Avoid beyond bounds copy while caching ACL
[zen-stable.git] / drivers / media / video / gspca / jl2005bcd.c
blob53f58ef367cfa5bea36100d884e7225c07aa341b
1 /*
2 * Jeilin JL2005B/C/D library
4 * Copyright (C) 2011 Theodore Kilgore <kilgota@auburn.edu>
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
21 #define MODULE_NAME "jl2005bcd"
23 #include <linux/workqueue.h>
24 #include <linux/slab.h>
25 #include "gspca.h"
28 MODULE_AUTHOR("Theodore Kilgore <kilgota@auburn.edu>");
29 MODULE_DESCRIPTION("JL2005B/C/D USB Camera Driver");
30 MODULE_LICENSE("GPL");
32 /* Default timeouts, in ms */
33 #define JL2005C_CMD_TIMEOUT 500
34 #define JL2005C_DATA_TIMEOUT 1000
36 /* Maximum transfer size to use. */
37 #define JL2005C_MAX_TRANSFER 0x200
38 #define FRAME_HEADER_LEN 16
41 /* specific webcam descriptor */
42 struct sd {
43 struct gspca_dev gspca_dev; /* !! must be the first item */
44 unsigned char firmware_id[6];
45 const struct v4l2_pix_format *cap_mode;
46 /* Driver stuff */
47 struct work_struct work_struct;
48 struct workqueue_struct *work_thread;
49 u8 frame_brightness;
50 int block_size; /* block size of camera */
51 int vga; /* 1 if vga cam, 0 if cif cam */
55 /* Camera has two resolution settings. What they are depends on model. */
56 static const struct v4l2_pix_format cif_mode[] = {
57 {176, 144, V4L2_PIX_FMT_JL2005BCD, V4L2_FIELD_NONE,
58 .bytesperline = 176,
59 .sizeimage = 176 * 144,
60 .colorspace = V4L2_COLORSPACE_SRGB,
61 .priv = 0},
62 {352, 288, V4L2_PIX_FMT_JL2005BCD, V4L2_FIELD_NONE,
63 .bytesperline = 352,
64 .sizeimage = 352 * 288,
65 .colorspace = V4L2_COLORSPACE_SRGB,
66 .priv = 0},
69 static const struct v4l2_pix_format vga_mode[] = {
70 {320, 240, V4L2_PIX_FMT_JL2005BCD, V4L2_FIELD_NONE,
71 .bytesperline = 320,
72 .sizeimage = 320 * 240,
73 .colorspace = V4L2_COLORSPACE_SRGB,
74 .priv = 0},
75 {640, 480, V4L2_PIX_FMT_JL2005BCD, V4L2_FIELD_NONE,
76 .bytesperline = 640,
77 .sizeimage = 640 * 480,
78 .colorspace = V4L2_COLORSPACE_SRGB,
79 .priv = 0},
83 * cam uses endpoint 0x03 to send commands, 0x84 for read commands,
84 * and 0x82 for bulk data transfer.
87 /* All commands are two bytes only */
88 static int jl2005c_write2(struct gspca_dev *gspca_dev, unsigned char *command)
90 int retval;
92 memcpy(gspca_dev->usb_buf, command, 2);
93 retval = usb_bulk_msg(gspca_dev->dev,
94 usb_sndbulkpipe(gspca_dev->dev, 3),
95 gspca_dev->usb_buf, 2, NULL, 500);
96 if (retval < 0)
97 pr_err("command write [%02x] error %d\n",
98 gspca_dev->usb_buf[0], retval);
99 return retval;
102 /* Response to a command is one byte in usb_buf[0], only if requested. */
103 static int jl2005c_read1(struct gspca_dev *gspca_dev)
105 int retval;
107 retval = usb_bulk_msg(gspca_dev->dev,
108 usb_rcvbulkpipe(gspca_dev->dev, 0x84),
109 gspca_dev->usb_buf, 1, NULL, 500);
110 if (retval < 0)
111 pr_err("read command [0x%02x] error %d\n",
112 gspca_dev->usb_buf[0], retval);
113 return retval;
116 /* Response appears in gspca_dev->usb_buf[0] */
117 static int jl2005c_read_reg(struct gspca_dev *gspca_dev, unsigned char reg)
119 int retval;
121 static u8 instruction[2] = {0x95, 0x00};
122 /* put register to read in byte 1 */
123 instruction[1] = reg;
124 /* Send the read request */
125 retval = jl2005c_write2(gspca_dev, instruction);
126 if (retval < 0)
127 return retval;
128 retval = jl2005c_read1(gspca_dev);
130 return retval;
133 static int jl2005c_start_new_frame(struct gspca_dev *gspca_dev)
135 int i;
136 int retval;
137 int frame_brightness = 0;
139 static u8 instruction[2] = {0x7f, 0x01};
141 retval = jl2005c_write2(gspca_dev, instruction);
142 if (retval < 0)
143 return retval;
145 i = 0;
146 while (i < 20 && !frame_brightness) {
147 /* If we tried 20 times, give up. */
148 retval = jl2005c_read_reg(gspca_dev, 0x7e);
149 if (retval < 0)
150 return retval;
151 frame_brightness = gspca_dev->usb_buf[0];
152 retval = jl2005c_read_reg(gspca_dev, 0x7d);
153 if (retval < 0)
154 return retval;
155 i++;
