drivers/usb/wusbcore/devconnect.c at v2.6.29-rc2 · tjh.dev/kernel

tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
kernel / drivers / usb / wusbcore / devconnect.c
at v2.6.29-rc2 1120 lines 33 kB view raw
   1/*
   2 * WUSB Wire Adapter: Control/Data Streaming Interface (WUSB[8])
   3 * Device Connect handling
   4 *
   5 * Copyright (C) 2006 Intel Corporation
   6 * Inaky Perez-Gonzalez <inaky.perez-gonzalez@intel.com>
   7 *
   8 * This program is free software; you can redistribute it and/or
   9 * modify it under the terms of the GNU General Public License version
  10 * 2 as published by the Free Software Foundation.
  11 *
  12 * This program is distributed in the hope that it will be useful,
  13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
  14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  15 * GNU General Public License for more details.
  16 *
  17 * You should have received a copy of the GNU General Public License
  18 * along with this program; if not, write to the Free Software
  19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
  20 * 02110-1301, USA.
  21 *
  22 *
  23 * FIXME: docs
  24 * FIXME: this file needs to be broken up, it's grown too big
  25 *
  26 *
  27 * WUSB1.0[7.1, 7.5.1, ]
  28 *
  29 * WUSB device connection is kind of messy. Some background:
  30 *
  31 *     When a device wants to connect it scans the UWB radio channels
  32 *     looking for a WUSB Channel; a WUSB channel is defined by MMCs
  33 *     (Micro Managed Commands or something like that) [see
  34 *     Design-overview for more on this] .
  35 *
  36 * So, device scans the radio, finds MMCs and thus a host and checks
  37 * when the next DNTS is. It sends a Device Notification Connect
  38 * (DN_Connect); the host picks it up (through nep.c and notif.c, ends
  39 * up in wusb_devconnect_ack(), which creates a wusb_dev structure in
  40 * wusbhc->port[port_number].wusb_dev), assigns an unauth address
  41 * to the device (this means from 0x80 to 0xfe) and sends, in the MMC
  42 * a Connect Ack Information Element (ConnAck IE).
  43 *
  44 * So now the device now has a WUSB address. From now on, we use
  45 * that to talk to it in the RPipes.
  46 *
  47 * ASSUMPTIONS:
  48 *
  49 *  - We use the the as device address the port number where it is
  50 *    connected (port 0 doesn't exist). For unauth, it is 128 + that.
  51 *
  52 * ROADMAP:
  53 *
  54 *   This file contains the logic for doing that--entry points:
  55 *
  56 *   wusb_devconnect_ack()      Ack a device until _acked() called.
  57 *                              Called by notif.c:wusb_handle_dn_connect()
  58 *                              when a DN_Connect is received.
  59 *
  60 *     wusb_devconnect_acked()  Ack done, release resources.
  61 *
  62 *   wusb_handle_dn_alive()     Called by notif.c:wusb_handle_dn()
  63 *                              for processing a DN_Alive pong from a device.
  64 *
  65 *   wusb_handle_dn_disconnect()Called by notif.c:wusb_handle_dn() to
  66 *                              process a disconenct request from a
  67 *                              device.
  68 *
  69 *   __wusb_dev_disable()       Called by rh.c:wusbhc_rh_clear_port_feat() when
  70 *                              disabling a port.
  71 *
  72 *   wusb_devconnect_create()   Called when creating the host by
  73 *                              lc.c:wusbhc_create().
  74 *
  75 *   wusb_devconnect_destroy()  Cleanup called removing the host. Called
  76 *                              by lc.c:wusbhc_destroy().
  77 *
  78 *   Each Wireless USB host maintains a list of DN_Connect requests
  79 *   (actually we maintain a list of pending Connect Acks, the
  80 *   wusbhc->ca_list).
  81 *
  82 * LIFE CYCLE OF port->wusb_dev
  83 *
  84 *   Before the @wusbhc structure put()s the reference it owns for
  85 *   port->wusb_dev [and clean the wusb_dev pointer], it needs to
  86 *   lock @wusbhc->mutex.
  87 */
  88
  89#include <linux/jiffies.h>
  90#include <linux/ctype.h>
  91#include <linux/workqueue.h>
  92#include "wusbhc.h"
  93
  94static void wusbhc_devconnect_acked_work(struct work_struct *work);
  95
  96static void wusb_dev_free(struct wusb_dev *wusb_dev)
  97{
  98	if (wusb_dev) {
  99		kfree(wusb_dev->set_gtk_req);
 100		usb_free_urb(wusb_dev->set_gtk_urb);
 101		kfree(wusb_dev);
 102	}
 103}
 104
 105static struct wusb_dev *wusb_dev_alloc(struct wusbhc *wusbhc)
 106{
 107	struct wusb_dev *wusb_dev;
 108	struct urb *urb;
 109	struct usb_ctrlrequest *req;
 110
 111	wusb_dev = kzalloc(sizeof(*wusb_dev), GFP_KERNEL);
 112	if (wusb_dev == NULL)
 113		goto err;
 114
 115	wusb_dev->wusbhc = wusbhc;
 116
 117	INIT_WORK(&wusb_dev->devconnect_acked_work, wusbhc_devconnect_acked_work);
 118
 119	urb = usb_alloc_urb(0, GFP_KERNEL);
 120	if (urb == NULL)
 121		goto err;
 122
 123	req = kmalloc(sizeof(struct usb_ctrlrequest), GFP_KERNEL);
 124	if (req == NULL)
 125		goto err;
 126
 127	req->bRequestType = USB_DIR_OUT | USB_TYPE_STANDARD | USB_RECIP_DEVICE;
 128	req->bRequest = USB_REQ_SET_DESCRIPTOR;
 129	req->wValue = cpu_to_le16(USB_DT_KEY << 8 | wusbhc->gtk_index);
 130	req->wIndex = 0;
 131	req->wLength = cpu_to_le16(wusbhc->gtk.descr.bLength);
 132
 133	wusb_dev->set_gtk_urb = urb;
 134	wusb_dev->set_gtk_req = req;
 135
 136	return wusb_dev;
 137err:
 138	wusb_dev_free(wusb_dev);
 139	return NULL;
 140}
 141
 142
 143/*
 144 * Using the Connect-Ack list, fill out the @wusbhc Connect-Ack WUSB IE
 145 * properly so that it can be added to the MMC.
