linux/drivers/misc/ti-st/st_core.c
Steven Rostedt 7316a9f2a9 st_kim: Handle case of no device found for ID 0
Running ktest.pl, I hit this bug:

[   19.780654] BUG: unable to handle kernel NULL pointer dereference at 0000000c
[   19.780660] IP: [<c112efcd>] dev_get_drvdata+0xc/0x46
[   19.780669] *pdpt = 0000000031daf001 *pde = 0000000000000000
[   19.780673] Oops: 0000 [#1] SMP
[   19.780680] Dumping ftrace buffer:^M
[   19.780685]    (ftrace buffer empty)
[   19.780687] Modules linked in: ide_pci_generic firewire_ohci firewire_core evbug crc_itu_t e1000 ide_core i2c_i801 iTCO_wdt
[   19.780697]
[   19.780700] Pid: 346, comm: v4l_id Not tainted 2.6.39-test-02740-gcaebc16-dirty #4                  /DG965MQ
[   19.780706] EIP: 0060:[<c112efcd>] EFLAGS: 00010202 CPU: 0
[   19.780709] EIP is at dev_get_drvdata+0xc/0x46
[   19.780712] EAX: 00000008 EBX: f1e37da4 ECX: 00000000 EDX: 00000000
[   19.780715] ESI: f1c3f200 EDI: c33ec95c EBP: f1e37d80 ESP: f1e37d80
[   19.780718]  DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
[   19.780721] Process v4l_id (pid: 346, ti=f1e36000 task=f2bc2a60 task.ti=f1e36000)
[   19.780723] Stack:
[   19.780725]  f1e37d8c c117d395 c33ec93c f1e37db4 c117a0f9 00000002 00000000 c1725e54
[   19.780732]  00000001 00000007 f2918c90 f1c3f200 c33ec95c f1e37dd4 c1789d3d 22222222
[   19.780740]  22222222 22222222 f2918c90 f1c3f200 f29194f4 f1e37de8 c178d5c4 c1725e54
[   19.780747] Call Trace:
[   19.780752]  [<c117d395>] st_kim_ref+0x28/0x41
[   19.780756]  [<c117a0f9>] st_register+0x29/0x562
[   19.780761]  [<c1725e54>] ? v4l2_open+0x111/0x1e3
[   19.780766]  [<c1789d3d>] fmc_prepare+0x97/0x424
[   19.780770]  [<c178d5c4>] fm_v4l2_fops_open+0x70/0x106
[   19.780773]  [<c1725e54>] ? v4l2_open+0x111/0x1e3
[   19.780777]  [<c1725e9b>] v4l2_open+0x158/0x1e3
[   19.780782]  [<c065173b>] chrdev_open+0x22c/0x276
[   19.780787]  [<c0647c4e>] __dentry_open+0x35c/0x581
[   19.780792]  [<c06498f9>] nameidata_to_filp+0x7c/0x96
[   19.780795]  [<c065150f>] ? cdev_put+0x57/0x57
[   19.780800]  [<c0660cad>] do_last+0x743/0x9d4
[   19.780804]  [<c065d5fc>] ? path_init+0x1ee/0x596
[   19.780808]  [<c0661481>] path_openat+0x10c/0x597
[   19.780813]  [<c05204a1>] ? trace_hardirqs_off+0x27/0x37
[   19.780817]  [<c0509651>] ? local_clock+0x78/0xc7
[   19.780821]  [<c0661945>] do_filp_open+0x39/0xc2
[   19.780827]  [<c1cabc76>] ? _raw_spin_unlock+0x4c/0x5d^M
[   19.780831]  [<c0674ccd>] ? alloc_fd+0x19e/0x1b7
[   19.780836]  [<c06499ca>] do_sys_open+0xb7/0x1bd
[   19.780840]  [<c0608eea>] ? sys_munmap+0x78/0x8d
[   19.780844]  [<c0649b06>] sys_open+0x36/0x58
[   19.780849]  [<c1cb809f>] sysenter_do_call+0x12/0x38
[   19.780852] Code: d8 2f 20 c3 01 83 15 dc 2f 20 c3 00 f0 ff 00 83 05 e0 2f 20 c3 01 83 15 e4 2f 20 c3 00 5d c3 55 89 e5 3e 8d 74 26 00 85 c0 74 28 <8b> 40 04 83 05 e8 2f 20 c3 01 83 15 ec 2f 20 c3 00 85 c0 74 13 ^M
[   19.780889] EIP: [<c112efcd>] dev_get_drvdata+0xc/0x46 SS:ESP 0068:f1e37d80
[   19.780894] CR2: 000000000000000c
[   19.780898] ---[ end trace e7d1d0f6a2d1d390 ]---

The id of 0 passed to st_kim_ref() found no device, keeping pdev null,
and causing pdev->dev cause a NULL pointer dereference. After having
st_kim_ref() check for NULL, the st_unregister() function needed to be
updated to handle the case that st_gdata was not set by the
st_kim_ref().

Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2011-06-07 10:01:16 -07:00

873 lines
23 KiB
C

/*
* Shared Transport Line discipline driver Core
* This hooks up ST KIM driver and ST LL driver
* Copyright (C) 2009-2010 Texas Instruments
* Author: Pavan Savoy <pavan_savoy@ti.com>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*
*/
#define pr_fmt(fmt) "(stc): " fmt
#include <linux/module.h>
#include <linux/kernel.h>
#include <linux/init.h>
#include <linux/tty.h>
#include <linux/seq_file.h>
#include <linux/skbuff.h>
#include <linux/ti_wilink_st.h>
/* function pointer pointing to either,
* st_kim_recv during registration to receive fw download responses
* st_int_recv after registration to receive proto stack responses
*/
void (*st_recv) (void*, const unsigned char*, long);
/********************************************************************/
static void add_channel_to_table(struct st_data_s *st_gdata,
struct st_proto_s *new_proto)
{
pr_info("%s: id %d\n", __func__, new_proto->chnl_id);
/* list now has the channel id as index itself */
st_gdata->list[new_proto->chnl_id] = new_proto;
st_gdata->is_registered[new_proto->chnl_id] = true;
}
static void remove_channel_from_table(struct st_data_s *st_gdata,
struct st_proto_s *proto)
{
pr_info("%s: id %d\n", __func__, proto->chnl_id);
/* st_gdata->list[proto->chnl_id] = NULL; */
st_gdata->is_registered[proto->chnl_id] = false;
}
/*
* called from KIM during firmware download.
*
* This is a wrapper function to tty->ops->write_room.
* It returns number of free space available in
* uart tx buffer.
*/
int st_get_uart_wr_room(struct st_data_s *st_gdata)
{
struct tty_struct *tty;
if (unlikely(st_gdata == NULL || st_gdata->tty == NULL)) {
pr_err("tty unavailable to perform write");
return -1;
}
tty = st_gdata->tty;
return tty->ops->write_room(tty);
}
/* can be called in from
* -- KIM (during fw download)
* -- ST Core (during st_write)
*
* This is the internal write function - a wrapper
* to tty->ops->write
*/
int st_int_write(struct st_data_s *st_gdata,
const unsigned char *data, int count)
{
struct tty_struct *tty;
if (unlikely(st_gdata == NULL || st_gdata->tty == NULL)) {
pr_err("tty unavailable to perform write");
return -EINVAL;
}
tty = st_gdata->tty;
#ifdef VERBOSE
print_hex_dump(KERN_DEBUG, "<out<", DUMP_PREFIX_NONE,
16, 1, data, count, 0);
#endif
return tty->ops->write(tty, data, count);
}
/*
* push the skb received to relevant
* protocol stacks
*/
void st_send_frame(unsigned char chnl_id, struct st_data_s *st_gdata)
{
pr_debug(" %s(prot:%d) ", __func__, chnl_id);
if (unlikely
(st_gdata == NULL || st_gdata->rx_skb == NULL
|| st_gdata->is_registered[chnl_id] == false)) {
pr_err("chnl_id %d not registered, no data to send?",
chnl_id);
kfree_skb(st_gdata->rx_skb);
return;
}
/* this cannot fail
* this shouldn't take long
* - should be just skb_queue_tail for the
* protocol stack driver