157 PDEBUG(D_FRAM, "frame_brightness is 0x%02x", gspca_dev->usb_buf[0]);
158 return retval;
161 static int jl2005c_write_reg(struct gspca_dev *gspca_dev, unsigned char reg,
162 unsigned char value)
164 int retval;
165 u8 instruction[2];
167 instruction[0] = reg;
168 instruction[1] = value;
170 retval = jl2005c_write2(gspca_dev, instruction);
171 if (retval < 0)
172 return retval;
174 return retval;
177 static int jl2005c_get_firmware_id(struct gspca_dev *gspca_dev)
179 struct sd *sd = (struct sd *)gspca_dev;
180 int i = 0;
181 int retval = -1;
182 unsigned char regs_to_read[] = {0x57, 0x02, 0x03, 0x5d, 0x5e, 0x5f};
184 PDEBUG(D_PROBE, "Running jl2005c_get_firmware_id");
185 /* Read the first ID byte once for warmup */
186 retval = jl2005c_read_reg(gspca_dev, regs_to_read[0]);
187 PDEBUG(D_PROBE, "response is %02x", gspca_dev->usb_buf[0]);
188 if (retval < 0)
189 return retval;
190 /* Now actually get the ID string */
191 for (i = 0; i < 6; i++) {
192 retval = jl2005c_read_reg(gspca_dev, regs_to_read[i]);
193 if (retval < 0)
194 return retval;
195 sd->firmware_id[i] = gspca_dev->usb_buf[0];
197 PDEBUG(D_PROBE, "firmware ID is %02x%02x%02x%02x%02x%02x",
198 sd->firmware_id[0],
199 sd->firmware_id[1],
200 sd->firmware_id[2],
201 sd->firmware_id[3],
202 sd->firmware_id[4],
203 sd->firmware_id[5]);
204 return 0;
207 static int jl2005c_stream_start_vga_lg
208 (struct gspca_dev *gspca_dev)
210 int i;
211 int retval = -1;
212 static u8 instruction[][2] = {
213 {0x05, 0x00},
214 {0x7c, 0x00},
215 {0x7d, 0x18},
216 {0x02, 0x00},
217 {0x01, 0x00},
218 {0x04, 0x52},
221 for (i = 0; i < ARRAY_SIZE(instruction); i++) {
222 msleep(60);
223 retval = jl2005c_write2(gspca_dev, instruction[i]);
224 if (retval < 0)
225 return retval;
227 msleep(60);
228 return retval;
231 static int jl2005c_stream_start_vga_small(struct gspca_dev *gspca_dev)
233 int i;
234 int retval = -1;
235 static u8 instruction[][2] = {
236 {0x06, 0x00},
237 {0x7c, 0x00},
238 {0x7d, 0x1a},
239 {0x02, 0x00},
240 {0x01, 0x00},
241 {0x04, 0x52},
244 for (i = 0; i < ARRAY_SIZE(instruction); i++) {
245 msleep(60);
246 retval = jl2005c_write2(gspca_dev, instruction[i]);
247 if (retval < 0)
248 return retval;
250 msleep(60);
251 return retval;
254 static int jl2005c_stream_start_cif_lg(struct gspca_dev *gspca_dev)
256 int i;
257 int retval = -1;
258 static u8 instruction[][2] = {
259 {0x05, 0x00},
260 {0x7c, 0x00},
261 {0x7d, 0x30},
262 {0x02, 0x00},
263 {0x01, 0x00},
264 {0x04, 0x42},
267 for (i = 0; i < ARRAY_SIZE(instruction); i++) {
268 msleep(60);
269 retval = jl2005c_write2(gspca_dev, instruction[i]);
270 if (retval < 0)
271 return retval;
273 msleep(60);
274 return retval;
277 static int jl2005c_stream_start_cif_small(struct gspca_dev *gspca_dev)
279 int i;
280 int retval = -1;
281 static u8 instruction[][2] = {
282 {0x06, 0x00},
283 {0x7c, 0x00},
284 {0x7d, 0x32},
285 {0x02, 0x00},
286 {0x01, 0x00},
287 {0x04, 0x42},
290 for (i = 0; i < ARRAY_SIZE(instruction); i++) {
291 msleep(60);
292 retval = jl2005c_write2(gspca_dev, instruction[i]);
293 if (retval < 0)
294 return retval;
296 msleep(60);
297 return retval;
301 static int jl2005c_stop(struct gspca_dev *gspca_dev)
303 int retval;
305 retval = jl2005c_write_reg(gspca_dev, 0x07, 0x00);
306 return retval;
309 /* This function is called as a workqueue function and runs whenever the camera
310 * is streaming data. Because it is a workqueue function it is allowed to sleep
311 * so we can use synchronous USB calls. To avoid possible collisions with other
312 * threads attempting to use the camera's USB interface the gspca usb_lock is
313 * used when performing the one USB control operation inside the workqueue,
314 * which tells the camera to close the stream. In practice the only thing
315 * which needs to be protected against is the usb_set_interface call that
316 * gspca makes during stream_off. Otherwise the camera doesn't provide any
317 * controls that the user could try to change.
