Avoid beyond bounds copy while caching ACL
[zen-stable.git] / drivers / usb / gadget / f_phonet.c
blob7cdcb63b21ff6b3605591d87de5d413bc470c61e
1 /*
2 * f_phonet.c -- USB CDC Phonet function
4 * Copyright (C) 2007-2008 Nokia Corporation. All rights reserved.
6 * Author: RĂ©mi Denis-Courmont
8 * This program is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU General Public License
10 * version 2 as published by the Free Software Foundation.
13 #include <linux/mm.h>
14 #include <linux/slab.h>
15 #include <linux/kernel.h>
16 #include <linux/device.h>
18 #include <linux/netdevice.h>
19 #include <linux/if_ether.h>
20 #include <linux/if_phonet.h>
21 #include <linux/if_arp.h>
23 #include <linux/usb/ch9.h>
24 #include <linux/usb/cdc.h>
25 #include <linux/usb/composite.h>
27 #include "u_phonet.h"
29 #define PN_MEDIA_USB 0x1B
30 #define MAXPACKET 512
31 #if (PAGE_SIZE % MAXPACKET)
32 #error MAXPACKET must divide PAGE_SIZE!
33 #endif
35 /*-------------------------------------------------------------------------*/
37 struct phonet_port {
38 struct f_phonet *usb;
39 spinlock_t lock;
42 struct f_phonet {
43 struct usb_function function;
44 struct {
45 struct sk_buff *skb;
46 spinlock_t lock;
47 } rx;
48 struct net_device *dev;
49 struct usb_ep *in_ep, *out_ep;
51 struct usb_request *in_req;
52 struct usb_request *out_reqv[0];
55 static int phonet_rxq_size = 17;
57 static inline struct f_phonet *func_to_pn(struct usb_function *f)
59 return container_of(f, struct f_phonet, function);
62 /*-------------------------------------------------------------------------*/
64 #define USB_CDC_SUBCLASS_PHONET 0xfe
65 #define USB_CDC_PHONET_TYPE 0xab
67 static struct usb_interface_descriptor
68 pn_control_intf_desc = {
69 .bLength = sizeof pn_control_intf_desc,
70 .bDescriptorType = USB_DT_INTERFACE,
72 /* .bInterfaceNumber = DYNAMIC, */
73 .bInterfaceClass = USB_CLASS_COMM,
74 .bInterfaceSubClass = USB_CDC_SUBCLASS_PHONET,
77 static const struct usb_cdc_header_desc
78 pn_header_desc = {
79 .bLength = sizeof pn_header_desc,
80 .bDescriptorType = USB_DT_CS_INTERFACE,
81 .bDescriptorSubType = USB_CDC_HEADER_TYPE,
82 .bcdCDC = cpu_to_le16(0x0110),
85 static const struct usb_cdc_header_desc
86 pn_phonet_desc = {
87 .bLength = sizeof pn_phonet_desc,
88 .bDescriptorType = USB_DT_CS_INTERFACE,
89 .bDescriptorSubType = USB_CDC_PHONET_TYPE,
90 .bcdCDC = cpu_to_le16(0x1505), /* ??? */
93 static struct usb_cdc_union_desc
94 pn_union_desc = {
95 .bLength = sizeof pn_union_desc,
96 .bDescriptorType = USB_DT_CS_INTERFACE,
97 .bDescriptorSubType = USB_CDC_UNION_TYPE,
99 /* .bMasterInterface0 = DYNAMIC, */
100 /* .bSlaveInterface0 = DYNAMIC, */
103 static struct usb_interface_descriptor
104 pn_data_nop_intf_desc = {
105 .bLength = sizeof pn_data_nop_intf_desc,
106 .bDescriptorType = USB_DT_INTERFACE,
108 /* .bInterfaceNumber = DYNAMIC, */
109 .bAlternateSetting = 0,
110 .bNumEndpoints = 0,
111 .bInterfaceClass = USB_CLASS_CDC_DATA,
114 static struct usb_interface_descriptor
115 pn_data_intf_desc = {
116 .bLength = sizeof pn_data_intf_desc,
117 .bDescriptorType = USB_DT_INTERFACE,
119 /* .bInterfaceNumber = DYNAMIC, */
120 .bAlternateSetting = 1,
121 .bNumEndpoints = 2,
