1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3 * WUSB Host Wire Adapter: Radio Control Interface (WUSB[8.6])
4 * Radio Control command/event transport
5 *
6 * Copyright (C) 2005-2006 Intel Corporation
7 * Inaky Perez-Gonzalez <inaky.perez-gonzalez@intel.com>
8 *
9 * Initialize the Radio Control interface Driver.
10 *
11 * For each device probed, creates an 'struct hwarc' which contains
12 * just the representation of the UWB Radio Controller, and the logic
13 * for reading notifications and passing them to the UWB Core.
14 *
15 * So we initialize all of those, register the UWB Radio Controller
16 * and setup the notification/event handle to pipe the notifications
17 * to the UWB management Daemon.
18 *
19 * Command and event filtering.
20 *
21 * This is the driver for the Radio Control Interface described in WUSB
22 * 1.0. The core UWB module assumes that all drivers are compliant to the
23 * WHCI 0.95 specification. We thus create a filter that parses all
24 * incoming messages from the (WUSB 1.0) device and manipulate them to
25 * conform to the WHCI 0.95 specification. Similarly, outgoing messages
26 * are parsed and manipulated to conform to the WUSB 1.0 compliant messages
27 * that the device expects. Only a few messages are affected:
28 * Affected events:
29 * UWB_RC_EVT_BEACON
30 * UWB_RC_EVT_BP_SLOT_CHANGE
31 * UWB_RC_EVT_DRP_AVAIL
32 * UWB_RC_EVT_DRP
33 * Affected commands:
34 * UWB_RC_CMD_SCAN
35 * UWB_RC_CMD_SET_DRP_IE
36 */
37 #include <linux/init.h>
38 #include <linux/module.h>
39 #include <linux/slab.h>
40 #include <linux/usb.h>
41 #include "../wusbcore/include/wusb.h"
42 #include "../wusbcore/include/wusb-wa.h"
43 #include "uwb.h"
44
45 #include "uwb-internal.h"
46
47 /* The device uses commands and events from the WHCI specification, although
48 * reporting itself as WUSB compliant. */
49 #define WUSB_QUIRK_WHCI_CMD_EVT 0x01
50
51 /**
52 * Descriptor for an instance of the UWB Radio Control Driver that
53 * attaches to the RCI interface of the Host Wired Adapter.
54 *
55 * Unless there is a lock specific to the 'data members', all access
56 * is protected by uwb_rc->mutex.
57 *
58 * The NEEP (Notification/Event EndPoint) URB (@neep_urb) writes to
59 * @rd_buffer. Note there is no locking because it is perfectly (heh!)
60 * serialized--probe() submits an URB, callback is called, processes
61 * the data (synchronously), submits another URB, and so on. There is
62 * no concurrent access to the buffer.
63 */
64 struct hwarc {
65 struct usb_device *usb_dev;
66 struct usb_interface *usb_iface;
67 struct uwb_rc *uwb_rc; /* UWB host controller */
68 struct urb *neep_urb; /* Notification endpoint handling */
69 struct edc neep_edc;
70 void *rd_buffer; /* NEEP read buffer */
71 };
72
73
74 /* Beacon received notification (WUSB 1.0 [8.6.3.2]) */
75 struct uwb_rc_evt_beacon_WUSB_0100 {
76 struct uwb_rceb rceb;
77 u8 bChannelNumber;
78 __le16 wBPSTOffset;
79 u8 bLQI;
80 u8 bRSSI;
81 __le16 wBeaconInfoLength;
82 u8 BeaconInfo[];
83 } __attribute__((packed));
84
85 /**
86 * Filter WUSB 1.0 BEACON RCV notification to be WHCI 0.95
87 *
88 * @header: the incoming event
89 * @buf_size: size of buffer containing incoming event
90 * @new_size: size of event after filtering completed
91 *
92 * The WHCI 0.95 spec has a "Beacon Type" field. This value is unknown at
93 * the time we receive the beacon from WUSB so we just set it to
94 * UWB_RC_BEACON_TYPE_NEIGHBOR as a default.
95 * The solution below allocates memory upon receipt of every beacon from a
96 * WUSB device. This will deteriorate performance. What is the right way to
97 * do this?
