Avoid beyond bounds copy while caching ACL
[zen-stable.git] / drivers / uwb / beacon.c
blobdcdd59bfcd09cff5e7cc0d9235af3850dad287e5
1 /*
2 * Ultra Wide Band
3 * Beacon management
5 * Copyright (C) 2005-2006 Intel Corporation
6 * Inaky Perez-Gonzalez <inaky.perez-gonzalez@intel.com>
8 * This program is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU General Public License version
10 * 2 as published by the Free Software Foundation.
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
20 * 02110-1301, USA.
23 * FIXME: docs
25 #include <linux/kernel.h>
26 #include <linux/init.h>
27 #include <linux/module.h>
28 #include <linux/device.h>
29 #include <linux/err.h>
30 #include <linux/kdev_t.h>
31 #include <linux/slab.h>
33 #include "uwb-internal.h"
35 /* Start Beaconing command structure */
36 struct uwb_rc_cmd_start_beacon {
37 struct uwb_rccb rccb;
38 __le16 wBPSTOffset;
39 u8 bChannelNumber;
40 } __attribute__((packed));
43 static int uwb_rc_start_beacon(struct uwb_rc *rc, u16 bpst_offset, u8 channel)
45 int result;
46 struct uwb_rc_cmd_start_beacon *cmd;
47 struct uwb_rc_evt_confirm reply;
49 cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
50 if (cmd == NULL)
51 return -ENOMEM;
52 cmd->rccb.bCommandType = UWB_RC_CET_GENERAL;
53 cmd->rccb.wCommand = cpu_to_le16(UWB_RC_CMD_START_BEACON);
54 cmd->wBPSTOffset = cpu_to_le16(bpst_offset);
55 cmd->bChannelNumber = channel;
56 reply.rceb.bEventType = UWB_RC_CET_GENERAL;
57 reply.rceb.wEvent = UWB_RC_CMD_START_BEACON;
58 result = uwb_rc_cmd(rc, "START-BEACON", &cmd->rccb, sizeof(*cmd),
59 &reply.rceb, sizeof(reply));
60 if (result < 0)
61 goto error_cmd;
62 if (reply.bResultCode != UWB_RC_RES_SUCCESS) {
63 dev_err(&rc->uwb_dev.dev,
64 "START-BEACON: command execution failed: %s (%d)\n",
65 uwb_rc_strerror(reply.bResultCode), reply.bResultCode);
66 result = -EIO;
68 error_cmd:
69 kfree(cmd);
70 return result;
73 static int uwb_rc_stop_beacon(struct uwb_rc *rc)
75 int result;
76 struct uwb_rccb *cmd;
77 struct uwb_rc_evt_confirm reply;
79 cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
80 if (cmd == NULL)
81 return -ENOMEM;
82 cmd->bCommandType = UWB_RC_CET_GENERAL;
83 cmd->wCommand = cpu_to_le16(UWB_RC_CMD_STOP_BEACON);
84 reply.rceb.bEventType = UWB_RC_CET_GENERAL;
85 reply.rceb.wEvent = UWB_RC_CMD_STOP_BEACON;
86 result = uwb_rc_cmd(rc, "STOP-BEACON", cmd, sizeof(*cmd),
87 &reply.rceb, sizeof(reply));
88 if (result < 0)
89 goto error_cmd;
90 if (reply.bResultCode != UWB_RC_RES_SUCCESS) {
91 dev_err(&rc->uwb_dev.dev,
92 "STOP-BEACON: command execution failed: %s (%d)\n",
93 uwb_rc_strerror(reply.bResultCode), reply.bResultCode);
94 result = -EIO;
96 error_cmd:
97 kfree(cmd);
98 return result;
102 * Start/stop beacons
104 * @rc: UWB Radio Controller to operate on
105 * @channel: UWB channel on which to beacon (WUSB[table
106 * 5-12]). If -1, stop beaconing.
107 * @bpst_offset: Beacon Period Start Time offset; FIXME-do zero
109 * According to WHCI 0.95 [4.13.6] the driver will only receive the RCEB
110 * of a SET IE command after the device sent the first beacon that includes
111 * the IEs specified in the SET IE command. So, after we start beaconing we
112 * check if there is anything in the IE cache and call the SET IE command
113 * if needed.