 146 *
 147 * We just get the @wusbhc->ca_list and fill out the first four ones or
 148 * less (per-spec WUSB1.0[7.5, before T7-38). If the ConnectAck WUSB
 149 * IE is not allocated, we alloc it.
 150 *
 151 * @wusbhc->mutex must be taken
 152 */
 153static void wusbhc_fill_cack_ie(struct wusbhc *wusbhc)
 154{
 155	unsigned cnt;
 156	struct wusb_dev *dev_itr;
 157	struct wuie_connect_ack *cack_ie;
 158
 159	cack_ie = &wusbhc->cack_ie;
 160	cnt = 0;
 161	list_for_each_entry(dev_itr, &wusbhc->cack_list, cack_node) {
 162		cack_ie->blk[cnt].CDID = dev_itr->cdid;
 163		cack_ie->blk[cnt].bDeviceAddress = dev_itr->addr;
 164		if (++cnt >= WUIE_ELT_MAX)
 165			break;
 166	}
 167	cack_ie->hdr.bLength = sizeof(cack_ie->hdr)
 168		+ cnt * sizeof(cack_ie->blk[0]);
 169}
 170
 171/*
 172 * Register a new device that wants to connect
 173 *
 174 * A new device wants to connect, so we add it to the Connect-Ack
 175 * list. We give it an address in the unauthorized range (bit 8 set);
 176 * user space will have to drive authorization further on.
 177 *
 178 * @dev_addr: address to use for the device (which is also the port
 179 *            number).
 180 *
 181 * @wusbhc->mutex must be taken
 182 */
 183static struct wusb_dev *wusbhc_cack_add(struct wusbhc *wusbhc,
 184					struct wusb_dn_connect *dnc,
 185					const char *pr_cdid, u8 port_idx)
 186{
 187	struct device *dev = wusbhc->dev;
 188	struct wusb_dev *wusb_dev;
 189	int new_connection = wusb_dn_connect_new_connection(dnc);
 190	u8 dev_addr;
 191	int result;
 192
 193	/* Is it registered already? */
 194	list_for_each_entry(wusb_dev, &wusbhc->cack_list, cack_node)
 195		if (!memcmp(&wusb_dev->cdid, &dnc->CDID,
 196			    sizeof(wusb_dev->cdid)))
 197			return wusb_dev;
 198	/* We don't have it, create an entry, register it */
 199	wusb_dev = wusb_dev_alloc(wusbhc);
 200	if (wusb_dev == NULL)
 201		return NULL;
 202	wusb_dev_init(wusb_dev);
 203	wusb_dev->cdid = dnc->CDID;
 204	wusb_dev->port_idx = port_idx;
 205
 206	/*
 207	 * Devices are always available within the cluster reservation
 208	 * and since the hardware will take the intersection of the
 209	 * per-device availability and the cluster reservation, the
 210	 * per-device availability can simply be set to always
 211	 * available.
 212	 */
 213	bitmap_fill(wusb_dev->availability.bm, UWB_NUM_MAS);
 214
 215	/* FIXME: handle reconnects instead of assuming connects are
 216	   always new. */
 217	if (1 && new_connection == 0)
 218		new_connection = 1;
 219	if (new_connection) {
 220		dev_addr = (port_idx + 2) | WUSB_DEV_ADDR_UNAUTH;
 221
 222		dev_info(dev, "Connecting new WUSB device to address %u, "
 223			"port %u\n", dev_addr, port_idx);
 224
 225		result = wusb_set_dev_addr(wusbhc, wusb_dev, dev_addr);
 226		if (result < 0)
 227			return NULL;
 228	}
 229	wusb_dev->entry_ts = jiffies;
 230	list_add_tail(&wusb_dev->cack_node, &wusbhc->cack_list);
 231	wusbhc->cack_count++;
 232	wusbhc_fill_cack_ie(wusbhc);
 233
 234	return wusb_dev;
 235}
 236
 237/*
 238 * Remove a Connect-Ack context entry from the HCs view
 239 *
 240 * @wusbhc->mutex must be taken
 241 */
 242static void wusbhc_cack_rm(struct wusbhc *wusbhc, struct wusb_dev *wusb_dev)
 243{
 244	list_del_init(&wusb_dev->cack_node);
 245	wusbhc->cack_count--;
 246	wusbhc_fill_cack_ie(wusbhc);
 247}
 248
 249/*
 250 * @wusbhc->mutex must be taken */
 251static
 252void wusbhc_devconnect_acked(struct wusbhc *wusbhc, struct wusb_dev *wusb_dev)
 253{
 254	wusbhc_cack_rm(wusbhc, wusb_dev);
 255	if (wusbhc->cack_count)
 256		wusbhc_mmcie_set(wusbhc, 0, 0, &wusbhc->cack_ie.hdr);
 257	else
 258		wusbhc_mmcie_rm(wusbhc, &wusbhc->cack_ie.hdr);
 259}
 260
 261static void wusbhc_devconnect_acked_work(struct work_struct *work)
 262{
 263	struct wusb_dev *wusb_dev = container_of(work, struct wusb_dev,
 264						 devconnect_acked_work);
 265	struct wusbhc *wusbhc = wusb_dev->wusbhc;
 266
 267	mutex_lock(&wusbhc->mutex);
 268	wusbhc_devconnect_acked(wusbhc, wusb_dev);
 269	mutex_unlock(&wusbhc->mutex);
 270}
 271
 272/*
 273 * Ack a device for connection
 274 *
 275 * FIXME: docs
 276 *
 277 * @pr_cdid:	Printable CDID...hex Use @dnc->cdid for the real deal.
 278 *
 279 * So we get the connect ack IE (may have been allocated already),
 280 * find an empty connect block, an empty virtual port, create an
 281 * address with it (see below), make it an unauth addr [bit 7 set] and
 282 * set the MMC.
