Avoid reading past buffer when calling GETACL
[zen-stable.git] / drivers / net / wimax / i2400m / netdev.c
blob1d76ae855f077dd5d3dbb7230d392ecc7c0b3c68
1 /*
2 * Intel Wireless WiMAX Connection 2400m
3 * Glue with the networking stack
6 * Copyright (C) 2007 Intel Corporation <linux-wimax@intel.com>
7 * Yanir Lubetkin <yanirx.lubetkin@intel.com>
8 * Inaky Perez-Gonzalez <inaky.perez-gonzalez@intel.com>
10 * This program is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU General Public License version
12 * 2 as published by the Free Software Foundation.
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
19 * You should have received a copy of the GNU General Public License
20 * along with this program; if not, write to the Free Software
21 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
22 * 02110-1301, USA.
25 * This implements an ethernet device for the i2400m.
27 * We fake being an ethernet device to simplify the support from user
28 * space and from the other side. The world is (sadly) configured to
29 * take in only Ethernet devices...
31 * Because of this, when using firmwares <= v1.3, there is an
32 * copy-each-rxed-packet overhead on the RX path. Each IP packet has
33 * to be reallocated to add an ethernet header (as there is no space
34 * in what we get from the device). This is a known drawback and
35 * firmwares >= 1.4 add header space that can be used to insert the
36 * ethernet header without having to reallocate and copy.
38 * TX error handling is tricky; because we have to FIFO/queue the
39 * buffers for transmission (as the hardware likes it aggregated), we
40 * just give the skb to the TX subsystem and by the time it is
41 * transmitted, we have long forgotten about it. So we just don't care
42 * too much about it.
44 * Note that when the device is in idle mode with the basestation, we
45 * need to negotiate coming back up online. That involves negotiation
46 * and possible user space interaction. Thus, we defer to a workqueue
47 * to do all that. By default, we only queue a single packet and drop
48 * the rest, as potentially the time to go back from idle to normal is
49 * long.
51 * ROADMAP
53 * i2400m_open Called on ifconfig up
54 * i2400m_stop Called on ifconfig down
56 * i2400m_hard_start_xmit Called by the network stack to send a packet
57 * i2400m_net_wake_tx Wake up device from basestation-IDLE & TX
58 * i2400m_wake_tx_work
59 * i2400m_cmd_exit_idle
60 * i2400m_tx
61 * i2400m_net_tx TX a data frame
62 * i2400m_tx
64 * i2400m_change_mtu Called on ifconfig mtu XXX
66 * i2400m_tx_timeout Called when the device times out
68 * i2400m_net_rx Called by the RX code when a data frame is
69 * available (firmware <= 1.3)
70 * i2400m_net_erx Called by the RX code when a data frame is
71 * available (firmware >= 1.4).
72 * i2400m_netdev_setup Called to setup all the netdev stuff from
73 * alloc_netdev.
75 #include <linux/if_arp.h>
76 #include <linux/slab.h>
77 #include <linux/netdevice.h>
78 #include <linux/ethtool.h>
79 #include <linux/export.h>
80 #include "i2400m.h"
83 #define D_SUBMODULE netdev
84 #include "debug-levels.h"
86 enum {
87 /* netdev interface */
88 /* 20 secs? yep, this is the maximum timeout that the device
89 * might take to get out of IDLE / negotiate it with the base
90 * station. We add 1sec for good measure. */
91 I2400M_TX_TIMEOUT = 21 * HZ,
93 * Experimentation has determined that, 20 to be a good value
94 * for minimizing the jitter in the throughput.