122 .bInterfaceClass = USB_CLASS_CDC_DATA,
125 static struct usb_endpoint_descriptor
126 pn_fs_sink_desc = {
127 .bLength = USB_DT_ENDPOINT_SIZE,
128 .bDescriptorType = USB_DT_ENDPOINT,
130 .bEndpointAddress = USB_DIR_OUT,
131 .bmAttributes = USB_ENDPOINT_XFER_BULK,
134 static struct usb_endpoint_descriptor
135 pn_hs_sink_desc = {
136 .bLength = USB_DT_ENDPOINT_SIZE,
137 .bDescriptorType = USB_DT_ENDPOINT,
139 .bEndpointAddress = USB_DIR_OUT,
140 .bmAttributes = USB_ENDPOINT_XFER_BULK,
141 .wMaxPacketSize = cpu_to_le16(MAXPACKET),
144 static struct usb_endpoint_descriptor
145 pn_fs_source_desc = {
146 .bLength = USB_DT_ENDPOINT_SIZE,
147 .bDescriptorType = USB_DT_ENDPOINT,
149 .bEndpointAddress = USB_DIR_IN,
150 .bmAttributes = USB_ENDPOINT_XFER_BULK,
153 static struct usb_endpoint_descriptor
154 pn_hs_source_desc = {
155 .bLength = USB_DT_ENDPOINT_SIZE,
156 .bDescriptorType = USB_DT_ENDPOINT,
158 .bEndpointAddress = USB_DIR_IN,
159 .bmAttributes = USB_ENDPOINT_XFER_BULK,
160 .wMaxPacketSize = cpu_to_le16(512),
163 static struct usb_descriptor_header *fs_pn_function[] = {
164 (struct usb_descriptor_header *) &pn_control_intf_desc,
165 (struct usb_descriptor_header *) &pn_header_desc,
166 (struct usb_descriptor_header *) &pn_phonet_desc,
167 (struct usb_descriptor_header *) &pn_union_desc,
168 (struct usb_descriptor_header *) &pn_data_nop_intf_desc,
169 (struct usb_descriptor_header *) &pn_data_intf_desc,
170 (struct usb_descriptor_header *) &pn_fs_sink_desc,
171 (struct usb_descriptor_header *) &pn_fs_source_desc,
172 NULL,
175 static struct usb_descriptor_header *hs_pn_function[] = {
176 (struct usb_descriptor_header *) &pn_control_intf_desc,
177 (struct usb_descriptor_header *) &pn_header_desc,
178 (struct usb_descriptor_header *) &pn_phonet_desc,
179 (struct usb_descriptor_header *) &pn_union_desc,
180 (struct usb_descriptor_header *) &pn_data_nop_intf_desc,
181 (struct usb_descriptor_header *) &pn_data_intf_desc,
182 (struct usb_descriptor_header *) &pn_hs_sink_desc,
183 (struct usb_descriptor_header *) &pn_hs_source_desc,
184 NULL,
187 /*-------------------------------------------------------------------------*/
189 static int pn_net_open(struct net_device *dev)
191 netif_wake_queue(dev);
192 return 0;
195 static int pn_net_close(struct net_device *dev)
197 netif_stop_queue(dev);
198 return 0;
201 static void pn_tx_complete(struct usb_ep *ep, struct usb_request *req)
203 struct f_phonet *fp = ep->driver_data;
204 struct net_device *dev = fp->dev;
205 struct sk_buff *skb = req->context;
207 switch (req->status) {
208 case 0:
209 dev->stats.tx_packets++;
210 dev->stats.tx_bytes += skb->len;
211 break;
213 case -ESHUTDOWN: /* disconnected */
214 case -ECONNRESET: /* disabled */
215 dev->stats.tx_aborted_errors++;
216 default:
217 dev->stats.tx_errors++;
220 dev_kfree_skb_any(skb);
221 netif_wake_queue(dev);
224 static int pn_net_xmit(struct sk_buff *skb, struct net_device *dev)
226 struct phonet_port *port = netdev_priv(dev);
227 struct f_phonet *fp;
228 struct usb_request *req;
229 unsigned long flags;
231 if (skb->protocol != htons(ETH_P_PHONET))
232 goto out;
234 spin_lock_irqsave(&port->lock, flags);
235 fp = port->usb;
