Avoid reading past buffer when calling GETACL
[zen-stable.git] / drivers / bluetooth / btuart_cs.c
blob200b3a2877d69c43754d6210bc0ad2feb5be81c4
1 /*
3 * Driver for Bluetooth PCMCIA cards with HCI UART interface
5 * Copyright (C) 2001-2002 Marcel Holtmann <marcel@holtmann.org>
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License version 2 as
10 * published by the Free Software Foundation;
12 * Software distributed under the License is distributed on an "AS
13 * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
14 * implied. See the License for the specific language governing
15 * rights and limitations under the License.
17 * The initial developer of the original code is David A. Hinds
18 * <dahinds@users.sourceforge.net>. Portions created by David A. Hinds
19 * are Copyright (C) 1999 David A. Hinds. All Rights Reserved.
23 #include <linux/module.h>
25 #include <linux/kernel.h>
26 #include <linux/init.h>
27 #include <linux/slab.h>
28 #include <linux/types.h>
29 #include <linux/delay.h>
30 #include <linux/errno.h>
31 #include <linux/ptrace.h>
32 #include <linux/ioport.h>
33 #include <linux/spinlock.h>
34 #include <linux/moduleparam.h>
36 #include <linux/skbuff.h>
37 #include <linux/string.h>
38 #include <linux/serial.h>
39 #include <linux/serial_reg.h>
40 #include <linux/bitops.h>
41 #include <asm/system.h>
42 #include <asm/io.h>
44 #include <pcmcia/cistpl.h>
45 #include <pcmcia/ciscode.h>
46 #include <pcmcia/ds.h>
47 #include <pcmcia/cisreg.h>
49 #include <net/bluetooth/bluetooth.h>
50 #include <net/bluetooth/hci_core.h>
54 /* ======================== Module parameters ======================== */
57 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
58 MODULE_DESCRIPTION("Bluetooth driver for Bluetooth PCMCIA cards with HCI UART interface");
59 MODULE_LICENSE("GPL");
63 /* ======================== Local structures ======================== */
66 typedef struct btuart_info_t {
67 struct pcmcia_device *p_dev;
69 struct hci_dev *hdev;
71 spinlock_t lock; /* For serializing operations */
73 struct sk_buff_head txq;
74 unsigned long tx_state;
76 unsigned long rx_state;
77 unsigned long rx_count;
78 struct sk_buff *rx_skb;
79 } btuart_info_t;
82 static int btuart_config(struct pcmcia_device *link);
83 static void btuart_release(struct pcmcia_device *link);
85 static void btuart_detach(struct pcmcia_device *p_dev);
88 /* Maximum baud rate */
89 #define SPEED_MAX 115200
91 /* Default baud rate: 57600, 115200, 230400 or 460800 */
92 #define DEFAULT_BAUD_RATE 115200
95 /* Transmit states */
96 #define XMIT_SENDING 1
97 #define XMIT_WAKEUP 2
98 #define XMIT_WAITING 8
100 /* Receiver states */
101 #define RECV_WAIT_PACKET_TYPE 0
102 #define RECV_WAIT_EVENT_HEADER 1
103 #define RECV_WAIT_ACL_HEADER 2
104 #define RECV_WAIT_SCO_HEADER 3
105 #define RECV_WAIT_DATA 4
109 /* ======================== Interrupt handling ======================== */
112 static int btuart_write(unsigned int iobase, int fifo_size, __u8 *buf, int len)
114 int actual = 0;
116 /* Tx FIFO should be empty */
117 if (!(inb(iobase + UART_LSR) & UART_LSR_THRE))
118 return 0;
120 /* Fill FIFO with current frame */