98 */
99 static
hwarc_filter_evt_beacon_WUSB_0100(struct uwb_rc * rc,struct uwb_rceb ** header,const size_t buf_size,size_t * new_size)100 int hwarc_filter_evt_beacon_WUSB_0100(struct uwb_rc *rc,
101 struct uwb_rceb **header,
102 const size_t buf_size,
103 size_t *new_size)
104 {
105 struct uwb_rc_evt_beacon_WUSB_0100 *be;
106 struct uwb_rc_evt_beacon *newbe;
107 size_t bytes_left, ielength;
108 struct device *dev = &rc->uwb_dev.dev;
109
110 be = container_of(*header, struct uwb_rc_evt_beacon_WUSB_0100, rceb);
111 bytes_left = buf_size;
112 if (bytes_left < sizeof(*be)) {
113 dev_err(dev, "Beacon Received Notification: Not enough data "
114 "to decode for filtering (%zu vs %zu bytes needed)\n",
115 bytes_left, sizeof(*be));
116 return -EINVAL;
117 }
118 bytes_left -= sizeof(*be);
119 ielength = le16_to_cpu(be->wBeaconInfoLength);
120 if (bytes_left < ielength) {
121 dev_err(dev, "Beacon Received Notification: Not enough data "
122 "to decode IEs (%zu vs %zu bytes needed)\n",
123 bytes_left, ielength);
124 return -EINVAL;
125 }
126 newbe = kzalloc(sizeof(*newbe) + ielength, GFP_ATOMIC);
127 if (newbe == NULL)
128 return -ENOMEM;
129 newbe->rceb = be->rceb;
130 newbe->bChannelNumber = be->bChannelNumber;
131 newbe->bBeaconType = UWB_RC_BEACON_TYPE_NEIGHBOR;
132 newbe->wBPSTOffset = be->wBPSTOffset;
133 newbe->bLQI = be->bLQI;
134 newbe->bRSSI = be->bRSSI;
135 newbe->wBeaconInfoLength = be->wBeaconInfoLength;
136 memcpy(newbe->BeaconInfo, be->BeaconInfo, ielength);
137 *header = &newbe->rceb;
138 *new_size = sizeof(*newbe) + ielength;
139 return 1; /* calling function will free memory */
140 }
141
142
143 /* DRP Availability change notification (WUSB 1.0 [8.6.3.8]) */
144 struct uwb_rc_evt_drp_avail_WUSB_0100 {
145 struct uwb_rceb rceb;
146 __le16 wIELength;
147 u8 IEData[];
148 } __attribute__((packed));
149
150 /**
151 * Filter WUSB 1.0 DRP AVAILABILITY CHANGE notification to be WHCI 0.95
152 *
153 * @header: the incoming event
154 * @buf_size: size of buffer containing incoming event
155 * @new_size: size of event after filtering completed
156 */
157 static
hwarc_filter_evt_drp_avail_WUSB_0100(struct uwb_rc * rc,struct uwb_rceb ** header,const size_t buf_size,size_t * new_size)158 int hwarc_filter_evt_drp_avail_WUSB_0100(struct uwb_rc *rc,
159 struct uwb_rceb **header,
160 const size_t buf_size,
161 size_t *new_size)
162 {
163 struct uwb_rc_evt_drp_avail_WUSB_0100 *da;
164 struct uwb_rc_evt_drp_avail *newda;
165 struct uwb_ie_hdr *ie_hdr;
166 size_t bytes_left, ielength;
167 struct device *dev = &rc->uwb_dev.dev;
168
169
170 da = container_of(*header, struct uwb_rc_evt_drp_avail_WUSB_0100, rceb);
171 bytes_left = buf_size;
172 if (bytes_left < sizeof(*da)) {
173 dev_err(dev, "Not enough data to decode DRP Avail "
174 "Notification for filtering. Expected %zu, "
175 "received %zu.\n", (size_t)sizeof(*da), bytes_left);
176 return -EINVAL;
177 }
178 bytes_left -= sizeof(*da);
179 ielength = le16_to_cpu(da->wIELength);
180 if (bytes_left < ielength) {
181 dev_err(dev, "DRP Avail Notification filter: IE length "
182 "[%zu bytes] does not match actual length "
183 "[%zu bytes].\n", ielength, bytes_left);
184 return -EINVAL;
185 }
186 if (ielength < sizeof(*ie_hdr)) {
187 dev_err(dev, "DRP Avail Notification filter: Not enough "
188 "data to decode IE [%zu bytes, %zu needed]\n",
189 ielength, sizeof(*ie_hdr));
190 return -EINVAL;
191 }
192 ie_hdr = (void *) da->IEData;
193 if (ie_hdr->length > 32) {
194 dev_err(dev, "DRP Availability Change event has unexpected "
195 "length for filtering. Expected < 32 bytes, "
196 "got %zu bytes.\n", (size_t)ie_hdr->length);
197 return -EINVAL;
198 }
199 newda = kzalloc(sizeof(*newda), GFP_ATOMIC);
200 if (newda == NULL)
201 return -ENOMEM;
202 newda->rceb = da->rceb;
203 memcpy(newda->bmp, (u8 *) ie_hdr + sizeof(*ie_hdr), ie_hdr->length);
204 *header = &newda->rceb;
205 *new_size = sizeof(*newda);
206 return 1; /* calling function will free memory */
207 }
208
209
210 /* DRP notification (WUSB 1.0 [8.6.3.9]) */
211 struct uwb_rc_evt_drp_WUSB_0100 {
212 struct uwb_rceb rceb;
213 struct uwb_dev_addr wSrcAddr;
214 u8 bExplicit;
215 __le16 wIELength;
216 u8 IEData[];
217 } __attribute__((packed));
218
219 /**
220 * Filter WUSB 1.0 DRP Notification to be WHCI 0.95
221 *
222 * @header: the incoming event
223 * @buf_size: size of buffer containing incoming event
224 * @new_size: size of event after filtering completed
225 *
226 * It is hard to manage DRP reservations without having a Reason code.
227 * Unfortunately there is none in the WUSB spec. We just set the default to
228 * DRP IE RECEIVED.
