Avoid beyond bounds copy while caching ACL
[zen-stable.git] / drivers / bluetooth / btwilink.c
blobb5f83b44a0cd18a42f32aa8b4398ea69b5b9ba2b
1 /*
2 * Texas Instrument's Bluetooth Driver For Shared Transport.
4 * Bluetooth Driver acts as interface between HCI core and
5 * TI Shared Transport Layer.
7 * Copyright (C) 2009-2010 Texas Instruments
8 * Author: Raja Mani <raja_mani@ti.com>
9 * Pavan Savoy <pavan_savoy@ti.com>
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License version 2 as
13 * published by the Free Software Foundation.
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, write to the Free Software
22 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
25 #define DEBUG
26 #include <linux/platform_device.h>
27 #include <net/bluetooth/bluetooth.h>
28 #include <net/bluetooth/hci_core.h>
29 #include <net/bluetooth/hci.h>
31 #include <linux/ti_wilink_st.h>
32 #include <linux/module.h>
34 /* Bluetooth Driver Version */
35 #define VERSION "1.0"
36 #define MAX_BT_CHNL_IDS 3
38 /* Number of seconds to wait for registration completion
39 * when ST returns PENDING status.
41 #define BT_REGISTER_TIMEOUT 6000 /* 6 sec */
43 /**
44 * struct ti_st - driver operation structure
45 * @hdev: hci device pointer which binds to bt driver
46 * @reg_status: ST registration callback status
47 * @st_write: write function provided by the ST driver
48 * to be used by the driver during send_frame.
49 * @wait_reg_completion - completion sync between ti_st_open
50 * and st_reg_completion_cb.
52 struct ti_st {
53 struct hci_dev *hdev;
54 char reg_status;
55 long (*st_write) (struct sk_buff *);
56 struct completion wait_reg_completion;
59 /* Increments HCI counters based on pocket ID (cmd,acl,sco) */
60 static inline void ti_st_tx_complete(struct ti_st *hst, int pkt_type)
62 struct hci_dev *hdev = hst->hdev;
64 /* Update HCI stat counters */
65 switch (pkt_type) {
66 case HCI_COMMAND_PKT:
67 hdev->stat.cmd_tx++;
68 break;
70 case HCI_ACLDATA_PKT:
71 hdev->stat.acl_tx++;
72 break;
74 case HCI_SCODATA_PKT:
75 hdev->stat.sco_tx++;
76 break;
80 /* ------- Interfaces to Shared Transport ------ */
82 /* Called by ST layer to indicate protocol registration completion
83 * status.ti_st_open() function will wait for signal from this
84 * API when st_register() function returns ST_PENDING.
86 static void st_reg_completion_cb(void *priv_data, char data)
88 struct ti_st *lhst = priv_data;
90 /* Save registration status for use in ti_st_open() */
91 lhst->reg_status = data;
92 /* complete the wait in ti_st_open() */
93 complete(&lhst->wait_reg_completion);
96 /* Called by Shared Transport layer when receive data is
97 * available */
98 static long st_receive(void *priv_data, struct sk_buff *skb)
100 struct ti_st *lhst = priv_data;
101 int err;
103 if (!skb)
104 return -EFAULT;
106 if (!lhst) {
107 kfree_skb(skb);
108 return -EFAULT;
111 skb->dev = (void *) lhst->hdev;
113 /* Forward skb to HCI core layer */
114 err = hci_recv_frame(skb);
115 if (err < 0) {
116 BT_ERR("Unable to push skb to HCI core(%d)", err);
117 return err;
120 lhst->hdev->stat.byte_rx += skb->len;
122 return 0;
125 /* ------- Interfaces to HCI layer ------ */
126 /* protocol structure registered with shared transport */
127 static struct st_proto_s ti_st_proto[MAX_BT_CHNL_IDS] = {
129 .chnl_id = HCI_EVENT_PKT, /* HCI Events */
130 .hdr_len = sizeof(struct hci_event_hdr),
131 .offset_len_in_hdr = offsetof(struct hci_event_hdr, plen),
132 .len_size = 1, /* sizeof(plen) in struct hci_event_hdr */
133 .reserve = 8,
136 .chnl_id = HCI_ACLDATA_PKT, /* ACL */