236 if (unlikely(!fp)) /* race with carrier loss */
237 goto out_unlock;
239 req = fp->in_req;
240 req->buf = skb->data;
241 req->length = skb->len;
242 req->complete = pn_tx_complete;
243 req->zero = 1;
244 req->context = skb;
246 if (unlikely(usb_ep_queue(fp->in_ep, req, GFP_ATOMIC)))
247 goto out_unlock;
249 netif_stop_queue(dev);
250 skb = NULL;
252 out_unlock:
253 spin_unlock_irqrestore(&port->lock, flags);
254 out:
255 if (unlikely(skb)) {
256 dev_kfree_skb(skb);
257 dev->stats.tx_dropped++;
259 return NETDEV_TX_OK;
262 static int pn_net_mtu(struct net_device *dev, int new_mtu)
264 if ((new_mtu < PHONET_MIN_MTU) || (new_mtu > PHONET_MAX_MTU))
265 return -EINVAL;
266 dev->mtu = new_mtu;
267 return 0;
270 static const struct net_device_ops pn_netdev_ops = {
271 .ndo_open = pn_net_open,
272 .ndo_stop = pn_net_close,
273 .ndo_start_xmit = pn_net_xmit,
274 .ndo_change_mtu = pn_net_mtu,
277 static void pn_net_setup(struct net_device *dev)
279 dev->features = 0;
280 dev->type = ARPHRD_PHONET;
281 dev->flags = IFF_POINTOPOINT | IFF_NOARP;
282 dev->mtu = PHONET_DEV_MTU;
283 dev->hard_header_len = 1;
284 dev->dev_addr[0] = PN_MEDIA_USB;
285 dev->addr_len = 1;
286 dev->tx_queue_len = 1;
288 dev->netdev_ops = &pn_netdev_ops;
289 dev->destructor = free_netdev;
290 dev->header_ops = &phonet_header_ops;
293 /*-------------------------------------------------------------------------*/
296 * Queue buffer for data from the host
298 static int
299 pn_rx_submit(struct f_phonet *fp, struct usb_request *req, gfp_t gfp_flags)
301 struct page *page;
302 int err;
304 page = alloc_page(gfp_flags);
305 if (!page)
306 return -ENOMEM;
308 req->buf = page_address(page);
309 req->length = PAGE_SIZE;
310 req->context = page;
312 err = usb_ep_queue(fp->out_ep, req, gfp_flags);
313 if (unlikely(err))
314 put_page(page);
315 return err;
318 static void pn_rx_complete(struct usb_ep *ep, struct usb_request *req)
320 struct f_phonet *fp = ep->driver_data;
321 struct net_device *dev = fp->dev;
322 struct page *page = req->context;
323 struct sk_buff *skb;
324 unsigned long flags;
325 int status = req->status;
327 switch (status) {
328 case 0:
329 spin_lock_irqsave(&fp->rx.lock, flags);
330 skb = fp->rx.skb;
331 if (!skb)
332 skb = fp->rx.skb = netdev_alloc_skb(dev, 12);
333 if (req->actual < req->length) /* Last fragment */
334 fp->rx.skb = NULL;
335 spin_unlock_irqrestore(&fp->rx.lock, flags);
337 if (unlikely(!skb))
338 break;
340 if (skb->len == 0) { /* First fragment */
341 skb->protocol = htons(ETH_P_PHONET);
342 skb_reset_mac_header(skb);
343 /* Can't use pskb_pull() on page in IRQ */
344 memcpy(skb_put(skb, 1), page_address(page), 1);
347 skb_add_rx_frag(skb, skb_shinfo(skb)->nr_frags, page,
348 skb->len <= 1, req->actual);
349 page = NULL;
351 if (req->actual < req->length) { /* Last fragment */
352 skb->dev = dev;
353 dev->stats.rx_packets++;
354 dev->stats.rx_bytes += skb->len;
356 netif_rx(skb);
358 break;
360 /* Do not resubmit in these cases: */
361 case -ESHUTDOWN: /* disconnect */
362 case -ECONNABORTED: /* hw reset */
363 case -ECONNRESET: /* dequeued (unlink or netif down) */
364 req = NULL;
365 break;
367 /* Do resubmit in these cases: */
