Avoid reading past buffer when calling GETACL
[zen-stable.git] / drivers / net / usb / ipheth.c
blobdd78c4cbd45972a0bb7c342cefd08498ea827dfb
1 /*
2 * ipheth.c - Apple iPhone USB Ethernet driver
4 * Copyright (c) 2009 Diego Giagio <diego@giagio.com>
5 * All rights reserved.
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. Neither the name of GIAGIO.COM nor the names of its contributors
16 * may be used to endorse or promote products derived from this software
17 * without specific prior written permission.
19 * Alternatively, provided that this notice is retained in full, this
20 * software may be distributed under the terms of the GNU General
21 * Public License ("GPL") version 2, in which case the provisions of the
22 * GPL apply INSTEAD OF those given above.
24 * The provided data structures and external interfaces from this code
25 * are not restricted to be used by modules with a GPL compatible license.
27 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
28 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
29 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
30 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
31 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
32 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
33 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
34 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
35 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
36 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
37 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
38 * DAMAGE.
41 * Attention: iPhone device must be paired, otherwise it won't respond to our
42 * driver. For more info: http://giagio.com/wiki/moin.cgi/iPhoneEthernetDriver
46 #include <linux/kernel.h>
47 #include <linux/errno.h>
48 #include <linux/init.h>
49 #include <linux/slab.h>
50 #include <linux/module.h>
51 #include <linux/netdevice.h>
52 #include <linux/etherdevice.h>
53 #include <linux/ethtool.h>
54 #include <linux/usb.h>
55 #include <linux/workqueue.h>
57 #define USB_VENDOR_APPLE 0x05ac
58 #define USB_PRODUCT_IPHONE 0x1290
59 #define USB_PRODUCT_IPHONE_3G 0x1292
60 #define USB_PRODUCT_IPHONE_3GS 0x1294
61 #define USB_PRODUCT_IPHONE_4 0x1297
62 #define USB_PRODUCT_IPHONE_4_VZW 0x129c
63 #define USB_PRODUCT_IPHONE_4S 0x12a0
65 #define IPHETH_USBINTF_CLASS 255
66 #define IPHETH_USBINTF_SUBCLASS 253
67 #define IPHETH_USBINTF_PROTO 1
69 #define IPHETH_BUF_SIZE 1516
70 #define IPHETH_IP_ALIGN 2 /* padding at front of URB */
71 #define IPHETH_TX_TIMEOUT (5 * HZ)
73 #define IPHETH_INTFNUM 2
74 #define IPHETH_ALT_INTFNUM 1
76 #define IPHETH_CTRL_ENDP 0x00
77 #define IPHETH_CTRL_BUF_SIZE 0x40
78 #define IPHETH_CTRL_TIMEOUT (5 * HZ)
80 #define IPHETH_CMD_GET_MACADDR 0x00
81 #define IPHETH_CMD_CARRIER_CHECK 0x45
83 #define IPHETH_CARRIER_CHECK_TIMEOUT round_jiffies_relative(1 * HZ)
84 #define IPHETH_CARRIER_ON 0x04
86 static struct usb_device_id ipheth_table[] = {