121 while ((fifo_size-- > 0) && (actual < len)) {
122 /* Transmit next byte */
123 outb(buf[actual], iobase + UART_TX);
124 actual++;
127 return actual;
131 static void btuart_write_wakeup(btuart_info_t *info)
133 if (!info) {
134 BT_ERR("Unknown device");
135 return;
138 if (test_and_set_bit(XMIT_SENDING, &(info->tx_state))) {
139 set_bit(XMIT_WAKEUP, &(info->tx_state));
140 return;
143 do {
144 register unsigned int iobase = info->p_dev->resource[0]->start;
145 register struct sk_buff *skb;
146 register int len;
148 clear_bit(XMIT_WAKEUP, &(info->tx_state));
150 if (!pcmcia_dev_present(info->p_dev))
151 return;
153 if (!(skb = skb_dequeue(&(info->txq))))
154 break;
156 /* Send frame */
157 len = btuart_write(iobase, 16, skb->data, skb->len);
158 set_bit(XMIT_WAKEUP, &(info->tx_state));
160 if (len == skb->len) {
161 kfree_skb(skb);
162 } else {
163 skb_pull(skb, len);
164 skb_queue_head(&(info->txq), skb);
167 info->hdev->stat.byte_tx += len;
169 } while (test_bit(XMIT_WAKEUP, &(info->tx_state)));
171 clear_bit(XMIT_SENDING, &(info->tx_state));
175 static void btuart_receive(btuart_info_t *info)
177 unsigned int iobase;
178 int boguscount = 0;
180 if (!info) {
181 BT_ERR("Unknown device");
182 return;
185 iobase = info->p_dev->resource[0]->start;
187 do {
188 info->hdev->stat.byte_rx++;
190 /* Allocate packet */
191 if (info->rx_skb == NULL) {
192 info->rx_state = RECV_WAIT_PACKET_TYPE;
193 info->rx_count = 0;
194 if (!(info->rx_skb = bt_skb_alloc(HCI_MAX_FRAME_SIZE, GFP_ATOMIC))) {
195 BT_ERR("Can't allocate mem for new packet");
196 return;
200 if (info->rx_state == RECV_WAIT_PACKET_TYPE) {
202 info->rx_skb->dev = (void *) info->hdev;
203 bt_cb(info->rx_skb)->pkt_type = inb(iobase + UART_RX);
205 switch (bt_cb(info->rx_skb)->pkt_type) {
207 case HCI_EVENT_PKT:
208 info->rx_state = RECV_WAIT_EVENT_HEADER;
209 info->rx_count = HCI_EVENT_HDR_SIZE;
210 break;
212 case HCI_ACLDATA_PKT:
213 info->rx_state = RECV_WAIT_ACL_HEADER;
214 info->rx_count = HCI_ACL_HDR_SIZE;
215 break;
217 case HCI_SCODATA_PKT:
218 info->rx_state = RECV_WAIT_SCO_HEADER;
219 info->rx_count = HCI_SCO_HDR_SIZE;
220 break;
222 default:
223 /* Unknown packet */
224 BT_ERR("Unknown HCI packet with type 0x%02x received", bt_cb(info->rx_skb)->pkt_type);
225 info->hdev->stat.err_rx++;
226 clear_bit(HCI_RUNNING, &(info->hdev->flags));
228 kfree_skb(info->rx_skb);
229 info->rx_skb = NULL;
230 break;
234 } else {
236 *skb_put(info->rx_skb, 1) = inb(iobase + UART_RX);
237 info->rx_count--;
239 if (info->rx_count == 0) {
241 int dlen;
242 struct hci_event_hdr *eh;
243 struct hci_acl_hdr *ah;
244 struct hci_sco_hdr *sh;
247 switch (info->rx_state) {
249 case RECV_WAIT_EVENT_HEADER:
250 eh = hci_event_hdr(info->rx_skb);
251 info->rx_state = RECV_WAIT_DATA;
252 info->rx_count = eh->plen;
253 break;
255 case RECV_WAIT_ACL_HEADER:
256 ah = hci_acl_hdr(info->rx_skb);
257 dlen = __le16_to_cpu(ah->dlen);
258 info->rx_state = RECV_WAIT_DATA;
259 info->rx_count = dlen;
260 break;
262 case RECV_WAIT_SCO_HEADER:
263 sh = hci_sco_hdr(info->rx_skb);
264 info->rx_state = RECV_WAIT_DATA;
265 info->rx_count = sh->dlen;
266 break;
268 case RECV_WAIT_DATA:
269 hci_recv_frame(info->rx_skb);
270 info->rx_skb = NULL;
271 break;
279 /* Make sure we don't stay here too long */
280 if (boguscount++ > 16)
281 break;
283 } while (inb(iobase + UART_LSR) & UART_LSR_DR);
287 static irqreturn_t btuart_interrupt(int irq, void *dev_inst)
289 btuart_info_t *info = dev_inst;
290 unsigned int iobase;
291 int boguscount = 0;
292 int iir, lsr;
293 irqreturn_t r = IRQ_NONE;
295 if (!info || !info->hdev)
296 /* our irq handler is shared */
297 return IRQ_NONE;
299 iobase = info->p_dev->resource[0]->start;
301 spin_lock(&(info->lock));
303 iir = inb(iobase + UART_IIR) & UART_IIR_ID;
304 while (iir) {
305 r = IRQ_HANDLED;
307 /* Clear interrupt */
308 lsr = inb(iobase + UART_LSR);
310 switch (iir) {
311 case UART_IIR_RLSI:
312 BT_ERR("RLSI");
313 break;
314 case UART_IIR_RDI:
315 /* Receive interrupt */
316 btuart_receive(info);
317 break;
318 case UART_IIR_THRI:
319 if (lsr & UART_LSR_THRE) {
320 /* Transmitter ready for data */
321 btuart_write_wakeup(info);
323 break;
324 default:
325 BT_ERR("Unhandled IIR=%#x", iir);
326 break;
329 /* Make sure we don't stay here too long */
330 if (boguscount++ > 100)
331 break;
333 iir = inb(iobase + UART_IIR) & UART_IIR_ID;
337 spin_unlock(&(info->lock));
339 return r;
343 static void btuart_change_speed(btuart_info_t *info, unsigned int speed)
345 unsigned long flags;
346 unsigned int iobase;
347 int fcr; /* FIFO control reg */
348 int lcr; /* Line control reg */
349 int divisor;
351 if (!info) {
352 BT_ERR("Unknown device");
353 return;
356 iobase = info->p_dev->resource[0]->start;
358 spin_lock_irqsave(&(info->lock), flags);
360 /* Turn off interrupts */
361 outb(0, iobase + UART_IER);
363 divisor = SPEED_MAX / speed;
365 fcr = UART_FCR_ENABLE_FIFO | UART_FCR_CLEAR_RCVR | UART_FCR_CLEAR_XMIT;
368 * Use trigger level 1 to avoid 3 ms. timeout delay at 9600 bps, and
369 * almost 1,7 ms at 19200 bps. At speeds above that we can just forget
370 * about this timeout since it will always be fast enough.
373 if (speed < 38400)
374 fcr |= UART_FCR_TRIGGER_1;
375 else
376 fcr |= UART_FCR_TRIGGER_14;
378 /* Bluetooth cards use 8N1 */
379 lcr = UART_LCR_WLEN8;
381 outb(UART_LCR_DLAB | lcr, iobase + UART_LCR); /* Set DLAB */
382 outb(divisor & 0xff, iobase + UART_DLL); /* Set speed */
383 outb(divisor >> 8, iobase + UART_DLM);
384 outb(lcr, iobase + UART_LCR); /* Set 8N1 */
385 outb(fcr, iobase + UART_FCR); /* Enable FIFO's */
387 /* Turn on interrupts */
388 outb(UART_IER_RLSI | UART_IER_RDI | UART_IER_THRI, iobase + UART_IER);
390 spin_unlock_irqrestore(&(info->lock), flags);
395 /* ======================== HCI interface ======================== */
398 static int btuart_hci_flush(struct hci_dev *hdev)
400 btuart_info_t *info = (btuart_info_t *)(hdev->driver_data);
402 /* Drop TX queue */
403 skb_queue_purge(&(info->txq));
405 return 0;
409 static int btuart_hci_open(struct hci_dev *hdev)
411 set_bit(HCI_RUNNING, &(hdev->flags));
413 return 0;
417 static int btuart_hci_close(struct hci_dev *hdev)
419 if (!test_and_clear_bit(HCI_RUNNING, &(hdev->flags)))
420 return 0;
422 btuart_hci_flush(hdev);
424 return 0;
428 static int btuart_hci_send_frame(struct sk_buff *skb)
