search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
ALSA: usb-audio: Avoid access before bLength check in build_audio_procunit()
[linux/fpc-iii.git] / sound / pci / asihpi / hpioctl.c
blob3ef9af53ef497cc532201fdf88fa53fd514dfc49
1 /*******************************************************************************
2 AudioScience HPI driver
3 Common Linux HPI ioctl and module probe/remove functions
4
5 Copyright (C) 1997-2014 AudioScience Inc. <support@audioscience.com>
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of version 2 of the GNU General Public License as
9 published by the Free Software Foundation;
10
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
15
16 *******************************************************************************/
17 #define SOURCEFILE_NAME "hpioctl.c"
18
19 #include "hpi_internal.h"
20 #include "hpi_version.h"
21 #include "hpimsginit.h"
22 #include "hpidebug.h"
23 #include "hpimsgx.h"
24 #include "hpioctl.h"
25 #include "hpicmn.h"
26
27 #include <linux/fs.h>
28 #include <linux/interrupt.h>
29 #include <linux/slab.h>
30 #include <linux/moduleparam.h>
31 #include <linux/uaccess.h>
32 #include <linux/pci.h>
33 #include <linux/stringify.h>
34 #include <linux/module.h>
35 #include <linux/vmalloc.h>
36 #include <linux/nospec.h>
37
38 #ifdef MODULE_FIRMWARE
39 MODULE_FIRMWARE("asihpi/dsp5000.bin");
40 MODULE_FIRMWARE("asihpi/dsp6200.bin");
41 MODULE_FIRMWARE("asihpi/dsp6205.bin");
42 MODULE_FIRMWARE("asihpi/dsp6400.bin");
43 MODULE_FIRMWARE("asihpi/dsp6600.bin");
44 MODULE_FIRMWARE("asihpi/dsp8700.bin");
45 MODULE_FIRMWARE("asihpi/dsp8900.bin");
46 #endif
47
48 static int prealloc_stream_buf;
49 module_param(prealloc_stream_buf, int, S_IRUGO);
50 MODULE_PARM_DESC(prealloc_stream_buf,
51 "Preallocate size for per-adapter stream buffer");
52
53 /* Allow the debug level to be changed after module load.
54 E.g. echo 2 > /sys/module/asihpi/parameters/hpiDebugLevel
55 */
56 module_param(hpi_debug_level, int, S_IRUGO | S_IWUSR);
57 MODULE_PARM_DESC(hpi_debug_level, "debug verbosity 0..5");
58
59 /* List of adapters found */
60 static struct hpi_adapter adapters[HPI_MAX_ADAPTERS];
61
62 /* Wrapper function to HPI_Message to enable dumping of the
63 message and response types.
64 */
65 static void hpi_send_recv_f(struct hpi_message *phm, struct hpi_response *phr,
66 struct file *file)
67 {
68 if ((phm->adapter_index >= HPI_MAX_ADAPTERS)
69 && (phm->object != HPI_OBJ_SUBSYSTEM))
70 phr->error = HPI_ERROR_INVALID_OBJ_INDEX;
71 else
72 hpi_send_recv_ex(phm, phr, file);
73 }
74
75 /* This is called from hpifunc.c functions, called by ALSA
76 * (or other kernel process) In this case there is no file descriptor
77 * available for the message cache code
78 */
79 void hpi_send_recv(struct hpi_message *phm, struct hpi_response *phr)
80 {
81 hpi_send_recv_f(phm, phr, HOWNER_KERNEL);
82 }
83
84 EXPORT_SYMBOL(hpi_send_recv);
85 /* for radio-asihpi */
86
87 int asihpi_hpi_release(struct file *file)
88 {
89 struct hpi_message hm;
90 struct hpi_response hr;
91
92 /* HPI_DEBUG_LOG(INFO,"hpi_release file %p, pid %d\n", file, current->pid); */
93 /* close the subsystem just in case the application forgot to. */
94 hpi_init_message_response(&hm, &hr, HPI_OBJ_SUBSYSTEM,
95 HPI_SUBSYS_CLOSE);
96 hpi_send_recv_ex(&hm, &hr, file);
