bpf: Prevent memory disambiguation attack
[linux/fpc-iii.git] / drivers / uwb / est.c
blobf3e232584284a906309247e5ed5f3c0fef54e472
1 /*
2 * Ultra Wide Band Radio Control
3 * Event Size Tables management
5 * Copyright (C) 2005-2006 Intel Corporation
6 * Inaky Perez-Gonzalez <inaky.perez-gonzalez@intel.com>
8 * This program is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU General Public License version
10 * 2 as published by the Free Software Foundation.
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
20 * 02110-1301, USA.
23 * FIXME: docs
25 * Infrastructure, code and data tables for guessing the size of
26 * events received on the notification endpoints of UWB radio
27 * controllers.
29 * You define a table of events and for each, its size and how to get
30 * the extra size.
32 * ENTRY POINTS:
34 * uwb_est_{init/destroy}(): To initialize/release the EST subsystem.
36 * uwb_est_[u]register(): To un/register event size tables
37 * uwb_est_grow()
39 * uwb_est_find_size(): Get the size of an event
40 * uwb_est_get_size()
42 #include <linux/spinlock.h>
43 #include <linux/slab.h>
44 #include <linux/export.h>
46 #include "uwb-internal.h"
48 struct uwb_est {
49 u16 type_event_high;
50 u16 vendor, product;
51 u8 entries;
52 const struct uwb_est_entry *entry;
55 static struct uwb_est *uwb_est;
56 static u8 uwb_est_size;
57 static u8 uwb_est_used;
58 static DEFINE_RWLOCK(uwb_est_lock);
60 /**
61 * WUSB Standard Event Size Table, HWA-RC interface
63 * Sizes for events and notifications type 0 (general), high nibble 0.
65 static
66 struct uwb_est_entry uwb_est_00_00xx[] = {
67 [UWB_RC_EVT_IE_RCV] = {
68 .size = sizeof(struct uwb_rc_evt_ie_rcv),
69 .offset = 1 + offsetof(struct uwb_rc_evt_ie_rcv, wIELength),
71 [UWB_RC_EVT_BEACON] = {
72 .size = sizeof(struct uwb_rc_evt_beacon),
73 .offset = 1 + offsetof(struct uwb_rc_evt_beacon, wBeaconInfoLength),
75 [UWB_RC_EVT_BEACON_SIZE] = {
76 .size = sizeof(struct uwb_rc_evt_beacon_size),
78 [UWB_RC_EVT_BPOIE_CHANGE] = {
79 .size = sizeof(struct uwb_rc_evt_bpoie_change),
80 .offset = 1 + offsetof(struct uwb_rc_evt_bpoie_change,
81 wBPOIELength),
83 [UWB_RC_EVT_BP_SLOT_CHANGE] = {
84 .size = sizeof(struct uwb_rc_evt_bp_slot_change),
86 [UWB_RC_EVT_BP_SWITCH_IE_RCV] = {
87 .size = sizeof(struct uwb_rc_evt_bp_switch_ie_rcv),
88 .offset = 1 + offsetof(struct uwb_rc_evt_bp_switch_ie_rcv, wIELength),
90 [UWB_RC_EVT_DEV_ADDR_CONFLICT] = {
91 .size = sizeof(struct uwb_rc_evt_dev_addr_conflict),
93 [UWB_RC_EVT_DRP_AVAIL] = {
94 .size = sizeof(struct uwb_rc_evt_drp_avail)
96 [UWB_RC_EVT_DRP] = {
97 .size = sizeof(struct uwb_rc_evt_drp),
98 .offset = 1 + offsetof(struct uwb_rc_evt_drp, ie_length),
100 [UWB_RC_EVT_BP_SWITCH_STATUS] = {
101 .size = sizeof(struct uwb_rc_evt_bp_switch_status),
103 [UWB_RC_EVT_CMD_FRAME_RCV] = {
104 .size = sizeof(struct uwb_rc_evt_cmd_frame_rcv),
105 .offset = 1 + offsetof(struct uwb_rc_evt_cmd_frame_rcv, dataLength),
107 [UWB_RC_EVT_CHANNEL_CHANGE_IE_RCV] = {
108 .size = sizeof(struct uwb_rc_evt_channel_change_ie_rcv),
109 .offset = 1 + offsetof(struct uwb_rc_evt_channel_change_ie_rcv, wIELength),