 283 *
 284 * Addresses: because WUSB hosts have no downstream hubs, we can do a
 285 *            1:1 mapping between 'port number' and device
 286 *            address. This simplifies many things, as during this
 287 *            initial connect phase the USB stack has no knoledge of
 288 *            the device and hasn't assigned an address yet--we know
 289 *            USB's choose_address() will use the same euristics we
 290 *            use here, so we can assume which address will be assigned.
 291 *
 292 *            USB stack always assigns address 1 to the root hub, so
 293 *            to the port number we add 2 (thus virtual port #0 is
 294 *            addr #2).
 295 *
 296 * @wusbhc shall be referenced
 297 */
 298static
 299void wusbhc_devconnect_ack(struct wusbhc *wusbhc, struct wusb_dn_connect *dnc,
 300			   const char *pr_cdid)
 301{
 302	int result;
 303	struct device *dev = wusbhc->dev;
 304	struct wusb_dev *wusb_dev;
 305	struct wusb_port *port;
 306	unsigned idx, devnum;
 307
 308	mutex_lock(&wusbhc->mutex);
 309
 310	/* Check we are not handling it already */
 311	for (idx = 0; idx < wusbhc->ports_max; idx++) {
 312		port = wusb_port_by_idx(wusbhc, idx);
 313		if (port->wusb_dev
 314		    && memcmp(&dnc->CDID, &port->wusb_dev->cdid, sizeof(dnc->CDID)) == 0)
 315			goto error_unlock;
 316	}
 317	/* Look up those fake ports we have for a free one */
 318	for (idx = 0; idx < wusbhc->ports_max; idx++) {
 319		port = wusb_port_by_idx(wusbhc, idx);
 320		if ((port->status & USB_PORT_STAT_POWER)
 321		    && !(port->status & USB_PORT_STAT_CONNECTION))
 322			break;
 323	}
 324	if (idx >= wusbhc->ports_max) {
 325		dev_err(dev, "Host controller can't connect more devices "
 326			"(%u already connected); device %s rejected\n",
 327			wusbhc->ports_max, pr_cdid);
 328		/* NOTE: we could send a WUIE_Disconnect here, but we haven't
 329		 *       event acked, so the device will eventually timeout the
 330		 *       connection, right? */
 331		goto error_unlock;
 332	}
 333
 334	devnum = idx + 2;
 335
 336	/* Make sure we are using no crypto on that "virtual port" */
 337	wusbhc->set_ptk(wusbhc, idx, 0, NULL, 0);
 338
 339	/* Grab a filled in Connect-Ack context, fill out the
 340	 * Connect-Ack Wireless USB IE, set the MMC */
 341	wusb_dev = wusbhc_cack_add(wusbhc, dnc, pr_cdid, idx);
 342	if (wusb_dev == NULL)
 343		goto error_unlock;
 344	result = wusbhc_mmcie_set(wusbhc, 0, 0, &wusbhc->cack_ie.hdr);
 345	if (result < 0)
 346		goto error_unlock;
 347	/* Give the device at least 2ms (WUSB1.0[7.5.1p3]), let's do
 348	 * three for a good measure */
 349	msleep(3);
 350	port->wusb_dev = wusb_dev;
 351	port->status |= USB_PORT_STAT_CONNECTION;
 352	port->change |= USB_PORT_STAT_C_CONNECTION;
 353	/* Now the port status changed to connected; khubd will
 354	 * pick the change up and try to reset the port to bring it to
 355	 * the enabled state--so this process returns up to the stack
 356	 * and it calls back into wusbhc_rh_port_reset().
 357	 */
 358error_unlock:
 359	mutex_unlock(&wusbhc->mutex);
 360	return;
 361
 362}
 363
 364/*
 365 * Disconnect a Wireless USB device from its fake port
 366 *
 367 * Marks the port as disconnected so that khubd can pick up the change
 368 * and drops our knowledge about the device.
 369 *
 370 * Assumes there is a device connected
 371 *
 372 * @port_index: zero based port number
 373 *
 374 * NOTE: @wusbhc->mutex is locked
 375 *
 376 * WARNING: From here it is not very safe to access anything hanging off
 377 *	    wusb_dev
 378 */
 379static void __wusbhc_dev_disconnect(struct wusbhc *wusbhc,
 380				    struct wusb_port *port)
 381{
 382	struct wusb_dev *wusb_dev = port->wusb_dev;
 383
 384	port->status &= ~(USB_PORT_STAT_CONNECTION | USB_PORT_STAT_ENABLE
 385			  | USB_PORT_STAT_SUSPEND | USB_PORT_STAT_RESET
 386			  | USB_PORT_STAT_LOW_SPEED | USB_PORT_STAT_HIGH_SPEED);
 387	port->change |= USB_PORT_STAT_C_CONNECTION | USB_PORT_STAT_C_ENABLE;
 388	if (wusb_dev) {
 389		if (!list_empty(&wusb_dev->cack_node))
 390			list_del_init(&wusb_dev->cack_node);
 391		/* For the one in cack_add() */
 392		wusb_dev_put(wusb_dev);
 393	}
 394	port->wusb_dev = NULL;
 395
 396	/* After a device disconnects, change the GTK (see [WUSB]
 397	 * section 6.2.11.2). */
 398	wusbhc_gtk_rekey(wusbhc);
 399
 400	/* The Wireless USB part has forgotten about the device already; now
 401	 * khubd's timer will pick up the disconnection and remove the USB
 402	 * device from the system
 403	 */
 404}
 405
 406/*
 407 * Refresh the list of keep alives to emit in the MMC
 408 *
 409 * Some devices don't respond to keep alives unless they've been
 410 * authenticated, so skip unauthenticated devices.
 411 *
 412 * We only publish the first four devices that have a coming timeout
 413 * condition. Then when we are done processing those, we go for the
 414 * next ones. We ignore the ones that have timed out already (they'll
 415 * be purged).
 416 *
 417 * This might cause the first devices to timeout the last devices in
 418 * the port array...FIXME: come up with a better algorithm?
 419 *
 420 * Note we can't do much about MMC's ops errors; we hope next refresh
 421 * will kind of handle it.