87 { USB_DEVICE_AND_INTERFACE_INFO(
88 USB_VENDOR_APPLE, USB_PRODUCT_IPHONE,
89 IPHETH_USBINTF_CLASS, IPHETH_USBINTF_SUBCLASS,
90 IPHETH_USBINTF_PROTO) },
91 { USB_DEVICE_AND_INTERFACE_INFO(
92 USB_VENDOR_APPLE, USB_PRODUCT_IPHONE_3G,
93 IPHETH_USBINTF_CLASS, IPHETH_USBINTF_SUBCLASS,
94 IPHETH_USBINTF_PROTO) },
95 { USB_DEVICE_AND_INTERFACE_INFO(
96 USB_VENDOR_APPLE, USB_PRODUCT_IPHONE_3GS,
97 IPHETH_USBINTF_CLASS, IPHETH_USBINTF_SUBCLASS,
98 IPHETH_USBINTF_PROTO) },
99 { USB_DEVICE_AND_INTERFACE_INFO(
100 USB_VENDOR_APPLE, USB_PRODUCT_IPHONE_4,
101 IPHETH_USBINTF_CLASS, IPHETH_USBINTF_SUBCLASS,
102 IPHETH_USBINTF_PROTO) },
103 { USB_DEVICE_AND_INTERFACE_INFO(
104 USB_VENDOR_APPLE, USB_PRODUCT_IPHONE_4_VZW,
105 IPHETH_USBINTF_CLASS, IPHETH_USBINTF_SUBCLASS,
106 IPHETH_USBINTF_PROTO) },
107 { USB_DEVICE_AND_INTERFACE_INFO(
108 USB_VENDOR_APPLE, USB_PRODUCT_IPHONE_4S,
109 IPHETH_USBINTF_CLASS, IPHETH_USBINTF_SUBCLASS,
110 IPHETH_USBINTF_PROTO) },
113 MODULE_DEVICE_TABLE(usb, ipheth_table);
115 struct ipheth_device {
116 struct usb_device *udev;
117 struct usb_interface *intf;
118 struct net_device *net;
119 struct sk_buff *tx_skb;
120 struct urb *tx_urb;
121 struct urb *rx_urb;
122 unsigned char *tx_buf;
123 unsigned char *rx_buf;
124 unsigned char *ctrl_buf;
125 u8 bulk_in;
126 u8 bulk_out;
127 struct delayed_work carrier_work;
130 static int ipheth_rx_submit(struct ipheth_device *dev, gfp_t mem_flags);
132 static int ipheth_alloc_urbs(struct ipheth_device *iphone)
134 struct urb *tx_urb = NULL;
135 struct urb *rx_urb = NULL;
136 u8 *tx_buf = NULL;
137 u8 *rx_buf = NULL;
139 tx_urb = usb_alloc_urb(0, GFP_KERNEL);
140 if (tx_urb == NULL)
141 goto error_nomem;
143 rx_urb = usb_alloc_urb(0, GFP_KERNEL);
144 if (rx_urb == NULL)
145 goto free_tx_urb;
147 tx_buf = usb_alloc_coherent(iphone->udev, IPHETH_BUF_SIZE,
148 GFP_KERNEL, &tx_urb->transfer_dma);
149 if (tx_buf == NULL)
150 goto free_rx_urb;
152 rx_buf = usb_alloc_coherent(iphone->udev, IPHETH_BUF_SIZE,
153 GFP_KERNEL, &rx_urb->transfer_dma);
154 if (rx_buf == NULL)
155 goto free_tx_buf;
158 iphone->tx_urb = tx_urb;
159 iphone->rx_urb = rx_urb;
160 iphone->tx_buf = tx_buf;
161 iphone->rx_buf = rx_buf;
162 return 0;
164 free_tx_buf:
165 usb_free_coherent(iphone->udev, IPHETH_BUF_SIZE, tx_buf,
166 tx_urb->transfer_dma);
167 free_rx_urb:
168 usb_free_urb(rx_urb);
169 free_tx_urb:
170 usb_free_urb(tx_urb);
171 error_nomem:
172 return -ENOMEM;
175 static void ipheth_free_urbs(struct ipheth_device *iphone)
177 usb_free_coherent(iphone->udev, IPHETH_BUF_SIZE, iphone->rx_buf,
178 iphone->rx_urb->transfer_dma);
179 usb_free_coherent(iphone->udev, IPHETH_BUF_SIZE, iphone->tx_buf,
180 iphone->tx_urb->transfer_dma);
181 usb_free_urb(iphone->rx_urb);
182 usb_free_urb(iphone->tx_urb);
185 static void ipheth_kill_urbs(struct ipheth_device *dev)
187 usb_kill_urb(dev->tx_urb);
188 usb_kill_urb(dev->rx_urb);
191 static void ipheth_rcvbulk_callback(struct urb *urb)
193 struct ipheth_device *dev;
