drivers/usb/wusbcore/devconnect.c at v2.6.33 · tjh.dev/kernel

tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
kernel / drivers / usb / wusbcore / devconnect.c
at v2.6.33 1131 lines 33 kB view raw
   1/*
   2 * WUSB Wire Adapter: Control/Data Streaming Interface (WUSB[8])
   3 * Device Connect handling
   4 *
   5 * Copyright (C) 2006 Intel Corporation
   6 * Inaky Perez-Gonzalez <inaky.perez-gonzalez@intel.com>
   7 *
   8 * This program is free software; you can redistribute it and/or
   9 * modify it under the terms of the GNU General Public License version
  10 * 2 as published by the Free Software Foundation.
  11 *
  12 * This program is distributed in the hope that it will be useful,
  13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
  14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  15 * GNU General Public License for more details.
  16 *
  17 * You should have received a copy of the GNU General Public License
  18 * along with this program; if not, write to the Free Software
  19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
  20 * 02110-1301, USA.
  21 *
  22 *
  23 * FIXME: docs
  24 * FIXME: this file needs to be broken up, it's grown too big
  25 *
  26 *
  27 * WUSB1.0[7.1, 7.5.1, ]
  28 *
  29 * WUSB device connection is kind of messy. Some background:
  30 *
  31 *     When a device wants to connect it scans the UWB radio channels
  32 *     looking for a WUSB Channel; a WUSB channel is defined by MMCs
  33 *     (Micro Managed Commands or something like that) [see
  34 *     Design-overview for more on this] .
  35 *
  36 * So, device scans the radio, finds MMCs and thus a host and checks
  37 * when the next DNTS is. It sends a Device Notification Connect
  38 * (DN_Connect); the host picks it up (through nep.c and notif.c, ends
  39 * up in wusb_devconnect_ack(), which creates a wusb_dev structure in
  40 * wusbhc->port[port_number].wusb_dev), assigns an unauth address
  41 * to the device (this means from 0x80 to 0xfe) and sends, in the MMC
  42 * a Connect Ack Information Element (ConnAck IE).
  43 *
  44 * So now the device now has a WUSB address. From now on, we use
  45 * that to talk to it in the RPipes.
  46 *
  47 * ASSUMPTIONS:
  48 *
  49 *  - We use the the as device address the port number where it is
  50 *    connected (port 0 doesn't exist). For unauth, it is 128 + that.
  51 *
  52 * ROADMAP:
  53 *
  54 *   This file contains the logic for doing that--entry points:
  55 *
  56 *   wusb_devconnect_ack()      Ack a device until _acked() called.
  57 *                              Called by notif.c:wusb_handle_dn_connect()
  58 *                              when a DN_Connect is received.
  59 *
  60 *     wusb_devconnect_acked()  Ack done, release resources.
  61 *
  62 *   wusb_handle_dn_alive()     Called by notif.c:wusb_handle_dn()
  63 *                              for processing a DN_Alive pong from a device.
  64 *
  65 *   wusb_handle_dn_disconnect()Called by notif.c:wusb_handle_dn() to
  66 *                              process a disconenct request from a
  67 *                              device.
  68 *
  69 *   __wusb_dev_disable()       Called by rh.c:wusbhc_rh_clear_port_feat() when
  70 *                              disabling a port.
  71 *
  72 *   wusb_devconnect_create()   Called when creating the host by
  73 *                              lc.c:wusbhc_create().
  74 *
  75 *   wusb_devconnect_destroy()  Cleanup called removing the host. Called
  76 *                              by lc.c:wusbhc_destroy().
  77 *
  78 *   Each Wireless USB host maintains a list of DN_Connect requests
  79 *   (actually we maintain a list of pending Connect Acks, the
  80 *   wusbhc->ca_list).
  81 *
  82 * LIFE CYCLE OF port->wusb_dev
  83 *
  84 *   Before the @wusbhc structure put()s the reference it owns for
  85 *   port->wusb_dev [and clean the wusb_dev pointer], it needs to
  86 *   lock @wusbhc->mutex.