*/
if (likely(st_gdata->list[chnl_id]->recv != NULL)) {
if (unlikely
(st_gdata->list[chnl_id]->recv
(st_gdata->list[chnl_id]->priv_data, st_gdata->rx_skb)
!= 0)) {
pr_err(" proto stack %d's ->recv failed", chnl_id);
kfree_skb(st_gdata->rx_skb);
return;
}
} else {
pr_err(" proto stack %d's ->recv null", chnl_id);
kfree_skb(st_gdata->rx_skb);
}
return;
}
/**
* st_reg_complete -
* to call registration complete callbacks
* of all protocol stack drivers
*/
void st_reg_complete(struct st_data_s *st_gdata, char err)
{
unsigned char i = 0;
pr_info(" %s ", __func__);
for (i = 0; i < ST_MAX_CHANNELS; i++) {
if (likely(st_gdata != NULL &&
st_gdata->is_registered[i] == true &&
st_gdata->list[i]->reg_complete_cb != NULL)) {
st_gdata->list[i]->reg_complete_cb
(st_gdata->list[i]->priv_data, err);
pr_info("protocol %d's cb sent %d\n", i, err);
if (err) { /* cleanup registered protocol */
st_gdata->protos_registered--;
st_gdata->is_registered[i] = false;
}
}
}
}
static inline int st_check_data_len(struct st_data_s *st_gdata,
unsigned char chnl_id, int len)
{
int room = skb_tailroom(st_gdata->rx_skb);
pr_debug("len %d room %d", len, room);
if (!len) {
/* Received packet has only packet header and
* has zero length payload. So, ask ST CORE to
* forward the packet to protocol driver (BT/FM/GPS)
*/
st_send_frame(chnl_id, st_gdata);
} else if (len > room) {
/* Received packet's payload length is larger.
* We can't accommodate it in created skb.
*/
pr_err("Data length is too large len %d room %d", len,
room);
kfree_skb(st_gdata->rx_skb);
} else {
/* Packet header has non-zero payload length and
* we have enough space in created skb. Lets read
* payload data */
st_gdata->rx_state = ST_W4_DATA;
st_gdata->rx_count = len;
return len;
}
/* Change ST state to continue to process next
* packet */
st_gdata->rx_state = ST_W4_PACKET_TYPE;
st_gdata->rx_skb = NULL;
st_gdata->rx_count = 0;
st_gdata->rx_chnl = 0;
return 0;
}
/**
* st_wakeup_ack - internal function for action when wake-up ack
* received
*/
static inline void st_wakeup_ack(struct st_data_s *st_gdata,
unsigned char cmd)
{
struct sk_buff *waiting_skb;
unsigned long flags = 0;
spin_lock_irqsave(&st_gdata->lock, flags);
/* de-Q from waitQ and Q in txQ now that the
* chip is awake
*/
while ((waiting_skb = skb_dequeue(&st_gdata->tx_waitq)))
skb_queue_tail(&st_gdata->txq, waiting_skb);
/* state forwarded to ST LL */
st_ll_sleep_state(st_gdata, (unsigned long)cmd);
spin_unlock_irqrestore(&st_gdata->lock, flags);
/* wake up to send the recently copied skbs from waitQ */
st_tx_wakeup(st_gdata);
}
/**
* st_int_recv - ST's internal receive function.
* Decodes received RAW data and forwards to corresponding
* client drivers (Bluetooth,FM,GPS..etc).
* This can receive various types of packets,
* HCI-Events, ACL, SCO, 4 types of HCI-LL PM packets
* CH-8 packets from FM, CH-9 packets from GPS cores.