97 return 0;
98 }
99
100 long asihpi_hpi_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
101 {
102 struct hpi_ioctl_linux __user *phpi_ioctl_data;
103 void __user *puhm;
104 void __user *puhr;
105 union hpi_message_buffer_v1 *hm;
106 union hpi_response_buffer_v1 *hr;
107 u16 res_max_size;
108 u32 uncopied_bytes;
109 int err = 0;
110
111 if (cmd != HPI_IOCTL_LINUX)
112 return -EINVAL;
113
114 hm = kmalloc(sizeof(*hm), GFP_KERNEL);
115 hr = kzalloc(sizeof(*hr), GFP_KERNEL);
116 if (!hm || !hr) {
117 err = -ENOMEM;
118 goto out;
119 }
120
121 phpi_ioctl_data = (struct hpi_ioctl_linux __user *)arg;
122
123 /* Read the message and response pointers from user space. */
124 if (get_user(puhm, &phpi_ioctl_data->phm)
125 || get_user(puhr, &phpi_ioctl_data->phr)) {
126 err = -EFAULT;
127 goto out;
128 }
129
130 /* Now read the message size and data from user space. */
131 if (get_user(hm->h.size, (u16 __user *)puhm)) {
132 err = -EFAULT;
133 goto out;
134 }
135 if (hm->h.size > sizeof(*hm))
136 hm->h.size = sizeof(*hm);
137
138 /* printk(KERN_INFO "message size %d\n", hm->h.wSize); */
139
140 uncopied_bytes = copy_from_user(hm, puhm, hm->h.size);
141 if (uncopied_bytes) {
142 HPI_DEBUG_LOG(ERROR, "uncopied bytes %d\n", uncopied_bytes);
143 err = -EFAULT;
144 goto out;
145 }
146
147 if (get_user(res_max_size, (u16 __user *)puhr)) {
148 err = -EFAULT;
149 goto out;
150 }
151 /* printk(KERN_INFO "user response size %d\n", res_max_size); */
152 if (res_max_size < sizeof(struct hpi_response_header)) {
153 HPI_DEBUG_LOG(WARNING, "small res size %d\n", res_max_size);
154 err = -EFAULT;
155 goto out;
156 }
157
158 res_max_size = min_t(size_t, res_max_size, sizeof(*hr));
159
160 switch (hm->h.function) {
161 case HPI_SUBSYS_CREATE_ADAPTER:
162 case HPI_ADAPTER_DELETE:
163 /* Application must not use these functions! */
164 hr->h.size = sizeof(hr->h);
165 hr->h.error = HPI_ERROR_INVALID_OPERATION;
166 hr->h.function = hm->h.function;
167 uncopied_bytes = copy_to_user(puhr, hr, hr->h.size);
168 if (uncopied_bytes)
169 err = -EFAULT;
170 else
171 err = 0;
172 goto out;
173 }
174
175 hr->h.size = res_max_size;
176 if (hm->h.object == HPI_OBJ_SUBSYSTEM) {
177 hpi_send_recv_f(&hm->m0, &hr->r0, file);
178 } else {
179 u16 __user *ptr = NULL;
180 u32 size = 0;
181 /* -1=no data 0=read from user mem, 1=write to user mem */
182 int wrflag = -1;
183 struct hpi_adapter *pa = NULL;
184
185 if (hm->h.adapter_index < ARRAY_SIZE(adapters))
186 pa = &adapters[array_index_nospec(hm->h.adapter_index,
187 ARRAY_SIZE(adapters))];
188
189 if (!pa || !pa->adapter || !pa->adapter->type) {
190 hpi_init_response(&hr->r0, hm->h.object,
191 hm->h.function, HPI_ERROR_BAD_ADAPTER_NUMBER);
192
193 uncopied_bytes =
194 copy_to_user(puhr, hr, sizeof(hr->h));
195 if (uncopied_bytes)
196 err = -EFAULT;
197 else
198 err = 0;
199 goto out;
200 }
201
202 if (mutex_lock_interruptible(&pa->mutex)) {
203 err = -EINTR;
204 goto out;
205 }
206
207 /* Dig out any pointers embedded in the message. */
208 switch (hm->h.function) {
209 case HPI_OSTREAM_WRITE:
210 case HPI_ISTREAM_READ:{
211 /* Yes, sparse, this is correct. */
212 ptr = (u16 __user *)hm->m0.u.d.u.data.pb_data;
213 size = hm->m0.u.d.u.data.data_size;
214
215 /* Allocate buffer according to application request.
