Avoid beyond bounds copy while caching ACL
[zen-stable.git] / drivers / net / usb / cdc-phonet.c
blob790cbdea739237758c5bc68137d6c44a9c4d7e2e
1 /*
2 * phonet.c -- USB CDC Phonet host driver
4 * Copyright (C) 2008-2009 Nokia Corporation. All rights reserved.
6 * Author: Rémi Denis-Courmont
8 * This program is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU General Public License
10 * version 2 as published by the Free Software Foundation.
12 * This program is distributed in the hope that it will be useful, but
13 * WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
15 * General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
20 * 02110-1301 USA
23 #include <linux/kernel.h>
24 #include <linux/mm.h>
25 #include <linux/module.h>
26 #include <linux/gfp.h>
27 #include <linux/usb.h>
28 #include <linux/usb/cdc.h>
29 #include <linux/netdevice.h>
30 #include <linux/if_arp.h>
31 #include <linux/if_phonet.h>
32 #include <linux/phonet.h>
34 #define PN_MEDIA_USB 0x1B
36 static const unsigned rxq_size = 17;
38 struct usbpn_dev {
39 struct net_device *dev;
41 struct usb_interface *intf, *data_intf;
42 struct usb_device *usb;
43 unsigned int tx_pipe, rx_pipe;
44 u8 active_setting;
45 u8 disconnected;
47 unsigned tx_queue;
48 spinlock_t tx_lock;
50 spinlock_t rx_lock;
51 struct sk_buff *rx_skb;
52 struct urb *urbs[0];
55 static void tx_complete(struct urb *req);
56 static void rx_complete(struct urb *req);
59 * Network device callbacks
61 static netdev_tx_t usbpn_xmit(struct sk_buff *skb, struct net_device *dev)
63 struct usbpn_dev *pnd = netdev_priv(dev);
64 struct urb *req = NULL;
65 unsigned long flags;
66 int err;
68 if (skb->protocol != htons(ETH_P_PHONET))
69 goto drop;
71 req = usb_alloc_urb(0, GFP_ATOMIC);
72 if (!req)
73 goto drop;
74 usb_fill_bulk_urb(req, pnd->usb, pnd->tx_pipe, skb->data, skb->len,
75 tx_complete, skb);
76 req->transfer_flags = URB_ZERO_PACKET;
77 err = usb_submit_urb(req, GFP_ATOMIC);
78 if (err) {
79 usb_free_urb(req);
80 goto drop;
83 spin_lock_irqsave(&pnd->tx_lock, flags);
84 pnd->tx_queue++;
85 if (pnd->tx_queue >= dev->tx_queue_len)
86 netif_stop_queue(dev);
87 spin_unlock_irqrestore(&pnd->tx_lock, flags);
88 return NETDEV_TX_OK;
90 drop:
91 dev_kfree_skb(skb);
92 dev->stats.tx_dropped++;
93 return NETDEV_TX_OK;
96 static void tx_complete(struct urb *req)
98 struct sk_buff *skb = req->context;
99 struct net_device *dev = skb->dev;
100 struct usbpn_dev *pnd = netdev_priv(dev);
101 int status = req->status;
103 switch (status) {
104 case 0:
105 dev->stats.tx_bytes += skb->len;
106 break;
108 case -ENOENT:
109 case -ECONNRESET:
110 case -ESHUTDOWN:
111 dev->stats.tx_aborted_errors++;
112 default:
113 dev->stats.tx_errors++;
114 dev_dbg(&dev->dev, "TX error (%d)\n", status);
116 dev->stats.tx_packets++;
118 spin_lock(&pnd->tx_lock);
119 pnd->tx_queue--;
120 netif_wake_queue(dev);
121 spin_unlock(&pnd->tx_lock);
123 dev_kfree_skb_any(skb);
124 usb_free_urb(req);
127 static int rx_submit(struct usbpn_dev *pnd, struct urb *req, gfp_t gfp_flags)
129 struct net_device *dev = pnd->dev;
130 struct page *page;
131 int err;
133 page = alloc_page(gfp_flags);
134 if (!page)
135 return -ENOMEM;
137 usb_fill_bulk_urb(req, pnd->usb, pnd->rx_pipe, page_address(page),
138 PAGE_SIZE, rx_complete, dev);
139 req->transfer_flags = 0;
140 err = usb_submit_urb(req, gfp_flags);
141 if (unlikely(err)) {
142 dev_dbg(&dev->dev, "RX submit error (%d)\n", err);
143 put_page(page);
145 return err;
148 static void rx_complete(struct urb *req)
150 struct net_device *dev = req->context;
151 struct usbpn_dev *pnd = netdev_priv(dev);
152 struct page *page = virt_to_page(req->transfer_buffer);
153 struct sk_buff *skb;
154 unsigned long flags;
155 int status = req->status;
157 switch (status) {
158 case 0:
159 spin_lock_irqsave(&pnd->rx_lock, flags);
160 skb = pnd->rx_skb;
161 if (!skb) {
162 skb = pnd->rx_skb = netdev_alloc_skb(dev, 12);
163 if (likely(skb)) {
164 /* Can't use pskb_pull() on page in IRQ */
165 memcpy(skb_put(skb, 1), page_address(page), 1);
166 skb_add_rx_frag(skb, skb_shinfo(skb)->nr_frags,
167 page, 1, req->actual_length);
168 page = NULL;
170 } else {
171 skb_add_rx_frag(skb, skb_shinfo(skb)->nr_frags,
172 page, 0, req->actual_length);
173 page = NULL;
175 if (req->actual_length < PAGE_SIZE)
176 pnd->rx_skb = NULL; /* Last fragment */
177 else
178 skb = NULL;
179 spin_unlock_irqrestore(&pnd->rx_lock, flags);
180 if (skb) {
181 skb->protocol = htons(ETH_P_PHONET);
182 skb_reset_mac_header(skb);
183 __skb_pull(skb, 1);
184 skb->dev = dev;
185 dev->stats.rx_packets++;
186 dev->stats.rx_bytes += skb->len;
188 netif_rx(skb);
190 goto resubmit;
192 case -ENOENT:
193 case -ECONNRESET:
194 case -ESHUTDOWN:
195 req = NULL;
196 break;
198 case -EOVERFLOW:
199 dev->stats.rx_over_errors++;
200 dev_dbg(&dev->dev, "RX overflow\n");
201 break;
203 case -EILSEQ:
204 dev->stats.rx_crc_errors++;
205 break;
208 dev->stats.rx_errors++;
209 resubmit:
210 if (page)
211 put_page(page);
212 if (req)
213 rx_submit(pnd, req, GFP_ATOMIC | __GFP_COLD);
216 static int usbpn_close(struct net_device *dev);
218 static int usbpn_open(struct net_device *dev)
220 struct usbpn_dev *pnd = netdev_priv(dev);
221 int err;
222 unsigned i;
223 unsigned num = pnd->data_intf->cur_altsetting->desc.bInterfaceNumber;
225 err = usb_set_interface(pnd->usb, num, pnd->active_setting);
226 if (err)
227 return err;
229 for (i = 0; i < rxq_size; i++) {
230 struct urb *req = usb_alloc_urb(0, GFP_KERNEL);
232 if (!req || rx_submit(pnd, req, GFP_KERNEL | __GFP_COLD)) {
233 usbpn_close(dev);
234 return -ENOMEM;
236 pnd->urbs[i] = req;
239 netif_wake_queue(dev);
240 return 0;
243 static int usbpn_close(struct net_device *dev)
245 struct usbpn_dev *pnd = netdev_priv(dev);
246 unsigned i;
247 unsigned num = pnd->data_intf->cur_altsetting->desc.bInterfaceNumber;
249 netif_stop_queue(dev);
251 for (i = 0; i < rxq_size; i++) {
252 struct urb *req = pnd->urbs[i];
254 if (!req)
255 continue;
256 usb_kill_urb(req);
257 usb_free_urb(req);
258 pnd->urbs[i] = NULL;
261 return usb_set_interface(pnd->usb, num, !pnd->active_setting);
264 static int usbpn_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
266 struct if_phonet_req *req = (struct if_phonet_req *)ifr;
268 switch (cmd) {
269 case SIOCPNGAUTOCONF:
270 req->ifr_phonet_autoconf.device = PN_DEV_PC;
271 return 0;
273 return -ENOIOCTLCMD;
276 static int usbpn_set_mtu(struct net_device *dev, int new_mtu)
278 if ((new_mtu < PHONET_MIN_MTU) || (new_mtu > PHONET_MAX_MTU))
279 return -EINVAL;
281 dev->mtu = new_mtu;
282 return 0;
285 static const struct net_device_ops usbpn_ops = {
286 .ndo_open = usbpn_open,
287 .ndo_stop = usbpn_close,
288 .ndo_start_xmit = usbpn_xmit,
289 .ndo_do_ioctl = usbpn_ioctl,
290 .ndo_change_mtu = usbpn_set_mtu,
293 static void usbpn_setup(struct net_device *dev)
295 dev->features = 0;
296 dev->netdev_ops = &usbpn_ops,
297 dev->header_ops = &phonet_header_ops;
298 dev->type = ARPHRD_PHONET;
299 dev->flags = IFF_POINTOPOINT | IFF_NOARP;
300 dev->mtu = PHONET_MAX_MTU;
301 dev->hard_header_len = 1;
302 dev->dev_addr[0] = PN_MEDIA_USB;
303 dev->addr_len = 1;
304 dev->tx_queue_len = 3;
306 dev->destructor = free_netdev;
310 * USB driver callbacks
312 static struct usb_device_id usbpn_ids[] = {
314 .match_flags = USB_DEVICE_ID_MATCH_VENDOR
315 | USB_DEVICE_ID_MATCH_INT_CLASS
316 | USB_DEVICE_ID_MATCH_INT_SUBCLASS,
317 .idVendor = 0x0421, /* Nokia */
318 .bInterfaceClass = USB_CLASS_COMM,
319 .bInterfaceSubClass = 0xFE,
321 { },
324 MODULE_DEVICE_TABLE(usb, usbpn_ids);