115 int uwb_rc_beacon(struct uwb_rc *rc, int channel, unsigned bpst_offset)
117 int result;
118 struct device *dev = &rc->uwb_dev.dev;
120 if (channel < 0)
121 channel = -1;
122 if (channel == -1)
123 result = uwb_rc_stop_beacon(rc);
124 else {
125 /* channel >= 0...dah */
126 result = uwb_rc_start_beacon(rc, bpst_offset, channel);
127 if (result < 0)
128 return result;
129 if (le16_to_cpu(rc->ies->wIELength) > 0) {
130 result = uwb_rc_set_ie(rc, rc->ies);
131 if (result < 0) {
132 dev_err(dev, "Cannot set new IE on device: "
133 "%d\n", result);
134 result = uwb_rc_stop_beacon(rc);
135 channel = -1;
136 bpst_offset = 0;
141 if (result >= 0)
142 rc->beaconing = channel;
143 return result;
147 * Beacon cache
149 * The purpose of this is to speed up the lookup of becon information
150 * when a new beacon arrives. The UWB Daemon uses it also to keep a
151 * tab of which devices are in radio distance and which not. When a
152 * device's beacon stays present for more than a certain amount of
153 * time, it is considered a new, usable device. When a beacon ceases
154 * to be received for a certain amount of time, it is considered that
155 * the device is gone.
157 * FIXME: use an allocator for the entries
158 * FIXME: use something faster for search than a list
161 void uwb_bce_kfree(struct kref *_bce)
163 struct uwb_beca_e *bce = container_of(_bce, struct uwb_beca_e, refcnt);
165 kfree(bce->be);
166 kfree(bce);
170 /* Find a beacon by dev addr in the cache */
171 static
172 struct uwb_beca_e *__uwb_beca_find_bydev(struct uwb_rc *rc,
173 const struct uwb_dev_addr *dev_addr)
175 struct uwb_beca_e *bce, *next;
176 list_for_each_entry_safe(bce, next, &rc->uwb_beca.list, node) {
177 if (!memcmp(&bce->dev_addr, dev_addr, sizeof(bce->dev_addr)))
178 goto out;
180 bce = NULL;
181 out:
182 return bce;
185 /* Find a beacon by dev addr in the cache */
186 static
187 struct uwb_beca_e *__uwb_beca_find_bymac(struct uwb_rc *rc,
188 const struct uwb_mac_addr *mac_addr)
190 struct uwb_beca_e *bce, *next;
191 list_for_each_entry_safe(bce, next, &rc->uwb_beca.list, node) {
192 if (!memcmp(bce->mac_addr, mac_addr->data,
193 sizeof(struct uwb_mac_addr)))
194 goto out;
196 bce = NULL;
197 out:
198 return bce;
202 * uwb_dev_get_by_devaddr - get a UWB device with a specific DevAddr
203 * @rc: the radio controller that saw the device
204 * @devaddr: DevAddr of the UWB device to find
206 * There may be more than one matching device (in the case of a
207 * DevAddr conflict), but only the first one is returned.
209 struct uwb_dev *uwb_dev_get_by_devaddr(struct uwb_rc *rc,
210 const struct uwb_dev_addr *devaddr)
212 struct uwb_dev *found = NULL;
213 struct uwb_beca_e *bce;
215 mutex_lock(&rc->uwb_beca.mutex);
216 bce = __uwb_beca_find_bydev(rc, devaddr);
217 if (bce)
218 found = uwb_dev_try_get(rc, bce->uwb_dev);
219 mutex_unlock(&rc->uwb_beca.mutex);
221 return found;
225 * uwb_dev_get_by_macaddr - get a UWB device with a specific EUI-48
226 * @rc: the radio controller that saw the device
227 * @devaddr: EUI-48 of the UWB device to find
229 struct uwb_dev *uwb_dev_get_by_macaddr(struct uwb_rc *rc,
230 const struct uwb_mac_addr *macaddr)
232 struct uwb_dev *found = NULL;
233 struct uwb_beca_e *bce;
235 mutex_lock(&rc->uwb_beca.mutex);
236 bce = __uwb_beca_find_bymac(rc, macaddr);
237 if (bce)
238 found = uwb_dev_try_get(rc, bce->uwb_dev);
239 mutex_unlock(&rc->uwb_beca.mutex);
241 return found;
244 /* Initialize a beacon cache entry */
245 static void uwb_beca_e_init(struct uwb_beca_e *bce)
247 mutex_init(&bce->mutex);
248 kref_init(&bce->refcnt);
249 stats_init(&bce->lqe_stats);
250 stats_init(&bce->rssi_stats);
254 * Add a beacon to the cache
256 * @be: Beacon event information
257 * @bf: Beacon frame (part of b, really)
258 * @ts_jiffies: Timestamp (in jiffies) when the beacon was received
260 static
261 struct uwb_beca_e *__uwb_beca_add(struct uwb_rc *rc,
262 struct uwb_rc_evt_beacon *be,
263 struct uwb_beacon_frame *bf,
264 unsigned long ts_jiffies)
266 struct uwb_beca_e *bce;
268 bce = kzalloc(sizeof(*bce), GFP_KERNEL);
269 if (bce == NULL)
270 return NULL;
271 uwb_beca_e_init(bce);
272 bce->ts_jiffies = ts_jiffies;
273 bce->uwb_dev = NULL;
274 list_add(&bce->node, &rc->uwb_beca.list);
275 return bce;
279 * Wipe out beacon entries that became stale
281 * Remove associated devicest too.