96 I2400M_TX_QLEN = 20,
100 static
101 int i2400m_open(struct net_device *net_dev)
103 int result;
104 struct i2400m *i2400m = net_dev_to_i2400m(net_dev);
105 struct device *dev = i2400m_dev(i2400m);
107 d_fnstart(3, dev, "(net_dev %p [i2400m %p])\n", net_dev, i2400m);
108 /* Make sure we wait until init is complete... */
109 mutex_lock(&i2400m->init_mutex);
110 if (i2400m->updown)
111 result = 0;
112 else
113 result = -EBUSY;
114 mutex_unlock(&i2400m->init_mutex);
115 d_fnend(3, dev, "(net_dev %p [i2400m %p]) = %d\n",
116 net_dev, i2400m, result);
117 return result;
121 static
122 int i2400m_stop(struct net_device *net_dev)
124 struct i2400m *i2400m = net_dev_to_i2400m(net_dev);
125 struct device *dev = i2400m_dev(i2400m);
127 d_fnstart(3, dev, "(net_dev %p [i2400m %p])\n", net_dev, i2400m);
128 i2400m_net_wake_stop(i2400m);
129 d_fnend(3, dev, "(net_dev %p [i2400m %p]) = 0\n", net_dev, i2400m);
130 return 0;
135 * Wake up the device and transmit a held SKB, then restart the net queue
137 * When the device goes into basestation-idle mode, we need to tell it
138 * to exit that mode; it will negotiate with the base station, user
139 * space may have to intervene to rehandshake crypto and then tell us
140 * when it is ready to transmit the packet we have "queued". Still we
141 * need to give it sometime after it reports being ok.
143 * On error, there is not much we can do. If the error was on TX, we
144 * still wake the queue up to see if the next packet will be luckier.
146 * If _cmd_exit_idle() fails...well, it could be many things; most
147 * commonly it is that something else took the device out of IDLE mode
148 * (for example, the base station). In that case we get an -EILSEQ and
149 * we are just going to ignore that one. If the device is back to
150 * connected, then fine -- if it is someother state, the packet will
151 * be dropped anyway.
153 void i2400m_wake_tx_work(struct work_struct *ws)
155 int result;
156 struct i2400m *i2400m = container_of(ws, struct i2400m, wake_tx_ws);
157 struct net_device *net_dev = i2400m->wimax_dev.net_dev;
158 struct device *dev = i2400m_dev(i2400m);
159 struct sk_buff *skb = i2400m->wake_tx_skb;
160 unsigned long flags;
162 spin_lock_irqsave(&i2400m->tx_lock, flags);
163 skb = i2400m->wake_tx_skb;
164 i2400m->wake_tx_skb = NULL;
165 spin_unlock_irqrestore(&i2400m->tx_lock, flags);
167 d_fnstart(3, dev, "(ws %p i2400m %p skb %p)\n", ws, i2400m, skb);
168 result = -EINVAL;
169 if (skb == NULL) {
170 dev_err(dev, "WAKE&TX: skb disappeared!\n");
171 goto out_put;
173 /* If we have, somehow, lost the connection after this was
174 * queued, don't do anything; this might be the device got
175 * reset or just disconnected. */
176 if (unlikely(!netif_carrier_ok(net_dev)))
177 goto out_kfree;
178 result = i2400m_cmd_exit_idle(i2400m);
179 if (result == -EILSEQ)
180 result = 0;
181 if (result < 0) {
182 dev_err(dev, "WAKE&TX: device didn't get out of idle: "
183 "%d - resetting\n", result);
184 i2400m_reset(i2400m, I2400M_RT_BUS);
185 goto error;
187 result = wait_event_timeout(i2400m->state_wq,
188 i2400m->state != I2400M_SS_IDLE,
189 net_dev->watchdog_timeo - HZ/2);
190 if (result == 0)
191 result = -ETIMEDOUT;
192 if (result < 0) {
193 dev_err(dev, "WAKE&TX: error waiting for device to exit IDLE: "
194 "%d - resetting\n", result);
195 i2400m_reset(i2400m, I2400M_RT_BUS);
196 goto error;
198 msleep(20); /* device still needs some time or it drops it */
199 result = i2400m_tx(i2400m, skb->data, skb->len, I2400M_PT_DATA);
200 error:
201 netif_wake_queue(net_dev);
202 out_kfree:
203 kfree_skb(skb); /* refcount transferred by _hard_start_xmit() */
204 out_put:
205 i2400m_put(i2400m);
206 d_fnend(3, dev, "(ws %p i2400m %p skb %p) = void [%d]\n",
207 ws, i2400m, skb, result);
212 * Prepare the data payload TX header
214 * The i2400m expects a 4 byte header in front of a data packet.
216 * Because we pretend to be an ethernet device, this packet comes with
217 * an ethernet header. Pull it and push our header.
