OMAPDSS: VENC: fix NULL pointer dereference in DSS2 VENC sysfs debug attr on OMAP4
[zen-stable.git] / drivers / staging / usbip / vhci_rx.c
blob3f511b47563d40257639f8c6312f315e281856e0
1 /*
2 * Copyright (C) 2003-2008 Takahiro Hirofuchi
4 * This is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License as published by
6 * the Free Software Foundation; either version 2 of the License, or
7 * (at your option) any later version.
9 * This is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, write to the Free Software
16 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
17 * USA.
20 #include <linux/kthread.h>
21 #include <linux/slab.h>
23 #include "usbip_common.h"
24 #include "vhci.h"
26 /* get URB from transmitted urb queue. caller must hold vdev->priv_lock */
27 struct urb *pickup_urb_and_free_priv(struct vhci_device *vdev, __u32 seqnum)
29 struct vhci_priv *priv, *tmp;
30 struct urb *urb = NULL;
31 int status;
33 list_for_each_entry_safe(priv, tmp, &vdev->priv_rx, list) {
34 if (priv->seqnum == seqnum) {
35 urb = priv->urb;
36 status = urb->status;
38 usbip_dbg_vhci_rx("find urb %p vurb %p seqnum %u\n",
39 urb, priv, seqnum);
41 /* TODO: fix logic here to improve indent situtation */
42 if (status != -EINPROGRESS) {
43 if (status == -ENOENT ||
44 status == -ECONNRESET)
45 dev_info(&urb->dev->dev,
46 "urb %p was unlinked "
47 "%ssynchronuously.\n", urb,
48 status == -ENOENT ? "" : "a");
49 else
50 dev_info(&urb->dev->dev,
51 "urb %p may be in a error, "
52 "status %d\n", urb, status);
55 list_del(&priv->list);
56 kfree(priv);
57 urb->hcpriv = NULL;
59 break;
63 return urb;
66 static void vhci_recv_ret_submit(struct vhci_device *vdev,
67 struct usbip_header *pdu)
69 struct usbip_device *ud = &vdev->ud;
70 struct urb *urb;
71 unsigned long flags;
73 spin_lock(&vdev->priv_lock);
74 urb = pickup_urb_and_free_priv(vdev, pdu->base.seqnum);
75 spin_unlock(&vdev->priv_lock);
77 if (!urb) {
78 pr_err("cannot find a urb of seqnum %u\n", pdu->base.seqnum);
79 pr_info("max seqnum %d\n",
80 atomic_read(&the_controller->seqnum));
81 usbip_event_add(ud, VDEV_EVENT_ERROR_TCP);
82 return;
85 /* unpack the pdu to a urb */
86 usbip_pack_pdu(pdu, urb, USBIP_RET_SUBMIT, 0);
88 /* recv transfer buffer */
89 if (usbip_recv_xbuff(ud, urb) < 0)
90 return;
92 /* recv iso_packet_descriptor */
93 if (usbip_recv_iso(ud, urb) < 0)
94 return;
96 /* restore the padding in iso packets */
97 if (usbip_pad_iso(ud, urb) < 0)
98 return;
100 if (usbip_dbg_flag_vhci_rx)
101 usbip_dump_urb(urb);
103 usbip_dbg_vhci_rx("now giveback urb %p\n", urb);
105 spin_lock_irqsave(&the_controller->lock, flags);
106 usb_hcd_unlink_urb_from_ep(vhci_to_hcd(the_controller), urb);
107 spin_unlock_irqrestore(&the_controller->lock, flags);
109 usb_hcd_giveback_urb(vhci_to_hcd(the_controller), urb, urb->status);
111 usbip_dbg_vhci_rx("Leave\n");
113 return;
116 static struct vhci_unlink *dequeue_pending_unlink(struct vhci_device *vdev,
117 struct usbip_header *pdu)
119 struct vhci_unlink *unlink, *tmp;
121 spin_lock(&vdev->priv_lock);
123 list_for_each_entry_safe(unlink, tmp, &vdev->unlink_rx, list) {
124 pr_info("unlink->seqnum %lu\n", unlink->seqnum);
125 if (unlink->seqnum == pdu->base.seqnum) {
126 usbip_dbg_vhci_rx("found pending unlink, %lu\n",
127 unlink->seqnum);
128 list_del(&unlink->list);
130 spin_unlock(&vdev->priv_lock);
131 return unlink;
135 spin_unlock(&vdev->priv_lock);
137 return NULL;
140 static void vhci_recv_ret_unlink(struct vhci_device *vdev,
141 struct usbip_header *pdu)
143 struct vhci_unlink *unlink;
144 struct urb *urb;
145 unsigned long flags;
147 usbip_dump_header(pdu);
149 unlink = dequeue_pending_unlink(vdev, pdu);
150 if (!unlink) {
151 pr_info("cannot find the pending unlink %u\n",
152 pdu->base.seqnum);
153 return;
156 spin_lock(&vdev->priv_lock);
157 urb = pickup_urb_and_free_priv(vdev, unlink->unlink_seqnum);
158 spin_unlock(&vdev->priv_lock);
160 if (!urb) {
162 * I get the result of a unlink request. But, it seems that I
163 * already received the result of its submit result and gave
164 * back the URB.