*/
void st_int_recv(void *disc_data,
const unsigned char *data, long count)
{
char *ptr;
struct st_proto_s *proto;
unsigned short payload_len = 0;
int len = 0, type = 0;
unsigned char *plen;
struct st_data_s *st_gdata = (struct st_data_s *)disc_data;
unsigned long flags;
ptr = (char *)data;
/* tty_receive sent null ? */
if (unlikely(ptr == NULL) || (st_gdata == NULL)) {
pr_err(" received null from TTY ");
return;
}
pr_debug("count %ld rx_state %ld"
"rx_count %ld", count, st_gdata->rx_state,
st_gdata->rx_count);
spin_lock_irqsave(&st_gdata->lock, flags);
/* Decode received bytes here */
while (count) {
if (st_gdata->rx_count) {
len = min_t(unsigned int, st_gdata->rx_count, count);
memcpy(skb_put(st_gdata->rx_skb, len), ptr, len);
st_gdata->rx_count -= len;
count -= len;
ptr += len;
if (st_gdata->rx_count)
continue;
/* Check ST RX state machine , where are we? */
switch (st_gdata->rx_state) {
/* Waiting for complete packet ? */
case ST_W4_DATA:
pr_debug("Complete pkt received");
/* Ask ST CORE to forward
* the packet to protocol driver */
st_send_frame(st_gdata->rx_chnl, st_gdata);
st_gdata->rx_state = ST_W4_PACKET_TYPE;
st_gdata->rx_skb = NULL;
continue;
/* parse the header to know details */
case ST_W4_HEADER:
proto = st_gdata->list[st_gdata->rx_chnl];
plen =
&st_gdata->rx_skb->data
[proto->offset_len_in_hdr];
pr_debug("plen pointing to %x\n", *plen);
if (proto->len_size == 1)/* 1 byte len field */
payload_len = *(unsigned char *)plen;
else if (proto->len_size == 2)
payload_len =
__le16_to_cpu(*(unsigned short *)plen);
else
pr_info("%s: invalid length "
"for id %d\n",
__func__, proto->chnl_id);
st_check_data_len(st_gdata, proto->chnl_id,
payload_len);
pr_debug("off %d, pay len %d\n",
proto->offset_len_in_hdr, payload_len);
continue;
} /* end of switch rx_state */
}
/* end of if rx_count */
/* Check first byte of packet and identify module
* owner (BT/FM/GPS) */
switch (*ptr) {
case LL_SLEEP_IND:
case LL_SLEEP_ACK:
case LL_WAKE_UP_IND:
pr_debug("PM packet");
/* this takes appropriate action based on
* sleep state received --
*/
st_ll_sleep_state(st_gdata, *ptr);
/* if WAKEUP_IND collides copy from waitq to txq
* and assume chip awake
*/
spin_unlock_irqrestore(&st_gdata->lock, flags);
if (st_ll_getstate(st_gdata) == ST_LL_AWAKE)
st_wakeup_ack(st_gdata, LL_WAKE_UP_ACK);
spin_lock_irqsave(&st_gdata->lock, flags);
ptr++;
count--;
continue;
case LL_WAKE_UP_ACK:
pr_debug("PM packet");
spin_unlock_irqrestore(&st_gdata->lock, flags);
/* wake up ack received */
st_wakeup_ack(st_gdata, *ptr);
spin_lock_irqsave(&st_gdata->lock, flags);
ptr++;
count--;
continue;
/* Unknow packet? */
default:
type = *ptr;
st_gdata->rx_skb = alloc_skb(
st_gdata->list[type]->max_frame_size,
GFP_ATOMIC);
skb_reserve(st_gdata->rx_skb,
st_gdata->list[type]->reserve);
/* next 2 required for BT only */
st_gdata->rx_skb->cb[0] = type; /*pkt_type*/
st_gdata->rx_skb->cb[1] = 0; /*incoming*/
st_gdata->rx_chnl = *ptr;
st_gdata->rx_state = ST_W4_HEADER;
st_gdata->rx_count = st_gdata->list[type]->hdr_len;
pr_debug("rx_count %ld\n", st_gdata->rx_count);
};
ptr++;
count--;
}
spin_unlock_irqrestore(&st_gdata->lock, flags);
pr_debug("done %s", __func__);
return;
}
/**
* st_int_dequeue - internal de-Q function.
* If the previous data set was not written
* completely, return that skb which has the pending data.
* In normal cases, return top of txq.