111 [UWB_RC_CMD_CHANNEL_CHANGE] = {
112 .size = sizeof(struct uwb_rc_evt_confirm),
114 [UWB_RC_CMD_DEV_ADDR_MGMT] = {
115 .size = sizeof(struct uwb_rc_evt_dev_addr_mgmt) },
116 [UWB_RC_CMD_GET_IE] = {
117 .size = sizeof(struct uwb_rc_evt_get_ie),
118 .offset = 1 + offsetof(struct uwb_rc_evt_get_ie, wIELength),
120 [UWB_RC_CMD_RESET] = {
121 .size = sizeof(struct uwb_rc_evt_confirm),
123 [UWB_RC_CMD_SCAN] = {
124 .size = sizeof(struct uwb_rc_evt_confirm),
126 [UWB_RC_CMD_SET_BEACON_FILTER] = {
127 .size = sizeof(struct uwb_rc_evt_confirm),
129 [UWB_RC_CMD_SET_DRP_IE] = {
130 .size = sizeof(struct uwb_rc_evt_set_drp_ie),
132 [UWB_RC_CMD_SET_IE] = {
133 .size = sizeof(struct uwb_rc_evt_set_ie),
135 [UWB_RC_CMD_SET_NOTIFICATION_FILTER] = {
136 .size = sizeof(struct uwb_rc_evt_confirm),
138 [UWB_RC_CMD_SET_TX_POWER] = {
139 .size = sizeof(struct uwb_rc_evt_confirm),
141 [UWB_RC_CMD_SLEEP] = {
142 .size = sizeof(struct uwb_rc_evt_confirm),
144 [UWB_RC_CMD_START_BEACON] = {
145 .size = sizeof(struct uwb_rc_evt_confirm),
147 [UWB_RC_CMD_STOP_BEACON] = {
148 .size = sizeof(struct uwb_rc_evt_confirm),
150 [UWB_RC_CMD_BP_MERGE] = {
151 .size = sizeof(struct uwb_rc_evt_confirm),
153 [UWB_RC_CMD_SEND_COMMAND_FRAME] = {
154 .size = sizeof(struct uwb_rc_evt_confirm),
156 [UWB_RC_CMD_SET_ASIE_NOTIF] = {
157 .size = sizeof(struct uwb_rc_evt_confirm),
161 static
162 struct uwb_est_entry uwb_est_01_00xx[] = {
163 [UWB_RC_DAA_ENERGY_DETECTED] = {
164 .size = sizeof(struct uwb_rc_evt_daa_energy_detected),
166 [UWB_RC_SET_DAA_ENERGY_MASK] = {
167 .size = sizeof(struct uwb_rc_evt_set_daa_energy_mask),
169 [UWB_RC_SET_NOTIFICATION_FILTER_EX] = {
170 .size = sizeof(struct uwb_rc_evt_set_notification_filter_ex),
175 * Initialize the EST subsystem
177 * Register the standard tables also.
179 * FIXME: tag init
181 int uwb_est_create(void)
183 int result;
185 uwb_est_size = 2;
186 uwb_est_used = 0;
187 uwb_est = kcalloc(uwb_est_size, sizeof(uwb_est[0]), GFP_KERNEL);
188 if (uwb_est == NULL)
189 return -ENOMEM;
191 result = uwb_est_register(UWB_RC_CET_GENERAL, 0, 0xffff, 0xffff,
192 uwb_est_00_00xx, ARRAY_SIZE(uwb_est_00_00xx));
193 if (result < 0)
194 goto out;
195 result = uwb_est_register(UWB_RC_CET_EX_TYPE_1, 0, 0xffff, 0xffff,
196 uwb_est_01_00xx, ARRAY_SIZE(uwb_est_01_00xx));
197 out:
198 return result;
202 /** Clean it up */
203 void uwb_est_destroy(void)
205 kfree(uwb_est);
206 uwb_est = NULL;
207 uwb_est_size = uwb_est_used = 0;
212 * Double the capacity of the EST table
214 * @returns 0 if ok, < 0 errno no error.
216 static
217 int uwb_est_grow(void)
219 size_t actual_size = uwb_est_size * sizeof(uwb_est[0]);
220 void *new = kmalloc(2 * actual_size, GFP_ATOMIC);
221 if (new == NULL)
222 return -ENOMEM;
223 memcpy(new, uwb_est, actual_size);
224 memset(new + actual_size, 0, actual_size);
225 kfree(uwb_est);
226 uwb_est = new;
227 uwb_est_size *= 2;
228 return 0;
233 * Register an event size table
235 * Makes room for it if the table is full, and then inserts it in the
236 * right position (entries are sorted by type, event_high, vendor and
237 * then product).
