Avoid reading past buffer when calling GETACL
[zen-stable.git] / drivers / bluetooth / dtl1_cs.c
blob969bb22e493f530977ab1c5258f55067963a6cac
1 /*
3 * A driver for Nokia Connectivity Card DTL-1 devices
5 * Copyright (C) 2001-2002 Marcel Holtmann <marcel@holtmann.org>
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License version 2 as
10 * published by the Free Software Foundation;
12 * Software distributed under the License is distributed on an "AS
13 * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
14 * implied. See the License for the specific language governing
15 * rights and limitations under the License.
17 * The initial developer of the original code is David A. Hinds
18 * <dahinds@users.sourceforge.net>. Portions created by David A. Hinds
19 * are Copyright (C) 1999 David A. Hinds. All Rights Reserved.
23 #include <linux/module.h>
25 #include <linux/kernel.h>
26 #include <linux/init.h>
27 #include <linux/slab.h>
28 #include <linux/types.h>
29 #include <linux/delay.h>
30 #include <linux/errno.h>
31 #include <linux/ptrace.h>
32 #include <linux/ioport.h>
33 #include <linux/spinlock.h>
34 #include <linux/moduleparam.h>
36 #include <linux/skbuff.h>
37 #include <linux/string.h>
38 #include <linux/serial.h>
39 #include <linux/serial_reg.h>
40 #include <linux/bitops.h>
41 #include <asm/system.h>
42 #include <asm/io.h>
44 #include <pcmcia/cistpl.h>
45 #include <pcmcia/ciscode.h>
46 #include <pcmcia/ds.h>
47 #include <pcmcia/cisreg.h>
49 #include <net/bluetooth/bluetooth.h>
50 #include <net/bluetooth/hci_core.h>
54 /* ======================== Module parameters ======================== */
57 MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
58 MODULE_DESCRIPTION("Bluetooth driver for Nokia Connectivity Card DTL-1");
59 MODULE_LICENSE("GPL");
63 /* ======================== Local structures ======================== */
66 typedef struct dtl1_info_t {
67 struct pcmcia_device *p_dev;
69 struct hci_dev *hdev;
71 spinlock_t lock; /* For serializing operations */
73 unsigned long flowmask; /* HCI flow mask */
74 int ri_latch;
76 struct sk_buff_head txq;
77 unsigned long tx_state;
79 unsigned long rx_state;
80 unsigned long rx_count;
81 struct sk_buff *rx_skb;
82 } dtl1_info_t;
85 static int dtl1_config(struct pcmcia_device *link);
86 static void dtl1_release(struct pcmcia_device *link);
88 static void dtl1_detach(struct pcmcia_device *p_dev);
91 /* Transmit states */
92 #define XMIT_SENDING 1
93 #define XMIT_WAKEUP 2
94 #define XMIT_WAITING 8
96 /* Receiver States */
97 #define RECV_WAIT_NSH 0
98 #define RECV_WAIT_DATA 1
101 typedef struct {
102 u8 type;
103 u8 zero;
104 u16 len;
105 } __packed nsh_t; /* Nokia Specific Header */
107 #define NSHL 4 /* Nokia Specific Header Length */
111 /* ======================== Interrupt handling ======================== */
114 static int dtl1_write(unsigned int iobase, int fifo_size, __u8 *buf, int len)
116 int actual = 0;
118 /* Tx FIFO should be empty */
119 if (!(inb(iobase + UART_LSR) & UART_LSR_THRE))
120 return 0;
122 /* Fill FIFO with current frame */
123 while ((fifo_size-- > 0) && (actual < len)) {
124 /* Transmit next byte */
125 outb(buf[actual], iobase + UART_TX);
126 actual++;
129 return actual;
133 static void dtl1_write_wakeup(dtl1_info_t *info)
135 if (!info) {
136 BT_ERR("Unknown device");
137 return;
140 if (test_bit(XMIT_WAITING, &(info->tx_state))) {
141 set_bit(XMIT_WAKEUP, &(info->tx_state));
142 return;
145 if (test_and_set_bit(XMIT_SENDING, &(info->tx_state))) {
146 set_bit(XMIT_WAKEUP, &(info->tx_state));
147 return;
150 do {
