If no valid CHID value has previously been set on an HWA, writing a value of all zeros will cause a kernel panic in uwb_radio_stop because wusbhc->uwb_rc has not been set. This patch skips the call to uwb_radio_stop if wusbhc->uwb_rc has not been initialized. Signed-off-by: Thomas Pugliese <thomas.pugliese@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
		
			
				
	
	
		
			318 lines
		
	
	
		
			8.3 KiB
		
	
	
	
		
			C
		
	
	
	
	
	
			
		
		
	
	
			318 lines
		
	
	
		
			8.3 KiB
		
	
	
	
		
			C
		
	
	
	
	
	
| /*
 | |
|  * WUSB Wire Adapter: Control/Data Streaming Interface (WUSB[8])
 | |
|  * MMC (Microscheduled Management Command) handling
 | |
|  *
 | |
|  * Copyright (C) 2005-2006 Intel Corporation
 | |
|  * Inaky Perez-Gonzalez <inaky.perez-gonzalez@intel.com>
 | |
|  *
 | |
|  * This program is free software; you can redistribute it and/or
 | |
|  * modify it under the terms of the GNU General Public License version
 | |
|  * 2 as published by the Free Software Foundation.
 | |
|  *
 | |
|  * This program is distributed in the hope that it will be useful,
 | |
|  * but WITHOUT ANY WARRANTY; without even the implied warranty of
 | |
|  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 | |
|  * GNU General Public License for more details.
 | |
|  *
 | |
|  * You should have received a copy of the GNU General Public License
 | |
|  * along with this program; if not, write to the Free Software
 | |
|  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
 | |
|  * 02110-1301, USA.
 | |
|  *
 | |
|  *
 | |
|  * WUIEs and MMC IEs...well, they are almost the same at the end. MMC
 | |
|  * IEs are Wireless USB IEs that go into the MMC period...[what is
 | |
|  * that? look in Design-overview.txt].
 | |
|  *
 | |
|  *
 | |
|  * This is a simple subsystem to keep track of which IEs are being
 | |
|  * sent by the host in the MMC period.
 | |
|  *
 | |
|  * For each WUIE we ask to send, we keep it in an array, so we can
 | |
|  * request its removal later, or replace the content. They are tracked
 | |
|  * by pointer, so be sure to use the same pointer if you want to
 | |
|  * remove it or update the contents.
 | |
|  *
 | |
|  * FIXME:
 | |
|  *  - add timers that autoremove intervalled IEs?
 | |
|  */
 | |
| #include <linux/usb/wusb.h>
 | |
| #include <linux/slab.h>
 | |
| #include <linux/export.h>
 | |
| #include "wusbhc.h"
 | |
| 
 | |
| /* Initialize the MMCIEs handling mechanism */
 | |
| int wusbhc_mmcie_create(struct wusbhc *wusbhc)
 | |
| {
 | |
| 	u8 mmcies = wusbhc->mmcies_max;
 | |
| 	wusbhc->mmcie = kcalloc(mmcies, sizeof(wusbhc->mmcie[0]), GFP_KERNEL);
 | |
| 	if (wusbhc->mmcie == NULL)
 | |
| 		return -ENOMEM;
 | |
| 	mutex_init(&wusbhc->mmcie_mutex);
 | |
| 	return 0;
 | |
| }
 | |
| 
 | |
| /* Release resources used by the MMCIEs handling mechanism */