166 pr_info("the urb (seqnum %d) was already given backed\n",
167 pdu->base.seqnum);
168 } else {
169 usbip_dbg_vhci_rx("now giveback urb %p\n", urb);
171 /* If unlink is succeed, status is -ECONNRESET */
172 urb->status = pdu->u.ret_unlink.status;
173 pr_info("urb->status %d\n", urb->status);
175 spin_lock_irqsave(&the_controller->lock, flags);
176 usb_hcd_unlink_urb_from_ep(vhci_to_hcd(the_controller), urb);
177 spin_unlock_irqrestore(&the_controller->lock, flags);
179 usb_hcd_giveback_urb(vhci_to_hcd(the_controller), urb,
180 urb->status);
183 kfree(unlink);
186 static int vhci_priv_tx_empty(struct vhci_device *vdev)
188 int empty = 0;
190 spin_lock(&vdev->priv_lock);
191 empty = list_empty(&vdev->priv_rx);
192 spin_unlock(&vdev->priv_lock);
194 return empty;
197 /* recv a pdu */
198 static void vhci_rx_pdu(struct usbip_device *ud)
200 int ret;
201 struct usbip_header pdu;
202 struct vhci_device *vdev = container_of(ud, struct vhci_device, ud);
204 usbip_dbg_vhci_rx("Enter\n");
206 memset(&pdu, 0, sizeof(pdu));
208 /* 1. receive a pdu header */
209 ret = usbip_recv(ud->tcp_socket, &pdu, sizeof(pdu));
210 if (ret < 0) {
211 if (ret == -ECONNRESET)
212 pr_info("connection reset by peer\n");
213 else if (ret == -EAGAIN) {
214 /* ignore if connection was idle */
215 if (vhci_priv_tx_empty(vdev))
216 return;
217 pr_info("connection timed out with pending urbs\n");
218 } else if (ret != -ERESTARTSYS)
219 pr_info("xmit failed %d\n", ret);
221 usbip_event_add(ud, VDEV_EVENT_ERROR_TCP);
222 return;
224 if (ret == 0) {
225 pr_info("connection closed");
226 usbip_event_add(ud, VDEV_EVENT_DOWN);
227 return;
229 if (ret != sizeof(pdu)) {
230 pr_err("received pdu size is %d, should be %d\n", ret,
231 (unsigned int)sizeof(pdu));
232 usbip_event_add(ud, VDEV_EVENT_ERROR_TCP);
233 return;
236 usbip_header_correct_endian(&pdu, 0);
238 if (usbip_dbg_flag_vhci_rx)
239 usbip_dump_header(&pdu);
241 switch (pdu.base.command) {
242 case USBIP_RET_SUBMIT:
243 vhci_recv_ret_submit(vdev, &pdu);
244 break;
245 case USBIP_RET_UNLINK:
246 vhci_recv_ret_unlink(vdev, &pdu);
247 break;
248 default:
249 /* NOT REACHED */
250 pr_err("unknown pdu %u\n", pdu.base.command);
251 usbip_dump_header(&pdu);
252 usbip_event_add(ud, VDEV_EVENT_ERROR_TCP);
253 break;
257 int vhci_rx_loop(void *data)
259 struct usbip_device *ud = data;
261 while (!kthread_should_stop()) {
262 if (usbip_event_happened(ud))
263 break;
265 vhci_rx_pdu(ud);
268 return 0;