194 struct sk_buff *skb;
195 int status;
196 char *buf;
197 int len;
199 dev = urb->context;
200 if (dev == NULL)
201 return;
203 status = urb->status;
204 switch (status) {
205 case -ENOENT:
206 case -ECONNRESET:
207 case -ESHUTDOWN:
208 return;
209 case 0:
210 break;
211 default:
212 err("%s: urb status: %d", __func__, status);
213 return;
216 if (urb->actual_length <= IPHETH_IP_ALIGN) {
217 dev->net->stats.rx_length_errors++;
218 return;
220 len = urb->actual_length - IPHETH_IP_ALIGN;
221 buf = urb->transfer_buffer + IPHETH_IP_ALIGN;
223 skb = dev_alloc_skb(len);
224 if (!skb) {
225 err("%s: dev_alloc_skb: -ENOMEM", __func__);
226 dev->net->stats.rx_dropped++;
227 return;
230 memcpy(skb_put(skb, len), buf, len);
231 skb->dev = dev->net;
232 skb->protocol = eth_type_trans(skb, dev->net);
234 dev->net->stats.rx_packets++;
235 dev->net->stats.rx_bytes += len;
237 netif_rx(skb);
238 ipheth_rx_submit(dev, GFP_ATOMIC);
241 static void ipheth_sndbulk_callback(struct urb *urb)
243 struct ipheth_device *dev;
244 int status = urb->status;
246 dev = urb->context;
247 if (dev == NULL)
248 return;
250 if (status != 0 &&
251 status != -ENOENT &&
252 status != -ECONNRESET &&
253 status != -ESHUTDOWN)
254 err("%s: urb status: %d", __func__, status);
256 dev_kfree_skb_irq(dev->tx_skb);
257 netif_wake_queue(dev->net);
260 static int ipheth_carrier_set(struct ipheth_device *dev)
262 struct usb_device *udev = dev->udev;
263 int retval;
265 retval = usb_control_msg(udev,
266 usb_rcvctrlpipe(udev, IPHETH_CTRL_ENDP),
267 IPHETH_CMD_CARRIER_CHECK, /* request */
268 0xc0, /* request type */
269 0x00, /* value */
270 0x02, /* index */
271 dev->ctrl_buf, IPHETH_CTRL_BUF_SIZE,
272 IPHETH_CTRL_TIMEOUT);
273 if (retval < 0) {
274 err("%s: usb_control_msg: %d", __func__, retval);
275 return retval;
278 if (dev->ctrl_buf[0] == IPHETH_CARRIER_ON)
279 netif_carrier_on(dev->net);
280 else
281 netif_carrier_off(dev->net);
283 return 0;
286 static void ipheth_carrier_check_work(struct work_struct *work)
288 struct ipheth_device *dev = container_of(work, struct ipheth_device,
289 carrier_work.work);
291 ipheth_carrier_set(dev);
292 schedule_delayed_work(&dev->carrier_work, IPHETH_CARRIER_CHECK_TIMEOUT);
295 static int ipheth_get_macaddr(struct ipheth_device *dev)
297 struct usb_device *udev = dev->udev;
298 struct net_device *net = dev->net;
299 int retval;
301 retval = usb_control_msg(udev,
302 usb_rcvctrlpipe(udev, IPHETH_CTRL_ENDP),
303 IPHETH_CMD_GET_MACADDR, /* request */
304 0xc0, /* request type */
305 0x00, /* value */
306 0x02, /* index */
307 dev->ctrl_buf,
308 IPHETH_CTRL_BUF_SIZE,
309 IPHETH_CTRL_TIMEOUT);
310 if (retval < 0) {
311 err("%s: usb_control_msg: %d", __func__, retval);
312 } else if (retval < ETH_ALEN) {
313 err("%s: usb_control_msg: short packet: %d bytes",
314 __func__, retval);
315 retval = -EINVAL;
316 } else {
317 memcpy(net->dev_addr, dev->ctrl_buf, ETH_ALEN);
318 retval = 0;
321 return retval;