229 * We do not currently use the bBeaconSlotNumber value, so we set this to
230 * zero for now.
231 */
232 static
hwarc_filter_evt_drp_WUSB_0100(struct uwb_rc * rc,struct uwb_rceb ** header,const size_t buf_size,size_t * new_size)233 int hwarc_filter_evt_drp_WUSB_0100(struct uwb_rc *rc,
234 struct uwb_rceb **header,
235 const size_t buf_size,
236 size_t *new_size)
237 {
238 struct uwb_rc_evt_drp_WUSB_0100 *drpev;
239 struct uwb_rc_evt_drp *newdrpev;
240 size_t bytes_left, ielength;
241 struct device *dev = &rc->uwb_dev.dev;
242
243 drpev = container_of(*header, struct uwb_rc_evt_drp_WUSB_0100, rceb);
244 bytes_left = buf_size;
245 if (bytes_left < sizeof(*drpev)) {
246 dev_err(dev, "Not enough data to decode DRP Notification "
247 "for filtering. Expected %zu, received %zu.\n",
248 (size_t)sizeof(*drpev), bytes_left);
249 return -EINVAL;
250 }
251 ielength = le16_to_cpu(drpev->wIELength);
252 bytes_left -= sizeof(*drpev);
253 if (bytes_left < ielength) {
254 dev_err(dev, "DRP Notification filter: header length [%zu "
255 "bytes] does not match actual length [%zu "
256 "bytes].\n", ielength, bytes_left);
257 return -EINVAL;
258 }
259 newdrpev = kzalloc(sizeof(*newdrpev) + ielength, GFP_ATOMIC);
260 if (newdrpev == NULL)
261 return -ENOMEM;
262 newdrpev->rceb = drpev->rceb;
263 newdrpev->src_addr = drpev->wSrcAddr;
264 newdrpev->reason = UWB_DRP_NOTIF_DRP_IE_RCVD;
265 newdrpev->beacon_slot_number = 0;
266 newdrpev->ie_length = drpev->wIELength;
267 memcpy(newdrpev->ie_data, drpev->IEData, ielength);
268 *header = &newdrpev->rceb;
269 *new_size = sizeof(*newdrpev) + ielength;
270 return 1; /* calling function will free memory */
271 }
272
273
274 /* Scan Command (WUSB 1.0 [8.6.2.5]) */
275 struct uwb_rc_cmd_scan_WUSB_0100 {
276 struct uwb_rccb rccb;
277 u8 bChannelNumber;
278 u8 bScanState;
279 } __attribute__((packed));
280
281 /**
282 * Filter WHCI 0.95 SCAN command to be WUSB 1.0 SCAN command
283 *
284 * @header: command sent to device (compliant to WHCI 0.95)
285 * @size: size of command sent to device
286 *
287 * We only reduce the size by two bytes because the WUSB 1.0 scan command
288 * does not have the last field (wStarttime). Also, make sure we don't send
289 * the device an unexpected scan type.
290 */
291 static
hwarc_filter_cmd_scan_WUSB_0100(struct uwb_rc * rc,struct uwb_rccb ** header,size_t * size)292 int hwarc_filter_cmd_scan_WUSB_0100(struct uwb_rc *rc,
293 struct uwb_rccb **header,
294 size_t *size)
295 {
296 struct uwb_rc_cmd_scan *sc;
297
298 sc = container_of(*header, struct uwb_rc_cmd_scan, rccb);
299
300 if (sc->bScanState == UWB_SCAN_ONLY_STARTTIME)
301 sc->bScanState = UWB_SCAN_ONLY;
302 /* Don't send the last two bytes. */
303 *size -= 2;
304 return 0;
305 }
306
307
308 /* SET DRP IE command (WUSB 1.0 [8.6.2.7]) */
309 struct uwb_rc_cmd_set_drp_ie_WUSB_0100 {
310 struct uwb_rccb rccb;
311 u8 bExplicit;
312 __le16 wIELength;
313 struct uwb_ie_drp IEData[];
314 } __attribute__((packed));
315
316 /**
317 * Filter WHCI 0.95 SET DRP IE command to be WUSB 1.0 SET DRP IE command
318 *
319 * @header: command sent to device (compliant to WHCI 0.95)
320 * @size: size of command sent to device
321 *
322 * WUSB has an extra bExplicit field - we assume always explicit
323 * negotiation so this field is set. The command expected by the device is
324 * thus larger than the one prepared by the driver so we need to
325 * reallocate memory to accommodate this.
326 * We trust the driver to send us the correct data so no checking is done
327 * on incoming data - evn though it is variable length.