216 ?Is it better to alloc/free for the duration
217 of the transaction?
218 */
219 if (pa->buffer_size < size) {
220 HPI_DEBUG_LOG(DEBUG,
221 "Realloc adapter %d stream "
222 "buffer from %zd to %d\n",
223 hm->h.adapter_index,
224 pa->buffer_size, size);
225 if (pa->p_buffer) {
226 pa->buffer_size = 0;
227 vfree(pa->p_buffer);
228 }
229 pa->p_buffer = vmalloc(size);
230 if (pa->p_buffer)
231 pa->buffer_size = size;
232 else {
233 HPI_DEBUG_LOG(ERROR,
234 "HPI could not allocate "
235 "stream buffer size %d\n",
236 size);
237
238 mutex_unlock(&pa->mutex);
239 err = -EINVAL;
240 goto out;
241 }
242 }
243
244 hm->m0.u.d.u.data.pb_data = pa->p_buffer;
245 if (hm->h.function == HPI_ISTREAM_READ)
246 /* from card, WRITE to user mem */
247 wrflag = 1;
248 else
249 wrflag = 0;
250 break;
251 }
252
253 default:
254 size = 0;
255 break;
256 }
257
258 if (size && (wrflag == 0)) {
259 uncopied_bytes =
260 copy_from_user(pa->p_buffer, ptr, size);
261 if (uncopied_bytes)
262 HPI_DEBUG_LOG(WARNING,
263 "Missed %d of %d "
264 "bytes from user\n", uncopied_bytes,
265 size);
266 }
267
268 hpi_send_recv_f(&hm->m0, &hr->r0, file);
269
270 if (size && (wrflag == 1)) {
271 uncopied_bytes =
272 copy_to_user(ptr, pa->p_buffer, size);
273 if (uncopied_bytes)
274 HPI_DEBUG_LOG(WARNING,
275 "Missed %d of %d " "bytes to user\n",
276 uncopied_bytes, size);
277 }
278
279 mutex_unlock(&pa->mutex);
280 }
281
282 /* on return response size must be set */
283 /*printk(KERN_INFO "response size %d\n", hr->h.wSize); */
284
285 if (!hr->h.size) {
286 HPI_DEBUG_LOG(ERROR, "response zero size\n");
287 err = -EFAULT;
288 goto out;
289 }
290
291 if (hr->h.size > res_max_size) {
292 HPI_DEBUG_LOG(ERROR, "response too big %d %d\n", hr->h.size,
293 res_max_size);
294 hr->h.error = HPI_ERROR_RESPONSE_BUFFER_TOO_SMALL;
295 hr->h.specific_error = hr->h.size;
296 hr->h.size = sizeof(hr->h);
297 }
298
299 uncopied_bytes = copy_to_user(puhr, hr, hr->h.size);
300 if (uncopied_bytes) {
301 HPI_DEBUG_LOG(ERROR, "uncopied bytes %d\n", uncopied_bytes);
302 err = -EFAULT;
303 goto out;
304 }
305
306 out:
307 kfree(hm);
308 kfree(hr);
309 return err;
310 }
311
312 static int asihpi_irq_count;
313
314 static irqreturn_t asihpi_isr(int irq, void *dev_id)
315 {
316 struct hpi_adapter *a = dev_id;
317 int handled;
318
319 if (!a->adapter->irq_query_and_clear) {
320 pr_err("asihpi_isr ASI%04X:%d no handler\n", a->adapter->type,
321 a->adapter->index);
322 return IRQ_NONE;
323 }
324
325 handled = a->adapter->irq_query_and_clear(a->adapter, 0);
326
327 if (!handled)
