bpf: Prevent memory disambiguation attack
[linux/fpc-iii.git] / drivers / uwb / beacon.c
blobf40745fcbd34ed6e9308ad763cc3970afd91cefe
1 /*
2 * Ultra Wide Band
3 * Beacon management
5 * Copyright (C) 2005-2006 Intel Corporation
6 * Inaky Perez-Gonzalez <inaky.perez-gonzalez@intel.com>
8 * This program is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU General Public License version
10 * 2 as published by the Free Software Foundation.
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
20 * 02110-1301, USA.
23 * FIXME: docs
25 #include <linux/kernel.h>
26 #include <linux/init.h>
27 #include <linux/module.h>
28 #include <linux/device.h>
29 #include <linux/err.h>
30 #include <linux/kdev_t.h>
31 #include <linux/slab.h>
33 #include "uwb-internal.h"
35 /* Start Beaconing command structure */
36 struct uwb_rc_cmd_start_beacon {
37 struct uwb_rccb rccb;
38 __le16 wBPSTOffset;
39 u8 bChannelNumber;
40 } __attribute__((packed));
43 static int uwb_rc_start_beacon(struct uwb_rc *rc, u16 bpst_offset, u8 channel)
45 int result;
46 struct uwb_rc_cmd_start_beacon *cmd;
47 struct uwb_rc_evt_confirm reply;
49 cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
50 if (cmd == NULL)
51 return -ENOMEM;
52 cmd->rccb.bCommandType = UWB_RC_CET_GENERAL;
53 cmd->rccb.wCommand = cpu_to_le16(UWB_RC_CMD_START_BEACON);
54 cmd->wBPSTOffset = cpu_to_le16(bpst_offset);
55 cmd->bChannelNumber = channel;
56 reply.rceb.bEventType = UWB_RC_CET_GENERAL;
57 reply.rceb.wEvent = UWB_RC_CMD_START_BEACON;
58 result = uwb_rc_cmd(rc, "START-BEACON", &cmd->rccb, sizeof(*cmd),
59 &reply.rceb, sizeof(reply));
60 if (result < 0)
61 goto error_cmd;
62 if (reply.bResultCode != UWB_RC_RES_SUCCESS) {
63 dev_err(&rc->uwb_dev.dev,
64 "START-BEACON: command execution failed: %s (%d)\n",
65 uwb_rc_strerror(reply.bResultCode), reply.bResultCode);
66 result = -EIO;
68 error_cmd:
69 kfree(cmd);
70 return result;
73 static int uwb_rc_stop_beacon(struct uwb_rc *rc)
75 int result;
76 struct uwb_rccb *cmd;
77 struct uwb_rc_evt_confirm reply;
79 cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
80 if (cmd == NULL)
81 return -ENOMEM;
82 cmd->bCommandType = UWB_RC_CET_GENERAL;
83 cmd->wCommand = cpu_to_le16(UWB_RC_CMD_STOP_BEACON);
84 reply.rceb.bEventType = UWB_RC_CET_GENERAL;
85 reply.rceb.wEvent = UWB_RC_CMD_STOP_BEACON;
86 result = uwb_rc_cmd(rc, "STOP-BEACON", cmd, sizeof(*cmd),
87 &reply.rceb, sizeof(reply));
88 if (result < 0)
89 goto error_cmd;
90 if (reply.bResultCode != UWB_RC_RES_SUCCESS) {
91 dev_err(&rc->uwb_dev.dev,
92 "STOP-BEACON: command execution failed: %s (%d)\n",
93 uwb_rc_strerror(reply.bResultCode), reply.bResultCode);
94 result = -EIO;
96 error_cmd:
97 kfree(cmd);
98 return result;
102 * Start/stop beacons
104 * @rc: UWB Radio Controller to operate on
105 * @channel: UWB channel on which to beacon (WUSB[table
106 * 5-12]). If -1, stop beaconing.
107 * @bpst_offset: Beacon Period Start Time offset; FIXME-do zero
109 * According to WHCI 0.95 [4.13.6] the driver will only receive the RCEB
110 * of a SET IE command after the device sent the first beacon that includes
111 * the IEs specified in the SET IE command. So, after we start beaconing we
112 * check if there is anything in the IE cache and call the SET IE command
113 * if needed.