328 */
329 static
hwarc_filter_cmd_set_drp_ie_WUSB_0100(struct uwb_rc * rc,struct uwb_rccb ** header,size_t * size)330 int hwarc_filter_cmd_set_drp_ie_WUSB_0100(struct uwb_rc *rc,
331 struct uwb_rccb **header,
332 size_t *size)
333 {
334 struct uwb_rc_cmd_set_drp_ie *orgcmd;
335 struct uwb_rc_cmd_set_drp_ie_WUSB_0100 *cmd;
336 size_t ielength;
337
338 orgcmd = container_of(*header, struct uwb_rc_cmd_set_drp_ie, rccb);
339 ielength = le16_to_cpu(orgcmd->wIELength);
340 cmd = kzalloc(sizeof(*cmd) + ielength, GFP_KERNEL);
341 if (cmd == NULL)
342 return -ENOMEM;
343 cmd->rccb = orgcmd->rccb;
344 cmd->bExplicit = 0;
345 cmd->wIELength = orgcmd->wIELength;
346 memcpy(cmd->IEData, orgcmd->IEData, ielength);
347 *header = &cmd->rccb;
348 *size = sizeof(*cmd) + ielength;
349 return 1; /* calling function will free memory */
350 }
351
352
353 /**
354 * Filter data from WHCI driver to WUSB device
355 *
356 * @header: WHCI 0.95 compliant command from driver
357 * @size: length of command
358 *
359 * The routine managing commands to the device (uwb_rc_cmd()) will call the
360 * filtering function pointer (if it exists) before it passes any data to
361 * the device. At this time the command has been formatted according to
362 * WHCI 0.95 and is ready to be sent to the device.
363 *
364 * The filter function will be provided with the current command and its
365 * length. The function will manipulate the command if necessary and
366 * potentially reallocate memory for a command that needed more memory that
367 * the given command. If new memory was created the function will return 1
368 * to indicate to the calling function that the memory need to be freed
369 * when not needed any more. The size will contain the new length of the
370 * command.
371 * If memory has not been allocated we rely on the original mechanisms to
372 * free the memory of the command - even when we reduce the value of size.
373 */
374 static
hwarc_filter_cmd_WUSB_0100(struct uwb_rc * rc,struct uwb_rccb ** header,size_t * size)375 int hwarc_filter_cmd_WUSB_0100(struct uwb_rc *rc, struct uwb_rccb **header,
376 size_t *size)
377 {
378 int result;
379 struct uwb_rccb *rccb = *header;
380 int cmd = le16_to_cpu(rccb->wCommand);
381 switch (cmd) {
382 case UWB_RC_CMD_SCAN:
383 result = hwarc_filter_cmd_scan_WUSB_0100(rc, header, size);
384 break;
385 case UWB_RC_CMD_SET_DRP_IE:
386 result = hwarc_filter_cmd_set_drp_ie_WUSB_0100(rc, header, size);
387 break;
388 default:
389 result = -ENOANO;
390 break;
391 }
392 return result;
393 }
394
395
396 /**
397 * Filter data from WHCI driver to WUSB device
398 *
399 * @header: WHCI 0.95 compliant command from driver
400 * @size: length of command
401 *
402 * Filter commands based on which protocol the device supports. The WUSB
403 * errata should be the same as WHCI 0.95 so we do not filter that here -
404 * only WUSB 1.0.
405 */
406 static
hwarc_filter_cmd(struct uwb_rc * rc,struct uwb_rccb ** header,size_t * size)407 int hwarc_filter_cmd(struct uwb_rc *rc, struct uwb_rccb **header,
408 size_t *size)
409 {
410 int result = -ENOANO;
411 if (rc->version == 0x0100)
412 result = hwarc_filter_cmd_WUSB_0100(rc, header, size);
413 return result;
414 }
415
416
417 /**
418 * Compute return value as sum of incoming value and value at given offset
419 *
420 * @rceb: event for which we compute the size, it contains a variable
421 * length field.
422 * @core_size: size of the "non variable" part of the event
423 * @offset: place in event where the length of the variable part is stored
424 * @buf_size: total length of buffer in which event arrived - we need to make
425 * sure we read the offset in memory that is still part of the event
426 */
427 static
hwarc_get_event_size(struct uwb_rc * rc,const struct uwb_rceb * rceb,size_t core_size,size_t offset,const size_t buf_size)428 ssize_t hwarc_get_event_size(struct uwb_rc *rc, const struct uwb_rceb *rceb,
429 size_t core_size, size_t offset,
430 const size_t buf_size)
431 {
432 ssize_t size = -ENOSPC;
433 const void *ptr = rceb;
434 size_t type_size = sizeof(__le16);
435 struct device *dev = &rc->uwb_dev.dev;
436
437 if (offset + type_size >= buf_size) {
438 dev_err(dev, "Not enough data to read extra size of event "
439 "0x%02x/%04x/%02x, only got %zu bytes.\n",
440 rceb->bEventType, le16_to_cpu(rceb->wEvent),
441 rceb->bEventContext, buf_size);
442 goto out;
443 }
444 ptr += offset;
445 size = core_size + le16_to_cpu(*(__le16 *)ptr);
446 out:
447 return size;
448 }
449
450
451 /* Beacon slot change notification (WUSB 1.0 [8.6.3.5]) */
452 struct uwb_rc_evt_bp_slot_change_WUSB_0100 {
453 struct uwb_rceb rceb;
454 u8 bSlotNumber;
455 } __attribute__((packed));
456
457
458 /**
459 * Filter data from WUSB device to WHCI driver
460 *
461 * @header: incoming event
462 * @buf_size: size of buffer in which event arrived
463 * @_event_size: actual size of event in the buffer
464 * @new_size: size of event after filtered
465 *
466 * We don't know how the buffer is constructed - there may be more than one
467 * event in it so buffer length does not determine event length. We first
468 * determine the expected size of the incoming event. This value is passed
469 * back only if the actual filtering succeeded (so we know the computed
470 * expected size is correct). This value will be zero if
471 * the event did not need any filtering.