*/
struct sk_buff *st_int_dequeue(struct st_data_s *st_gdata)
{
struct sk_buff *returning_skb;
pr_debug("%s", __func__);
if (st_gdata->tx_skb != NULL) {
returning_skb = st_gdata->tx_skb;
st_gdata->tx_skb = NULL;
return returning_skb;
}
return skb_dequeue(&st_gdata->txq);
}
/**
* st_int_enqueue - internal Q-ing function.
* Will either Q the skb to txq or the tx_waitq
* depending on the ST LL state.
* If the chip is asleep, then Q it onto waitq and
* wakeup the chip.
* txq and waitq needs protection since the other contexts
* may be sending data, waking up chip.
*/
void st_int_enqueue(struct st_data_s *st_gdata, struct sk_buff *skb)
{
unsigned long flags = 0;
pr_debug("%s", __func__);
spin_lock_irqsave(&st_gdata->lock, flags);
switch (st_ll_getstate(st_gdata)) {
case ST_LL_AWAKE:
pr_debug("ST LL is AWAKE, sending normally");
skb_queue_tail(&st_gdata->txq, skb);
break;
case ST_LL_ASLEEP_TO_AWAKE:
skb_queue_tail(&st_gdata->tx_waitq, skb);
break;
case ST_LL_AWAKE_TO_ASLEEP:
pr_err("ST LL is illegal state(%ld),"
"purging received skb.", st_ll_getstate(st_gdata));
kfree_skb(skb);
break;
case ST_LL_ASLEEP:
skb_queue_tail(&st_gdata->tx_waitq, skb);
st_ll_wakeup(st_gdata);
break;
default:
pr_err("ST LL is illegal state(%ld),"
"purging received skb.", st_ll_getstate(st_gdata));
kfree_skb(skb);
break;
}
spin_unlock_irqrestore(&st_gdata->lock, flags);
pr_debug("done %s", __func__);
return;
}
/*
* internal wakeup function
* called from either
* - TTY layer when write's finished
* - st_write (in context of the protocol stack)
*/
void st_tx_wakeup(struct st_data_s *st_data)
{
struct sk_buff *skb;
unsigned long flags; /* for irq save flags */
pr_debug("%s", __func__);
/* check for sending & set flag sending here */
if (test_and_set_bit(ST_TX_SENDING, &st_data->tx_state)) {
pr_debug("ST already sending");
/* keep sending */
set_bit(ST_TX_WAKEUP, &st_data->tx_state);
return;
/* TX_WAKEUP will be checked in another
* context
*/
}
do { /* come back if st_tx_wakeup is set */
/* woke-up to write */
clear_bit(ST_TX_WAKEUP, &st_data->tx_state);
while ((skb = st_int_dequeue(st_data))) {
int len;
spin_lock_irqsave(&st_data->lock, flags);
/* enable wake-up from TTY */
set_bit(TTY_DO_WRITE_WAKEUP, &st_data->tty->flags);
len = st_int_write(st_data, skb->data, skb->len);
skb_pull(skb, len);
/* if skb->len = len as expected, skb->len=0 */
if (skb->len) {
/* would be the next skb to be sent */
st_data->tx_skb = skb;
spin_unlock_irqrestore(&st_data->lock, flags);
break;
}
kfree_skb(skb);
spin_unlock_irqrestore(&st_data->lock, flags);
}
/* if wake-up is set in another context- restart sending */
} while (test_bit(ST_TX_WAKEUP, &st_data->tx_state));
/* clear flag sending */
clear_bit(ST_TX_SENDING, &st_data->tx_state);
}
/********************************************************************/
/* functions called from ST KIM
*/
void kim_st_list_protocols(struct st_data_s *st_gdata, void *buf)
{
seq_printf(buf, "[%d]\nBT=%c\nFM=%c\nGPS=%c\n",
st_gdata->protos_registered,
st_gdata->is_registered[0x04] == true ? 'R' : 'U',