 422 *
 423 * NOTE: @wusbhc->mutex is locked
 424 */
 425static void __wusbhc_keep_alive(struct wusbhc *wusbhc)
 426{
 427	struct device *dev = wusbhc->dev;
 428	unsigned cnt;
 429	struct wusb_dev *wusb_dev;
 430	struct wusb_port *wusb_port;
 431	struct wuie_keep_alive *ie = &wusbhc->keep_alive_ie;
 432	unsigned keep_alives, old_keep_alives;
 433
 434	old_keep_alives = ie->hdr.bLength - sizeof(ie->hdr);
 435	keep_alives = 0;
 436	for (cnt = 0;
 437	     keep_alives <= WUIE_ELT_MAX && cnt < wusbhc->ports_max;
 438	     cnt++) {
 439		unsigned tt = msecs_to_jiffies(wusbhc->trust_timeout);
 440
 441		wusb_port = wusb_port_by_idx(wusbhc, cnt);
 442		wusb_dev = wusb_port->wusb_dev;
 443
 444		if (wusb_dev == NULL)
 445			continue;
 446		if (wusb_dev->usb_dev == NULL || !wusb_dev->usb_dev->authenticated)
 447			continue;
 448
 449		if (time_after(jiffies, wusb_dev->entry_ts + tt)) {
 450			dev_err(dev, "KEEPALIVE: device %u timed out\n",
 451				wusb_dev->addr);
 452			__wusbhc_dev_disconnect(wusbhc, wusb_port);
 453		} else if (time_after(jiffies, wusb_dev->entry_ts + tt/2)) {
 454			/* Approaching timeout cut out, need to refresh */
 455			ie->bDeviceAddress[keep_alives++] = wusb_dev->addr;
 456		}
 457	}
 458	if (keep_alives & 0x1)	/* pad to even number ([WUSB] section 7.5.9) */
 459		ie->bDeviceAddress[keep_alives++] = 0x7f;
 460	ie->hdr.bLength = sizeof(ie->hdr) +
 461		keep_alives*sizeof(ie->bDeviceAddress[0]);
 462	if (keep_alives > 0)
 463		wusbhc_mmcie_set(wusbhc, 10, 5, &ie->hdr);
 464	else if (old_keep_alives != 0)
 465		wusbhc_mmcie_rm(wusbhc, &ie->hdr);
 466}
 467
 468/*
 469 * Do a run through all devices checking for timeouts
 470 */
 471static void wusbhc_keep_alive_run(struct work_struct *ws)
 472{
 473	struct delayed_work *dw = container_of(ws, struct delayed_work, work);
 474	struct wusbhc *wusbhc =	container_of(dw, struct wusbhc, keep_alive_timer);
 475
 476	mutex_lock(&wusbhc->mutex);
 477	__wusbhc_keep_alive(wusbhc);
 478	mutex_unlock(&wusbhc->mutex);
 479
 480	queue_delayed_work(wusbd, &wusbhc->keep_alive_timer,
 481			   msecs_to_jiffies(wusbhc->trust_timeout / 2));
 482}
 483
 484/*
 485 * Find the wusb_dev from its device address.
 486 *
 487 * The device can be found directly from the address (see
 488 * wusb_cack_add() for where the device address is set to port_idx
 489 * +2), except when the address is zero.
 490 */
 491static struct wusb_dev *wusbhc_find_dev_by_addr(struct wusbhc *wusbhc, u8 addr)
 492{
 493	int p;
 494
 495	if (addr == 0xff) /* unconnected */
 496		return NULL;
 497
 498	if (addr > 0) {
 499		int port = (addr & ~0x80) - 2;
 500		if (port < 0 || port >= wusbhc->ports_max)
 501			return NULL;
 502		return wusb_port_by_idx(wusbhc, port)->wusb_dev;
 503	}
 504
 505	/* Look for the device with address 0. */
 506	for (p = 0; p < wusbhc->ports_max; p++) {
 507		struct wusb_dev *wusb_dev = wusb_port_by_idx(wusbhc, p)->wusb_dev;
 508		if (wusb_dev && wusb_dev->addr == addr)
 509			return wusb_dev;
 510	}
 511	return NULL;
 512}
 513
 514/*
 515 * Handle a DN_Alive notification (WUSB1.0[7.6.1])
 516 *
 517 * This just updates the device activity timestamp and then refreshes
 518 * the keep alive IE.
 519 *
 520 * @wusbhc shall be referenced and unlocked
 521 */
 522static void wusbhc_handle_dn_alive(struct wusbhc *wusbhc, struct wusb_dev *wusb_dev)
 523{
 524	mutex_lock(&wusbhc->mutex);
 525	wusb_dev->entry_ts = jiffies;
 526	__wusbhc_keep_alive(wusbhc);
 527	mutex_unlock(&wusbhc->mutex);
 528}
 529
 530/*
 531 * Handle a DN_Connect notification (WUSB1.0[7.6.1])
 532 *
 533 * @wusbhc
 534 * @pkt_hdr
 535 * @size:    Size of the buffer where the notification resides; if the
 536 *           notification data suggests there should be more data than
 537 *           available, an error will be signaled and the whole buffer
 538 *           consumed.
 539 *
 540 * @wusbhc->mutex shall be held
 541 */
 542static void wusbhc_handle_dn_connect(struct wusbhc *wusbhc,
 543				     struct wusb_dn_hdr *dn_hdr,
 544				     size_t size)
 545{
 546	struct device *dev = wusbhc->dev;
 547	struct wusb_dn_connect *dnc;
 548	char pr_cdid[WUSB_CKHDID_STRSIZE];
 549	static const char *beacon_behaviour[] = {
 550		"reserved",
 551		"self-beacon",
 552		"directed-beacon",
 553		"no-beacon"
 554	};
 555
 556	if (size < sizeof(*dnc)) {
 557		dev_err(dev, "DN CONNECT: short notification (%zu < %zu)\n",
 558			size, sizeof(*dnc));
 559		return;
 560	}
 561
 562	dnc = container_of(dn_hdr, struct wusb_dn_connect, hdr);
 563	ckhdid_printf(pr_cdid, sizeof(pr_cdid), &dnc->CDID);
 564	dev_info(dev, "DN CONNECT: device %s @ %x (%s) wants to %s\n",
 565		 pr_cdid,
 566		 wusb_dn_connect_prev_dev_addr(dnc),
 567		 beacon_behaviour[wusb_dn_connect_beacon_behavior(dnc)],
 568		 wusb_dn_connect_new_connection(dnc) ? "connect" : "reconnect");
 569	/* ACK the connect */
 570	wusbhc_devconnect_ack(wusbhc, dnc, pr_cdid);
 571}
 572
 573/*
 574 * Handle a DN_Disconnect notification (WUSB1.0[7.6.1])
 575 *
 576 * Device is going down -- do the disconnect.