151 register unsigned int iobase = info->p_dev->resource[0]->start;
152 register struct sk_buff *skb;
153 register int len;
155 clear_bit(XMIT_WAKEUP, &(info->tx_state));
157 if (!pcmcia_dev_present(info->p_dev))
158 return;
160 if (!(skb = skb_dequeue(&(info->txq))))
161 break;
163 /* Send frame */
164 len = dtl1_write(iobase, 32, skb->data, skb->len);
166 if (len == skb->len) {
167 set_bit(XMIT_WAITING, &(info->tx_state));
168 kfree_skb(skb);
169 } else {
170 skb_pull(skb, len);
171 skb_queue_head(&(info->txq), skb);
174 info->hdev->stat.byte_tx += len;
176 } while (test_bit(XMIT_WAKEUP, &(info->tx_state)));
178 clear_bit(XMIT_SENDING, &(info->tx_state));
182 static void dtl1_control(dtl1_info_t *info, struct sk_buff *skb)
184 u8 flowmask = *(u8 *)skb->data;
185 int i;
187 printk(KERN_INFO "Bluetooth: Nokia control data =");
188 for (i = 0; i < skb->len; i++) {
189 printk(" %02x", skb->data[i]);
191 printk("\n");
193 /* transition to active state */
194 if (((info->flowmask & 0x07) == 0) && ((flowmask & 0x07) != 0)) {
195 clear_bit(XMIT_WAITING, &(info->tx_state));
196 dtl1_write_wakeup(info);
199 info->flowmask = flowmask;
201 kfree_skb(skb);
205 static void dtl1_receive(dtl1_info_t *info)
207 unsigned int iobase;
208 nsh_t *nsh;
209 int boguscount = 0;
211 if (!info) {
212 BT_ERR("Unknown device");
213 return;
216 iobase = info->p_dev->resource[0]->start;
218 do {
219 info->hdev->stat.byte_rx++;
221 /* Allocate packet */
222 if (info->rx_skb == NULL)
223 if (!(info->rx_skb = bt_skb_alloc(HCI_MAX_FRAME_SIZE, GFP_ATOMIC))) {
224 BT_ERR("Can't allocate mem for new packet");
225 info->rx_state = RECV_WAIT_NSH;
226 info->rx_count = NSHL;
227 return;
230 *skb_put(info->rx_skb, 1) = inb(iobase + UART_RX);
231 nsh = (nsh_t *)info->rx_skb->data;
233 info->rx_count--;
235 if (info->rx_count == 0) {
237 switch (info->rx_state) {
238 case RECV_WAIT_NSH:
239 info->rx_state = RECV_WAIT_DATA;
240 info->rx_count = nsh->len + (nsh->len & 0x0001);
241 break;
242 case RECV_WAIT_DATA:
243 bt_cb(info->rx_skb)->pkt_type = nsh->type;
245 /* remove PAD byte if it exists */
246 if (nsh->len & 0x0001) {
247 info->rx_skb->tail--;
248 info->rx_skb->len--;
251 /* remove NSH */
252 skb_pull(info->rx_skb, NSHL);
254 switch (bt_cb(info->rx_skb)->pkt_type) {
255 case 0x80:
256 /* control data for the Nokia Card */
257 dtl1_control(info, info->rx_skb);
258 break;
259 case 0x82:
260 case 0x83:
261 case 0x84:
262 /* send frame to the HCI layer */
263 info->rx_skb->dev = (void *) info->hdev;
264 bt_cb(info->rx_skb)->pkt_type &= 0x0f;
265 hci_recv_frame(info->rx_skb);
266 break;
267 default:
268 /* unknown packet */
269 BT_ERR("Unknown HCI packet with type 0x%02x received", bt_cb(info->rx_skb)->pkt_type);
270 kfree_skb(info->rx_skb);
271 break;
274 info->rx_state = RECV_WAIT_NSH;
275 info->rx_count = NSHL;
276 info->rx_skb = NULL;
277 break;
282 /* Make sure we don't stay here too long */
283 if (boguscount++ > 32)
284 break;
286 } while (inb(iobase + UART_LSR) & UART_LSR_DR);
290 static irqreturn_t dtl1_interrupt(int irq, void *dev_inst)
292 dtl1_info_t *info = dev_inst;
293 unsigned int iobase;
294 unsigned char msr;
295 int boguscount = 0;
296 int iir, lsr;
297 irqreturn_t r = IRQ_NONE;
299 if (!info || !info->hdev)
300 /* our irq handler is shared */
301 return IRQ_NONE;
303 iobase = info->p_dev->resource[0]->start;
305 spin_lock(&(info->lock));
307 iir = inb(iobase + UART_IIR) & UART_IIR_ID;
308 while (iir) {
310 r = IRQ_HANDLED;
311 /* Clear interrupt */
312 lsr = inb(iobase + UART_LSR);
314 switch (iir) {
315 case UART_IIR_RLSI:
316 BT_ERR("RLSI");
317 break;
318 case UART_IIR_RDI:
319 /* Receive interrupt */
320 dtl1_receive(info);
321 break;
322 case UART_IIR_THRI:
323 if (lsr & UART_LSR_THRE) {
324 /* Transmitter ready for data */
325 dtl1_write_wakeup(info);
327 break;
328 default:
329 BT_ERR("Unhandled IIR=%#x", iir);
330 break;
333 /* Make sure we don't stay here too long */
334 if (boguscount++ > 100)
335 break;
337 iir = inb(iobase + UART_IIR) & UART_IIR_ID;
341 msr = inb(iobase + UART_MSR);
343 if (info->ri_latch ^ (msr & UART_MSR_RI)) {
344 info->ri_latch = msr & UART_MSR_RI;
345 clear_bit(XMIT_WAITING, &(info->tx_state));
346 dtl1_write_wakeup(info);
347 r = IRQ_HANDLED;
350 spin_unlock(&(info->lock));
352 return r;
357 /* ======================== HCI interface ======================== */
360 static int dtl1_hci_open(struct hci_dev *hdev)
362 set_bit(HCI_RUNNING, &(hdev->flags));
364 return 0;
368 static int dtl1_hci_flush(struct hci_dev *hdev)
370 dtl1_info_t *info = (dtl1_info_t *)(hdev->driver_data);
372 /* Drop TX queue */
373 skb_queue_purge(&(info->txq));
375 return 0;
379 static int dtl1_hci_close(struct hci_dev *hdev)
381 if (!test_and_clear_bit(HCI_RUNNING, &(hdev->flags)))
382 return 0;
384 dtl1_hci_flush(hdev);
386 return 0;
390 static int dtl1_hci_send_frame(struct sk_buff *skb)
392 dtl1_info_t *info;
393 struct hci_dev *hdev = (struct hci_dev *)(skb->dev);
394 struct sk_buff *s;
395 nsh_t nsh;
397 if (!hdev) {
398 BT_ERR("Frame for unknown HCI device (hdev=NULL)");
399 return -ENODEV;
402 info = (dtl1_info_t *)(hdev->driver_data);
404 switch (bt_cb(skb)->pkt_type) {
405 case HCI_COMMAND_PKT:
406 hdev->stat.cmd_tx++;
407 nsh.type = 0x81;
408 break;
409 case HCI_ACLDATA_PKT:
410 hdev->stat.acl_tx++;
411 nsh.type = 0x82;
412 break;
413 case HCI_SCODATA_PKT:
414 hdev->stat.sco_tx++;
415 nsh.type = 0x83;
416 break;
417 default:
418 return -EILSEQ;
421 nsh.zero = 0;
422 nsh.len = skb->len;
424 s = bt_skb_alloc(NSHL + skb->len + 1, GFP_ATOMIC);
425 if (!s)
426 return -ENOMEM;
428 skb_reserve(s, NSHL);
429 skb_copy_from_linear_data(skb, skb_put(s, skb->len), skb->len);
430 if (skb->len & 0x0001)
431 *skb_put(s, 1) = 0; /* PAD */
433 /* Prepend skb with Nokia frame header and queue */
434 memcpy(skb_push(s, NSHL), &nsh, NSHL);
435 skb_queue_tail(&(info->txq), s);
437 dtl1_write_wakeup(info);
439 kfree_skb(skb);
441 return 0;
445 static void dtl1_hci_destruct(struct hci_dev *hdev)
450 static int dtl1_hci_ioctl(struct hci_dev *hdev, unsigned int cmd, unsigned long arg)
452 return -ENOIOCTLCMD;
457 /* ======================== Card services HCI interaction ======================== */
460 static int dtl1_open(dtl1_info_t *info)
462 unsigned long flags;
463 unsigned int iobase = info->p_dev->resource[0]->start;
464 struct hci_dev *hdev;
466 spin_lock_init(&(info->lock));
468 skb_queue_head_init(&(info->txq));
470 info->rx_state = RECV_WAIT_NSH;
471 info->rx_count = NSHL;
472 info->rx_skb = NULL;
474 set_bit(XMIT_WAITING, &(info->tx_state));
476 /* Initialize HCI device */
477 hdev = hci_alloc_dev();
478 if (!hdev) {
479 BT_ERR("Can't allocate HCI device");
480 return -ENOMEM;
483 info->hdev = hdev;
485 hdev->bus = HCI_PCCARD;
486 hdev->driver_data = info;
487 SET_HCIDEV_DEV(hdev, &info->p_dev->dev);
489 hdev->open = dtl1_hci_open;
490 hdev->close = dtl1_hci_close;
491 hdev->flush = dtl1_hci_flush;
492 hdev->send = dtl1_hci_send_frame;
493 hdev->destruct = dtl1_hci_destruct;
494 hdev->ioctl = dtl1_hci_ioctl;
496 hdev->owner = THIS_MODULE;
498 spin_lock_irqsave(&(info->lock), flags);
500 /* Reset UART */
501 outb(0, iobase + UART_MCR);