st_gdata->is_registered[0x08] == true ? 'R' : 'U',
st_gdata->is_registered[0x09] == true ? 'R' : 'U');
}
/********************************************************************/
/*
* functions called from protocol stack drivers
* to be EXPORT-ed
*/
long st_register(struct st_proto_s *new_proto)
{
struct st_data_s *st_gdata;
long err = 0;
unsigned long flags = 0;
st_kim_ref(&st_gdata, 0);
pr_info("%s(%d) ", __func__, new_proto->chnl_id);
if (st_gdata == NULL || new_proto == NULL || new_proto->recv == NULL
|| new_proto->reg_complete_cb == NULL) {
pr_err("gdata/new_proto/recv or reg_complete_cb not ready");
return -EINVAL;
}
if (new_proto->chnl_id >= ST_MAX_CHANNELS) {
pr_err("chnl_id %d not supported", new_proto->chnl_id);
return -EPROTONOSUPPORT;
}
if (st_gdata->is_registered[new_proto->chnl_id] == true) {
pr_err("chnl_id %d already registered", new_proto->chnl_id);
return -EALREADY;
}
/* can be from process context only */
spin_lock_irqsave(&st_gdata->lock, flags);
if (test_bit(ST_REG_IN_PROGRESS, &st_gdata->st_state)) {
pr_info(" ST_REG_IN_PROGRESS:%d ", new_proto->chnl_id);
/* fw download in progress */
add_channel_to_table(st_gdata, new_proto);
st_gdata->protos_registered++;
new_proto->write = st_write;
set_bit(ST_REG_PENDING, &st_gdata->st_state);
spin_unlock_irqrestore(&st_gdata->lock, flags);
return -EINPROGRESS;
} else if (st_gdata->protos_registered == ST_EMPTY) {
pr_info(" chnl_id list empty :%d ", new_proto->chnl_id);
set_bit(ST_REG_IN_PROGRESS, &st_gdata->st_state);
st_recv = st_kim_recv;
/* release lock previously held - re-locked below */
spin_unlock_irqrestore(&st_gdata->lock, flags);
/* enable the ST LL - to set default chip state */
st_ll_enable(st_gdata);
/* this may take a while to complete
* since it involves BT fw download
*/
err = st_kim_start(st_gdata->kim_data);
if (err != 0) {
clear_bit(ST_REG_IN_PROGRESS, &st_gdata->st_state);
if ((st_gdata->protos_registered != ST_EMPTY) &&
(test_bit(ST_REG_PENDING, &st_gdata->st_state))) {
pr_err(" KIM failure complete callback ");
st_reg_complete(st_gdata, err);
}
return -EINVAL;
}
clear_bit(ST_REG_IN_PROGRESS, &st_gdata->st_state);
st_recv = st_int_recv;
/* this is where all pending registration
* are signalled to be complete by calling callback functions
*/
if ((st_gdata->protos_registered != ST_EMPTY) &&
(test_bit(ST_REG_PENDING, &st_gdata->st_state))) {
pr_debug(" call reg complete callback ");
st_reg_complete(st_gdata, 0);
}
clear_bit(ST_REG_PENDING, &st_gdata->st_state);
/* check for already registered once more,
* since the above check is old
*/
if (st_gdata->is_registered[new_proto->chnl_id] == true) {
pr_err(" proto %d already registered ",
new_proto->chnl_id);
return -EALREADY;
}
spin_lock_irqsave(&st_gdata->lock, flags);
add_channel_to_table(st_gdata, new_proto);
st_gdata->protos_registered++;
new_proto->write = st_write;
spin_unlock_irqrestore(&st_gdata->lock, flags);
return err;
}
/* if fw is already downloaded & new stack registers protocol */
else {
add_channel_to_table(st_gdata, new_proto);