 | |
| void wusbhc_mmcie_destroy(struct wusbhc *wusbhc)
 | |
| {
 | |
| 	kfree(wusbhc->mmcie);
 | |
| }
 | |
| 
 | |
| /*
 | |
|  * Add or replace an MMC Wireless USB IE.
 | |
|  *
 | |
|  * @interval:    See WUSB1.0[8.5.3.1]
 | |
|  * @repeat_cnt:  See WUSB1.0[8.5.3.1]
 | |
|  * @handle:      See WUSB1.0[8.5.3.1]
 | |
|  * @wuie:        Pointer to the header of the WUSB IE data to add.
 | |
|  *               MUST BE allocated in a kmalloc buffer (no stack or
 | |
|  *               vmalloc).
 | |
|  *               THE CALLER ALWAYS OWNS THE POINTER (we don't free it
 | |
|  *               on remove, we just forget about it).
 | |
|  * @returns:     0 if ok, < 0 errno code on error.
 | |
|  *
 | |
|  * Goes over the *whole* @wusbhc->mmcie array looking for (a) the
 | |
|  * first free spot and (b) if @wuie is already in the array (aka:
 | |
|  * transmitted in the MMCs) the spot were it is.
 | |
|  *
 | |
|  * If present, we "overwrite it" (update).
 | |
|  *
 | |
|  *
 | |
|  * NOTE: Need special ordering rules -- see below WUSB1.0 Table 7-38.
 | |
|  *       The host uses the handle as the 'sort' index. We
 | |
|  *       allocate the last one always for the WUIE_ID_HOST_INFO, and
 | |
|  *       the rest, first come first serve in inverse order.
 | |
|  *
 | |
|  *       Host software must make sure that it adds the other IEs in
 | |
|  *       the right order... the host hardware is responsible for
 | |
|  *       placing the WCTA IEs in the right place with the other IEs
 | |
|  *       set by host software.
 | |
|  *
 | |
|  * NOTE: we can access wusbhc->wa_descr without locking because it is
 | |
|  *       read only.
 | |
|  */
 | |
| int wusbhc_mmcie_set(struct wusbhc *wusbhc, u8 interval, u8 repeat_cnt,
 | |
| 		     struct wuie_hdr *wuie)
 | |
| {
 | |
| 	int result = -ENOBUFS;
 | |
| 	unsigned handle, itr;
 | |
| 
 | |
| 	/* Search a handle, taking into account the ordering */
 | |
| 	mutex_lock(&wusbhc->mmcie_mutex);
 | |
| 	switch (wuie->bIEIdentifier) {
 | |
| 	case WUIE_ID_HOST_INFO:
 | |
| 		/* Always last */
 | |
| 		handle = wusbhc->mmcies_max - 1;
 | |
| 		break;
 | |
| 	case WUIE_ID_ISOCH_DISCARD:
 | |
| 		dev_err(wusbhc->dev, "Special ordering case for WUIE ID 0x%x "
 | |
| 			"unimplemented\n", wuie->bIEIdentifier);
 | |
| 		result = -ENOSYS;
 | |
| 		goto error_unlock;
 | |
| 	default:
 | |
| 		/* search for it or find the last empty slot */
 | |
| 		handle = ~0;
 | |
| 		for (itr = 0; itr < wusbhc->mmcies_max - 1; itr++) {
 | |
| 			if (wusbhc->mmcie[itr] == wuie) {
 | |
| 				handle = itr;
 | |
| 				break;
 | |
| 			}
 | |
| 			if (wusbhc->mmcie[itr] == NULL)
 | |
| 				handle = itr;
 | |
| 		}
 | |
| 		if (handle == ~0)
 | |
| 			goto error_unlock;
 | |
| 	}
 | |
| 	result = (wusbhc->mmcie_add)(wusbhc, interval, repeat_cnt, handle,