 577 *
 578 * @wusbhc shall be referenced and unlocked
 579 */
 580static void wusbhc_handle_dn_disconnect(struct wusbhc *wusbhc, struct wusb_dev *wusb_dev)
 581{
 582	struct device *dev = wusbhc->dev;
 583
 584	dev_info(dev, "DN DISCONNECT: device 0x%02x going down\n", wusb_dev->addr);
 585
 586	mutex_lock(&wusbhc->mutex);
 587	__wusbhc_dev_disconnect(wusbhc, wusb_port_by_idx(wusbhc, wusb_dev->port_idx));
 588	mutex_unlock(&wusbhc->mutex);
 589}
 590
 591/*
 592 * Handle a Device Notification coming a host
 593 *
 594 * The Device Notification comes from a host (HWA, DWA or WHCI)
 595 * wrapped in a set of headers. Somebody else has peeled off those
 596 * headers for us and we just get one Device Notifications.
 597 *
 598 * Invalid DNs (e.g., too short) are discarded.
 599 *
 600 * @wusbhc shall be referenced
 601 *
 602 * FIXMES:
 603 *  - implement priorities as in WUSB1.0[Table 7-55]?
 604 */
 605void wusbhc_handle_dn(struct wusbhc *wusbhc, u8 srcaddr,
 606		      struct wusb_dn_hdr *dn_hdr, size_t size)
 607{
 608	struct device *dev = wusbhc->dev;
 609	struct wusb_dev *wusb_dev;
 610
 611	if (size < sizeof(struct wusb_dn_hdr)) {
 612		dev_err(dev, "DN data shorter than DN header (%d < %d)\n",
 613			(int)size, (int)sizeof(struct wusb_dn_hdr));
 614		return;
 615	}
 616
 617	wusb_dev = wusbhc_find_dev_by_addr(wusbhc, srcaddr);
 618	if (wusb_dev == NULL && dn_hdr->bType != WUSB_DN_CONNECT) {
 619		dev_dbg(dev, "ignoring DN %d from unconnected device %02x\n",
 620			dn_hdr->bType, srcaddr);
 621		return;
 622	}
 623
 624	switch (dn_hdr->bType) {
 625	case WUSB_DN_CONNECT:
 626		wusbhc_handle_dn_connect(wusbhc, dn_hdr, size);
 627		break;
 628	case WUSB_DN_ALIVE:
 629		wusbhc_handle_dn_alive(wusbhc, wusb_dev);
 630		break;
 631	case WUSB_DN_DISCONNECT:
 632		wusbhc_handle_dn_disconnect(wusbhc, wusb_dev);
 633		break;
 634	case WUSB_DN_MASAVAILCHANGED:
 635	case WUSB_DN_RWAKE:
 636	case WUSB_DN_SLEEP:
 637		/* FIXME: handle these DNs. */
 638		break;
 639	case WUSB_DN_EPRDY:
 640		/* The hardware handles these. */
 641		break;
 642	default:
 643		dev_warn(dev, "unknown DN %u (%d octets) from %u\n",
 644			 dn_hdr->bType, (int)size, srcaddr);
 645	}
 646}
 647EXPORT_SYMBOL_GPL(wusbhc_handle_dn);
 648
 649/*
 650 * Disconnect a WUSB device from a the cluster
 651 *
 652 * @wusbhc
 653 * @port     Fake port where the device is (wusbhc index, not USB port number).
 654 *
 655 * In Wireless USB, a disconnect is basically telling the device he is
 656 * being disconnected and forgetting about him.
 657 *
 658 * We send the device a Device Disconnect IE (WUSB1.0[7.5.11]) for 100
 659 * ms and then keep going.
 660 *
 661 * We don't do much in case of error; we always pretend we disabled
 662 * the port and disconnected the device. If physically the request
 663 * didn't get there (many things can fail in the way there), the stack
 664 * will reject the device's communication attempts.
 665 *
 666 * @wusbhc should be refcounted and locked
 667 */
 668void __wusbhc_dev_disable(struct wusbhc *wusbhc, u8 port_idx)
 669{
 670	int result;
 671	struct device *dev = wusbhc->dev;
 672	struct wusb_dev *wusb_dev;
 673	struct wuie_disconnect *ie;
 674
 675	wusb_dev = wusb_port_by_idx(wusbhc, port_idx)->wusb_dev;
 676	if (wusb_dev == NULL) {
 677		/* reset no device? ignore */
 678		dev_dbg(dev, "DISCONNECT: no device at port %u, ignoring\n",
 679			port_idx);
 680		return;
 681	}
 682	__wusbhc_dev_disconnect(wusbhc, wusb_port_by_idx(wusbhc, port_idx));
 683
 684	ie = kzalloc(sizeof(*ie), GFP_KERNEL);
 685	if (ie == NULL)
 686		return;
 687	ie->hdr.bLength = sizeof(*ie);
 688	ie->hdr.bIEIdentifier = WUIE_ID_DEVICE_DISCONNECT;
 689	ie->bDeviceAddress = wusb_dev->addr;
 690	result = wusbhc_mmcie_set(wusbhc, 0, 0, &ie->hdr);
 691	if (result < 0)
 692		dev_err(dev, "DISCONNECT: can't set MMC: %d\n", result);
 693	else {
 694		/* At least 6 MMCs, assuming at least 1 MMC per zone. */
 695		msleep(7*4);
 696		wusbhc_mmcie_rm(wusbhc, &ie->hdr);
 697	}
 698	kfree(ie);
 699}
 700
 701/*
 702 * Walk over the BOS descriptor, verify and grok it
 703 *
 704 * @usb_dev: referenced
 705 * @wusb_dev: referenced and unlocked
 706 *
 707 * The BOS descriptor is defined at WUSB1.0[7.4.1], and it defines a
 708 * "flexible" way to wrap all kinds of descriptors inside an standard
 709 * descriptor (wonder why they didn't use normal descriptors,
 710 * btw). Not like they lack code.
