OMAPDSS: VENC: fix NULL pointer dereference in DSS2 VENC sysfs debug attr on OMAP4
[zen-stable.git] / drivers / bluetooth / btmrvl_main.c
blob6c3defa508454e1d76937abf9235b07fc6e880a8
1 /**
2 * Marvell Bluetooth driver
4 * Copyright (C) 2009, Marvell International Ltd.
6 * This software file (the "File") is distributed by Marvell International
7 * Ltd. under the terms of the GNU General Public License Version 2, June 1991
8 * (the "License"). You may use, redistribute and/or modify this File in
9 * accordance with the terms and conditions of the License, a copy of which
10 * is available by writing to the Free Software Foundation, Inc.,
11 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA or on the
12 * worldwide web at http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.
15 * THE FILE IS DISTRIBUTED AS-IS, WITHOUT WARRANTY OF ANY KIND, AND THE
16 * IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE
17 * ARE EXPRESSLY DISCLAIMED. The License provides additional details about
18 * this warranty disclaimer.
19 **/
21 #include <linux/module.h>
23 #include <net/bluetooth/bluetooth.h>
24 #include <net/bluetooth/hci_core.h>
26 #include "btmrvl_drv.h"
28 #define VERSION "1.0"
31 * This function is called by interface specific interrupt handler.
32 * It updates Power Save & Host Sleep states, and wakes up the main
33 * thread.
35 void btmrvl_interrupt(struct btmrvl_private *priv)
37 priv->adapter->ps_state = PS_AWAKE;
39 priv->adapter->wakeup_tries = 0;
41 priv->adapter->int_count++;
43 wake_up_interruptible(&priv->main_thread.wait_q);
45 EXPORT_SYMBOL_GPL(btmrvl_interrupt);
47 void btmrvl_check_evtpkt(struct btmrvl_private *priv, struct sk_buff *skb)
49 struct hci_event_hdr *hdr = (void *) skb->data;
50 struct hci_ev_cmd_complete *ec;
51 u16 opcode, ocf;
53 if (hdr->evt == HCI_EV_CMD_COMPLETE) {
54 ec = (void *) (skb->data + HCI_EVENT_HDR_SIZE);
55 opcode = __le16_to_cpu(ec->opcode);
56 ocf = hci_opcode_ocf(opcode);
57 if (ocf == BT_CMD_MODULE_CFG_REQ &&
58 priv->btmrvl_dev.sendcmdflag) {
59 priv->btmrvl_dev.sendcmdflag = false;
60 priv->adapter->cmd_complete = true;
61 wake_up_interruptible(&priv->adapter->cmd_wait_q);
65 EXPORT_SYMBOL_GPL(btmrvl_check_evtpkt);
67 int btmrvl_process_event(struct btmrvl_private *priv, struct sk_buff *skb)
69 struct btmrvl_adapter *adapter = priv->adapter;
70 struct btmrvl_event *event;
71 int ret = 0;
73 event = (struct btmrvl_event *) skb->data;
74 if (event->ec != 0xff) {
75 BT_DBG("Not Marvell Event=%x", event->ec);
76 ret = -EINVAL;
77 goto exit;
80 switch (event->data[0]) {
81 case BT_CMD_AUTO_SLEEP_MODE:
82 if (!event->data[2]) {
83 if (event->data[1] == BT_PS_ENABLE)
84 adapter->psmode = 1;
85 else
86 adapter->psmode = 0;
87 BT_DBG("PS Mode:%s",
88 (adapter->psmode) ? "Enable" : "Disable");
89 } else {
90 BT_DBG("PS Mode command failed");
92 break;
94 case BT_CMD_HOST_SLEEP_CONFIG:
95 if (!event->data[3])
96 BT_DBG("gpio=%x, gap=%x", event->data[1],
97 event->data[2]);
98 else
99 BT_DBG("HSCFG command failed");
100 break;
102 case BT_CMD_HOST_SLEEP_ENABLE:
103 if (!event->data[1]) {
104 adapter->hs_state = HS_ACTIVATED;
105 if (adapter->psmode)
106 adapter->ps_state = PS_SLEEP;
107 wake_up_interruptible(&adapter->cmd_wait_q);
108 BT_DBG("HS ACTIVATED!");
109 } else {
110 BT_DBG("HS Enable failed");
112 break;
114 case BT_CMD_MODULE_CFG_REQ:
115 if (priv->btmrvl_dev.sendcmdflag &&
116 event->data[1] == MODULE_BRINGUP_REQ) {
117 BT_DBG("EVENT:%s",
118 ((event->data[2] == MODULE_BROUGHT_UP) ||
119 (event->data[2] == MODULE_ALREADY_UP)) ?