  87 */
  88
  89#include <linux/jiffies.h>
  90#include <linux/ctype.h>
  91#include <linux/workqueue.h>
  92#include "wusbhc.h"
  93
  94static void wusbhc_devconnect_acked_work(struct work_struct *work);
  95
  96static void wusb_dev_free(struct wusb_dev *wusb_dev)
  97{
  98	if (wusb_dev) {
  99		kfree(wusb_dev->set_gtk_req);
 100		usb_free_urb(wusb_dev->set_gtk_urb);
 101		kfree(wusb_dev);
 102	}
 103}
 104
 105static struct wusb_dev *wusb_dev_alloc(struct wusbhc *wusbhc)
 106{
 107	struct wusb_dev *wusb_dev;
 108	struct urb *urb;
 109	struct usb_ctrlrequest *req;
 110
 111	wusb_dev = kzalloc(sizeof(*wusb_dev), GFP_KERNEL);
 112	if (wusb_dev == NULL)
 113		goto err;
 114
 115	wusb_dev->wusbhc = wusbhc;
 116
 117	INIT_WORK(&wusb_dev->devconnect_acked_work, wusbhc_devconnect_acked_work);
 118
 119	urb = usb_alloc_urb(0, GFP_KERNEL);
 120	if (urb == NULL)
 121		goto err;
 122	wusb_dev->set_gtk_urb = urb;
 123
 124	req = kmalloc(sizeof(*req), GFP_KERNEL);
 125	if (req == NULL)
 126		goto err;
 127	wusb_dev->set_gtk_req = req;
 128
 129	req->bRequestType = USB_DIR_OUT | USB_TYPE_STANDARD | USB_RECIP_DEVICE;
 130	req->bRequest = USB_REQ_SET_DESCRIPTOR;
 131	req->wValue = cpu_to_le16(USB_DT_KEY << 8 | wusbhc->gtk_index);
 132	req->wIndex = 0;
 133	req->wLength = cpu_to_le16(wusbhc->gtk.descr.bLength);
 134
 135	return wusb_dev;
 136err:
 137	wusb_dev_free(wusb_dev);
 138	return NULL;
 139}
 140
 141
 142/*
 143 * Using the Connect-Ack list, fill out the @wusbhc Connect-Ack WUSB IE
 144 * properly so that it can be added to the MMC.
 145 *
 146 * We just get the @wusbhc->ca_list and fill out the first four ones or
 147 * less (per-spec WUSB1.0[7.5, before T7-38). If the ConnectAck WUSB
 148 * IE is not allocated, we alloc it.
 149 *
 150 * @wusbhc->mutex must be taken
 151 */
 152static void wusbhc_fill_cack_ie(struct wusbhc *wusbhc)
 153{
 154	unsigned cnt;
 155	struct wusb_dev *dev_itr;
 156	struct wuie_connect_ack *cack_ie;
 157
 158	cack_ie = &wusbhc->cack_ie;
 159	cnt = 0;
 160	list_for_each_entry(dev_itr, &wusbhc->cack_list, cack_node) {
 161		cack_ie->blk[cnt].CDID = dev_itr->cdid;
 162		cack_ie->blk[cnt].bDeviceAddress = dev_itr->addr;
 163		if (++cnt >= WUIE_ELT_MAX)
 164			break;
 165	}
 166	cack_ie->hdr.bLength = sizeof(cack_ie->hdr)
 167		+ cnt * sizeof(cack_ie->blk[0]);
 168}
 169
 170/*
 171 * Register a new device that wants to connect
 172 *
 173 * A new device wants to connect, so we add it to the Connect-Ack
 174 * list. We give it an address in the unauthorized range (bit 8 set);
 175 * user space will have to drive authorization further on.
 176 *
 177 * @dev_addr: address to use for the device (which is also the port
 178 *            number).
 179 *
 180 * @wusbhc->mutex must be taken
 181 */
 182static struct wusb_dev *wusbhc_cack_add(struct wusbhc *wusbhc,
 183					struct wusb_dn_connect *dnc,
 184					const char *pr_cdid, u8 port_idx)
 185{
 186	struct device *dev = wusbhc->dev;
 187	struct wusb_dev *wusb_dev;
 188	int new_connection = wusb_dn_connect_new_connection(dnc);
 189	u8 dev_addr;
 190	int result;
 191
 192	/* Is it registered already? */
 193	list_for_each_entry(wusb_dev, &wusbhc->cack_list, cack_node)
 194		if (!memcmp(&wusb_dev->cdid, &dnc->CDID,
 195			    sizeof(wusb_dev->cdid)))
 196			return wusb_dev;
 197	/* We don't have it, create an entry, register it */
 198	wusb_dev = wusb_dev_alloc(wusbhc);
 199	if (wusb_dev == NULL)
 200		return NULL;
 201	wusb_dev_init(wusb_dev);
 202	wusb_dev->cdid = dnc->CDID;
 203	wusb_dev->port_idx = port_idx;
 204
 205	/*
 206	 * Devices are always available within the cluster reservation
 207	 * and since the hardware will take the intersection of the
 208	 * per-device availability and the cluster reservation, the
 209	 * per-device availability can simply be set to always
 210	 * available.