368 case -EOVERFLOW: /* request buffer overflow */
369 dev->stats.rx_over_errors++;
370 default:
371 dev->stats.rx_errors++;
372 break;
375 if (page)
376 put_page(page);
377 if (req)
378 pn_rx_submit(fp, req, GFP_ATOMIC | __GFP_COLD);
381 /*-------------------------------------------------------------------------*/
383 static void __pn_reset(struct usb_function *f)
385 struct f_phonet *fp = func_to_pn(f);
386 struct net_device *dev = fp->dev;
387 struct phonet_port *port = netdev_priv(dev);
389 netif_carrier_off(dev);
390 port->usb = NULL;
392 usb_ep_disable(fp->out_ep);
393 usb_ep_disable(fp->in_ep);
394 if (fp->rx.skb) {
395 dev_kfree_skb_irq(fp->rx.skb);
396 fp->rx.skb = NULL;
400 static int pn_set_alt(struct usb_function *f, unsigned intf, unsigned alt)
402 struct f_phonet *fp = func_to_pn(f);
403 struct usb_gadget *gadget = fp->function.config->cdev->gadget;
405 if (intf == pn_control_intf_desc.bInterfaceNumber)
406 /* control interface, no altsetting */
407 return (alt > 0) ? -EINVAL : 0;
409 if (intf == pn_data_intf_desc.bInterfaceNumber) {
410 struct net_device *dev = fp->dev;
411 struct phonet_port *port = netdev_priv(dev);
413 /* data intf (0: inactive, 1: active) */
414 if (alt > 1)
415 return -EINVAL;
417 spin_lock(&port->lock);
418 __pn_reset(f);
419 if (alt == 1) {
420 int i;
422 if (config_ep_by_speed(gadget, f, fp->in_ep) ||
423 config_ep_by_speed(gadget, f, fp->out_ep)) {
424 fp->in_ep->desc = NULL;
425 fp->out_ep->desc = NULL;
426 spin_unlock(&port->lock);
427 return -EINVAL;
429 usb_ep_enable(fp->out_ep);
430 usb_ep_enable(fp->in_ep);
432 port->usb = fp;
433 fp->out_ep->driver_data = fp;
434 fp->in_ep->driver_data = fp;
436 netif_carrier_on(dev);
437 for (i = 0; i < phonet_rxq_size; i++)
438 pn_rx_submit(fp, fp->out_reqv[i], GFP_ATOMIC | __GFP_COLD);
440 spin_unlock(&port->lock);
441 return 0;
444 return -EINVAL;
447 static int pn_get_alt(struct usb_function *f, unsigned intf)
449 struct f_phonet *fp = func_to_pn(f);
451 if (intf == pn_control_intf_desc.bInterfaceNumber)
452 return 0;
454 if (intf == pn_data_intf_desc.bInterfaceNumber) {
455 struct phonet_port *port = netdev_priv(fp->dev);
456 u8 alt;
458 spin_lock(&port->lock);
459 alt = port->usb != NULL;
460 spin_unlock(&port->lock);
461 return alt;
464 return -EINVAL;
467 static void pn_disconnect(struct usb_function *f)
469 struct f_phonet *fp = func_to_pn(f);
470 struct phonet_port *port = netdev_priv(fp->dev);
471 unsigned long flags;
473 /* remain disabled until set_alt */
474 spin_lock_irqsave(&port->lock, flags);
475 __pn_reset(f);
476 spin_unlock_irqrestore(&port->lock, flags);
479 /*-------------------------------------------------------------------------*/
481 static __init
482 int pn_bind(struct usb_configuration *c, struct usb_function *f)
484 struct usb_composite_dev *cdev = c->cdev;
485 struct usb_gadget *gadget = cdev->gadget;
486 struct f_phonet *fp = func_to_pn(f);
487 struct usb_ep *ep;
488 int status, i;
490 /* Reserve interface IDs */
491 status = usb_interface_id(c, f);
492 if (status < 0)
493 goto err;
494 pn_control_intf_desc.bInterfaceNumber = status;
495 pn_union_desc.bMasterInterface0 = status;
497 status = usb_interface_id(c, f);
498 if (status < 0)