219 static
220 void i2400m_tx_prep_header(struct sk_buff *skb)
222 struct i2400m_pl_data_hdr *pl_hdr;
223 skb_pull(skb, ETH_HLEN);
224 pl_hdr = (struct i2400m_pl_data_hdr *) skb_push(skb, sizeof(*pl_hdr));
225 pl_hdr->reserved = 0;
231 * Cleanup resources acquired during i2400m_net_wake_tx()
233 * This is called by __i2400m_dev_stop and means we have to make sure
234 * the workqueue is flushed from any pending work.
236 void i2400m_net_wake_stop(struct i2400m *i2400m)
238 struct device *dev = i2400m_dev(i2400m);
240 d_fnstart(3, dev, "(i2400m %p)\n", i2400m);
241 /* See i2400m_hard_start_xmit(), references are taken there
242 * and here we release them if the work was still
243 * pending. Note we can't differentiate work not pending vs
244 * never scheduled, so the NULL check does that. */
245 if (cancel_work_sync(&i2400m->wake_tx_ws) == 0
246 && i2400m->wake_tx_skb != NULL) {
247 unsigned long flags;
248 struct sk_buff *wake_tx_skb;
249 spin_lock_irqsave(&i2400m->tx_lock, flags);
250 wake_tx_skb = i2400m->wake_tx_skb; /* compat help */
251 i2400m->wake_tx_skb = NULL; /* compat help */
252 spin_unlock_irqrestore(&i2400m->tx_lock, flags);
253 i2400m_put(i2400m);
254 kfree_skb(wake_tx_skb);
256 d_fnend(3, dev, "(i2400m %p) = void\n", i2400m);
261 * TX an skb to an idle device
263 * When the device is in basestation-idle mode, we need to wake it up
264 * and then TX. So we queue a work_struct for doing so.
266 * We need to get an extra ref for the skb (so it is not dropped), as
267 * well as be careful not to queue more than one request (won't help
268 * at all). If more than one request comes or there are errors, we
269 * just drop the packets (see i2400m_hard_start_xmit()).
271 static
272 int i2400m_net_wake_tx(struct i2400m *i2400m, struct net_device *net_dev,
273 struct sk_buff *skb)
275 int result;
276 struct device *dev = i2400m_dev(i2400m);
277 unsigned long flags;
279 d_fnstart(3, dev, "(skb %p net_dev %p)\n", skb, net_dev);
280 if (net_ratelimit()) {
281 d_printf(3, dev, "WAKE&NETTX: "
282 "skb %p sending %d bytes to radio\n",
283 skb, skb->len);
284 d_dump(4, dev, skb->data, skb->len);
286 /* We hold a ref count for i2400m and skb, so when
287 * stopping() the device, we need to cancel that work
288 * and if pending, release those resources. */
289 result = 0;
290 spin_lock_irqsave(&i2400m->tx_lock, flags);
291 if (!work_pending(&i2400m->wake_tx_ws)) {
292 netif_stop_queue(net_dev);
293 i2400m_get(i2400m);
294 i2400m->wake_tx_skb = skb_get(skb); /* transfer ref count */
295 i2400m_tx_prep_header(skb);
296 result = schedule_work(&i2400m->wake_tx_ws);
297 WARN_ON(result == 0);
299 spin_unlock_irqrestore(&i2400m->tx_lock, flags);
300 if (result == 0) {
301 /* Yes, this happens even if we stopped the
302 * queue -- blame the queue disciplines that
303 * queue without looking -- I guess there is a reason
304 * for that. */
305 if (net_ratelimit())
306 d_printf(1, dev, "NETTX: device exiting idle, "
307 "dropping skb %p, queue running %d\n",
308 skb, netif_queue_stopped(net_dev));
309 result = -EBUSY;
311 d_fnend(3, dev, "(skb %p net_dev %p) = %d\n", skb, net_dev, result);
312 return result;
317 * Transmit a packet to the base station on behalf of the network stack.
319 * Returns: 0 if ok, < 0 errno code on error.
321 * We need to pull the ethernet header and add the hardware header,
322 * which is currently set to all zeroes and reserved.