137 .hdr_len = sizeof(struct hci_acl_hdr),
138 .offset_len_in_hdr = offsetof(struct hci_acl_hdr, dlen),
139 .len_size = 2, /* sizeof(dlen) in struct hci_acl_hdr */
140 .reserve = 8,
143 .chnl_id = HCI_SCODATA_PKT, /* SCO */
144 .hdr_len = sizeof(struct hci_sco_hdr),
145 .offset_len_in_hdr = offsetof(struct hci_sco_hdr, dlen),
146 .len_size = 1, /* sizeof(dlen) in struct hci_sco_hdr */
147 .reserve = 8,
151 /* Called from HCI core to initialize the device */
152 static int ti_st_open(struct hci_dev *hdev)
154 unsigned long timeleft;
155 struct ti_st *hst;
156 int err, i;
158 BT_DBG("%s %p", hdev->name, hdev);
160 if (test_and_set_bit(HCI_RUNNING, &hdev->flags))
161 return -EBUSY;
163 /* provide contexts for callbacks from ST */
164 hst = hdev->driver_data;
166 for (i = 0; i < MAX_BT_CHNL_IDS; i++) {
167 ti_st_proto[i].priv_data = hst;
168 ti_st_proto[i].max_frame_size = HCI_MAX_FRAME_SIZE;
169 ti_st_proto[i].recv = st_receive;
170 ti_st_proto[i].reg_complete_cb = st_reg_completion_cb;
172 /* Prepare wait-for-completion handler */
173 init_completion(&hst->wait_reg_completion);
174 /* Reset ST registration callback status flag,
175 * this value will be updated in
176 * st_reg_completion_cb()
177 * function whenever it called from ST driver.
179 hst->reg_status = -EINPROGRESS;
181 err = st_register(&ti_st_proto[i]);
182 if (!err)
183 goto done;
185 if (err != -EINPROGRESS) {
186 clear_bit(HCI_RUNNING, &hdev->flags);
187 BT_ERR("st_register failed %d", err);
188 return err;
191 /* ST is busy with either protocol
192 * registration or firmware download.
194 BT_DBG("waiting for registration "
195 "completion signal from ST");
196 timeleft = wait_for_completion_timeout
197 (&hst->wait_reg_completion,
198 msecs_to_jiffies(BT_REGISTER_TIMEOUT));
199 if (!timeleft) {
200 clear_bit(HCI_RUNNING, &hdev->flags);
201 BT_ERR("Timeout(%d sec),didn't get reg "
202 "completion signal from ST",
203 BT_REGISTER_TIMEOUT / 1000);
204 return -ETIMEDOUT;
207 /* Is ST registration callback
208 * called with ERROR status? */
209 if (hst->reg_status != 0) {
210 clear_bit(HCI_RUNNING, &hdev->flags);
211 BT_ERR("ST registration completed with invalid "
212 "status %d", hst->reg_status);
213 return -EAGAIN;
216 done:
217 hst->st_write = ti_st_proto[i].write;
218 if (!hst->st_write) {
219 BT_ERR("undefined ST write function");
220 clear_bit(HCI_RUNNING, &hdev->flags);
221 for (i = 0; i < MAX_BT_CHNL_IDS; i++) {
222 /* Undo registration with ST */
223 err = st_unregister(&ti_st_proto[i]);
224 if (err)
225 BT_ERR("st_unregister() failed with "
226 "error %d", err);
227 hst->st_write = NULL;
229 return -EIO;
232 return 0;
235 /* Close device */
236 static int ti_st_close(struct hci_dev *hdev)
238 int err, i;
239 struct ti_st *hst = hdev->driver_data;
241 if (!test_and_clear_bit(HCI_RUNNING, &hdev->flags))
242 return 0;
244 for (i = MAX_BT_CHNL_IDS-1; i >= 0; i--) {
245 err = st_unregister(&ti_st_proto[i]);
246 if (err)
247 BT_ERR("st_unregister(%d) failed with error %d",
248 ti_st_proto[i].chnl_id, err);
251 hst->st_write = NULL;
253 return err;
256 static int ti_st_send_frame(struct sk_buff *skb)
258 struct hci_dev *hdev;
259 struct ti_st *hst;
260 long len;
262 hdev = (struct hci_dev *)skb->dev;
264 if (!test_bit(HCI_RUNNING, &hdev->flags))
265 return -EBUSY;
267 hst = hdev->driver_data;
269 /* Prepend skb with frame type */
270 memcpy(skb_push(skb, 1), &bt_cb(skb)->pkt_type, 1);
272 BT_DBG("%s: type %d len %d", hdev->name, bt_cb(skb)->pkt_type,
273 skb->len);
275 /* Insert skb to shared transport layer's transmit queue.