 211	 */
 212	bitmap_fill(wusb_dev->availability.bm, UWB_NUM_MAS);
 213
 214	/* FIXME: handle reconnects instead of assuming connects are
 215	   always new. */
 216	if (1 && new_connection == 0)
 217		new_connection = 1;
 218	if (new_connection) {
 219		dev_addr = (port_idx + 2) | WUSB_DEV_ADDR_UNAUTH;
 220
 221		dev_info(dev, "Connecting new WUSB device to address %u, "
 222			"port %u\n", dev_addr, port_idx);
 223
 224		result = wusb_set_dev_addr(wusbhc, wusb_dev, dev_addr);
 225		if (result < 0)
 226			return NULL;
 227	}
 228	wusb_dev->entry_ts = jiffies;
 229	list_add_tail(&wusb_dev->cack_node, &wusbhc->cack_list);
 230	wusbhc->cack_count++;
 231	wusbhc_fill_cack_ie(wusbhc);
 232
 233	return wusb_dev;
 234}
 235
 236/*
 237 * Remove a Connect-Ack context entry from the HCs view
 238 *
 239 * @wusbhc->mutex must be taken
 240 */
 241static void wusbhc_cack_rm(struct wusbhc *wusbhc, struct wusb_dev *wusb_dev)
 242{
 243	list_del_init(&wusb_dev->cack_node);
 244	wusbhc->cack_count--;
 245	wusbhc_fill_cack_ie(wusbhc);
 246}
 247
 248/*
 249 * @wusbhc->mutex must be taken */
 250static
 251void wusbhc_devconnect_acked(struct wusbhc *wusbhc, struct wusb_dev *wusb_dev)
 252{
 253	wusbhc_cack_rm(wusbhc, wusb_dev);
 254	if (wusbhc->cack_count)
 255		wusbhc_mmcie_set(wusbhc, 0, 0, &wusbhc->cack_ie.hdr);
 256	else
 257		wusbhc_mmcie_rm(wusbhc, &wusbhc->cack_ie.hdr);
 258}
 259
 260static void wusbhc_devconnect_acked_work(struct work_struct *work)
 261{
 262	struct wusb_dev *wusb_dev = container_of(work, struct wusb_dev,
 263						 devconnect_acked_work);
 264	struct wusbhc *wusbhc = wusb_dev->wusbhc;
 265
 266	mutex_lock(&wusbhc->mutex);
 267	wusbhc_devconnect_acked(wusbhc, wusb_dev);
 268	mutex_unlock(&wusbhc->mutex);
 269
 270	wusb_dev_put(wusb_dev);
 271}
 272
 273/*
 274 * Ack a device for connection
 275 *
 276 * FIXME: docs
 277 *
 278 * @pr_cdid:	Printable CDID...hex Use @dnc->cdid for the real deal.
 279 *
 280 * So we get the connect ack IE (may have been allocated already),
 281 * find an empty connect block, an empty virtual port, create an
 282 * address with it (see below), make it an unauth addr [bit 7 set] and
 283 * set the MMC.
 284 *
 285 * Addresses: because WUSB hosts have no downstream hubs, we can do a
 286 *            1:1 mapping between 'port number' and device
 287 *            address. This simplifies many things, as during this
 288 *            initial connect phase the USB stack has no knoledge of
 289 *            the device and hasn't assigned an address yet--we know
 290 *            USB's choose_address() will use the same euristics we
 291 *            use here, so we can assume which address will be assigned.
 292 *
 293 *            USB stack always assigns address 1 to the root hub, so
 294 *            to the port number we add 2 (thus virtual port #0 is
 295 *            addr #2).