 711 *
 712 * At the end we go to look for the WUSB Device Capabilities
 713 * (WUSB1.0[7.4.1.1]) that is wrapped in a device capability descriptor
 714 * that is part of the BOS descriptor set. That tells us what does the
 715 * device support (dual role, beacon type, UWB PHY rates).
 716 */
 717static int wusb_dev_bos_grok(struct usb_device *usb_dev,
 718			     struct wusb_dev *wusb_dev,
 719			     struct usb_bos_descriptor *bos, size_t desc_size)
 720{
 721	ssize_t result;
 722	struct device *dev = &usb_dev->dev;
 723	void *itr, *top;
 724
 725	/* Walk over BOS capabilities, verify them */
 726	itr = (void *)bos + sizeof(*bos);
 727	top = itr + desc_size - sizeof(*bos);
 728	while (itr < top) {
 729		struct usb_dev_cap_header *cap_hdr = itr;
 730		size_t cap_size;
 731		u8 cap_type;
 732		if (top - itr < sizeof(*cap_hdr)) {
 733			dev_err(dev, "Device BUG? premature end of BOS header "
 734				"data [offset 0x%02x]: only %zu bytes left\n",
 735				(int)(itr - (void *)bos), top - itr);
 736			result = -ENOSPC;
 737			goto error_bad_cap;
 738		}
 739		cap_size = cap_hdr->bLength;
 740		cap_type = cap_hdr->bDevCapabilityType;
 741		if (cap_size == 0)
 742			break;
 743		if (cap_size > top - itr) {
 744			dev_err(dev, "Device BUG? premature end of BOS data "
 745				"[offset 0x%02x cap %02x %zu bytes]: "
 746				"only %zu bytes left\n",
 747				(int)(itr - (void *)bos),
 748				cap_type, cap_size, top - itr);
 749			result = -EBADF;
 750			goto error_bad_cap;
 751		}
 752		switch (cap_type) {
 753		case USB_CAP_TYPE_WIRELESS_USB:
 754			if (cap_size != sizeof(*wusb_dev->wusb_cap_descr))
 755				dev_err(dev, "Device BUG? WUSB Capability "
 756					"descriptor is %zu bytes vs %zu "
 757					"needed\n", cap_size,
 758					sizeof(*wusb_dev->wusb_cap_descr));
 759			else
 760				wusb_dev->wusb_cap_descr = itr;
 761			break;
 762		default:
 763			dev_err(dev, "BUG? Unknown BOS capability 0x%02x "
 764				"(%zu bytes) at offset 0x%02x\n", cap_type,
 765				cap_size, (int)(itr - (void *)bos));
 766		}
 767		itr += cap_size;
 768	}
 769	result = 0;
 770error_bad_cap:
 771	return result;
 772}
 773
 774/*
 775 * Add information from the BOS descriptors to the device
 776 *
 777 * @usb_dev: referenced
 778 * @wusb_dev: referenced and unlocked
 779 *
 780 * So what we do is we alloc a space for the BOS descriptor of 64
 781 * bytes; read the first four bytes which include the wTotalLength
 782 * field (WUSB1.0[T7-26]) and if it fits in those 64 bytes, read the
 783 * whole thing. If not we realloc to that size.
 784 *
 785 * Then we call the groking function, that will fill up
 786 * wusb_dev->wusb_cap_descr, which is what we'll need later on.
 787 */
 788static int wusb_dev_bos_add(struct usb_device *usb_dev,
 789			    struct wusb_dev *wusb_dev)
 790{
 791	ssize_t result;
 792	struct device *dev = &usb_dev->dev;
 793	struct usb_bos_descriptor *bos;
 794	size_t alloc_size = 32, desc_size = 4;
 795
 796	bos = kmalloc(alloc_size, GFP_KERNEL);
 797	if (bos == NULL)
 798		return -ENOMEM;
 799	result = usb_get_descriptor(usb_dev, USB_DT_BOS, 0, bos, desc_size);
 800	if (result < 4) {
 801		dev_err(dev, "Can't get BOS descriptor or too short: %zd\n",
 802			result);
 803		goto error_get_descriptor;
 804	}
 805	desc_size = le16_to_cpu(bos->wTotalLength);
 806	if (desc_size >= alloc_size) {
 807		kfree(bos);
 808		alloc_size = desc_size;
 809		bos = kmalloc(alloc_size, GFP_KERNEL);
 810		if (bos == NULL)
 811			return -ENOMEM;
 812	}
 813	result = usb_get_descriptor(usb_dev, USB_DT_BOS, 0, bos, desc_size);
 814	if (result < 0 || result != desc_size) {
 815		dev_err(dev, "Can't get  BOS descriptor or too short (need "
 816			"%zu bytes): %zd\n", desc_size, result);
 817		goto error_get_descriptor;
 818	}
 819	if (result < sizeof(*bos)
 820	    || le16_to_cpu(bos->wTotalLength) != desc_size) {
 821		dev_err(dev, "Can't get  BOS descriptor or too short (need "
 822			"%zu bytes): %zd\n", desc_size, result);
 823		goto error_get_descriptor;
 824	}
 825
 826	result = wusb_dev_bos_grok(usb_dev, wusb_dev, bos, result);
 827	if (result < 0)
 828		goto error_bad_bos;
 829	wusb_dev->bos = bos;
 830	return 0;
 831
 832error_bad_bos:
 833error_get_descriptor:
 834	kfree(bos);
 835	wusb_dev->wusb_cap_descr = NULL;
 836	return result;
 837}
 838
 839static void wusb_dev_bos_rm(struct wusb_dev *wusb_dev)
 840{
 841	kfree(wusb_dev->bos);
 842	wusb_dev->wusb_cap_descr = NULL;
 843};
 844
 845static struct usb_wireless_cap_descriptor wusb_cap_descr_default = {
 846	.bLength = sizeof(wusb_cap_descr_default),
 847	.bDescriptorType = USB_DT_DEVICE_CAPABILITY,
 848	.bDevCapabilityType = USB_CAP_TYPE_WIRELESS_USB,
 849
 850	.bmAttributes = USB_WIRELESS_BEACON_NONE,
 851	.wPHYRates = cpu_to_le16(USB_WIRELESS_PHY_53),
 852	.bmTFITXPowerInfo = 0,
 853	.bmFFITXPowerInfo = 0,
 854	.bmBandGroup = cpu_to_le16(0x0001),	/* WUSB1.0[7.4.1] bottom */
 855	.bReserved = 0
 856};
 857
 858/*
 859 * USB stack's device addition Notifier Callback
 860 *
 861 * Called from drivers/usb/core/hub.c when a new device is added; we
 862 * use this hook to perform certain WUSB specific setup work on the
 863 * new device. As well, it is the first time we can connect the
 864 * wusb_dev and the usb_dev. So we note it down in wusb_dev and take a
 865 * reference that we'll drop.