283 void uwb_beca_purge(struct uwb_rc *rc)
285 struct uwb_beca_e *bce, *next;
286 unsigned long expires;
288 mutex_lock(&rc->uwb_beca.mutex);
289 list_for_each_entry_safe(bce, next, &rc->uwb_beca.list, node) {
290 expires = bce->ts_jiffies + msecs_to_jiffies(beacon_timeout_ms);
291 if (time_after(jiffies, expires)) {
292 uwbd_dev_offair(bce);
295 mutex_unlock(&rc->uwb_beca.mutex);
298 /* Clean up the whole beacon cache. Called on shutdown */
299 void uwb_beca_release(struct uwb_rc *rc)
301 struct uwb_beca_e *bce, *next;
303 mutex_lock(&rc->uwb_beca.mutex);
304 list_for_each_entry_safe(bce, next, &rc->uwb_beca.list, node) {
305 list_del(&bce->node);
306 uwb_bce_put(bce);
308 mutex_unlock(&rc->uwb_beca.mutex);
311 static void uwb_beacon_print(struct uwb_rc *rc, struct uwb_rc_evt_beacon *be,
312 struct uwb_beacon_frame *bf)
314 char macbuf[UWB_ADDR_STRSIZE];
315 char devbuf[UWB_ADDR_STRSIZE];
316 char dstbuf[UWB_ADDR_STRSIZE];
318 uwb_mac_addr_print(macbuf, sizeof(macbuf), &bf->Device_Identifier);
319 uwb_dev_addr_print(devbuf, sizeof(devbuf), &bf->hdr.SrcAddr);
320 uwb_dev_addr_print(dstbuf, sizeof(dstbuf), &bf->hdr.DestAddr);
321 dev_info(&rc->uwb_dev.dev,
322 "BEACON from %s to %s (ch%u offset %u slot %u MAC %s)\n",
323 devbuf, dstbuf, be->bChannelNumber, be->wBPSTOffset,
324 bf->Beacon_Slot_Number, macbuf);
328 * @bce: beacon cache entry, referenced
330 ssize_t uwb_bce_print_IEs(struct uwb_dev *uwb_dev, struct uwb_beca_e *bce,
331 char *buf, size_t size)
333 ssize_t result = 0;
334 struct uwb_rc_evt_beacon *be;
335 struct uwb_beacon_frame *bf;
336 int ies_len;
337 struct uwb_ie_hdr *ies;
339 mutex_lock(&bce->mutex);
341 be = bce->be;
342 if (be) {
343 bf = (struct uwb_beacon_frame *)bce->be->BeaconInfo;
344 ies_len = be->wBeaconInfoLength - sizeof(struct uwb_beacon_frame);
345 ies = (struct uwb_ie_hdr *)bf->IEData;
347 result = uwb_ie_dump_hex(ies, ies_len, buf, size);
350 mutex_unlock(&bce->mutex);
352 return result;
356 * Verify that the beacon event, frame and IEs are ok
358 static int uwb_verify_beacon(struct uwb_rc *rc, struct uwb_event *evt,
359 struct uwb_rc_evt_beacon *be)
361 int result = -EINVAL;
362 struct uwb_beacon_frame *bf;
363 struct device *dev = &rc->uwb_dev.dev;
365 /* Is there enough data to decode a beacon frame? */
366 if (evt->notif.size < sizeof(*be) + sizeof(*bf)) {
367 dev_err(dev, "BEACON event: Not enough data to decode "
368 "(%zu vs %zu bytes needed)\n", evt->notif.size,
369 sizeof(*be) + sizeof(*bf));
370 goto error;
372 /* FIXME: make sure beacon frame IEs are fine and that the whole thing
373 * is consistent */
374 result = 0;
375 error:
376 return result;
380 * Handle UWB_RC_EVT_BEACON events
382 * We check the beacon cache to see how the received beacon fares. If
383 * is there already we refresh the timestamp. If not we create a new
384 * entry.