120 "Bring-up succeed" : "Bring-up failed");
122 if (event->length > 3 && event->data[3])
123 priv->btmrvl_dev.dev_type = HCI_AMP;
124 else
125 priv->btmrvl_dev.dev_type = HCI_BREDR;
127 BT_DBG("dev_type: %d", priv->btmrvl_dev.dev_type);
128 } else if (priv->btmrvl_dev.sendcmdflag &&
129 event->data[1] == MODULE_SHUTDOWN_REQ) {
130 BT_DBG("EVENT:%s", (event->data[2]) ?
131 "Shutdown failed" : "Shutdown succeed");
132 } else {
133 BT_DBG("BT_CMD_MODULE_CFG_REQ resp for APP");
134 ret = -EINVAL;
136 break;
138 case BT_EVENT_POWER_STATE:
139 if (event->data[1] == BT_PS_SLEEP)
140 adapter->ps_state = PS_SLEEP;
141 BT_DBG("EVENT:%s",
142 (adapter->ps_state) ? "PS_SLEEP" : "PS_AWAKE");
143 break;
145 default:
146 BT_DBG("Unknown Event=%d", event->data[0]);
147 ret = -EINVAL;
148 break;
151 exit:
152 if (!ret)
153 kfree_skb(skb);
155 return ret;
157 EXPORT_SYMBOL_GPL(btmrvl_process_event);
159 int btmrvl_send_module_cfg_cmd(struct btmrvl_private *priv, int subcmd)
161 struct sk_buff *skb;
162 struct btmrvl_cmd *cmd;
163 int ret = 0;
165 skb = bt_skb_alloc(sizeof(*cmd), GFP_ATOMIC);
166 if (skb == NULL) {
167 BT_ERR("No free skb");
168 return -ENOMEM;
171 cmd = (struct btmrvl_cmd *) skb_put(skb, sizeof(*cmd));
172 cmd->ocf_ogf = cpu_to_le16(hci_opcode_pack(OGF, BT_CMD_MODULE_CFG_REQ));
173 cmd->length = 1;
174 cmd->data[0] = subcmd;
176 bt_cb(skb)->pkt_type = MRVL_VENDOR_PKT;
178 skb->dev = (void *) priv->btmrvl_dev.hcidev;
179 skb_queue_head(&priv->adapter->tx_queue, skb);
181 priv->btmrvl_dev.sendcmdflag = true;
183 priv->adapter->cmd_complete = false;
185 BT_DBG("Queue module cfg Command");
187 wake_up_interruptible(&priv->main_thread.wait_q);
189 if (!wait_event_interruptible_timeout(priv->adapter->cmd_wait_q,
190 priv->adapter->cmd_complete,
191 msecs_to_jiffies(WAIT_UNTIL_CMD_RESP))) {
192 ret = -ETIMEDOUT;
193 BT_ERR("module_cfg_cmd(%x): timeout: %d",
194 subcmd, priv->btmrvl_dev.sendcmdflag);
197 BT_DBG("module cfg Command done");
199 return ret;
201 EXPORT_SYMBOL_GPL(btmrvl_send_module_cfg_cmd);
203 int btmrvl_enable_ps(struct btmrvl_private *priv)
205 struct sk_buff *skb;
206 struct btmrvl_cmd *cmd;
208 skb = bt_skb_alloc(sizeof(*cmd), GFP_ATOMIC);
209 if (skb == NULL) {
210 BT_ERR("No free skb");
211 return -ENOMEM;
214 cmd = (struct btmrvl_cmd *) skb_put(skb, sizeof(*cmd));
215 cmd->ocf_ogf = cpu_to_le16(hci_opcode_pack(OGF,
216 BT_CMD_AUTO_SLEEP_MODE));
217 cmd->length = 1;
219 if (priv->btmrvl_dev.psmode)
220 cmd->data[0] = BT_PS_ENABLE;
221 else
222 cmd->data[0] = BT_PS_DISABLE;
224 bt_cb(skb)->pkt_type = MRVL_VENDOR_PKT;
226 skb->dev = (void *) priv->btmrvl_dev.hcidev;
227 skb_queue_head(&priv->adapter->tx_queue, skb);
229 BT_DBG("Queue PSMODE Command:%d", cmd->data[0]);
231 return 0;
233 EXPORT_SYMBOL_GPL(btmrvl_enable_ps);
235 static int btmrvl_enable_hs(struct btmrvl_private *priv)
237 struct sk_buff *skb;
238 struct btmrvl_cmd *cmd;
239 int ret = 0;
241 skb = bt_skb_alloc(sizeof(*cmd), GFP_ATOMIC);
242 if (skb == NULL) {
243 BT_ERR("No free skb");
244 return -ENOMEM;
247 cmd = (struct btmrvl_cmd *) skb_put(skb, sizeof(*cmd));