319 static void jl2005c_dostream(struct work_struct *work)
321 struct sd *dev = container_of(work, struct sd, work_struct);
322 struct gspca_dev *gspca_dev = &dev->gspca_dev;
323 int bytes_left = 0; /* bytes remaining in current frame. */
324 int data_len; /* size to use for the next read. */
325 int header_read = 0;
326 unsigned char header_sig[2] = {0x4a, 0x4c};
327 int act_len;
328 int packet_type;
329 int ret;
330 u8 *buffer;
332 buffer = kmalloc(JL2005C_MAX_TRANSFER, GFP_KERNEL | GFP_DMA);
333 if (!buffer) {
334 pr_err("Couldn't allocate USB buffer\n");
335 goto quit_stream;
338 while (gspca_dev->present && gspca_dev->streaming) {
339 /* Check if this is a new frame. If so, start the frame first */
340 if (!header_read) {
341 mutex_lock(&gspca_dev->usb_lock);
342 ret = jl2005c_start_new_frame(gspca_dev);
343 mutex_unlock(&gspca_dev->usb_lock);
344 if (ret < 0)
345 goto quit_stream;
346 ret = usb_bulk_msg(gspca_dev->dev,
347 usb_rcvbulkpipe(gspca_dev->dev, 0x82),
348 buffer, JL2005C_MAX_TRANSFER, &act_len,
349 JL2005C_DATA_TIMEOUT);
350 PDEBUG(D_PACK,
351 "Got %d bytes out of %d for header",
352 act_len, JL2005C_MAX_TRANSFER);
353 if (ret < 0 || act_len < JL2005C_MAX_TRANSFER)
354 goto quit_stream;
355 /* Check whether we actually got the first blodk */
356 if (memcmp(header_sig, buffer, 2) != 0) {
357 pr_err("First block is not the first block\n");
358 goto quit_stream;
360 /* total size to fetch is byte 7, times blocksize
361 * of which we already got act_len */
362 bytes_left = buffer[0x07] * dev->block_size - act_len;
363 PDEBUG(D_PACK, "bytes_left = 0x%x", bytes_left);
364 /* We keep the header. It has other information, too.*/
365 packet_type = FIRST_PACKET;
366 gspca_frame_add(gspca_dev, packet_type,
367 buffer, act_len);
368 header_read = 1;
370 while (bytes_left > 0 && gspca_dev->present) {
371 data_len = bytes_left > JL2005C_MAX_TRANSFER ?
372 JL2005C_MAX_TRANSFER : bytes_left;
373 ret = usb_bulk_msg(gspca_dev->dev,
374 usb_rcvbulkpipe(gspca_dev->dev, 0x82),
375 buffer, data_len, &act_len,
376 JL2005C_DATA_TIMEOUT);
377 if (ret < 0 || act_len < data_len)
378 goto quit_stream;
379 PDEBUG(D_PACK,
380 "Got %d bytes out of %d for frame",
381 data_len, bytes_left);
382 bytes_left -= data_len;
383 if (bytes_left == 0) {
384 packet_type = LAST_PACKET;
385 header_read = 0;
386 } else
387 packet_type = INTER_PACKET;
388 gspca_frame_add(gspca_dev, packet_type,
389 buffer, data_len);
392 quit_stream:
393 if (gspca_dev->present) {
394 mutex_lock(&gspca_dev->usb_lock);
395 jl2005c_stop(gspca_dev);
396 mutex_unlock(&gspca_dev->usb_lock);
398 kfree(buffer);
404 /* This function is called at probe time */
405 static int sd_config(struct gspca_dev *gspca_dev,
406 const struct usb_device_id *id)
408 struct cam *cam;
409 struct sd *sd = (struct sd *) gspca_dev;
411 cam = &gspca_dev->cam;
412 /* We don't use the buffer gspca allocates so make it small. */
413 cam->bulk_size = 64;
414 cam->bulk = 1;
415 /* For the rest, the camera needs to be detected */
416 jl2005c_get_firmware_id(gspca_dev);
417 /* Here are some known firmware IDs
418 * First some JL2005B cameras
419 * {0x41, 0x07, 0x04, 0x2c, 0xe8, 0xf2} Sakar KidzCam
420 * {0x45, 0x02, 0x08, 0xb9, 0x00, 0xd2} No-name JL2005B
421 * JL2005C cameras
422 * {0x01, 0x0c, 0x16, 0x10, 0xf8, 0xc8} Argus DC-1512
423 * {0x12, 0x04, 0x03, 0xc0, 0x00, 0xd8} ICarly
424 * {0x86, 0x08, 0x05, 0x02, 0x00, 0xd4} Jazz
426 * Based upon this scanty evidence, we can detect a CIF camera by
427 * testing byte 0 for 0x4x.