386 * According to the WHCI and WUSB specs, only one beacon frame is
387 * allowed per notification block, so we don't bother about scanning
388 * for more.
390 int uwbd_evt_handle_rc_beacon(struct uwb_event *evt)
392 int result = -EINVAL;
393 struct uwb_rc *rc;
394 struct uwb_rc_evt_beacon *be;
395 struct uwb_beacon_frame *bf;
396 struct uwb_beca_e *bce;
397 unsigned long last_ts;
399 rc = evt->rc;
400 be = container_of(evt->notif.rceb, struct uwb_rc_evt_beacon, rceb);
401 result = uwb_verify_beacon(rc, evt, be);
402 if (result < 0)
403 return result;
405 /* FIXME: handle alien beacons. */
406 if (be->bBeaconType == UWB_RC_BEACON_TYPE_OL_ALIEN ||
407 be->bBeaconType == UWB_RC_BEACON_TYPE_NOL_ALIEN) {
408 return -ENOSYS;
411 bf = (struct uwb_beacon_frame *) be->BeaconInfo;
414 * Drop beacons from devices with a NULL EUI-48 -- they cannot
415 * be uniquely identified.
417 * It's expected that these will all be WUSB devices and they
418 * have a WUSB specific connection method so ignoring them
419 * here shouldn't be a problem.
421 if (uwb_mac_addr_bcast(&bf->Device_Identifier))
422 return 0;
424 mutex_lock(&rc->uwb_beca.mutex);
425 bce = __uwb_beca_find_bymac(rc, &bf->Device_Identifier);
426 if (bce == NULL) {
427 /* Not in there, a new device is pinging */
428 uwb_beacon_print(evt->rc, be, bf);
429 bce = __uwb_beca_add(rc, be, bf, evt->ts_jiffies);
430 if (bce == NULL) {
431 mutex_unlock(&rc->uwb_beca.mutex);
432 return -ENOMEM;
435 mutex_unlock(&rc->uwb_beca.mutex);
437 mutex_lock(&bce->mutex);
438 /* purge old beacon data */
439 kfree(bce->be);
441 last_ts = bce->ts_jiffies;
443 /* Update commonly used fields */
444 bce->ts_jiffies = evt->ts_jiffies;
445 bce->be = be;
446 bce->dev_addr = bf->hdr.SrcAddr;
447 bce->mac_addr = &bf->Device_Identifier;
448 be->wBPSTOffset = le16_to_cpu(be->wBPSTOffset);
449 be->wBeaconInfoLength = le16_to_cpu(be->wBeaconInfoLength);
450 stats_add_sample(&bce->lqe_stats, be->bLQI - 7);
451 stats_add_sample(&bce->rssi_stats, be->bRSSI + 18);
454 * This might be a beacon from a new device.
456 if (bce->uwb_dev == NULL)
457 uwbd_dev_onair(evt->rc, bce);
459 mutex_unlock(&bce->mutex);
461 return 1; /* we keep the event data */
465 * Handle UWB_RC_EVT_BEACON_SIZE events
467 * XXXXX
469 int uwbd_evt_handle_rc_beacon_size(struct uwb_event *evt)
471 int result = -EINVAL;
472 struct device *dev = &evt->rc->uwb_dev.dev;
473 struct uwb_rc_evt_beacon_size *bs;
475 /* Is there enough data to decode the event? */
476 if (evt->notif.size < sizeof(*bs)) {
477 dev_err(dev, "BEACON SIZE notification: Not enough data to "
478 "decode (%zu vs %zu bytes needed)\n",
479 evt->notif.size, sizeof(*bs));
480 goto error;
482 bs = container_of(evt->notif.rceb, struct uwb_rc_evt_beacon_size, rceb);
483 if (0)
484 dev_info(dev, "Beacon size changed to %u bytes "
485 "(FIXME: action?)\n", le16_to_cpu(bs->wNewBeaconSize));
486 else {
487 /* temporary hack until we do something with this message... */
488 static unsigned count;
489 if (++count % 1000 == 0)
490 dev_info(dev, "Beacon size changed %u times "
491 "(FIXME: action?)\n", count);
493 result = 0;
494 error:
495 return result;
499 * uwbd_evt_handle_rc_bp_slot_change - handle a BP_SLOT_CHANGE event
500 * @evt: the BP_SLOT_CHANGE notification from the radio controller
502 * If the event indicates that no beacon period slots were available
503 * then radio controller has transitioned to a non-beaconing state.