248 cmd->ocf_ogf = cpu_to_le16(hci_opcode_pack(OGF, BT_CMD_HOST_SLEEP_ENABLE));
249 cmd->length = 0;
251 bt_cb(skb)->pkt_type = MRVL_VENDOR_PKT;
253 skb->dev = (void *) priv->btmrvl_dev.hcidev;
254 skb_queue_head(&priv->adapter->tx_queue, skb);
256 BT_DBG("Queue hs enable Command");
258 wake_up_interruptible(&priv->main_thread.wait_q);
260 if (!wait_event_interruptible_timeout(priv->adapter->cmd_wait_q,
261 priv->adapter->hs_state,
262 msecs_to_jiffies(WAIT_UNTIL_HS_STATE_CHANGED))) {
263 ret = -ETIMEDOUT;
264 BT_ERR("timeout: %d, %d,%d", priv->adapter->hs_state,
265 priv->adapter->ps_state,
266 priv->adapter->wakeup_tries);
269 return ret;
272 int btmrvl_prepare_command(struct btmrvl_private *priv)
274 struct sk_buff *skb = NULL;
275 struct btmrvl_cmd *cmd;
276 int ret = 0;
278 if (priv->btmrvl_dev.hscfgcmd) {
279 priv->btmrvl_dev.hscfgcmd = 0;
281 skb = bt_skb_alloc(sizeof(*cmd), GFP_ATOMIC);
282 if (skb == NULL) {
283 BT_ERR("No free skb");
284 return -ENOMEM;
287 cmd = (struct btmrvl_cmd *) skb_put(skb, sizeof(*cmd));
288 cmd->ocf_ogf = cpu_to_le16(hci_opcode_pack(OGF, BT_CMD_HOST_SLEEP_CONFIG));
289 cmd->length = 2;
290 cmd->data[0] = (priv->btmrvl_dev.gpio_gap & 0xff00) >> 8;
291 cmd->data[1] = (u8) (priv->btmrvl_dev.gpio_gap & 0x00ff);
293 bt_cb(skb)->pkt_type = MRVL_VENDOR_PKT;
295 skb->dev = (void *) priv->btmrvl_dev.hcidev;
296 skb_queue_head(&priv->adapter->tx_queue, skb);
298 BT_DBG("Queue HSCFG Command, gpio=0x%x, gap=0x%x",
299 cmd->data[0], cmd->data[1]);
302 if (priv->btmrvl_dev.pscmd) {
303 priv->btmrvl_dev.pscmd = 0;
304 btmrvl_enable_ps(priv);
307 if (priv->btmrvl_dev.hscmd) {
308 priv->btmrvl_dev.hscmd = 0;
310 if (priv->btmrvl_dev.hsmode) {
311 ret = btmrvl_enable_hs(priv);
312 } else {
313 ret = priv->hw_wakeup_firmware(priv);
314 priv->adapter->hs_state = HS_DEACTIVATED;
318 return ret;
321 static int btmrvl_tx_pkt(struct btmrvl_private *priv, struct sk_buff *skb)
323 int ret = 0;
325 if (!skb || !skb->data)
326 return -EINVAL;
328 if (!skb->len || ((skb->len + BTM_HEADER_LEN) > BTM_UPLD_SIZE)) {
329 BT_ERR("Tx Error: Bad skb length %d : %d",
330 skb->len, BTM_UPLD_SIZE);
331 return -EINVAL;
334 if (skb_headroom(skb) < BTM_HEADER_LEN) {
335 struct sk_buff *tmp = skb;
337 skb = skb_realloc_headroom(skb, BTM_HEADER_LEN);
338 if (!skb) {
339 BT_ERR("Tx Error: realloc_headroom failed %d",
340 BTM_HEADER_LEN);
341 skb = tmp;
342 return -EINVAL;
345 kfree_skb(tmp);
348 skb_push(skb, BTM_HEADER_LEN);
350 /* header type: byte[3]
351 * HCI_COMMAND = 1, ACL_DATA = 2, SCO_DATA = 3, 0xFE = Vendor
352 * header length: byte[2][1][0]
355 skb->data[0] = (skb->len & 0x0000ff);
356 skb->data[1] = (skb->len & 0x00ff00) >> 8;
357 skb->data[2] = (skb->len & 0xff0000) >> 16;
358 skb->data[3] = bt_cb(skb)->pkt_type;
360 if (priv->hw_host_to_card)
361 ret = priv->hw_host_to_card(priv, skb->data, skb->len);
363 return ret;
366 static void btmrvl_init_adapter(struct btmrvl_private *priv)
368 skb_queue_head_init(&priv->adapter->tx_queue);
370 priv->adapter->ps_state = PS_AWAKE;
372 init_waitqueue_head(&priv->adapter->cmd_wait_q);