 866 *
 867 * First we need to determine if the device is a WUSB device (else we
 868 * ignore it). For that we use the speed setting (USB_SPEED_VARIABLE)
 869 * [FIXME: maybe we'd need something more definitive]. If so, we track
 870 * it's usb_busd and from there, the WUSB HC.
 871 *
 872 * Because all WUSB HCs are contained in a 'struct wusbhc', voila, we
 873 * get the wusbhc for the device.
 874 *
 875 * We have a reference on @usb_dev (as we are called at the end of its
 876 * enumeration).
 877 *
 878 * NOTE: @usb_dev locked
 879 */
 880static void wusb_dev_add_ncb(struct usb_device *usb_dev)
 881{
 882	int result = 0;
 883	struct wusb_dev *wusb_dev;
 884	struct wusbhc *wusbhc;
 885	struct device *dev = &usb_dev->dev;
 886	u8 port_idx;
 887
 888	if (usb_dev->wusb == 0 || usb_dev->devnum == 1)
 889		return;		/* skip non wusb and wusb RHs */
 890
 891	wusbhc = wusbhc_get_by_usb_dev(usb_dev);
 892	if (wusbhc == NULL)
 893		goto error_nodev;
 894	mutex_lock(&wusbhc->mutex);
 895	wusb_dev = __wusb_dev_get_by_usb_dev(wusbhc, usb_dev);
 896	port_idx = wusb_port_no_to_idx(usb_dev->portnum);
 897	mutex_unlock(&wusbhc->mutex);
 898	if (wusb_dev == NULL)
 899		goto error_nodev;
 900	wusb_dev->usb_dev = usb_get_dev(usb_dev);
 901	usb_dev->wusb_dev = wusb_dev_get(wusb_dev);
 902	result = wusb_dev_sec_add(wusbhc, usb_dev, wusb_dev);
 903	if (result < 0) {
 904		dev_err(dev, "Cannot enable security: %d\n", result);
 905		goto error_sec_add;
 906	}
 907	/* Now query the device for it's BOS and attach it to wusb_dev */
 908	result = wusb_dev_bos_add(usb_dev, wusb_dev);
 909	if (result < 0) {
 910		dev_err(dev, "Cannot get BOS descriptors: %d\n", result);
 911		goto error_bos_add;
 912	}
 913	result = wusb_dev_sysfs_add(wusbhc, usb_dev, wusb_dev);
 914	if (result < 0)
 915		goto error_add_sysfs;
 916out:
 917	wusb_dev_put(wusb_dev);
 918	wusbhc_put(wusbhc);
 919error_nodev:
 920	return;
 921
 922	wusb_dev_sysfs_rm(wusb_dev);
 923error_add_sysfs:
 924	wusb_dev_bos_rm(wusb_dev);
 925error_bos_add:
 926	wusb_dev_sec_rm(wusb_dev);
 927error_sec_add:
 928	mutex_lock(&wusbhc->mutex);
 929	__wusbhc_dev_disconnect(wusbhc, wusb_port_by_idx(wusbhc, port_idx));
 930	mutex_unlock(&wusbhc->mutex);
 931	goto out;
 932}
 933
 934/*
 935 * Undo all the steps done at connection by the notifier callback
 936 *
 937 * NOTE: @usb_dev locked
 938 */
 939static void wusb_dev_rm_ncb(struct usb_device *usb_dev)
 940{
 941	struct wusb_dev *wusb_dev = usb_dev->wusb_dev;
 942
 943	if (usb_dev->wusb == 0 || usb_dev->devnum == 1)
 944		return;		/* skip non wusb and wusb RHs */
 945
 946	wusb_dev_sysfs_rm(wusb_dev);
 947	wusb_dev_bos_rm(wusb_dev);
 948	wusb_dev_sec_rm(wusb_dev);
 949	wusb_dev->usb_dev = NULL;
 950	usb_dev->wusb_dev = NULL;
 951	wusb_dev_put(wusb_dev);
 952	usb_put_dev(usb_dev);
 953}
 954
 955/*
 956 * Handle notifications from the USB stack (notifier call back)
 957 *
 958 * This is called when the USB stack does a
 959 * usb_{bus,device}_{add,remove}() so we can do WUSB specific
 960 * handling. It is called with [for the case of
 961 * USB_DEVICE_{ADD,REMOVE} with the usb_dev locked.