324 static
325 int i2400m_net_tx(struct i2400m *i2400m, struct net_device *net_dev,
326 struct sk_buff *skb)
328 int result;
329 struct device *dev = i2400m_dev(i2400m);
331 d_fnstart(3, dev, "(i2400m %p net_dev %p skb %p)\n",
332 i2400m, net_dev, skb);
333 /* FIXME: check eth hdr, only IPv4 is routed by the device as of now */
334 net_dev->trans_start = jiffies;
335 i2400m_tx_prep_header(skb);
336 d_printf(3, dev, "NETTX: skb %p sending %d bytes to radio\n",
337 skb, skb->len);
338 d_dump(4, dev, skb->data, skb->len);
339 result = i2400m_tx(i2400m, skb->data, skb->len, I2400M_PT_DATA);
340 d_fnend(3, dev, "(i2400m %p net_dev %p skb %p) = %d\n",
341 i2400m, net_dev, skb, result);
342 return result;
347 * Transmit a packet to the base station on behalf of the network stack
350 * Returns: NETDEV_TX_OK (always, even in case of error)
352 * In case of error, we just drop it. Reasons:
354 * - we add a hw header to each skb, and if the network stack
355 * retries, we have no way to know if that skb has it or not.
357 * - network protocols have their own drop-recovery mechanisms
359 * - there is not much else we can do
361 * If the device is idle, we need to wake it up; that is an operation
362 * that will sleep. See i2400m_net_wake_tx() for details.
364 static
365 netdev_tx_t i2400m_hard_start_xmit(struct sk_buff *skb,
366 struct net_device *net_dev)
368 struct i2400m *i2400m = net_dev_to_i2400m(net_dev);
369 struct device *dev = i2400m_dev(i2400m);
370 int result = -1;
372 d_fnstart(3, dev, "(skb %p net_dev %p)\n", skb, net_dev);
374 if (skb_header_cloned(skb) &&
375 pskb_expand_head(skb, 0, 0, GFP_ATOMIC))
376 goto drop;
378 if (i2400m->state == I2400M_SS_IDLE)
379 result = i2400m_net_wake_tx(i2400m, net_dev, skb);
380 else
381 result = i2400m_net_tx(i2400m, net_dev, skb);
382 if (result < 0) {
383 drop:
384 net_dev->stats.tx_dropped++;
385 } else {
386 net_dev->stats.tx_packets++;
387 net_dev->stats.tx_bytes += skb->len;
389 dev_kfree_skb(skb);
390 d_fnend(3, dev, "(skb %p net_dev %p) = %d\n", skb, net_dev, result);
391 return NETDEV_TX_OK;
395 static
396 int i2400m_change_mtu(struct net_device *net_dev, int new_mtu)
398 int result;
399 struct i2400m *i2400m = net_dev_to_i2400m(net_dev);
400 struct device *dev = i2400m_dev(i2400m);
402 if (new_mtu >= I2400M_MAX_MTU) {
403 dev_err(dev, "Cannot change MTU to %d (max is %d)\n",
404 new_mtu, I2400M_MAX_MTU);
405 result = -EINVAL;
406 } else {
407 net_dev->mtu = new_mtu;
408 result = 0;
410 return result;
414 static
415 void i2400m_tx_timeout(struct net_device *net_dev)
418 * We might want to kick the device
420 * There is not much we can do though, as the device requires
421 * that we send the data aggregated. By the time we receive
422 * this, there might be data pending to be sent or not...
424 net_dev->stats.tx_errors++;
429 * Create a fake ethernet header
431 * For emulating an ethernet device, every received IP header has to
432 * be prefixed with an ethernet header. Fake it with the given
433 * protocol.
435 static
436 void i2400m_rx_fake_eth_header(struct net_device *net_dev,
437 void *_eth_hdr, __be16 protocol)
439 struct i2400m *i2400m = net_dev_to_i2400m(net_dev);
440 struct ethhdr *eth_hdr = _eth_hdr;
442 memcpy(eth_hdr->h_dest, net_dev->dev_addr, sizeof(eth_hdr->h_dest));
443 memcpy(eth_hdr->h_source, i2400m->src_mac_addr,
444 sizeof(eth_hdr->h_source));
445 eth_hdr->h_proto = protocol;
450 * i2400m_net_rx - pass a network packet to the stack
452 * @i2400m: device instance
453 * @skb_rx: the skb where the buffer pointed to by @buf is
454 * @i: 1 if payload is the only one
455 * @buf: pointer to the buffer containing the data
456 * @len: buffer's length
458 * This is only used now for the v1.3 firmware. It will be deprecated
459 * in >= 2.6.31.