115 int uwb_rc_beacon(struct uwb_rc *rc, int channel, unsigned bpst_offset)
117 int result;
118 struct device *dev = &rc->uwb_dev.dev;
120 dev_dbg(dev, "%s: channel = %d\n", __func__, channel);
121 if (channel < 0)
122 channel = -1;
123 if (channel == -1)
124 result = uwb_rc_stop_beacon(rc);
125 else {
126 /* channel >= 0...dah */
127 result = uwb_rc_start_beacon(rc, bpst_offset, channel);
128 if (result < 0) {
129 dev_err(dev, "Cannot start beaconing: %d\n", result);
130 return result;
132 if (le16_to_cpu(rc->ies->wIELength) > 0) {
133 result = uwb_rc_set_ie(rc, rc->ies);
134 if (result < 0) {
135 dev_err(dev, "Cannot set new IE on device: "
136 "%d\n", result);
137 result = uwb_rc_stop_beacon(rc);
138 channel = -1;
139 bpst_offset = 0;
144 if (result >= 0)
145 rc->beaconing = channel;
146 return result;
150 * Beacon cache
152 * The purpose of this is to speed up the lookup of becon information
153 * when a new beacon arrives. The UWB Daemon uses it also to keep a
154 * tab of which devices are in radio distance and which not. When a
155 * device's beacon stays present for more than a certain amount of
156 * time, it is considered a new, usable device. When a beacon ceases
157 * to be received for a certain amount of time, it is considered that
158 * the device is gone.
160 * FIXME: use an allocator for the entries
161 * FIXME: use something faster for search than a list
164 void uwb_bce_kfree(struct kref *_bce)
166 struct uwb_beca_e *bce = container_of(_bce, struct uwb_beca_e, refcnt);
168 kfree(bce->be);
169 kfree(bce);
173 /* Find a beacon by dev addr in the cache */
174 static
175 struct uwb_beca_e *__uwb_beca_find_bydev(struct uwb_rc *rc,
176 const struct uwb_dev_addr *dev_addr)
178 struct uwb_beca_e *bce, *next;
179 list_for_each_entry_safe(bce, next, &rc->uwb_beca.list, node) {
180 if (!memcmp(&bce->dev_addr, dev_addr, sizeof(bce->dev_addr)))
181 goto out;
183 bce = NULL;
184 out:
185 return bce;
188 /* Find a beacon by dev addr in the cache */
189 static
190 struct uwb_beca_e *__uwb_beca_find_bymac(struct uwb_rc *rc,
191 const struct uwb_mac_addr *mac_addr)
193 struct uwb_beca_e *bce, *next;
194 list_for_each_entry_safe(bce, next, &rc->uwb_beca.list, node) {
195 if (!memcmp(bce->mac_addr, mac_addr->data,
196 sizeof(struct uwb_mac_addr)))
197 goto out;
199 bce = NULL;
200 out:
201 return bce;
205 * uwb_dev_get_by_devaddr - get a UWB device with a specific DevAddr
206 * @rc: the radio controller that saw the device
207 * @devaddr: DevAddr of the UWB device to find
209 * There may be more than one matching device (in the case of a
210 * DevAddr conflict), but only the first one is returned.
212 struct uwb_dev *uwb_dev_get_by_devaddr(struct uwb_rc *rc,
213 const struct uwb_dev_addr *devaddr)
215 struct uwb_dev *found = NULL;
216 struct uwb_beca_e *bce;
218 mutex_lock(&rc->uwb_beca.mutex);
219 bce = __uwb_beca_find_bydev(rc, devaddr);
220 if (bce)
221 found = uwb_dev_try_get(rc, bce->uwb_dev);
222 mutex_unlock(&rc->uwb_beca.mutex);
224 return found;
228 * uwb_dev_get_by_macaddr - get a UWB device with a specific EUI-48
229 * @rc: the radio controller that saw the device
230 * @devaddr: EUI-48 of the UWB device to find
232 struct uwb_dev *uwb_dev_get_by_macaddr(struct uwb_rc *rc,
233 const struct uwb_mac_addr *macaddr)
235 struct uwb_dev *found = NULL;
236 struct uwb_beca_e *bce;
238 mutex_lock(&rc->uwb_beca.mutex);
239 bce = __uwb_beca_find_bymac(rc, macaddr);
240 if (bce)
241 found = uwb_dev_try_get(rc, bce->uwb_dev);
242 mutex_unlock(&rc->uwb_beca.mutex);
244 return found;
247 /* Initialize a beacon cache entry */
248 static void uwb_beca_e_init(struct uwb_beca_e *bce)
250 mutex_init(&bce->mutex);
251 kref_init(&bce->refcnt);
252 stats_init(&bce->lqe_stats);
253 stats_init(&bce->rssi_stats);
257 * Add a beacon to the cache
259 * @be: Beacon event information
260 * @bf: Beacon frame (part of b, really)
261 * @ts_jiffies: Timestamp (in jiffies) when the beacon was received
263 static
264 struct uwb_beca_e *__uwb_beca_add(struct uwb_rc *rc,
265 struct uwb_rc_evt_beacon *be,
266 struct uwb_beacon_frame *bf,
267 unsigned long ts_jiffies)
269 struct uwb_beca_e *bce;
271 bce = kzalloc(sizeof(*bce), GFP_KERNEL);
272 if (bce == NULL)
273 return NULL;
274 uwb_beca_e_init(bce);
275 bce->ts_jiffies = ts_jiffies;
276 bce->uwb_dev = NULL;
277 list_add(&bce->node, &rc->uwb_beca.list);
278 return bce;
282 * Wipe out beacon entries that became stale
284 * Remove associated devicest too.
