Avoid reading past buffer when calling GETACL
[zen-stable.git] / drivers / net / usb / gl620a.c
blob38266bdae26b9ced95c79c19742b3458a55414f2
1 /*
2 * GeneSys GL620USB-A based links
3 * Copyright (C) 2001 by Jiun-Jie Huang <huangjj@genesyslogic.com.tw>
4 * Copyright (C) 2001 by Stanislav Brabec <utx@penguin.cz>
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
21 // #define DEBUG // error path messages, extra info
22 // #define VERBOSE // more; success messages
24 #include <linux/module.h>
25 #include <linux/init.h>
26 #include <linux/netdevice.h>
27 #include <linux/etherdevice.h>
28 #include <linux/ethtool.h>
29 #include <linux/workqueue.h>
30 #include <linux/mii.h>
31 #include <linux/usb.h>
32 #include <linux/usb/usbnet.h>
33 #include <linux/gfp.h>
37 * GeneSys GL620USB-A (www.genesyslogic.com.tw)
39 * ... should partially interop with the Win32 driver for this hardware.
40 * The GeneSys docs imply there's some NDIS issue motivating this framing.
42 * Some info from GeneSys:
43 * - GL620USB-A is full duplex; GL620USB is only half duplex for bulk.
44 * (Some cables, like the BAFO-100c, use the half duplex version.)
45 * - For the full duplex model, the low bit of the version code says
46 * which side is which ("left/right").
47 * - For the half duplex type, a control/interrupt handshake settles
48 * the transfer direction. (That's disabled here, partially coded.)
49 * A control URB would block until other side writes an interrupt.
51 * Original code from Jiun-Jie Huang <huangjj@genesyslogic.com.tw>
52 * and merged into "usbnet" by Stanislav Brabec <utx@penguin.cz>.
55 // control msg write command
56 #define GENELINK_CONNECT_WRITE 0xF0
57 // interrupt pipe index
58 #define GENELINK_INTERRUPT_PIPE 0x03
59 // interrupt read buffer size
60 #define INTERRUPT_BUFSIZE 0x08
61 // interrupt pipe interval value
62 #define GENELINK_INTERRUPT_INTERVAL 0x10
63 // max transmit packet number per transmit
64 #define GL_MAX_TRANSMIT_PACKETS 32
65 // max packet length
66 #define GL_MAX_PACKET_LEN 1514
67 // max receive buffer size
68 #define GL_RCV_BUF_SIZE \
69 (((GL_MAX_PACKET_LEN + 4) * GL_MAX_TRANSMIT_PACKETS) + 4)
71 struct gl_packet {
72 __le32 packet_length;
73 char packet_data [1];
76 struct gl_header {
77 __le32 packet_count;
78 struct gl_packet packets;
81 static int genelink_rx_fixup(struct usbnet *dev, struct sk_buff *skb)
83 struct gl_header *header;
84 struct gl_packet *packet;
85 struct sk_buff *gl_skb;
86 u32 size;
87 u32 count;
89 header = (struct gl_header *) skb->data;
91 // get the packet count of the received skb
92 count = le32_to_cpu(header->packet_count);
93 if (count > GL_MAX_TRANSMIT_PACKETS) {
94 dbg("genelink: invalid received packet count %u", count);
95 return 0;
98 // set the current packet pointer to the first packet
99 packet = &header->packets;
101 // decrement the length for the packet count size 4 bytes
102 skb_pull(skb, 4);
104 while (count > 1) {
105 // get the packet length
106 size = le32_to_cpu(packet->packet_length);
108 // this may be a broken packet
109 if (size > GL_MAX_PACKET_LEN) {
110 dbg("genelink: invalid rx length %d", size);