328 return IRQ_NONE;
329
330 asihpi_irq_count++;
331 /* printk(KERN_INFO "asihpi_isr %d ASI%04X:%d irq handled\n",
332 asihpi_irq_count, a->adapter->type, a->adapter->index); */
333
334 if (a->interrupt_callback)
335 a->interrupt_callback(a);
336
337 return IRQ_HANDLED;
338 }
339
340 int asihpi_adapter_probe(struct pci_dev *pci_dev,
341 const struct pci_device_id *pci_id)
342 {
343 int idx, nm, low_latency_mode = 0, irq_supported = 0;
344 int adapter_index;
345 unsigned int memlen;
346 struct hpi_message hm;
347 struct hpi_response hr;
348 struct hpi_adapter adapter;
349 struct hpi_pci pci;
350
351 memset(&adapter, 0, sizeof(adapter));
352
353 dev_printk(KERN_DEBUG, &pci_dev->dev,
354 "probe %04x:%04x,%04x:%04x,%04x\n", pci_dev->vendor,
355 pci_dev->device, pci_dev->subsystem_vendor,
356 pci_dev->subsystem_device, pci_dev->devfn);
357
358 if (pci_enable_device(pci_dev) < 0) {
359 dev_err(&pci_dev->dev,
360 "pci_enable_device failed, disabling device\n");
361 return -EIO;
362 }
363
364 pci_set_master(pci_dev); /* also sets latency timer if < 16 */
365
366 hpi_init_message_response(&hm, &hr, HPI_OBJ_SUBSYSTEM,
367 HPI_SUBSYS_CREATE_ADAPTER);
368 hpi_init_response(&hr, HPI_OBJ_SUBSYSTEM, HPI_SUBSYS_CREATE_ADAPTER,
369 HPI_ERROR_PROCESSING_MESSAGE);
370
371 hm.adapter_index = HPI_ADAPTER_INDEX_INVALID;
372
373 nm = HPI_MAX_ADAPTER_MEM_SPACES;
374
375 for (idx = 0; idx < nm; idx++) {
376 HPI_DEBUG_LOG(INFO, "resource %d %pR\n", idx,
377 &pci_dev->resource[idx]);
378
379 if (pci_resource_flags(pci_dev, idx) & IORESOURCE_MEM) {
380 memlen = pci_resource_len(pci_dev, idx);
381 pci.ap_mem_base[idx] =
382 ioremap(pci_resource_start(pci_dev, idx),
383 memlen);
384 if (!pci.ap_mem_base[idx]) {
385 HPI_DEBUG_LOG(ERROR,
386 "ioremap failed, aborting\n");
387 /* unmap previously mapped pci mem space */
388 goto err;
389 }
390 }
391 }
392
393 pci.pci_dev = pci_dev;
394 hm.u.s.resource.bus_type = HPI_BUS_PCI;
395 hm.u.s.resource.r.pci = &pci;
396
397 /* call CreateAdapterObject on the relevant hpi module */
398 hpi_send_recv_ex(&hm, &hr, HOWNER_KERNEL);
399 if (hr.error)
400 goto err;
401
402 adapter_index = hr.u.s.adapter_index;
403 adapter.adapter = hpi_find_adapter(adapter_index);
404
405 if (prealloc_stream_buf) {
406 adapter.p_buffer = vmalloc(prealloc_stream_buf);
407 if (!adapter.p_buffer) {
408 HPI_DEBUG_LOG(ERROR,
409 "HPI could not allocate "
410 "kernel buffer size %d\n",
411 prealloc_stream_buf);
412 goto err;
413 }
414 }
415
416 hpi_init_message_response(&hm, &hr, HPI_OBJ_ADAPTER,
417 HPI_ADAPTER_OPEN);