286 void uwb_beca_purge(struct uwb_rc *rc)
288 struct uwb_beca_e *bce, *next;
289 unsigned long expires;
291 mutex_lock(&rc->uwb_beca.mutex);
292 list_for_each_entry_safe(bce, next, &rc->uwb_beca.list, node) {
293 expires = bce->ts_jiffies + msecs_to_jiffies(beacon_timeout_ms);
294 if (time_after(jiffies, expires)) {
295 uwbd_dev_offair(bce);
298 mutex_unlock(&rc->uwb_beca.mutex);
301 /* Clean up the whole beacon cache. Called on shutdown */
302 void uwb_beca_release(struct uwb_rc *rc)
304 struct uwb_beca_e *bce, *next;
306 mutex_lock(&rc->uwb_beca.mutex);
307 list_for_each_entry_safe(bce, next, &rc->uwb_beca.list, node) {
308 list_del(&bce->node);
309 uwb_bce_put(bce);
311 mutex_unlock(&rc->uwb_beca.mutex);
314 static void uwb_beacon_print(struct uwb_rc *rc, struct uwb_rc_evt_beacon *be,
315 struct uwb_beacon_frame *bf)
317 char macbuf[UWB_ADDR_STRSIZE];
318 char devbuf[UWB_ADDR_STRSIZE];
319 char dstbuf[UWB_ADDR_STRSIZE];
321 uwb_mac_addr_print(macbuf, sizeof(macbuf), &bf->Device_Identifier);
322 uwb_dev_addr_print(devbuf, sizeof(devbuf), &bf->hdr.SrcAddr);
323 uwb_dev_addr_print(dstbuf, sizeof(dstbuf), &bf->hdr.DestAddr);
324 dev_info(&rc->uwb_dev.dev,
325 "BEACON from %s to %s (ch%u offset %u slot %u MAC %s)\n",
326 devbuf, dstbuf, be->bChannelNumber, be->wBPSTOffset,
327 bf->Beacon_Slot_Number, macbuf);
331 * @bce: beacon cache entry, referenced
333 ssize_t uwb_bce_print_IEs(struct uwb_dev *uwb_dev, struct uwb_beca_e *bce,
334 char *buf, size_t size)
336 ssize_t result = 0;
337 struct uwb_rc_evt_beacon *be;
338 struct uwb_beacon_frame *bf;
339 int ies_len;
340 struct uwb_ie_hdr *ies;
342 mutex_lock(&bce->mutex);
344 be = bce->be;
345 if (be) {
346 bf = (struct uwb_beacon_frame *)bce->be->BeaconInfo;
347 ies_len = be->wBeaconInfoLength - sizeof(struct uwb_beacon_frame);
348 ies = (struct uwb_ie_hdr *)bf->IEData;
350 result = uwb_ie_dump_hex(ies, ies_len, buf, size);
353 mutex_unlock(&bce->mutex);
355 return result;
359 * Verify that the beacon event, frame and IEs are ok
361 static int uwb_verify_beacon(struct uwb_rc *rc, struct uwb_event *evt,
362 struct uwb_rc_evt_beacon *be)
364 int result = -EINVAL;
365 struct uwb_beacon_frame *bf;
366 struct device *dev = &rc->uwb_dev.dev;
368 /* Is there enough data to decode a beacon frame? */
369 if (evt->notif.size < sizeof(*be) + sizeof(*bf)) {
370 dev_err(dev, "BEACON event: Not enough data to decode "
371 "(%zu vs %zu bytes needed)\n", evt->notif.size,
372 sizeof(*be) + sizeof(*bf));
373 goto error;
375 /* FIXME: make sure beacon frame IEs are fine and that the whole thing
376 * is consistent */
377 result = 0;
378 error:
379 return result;
383 * Handle UWB_RC_EVT_BEACON events
385 * We check the beacon cache to see how the received beacon fares. If
386 * is there already we refresh the timestamp. If not we create a new
387 * entry.