503 /* Turn off interrupts */
504 outb(0, iobase + UART_IER);
506 /* Initialize UART */
507 outb(UART_LCR_WLEN8, iobase + UART_LCR); /* Reset DLAB */
508 outb((UART_MCR_DTR | UART_MCR_RTS | UART_MCR_OUT2), iobase + UART_MCR);
510 info->ri_latch = inb(info->p_dev->resource[0]->start + UART_MSR)
511 & UART_MSR_RI;
513 /* Turn on interrupts */
514 outb(UART_IER_RLSI | UART_IER_RDI | UART_IER_THRI, iobase + UART_IER);
516 spin_unlock_irqrestore(&(info->lock), flags);
518 /* Timeout before it is safe to send the first HCI packet */
519 msleep(2000);
521 /* Register HCI device */
522 if (hci_register_dev(hdev) < 0) {
523 BT_ERR("Can't register HCI device");
524 info->hdev = NULL;
525 hci_free_dev(hdev);
526 return -ENODEV;
529 return 0;
533 static int dtl1_close(dtl1_info_t *info)
535 unsigned long flags;
536 unsigned int iobase = info->p_dev->resource[0]->start;
537 struct hci_dev *hdev = info->hdev;
539 if (!hdev)
540 return -ENODEV;
542 dtl1_hci_close(hdev);
544 spin_lock_irqsave(&(info->lock), flags);
546 /* Reset UART */
547 outb(0, iobase + UART_MCR);
549 /* Turn off interrupts */
550 outb(0, iobase + UART_IER);
552 spin_unlock_irqrestore(&(info->lock), flags);
554 hci_unregister_dev(hdev);
555 hci_free_dev(hdev);
557 return 0;
560 static int dtl1_probe(struct pcmcia_device *link)
562 dtl1_info_t *info;
564 /* Create new info device */
565 info = kzalloc(sizeof(*info), GFP_KERNEL);
566 if (!info)
567 return -ENOMEM;
569 info->p_dev = link;
570 link->priv = info;
572 link->config_flags |= CONF_ENABLE_IRQ | CONF_AUTO_SET_IO;
574 return dtl1_config(link);
578 static void dtl1_detach(struct pcmcia_device *link)
580 dtl1_info_t *info = link->priv;
582 dtl1_release(link);
584 kfree(info);
587 static int dtl1_confcheck(struct pcmcia_device *p_dev, void *priv_data)
589 if ((p_dev->resource[1]->end) || (p_dev->resource[1]->end < 8))
590 return -ENODEV;
592 p_dev->resource[0]->flags &= ~IO_DATA_PATH_WIDTH;
593 p_dev->resource[0]->flags |= IO_DATA_PATH_WIDTH_8;
595 return pcmcia_request_io(p_dev);
598 static int dtl1_config(struct pcmcia_device *link)
600 dtl1_info_t *info = link->priv;
601 int i;
603 /* Look for a generic full-sized window */
604 link->resource[0]->end = 8;
605 if (pcmcia_loop_config(link, dtl1_confcheck, NULL) < 0)
606 goto failed;
608 i = pcmcia_request_irq(link, dtl1_interrupt);
609 if (i != 0)
610 goto failed;
612 i = pcmcia_enable_device(link);
613 if (i != 0)
614 goto failed;
616 if (dtl1_open(info) != 0)
617 goto failed;
619 return 0;
621 failed:
622 dtl1_release(link);
623 return -ENODEV;
627 static void dtl1_release(struct pcmcia_device *link)
629 dtl1_info_t *info = link->priv;
631 dtl1_close(info);
633 pcmcia_disable_device(link);
637 static const struct pcmcia_device_id dtl1_ids[] = {
638 PCMCIA_DEVICE_PROD_ID12("Nokia Mobile Phones", "DTL-1", 0xe1bfdd64, 0xe168480d),
639 PCMCIA_DEVICE_PROD_ID12("Nokia Mobile Phones", "DTL-4", 0xe1bfdd64, 0x9102bc82),
640 PCMCIA_DEVICE_PROD_ID12("Socket", "CF", 0xb38bcc2e, 0x44ebf863),
641 PCMCIA_DEVICE_PROD_ID12("Socket", "CF+ Personal Network Card", 0xb38bcc2e, 0xe732bae3),
642 PCMCIA_DEVICE_NULL
644 MODULE_DEVICE_TABLE(pcmcia, dtl1_ids);
646 static struct pcmcia_driver dtl1_driver = {
647 .owner = THIS_MODULE,
648 .name = "dtl1_cs",
649 .probe = dtl1_probe,
650 .remove = dtl1_detach,
651 .id_table = dtl1_ids,
654 static int __init init_dtl1_cs(void)
656 return pcmcia_register_driver(&dtl1_driver);
660 static void __exit exit_dtl1_cs(void)
662 pcmcia_unregister_driver(&dtl1_driver);
665 module_init(init_dtl1_cs);
666 module_exit(exit_dtl1_cs);