 962 */
 963int wusb_usb_ncb(struct notifier_block *nb, unsigned long val,
 964		 void *priv)
 965{
 966	int result = NOTIFY_OK;
 967
 968	switch (val) {
 969	case USB_DEVICE_ADD:
 970		wusb_dev_add_ncb(priv);
 971		break;
 972	case USB_DEVICE_REMOVE:
 973		wusb_dev_rm_ncb(priv);
 974		break;
 975	case USB_BUS_ADD:
 976		/* ignore (for now) */
 977	case USB_BUS_REMOVE:
 978		break;
 979	default:
 980		WARN_ON(1);
 981		result = NOTIFY_BAD;
 982	};
 983	return result;
 984}
 985
 986/*
 987 * Return a referenced wusb_dev given a @wusbhc and @usb_dev
 988 */
 989struct wusb_dev *__wusb_dev_get_by_usb_dev(struct wusbhc *wusbhc,
 990					   struct usb_device *usb_dev)
 991{
 992	struct wusb_dev *wusb_dev;
 993	u8 port_idx;
 994
 995	port_idx = wusb_port_no_to_idx(usb_dev->portnum);
 996	BUG_ON(port_idx > wusbhc->ports_max);
 997	wusb_dev = wusb_port_by_idx(wusbhc, port_idx)->wusb_dev;
 998	if (wusb_dev != NULL)		/* ops, device is gone */
 999		wusb_dev_get(wusb_dev);
1000	return wusb_dev;
1001}
1002EXPORT_SYMBOL_GPL(__wusb_dev_get_by_usb_dev);
1003
1004void wusb_dev_destroy(struct kref *_wusb_dev)
1005{
1006	struct wusb_dev *wusb_dev = container_of(_wusb_dev, struct wusb_dev, refcnt);
1007
1008	list_del_init(&wusb_dev->cack_node);
1009	wusb_dev_free(wusb_dev);
1010}
1011EXPORT_SYMBOL_GPL(wusb_dev_destroy);
1012
1013/*
1014 * Create all the device connect handling infrastructure
1015 *
1016 * This is basically the device info array, Connect Acknowledgement
1017 * (cack) lists, keep-alive timers (and delayed work thread).
1018 */
1019int wusbhc_devconnect_create(struct wusbhc *wusbhc)
1020{
1021	wusbhc->keep_alive_ie.hdr.bIEIdentifier = WUIE_ID_KEEP_ALIVE;
1022	wusbhc->keep_alive_ie.hdr.bLength = sizeof(wusbhc->keep_alive_ie.hdr);
1023	INIT_DELAYED_WORK(&wusbhc->keep_alive_timer, wusbhc_keep_alive_run);
1024
1025	wusbhc->cack_ie.hdr.bIEIdentifier = WUIE_ID_CONNECTACK;
1026	wusbhc->cack_ie.hdr.bLength = sizeof(wusbhc->cack_ie.hdr);
1027	INIT_LIST_HEAD(&wusbhc->cack_list);
1028
1029	return 0;
1030}
1031
1032/*
1033 * Release all resources taken by the devconnect stuff
1034 */
1035void wusbhc_devconnect_destroy(struct wusbhc *wusbhc)
1036{
1037	/* no op */
1038}
1039
1040/*
1041 * wusbhc_devconnect_start - start accepting device connections
1042 * @wusbhc: the WUSB HC
1043 *
1044 * Sets the Host Info IE to accept all new connections.
1045 *
1046 * FIXME: This also enables the keep alives but this is not necessary
1047 * until there are connected and authenticated devices.
1048 */
1049int wusbhc_devconnect_start(struct wusbhc *wusbhc)
1050{
1051	struct device *dev = wusbhc->dev;
1052	struct wuie_host_info *hi;
1053	int result;
1054
1055	hi = kzalloc(sizeof(*hi), GFP_KERNEL);
1056	if (hi == NULL)
1057		return -ENOMEM;
1058
1059	hi->hdr.bLength       = sizeof(*hi);
1060	hi->hdr.bIEIdentifier = WUIE_ID_HOST_INFO;
1061	hi->attributes        = cpu_to_le16((wusbhc->rsv->stream << 3) | WUIE_HI_CAP_ALL);
1062	hi->CHID              = wusbhc->chid;
1063	result = wusbhc_mmcie_set(wusbhc, 0, 0, &hi->hdr);
1064	if (result < 0) {
1065		dev_err(dev, "Cannot add Host Info MMCIE: %d\n", result);
1066		goto error_mmcie_set;
1067	}
1068	wusbhc->wuie_host_info = hi;
1069
1070	queue_delayed_work(wusbd, &wusbhc->keep_alive_timer,
1071			   (wusbhc->trust_timeout*CONFIG_HZ)/1000/2);
1072
1073	return 0;
1074
1075error_mmcie_set:
1076	kfree(hi);
1077	return result;
1078}
1079
1080/*
1081 * wusbhc_devconnect_stop - stop managing connected devices
1082 * @wusbhc: the WUSB HC
1083 *
1084 * Removes the Host Info IE and stops the keep alives.
1085 *
1086 * FIXME: should this disconnect all devices?
1087 */
1088void wusbhc_devconnect_stop(struct wusbhc *wusbhc)
1089{
1090	cancel_delayed_work_sync(&wusbhc->keep_alive_timer);
1091	WARN_ON(!list_empty(&wusbhc->cack_list));
1092
1093	wusbhc_mmcie_rm(wusbhc, &wusbhc->wuie_host_info->hdr);
1094	kfree(wusbhc->wuie_host_info);
1095	wusbhc->wuie_host_info = NULL;
1096}
1097
1098/*
1099 * wusb_set_dev_addr - set the WUSB device address used by the host
1100 * @wusbhc: the WUSB HC the device is connect to
1101 * @wusb_dev: the WUSB device
1102 * @addr: new device address
1103 */
1104int wusb_set_dev_addr(struct wusbhc *wusbhc, struct wusb_dev *wusb_dev, u8 addr)
1105{
1106	int result;
1107
1108	wusb_dev->addr = addr;
1109	result = wusbhc->dev_info_set(wusbhc, wusb_dev);
1110	if (result < 0)
1111		dev_err(wusbhc->dev, "device %d: failed to set device "
1112			"address\n", wusb_dev->port_idx);
1113	else
1114		dev_info(wusbhc->dev, "device %d: %s addr %u\n",
1115			 wusb_dev->port_idx,
1116			 (addr & WUSB_DEV_ADDR_UNAUTH) ? "unauth" : "auth",
1117			 wusb_dev->addr);
1118
1119	return result;
1120}