239 * @vendor: vendor code for matching against the device (0x0000 and
240 * 0xffff mean any); use 0x0000 to force all to match without
241 * checking possible vendor specific ones, 0xfffff to match
242 * after checking vendor specific ones.
244 * @product: product code from that vendor; same matching rules, use
245 * 0x0000 for not allowing vendor specific matches, 0xffff
246 * for allowing.
248 * This arragement just makes the tables sort differenty. Because the
249 * table is sorted by growing type-event_high-vendor-product, a zero
250 * vendor will match before than a 0x456a vendor, that will match
251 * before a 0xfffff vendor.
253 * @returns 0 if ok, < 0 errno on error (-ENOENT if not found).
255 /* FIXME: add bus type to vendor/product code */
256 int uwb_est_register(u8 type, u8 event_high, u16 vendor, u16 product,
257 const struct uwb_est_entry *entry, size_t entries)
259 unsigned long flags;
260 unsigned itr;
261 int result = 0;
263 write_lock_irqsave(&uwb_est_lock, flags);
264 if (uwb_est_used == uwb_est_size) {
265 result = uwb_est_grow();
266 if (result < 0)
267 goto out;
269 /* Find the right spot to insert it in */
270 for (itr = 0; itr < uwb_est_used; itr++)
271 if (uwb_est[itr].type_event_high < type
272 && uwb_est[itr].vendor < vendor
273 && uwb_est[itr].product < product)
274 break;
276 /* Shift others to make room for the new one? */
277 if (itr < uwb_est_used)
278 memmove(&uwb_est[itr+1], &uwb_est[itr], uwb_est_used - itr);
279 uwb_est[itr].type_event_high = type << 8 | event_high;
280 uwb_est[itr].vendor = vendor;
281 uwb_est[itr].product = product;
282 uwb_est[itr].entry = entry;
283 uwb_est[itr].entries = entries;
284 uwb_est_used++;
285 out:
286 write_unlock_irqrestore(&uwb_est_lock, flags);
287 return result;
289 EXPORT_SYMBOL_GPL(uwb_est_register);
293 * Unregister an event size table
295 * This just removes the specified entry and moves the ones after it
296 * to fill in the gap. This is needed to keep the list sorted; no
297 * reallocation is done to reduce the size of the table.
299 * We unregister by all the data we used to register instead of by
300 * pointer to the @entry array because we might have used the same
301 * table for a bunch of IDs (for example).
303 * @returns 0 if ok, < 0 errno on error (-ENOENT if not found).
305 int uwb_est_unregister(u8 type, u8 event_high, u16 vendor, u16 product,
306 const struct uwb_est_entry *entry, size_t entries)
308 unsigned long flags;
309 unsigned itr;
310 struct uwb_est est_cmp = {
311 .type_event_high = type << 8 | event_high,
312 .vendor = vendor,
313 .product = product,
314 .entry = entry,
315 .entries = entries
317 write_lock_irqsave(&uwb_est_lock, flags);
318 for (itr = 0; itr < uwb_est_used; itr++)
319 if (!memcmp(&uwb_est[itr], &est_cmp, sizeof(est_cmp)))
320 goto found;
321 write_unlock_irqrestore(&uwb_est_lock, flags);
322 return -ENOENT;
324 found:
325 if (itr < uwb_est_used - 1) /* Not last one? move ones above */
326 memmove(&uwb_est[itr], &uwb_est[itr+1], uwb_est_used - itr - 1);
327 uwb_est_used--;
328 write_unlock_irqrestore(&uwb_est_lock, flags);
329 return 0;
331 EXPORT_SYMBOL_GPL(uwb_est_unregister);
335 * Get the size of an event from a table
337 * @rceb: pointer to the buffer with the event
338 * @rceb_size: size of the area pointed to by @rceb in bytes.
339 * @returns: > 0 Size of the event
340 * -ENOSPC An area big enough was not provided to look
341 * ahead into the event's guts and guess the size.
342 * -EINVAL Unknown event code (wEvent).
344 * This will look at the received RCEB and guess what is the total
345 * size. For variable sized events, it will look further ahead into
346 * their length field to see how much data should be read.
348 * Note this size is *not* final--the neh (Notification/Event Handle)
349 * might specificy an extra size to add.