 296 *
 297 * @wusbhc shall be referenced
 298 */
 299static
 300void wusbhc_devconnect_ack(struct wusbhc *wusbhc, struct wusb_dn_connect *dnc,
 301			   const char *pr_cdid)
 302{
 303	int result;
 304	struct device *dev = wusbhc->dev;
 305	struct wusb_dev *wusb_dev;
 306	struct wusb_port *port;
 307	unsigned idx, devnum;
 308
 309	mutex_lock(&wusbhc->mutex);
 310
 311	/* Check we are not handling it already */
 312	for (idx = 0; idx < wusbhc->ports_max; idx++) {
 313		port = wusb_port_by_idx(wusbhc, idx);
 314		if (port->wusb_dev
 315		    && memcmp(&dnc->CDID, &port->wusb_dev->cdid, sizeof(dnc->CDID)) == 0)
 316			goto error_unlock;
 317	}
 318	/* Look up those fake ports we have for a free one */
 319	for (idx = 0; idx < wusbhc->ports_max; idx++) {
 320		port = wusb_port_by_idx(wusbhc, idx);
 321		if ((port->status & USB_PORT_STAT_POWER)
 322		    && !(port->status & USB_PORT_STAT_CONNECTION))
 323			break;
 324	}
 325	if (idx >= wusbhc->ports_max) {
 326		dev_err(dev, "Host controller can't connect more devices "
 327			"(%u already connected); device %s rejected\n",
 328			wusbhc->ports_max, pr_cdid);
 329		/* NOTE: we could send a WUIE_Disconnect here, but we haven't
 330		 *       event acked, so the device will eventually timeout the
 331		 *       connection, right? */
 332		goto error_unlock;
 333	}
 334
 335	devnum = idx + 2;
 336
 337	/* Make sure we are using no crypto on that "virtual port" */
 338	wusbhc->set_ptk(wusbhc, idx, 0, NULL, 0);
 339
 340	/* Grab a filled in Connect-Ack context, fill out the
 341	 * Connect-Ack Wireless USB IE, set the MMC */
 342	wusb_dev = wusbhc_cack_add(wusbhc, dnc, pr_cdid, idx);
 343	if (wusb_dev == NULL)
 344		goto error_unlock;
 345	result = wusbhc_mmcie_set(wusbhc, 0, 0, &wusbhc->cack_ie.hdr);
 346	if (result < 0)
 347		goto error_unlock;
 348	/* Give the device at least 2ms (WUSB1.0[7.5.1p3]), let's do
 349	 * three for a good measure */
 350	msleep(3);
 351	port->wusb_dev = wusb_dev;
 352	port->status |= USB_PORT_STAT_CONNECTION;
 353	port->change |= USB_PORT_STAT_C_CONNECTION;
 354	/* Now the port status changed to connected; khubd will
 355	 * pick the change up and try to reset the port to bring it to
 356	 * the enabled state--so this process returns up to the stack
 357	 * and it calls back into wusbhc_rh_port_reset().
 358	 */
 359error_unlock:
 360	mutex_unlock(&wusbhc->mutex);
 361	return;
 362
 363}
 364
 365/*
 366 * Disconnect a Wireless USB device from its fake port
 367 *
 368 * Marks the port as disconnected so that khubd can pick up the change
 369 * and drops our knowledge about the device.
 370 *
 371 * Assumes there is a device connected
 372 *
 373 * @port_index: zero based port number
 374 *
 375 * NOTE: @wusbhc->mutex is locked
 376 *
 377 * WARNING: From here it is not very safe to access anything hanging off
 378 *	    wusb_dev
 379 */
 380static void __wusbhc_dev_disconnect(struct wusbhc *wusbhc,
 381				    struct wusb_port *port)
 382{
 383	struct wusb_dev *wusb_dev = port->wusb_dev;
 384
 385	port->status &= ~(USB_PORT_STAT_CONNECTION | USB_PORT_STAT_ENABLE
 386			  | USB_PORT_STAT_SUSPEND | USB_PORT_STAT_RESET
 387			  | USB_PORT_STAT_LOW_SPEED | USB_PORT_STAT_HIGH_SPEED);
 388	port->change |= USB_PORT_STAT_C_CONNECTION | USB_PORT_STAT_C_ENABLE;
 389	if (wusb_dev) {
 390		dev_dbg(wusbhc->dev, "disconnecting device from port %d\n", wusb_dev->port_idx);
 391		if (!list_empty(&wusb_dev->cack_node))
 392			list_del_init(&wusb_dev->cack_node);
 393		/* For the one in cack_add() */
 394		wusb_dev_put(wusb_dev);
 395	}
 396	port->wusb_dev = NULL;
 397
 398	/* After a device disconnects, change the GTK (see [WUSB]
 399	 * section 6.2.11.2). */
 400	if (wusbhc->active)
 401		wusbhc_gtk_rekey(wusbhc);
 402
 403	/* The Wireless USB part has forgotten about the device already; now
 404	 * khubd's timer will pick up the disconnection and remove the USB
 405	 * device from the system
 406	 */
 407}
 408
 409/*
 410 * Refresh the list of keep alives to emit in the MMC
 411 *
 412 * Some devices don't respond to keep alives unless they've been
 413 * authenticated, so skip unauthenticated devices.