429 if ((sd->firmware_id[0] & 0xf0) == 0x40) {
430 cam->cam_mode = cif_mode;
431 cam->nmodes = ARRAY_SIZE(cif_mode);
432 sd->block_size = 0x80;
433 } else {
434 cam->cam_mode = vga_mode;
435 cam->nmodes = ARRAY_SIZE(vga_mode);
436 sd->block_size = 0x200;
439 INIT_WORK(&sd->work_struct, jl2005c_dostream);
441 return 0;
444 /* this function is called at probe and resume time */
445 static int sd_init(struct gspca_dev *gspca_dev)
447 return 0;
450 static int sd_start(struct gspca_dev *gspca_dev)
453 struct sd *sd = (struct sd *) gspca_dev;
454 sd->cap_mode = gspca_dev->cam.cam_mode;
456 switch (gspca_dev->width) {
457 case 640:
458 PDEBUG(D_STREAM, "Start streaming at vga resolution");
459 jl2005c_stream_start_vga_lg(gspca_dev);
460 break;
461 case 320:
462 PDEBUG(D_STREAM, "Start streaming at qvga resolution");
463 jl2005c_stream_start_vga_small(gspca_dev);
464 break;
465 case 352:
466 PDEBUG(D_STREAM, "Start streaming at cif resolution");
467 jl2005c_stream_start_cif_lg(gspca_dev);
468 break;
469 case 176:
470 PDEBUG(D_STREAM, "Start streaming at qcif resolution");
471 jl2005c_stream_start_cif_small(gspca_dev);
472 break;
473 default:
474 pr_err("Unknown resolution specified\n");
475 return -1;
478 /* Start the workqueue function to do the streaming */
479 sd->work_thread = create_singlethread_workqueue(MODULE_NAME);
480 queue_work(sd->work_thread, &sd->work_struct);
482 return 0;
485 /* called on streamoff with alt==0 and on disconnect */
486 /* the usb_lock is held at entry - restore on exit */
487 static void sd_stop0(struct gspca_dev *gspca_dev)
489 struct sd *dev = (struct sd *) gspca_dev;
491 /* wait for the work queue to terminate */
492 mutex_unlock(&gspca_dev->usb_lock);
493 /* This waits for sq905c_dostream to finish */
494 destroy_workqueue(dev->work_thread);
495 dev->work_thread = NULL;
496 mutex_lock(&gspca_dev->usb_lock);
501 /* sub-driver description */
502 static const struct sd_desc sd_desc = {
503 .name = MODULE_NAME,
504 /* .ctrls = none have been detected */
505 /* .nctrls = ARRAY_SIZE(sd_ctrls), */
506 .config = sd_config,
507 .init = sd_init,
508 .start = sd_start,
509 .stop0 = sd_stop0,
512 /* -- module initialisation -- */
513 static const __devinitdata struct usb_device_id device_table[] = {
514 {USB_DEVICE(0x0979, 0x0227)},
517 MODULE_DEVICE_TABLE(usb, device_table);
519 /* -- device connect -- */
520 static int sd_probe(struct usb_interface *intf,
521 const struct usb_device_id *id)
523 return gspca_dev_probe(intf, id, &sd_desc, sizeof(struct sd),
524 THIS_MODULE);
527 static struct usb_driver sd_driver = {
528 .name = MODULE_NAME,
529 .id_table = device_table,
530 .probe = sd_probe,
531 .disconnect = gspca_disconnect,
532 #ifdef CONFIG_PM
533 .suspend = gspca_suspend,
534 .resume = gspca_resume,
535 #endif
538 /* -- module insert / remove -- */
539 static int __init sd_mod_init(void)
541 int ret;
543 ret = usb_register(&sd_driver);
544 if (ret < 0)
545 return ret;
546 return 0;
548 static void __exit sd_mod_exit(void)
550 usb_deregister(&sd_driver);
553 module_init(sd_mod_init);
554 module_exit(sd_mod_exit);