499 goto err;
500 pn_data_nop_intf_desc.bInterfaceNumber = status;
501 pn_data_intf_desc.bInterfaceNumber = status;
502 pn_union_desc.bSlaveInterface0 = status;
504 /* Reserve endpoints */
505 status = -ENODEV;
506 ep = usb_ep_autoconfig(gadget, &pn_fs_sink_desc);
507 if (!ep)
508 goto err;
509 fp->out_ep = ep;
510 ep->driver_data = fp; /* Claim */
512 ep = usb_ep_autoconfig(gadget, &pn_fs_source_desc);
513 if (!ep)
514 goto err;
515 fp->in_ep = ep;
516 ep->driver_data = fp; /* Claim */
518 pn_hs_sink_desc.bEndpointAddress =
519 pn_fs_sink_desc.bEndpointAddress;
520 pn_hs_source_desc.bEndpointAddress =
521 pn_fs_source_desc.bEndpointAddress;
523 /* Do not try to bind Phonet twice... */
524 fp->function.descriptors = fs_pn_function;
525 fp->function.hs_descriptors = hs_pn_function;
527 /* Incoming USB requests */
528 status = -ENOMEM;
529 for (i = 0; i < phonet_rxq_size; i++) {
530 struct usb_request *req;
532 req = usb_ep_alloc_request(fp->out_ep, GFP_KERNEL);
533 if (!req)
534 goto err;
536 req->complete = pn_rx_complete;
537 fp->out_reqv[i] = req;
540 /* Outgoing USB requests */
541 fp->in_req = usb_ep_alloc_request(fp->in_ep, GFP_KERNEL);
542 if (!fp->in_req)
543 goto err;
545 INFO(cdev, "USB CDC Phonet function\n");
546 INFO(cdev, "using %s, OUT %s, IN %s\n", cdev->gadget->name,
547 fp->out_ep->name, fp->in_ep->name);
548 return 0;
550 err:
551 if (fp->out_ep)
552 fp->out_ep->driver_data = NULL;
553 if (fp->in_ep)
554 fp->in_ep->driver_data = NULL;
555 ERROR(cdev, "USB CDC Phonet: cannot autoconfigure\n");
556 return status;
559 static void
560 pn_unbind(struct usb_configuration *c, struct usb_function *f)
562 struct f_phonet *fp = func_to_pn(f);
563 int i;
565 /* We are already disconnected */
566 if (fp->in_req)
567 usb_ep_free_request(fp->in_ep, fp->in_req);
568 for (i = 0; i < phonet_rxq_size; i++)
569 if (fp->out_reqv[i])
570 usb_ep_free_request(fp->out_ep, fp->out_reqv[i]);
572 kfree(fp);
575 /*-------------------------------------------------------------------------*/
577 static struct net_device *dev;
579 int __init phonet_bind_config(struct usb_configuration *c)
581 struct f_phonet *fp;
582 int err, size;
584 size = sizeof(*fp) + (phonet_rxq_size * sizeof(struct usb_request *));
585 fp = kzalloc(size, GFP_KERNEL);
586 if (!fp)
587 return -ENOMEM;
589 fp->dev = dev;
590 fp->function.name = "phonet";
591 fp->function.bind = pn_bind;
592 fp->function.unbind = pn_unbind;
593 fp->function.set_alt = pn_set_alt;
594 fp->function.get_alt = pn_get_alt;
595 fp->function.disable = pn_disconnect;
596 spin_lock_init(&fp->rx.lock);
598 err = usb_add_function(c, &fp->function);
599 if (err)
600 kfree(fp);
601 return err;
604 int __init gphonet_setup(struct usb_gadget *gadget)
606 struct phonet_port *port;
607 int err;
609 /* Create net device */
610 BUG_ON(dev);
611 dev = alloc_netdev(sizeof(*port), "upnlink%d", pn_net_setup);
612 if (!dev)
613 return -ENOMEM;
615 port = netdev_priv(dev);
616 spin_lock_init(&port->lock);
617 netif_carrier_off(dev);
618 SET_NETDEV_DEV(dev, &gadget->dev);
620 err = register_netdev(dev);
621 if (err)
622 free_netdev(dev);
623 return err;
626 void gphonet_cleanup(void)
628 unregister_netdev(dev);