Avoid reading past buffer when calling GETACL
[zen-stable.git] / drivers / pcmcia / pcmcia_cis.c
blobe2c92415b8924a89c27e6759652b4a7e5726139b
1 /*
2 * PCMCIA high-level CIS access functions
4 * The initial developer of the original code is David A. Hinds
5 * <dahinds@users.sourceforge.net>. Portions created by David A. Hinds
6 * are Copyright (C) 1999 David A. Hinds. All Rights Reserved.
8 * Copyright (C) 1999 David A. Hinds
9 * Copyright (C) 2004-2010 Dominik Brodowski
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License version 2 as
13 * published by the Free Software Foundation.
17 #include <linux/slab.h>
18 #include <linux/module.h>
19 #include <linux/kernel.h>
20 #include <linux/netdevice.h>
22 #include <pcmcia/cisreg.h>
23 #include <pcmcia/cistpl.h>
24 #include <pcmcia/ss.h>
25 #include <pcmcia/ds.h>
26 #include "cs_internal.h"
29 /**
30 * pccard_read_tuple() - internal CIS tuple access
31 * @s: the struct pcmcia_socket where the card is inserted
32 * @function: the device function we loop for
33 * @code: which CIS code shall we look for?
34 * @parse: buffer where the tuple shall be parsed (or NULL, if no parse)
36 * pccard_read_tuple() reads out one tuple and attempts to parse it
38 int pccard_read_tuple(struct pcmcia_socket *s, unsigned int function,
39 cisdata_t code, void *parse)
41 tuple_t tuple;
42 cisdata_t *buf;
43 int ret;
45 buf = kmalloc(256, GFP_KERNEL);
46 if (buf == NULL) {
47 dev_printk(KERN_WARNING, &s->dev, "no memory to read tuple\n");
48 return -ENOMEM;
50 tuple.DesiredTuple = code;
51 tuple.Attributes = 0;
52 if (function == BIND_FN_ALL)
53 tuple.Attributes = TUPLE_RETURN_COMMON;
54 ret = pccard_get_first_tuple(s, function, &tuple);
55 if (ret != 0)
56 goto done;
57 tuple.TupleData = buf;
58 tuple.TupleOffset = 0;
59 tuple.TupleDataMax = 255;
60 ret = pccard_get_tuple_data(s, &tuple);
61 if (ret != 0)
62 goto done;
63 ret = pcmcia_parse_tuple(&tuple, parse);
64 done:
65 kfree(buf);
66 return ret;
70 /**
71 * pccard_loop_tuple() - loop over tuples in the CIS
72 * @s: the struct pcmcia_socket where the card is inserted
73 * @function: the device function we loop for
74 * @code: which CIS code shall we look for?
75 * @parse: buffer where the tuple shall be parsed (or NULL, if no parse)
76 * @priv_data: private data to be passed to the loop_tuple function.
77 * @loop_tuple: function to call for each CIS entry of type @function. IT
78 * gets passed the raw tuple, the paresed tuple (if @parse is
79 * set) and @priv_data.
81 * pccard_loop_tuple() loops over all CIS entries of type @function, and
82 * calls the @loop_tuple function for each entry. If the call to @loop_tuple
83 * returns 0, the loop exits. Returns 0 on success or errorcode otherwise.