111 return 0;
114 // allocate the skb for the individual packet
115 gl_skb = alloc_skb(size, GFP_ATOMIC);
116 if (gl_skb) {
118 // copy the packet data to the new skb
119 memcpy(skb_put(gl_skb, size),
120 packet->packet_data, size);
121 usbnet_skb_return(dev, gl_skb);
124 // advance to the next packet
125 packet = (struct gl_packet *)&packet->packet_data[size];
126 count--;
128 // shift the data pointer to the next gl_packet
129 skb_pull(skb, size + 4);
132 // skip the packet length field 4 bytes
133 skb_pull(skb, 4);
135 if (skb->len > GL_MAX_PACKET_LEN) {
136 dbg("genelink: invalid rx length %d", skb->len);
137 return 0;
139 return 1;
142 static struct sk_buff *
143 genelink_tx_fixup(struct usbnet *dev, struct sk_buff *skb, gfp_t flags)
145 int padlen;
146 int length = skb->len;
147 int headroom = skb_headroom(skb);
148 int tailroom = skb_tailroom(skb);
149 __le32 *packet_count;
150 __le32 *packet_len;
152 // FIXME: magic numbers, bleech
153 padlen = ((skb->len + (4 + 4*1)) % 64) ? 0 : 1;
155 if ((!skb_cloned(skb))
156 && ((headroom + tailroom) >= (padlen + (4 + 4*1)))) {
157 if ((headroom < (4 + 4*1)) || (tailroom < padlen)) {
158 skb->data = memmove(skb->head + (4 + 4*1),
159 skb->data, skb->len);
160 skb_set_tail_pointer(skb, skb->len);
162 } else {
163 struct sk_buff *skb2;
164 skb2 = skb_copy_expand(skb, (4 + 4*1) , padlen, flags);
165 dev_kfree_skb_any(skb);
166 skb = skb2;
167 if (!skb)
168 return NULL;
171 // attach the packet count to the header
172 packet_count = (__le32 *) skb_push(skb, (4 + 4*1));
173 packet_len = packet_count + 1;
175 *packet_count = cpu_to_le32(1);
176 *packet_len = cpu_to_le32(length);
178 // add padding byte
179 if ((skb->len % dev->maxpacket) == 0)
180 skb_put(skb, 1);
182 return skb;
185 static int genelink_bind(struct usbnet *dev, struct usb_interface *intf)
187 dev->hard_mtu = GL_RCV_BUF_SIZE;
188 dev->net->hard_header_len += 4;
189 dev->in = usb_rcvbulkpipe(dev->udev, dev->driver_info->in);
190 dev->out = usb_sndbulkpipe(dev->udev, dev->driver_info->out);
191 return 0;
194 static const struct driver_info genelink_info = {
195 .description = "Genesys GeneLink",
196 .flags = FLAG_POINTTOPOINT | FLAG_FRAMING_GL | FLAG_NO_SETINT,
197 .bind = genelink_bind,
198 .rx_fixup = genelink_rx_fixup,
199 .tx_fixup = genelink_tx_fixup,
201 .in = 1, .out = 2,
203 #ifdef GENELINK_ACK
204 .check_connect =genelink_check_connect,
205 #endif
208 static const struct usb_device_id products [] = {
211 USB_DEVICE(0x05e3, 0x0502), // GL620USB-A
212 .driver_info = (unsigned long) &genelink_info,
214 /* NOT: USB_DEVICE(0x05e3, 0x0501), // GL620USB
215 * that's half duplex, not currently supported
217 { }, // END
219 MODULE_DEVICE_TABLE(usb, products);
221 static struct usb_driver gl620a_driver = {
222 .name = "gl620a",
223 .id_table = products,
224 .probe = usbnet_probe,
225 .disconnect = usbnet_disconnect,
226 .suspend = usbnet_suspend,
227 .resume = usbnet_resume,
230 module_usb_driver(gl620a_driver);
232 MODULE_AUTHOR("Jiun-Jie Huang");
233 MODULE_DESCRIPTION("GL620-USB-A Host-to-Host Link cables");
234 MODULE_LICENSE("GPL");