472 *
473 * WHCI interprets the BP Slot Change event's data differently than
474 * WUSB. The event sizes are exactly the same. The data field
475 * indicates the new beacon slot in which a RC is transmitting its
476 * beacon. The maximum value of this is 96 (wMacBPLength ECMA-368
477 * 17.16 (Table 117)). We thus know that the WUSB value will not set
478 * the bit bNoSlot, so we don't really do anything (placeholder).
479 */
480 static
hwarc_filter_event_WUSB_0100(struct uwb_rc * rc,struct uwb_rceb ** header,const size_t buf_size,size_t * _real_size,size_t * _new_size)481 int hwarc_filter_event_WUSB_0100(struct uwb_rc *rc, struct uwb_rceb **header,
482 const size_t buf_size, size_t *_real_size,
483 size_t *_new_size)
484 {
485 int result = -ENOANO;
486 struct uwb_rceb *rceb = *header;
487 int event = le16_to_cpu(rceb->wEvent);
488 ssize_t event_size;
489 size_t core_size, offset;
490
491 if (rceb->bEventType != UWB_RC_CET_GENERAL)
492 goto out;
493 switch (event) {
494 case UWB_RC_EVT_BEACON:
495 core_size = sizeof(struct uwb_rc_evt_beacon_WUSB_0100);
496 offset = offsetof(struct uwb_rc_evt_beacon_WUSB_0100,
497 wBeaconInfoLength);
498 event_size = hwarc_get_event_size(rc, rceb, core_size,
499 offset, buf_size);
500 if (event_size < 0)
501 goto out;
502 *_real_size = event_size;
503 result = hwarc_filter_evt_beacon_WUSB_0100(rc, header,
504 buf_size, _new_size);
505 break;
506 case UWB_RC_EVT_BP_SLOT_CHANGE:
507 *_new_size = *_real_size =
508 sizeof(struct uwb_rc_evt_bp_slot_change_WUSB_0100);
509 result = 0;
510 break;
511
512 case UWB_RC_EVT_DRP_AVAIL:
513 core_size = sizeof(struct uwb_rc_evt_drp_avail_WUSB_0100);
514 offset = offsetof(struct uwb_rc_evt_drp_avail_WUSB_0100,
515 wIELength);
516 event_size = hwarc_get_event_size(rc, rceb, core_size,
517 offset, buf_size);
518 if (event_size < 0)
519 goto out;
520 *_real_size = event_size;
521 result = hwarc_filter_evt_drp_avail_WUSB_0100(
522 rc, header, buf_size, _new_size);
523 break;
524
525 case UWB_RC_EVT_DRP:
526 core_size = sizeof(struct uwb_rc_evt_drp_WUSB_0100);
527 offset = offsetof(struct uwb_rc_evt_drp_WUSB_0100, wIELength);
528 event_size = hwarc_get_event_size(rc, rceb, core_size,
529 offset, buf_size);
530 if (event_size < 0)
531 goto out;
532 *_real_size = event_size;
533 result = hwarc_filter_evt_drp_WUSB_0100(rc, header,
534 buf_size, _new_size);
535 break;
536
537 default:
538 break;
539 }
540 out:
541 return result;
542 }
543
544 /**
545 * Filter data from WUSB device to WHCI driver
546 *
547 * @header: incoming event
548 * @buf_size: size of buffer in which event arrived
549 * @_event_size: actual size of event in the buffer
550 * @_new_size: size of event after filtered
551 *
552 * Filter events based on which protocol the device supports. The WUSB
553 * errata should be the same as WHCI 0.95 so we do not filter that here -
554 * only WUSB 1.0.
555 *
556 * If we don't handle it, we return -ENOANO (why the weird error code?
557 * well, so if I get it, I can pinpoint in the code that raised
558 * it...after all, not too many places use the higher error codes).
559 */
560 static
hwarc_filter_event(struct uwb_rc * rc,struct uwb_rceb ** header,const size_t buf_size,size_t * _real_size,size_t * _new_size)561 int hwarc_filter_event(struct uwb_rc *rc, struct uwb_rceb **header,
562 const size_t buf_size, size_t *_real_size,
563 size_t *_new_size)
564 {
565 int result = -ENOANO;
566 if (rc->version == 0x0100)
567 result = hwarc_filter_event_WUSB_0100(
568 rc, header, buf_size, _real_size, _new_size);
569 return result;
570 }
571
572
573 /**
574 * Execute an UWB RC command on HWA
575 *
576 * @rc: Instance of a Radio Controller that is a HWA
577 * @cmd: Buffer containing the RCCB and payload to execute
578 * @cmd_size: Size of the command buffer.