324 static int ipheth_rx_submit(struct ipheth_device *dev, gfp_t mem_flags)
326 struct usb_device *udev = dev->udev;
327 int retval;
329 usb_fill_bulk_urb(dev->rx_urb, udev,
330 usb_rcvbulkpipe(udev, dev->bulk_in),
331 dev->rx_buf, IPHETH_BUF_SIZE,
332 ipheth_rcvbulk_callback,
333 dev);
334 dev->rx_urb->transfer_flags |= URB_NO_TRANSFER_DMA_MAP;
336 retval = usb_submit_urb(dev->rx_urb, mem_flags);
337 if (retval)
338 err("%s: usb_submit_urb: %d", __func__, retval);
339 return retval;
342 static int ipheth_open(struct net_device *net)
344 struct ipheth_device *dev = netdev_priv(net);
345 struct usb_device *udev = dev->udev;
346 int retval = 0;
348 usb_set_interface(udev, IPHETH_INTFNUM, IPHETH_ALT_INTFNUM);
350 retval = ipheth_carrier_set(dev);
351 if (retval)
352 return retval;
354 retval = ipheth_rx_submit(dev, GFP_KERNEL);
355 if (retval)
356 return retval;
358 schedule_delayed_work(&dev->carrier_work, IPHETH_CARRIER_CHECK_TIMEOUT);
359 netif_start_queue(net);
360 return retval;
363 static int ipheth_close(struct net_device *net)
365 struct ipheth_device *dev = netdev_priv(net);
367 cancel_delayed_work_sync(&dev->carrier_work);
368 netif_stop_queue(net);
369 return 0;
372 static int ipheth_tx(struct sk_buff *skb, struct net_device *net)
374 struct ipheth_device *dev = netdev_priv(net);
375 struct usb_device *udev = dev->udev;
376 int retval;
378 /* Paranoid */
379 if (skb->len > IPHETH_BUF_SIZE) {
380 WARN(1, "%s: skb too large: %d bytes\n", __func__, skb->len);
381 dev->net->stats.tx_dropped++;
382 dev_kfree_skb_irq(skb);
383 return NETDEV_TX_OK;
386 memcpy(dev->tx_buf, skb->data, skb->len);
387 if (skb->len < IPHETH_BUF_SIZE)
388 memset(dev->tx_buf + skb->len, 0, IPHETH_BUF_SIZE - skb->len);
390 usb_fill_bulk_urb(dev->tx_urb, udev,
391 usb_sndbulkpipe(udev, dev->bulk_out),
392 dev->tx_buf, IPHETH_BUF_SIZE,
393 ipheth_sndbulk_callback,
394 dev);
395 dev->tx_urb->transfer_flags |= URB_NO_TRANSFER_DMA_MAP;
397 retval = usb_submit_urb(dev->tx_urb, GFP_ATOMIC);
398 if (retval) {
399 err("%s: usb_submit_urb: %d", __func__, retval);
400 dev->net->stats.tx_errors++;
401 dev_kfree_skb_irq(skb);
402 } else {
403 dev->tx_skb = skb;
405 dev->net->stats.tx_packets++;
406 dev->net->stats.tx_bytes += skb->len;
407 netif_stop_queue(net);
410 return NETDEV_TX_OK;
413 static void ipheth_tx_timeout(struct net_device *net)
415 struct ipheth_device *dev = netdev_priv(net);
417 err("%s: TX timeout", __func__);
418 dev->net->stats.tx_errors++;
419 usb_unlink_urb(dev->tx_urb);
422 static u32 ipheth_ethtool_op_get_link(struct net_device *net)
424 struct ipheth_device *dev = netdev_priv(net);
425 return netif_carrier_ok(dev->net);
428 static const struct ethtool_ops ops = {
429 .get_link = ipheth_ethtool_op_get_link
432 static const struct net_device_ops ipheth_netdev_ops = {
433 .ndo_open = ipheth_open,
434 .ndo_stop = ipheth_close,
435 .ndo_start_xmit = ipheth_tx,
436 .ndo_tx_timeout = ipheth_tx_timeout,