461 * Note that due to firmware limitations, we don't have space to add
462 * an ethernet header, so we need to copy each packet. Firmware
463 * versions >= v1.4 fix this [see i2400m_net_erx()].
465 * We just clone the skb and set it up so that it's skb->data pointer
466 * points to "buf" and it's length.
468 * Note that if the payload is the last (or the only one) in a
469 * multi-payload message, we don't clone the SKB but just reuse it.
471 * This function is normally run from a thread context. However, we
472 * still use netif_rx() instead of netif_receive_skb() as was
473 * recommended in the mailing list. Reason is in some stress tests
474 * when sending/receiving a lot of data we seem to hit a softlock in
475 * the kernel's TCP implementation [aroudn tcp_delay_timer()]. Using
476 * netif_rx() took care of the issue.
478 * This is, of course, still open to do more research on why running
479 * with netif_receive_skb() hits this softlock. FIXME.
481 * FIXME: currently we don't do any efforts at distinguishing if what
482 * we got was an IPv4 or IPv6 header, to setup the protocol field
483 * correctly.
485 void i2400m_net_rx(struct i2400m *i2400m, struct sk_buff *skb_rx,
486 unsigned i, const void *buf, int buf_len)
488 struct net_device *net_dev = i2400m->wimax_dev.net_dev;
489 struct device *dev = i2400m_dev(i2400m);
490 struct sk_buff *skb;
492 d_fnstart(2, dev, "(i2400m %p buf %p buf_len %d)\n",
493 i2400m, buf, buf_len);
494 if (i) {
495 skb = skb_get(skb_rx);
496 d_printf(2, dev, "RX: reusing first payload skb %p\n", skb);
497 skb_pull(skb, buf - (void *) skb->data);
498 skb_trim(skb, (void *) skb_end_pointer(skb) - buf);
499 } else {
500 /* Yes, this is bad -- a lot of overhead -- see
501 * comments at the top of the file */
502 skb = __netdev_alloc_skb(net_dev, buf_len, GFP_KERNEL);
503 if (skb == NULL) {
504 dev_err(dev, "NETRX: no memory to realloc skb\n");
505 net_dev->stats.rx_dropped++;
506 goto error_skb_realloc;
508 memcpy(skb_put(skb, buf_len), buf, buf_len);
510 i2400m_rx_fake_eth_header(i2400m->wimax_dev.net_dev,
511 skb->data - ETH_HLEN,
512 cpu_to_be16(ETH_P_IP));
513 skb_set_mac_header(skb, -ETH_HLEN);
514 skb->dev = i2400m->wimax_dev.net_dev;
515 skb->protocol = htons(ETH_P_IP);
516 net_dev->stats.rx_packets++;
517 net_dev->stats.rx_bytes += buf_len;
518 d_printf(3, dev, "NETRX: receiving %d bytes to network stack\n",
519 buf_len);
520 d_dump(4, dev, buf, buf_len);
521 netif_rx_ni(skb); /* see notes in function header */
522 error_skb_realloc:
523 d_fnend(2, dev, "(i2400m %p buf %p buf_len %d) = void\n",
524 i2400m, buf, buf_len);
529 * i2400m_net_erx - pass a network packet to the stack (extended version)
531 * @i2400m: device descriptor
532 * @skb: the skb where the packet is - the skb should be set to point
533 * at the IP packet; this function will add ethernet headers if
534 * needed.
535 * @cs: packet type
537 * This is only used now for firmware >= v1.4. Note it is quite
538 * similar to i2400m_net_rx() (used only for v1.3 firmware).