351 static
352 ssize_t uwb_est_get_size(struct uwb_rc *uwb_rc, struct uwb_est *est,
353 u8 event_low, const struct uwb_rceb *rceb,
354 size_t rceb_size)
356 unsigned offset;
357 ssize_t size;
358 struct device *dev = &uwb_rc->uwb_dev.dev;
359 const struct uwb_est_entry *entry;
361 size = -ENOENT;
362 if (event_low >= est->entries) { /* in range? */
363 dev_err(dev, "EST %p 0x%04x/%04x/%04x[%u]: event %u out of range\n",
364 est, est->type_event_high, est->vendor, est->product,
365 est->entries, event_low);
366 goto out;
368 size = -ENOENT;
369 entry = &est->entry[event_low];
370 if (entry->size == 0 && entry->offset == 0) { /* unknown? */
371 dev_err(dev, "EST %p 0x%04x/%04x/%04x[%u]: event %u unknown\n",
372 est, est->type_event_high, est->vendor, est->product,
373 est->entries, event_low);
374 goto out;
376 offset = entry->offset; /* extra fries with that? */
377 if (offset == 0)
378 size = entry->size;
379 else {
380 /* Ops, got an extra size field at 'offset'--read it */
381 const void *ptr = rceb;
382 size_t type_size = 0;
383 offset--;
384 size = -ENOSPC; /* enough data for more? */
385 switch (entry->type) {
386 case UWB_EST_16: type_size = sizeof(__le16); break;
387 case UWB_EST_8: type_size = sizeof(u8); break;
388 default: BUG();
390 if (offset + type_size > rceb_size) {
391 dev_err(dev, "EST %p 0x%04x/%04x/%04x[%u]: "
392 "not enough data to read extra size\n",
393 est, est->type_event_high, est->vendor,
394 est->product, est->entries);
395 goto out;
397 size = entry->size;
398 ptr += offset;
399 switch (entry->type) {
400 case UWB_EST_16: size += le16_to_cpu(*(__le16 *)ptr); break;
401 case UWB_EST_8: size += *(u8 *)ptr; break;
402 default: BUG();
405 out:
406 return size;
411 * Guesses the size of a WA event
413 * @rceb: pointer to the buffer with the event
414 * @rceb_size: size of the area pointed to by @rceb in bytes.
415 * @returns: > 0 Size of the event
416 * -ENOSPC An area big enough was not provided to look
417 * ahead into the event's guts and guess the size.
418 * -EINVAL Unknown event code (wEvent).
420 * This will look at the received RCEB and guess what is the total
421 * size by checking all the tables registered with
422 * uwb_est_register(). For variable sized events, it will look further
423 * ahead into their length field to see how much data should be read.
425 * Note this size is *not* final--the neh (Notification/Event Handle)
426 * might specificy an extra size to add or replace.
428 ssize_t uwb_est_find_size(struct uwb_rc *rc, const struct uwb_rceb *rceb,
429 size_t rceb_size)
431 /* FIXME: add vendor/product data */
432 ssize_t size;
433 struct device *dev = &rc->uwb_dev.dev;
434 unsigned long flags;
435 unsigned itr;
436 u16 type_event_high, event;
438 read_lock_irqsave(&uwb_est_lock, flags);
439 size = -ENOSPC;
440 if (rceb_size < sizeof(*rceb))
441 goto out;
442 event = le16_to_cpu(rceb->wEvent);
443 type_event_high = rceb->bEventType << 8 | (event & 0xff00) >> 8;
444 for (itr = 0; itr < uwb_est_used; itr++) {
445 if (uwb_est[itr].type_event_high != type_event_high)
446 continue;
447 size = uwb_est_get_size(rc, &uwb_est[itr],
448 event & 0x00ff, rceb, rceb_size);
449 /* try more tables that might handle the same type */
450 if (size != -ENOENT)
451 goto out;
453 dev_dbg(dev,
454 "event 0x%02x/%04x/%02x: no handlers available; RCEB %4ph\n",
455 (unsigned) rceb->bEventType,
456 (unsigned) le16_to_cpu(rceb->wEvent),
457 (unsigned) rceb->bEventContext,
458 rceb);
459 size = -ENOENT;
460 out:
461 read_unlock_irqrestore(&uwb_est_lock, flags);
462 return size;
464 EXPORT_SYMBOL_GPL(uwb_est_find_size);