85 int pccard_loop_tuple(struct pcmcia_socket *s, unsigned int function,
86 cisdata_t code, cisparse_t *parse, void *priv_data,
87 int (*loop_tuple) (tuple_t *tuple,
88 cisparse_t *parse,
89 void *priv_data))
91 tuple_t tuple;
92 cisdata_t *buf;
93 int ret;
95 buf = kzalloc(256, GFP_KERNEL);
96 if (buf == NULL) {
97 dev_printk(KERN_WARNING, &s->dev, "no memory to read tuple\n");
98 return -ENOMEM;
101 tuple.TupleData = buf;
102 tuple.TupleDataMax = 255;
103 tuple.TupleOffset = 0;
104 tuple.DesiredTuple = code;
105 tuple.Attributes = 0;
107 ret = pccard_get_first_tuple(s, function, &tuple);
108 while (!ret) {
109 if (pccard_get_tuple_data(s, &tuple))
110 goto next_entry;
112 if (parse)
113 if (pcmcia_parse_tuple(&tuple, parse))
114 goto next_entry;
116 ret = loop_tuple(&tuple, parse, priv_data);
117 if (!ret)
118 break;
120 next_entry:
121 ret = pccard_get_next_tuple(s, function, &tuple);
124 kfree(buf);
125 return ret;
130 * pcmcia_io_cfg_data_width() - convert cfgtable to data path width parameter
132 static int pcmcia_io_cfg_data_width(unsigned int flags)
134 if (!(flags & CISTPL_IO_8BIT))
135 return IO_DATA_PATH_WIDTH_16;
136 if (!(flags & CISTPL_IO_16BIT))
137 return IO_DATA_PATH_WIDTH_8;
138 return IO_DATA_PATH_WIDTH_AUTO;
142 struct pcmcia_cfg_mem {
143 struct pcmcia_device *p_dev;
144 int (*conf_check) (struct pcmcia_device *p_dev, void *priv_data);
145 void *priv_data;
146 cisparse_t parse;
147 cistpl_cftable_entry_t dflt;
151 * pcmcia_do_loop_config() - internal helper for pcmcia_loop_config()
153 * pcmcia_do_loop_config() is the internal callback for the call from
154 * pcmcia_loop_config() to pccard_loop_tuple(). Data is transferred
155 * by a struct pcmcia_cfg_mem.
157 static int pcmcia_do_loop_config(tuple_t *tuple, cisparse_t *parse, void *priv)
159 struct pcmcia_cfg_mem *cfg_mem = priv;
160 struct pcmcia_device *p_dev = cfg_mem->p_dev;
161 cistpl_cftable_entry_t *cfg = &parse->cftable_entry;
162 cistpl_cftable_entry_t *dflt = &cfg_mem->dflt;
163 unsigned int flags = p_dev->config_flags;
164 unsigned int vcc = p_dev->socket->socket.Vcc;
166 dev_dbg(&p_dev->dev, "testing configuration %x, autoconf %x\n",
167 cfg->index, flags);
169 /* default values */
170 cfg_mem->p_dev->config_index = cfg->index;
171 if (cfg->flags & CISTPL_CFTABLE_DEFAULT)
172 cfg_mem->dflt = *cfg;
174 /* check for matching Vcc? */
175 if (flags & CONF_AUTO_CHECK_VCC) {
176 if (cfg->vcc.present & (1 << CISTPL_POWER_VNOM)) {
177 if (vcc != cfg->vcc.param[CISTPL_POWER_VNOM] / 10000)
178 return -ENODEV;
179 } else if (dflt->vcc.present & (1 << CISTPL_POWER_VNOM)) {
180 if (vcc != dflt->vcc.param[CISTPL_POWER_VNOM] / 10000)
181 return -ENODEV;
185 /* set Vpp? */
186 if (flags & CONF_AUTO_SET_VPP) {
187 if (cfg->vpp1.present & (1 << CISTPL_POWER_VNOM))
188 p_dev->vpp = cfg->vpp1.param[CISTPL_POWER_VNOM] / 10000;
189 else if (dflt->vpp1.present & (1 << CISTPL_POWER_VNOM))
190 p_dev->vpp =
191 dflt->vpp1.param[CISTPL_POWER_VNOM] / 10000;
194 /* enable audio? */
195 if ((flags & CONF_AUTO_AUDIO) && (cfg->flags & CISTPL_CFTABLE_AUDIO))
196 p_dev->config_flags |= CONF_ENABLE_SPKR;
199 /* IO window settings? */
200 if (flags & CONF_AUTO_SET_IO) {
201 cistpl_io_t *io = (cfg->io.nwin) ? &cfg->io : &dflt->io;
202 int i = 0;
204 p_dev->resource[0]->start = p_dev->resource[0]->end = 0;
205 p_dev->resource[1]->start = p_dev->resource[1]->end = 0;
206 if (io->nwin == 0)
207 return -ENODEV;
209 p_dev->resource[0]->flags &= ~IO_DATA_PATH_WIDTH;
210 p_dev->resource[0]->flags |=
211 pcmcia_io_cfg_data_width(io->flags);
212 if (io->nwin > 1) {
213 /* For multifunction cards, by convention, we