579 *
580 * NOTE: rc's mutex has to be locked
581 */
582 static
hwarc_cmd(struct uwb_rc * uwb_rc,const struct uwb_rccb * cmd,size_t cmd_size)583 int hwarc_cmd(struct uwb_rc *uwb_rc, const struct uwb_rccb *cmd, size_t cmd_size)
584 {
585 struct hwarc *hwarc = uwb_rc->priv;
586 return usb_control_msg(
587 hwarc->usb_dev, usb_sndctrlpipe(hwarc->usb_dev, 0),
588 WA_EXEC_RC_CMD, USB_DIR_OUT | USB_TYPE_CLASS | USB_RECIP_INTERFACE,
589 0, hwarc->usb_iface->cur_altsetting->desc.bInterfaceNumber,
590 (void *) cmd, cmd_size, 100 /* FIXME: this is totally arbitrary */);
591 }
592
593 static
hwarc_reset(struct uwb_rc * uwb_rc)594 int hwarc_reset(struct uwb_rc *uwb_rc)
595 {
596 struct hwarc *hwarc = uwb_rc->priv;
597 int result;
598
599 /* device lock must be held when calling usb_reset_device. */
600 result = usb_lock_device_for_reset(hwarc->usb_dev, NULL);
601 if (result >= 0) {
602 result = usb_reset_device(hwarc->usb_dev);
603 usb_unlock_device(hwarc->usb_dev);
604 }
605
606 return result;
607 }
608
609 /**
610 * Callback for the notification and event endpoint
611 *
612 * Check's that everything is fine and then passes the read data to
613 * the notification/event handling mechanism (neh).
614 */
615 static
hwarc_neep_cb(struct urb * urb)616 void hwarc_neep_cb(struct urb *urb)
617 {
618 struct hwarc *hwarc = urb->context;
619 struct usb_interface *usb_iface = hwarc->usb_iface;
620 struct device *dev = &usb_iface->dev;
621 int result;
622
623 switch (result = urb->status) {
624 case 0:
625 uwb_rc_neh_grok(hwarc->uwb_rc, urb->transfer_buffer,
626 urb->actual_length);
627 break;
628 case -ECONNRESET: /* Not an error, but a controlled situation; */
629 case -ENOENT: /* (we killed the URB)...so, no broadcast */
630 goto out;
631 case -ESHUTDOWN: /* going away! */
632 goto out;
633 default: /* On general errors, retry unless it gets ugly */
634 if (edc_inc(&hwarc->neep_edc, EDC_MAX_ERRORS,
635 EDC_ERROR_TIMEFRAME))
636 goto error_exceeded;
637 dev_err(dev, "NEEP: URB error %d\n", urb->status);
638 }
639 result = usb_submit_urb(urb, GFP_ATOMIC);
640 if (result < 0 && result != -ENODEV && result != -EPERM) {
641 /* ignoring unrecoverable errors */
642 dev_err(dev, "NEEP: Can't resubmit URB (%d) resetting device\n",
643 result);
644 goto error;
645 }
646 out:
647 return;
648
649 error_exceeded:
650 dev_err(dev, "NEEP: URB max acceptable errors "
651 "exceeded, resetting device\n");
652 error:
653 uwb_rc_neh_error(hwarc->uwb_rc, result);
654 uwb_rc_reset_all(hwarc->uwb_rc);
655 return;
656 }
657
hwarc_init(struct hwarc * hwarc)658 static void hwarc_init(struct hwarc *hwarc)
659 {
660 edc_init(&hwarc->neep_edc);
661 }
662
663 /**
664 * Initialize the notification/event endpoint stuff
665 *
666 * Note this is effectively a parallel thread; it knows that
667 * hwarc->uwb_rc always exists because the existence of a 'hwarc'
668 * means that there is a reverence on the hwarc->uwb_rc (see
669 * _probe()), and thus _neep_cb() can execute safely.
670 */
hwarc_neep_init(struct uwb_rc * rc)671 static int hwarc_neep_init(struct uwb_rc *rc)
672 {
673 struct hwarc *hwarc = rc->priv;
674 struct usb_interface *iface = hwarc->usb_iface;
675 struct usb_device *usb_dev = interface_to_usbdev(iface);
676 struct device *dev = &iface->dev;
677 int result;
678 struct usb_endpoint_descriptor *epd;
679
680 epd = &iface->cur_altsetting->endpoint[0].desc;
681 hwarc->rd_buffer = (void *) __get_free_page(GFP_KERNEL);
682 if (hwarc->rd_buffer == NULL) {
683 dev_err(dev, "Unable to allocate notification's read buffer\n");
684 goto error_rd_buffer;
685 }
686 hwarc->neep_urb = usb_alloc_urb(0, GFP_KERNEL);
687 if (hwarc->neep_urb == NULL)
688 goto error_urb_alloc;
689 usb_fill_int_urb(hwarc->neep_urb, usb_dev,
690 usb_rcvintpipe(usb_dev, epd->bEndpointAddress),
691 hwarc->rd_buffer, PAGE_SIZE,
692 hwarc_neep_cb, hwarc, epd->bInterval);
693 result = usb_submit_urb(hwarc->neep_urb, GFP_ATOMIC);
694 if (result < 0) {
695 dev_err(dev, "Cannot submit notification URB: %d\n", result);
696 goto error_neep_submit;
697 }
698 return 0;
699
700 error_neep_submit:
701 usb_free_urb(hwarc->neep_urb);
702 hwarc->neep_urb = NULL;
703 error_urb_alloc:
704 free_page((unsigned long)hwarc->rd_buffer);
705 hwarc->rd_buffer = NULL;
706 error_rd_buffer:
707 return -ENOMEM;
708 }
709
710
711 /** Clean up all the notification endpoint resources */
hwarc_neep_release(struct uwb_rc * rc)712 static void hwarc_neep_release(struct uwb_rc *rc)
713 {
714 struct hwarc *hwarc = rc->priv;
715
716 usb_kill_urb(hwarc->neep_urb);
717 usb_free_urb(hwarc->neep_urb);
718 hwarc->neep_urb = NULL;
719
720 free_page((unsigned long)hwarc->rd_buffer);
721 hwarc->rd_buffer = NULL;
722 }
723
724 /**
725 * Get the version from class-specific descriptor
726 *
727 * NOTE: this descriptor comes with the big bundled configuration
728 * descriptor that includes the interfaces' and endpoints', so
729 * we just look for it in the cached copy kept by the USB stack.