276 * Freeing skb memory is taken care in shared transport layer,
277 * so don't free skb memory here.
279 len = hst->st_write(skb);
280 if (len < 0) {
281 kfree_skb(skb);
282 BT_ERR("ST write failed (%ld)", len);
283 /* Try Again, would only fail if UART has gone bad */
284 return -EAGAIN;
287 /* ST accepted our skb. So, Go ahead and do rest */
288 hdev->stat.byte_tx += len;
289 ti_st_tx_complete(hst, bt_cb(skb)->pkt_type);
291 return 0;
294 static void ti_st_destruct(struct hci_dev *hdev)
296 BT_DBG("%s", hdev->name);
297 /* do nothing here, since platform remove
298 * would free the hdev->driver_data
302 static int bt_ti_probe(struct platform_device *pdev)
304 static struct ti_st *hst;
305 struct hci_dev *hdev;
306 int err;
308 hst = kzalloc(sizeof(struct ti_st), GFP_KERNEL);
309 if (!hst)
310 return -ENOMEM;
312 /* Expose "hciX" device to user space */
313 hdev = hci_alloc_dev();
314 if (!hdev) {
315 kfree(hst);
316 return -ENOMEM;
319 BT_DBG("hdev %p", hdev);
321 hst->hdev = hdev;
322 hdev->bus = HCI_UART;
323 hdev->driver_data = hst;
324 hdev->open = ti_st_open;
325 hdev->close = ti_st_close;
326 hdev->flush = NULL;
327 hdev->send = ti_st_send_frame;
328 hdev->destruct = ti_st_destruct;
329 hdev->owner = THIS_MODULE;
331 err = hci_register_dev(hdev);
332 if (err < 0) {
333 BT_ERR("Can't register HCI device error %d", err);
334 kfree(hst);
335 hci_free_dev(hdev);
336 return err;
339 BT_DBG("HCI device registered (hdev %p)", hdev);
341 dev_set_drvdata(&pdev->dev, hst);
342 return err;
345 static int bt_ti_remove(struct platform_device *pdev)
347 struct hci_dev *hdev;
348 struct ti_st *hst = dev_get_drvdata(&pdev->dev);
350 if (!hst)
351 return -EFAULT;
353 BT_DBG("%s", hst->hdev->name);
355 hdev = hst->hdev;
356 ti_st_close(hdev);
357 hci_unregister_dev(hdev);
359 hci_free_dev(hdev);
360 kfree(hst);
362 dev_set_drvdata(&pdev->dev, NULL);
363 return 0;
366 static struct platform_driver btwilink_driver = {
367 .probe = bt_ti_probe,
368 .remove = bt_ti_remove,
369 .driver = {
370 .name = "btwilink",
371 .owner = THIS_MODULE,
375 /* ------- Module Init/Exit interfaces ------ */
376 static int __init btwilink_init(void)
378 BT_INFO("Bluetooth Driver for TI WiLink - Version %s", VERSION);
380 return platform_driver_register(&btwilink_driver);
383 static void __exit btwilink_exit(void)
385 platform_driver_unregister(&btwilink_driver);
388 module_init(btwilink_init);
389 module_exit(btwilink_exit);
391 /* ------ Module Info ------ */
393 MODULE_AUTHOR("Raja Mani <raja_mani@ti.com>");
394 MODULE_DESCRIPTION("Bluetooth Driver for TI Shared Transport" VERSION);
395 MODULE_VERSION(VERSION);
396 MODULE_LICENSE("GPL");