389 * According to the WHCI and WUSB specs, only one beacon frame is
390 * allowed per notification block, so we don't bother about scanning
391 * for more.
393 int uwbd_evt_handle_rc_beacon(struct uwb_event *evt)
395 int result = -EINVAL;
396 struct uwb_rc *rc;
397 struct uwb_rc_evt_beacon *be;
398 struct uwb_beacon_frame *bf;
399 struct uwb_beca_e *bce;
401 rc = evt->rc;
402 be = container_of(evt->notif.rceb, struct uwb_rc_evt_beacon, rceb);
403 result = uwb_verify_beacon(rc, evt, be);
404 if (result < 0)
405 return result;
407 /* FIXME: handle alien beacons. */
408 if (be->bBeaconType == UWB_RC_BEACON_TYPE_OL_ALIEN ||
409 be->bBeaconType == UWB_RC_BEACON_TYPE_NOL_ALIEN) {
410 return -ENOSYS;
413 bf = (struct uwb_beacon_frame *) be->BeaconInfo;
416 * Drop beacons from devices with a NULL EUI-48 -- they cannot
417 * be uniquely identified.
419 * It's expected that these will all be WUSB devices and they
420 * have a WUSB specific connection method so ignoring them
421 * here shouldn't be a problem.
423 if (uwb_mac_addr_bcast(&bf->Device_Identifier))
424 return 0;
426 mutex_lock(&rc->uwb_beca.mutex);
427 bce = __uwb_beca_find_bymac(rc, &bf->Device_Identifier);
428 if (bce == NULL) {
429 /* Not in there, a new device is pinging */
430 uwb_beacon_print(evt->rc, be, bf);
431 bce = __uwb_beca_add(rc, be, bf, evt->ts_jiffies);
432 if (bce == NULL) {
433 mutex_unlock(&rc->uwb_beca.mutex);
434 return -ENOMEM;
437 mutex_unlock(&rc->uwb_beca.mutex);
439 mutex_lock(&bce->mutex);
440 /* purge old beacon data */
441 kfree(bce->be);
443 /* Update commonly used fields */
444 bce->ts_jiffies = evt->ts_jiffies;
445 bce->be = be;
446 bce->dev_addr = bf->hdr.SrcAddr;
447 bce->mac_addr = &bf->Device_Identifier;
448 be->wBPSTOffset = le16_to_cpu(be->wBPSTOffset);
449 be->wBeaconInfoLength = le16_to_cpu(be->wBeaconInfoLength);
450 stats_add_sample(&bce->lqe_stats, be->bLQI - 7);
451 stats_add_sample(&bce->rssi_stats, be->bRSSI + 18);
454 * This might be a beacon from a new device.
456 if (bce->uwb_dev == NULL)
457 uwbd_dev_onair(evt->rc, bce);
459 mutex_unlock(&bce->mutex);
461 return 1; /* we keep the event data */
465 * Handle UWB_RC_EVT_BEACON_SIZE events
467 * XXXXX
469 int uwbd_evt_handle_rc_beacon_size(struct uwb_event *evt)
471 int result = -EINVAL;
472 struct device *dev = &evt->rc->uwb_dev.dev;
473 struct uwb_rc_evt_beacon_size *bs;
475 /* Is there enough data to decode the event? */
476 if (evt->notif.size < sizeof(*bs)) {
477 dev_err(dev, "BEACON SIZE notification: Not enough data to "
478 "decode (%zu vs %zu bytes needed)\n",
479 evt->notif.size, sizeof(*bs));
480 goto error;
482 bs = container_of(evt->notif.rceb, struct uwb_rc_evt_beacon_size, rceb);
483 if (0)
484 dev_info(dev, "Beacon size changed to %u bytes "
485 "(FIXME: action?)\n", le16_to_cpu(bs->wNewBeaconSize));
486 else {
487 /* temporary hack until we do something with this message... */
488 static unsigned count;
489 if (++count % 1000 == 0)
490 dev_info(dev, "Beacon size changed %u times "
491 "(FIXME: action?)\n", count);
493 result = 0;
494 error:
495 return result;
499 * uwbd_evt_handle_rc_bp_slot_change - handle a BP_SLOT_CHANGE event
500 * @evt: the BP_SLOT_CHANGE notification from the radio controller
502 * If the event indicates that no beacon period slots were available
503 * then radio controller has transitioned to a non-beaconing state.