326 static struct usb_driver usbpn_driver;
328 int usbpn_probe(struct usb_interface *intf, const struct usb_device_id *id)
330 static const char ifname[] = "usbpn%d";
331 const struct usb_cdc_union_desc *union_header = NULL;
332 const struct usb_host_interface *data_desc;
333 struct usb_interface *data_intf;
334 struct usb_device *usbdev = interface_to_usbdev(intf);
335 struct net_device *dev;
336 struct usbpn_dev *pnd;
337 u8 *data;
338 int phonet = 0;
339 int len, err;
341 data = intf->altsetting->extra;
342 len = intf->altsetting->extralen;
343 while (len >= 3) {
344 u8 dlen = data[0];
345 if (dlen < 3)
346 return -EINVAL;
348 /* bDescriptorType */
349 if (data[1] == USB_DT_CS_INTERFACE) {
350 /* bDescriptorSubType */
351 switch (data[2]) {
352 case USB_CDC_UNION_TYPE:
353 if (union_header || dlen < 5)
354 break;
355 union_header =
356 (struct usb_cdc_union_desc *)data;
357 break;
358 case 0xAB:
359 phonet = 1;
360 break;
363 data += dlen;
364 len -= dlen;
367 if (!union_header || !phonet)
368 return -EINVAL;
370 data_intf = usb_ifnum_to_if(usbdev, union_header->bSlaveInterface0);
371 if (data_intf == NULL)
372 return -ENODEV;
373 /* Data interface has one inactive and one active setting */
374 if (data_intf->num_altsetting != 2)
375 return -EINVAL;
376 if (data_intf->altsetting[0].desc.bNumEndpoints == 0 &&
377 data_intf->altsetting[1].desc.bNumEndpoints == 2)
378 data_desc = data_intf->altsetting + 1;
379 else
380 if (data_intf->altsetting[0].desc.bNumEndpoints == 2 &&
381 data_intf->altsetting[1].desc.bNumEndpoints == 0)
382 data_desc = data_intf->altsetting;
383 else
384 return -EINVAL;
386 dev = alloc_netdev(sizeof(*pnd) + sizeof(pnd->urbs[0]) * rxq_size,
387 ifname, usbpn_setup);
388 if (!dev)
389 return -ENOMEM;
391 pnd = netdev_priv(dev);
392 SET_NETDEV_DEV(dev, &intf->dev);
394 pnd->dev = dev;
395 pnd->usb = usb_get_dev(usbdev);
396 pnd->intf = intf;
397 pnd->data_intf = data_intf;
398 spin_lock_init(&pnd->tx_lock);
399 spin_lock_init(&pnd->rx_lock);
400 /* Endpoints */
401 if (usb_pipein(data_desc->endpoint[0].desc.bEndpointAddress)) {
402 pnd->rx_pipe = usb_rcvbulkpipe(usbdev,
403 data_desc->endpoint[0].desc.bEndpointAddress);
404 pnd->tx_pipe = usb_sndbulkpipe(usbdev,
405 data_desc->endpoint[1].desc.bEndpointAddress);
406 } else {
407 pnd->rx_pipe = usb_rcvbulkpipe(usbdev,
408 data_desc->endpoint[1].desc.bEndpointAddress);
409 pnd->tx_pipe = usb_sndbulkpipe(usbdev,
410 data_desc->endpoint[0].desc.bEndpointAddress);
412 pnd->active_setting = data_desc - data_intf->altsetting;
414 err = usb_driver_claim_interface(&usbpn_driver, data_intf, pnd);
415 if (err)
416 goto out;
418 /* Force inactive mode until the network device is brought UP */
419 usb_set_interface(usbdev, union_header->bSlaveInterface0,
420 !pnd->active_setting);
421 usb_set_intfdata(intf, pnd);
423 err = register_netdev(dev);
424 if (err) {
425 usb_driver_release_interface(&usbpn_driver, data_intf);
426 goto out;
429 dev_dbg(&dev->dev, "USB CDC Phonet device found\n");
430 return 0;
432 out:
433 usb_set_intfdata(intf, NULL);
434 free_netdev(dev);
435 return err;
438 static void usbpn_disconnect(struct usb_interface *intf)
440 struct usbpn_dev *pnd = usb_get_intfdata(intf);
441 struct usb_device *usb = pnd->usb;
443 if (pnd->disconnected)
444 return;
446 pnd->disconnected = 1;
447 usb_driver_release_interface(&usbpn_driver,
448 (pnd->intf == intf) ? pnd->data_intf : pnd->intf);
449 unregister_netdev(pnd->dev);
450 usb_put_dev(usb);
453 static struct usb_driver usbpn_driver = {
454 .name = "cdc_phonet",
455 .probe = usbpn_probe,
456 .disconnect = usbpn_disconnect,
457 .id_table = usbpn_ids,
460 module_usb_driver(usbpn_driver);
462 MODULE_AUTHOR("Remi Denis-Courmont");
463 MODULE_DESCRIPTION("USB CDC Phonet host interface");
464 MODULE_LICENSE("GPL");