st_gdata->protos_registered++;
new_proto->write = st_write;
/* lock already held before entering else */
spin_unlock_irqrestore(&st_gdata->lock, flags);
return err;
}
pr_debug("done %s(%d) ", __func__, new_proto->chnl_id);
}
EXPORT_SYMBOL_GPL(st_register);
/* to unregister a protocol -
* to be called from protocol stack driver
*/
long st_unregister(struct st_proto_s *proto)
{
long err = 0;
unsigned long flags = 0;
struct st_data_s *st_gdata;
pr_debug("%s: %d ", __func__, proto->chnl_id);
st_kim_ref(&st_gdata, 0);
if (!st_gdata || proto->chnl_id >= ST_MAX_CHANNELS) {
pr_err(" chnl_id %d not supported", proto->chnl_id);
return -EPROTONOSUPPORT;
}
spin_lock_irqsave(&st_gdata->lock, flags);
if (st_gdata->list[proto->chnl_id] == NULL) {
pr_err(" chnl_id %d not registered", proto->chnl_id);
spin_unlock_irqrestore(&st_gdata->lock, flags);
return -EPROTONOSUPPORT;
}
st_gdata->protos_registered--;
remove_channel_from_table(st_gdata, proto);
spin_unlock_irqrestore(&st_gdata->lock, flags);
if ((st_gdata->protos_registered == ST_EMPTY) &&
(!test_bit(ST_REG_PENDING, &st_gdata->st_state))) {
pr_info(" all chnl_ids unregistered ");
/* stop traffic on tty */
if (st_gdata->tty) {
tty_ldisc_flush(st_gdata->tty);
stop_tty(st_gdata->tty);
}
/* all chnl_ids now unregistered */
st_kim_stop(st_gdata->kim_data);
/* disable ST LL */
st_ll_disable(st_gdata);
}
return err;
}
/*
* called in protocol stack drivers
* via the write function pointer
*/
long st_write(struct sk_buff *skb)
{
struct st_data_s *st_gdata;
long len;
st_kim_ref(&st_gdata, 0);
if (unlikely(skb == NULL || st_gdata == NULL
|| st_gdata->tty == NULL)) {
pr_err("data/tty unavailable to perform write");
return -EINVAL;
}
pr_debug("%d to be written", skb->len);
len = skb->len;
/* st_ll to decide where to enqueue the skb */
st_int_enqueue(st_gdata, skb);
/* wake up */
st_tx_wakeup(st_gdata);
/* return number of bytes written */
return len;
}
/* for protocols making use of shared transport */
EXPORT_SYMBOL_GPL(st_unregister);
/********************************************************************/
/*
* functions called from TTY layer
*/
static int st_tty_open(struct tty_struct *tty)
{
int err = 0;
struct st_data_s *st_gdata;
pr_info("%s ", __func__);
st_kim_ref(&st_gdata, 0);
st_gdata->tty = tty;
tty->disc_data = st_gdata;
/* don't do an wakeup for now */
clear_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
/* mem already allocated
*/
tty->receive_room = 65536;
/* Flush any pending characters in the driver and discipline. */
tty_ldisc_flush(tty);
tty_driver_flush_buffer(tty);
/*
* signal to UIM via KIM that -
* installation of N_TI_WL ldisc is complete
*/
st_kim_complete(st_gdata->kim_data);
pr_debug("done %s", __func__);
return err;
}
static void st_tty_close(struct tty_struct *tty)
{
unsigned char i = ST_MAX_CHANNELS;
unsigned long flags = 0;
struct st_data_s *st_gdata = tty->disc_data;
pr_info("%s ", __func__);
/* TODO:
* if a protocol has been registered & line discipline
* un-installed for some reason - what should be done ?