439 static int ipheth_probe(struct usb_interface *intf,
440 const struct usb_device_id *id)
442 struct usb_device *udev = interface_to_usbdev(intf);
443 struct usb_host_interface *hintf;
444 struct usb_endpoint_descriptor *endp;
445 struct ipheth_device *dev;
446 struct net_device *netdev;
447 int i;
448 int retval;
450 netdev = alloc_etherdev(sizeof(struct ipheth_device));
451 if (!netdev)
452 return -ENOMEM;
454 netdev->netdev_ops = &ipheth_netdev_ops;
455 netdev->watchdog_timeo = IPHETH_TX_TIMEOUT;
456 strcpy(netdev->name, "eth%d");
458 dev = netdev_priv(netdev);
459 dev->udev = udev;
460 dev->net = netdev;
461 dev->intf = intf;
463 /* Set up endpoints */
464 hintf = usb_altnum_to_altsetting(intf, IPHETH_ALT_INTFNUM);
465 if (hintf == NULL) {
466 retval = -ENODEV;
467 err("Unable to find alternate settings interface");
468 goto err_endpoints;
471 for (i = 0; i < hintf->desc.bNumEndpoints; i++) {
472 endp = &hintf->endpoint[i].desc;
473 if (usb_endpoint_is_bulk_in(endp))
474 dev->bulk_in = endp->bEndpointAddress;
475 else if (usb_endpoint_is_bulk_out(endp))
476 dev->bulk_out = endp->bEndpointAddress;
478 if (!(dev->bulk_in && dev->bulk_out)) {
479 retval = -ENODEV;
480 err("Unable to find endpoints");
481 goto err_endpoints;
484 dev->ctrl_buf = kmalloc(IPHETH_CTRL_BUF_SIZE, GFP_KERNEL);
485 if (dev->ctrl_buf == NULL) {
486 retval = -ENOMEM;
487 goto err_alloc_ctrl_buf;
490 retval = ipheth_get_macaddr(dev);
491 if (retval)
492 goto err_get_macaddr;
494 INIT_DELAYED_WORK(&dev->carrier_work, ipheth_carrier_check_work);
496 retval = ipheth_alloc_urbs(dev);
497 if (retval) {
498 err("error allocating urbs: %d", retval);
499 goto err_alloc_urbs;
502 usb_set_intfdata(intf, dev);
504 SET_NETDEV_DEV(netdev, &intf->dev);
505 SET_ETHTOOL_OPS(netdev, &ops);
507 retval = register_netdev(netdev);
508 if (retval) {
509 err("error registering netdev: %d", retval);
510 retval = -EIO;
511 goto err_register_netdev;
514 dev_info(&intf->dev, "Apple iPhone USB Ethernet device attached\n");
515 return 0;
517 err_register_netdev:
518 ipheth_free_urbs(dev);
519 err_alloc_urbs:
520 err_get_macaddr:
521 err_alloc_ctrl_buf:
522 kfree(dev->ctrl_buf);
523 err_endpoints:
524 free_netdev(netdev);
525 return retval;
528 static void ipheth_disconnect(struct usb_interface *intf)
530 struct ipheth_device *dev;
532 dev = usb_get_intfdata(intf);
533 if (dev != NULL) {
534 unregister_netdev(dev->net);
535 ipheth_kill_urbs(dev);
536 ipheth_free_urbs(dev);
537 kfree(dev->ctrl_buf);
538 free_netdev(dev->net);
540 usb_set_intfdata(intf, NULL);
541 dev_info(&intf->dev, "Apple iPhone USB Ethernet now disconnected\n");
544 static struct usb_driver ipheth_driver = {
545 .name = "ipheth",
546 .probe = ipheth_probe,
547 .disconnect = ipheth_disconnect,
548 .id_table = ipheth_table,
551 module_usb_driver(ipheth_driver);
553 MODULE_AUTHOR("Diego Giagio <diego@giagio.com>");
554 MODULE_DESCRIPTION("Apple iPhone USB Ethernet driver");
555 MODULE_LICENSE("Dual BSD/GPL");