418 hm.adapter_index = adapter.adapter->index;
419 hpi_send_recv_ex(&hm, &hr, HOWNER_KERNEL);
420
421 if (hr.error) {
422 HPI_DEBUG_LOG(ERROR, "HPI_ADAPTER_OPEN failed, aborting\n");
423 goto err;
424 }
425
426 /* Check if current mode == Low Latency mode */
427 hpi_init_message_response(&hm, &hr, HPI_OBJ_ADAPTER,
428 HPI_ADAPTER_GET_MODE);
429 hm.adapter_index = adapter.adapter->index;
430 hpi_send_recv_ex(&hm, &hr, HOWNER_KERNEL);
431
432 if (!hr.error
433 && hr.u.ax.mode.adapter_mode == HPI_ADAPTER_MODE_LOW_LATENCY)
434 low_latency_mode = 1;
435 else
436 dev_info(&pci_dev->dev,
437 "Adapter at index %d is not in low latency mode\n",
438 adapter.adapter->index);
439
440 /* Check if IRQs are supported */
441 hpi_init_message_response(&hm, &hr, HPI_OBJ_ADAPTER,
442 HPI_ADAPTER_GET_PROPERTY);
443 hm.adapter_index = adapter.adapter->index;
444 hm.u.ax.property_set.property = HPI_ADAPTER_PROPERTY_SUPPORTS_IRQ;
445 hpi_send_recv_ex(&hm, &hr, HOWNER_KERNEL);
446 if (hr.error || !hr.u.ax.property_get.parameter1) {
447 dev_info(&pci_dev->dev,
448 "IRQs not supported by adapter at index %d\n",
449 adapter.adapter->index);
450 } else {
451 irq_supported = 1;
452 }
453
454 /* WARNING can't init mutex in 'adapter'
455 * and then copy it to adapters[] ?!?!
456 */
457 adapters[adapter_index] = adapter;
458 mutex_init(&adapters[adapter_index].mutex);
459 pci_set_drvdata(pci_dev, &adapters[adapter_index]);
460
461 if (low_latency_mode && irq_supported) {
462 if (!adapter.adapter->irq_query_and_clear) {
463 dev_err(&pci_dev->dev,
464 "no IRQ handler for adapter %d, aborting\n",
465 adapter.adapter->index);
466 goto err;
467 }
468
469 /* Disable IRQ generation on DSP side by setting the rate to 0 */
470 hpi_init_message_response(&hm, &hr, HPI_OBJ_ADAPTER,
471 HPI_ADAPTER_SET_PROPERTY);
472 hm.adapter_index = adapter.adapter->index;
473 hm.u.ax.property_set.property = HPI_ADAPTER_PROPERTY_IRQ_RATE;
474 hm.u.ax.property_set.parameter1 = 0;
475 hm.u.ax.property_set.parameter2 = 0;
476 hpi_send_recv_ex(&hm, &hr, HOWNER_KERNEL);
477 if (hr.error) {
478 HPI_DEBUG_LOG(ERROR,
479 "HPI_ADAPTER_GET_MODE failed, aborting\n");
480 goto err;
481 }
482
483 /* Note: request_irq calls asihpi_isr here */
484 if (request_irq(pci_dev->irq, asihpi_isr, IRQF_SHARED,
485 "asihpi", &adapters[adapter_index])) {
486 dev_err(&pci_dev->dev, "request_irq(%d) failed\n",
487 pci_dev->irq);
488 goto err;
489 }
490
491 adapters[adapter_index].interrupt_mode = 1;
492
493 dev_info(&pci_dev->dev, "using irq %d\n", pci_dev->irq);