730 *
731 * NOTE2: We convert LE fields to CPU order.
732 */
hwarc_get_version(struct uwb_rc * rc)733 static int hwarc_get_version(struct uwb_rc *rc)
734 {
735 int result;
736
737 struct hwarc *hwarc = rc->priv;
738 struct uwb_rc_control_intf_class_desc *descr;
739 struct device *dev = &rc->uwb_dev.dev;
740 struct usb_device *usb_dev = hwarc->usb_dev;
741 char *itr;
742 struct usb_descriptor_header *hdr;
743 size_t itr_size, actconfig_idx;
744 u16 version;
745
746 actconfig_idx = (usb_dev->actconfig - usb_dev->config) /
747 sizeof(usb_dev->config[0]);
748 itr = usb_dev->rawdescriptors[actconfig_idx];
749 itr_size = le16_to_cpu(usb_dev->actconfig->desc.wTotalLength);
750 while (itr_size >= sizeof(*hdr)) {
751 hdr = (struct usb_descriptor_header *) itr;
752 dev_dbg(dev, "Extra device descriptor: "
753 "type %02x/%u bytes @ %zu (%zu left)\n",
754 hdr->bDescriptorType, hdr->bLength,
755 (itr - usb_dev->rawdescriptors[actconfig_idx]),
756 itr_size);
757 if (hdr->bDescriptorType == USB_DT_CS_RADIO_CONTROL)
758 goto found;
759 itr += hdr->bLength;
760 itr_size -= hdr->bLength;
761 }
762 dev_err(dev, "cannot find Radio Control Interface Class descriptor\n");
763 return -ENODEV;
764
765 found:
766 result = -EINVAL;
767 if (hdr->bLength > itr_size) { /* is it available? */
768 dev_err(dev, "incomplete Radio Control Interface Class "
769 "descriptor (%zu bytes left, %u needed)\n",
770 itr_size, hdr->bLength);
771 goto error;
772 }
773 if (hdr->bLength < sizeof(*descr)) {
774 dev_err(dev, "short Radio Control Interface Class "
775 "descriptor\n");
776 goto error;
777 }
778 descr = (struct uwb_rc_control_intf_class_desc *) hdr;
779 /* Make LE fields CPU order */
780 version = __le16_to_cpu(descr->bcdRCIVersion);
781 if (version != 0x0100) {
782 dev_err(dev, "Device reports protocol version 0x%04x. We "
783 "do not support that. \n", version);
784 result = -EINVAL;
785 goto error;
786 }
787 rc->version = version;
788 dev_dbg(dev, "Device supports WUSB protocol version 0x%04x \n", rc->version);
789 result = 0;
790 error:
791 return result;
792 }
793
794 /*
795 * By creating a 'uwb_rc', we have a reference on it -- that reference
796 * is the one we drop when we disconnect.
797 *
798 * No need to switch altsettings; according to WUSB1.0[8.6.1.1], there
799 * is only one altsetting allowed.