 414 *
 415 * We only publish the first four devices that have a coming timeout
 416 * condition. Then when we are done processing those, we go for the
 417 * next ones. We ignore the ones that have timed out already (they'll
 418 * be purged).
 419 *
 420 * This might cause the first devices to timeout the last devices in
 421 * the port array...FIXME: come up with a better algorithm?
 422 *
 423 * Note we can't do much about MMC's ops errors; we hope next refresh
 424 * will kind of handle it.
 425 *
 426 * NOTE: @wusbhc->mutex is locked
 427 */
 428static void __wusbhc_keep_alive(struct wusbhc *wusbhc)
 429{
 430	struct device *dev = wusbhc->dev;
 431	unsigned cnt;
 432	struct wusb_dev *wusb_dev;
 433	struct wusb_port *wusb_port;
 434	struct wuie_keep_alive *ie = &wusbhc->keep_alive_ie;
 435	unsigned keep_alives, old_keep_alives;
 436
 437	old_keep_alives = ie->hdr.bLength - sizeof(ie->hdr);
 438	keep_alives = 0;
 439	for (cnt = 0;
 440	     keep_alives <= WUIE_ELT_MAX && cnt < wusbhc->ports_max;
 441	     cnt++) {
 442		unsigned tt = msecs_to_jiffies(wusbhc->trust_timeout);
 443
 444		wusb_port = wusb_port_by_idx(wusbhc, cnt);
 445		wusb_dev = wusb_port->wusb_dev;
 446
 447		if (wusb_dev == NULL)
 448			continue;
 449		if (wusb_dev->usb_dev == NULL || !wusb_dev->usb_dev->authenticated)
 450			continue;
 451
 452		if (time_after(jiffies, wusb_dev->entry_ts + tt)) {
 453			dev_err(dev, "KEEPALIVE: device %u timed out\n",
 454				wusb_dev->addr);
 455			__wusbhc_dev_disconnect(wusbhc, wusb_port);
 456		} else if (time_after(jiffies, wusb_dev->entry_ts + tt/2)) {
 457			/* Approaching timeout cut out, need to refresh */
 458			ie->bDeviceAddress[keep_alives++] = wusb_dev->addr;
 459		}
 460	}
 461	if (keep_alives & 0x1)	/* pad to even number ([WUSB] section 7.5.9) */
 462		ie->bDeviceAddress[keep_alives++] = 0x7f;
 463	ie->hdr.bLength = sizeof(ie->hdr) +
 464		keep_alives*sizeof(ie->bDeviceAddress[0]);
 465	if (keep_alives > 0)
 466		wusbhc_mmcie_set(wusbhc, 10, 5, &ie->hdr);
 467	else if (old_keep_alives != 0)
 468		wusbhc_mmcie_rm(wusbhc, &ie->hdr);
 469}
 470
 471/*
 472 * Do a run through all devices checking for timeouts
 473 */
 474static void wusbhc_keep_alive_run(struct work_struct *ws)
 475{
 476	struct delayed_work *dw = to_delayed_work(ws);
 477	struct wusbhc *wusbhc =	container_of(dw, struct wusbhc, keep_alive_timer);
 478
 479	mutex_lock(&wusbhc->mutex);
 480	__wusbhc_keep_alive(wusbhc);
 481	mutex_unlock(&wusbhc->mutex);
 482
 483	queue_delayed_work(wusbd, &wusbhc->keep_alive_timer,
 484			   msecs_to_jiffies(wusbhc->trust_timeout / 2));
 485}
 486
 487/*
 488 * Find the wusb_dev from its device address.
 489 *
 490 * The device can be found directly from the address (see
 491 * wusb_cack_add() for where the device address is set to port_idx
 492 * +2), except when the address is zero.