494 adapters[adapter_index].irq = pci_dev->irq;
495 } else {
496 dev_info(&pci_dev->dev, "using polled mode\n");
497 }
498
499 dev_info(&pci_dev->dev, "probe succeeded for ASI%04X HPI index %d\n",
500 adapter.adapter->type, adapter_index);
501
502 return 0;
503
504 err:
505 for (idx = 0; idx < HPI_MAX_ADAPTER_MEM_SPACES; idx++) {
506 if (pci.ap_mem_base[idx]) {
507 iounmap(pci.ap_mem_base[idx]);
508 pci.ap_mem_base[idx] = NULL;
509 }
510 }
511
512 if (adapter.p_buffer) {
513 adapter.buffer_size = 0;
514 vfree(adapter.p_buffer);
515 }
516
517 HPI_DEBUG_LOG(ERROR, "adapter_probe failed\n");
518 return -ENODEV;
519 }
520
521 void asihpi_adapter_remove(struct pci_dev *pci_dev)
522 {
523 int idx;
524 struct hpi_message hm;
525 struct hpi_response hr;
526 struct hpi_adapter *pa;
527 struct hpi_pci pci;
528
529 pa = pci_get_drvdata(pci_dev);
530 pci = pa->adapter->pci;
531
532 /* Disable IRQ generation on DSP side */
533 hpi_init_message_response(&hm, &hr, HPI_OBJ_ADAPTER,
534 HPI_ADAPTER_SET_PROPERTY);
535 hm.adapter_index = pa->adapter->index;
536 hm.u.ax.property_set.property = HPI_ADAPTER_PROPERTY_IRQ_RATE;
537 hm.u.ax.property_set.parameter1 = 0;
538 hm.u.ax.property_set.parameter2 = 0;
539 hpi_send_recv_ex(&hm, &hr, HOWNER_KERNEL);
540
541 hpi_init_message_response(&hm, &hr, HPI_OBJ_ADAPTER,
542 HPI_ADAPTER_DELETE);
543 hm.adapter_index = pa->adapter->index;
544 hpi_send_recv_ex(&hm, &hr, HOWNER_KERNEL);
545
546 /* unmap PCI memory space, mapped during device init. */
547 for (idx = 0; idx < HPI_MAX_ADAPTER_MEM_SPACES; ++idx)
548 iounmap(pci.ap_mem_base[idx]);
549
550 if (pa->irq)
551 free_irq(pa->irq, pa);
552
553 vfree(pa->p_buffer);
554
555 if (1)
556 dev_info(&pci_dev->dev,
557 "remove %04x:%04x,%04x:%04x,%04x, HPI index %d\n",
558 pci_dev->vendor, pci_dev->device,
559 pci_dev->subsystem_vendor, pci_dev->subsystem_device,
560 pci_dev->devfn, pa->adapter->index);
561
562 memset(pa, 0, sizeof(*pa));
563 }
564
565 void __init asihpi_init(void)
566 {
567 struct hpi_message hm;
568 struct hpi_response hr;
569
570 memset(adapters, 0, sizeof(adapters));
571
572 printk(KERN_INFO "ASIHPI driver " HPI_VER_STRING "\n");
573
574 hpi_init_message_response(&hm, &hr, HPI_OBJ_SUBSYSTEM,
575 HPI_SUBSYS_DRIVER_LOAD);
576 hpi_send_recv_ex(&hm, &hr, HOWNER_KERNEL);
577 }
578
579 void asihpi_exit(void)
580 {
581 struct hpi_message hm;
582 struct hpi_response hr;
583
584 hpi_init_message_response(&hm, &hr, HPI_OBJ_SUBSYSTEM,
585 HPI_SUBSYS_DRIVER_UNLOAD);
586 hpi_send_recv_ex(&hm, &hr, HOWNER_KERNEL);
587 }
Linux with added FPC-III support