 | |
| 				     wuie);
 | |
| 	if (result >= 0)
 | |
| 		wusbhc->mmcie[handle] = wuie;
 | |
| error_unlock:
 | |
| 	mutex_unlock(&wusbhc->mmcie_mutex);
 | |
| 	return result;
 | |
| }
 | |
| EXPORT_SYMBOL_GPL(wusbhc_mmcie_set);
 | |
| 
 | |
| /*
 | |
|  * Remove an MMC IE previously added with wusbhc_mmcie_set()
 | |
|  *
 | |
|  * @wuie	Pointer used to add the WUIE
 | |
|  */
 | |
| void wusbhc_mmcie_rm(struct wusbhc *wusbhc, struct wuie_hdr *wuie)
 | |
| {
 | |
| 	int result;
 | |
| 	unsigned handle, itr;
 | |
| 
 | |
| 	mutex_lock(&wusbhc->mmcie_mutex);
 | |
| 	for (itr = 0; itr < wusbhc->mmcies_max; itr++) {
 | |
| 		if (wusbhc->mmcie[itr] == wuie) {
 | |
| 			handle = itr;
 | |
| 			goto found;
 | |
| 		}
 | |
| 	}
 | |
| 	mutex_unlock(&wusbhc->mmcie_mutex);
 | |
| 	return;
 | |
| 
 | |
| found:
 | |
| 	result = (wusbhc->mmcie_rm)(wusbhc, handle);
 | |
| 	if (result == 0)
 | |
| 		wusbhc->mmcie[itr] = NULL;
 | |
| 	mutex_unlock(&wusbhc->mmcie_mutex);
 | |
| }
 | |
| EXPORT_SYMBOL_GPL(wusbhc_mmcie_rm);
 | |
| 
 | |
| static int wusbhc_mmc_start(struct wusbhc *wusbhc)
 | |
| {
 | |
| 	int ret;
 | |
| 
 | |
| 	mutex_lock(&wusbhc->mutex);
 | |
| 	ret = wusbhc->start(wusbhc);
 | |
| 	if (ret >= 0)
 | |
| 		wusbhc->active = 1;
 | |
| 	mutex_unlock(&wusbhc->mutex);
 | |
| 
 | |
| 	return ret;
 | |
| }
 | |
| 
 | |
| static void wusbhc_mmc_stop(struct wusbhc *wusbhc)
 | |
| {
 | |
| 	mutex_lock(&wusbhc->mutex);
 | |
| 	wusbhc->active = 0;
 | |
| 	wusbhc->stop(wusbhc, WUSB_CHANNEL_STOP_DELAY_MS);
 | |
| 	mutex_unlock(&wusbhc->mutex);
 | |
| }
 | |
| 
 | |
| /*
 | |
|  * wusbhc_start - start transmitting MMCs and accepting connections
 | |
|  * @wusbhc: the HC to start
 | |
|  *
 | |
|  * Establishes a cluster reservation, enables device connections, and
 | |
|  * starts MMCs with appropriate DNTS parameters.
 | |
|  */
 | |
| int wusbhc_start(struct wusbhc *wusbhc)
 | |
| {
 | |
| 	int result;
 | |
| 	struct device *dev = wusbhc->dev;
 | |
| 
 | |
| 	WARN_ON(wusbhc->wuie_host_info != NULL);
 | |
| 	BUG_ON(wusbhc->uwb_rc == NULL);
 | |
| 
 | |
| 	result = wusbhc_rsv_establish(wusbhc);
 | |
| 	if (result < 0) {
 | |
| 		dev_err(dev, "cannot establish cluster reservation: %d\n",
 | |
| 			result);
 | |
| 		goto error_rsv_establish;
 | |
| 	}
 | |
| 
 | |
| 	result = wusbhc_devconnect_start(wusbhc);
 | |
| 	if (result < 0) {
 | |
| 		dev_err(dev, "error enabling device connections: %d\n",
 | |
| 			result);
 | |
| 		goto error_devconnect_start;
 | |
| 	}
 | |
| 
 | |
| 	result = wusbhc_sec_start(wusbhc);
 | |
| 	if (result < 0) {
 | |
| 		dev_err(dev, "error starting security in the HC: %d\n",
 | |
| 			result);
 | |
| 		goto error_sec_start;
 | |
| 	}
 | |
| 
 | |
| 	result = wusbhc->set_num_dnts(wusbhc, wusbhc->dnts_interval,
 | |
| 		wusbhc->dnts_num_slots);