375 static void btmrvl_free_adapter(struct btmrvl_private *priv)
377 skb_queue_purge(&priv->adapter->tx_queue);
379 kfree(priv->adapter);
381 priv->adapter = NULL;
384 static int btmrvl_ioctl(struct hci_dev *hdev,
385 unsigned int cmd, unsigned long arg)
387 return -ENOIOCTLCMD;
390 static void btmrvl_destruct(struct hci_dev *hdev)
394 static int btmrvl_send_frame(struct sk_buff *skb)
396 struct hci_dev *hdev = (struct hci_dev *) skb->dev;
397 struct btmrvl_private *priv = NULL;
399 BT_DBG("type=%d, len=%d", skb->pkt_type, skb->len);
401 if (!hdev || !hdev->driver_data) {
402 BT_ERR("Frame for unknown HCI device");
403 return -ENODEV;
406 priv = (struct btmrvl_private *) hdev->driver_data;
407 if (!test_bit(HCI_RUNNING, &hdev->flags)) {
408 BT_ERR("Failed testing HCI_RUNING, flags=%lx", hdev->flags);
409 print_hex_dump_bytes("data: ", DUMP_PREFIX_OFFSET,
410 skb->data, skb->len);
411 return -EBUSY;
414 switch (bt_cb(skb)->pkt_type) {
415 case HCI_COMMAND_PKT:
416 hdev->stat.cmd_tx++;
417 break;
419 case HCI_ACLDATA_PKT:
420 hdev->stat.acl_tx++;
421 break;
423 case HCI_SCODATA_PKT:
424 hdev->stat.sco_tx++;
425 break;
428 skb_queue_tail(&priv->adapter->tx_queue, skb);
430 wake_up_interruptible(&priv->main_thread.wait_q);
432 return 0;
435 static int btmrvl_flush(struct hci_dev *hdev)
437 struct btmrvl_private *priv = hdev->driver_data;
439 skb_queue_purge(&priv->adapter->tx_queue);
441 return 0;
444 static int btmrvl_close(struct hci_dev *hdev)
446 struct btmrvl_private *priv = hdev->driver_data;
448 if (!test_and_clear_bit(HCI_RUNNING, &hdev->flags))
449 return 0;
451 skb_queue_purge(&priv->adapter->tx_queue);
453 return 0;
456 static int btmrvl_open(struct hci_dev *hdev)
458 set_bit(HCI_RUNNING, &hdev->flags);
460 return 0;
464 * This function handles the event generated by firmware, rx data
465 * received from firmware, and tx data sent from kernel.
467 static int btmrvl_service_main_thread(void *data)
469 struct btmrvl_thread *thread = data;
470 struct btmrvl_private *priv = thread->priv;
471 struct btmrvl_adapter *adapter = priv->adapter;
472 wait_queue_t wait;
473 struct sk_buff *skb;
474 ulong flags;
476 init_waitqueue_entry(&wait, current);
478 for (;;) {
479 add_wait_queue(&thread->wait_q, &wait);
481 set_current_state(TASK_INTERRUPTIBLE);
483 if (adapter->wakeup_tries ||
484 ((!adapter->int_count) &&
485 (!priv->btmrvl_dev.tx_dnld_rdy ||
486 skb_queue_empty(&adapter->tx_queue)))) {
487 BT_DBG("main_thread is sleeping...");
488 schedule();
491 set_current_state(TASK_RUNNING);
493 remove_wait_queue(&thread->wait_q, &wait);
495 BT_DBG("main_thread woke up");
497 if (kthread_should_stop()) {
498 BT_DBG("main_thread: break from main thread");
499 break;
502 spin_lock_irqsave(&priv->driver_lock, flags);
503 if (adapter->int_count) {
504 adapter->int_count = 0;
505 spin_unlock_irqrestore(&priv->driver_lock, flags);
506 priv->hw_process_int_status(priv);
507 } else if (adapter->ps_state == PS_SLEEP &&
508 !skb_queue_empty(&adapter->tx_queue)) {
509 spin_unlock_irqrestore(&priv->driver_lock, flags);
510 adapter->wakeup_tries++;
511 priv->hw_wakeup_firmware(priv);