430 btuart_info_t *info;
431 struct hci_dev *hdev = (struct hci_dev *)(skb->dev);
433 if (!hdev) {
434 BT_ERR("Frame for unknown HCI device (hdev=NULL)");
435 return -ENODEV;
438 info = (btuart_info_t *)(hdev->driver_data);
440 switch (bt_cb(skb)->pkt_type) {
441 case HCI_COMMAND_PKT:
442 hdev->stat.cmd_tx++;
443 break;
444 case HCI_ACLDATA_PKT:
445 hdev->stat.acl_tx++;
446 break;
447 case HCI_SCODATA_PKT:
448 hdev->stat.sco_tx++;
449 break;
452 /* Prepend skb with frame type */
453 memcpy(skb_push(skb, 1), &bt_cb(skb)->pkt_type, 1);
454 skb_queue_tail(&(info->txq), skb);
456 btuart_write_wakeup(info);
458 return 0;
462 static void btuart_hci_destruct(struct hci_dev *hdev)
467 static int btuart_hci_ioctl(struct hci_dev *hdev, unsigned int cmd, unsigned long arg)
469 return -ENOIOCTLCMD;
474 /* ======================== Card services HCI interaction ======================== */
477 static int btuart_open(btuart_info_t *info)
479 unsigned long flags;
480 unsigned int iobase = info->p_dev->resource[0]->start;
481 struct hci_dev *hdev;
483 spin_lock_init(&(info->lock));
485 skb_queue_head_init(&(info->txq));
487 info->rx_state = RECV_WAIT_PACKET_TYPE;
488 info->rx_count = 0;
489 info->rx_skb = NULL;
491 /* Initialize HCI device */
492 hdev = hci_alloc_dev();
493 if (!hdev) {
494 BT_ERR("Can't allocate HCI device");
495 return -ENOMEM;
498 info->hdev = hdev;
500 hdev->bus = HCI_PCCARD;
501 hdev->driver_data = info;
502 SET_HCIDEV_DEV(hdev, &info->p_dev->dev);
504 hdev->open = btuart_hci_open;
505 hdev->close = btuart_hci_close;
506 hdev->flush = btuart_hci_flush;
507 hdev->send = btuart_hci_send_frame;
508 hdev->destruct = btuart_hci_destruct;
509 hdev->ioctl = btuart_hci_ioctl;
511 hdev->owner = THIS_MODULE;
513 spin_lock_irqsave(&(info->lock), flags);
515 /* Reset UART */
516 outb(0, iobase + UART_MCR);
518 /* Turn off interrupts */
519 outb(0, iobase + UART_IER);
521 /* Initialize UART */
522 outb(UART_LCR_WLEN8, iobase + UART_LCR); /* Reset DLAB */
523 outb((UART_MCR_DTR | UART_MCR_RTS | UART_MCR_OUT2), iobase + UART_MCR);
525 /* Turn on interrupts */
526 // outb(UART_IER_RLSI | UART_IER_RDI | UART_IER_THRI, iobase + UART_IER);
528 spin_unlock_irqrestore(&(info->lock), flags);
530 btuart_change_speed(info, DEFAULT_BAUD_RATE);
532 /* Timeout before it is safe to send the first HCI packet */
533 msleep(1000);
535 /* Register HCI device */
536 if (hci_register_dev(hdev) < 0) {
537 BT_ERR("Can't register HCI device");
538 info->hdev = NULL;
539 hci_free_dev(hdev);
540 return -ENODEV;
543 return 0;
547 static int btuart_close(btuart_info_t *info)
549 unsigned long flags;
550 unsigned int iobase = info->p_dev->resource[0]->start;
551 struct hci_dev *hdev = info->hdev;
553 if (!hdev)
554 return -ENODEV;
556 btuart_hci_close(hdev);
558 spin_lock_irqsave(&(info->lock), flags);
560 /* Reset UART */
561 outb(0, iobase + UART_MCR);
563 /* Turn off interrupts */
564 outb(0, iobase + UART_IER);
566 spin_unlock_irqrestore(&(info->lock), flags);
568 hci_unregister_dev(hdev);
569 hci_free_dev(hdev);
571 return 0;
574 static int btuart_probe(struct pcmcia_device *link)
576 btuart_info_t *info;