214 * configure the network function with window 0,
215 * and serial with window 1 */
216 i = (io->win[1].len > io->win[0].len);
217 p_dev->resource[1]->flags = p_dev->resource[0]->flags;
218 p_dev->resource[1]->start = io->win[1-i].base;
219 p_dev->resource[1]->end = io->win[1-i].len;
221 p_dev->resource[0]->start = io->win[i].base;
222 p_dev->resource[0]->end = io->win[i].len;
223 p_dev->io_lines = io->flags & CISTPL_IO_LINES_MASK;
226 /* MEM window settings? */
227 if (flags & CONF_AUTO_SET_IOMEM) {
228 /* so far, we only set one memory window */
229 cistpl_mem_t *mem = (cfg->mem.nwin) ? &cfg->mem : &dflt->mem;
231 p_dev->resource[2]->start = p_dev->resource[2]->end = 0;
232 if (mem->nwin == 0)
233 return -ENODEV;
235 p_dev->resource[2]->start = mem->win[0].host_addr;
236 p_dev->resource[2]->end = mem->win[0].len;
237 if (p_dev->resource[2]->end < 0x1000)
238 p_dev->resource[2]->end = 0x1000;
239 p_dev->card_addr = mem->win[0].card_addr;
242 dev_dbg(&p_dev->dev,
243 "checking configuration %x: %pr %pr %pr (%d lines)\n",
244 p_dev->config_index, p_dev->resource[0], p_dev->resource[1],
245 p_dev->resource[2], p_dev->io_lines);
247 return cfg_mem->conf_check(p_dev, cfg_mem->priv_data);
251 * pcmcia_loop_config() - loop over configuration options
252 * @p_dev: the struct pcmcia_device which we need to loop for.
253 * @conf_check: function to call for each configuration option.
254 * It gets passed the struct pcmcia_device and private data
255 * being passed to pcmcia_loop_config()
256 * @priv_data: private data to be passed to the conf_check function.
258 * pcmcia_loop_config() loops over all configuration options, and calls
259 * the driver-specific conf_check() for each one, checking whether
260 * it is a valid one. Returns 0 on success or errorcode otherwise.
262 int pcmcia_loop_config(struct pcmcia_device *p_dev,
263 int (*conf_check) (struct pcmcia_device *p_dev,
264 void *priv_data),
265 void *priv_data)
267 struct pcmcia_cfg_mem *cfg_mem;
268 int ret;
270 cfg_mem = kzalloc(sizeof(struct pcmcia_cfg_mem), GFP_KERNEL);
271 if (cfg_mem == NULL)
272 return -ENOMEM;
274 cfg_mem->p_dev = p_dev;
275 cfg_mem->conf_check = conf_check;
276 cfg_mem->priv_data = priv_data;
278 ret = pccard_loop_tuple(p_dev->socket, p_dev->func,
279 CISTPL_CFTABLE_ENTRY, &cfg_mem->parse,
280 cfg_mem, pcmcia_do_loop_config);
282 kfree(cfg_mem);
283 return ret;
285 EXPORT_SYMBOL(pcmcia_loop_config);
288 struct pcmcia_loop_mem {
289 struct pcmcia_device *p_dev;
290 void *priv_data;
291 int (*loop_tuple) (struct pcmcia_device *p_dev,
292 tuple_t *tuple,
293 void *priv_data);
297 * pcmcia_do_loop_tuple() - internal helper for pcmcia_loop_config()
299 * pcmcia_do_loop_tuple() is the internal callback for the call from
300 * pcmcia_loop_tuple() to pccard_loop_tuple(). Data is transferred
301 * by a struct pcmcia_cfg_mem.
303 static int pcmcia_do_loop_tuple(tuple_t *tuple, cisparse_t *parse, void *priv)
305 struct pcmcia_loop_mem *loop = priv;
307 return loop->loop_tuple(loop->p_dev, tuple, loop->priv_data);
311 * pcmcia_loop_tuple() - loop over tuples in the CIS
312 * @p_dev: the struct pcmcia_device which we need to loop for.
313 * @code: which CIS code shall we look for?
314 * @priv_data: private data to be passed to the loop_tuple function.
315 * @loop_tuple: function to call for each CIS entry of type @function. IT
316 * gets passed the raw tuple and @priv_data.
318 * pcmcia_loop_tuple() loops over all CIS entries of type @function, and
319 * calls the @loop_tuple function for each entry. If the call to @loop_tuple
320 * returns 0, the loop exits. Returns 0 on success or errorcode otherwise.
