEDOUT;
200 /* Is ST registration callback
201 * called with ERROR status? */
202 if (hst->reg_status != 0) {
203 BT_ERR("ST registration completed with invalid "
204 "status %d", hst->reg_status);
205 return -EAGAIN;
208 done:
209 hst->st_write = ti_st_proto[i].write;
210 if (!hst->st_write) {
211 BT_ERR("undefined ST write function");
212 for (i = 0; i < MAX_BT_CHNL_IDS; i++) {
213 /* Undo registration with ST */
214 err = st_unregister(&ti_st_proto[i]);
215 if (err)
216 BT_ERR("st_unregister() failed with "
217 "error %d", err);
218 hst->st_write = NULL;
220 return -EIO;
223 return 0;
226 /* Close device */
227 static int ti_st_close(struct hci_dev *hdev)
229 int err, i;
230 struct ti_st *hst = hci_get_drvdata(hdev);
232 for (i = MAX_BT_CHNL_IDS-1; i >= 0; i--) {
233 err = st_unregister(&ti_st_proto[i]);
234 if (err)
235 BT_ERR("st_unregister(%d) failed with error %d",
236 ti_st_proto[i].chnl_id, err);
239 hst->st_write = NULL;
241 return err;
244 static int ti_st_send_frame(struct hci_dev *hdev, struct sk_buff *skb)
246 struct ti_st *hst;
247 long len;
249 hst = hci_get_drvdata(hdev);
251 /* Prepend skb with frame type */
252 memcpy(skb_push(skb, 1), &bt_cb(skb)->pkt_type, 1);
254 BT_DBG("%s: type %d len %d", hdev->name, bt_cb(skb)->pkt_type,
255 skb->len);
257 /* Insert skb to shared transport layer's transmit queue.
258 * Freeing skb memory is taken care in shared transport layer,
259 * so don't free skb memory here.
261 len = hst->st_write(skb);
262 if (len < 0) {
263 kfree_skb(skb);
264 BT_ERR("ST write failed (%ld)", len);
265 /* Try Again, would only fail if UART has gone bad */
266 return -EAGAIN;
269 /* ST accepted our skb. So, Go ahead and do rest */
270 hdev->stat.byte_tx += len;
271 ti_st_tx_complete(hst, bt_cb(skb)->pkt_type);
273 return 0;
276 static int bt_ti_probe(struct platform_device *pdev)
278 static struct ti_st *hst;
279 struct hci_dev *hdev;
280 int err;
282 hst = devm_kzalloc(&pdev->dev, sizeof(struct ti_st), GFP_KERNEL);
283 if (!hst)
284 return -ENOMEM;
286 /* Expose "hciX" device to user space */
287 hdev = hci_alloc_dev();
288 if (!hdev)
289 return -ENOMEM;
291 BT_DBG("hdev %p", hdev);
293 hst->hdev = hdev;
294 hdev->bus = HCI_UART;
295 hci_set_drvdata(hdev, hst);
296 hdev->open = ti_st_open;
297 hdev->close = ti_st_close;
298 hdev->flush = NULL;
299 hdev->send = ti_st_send_frame;
301 err = hci_register_dev(hdev);
302 if (err < 0) {
303 BT_ERR("Can't register HCI device error %d", err);
304 hci_free_dev(hdev);
305 return err;
308 BT_DBG("HCI device registered (hdev %p)", hdev);
310 dev_set_drvdata(&pdev->dev, hst);
311 return err;
314 static int bt_ti_remove(struct platform_device *pdev)
316 struct hci_dev *hdev;
317 struct ti_st *hst = dev_get_drvdata(&pdev->dev);
319 if (!hst)
320 return -EFAULT;
322 BT_DBG("%s", hst->hdev->name);
324 hdev = hst->hdev;
325 ti_st_close(hdev);
326 hci_unregister_dev(hdev);
328 hci_free_dev(hdev);
330 dev_set_drvdata(&pdev->dev, NULL);
331 return 0;
334 static struct platform_driver btwilink_driver = {
335 .probe = bt_ti_probe,
336 .remove = bt_ti_remove,
337 .driver = {
338 .name = "btwilink",
342 module_platform_driver(btwilink_driver);
344 /* ------ Module Info ------ */
346 MODULE_AUTHOR("Raja Mani <raja_mani@ti.com>");
347 MODULE_DESCRIPTION("Bluetooth Driver for TI Shared Transport" VERSION);
348 MODULE_VERSION(VERSION);
349 MODULE_LICENSE("GPL");