 | |
| 	if (result < 0) {
 | |
| 		dev_err(dev, "Cannot set DNTS parameters: %d\n", result);
 | |
| 		goto error_set_num_dnts;
 | |
| 	}
 | |
| 	result = wusbhc_mmc_start(wusbhc);
 | |
| 	if (result < 0) {
 | |
| 		dev_err(dev, "error starting wusbch: %d\n", result);
 | |
| 		goto error_wusbhc_start;
 | |
| 	}
 | |
| 
 | |
| 	return 0;
 | |
| 
 | |
| error_wusbhc_start:
 | |
| 	wusbhc_sec_stop(wusbhc);
 | |
| error_set_num_dnts:
 | |
| error_sec_start:
 | |
| 	wusbhc_devconnect_stop(wusbhc);
 | |
| error_devconnect_start:
 | |
| 	wusbhc_rsv_terminate(wusbhc);
 | |
| error_rsv_establish:
 | |
| 	return result;
 | |
| }
 | |
| 
 | |
| /*
 | |
|  * wusbhc_stop - stop transmitting MMCs
 | |
|  * @wusbhc: the HC to stop
 | |
|  *
 | |
|  * Stops the WUSB channel and removes the cluster reservation.
 | |
|  */
 | |
| void wusbhc_stop(struct wusbhc *wusbhc)
 | |
| {
 | |
| 	wusbhc_mmc_stop(wusbhc);
 | |
| 	wusbhc_sec_stop(wusbhc);
 | |
| 	wusbhc_devconnect_stop(wusbhc);
 | |
| 	wusbhc_rsv_terminate(wusbhc);
 | |
| }
 | |
| 
 | |
| /*
 | |
|  * Set/reset/update a new CHID
 | |
|  *
 | |
|  * Depending on the previous state of the MMCs, start, stop or change
 | |
|  * the sent MMC. This effectively switches the host controller on and
 | |
|  * off (radio wise).
 | |
|  */
 | |
| int wusbhc_chid_set(struct wusbhc *wusbhc, const struct wusb_ckhdid *chid)
 | |
| {
 | |
| 	int result = 0;
 | |
| 
 | |
| 	if (memcmp(chid, &wusb_ckhdid_zero, sizeof(*chid)) == 0)
 | |
| 		chid = NULL;
 | |
| 
 | |
| 	mutex_lock(&wusbhc->mutex);
 | |
| 	if (chid) {
 | |
| 		if (wusbhc->active) {
 | |
| 			mutex_unlock(&wusbhc->mutex);
 | |
| 			return -EBUSY;
 | |
| 		}
 | |
| 		wusbhc->chid = *chid;
 | |
| 	}
 | |
| 
 | |
| 	/* register with UWB if we haven't already since we are about to start
 | |
| 	    the radio. */
 | |
| 	if ((chid) && (wusbhc->uwb_rc == NULL)) {
 | |
| 		wusbhc->uwb_rc = uwb_rc_get_by_grandpa(wusbhc->dev->parent);
 | |
| 		if (wusbhc->uwb_rc == NULL) {
 | |
| 			result = -ENODEV;
 | |
| 			dev_err(wusbhc->dev,
 | |
| 				"Cannot get associated UWB Host Controller\n");
 | |
| 			goto error_rc_get;
 | |
| 		}
 | |
| 
 | |
| 		result = wusbhc_pal_register(wusbhc);
 | |
| 		if (result < 0) {
 | |
| 			dev_err(wusbhc->dev, "Cannot register as a UWB PAL\n");
 | |
| 			goto error_pal_register;
 | |
| 		}
 | |
| 	}
 | |
| 	mutex_unlock(&wusbhc->mutex);
 | |
| 
 | |
| 	if (chid)
 | |
| 		result = uwb_radio_start(&wusbhc->pal);
 | |
| 	else if (wusbhc->uwb_rc)
 | |
| 		uwb_radio_stop(&wusbhc->pal);
 | |
| 
 | |
| 	return result;
 | |
| 
 | |
| error_pal_register:
 | |
| 	uwb_rc_put(wusbhc->uwb_rc);
 | |
| 	wusbhc->uwb_rc = NULL;
 | |
| error_rc_get:
 | |
| 	mutex_unlock(&wusbhc->mutex);
 | |
| 
 | |
| 	return result;
 | |
| }
 | |
| EXPORT_SYMBOL_GPL(wusbhc_chid_set);
 |