578 /* Create new info device */
579 info = kzalloc(sizeof(*info), GFP_KERNEL);
580 if (!info)
581 return -ENOMEM;
583 info->p_dev = link;
584 link->priv = info;
586 link->config_flags |= CONF_ENABLE_IRQ | CONF_AUTO_SET_VPP |
587 CONF_AUTO_SET_IO;
589 return btuart_config(link);
593 static void btuart_detach(struct pcmcia_device *link)
595 btuart_info_t *info = link->priv;
597 btuart_release(link);
598 kfree(info);
601 static int btuart_check_config(struct pcmcia_device *p_dev, void *priv_data)
603 int *try = priv_data;
605 if (try == 0)
606 p_dev->io_lines = 16;
608 if ((p_dev->resource[0]->end != 8) || (p_dev->resource[0]->start == 0))
609 return -EINVAL;
611 p_dev->resource[0]->end = 8;
612 p_dev->resource[0]->flags &= ~IO_DATA_PATH_WIDTH;
613 p_dev->resource[0]->flags |= IO_DATA_PATH_WIDTH_8;
615 return pcmcia_request_io(p_dev);
618 static int btuart_check_config_notpicky(struct pcmcia_device *p_dev,
619 void *priv_data)
621 static unsigned int base[5] = { 0x3f8, 0x2f8, 0x3e8, 0x2e8, 0x0 };
622 int j;
624 if (p_dev->io_lines > 3)
625 return -ENODEV;
627 p_dev->resource[0]->flags &= ~IO_DATA_PATH_WIDTH;
628 p_dev->resource[0]->flags |= IO_DATA_PATH_WIDTH_8;
629 p_dev->resource[0]->end = 8;
631 for (j = 0; j < 5; j++) {
632 p_dev->resource[0]->start = base[j];
633 p_dev->io_lines = base[j] ? 16 : 3;
634 if (!pcmcia_request_io(p_dev))
635 return 0;
637 return -ENODEV;
640 static int btuart_config(struct pcmcia_device *link)
642 btuart_info_t *info = link->priv;
643 int i;
644 int try;
646 /* First pass: look for a config entry that looks normal.
647 Two tries: without IO aliases, then with aliases */
648 for (try = 0; try < 2; try++)
649 if (!pcmcia_loop_config(link, btuart_check_config, &try))
650 goto found_port;
652 /* Second pass: try to find an entry that isn't picky about
653 its base address, then try to grab any standard serial port
654 address, and finally try to get any free port. */
655 if (!pcmcia_loop_config(link, btuart_check_config_notpicky, NULL))
656 goto found_port;
658 BT_ERR("No usable port range found");
659 goto failed;
661 found_port:
662 i = pcmcia_request_irq(link, btuart_interrupt);
663 if (i != 0)
664 goto failed;
666 i = pcmcia_enable_device(link);
667 if (i != 0)
668 goto failed;
670 if (btuart_open(info) != 0)
671 goto failed;
673 return 0;
675 failed:
676 btuart_release(link);
677 return -ENODEV;
681 static void btuart_release(struct pcmcia_device *link)
683 btuart_info_t *info = link->priv;
685 btuart_close(info);
687 pcmcia_disable_device(link);
690 static const struct pcmcia_device_id btuart_ids[] = {
691 /* don't use this driver. Use serial_cs + hci_uart instead */
692 PCMCIA_DEVICE_NULL
694 MODULE_DEVICE_TABLE(pcmcia, btuart_ids);
696 static struct pcmcia_driver btuart_driver = {
697 .owner = THIS_MODULE,
698 .name = "btuart_cs",
699 .probe = btuart_probe,
700 .remove = btuart_detach,
701 .id_table = btuart_ids,
704 static int __init init_btuart_cs(void)
706 return pcmcia_register_driver(&btuart_driver);
710 static void __exit exit_btuart_cs(void)
712 pcmcia_unregister_driver(&btuart_driver);
715 module_init(init_btuart_cs);
716 module_exit(exit_btuart_cs);