322 int pcmcia_loop_tuple(struct pcmcia_device *p_dev, cisdata_t code,
323 int (*loop_tuple) (struct pcmcia_device *p_dev,
324 tuple_t *tuple,
325 void *priv_data),
326 void *priv_data)
328 struct pcmcia_loop_mem loop = {
329 .p_dev = p_dev,
330 .loop_tuple = loop_tuple,
331 .priv_data = priv_data};
333 return pccard_loop_tuple(p_dev->socket, p_dev->func, code, NULL,
334 &loop, pcmcia_do_loop_tuple);
336 EXPORT_SYMBOL(pcmcia_loop_tuple);
339 struct pcmcia_loop_get {
340 size_t len;
341 cisdata_t **buf;
345 * pcmcia_do_get_tuple() - internal helper for pcmcia_get_tuple()
347 * pcmcia_do_get_tuple() is the internal callback for the call from
348 * pcmcia_get_tuple() to pcmcia_loop_tuple(). As we're only interested in
349 * the first tuple, return 0 unconditionally. Create a memory buffer large
350 * enough to hold the content of the tuple, and fill it with the tuple data.
351 * The caller is responsible to free the buffer.
353 static int pcmcia_do_get_tuple(struct pcmcia_device *p_dev, tuple_t *tuple,
354 void *priv)
356 struct pcmcia_loop_get *get = priv;
358 *get->buf = kzalloc(tuple->TupleDataLen, GFP_KERNEL);
359 if (*get->buf) {
360 get->len = tuple->TupleDataLen;
361 memcpy(*get->buf, tuple->TupleData, tuple->TupleDataLen);
362 } else
363 dev_dbg(&p_dev->dev, "do_get_tuple: out of memory\n");
364 return 0;
368 * pcmcia_get_tuple() - get first tuple from CIS
369 * @p_dev: the struct pcmcia_device which we need to loop for.
370 * @code: which CIS code shall we look for?
371 * @buf: pointer to store the buffer to.
373 * pcmcia_get_tuple() gets the content of the first CIS entry of type @code.
374 * It returns the buffer length (or zero). The caller is responsible to free
375 * the buffer passed in @buf.
377 size_t pcmcia_get_tuple(struct pcmcia_device *p_dev, cisdata_t code,
378 unsigned char **buf)
380 struct pcmcia_loop_get get = {
381 .len = 0,
382 .buf = buf,
385 *get.buf = NULL;
386 pcmcia_loop_tuple(p_dev, code, pcmcia_do_get_tuple, &get);
388 return get.len;
390 EXPORT_SYMBOL(pcmcia_get_tuple);
394 * pcmcia_do_get_mac() - internal helper for pcmcia_get_mac_from_cis()
396 * pcmcia_do_get_mac() is the internal callback for the call from
397 * pcmcia_get_mac_from_cis() to pcmcia_loop_tuple(). We check whether the
398 * tuple contains a proper LAN_NODE_ID of length 6, and copy the data
399 * to struct net_device->dev_addr[i].
401 static int pcmcia_do_get_mac(struct pcmcia_device *p_dev, tuple_t *tuple,
402 void *priv)
404 struct net_device *dev = priv;
405 int i;
407 if (tuple->TupleData[0] != CISTPL_FUNCE_LAN_NODE_ID)
408 return -EINVAL;
409 if (tuple->TupleDataLen < ETH_ALEN + 2) {
410 dev_warn(&p_dev->dev, "Invalid CIS tuple length for "
411 "LAN_NODE_ID\n");
412 return -EINVAL;
415 if (tuple->TupleData[1] != ETH_ALEN) {
416 dev_warn(&p_dev->dev, "Invalid header for LAN_NODE_ID\n");
417 return -EINVAL;
419 for (i = 0; i < 6; i++)
420 dev->dev_addr[i] = tuple->TupleData[i+2];
421 return 0;
425 * pcmcia_get_mac_from_cis() - read out MAC address from CISTPL_FUNCE
426 * @p_dev: the struct pcmcia_device for which we want the address.
427 * @dev: a properly prepared struct net_device to store the info to.
429 * pcmcia_get_mac_from_cis() reads out the hardware MAC address from
430 * CISTPL_FUNCE and stores it into struct net_device *dev->dev_addr which
431 * must be set up properly by the driver (see examples!).
433 int pcmcia_get_mac_from_cis(struct pcmcia_device *p_dev, struct net_device *dev)
435 return pcmcia_loop_tuple(p_dev, CISTPL_FUNCE, pcmcia_do_get_mac, dev);
437 EXPORT_SYMBOL(pcmcia_get_mac_from_cis);