504 * Otherwise, simply save the current beacon slot.
506 int uwbd_evt_handle_rc_bp_slot_change(struct uwb_event *evt)
508 struct uwb_rc *rc = evt->rc;
509 struct device *dev = &rc->uwb_dev.dev;
510 struct uwb_rc_evt_bp_slot_change *bpsc;
512 if (evt->notif.size < sizeof(*bpsc)) {
513 dev_err(dev, "BP SLOT CHANGE event: Not enough data\n");
514 return -EINVAL;
516 bpsc = container_of(evt->notif.rceb, struct uwb_rc_evt_bp_slot_change, rceb);
518 if (uwb_rc_evt_bp_slot_change_no_slot(bpsc)) {
519 dev_err(dev, "stopped beaconing: No free slots in BP\n");
520 mutex_lock(&rc->uwb_dev.mutex);
521 rc->beaconing = -1;
522 mutex_unlock(&rc->uwb_dev.mutex);
523 } else
524 rc->uwb_dev.beacon_slot = uwb_rc_evt_bp_slot_change_slot_num(bpsc);
526 return 0;
530 * Handle UWB_RC_EVT_BPOIE_CHANGE events
532 * XXXXX
534 struct uwb_ie_bpo {
535 struct uwb_ie_hdr hdr;
536 u8 bp_length;
537 u8 data[];
538 } __attribute__((packed));
540 int uwbd_evt_handle_rc_bpoie_change(struct uwb_event *evt)
542 int result = -EINVAL;
543 struct device *dev = &evt->rc->uwb_dev.dev;
544 struct uwb_rc_evt_bpoie_change *bpoiec;
545 struct uwb_ie_bpo *bpoie;
546 static unsigned count; /* FIXME: this is a temp hack */
547 size_t iesize;
549 /* Is there enough data to decode it? */
550 if (evt->notif.size < sizeof(*bpoiec)) {
551 dev_err(dev, "BPOIEC notification: Not enough data to "
552 "decode (%zu vs %zu bytes needed)\n",
553 evt->notif.size, sizeof(*bpoiec));
554 goto error;
556 bpoiec = container_of(evt->notif.rceb, struct uwb_rc_evt_bpoie_change, rceb);
557 iesize = le16_to_cpu(bpoiec->wBPOIELength);
558 if (iesize < sizeof(*bpoie)) {
559 dev_err(dev, "BPOIEC notification: Not enough IE data to "
560 "decode (%zu vs %zu bytes needed)\n",
561 iesize, sizeof(*bpoie));
562 goto error;
564 if (++count % 1000 == 0) /* Lame placeholder */
565 dev_info(dev, "BPOIE: %u changes received\n", count);
567 * FIXME: At this point we should go over all the IEs in the
568 * bpoiec->BPOIE array and act on each.
570 result = 0;
571 error:
572 return result;
576 * Print beaconing state.
578 static ssize_t uwb_rc_beacon_show(struct device *dev,
579 struct device_attribute *attr, char *buf)
581 struct uwb_dev *uwb_dev = to_uwb_dev(dev);
582 struct uwb_rc *rc = uwb_dev->rc;
583 ssize_t result;
585 mutex_lock(&rc->uwb_dev.mutex);
586 result = sprintf(buf, "%d\n", rc->beaconing);
587 mutex_unlock(&rc->uwb_dev.mutex);
588 return result;
592 * Start beaconing on the specified channel, or stop beaconing.
594 static ssize_t uwb_rc_beacon_store(struct device *dev,
595 struct device_attribute *attr,
596 const char *buf, size_t size)
598 struct uwb_dev *uwb_dev = to_uwb_dev(dev);
599 struct uwb_rc *rc = uwb_dev->rc;
600 int channel;
601 ssize_t result = -EINVAL;
603 result = sscanf(buf, "%d", &channel);
604 if (result >= 1)
605 result = uwb_radio_force_channel(rc, channel);
607 return result < 0 ? result : size;
609 DEVICE_ATTR(beacon, S_IRUGO | S_IWUSR, uwb_rc_beacon_show, uwb_rc_beacon_store);