512 continue;
513 } else {
514 spin_unlock_irqrestore(&priv->driver_lock, flags);
517 if (adapter->ps_state == PS_SLEEP)
518 continue;
520 if (!priv->btmrvl_dev.tx_dnld_rdy)
521 continue;
523 skb = skb_dequeue(&adapter->tx_queue);
524 if (skb) {
525 if (btmrvl_tx_pkt(priv, skb))
526 priv->btmrvl_dev.hcidev->stat.err_tx++;
527 else
528 priv->btmrvl_dev.hcidev->stat.byte_tx += skb->len;
530 kfree_skb(skb);
534 return 0;
537 int btmrvl_register_hdev(struct btmrvl_private *priv)
539 struct hci_dev *hdev = NULL;
540 int ret;
542 hdev = hci_alloc_dev();
543 if (!hdev) {
544 BT_ERR("Can not allocate HCI device");
545 goto err_hdev;
548 priv->btmrvl_dev.hcidev = hdev;
549 hdev->driver_data = priv;
551 hdev->bus = HCI_SDIO;
552 hdev->open = btmrvl_open;
553 hdev->close = btmrvl_close;
554 hdev->flush = btmrvl_flush;
555 hdev->send = btmrvl_send_frame;
556 hdev->destruct = btmrvl_destruct;
557 hdev->ioctl = btmrvl_ioctl;
558 hdev->owner = THIS_MODULE;
560 btmrvl_send_module_cfg_cmd(priv, MODULE_BRINGUP_REQ);
562 hdev->dev_type = priv->btmrvl_dev.dev_type;
564 ret = hci_register_dev(hdev);
565 if (ret < 0) {
566 BT_ERR("Can not register HCI device");
567 goto err_hci_register_dev;
570 #ifdef CONFIG_DEBUG_FS
571 btmrvl_debugfs_init(hdev);
572 #endif
574 return 0;
576 err_hci_register_dev:
577 hci_free_dev(hdev);
579 err_hdev:
580 /* Stop the thread servicing the interrupts */
581 kthread_stop(priv->main_thread.task);
583 btmrvl_free_adapter(priv);
584 kfree(priv);
586 return -ENOMEM;
588 EXPORT_SYMBOL_GPL(btmrvl_register_hdev);
590 struct btmrvl_private *btmrvl_add_card(void *card)
592 struct btmrvl_private *priv;
594 priv = kzalloc(sizeof(*priv), GFP_KERNEL);
595 if (!priv) {
596 BT_ERR("Can not allocate priv");
597 goto err_priv;
600 priv->adapter = kzalloc(sizeof(*priv->adapter), GFP_KERNEL);
601 if (!priv->adapter) {
602 BT_ERR("Allocate buffer for btmrvl_adapter failed!");
603 goto err_adapter;
606 btmrvl_init_adapter(priv);
608 BT_DBG("Starting kthread...");
609 priv->main_thread.priv = priv;
610 spin_lock_init(&priv->driver_lock);
612 init_waitqueue_head(&priv->main_thread.wait_q);
613 priv->main_thread.task = kthread_run(btmrvl_service_main_thread,
614 &priv->main_thread, "btmrvl_main_service");
616 priv->btmrvl_dev.card = card;
617 priv->btmrvl_dev.tx_dnld_rdy = true;
619 return priv;
621 err_adapter:
622 kfree(priv);
624 err_priv:
625 return NULL;
627 EXPORT_SYMBOL_GPL(btmrvl_add_card);
629 int btmrvl_remove_card(struct btmrvl_private *priv)
631 struct hci_dev *hdev;
633 hdev = priv->btmrvl_dev.hcidev;
635 wake_up_interruptible(&priv->adapter->cmd_wait_q);
637 kthread_stop(priv->main_thread.task);
639 #ifdef CONFIG_DEBUG_FS
640 btmrvl_debugfs_remove(hdev);
641 #endif
643 hci_unregister_dev(hdev);
645 hci_free_dev(hdev);
647 priv->btmrvl_dev.hcidev = NULL;
649 btmrvl_free_adapter(priv);
651 kfree(priv);
653 return 0;
655 EXPORT_SYMBOL_GPL(btmrvl_remove_card);
657 MODULE_AUTHOR("Marvell International Ltd.");
658 MODULE_DESCRIPTION("Marvell Bluetooth driver ver " VERSION);
659 MODULE_VERSION(VERSION);
660 MODULE_LICENSE("GPL v2");