540 * This function is normally run from a thread context. However, we
541 * still use netif_rx() instead of netif_receive_skb() as was
542 * recommended in the mailing list. Reason is in some stress tests
543 * when sending/receiving a lot of data we seem to hit a softlock in
544 * the kernel's TCP implementation [aroudn tcp_delay_timer()]. Using
545 * netif_rx() took care of the issue.
547 * This is, of course, still open to do more research on why running
548 * with netif_receive_skb() hits this softlock. FIXME.
550 void i2400m_net_erx(struct i2400m *i2400m, struct sk_buff *skb,
551 enum i2400m_cs cs)
553 struct net_device *net_dev = i2400m->wimax_dev.net_dev;
554 struct device *dev = i2400m_dev(i2400m);
555 int protocol;
557 d_fnstart(2, dev, "(i2400m %p skb %p [%u] cs %d)\n",
558 i2400m, skb, skb->len, cs);
559 switch(cs) {
560 case I2400M_CS_IPV4_0:
561 case I2400M_CS_IPV4:
562 protocol = ETH_P_IP;
563 i2400m_rx_fake_eth_header(i2400m->wimax_dev.net_dev,
564 skb->data - ETH_HLEN,
565 cpu_to_be16(ETH_P_IP));
566 skb_set_mac_header(skb, -ETH_HLEN);
567 skb->dev = i2400m->wimax_dev.net_dev;
568 skb->protocol = htons(ETH_P_IP);
569 net_dev->stats.rx_packets++;
570 net_dev->stats.rx_bytes += skb->len;
571 break;
572 default:
573 dev_err(dev, "ERX: BUG? CS type %u unsupported\n", cs);
574 goto error;
577 d_printf(3, dev, "ERX: receiving %d bytes to the network stack\n",
578 skb->len);
579 d_dump(4, dev, skb->data, skb->len);
580 netif_rx_ni(skb); /* see notes in function header */
581 error:
582 d_fnend(2, dev, "(i2400m %p skb %p [%u] cs %d) = void\n",
583 i2400m, skb, skb->len, cs);
586 static const struct net_device_ops i2400m_netdev_ops = {
587 .ndo_open = i2400m_open,
588 .ndo_stop = i2400m_stop,
589 .ndo_start_xmit = i2400m_hard_start_xmit,
590 .ndo_tx_timeout = i2400m_tx_timeout,
591 .ndo_change_mtu = i2400m_change_mtu,
594 static void i2400m_get_drvinfo(struct net_device *net_dev,
595 struct ethtool_drvinfo *info)
597 struct i2400m *i2400m = net_dev_to_i2400m(net_dev);
599 strncpy(info->driver, KBUILD_MODNAME, sizeof(info->driver) - 1);
600 strncpy(info->fw_version,
601 i2400m->fw_name ? : "", sizeof(info->fw_version) - 1);
602 if (net_dev->dev.parent)
603 strncpy(info->bus_info, dev_name(net_dev->dev.parent),
604 sizeof(info->bus_info) - 1);
607 static const struct ethtool_ops i2400m_ethtool_ops = {
608 .get_drvinfo = i2400m_get_drvinfo,
609 .get_link = ethtool_op_get_link,
613 * i2400m_netdev_setup - Setup setup @net_dev's i2400m private data
615 * Called by alloc_netdev()
617 void i2400m_netdev_setup(struct net_device *net_dev)
619 d_fnstart(3, NULL, "(net_dev %p)\n", net_dev);
620 ether_setup(net_dev);
621 net_dev->mtu = I2400M_MAX_MTU;
622 net_dev->tx_queue_len = I2400M_TX_QLEN;
623 net_dev->features =
624 NETIF_F_VLAN_CHALLENGED
625 | NETIF_F_HIGHDMA;
626 net_dev->flags =
627 IFF_NOARP /* i2400m is apure IP device */
628 & (~IFF_BROADCAST /* i2400m is P2P */
629 & ~IFF_MULTICAST);
630 net_dev->watchdog_timeo = I2400M_TX_TIMEOUT;
631 net_dev->netdev_ops = &i2400m_netdev_ops;
632 net_dev->ethtool_ops = &i2400m_ethtool_ops;
633 d_fnend(3, NULL, "(net_dev %p) = void\n", net_dev);
635 EXPORT_SYMBOL_GPL(i2400m_netdev_setup);