*/
spin_lock_irqsave(&st_gdata->lock, flags);
for (i = ST_BT; i < ST_MAX_CHANNELS; i++) {
if (st_gdata->list[i] != NULL)
pr_err("%d not un-registered", i);
st_gdata->list[i] = NULL;
}
st_gdata->protos_registered = 0;
spin_unlock_irqrestore(&st_gdata->lock, flags);
/*
* signal to UIM via KIM that -
* N_TI_WL ldisc is un-installed
*/
st_kim_complete(st_gdata->kim_data);
st_gdata->tty = NULL;
/* Flush any pending characters in the driver and discipline. */
tty_ldisc_flush(tty);
tty_driver_flush_buffer(tty);
spin_lock_irqsave(&st_gdata->lock, flags);
/* empty out txq and tx_waitq */
skb_queue_purge(&st_gdata->txq);
skb_queue_purge(&st_gdata->tx_waitq);
/* reset the TTY Rx states of ST */
st_gdata->rx_count = 0;
st_gdata->rx_state = ST_W4_PACKET_TYPE;
kfree_skb(st_gdata->rx_skb);
st_gdata->rx_skb = NULL;
spin_unlock_irqrestore(&st_gdata->lock, flags);
pr_debug("%s: done ", __func__);
}
static void st_tty_receive(struct tty_struct *tty, const unsigned char *data,
char *tty_flags, int count)
{
#ifdef VERBOSE
print_hex_dump(KERN_DEBUG, ">in>", DUMP_PREFIX_NONE,
16, 1, data, count, 0);
#endif
/*
* if fw download is in progress then route incoming data
* to KIM for validation
*/
st_recv(tty->disc_data, data, count);
pr_debug("done %s", __func__);
}
/* wake-up function called in from the TTY layer
* inside the internal wakeup function will be called
*/
static void st_tty_wakeup(struct tty_struct *tty)
{
struct st_data_s *st_gdata = tty->disc_data;
pr_debug("%s ", __func__);
/* don't do an wakeup for now */
clear_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
/* call our internal wakeup */
st_tx_wakeup((void *)st_gdata);
}
static void st_tty_flush_buffer(struct tty_struct *tty)
{
struct st_data_s *st_gdata = tty->disc_data;
pr_debug("%s ", __func__);
kfree_skb(st_gdata->tx_skb);
st_gdata->tx_skb = NULL;
tty->ops->flush_buffer(tty);
return;
}
static struct tty_ldisc_ops st_ldisc_ops = {
.magic = TTY_LDISC_MAGIC,
.name = "n_st",
.open = st_tty_open,
.close = st_tty_close,
.receive_buf = st_tty_receive,
.write_wakeup = st_tty_wakeup,
.flush_buffer = st_tty_flush_buffer,
.owner = THIS_MODULE
};
/********************************************************************/
int st_core_init(struct st_data_s **core_data)
{
struct st_data_s *st_gdata;
long err;
err = tty_register_ldisc(N_TI_WL, &st_ldisc_ops);
if (err) {
pr_err("error registering %d line discipline %ld",
N_TI_WL, err);
return err;
}
pr_debug("registered n_shared line discipline");
st_gdata = kzalloc(sizeof(struct st_data_s), GFP_KERNEL);
if (!st_gdata) {
pr_err("memory allocation failed");
err = tty_unregister_ldisc(N_TI_WL);
if (err)
pr_err("unable to un-register ldisc %ld", err);
err = -ENOMEM;
return err;
}
/* Initialize ST TxQ and Tx waitQ queue head. All BT/FM/GPS module skb's
* will be pushed in this queue for actual transmission.
*/
skb_queue_head_init(&st_gdata->txq);
skb_queue_head_init(&st_gdata->tx_waitq);
/* Locking used in st_int_enqueue() to avoid multiple execution */
spin_lock_init(&st_gdata->lock);
err = st_ll_init(st_gdata);
if (err) {
pr_err("error during st_ll initialization(%ld)", err);
kfree(st_gdata);
err = tty_unregister_ldisc(N_TI_WL);
if (err)
pr_err("unable to un-register ldisc");
return err;
}
*core_data = st_gdata;
return 0;
}
void st_core_exit(struct st_data_s *st_gdata)
{
long err;
/* internal module cleanup */
err = st_ll_deinit(st_gdata);
if (err)
pr_err("error during deinit of ST LL %ld", err);
if (st_gdata != NULL) {
/* Free ST Tx Qs and skbs */
skb_queue_purge(&st_gdata->txq);
skb_queue_purge(&st_gdata->tx_waitq);
kfree_skb(st_gdata->rx_skb);
kfree_skb(st_gdata->tx_skb);
/* TTY ldisc cleanup */
err = tty_unregister_ldisc(N_TI_WL);
if (err)
pr_err("unable to un-register ldisc %ld", err);
/* free the global data pointer */
kfree(st_gdata);
}
}