504 * Otherwise, simply save the current beacon slot.
506 int uwbd_evt_handle_rc_bp_slot_change(struct uwb_event *evt)
508 struct uwb_rc *rc = evt->rc;
509 struct device *dev = &rc->uwb_dev.dev;
510 struct uwb_rc_evt_bp_slot_change *bpsc;
512 if (evt->notif.size < sizeof(*bpsc)) {
513 dev_err(dev, "BP SLOT CHANGE event: Not enough data\n");
514 return -EINVAL;
516 bpsc = container_of(evt->notif.rceb, struct uwb_rc_evt_bp_slot_change, rceb);
518 mutex_lock(&rc->uwb_dev.mutex);
519 if (uwb_rc_evt_bp_slot_change_no_slot(bpsc)) {
520 dev_info(dev, "stopped beaconing: No free slots in BP\n");
521 rc->beaconing = -1;
522 } else
523 rc->uwb_dev.beacon_slot = uwb_rc_evt_bp_slot_change_slot_num(bpsc);
524 mutex_unlock(&rc->uwb_dev.mutex);
526 return 0;
530 * Handle UWB_RC_EVT_BPOIE_CHANGE events
532 * XXXXX
534 struct uwb_ie_bpo {
535 struct uwb_ie_hdr hdr;
536 u8 bp_length;
537 u8 data[];
538 } __attribute__((packed));
540 int uwbd_evt_handle_rc_bpoie_change(struct uwb_event *evt)
542 int result = -EINVAL;
543 struct device *dev = &evt->rc->uwb_dev.dev;
544 struct uwb_rc_evt_bpoie_change *bpoiec;
545 struct uwb_ie_bpo *bpoie;
546 static unsigned count; /* FIXME: this is a temp hack */
547 size_t iesize;
549 /* Is there enough data to decode it? */
550 if (evt->notif.size < sizeof(*bpoiec)) {
551 dev_err(dev, "BPOIEC notification: Not enough data to "
552 "decode (%zu vs %zu bytes needed)\n",
553 evt->notif.size, sizeof(*bpoiec));
554 goto error;
556 bpoiec = container_of(evt->notif.rceb, struct uwb_rc_evt_bpoie_change, rceb);
557 iesize = le16_to_cpu(bpoiec->wBPOIELength);
558 if (iesize < sizeof(*bpoie)) {
559 dev_err(dev, "BPOIEC notification: Not enough IE data to "
560 "decode (%zu vs %zu bytes needed)\n",
561 iesize, sizeof(*bpoie));
562 goto error;
564 if (++count % 1000 == 0) /* Lame placeholder */
565 dev_info(dev, "BPOIE: %u changes received\n", count);
567 * FIXME: At this point we should go over all the IEs in the
568 * bpoiec->BPOIE array and act on each.
570 result = 0;
571 error:
572 return result;
576 * Print beaconing state.
578 static ssize_t uwb_rc_beacon_show(struct device *dev,
579 struct device_attribute *attr, char *buf)
581 struct uwb_dev *uwb_dev = to_uwb_dev(dev);
582 struct uwb_rc *rc = uwb_dev->rc;
583 ssize_t result;
585 mutex_lock(&rc->uwb_dev.mutex);
586 result = sprintf(buf, "%d\n", rc->beaconing);
587 mutex_unlock(&rc->uwb_dev.mutex);
588 return result;
592 * Start beaconing on the specified channel, or stop beaconing.
594 static ssize_t uwb_rc_beacon_store(struct device *dev,
595 struct device_attribute *attr,
596 const char *buf, size_t size)
598 struct uwb_dev *uwb_dev = to_uwb_dev(dev);
599 struct uwb_rc *rc = uwb_dev->rc;
600 int channel;
601 ssize_t result = -EINVAL;
603 result = sscanf(buf, "%d", &channel);
604 if (result >= 1)
605 result = uwb_radio_force_channel(rc, channel);
607 return result < 0 ? result : size;
609 DEVICE_ATTR(beacon, S_IRUGO | S_IWUSR, uwb_rc_beacon_show, uwb_rc_beacon_store);