800 */
hwarc_probe(struct usb_interface * iface,const struct usb_device_id * id)801 static int hwarc_probe(struct usb_interface *iface,
802 const struct usb_device_id *id)
803 {
804 int result;
805 struct uwb_rc *uwb_rc;
806 struct hwarc *hwarc;
807 struct device *dev = &iface->dev;
808
809 if (iface->cur_altsetting->desc.bNumEndpoints < 1)
810 return -ENODEV;
811 if (!usb_endpoint_xfer_int(&iface->cur_altsetting->endpoint[0].desc))
812 return -ENODEV;
813
814 result = -ENOMEM;
815 uwb_rc = uwb_rc_alloc();
816 if (uwb_rc == NULL) {
817 dev_err(dev, "unable to allocate RC instance\n");
818 goto error_rc_alloc;
819 }
820 hwarc = kzalloc(sizeof(*hwarc), GFP_KERNEL);
821 if (hwarc == NULL) {
822 dev_err(dev, "unable to allocate HWA RC instance\n");
823 goto error_alloc;
824 }
825 hwarc_init(hwarc);
826 hwarc->usb_dev = usb_get_dev(interface_to_usbdev(iface));
827 hwarc->usb_iface = usb_get_intf(iface);
828 hwarc->uwb_rc = uwb_rc;
829
830 uwb_rc->owner = THIS_MODULE;
831 uwb_rc->start = hwarc_neep_init;
832 uwb_rc->stop = hwarc_neep_release;
833 uwb_rc->cmd = hwarc_cmd;
834 uwb_rc->reset = hwarc_reset;
835 if (id->driver_info & WUSB_QUIRK_WHCI_CMD_EVT) {
836 uwb_rc->filter_cmd = NULL;
837 uwb_rc->filter_event = NULL;
838 } else {
839 uwb_rc->filter_cmd = hwarc_filter_cmd;
840 uwb_rc->filter_event = hwarc_filter_event;
841 }
842
843 result = uwb_rc_add(uwb_rc, dev, hwarc);
844 if (result < 0)
845 goto error_rc_add;
846 result = hwarc_get_version(uwb_rc);
847 if (result < 0) {
848 dev_err(dev, "cannot retrieve version of RC \n");
849 goto error_get_version;
850 }
851 usb_set_intfdata(iface, hwarc);
852 return 0;
853
854 error_get_version:
855 uwb_rc_rm(uwb_rc);
856 error_rc_add:
857 usb_put_intf(iface);
858 usb_put_dev(hwarc->usb_dev);
859 kfree(hwarc);
860 error_alloc:
861 uwb_rc_put(uwb_rc);
862 error_rc_alloc:
863 return result;
864 }
865
hwarc_disconnect(struct usb_interface * iface)866 static void hwarc_disconnect(struct usb_interface *iface)
867 {
868 struct hwarc *hwarc = usb_get_intfdata(iface);
869 struct uwb_rc *uwb_rc = hwarc->uwb_rc;
870
871 usb_set_intfdata(hwarc->usb_iface, NULL);
872 uwb_rc_rm(uwb_rc);
873 usb_put_intf(hwarc->usb_iface);
874 usb_put_dev(hwarc->usb_dev);
875 kfree(hwarc);
876 uwb_rc_put(uwb_rc); /* when creating the device, refcount = 1 */
877 }
878
hwarc_pre_reset(struct usb_interface * iface)879 static int hwarc_pre_reset(struct usb_interface *iface)
880 {
881 struct hwarc *hwarc = usb_get_intfdata(iface);
882 struct uwb_rc *uwb_rc = hwarc->uwb_rc;
883
884 uwb_rc_pre_reset(uwb_rc);
885 return 0;
886 }
887
hwarc_post_reset(struct usb_interface * iface)888 static int hwarc_post_reset(struct usb_interface *iface)
889 {
890 struct hwarc *hwarc = usb_get_intfdata(iface);
891 struct uwb_rc *uwb_rc = hwarc->uwb_rc;
892
893 return uwb_rc_post_reset(uwb_rc);
894 }
895
896 /** USB device ID's that we handle */
897 static const struct usb_device_id hwarc_id_table[] = {
898 /* D-Link DUB-1210 */
899 { USB_DEVICE_AND_INTERFACE_INFO(0x07d1, 0x3d02, 0xe0, 0x01, 0x02),
900 .driver_info = WUSB_QUIRK_WHCI_CMD_EVT },
901 /* Intel i1480 (using firmware 1.3PA2-20070828) */
902 { USB_DEVICE_AND_INTERFACE_INFO(0x8086, 0x0c3b, 0xe0, 0x01, 0x02),
903 .driver_info = WUSB_QUIRK_WHCI_CMD_EVT },
904 /* Alereon 5310 */
905 { USB_DEVICE_AND_INTERFACE_INFO(0x13dc, 0x5310, 0xe0, 0x01, 0x02),
906 .driver_info = WUSB_QUIRK_WHCI_CMD_EVT },
907 /* Alereon 5611 */
908 { USB_DEVICE_AND_INTERFACE_INFO(0x13dc, 0x5611, 0xe0, 0x01, 0x02),
909 .driver_info = WUSB_QUIRK_WHCI_CMD_EVT },
910 /* Generic match for the Radio Control interface */
911 { USB_INTERFACE_INFO(0xe0, 0x01, 0x02), },
912 { },
913 };
914 MODULE_DEVICE_TABLE(usb, hwarc_id_table);
915
916 static struct usb_driver hwarc_driver = {
917 .name = "hwa-rc",
918 .id_table = hwarc_id_table,
919 .probe = hwarc_probe,
920 .disconnect = hwarc_disconnect,
921 .pre_reset = hwarc_pre_reset,
922 .post_reset = hwarc_post_reset,
923 };
924
925 module_usb_driver(hwarc_driver);
926
927 MODULE_AUTHOR("Inaky Perez-Gonzalez <inaky.perez-gonzalez@intel.com>");
928 MODULE_DESCRIPTION("Host Wireless Adapter Radio Control Driver");
929 MODULE_LICENSE("GPL");
930