 493 */
 494static struct wusb_dev *wusbhc_find_dev_by_addr(struct wusbhc *wusbhc, u8 addr)
 495{
 496	int p;
 497
 498	if (addr == 0xff) /* unconnected */
 499		return NULL;
 500
 501	if (addr > 0) {
 502		int port = (addr & ~0x80) - 2;
 503		if (port < 0 || port >= wusbhc->ports_max)
 504			return NULL;
 505		return wusb_port_by_idx(wusbhc, port)->wusb_dev;
 506	}
 507
 508	/* Look for the device with address 0. */
 509	for (p = 0; p < wusbhc->ports_max; p++) {
 510		struct wusb_dev *wusb_dev = wusb_port_by_idx(wusbhc, p)->wusb_dev;
 511		if (wusb_dev && wusb_dev->addr == addr)
 512			return wusb_dev;
 513	}
 514	return NULL;
 515}
 516
 517/*
 518 * Handle a DN_Alive notification (WUSB1.0[7.6.1])
 519 *
 520 * This just updates the device activity timestamp and then refreshes
 521 * the keep alive IE.
 522 *
 523 * @wusbhc shall be referenced and unlocked
 524 */
 525static void wusbhc_handle_dn_alive(struct wusbhc *wusbhc, struct wusb_dev *wusb_dev)
 526{
 527	mutex_lock(&wusbhc->mutex);
 528	wusb_dev->entry_ts = jiffies;
 529	__wusbhc_keep_alive(wusbhc);
 530	mutex_unlock(&wusbhc->mutex);
 531}
 532
 533/*
 534 * Handle a DN_Connect notification (WUSB1.0[7.6.1])
 535 *
 536 * @wusbhc
 537 * @pkt_hdr
 538 * @size:    Size of the buffer where the notification resides; if the
 539 *           notification data suggests there should be more data than
 540 *           available, an error will be signaled and the whole buffer
 541 *           consumed.
 542 *
 543 * @wusbhc->mutex shall be held
 544 */
 545static void wusbhc_handle_dn_connect(struct wusbhc *wusbhc,
 546				     struct wusb_dn_hdr *dn_hdr,
 547				     size_t size)
 548{
 549	struct device *dev = wusbhc->dev;
 550	struct wusb_dn_connect *dnc;
 551	char pr_cdid[WUSB_CKHDID_STRSIZE];
 552	static const char *beacon_behaviour[] = {
 553		"reserved",
 554		"self-beacon",
 555		"directed-beacon",
 556		"no-beacon"
 557	};
 558
 559	if (size < sizeof(*dnc)) {
 560		dev_err(dev, "DN CONNECT: short notification (%zu < %zu)\n",
 561			size, sizeof(*dnc));
 562		return;
 563	}
 564
 565	dnc = container_of(dn_hdr, struct wusb_dn_connect, hdr);
 566	ckhdid_printf(pr_cdid, sizeof(pr_cdid), &dnc->CDID);
 567	dev_info(dev, "DN CONNECT: device %s @ %x (%s) wants to %s\n",
 568		 pr_cdid,
 569		 wusb_dn_connect_prev_dev_addr(dnc),
 570		 beacon_behaviour[wusb_dn_connect_beacon_behavior(dnc)],
 571		 wusb_dn_connect_new_connection(dnc) ? "connect" : "reconnect");
 572	/* ACK the connect */
 573	wusbhc_devconnect_ack(wusbhc, dnc, pr_cdid);
 574}
 575
 576/*
 577 * Handle a DN_Disconnect notification (WUSB1.0[7.6.1])
 578 *
 579 * Device is going down -- do the disconnect.
 580 *
 581 * @wusbhc shall be referenced and unlocked
 582 */
 583static void wusbhc_handle_dn_disconnect(struct wusbhc *wusbhc, struct wusb_dev *wusb_dev)
 584{
 585	struct device *dev = wusbhc->dev;
 586
 587	dev_info(dev, "DN DISCONNECT: device 0x%02x going down\n", wusb_dev->addr);
 588
 589	mutex_lock(&wusbhc->mutex);
 590	__wusbhc_dev_disconnect(wusbhc, wusb_port_by_idx(wusbhc, wusb_dev->port_idx));
 591	mutex_unlock(&wusbhc->mutex);
 592}
 593
 594/*
 595 * Handle a Device Notification coming a host
 596 *
 597 * The Device Notification comes from a host (HWA, DWA or WHCI)
 598 * wrapped in a set of headers. Somebody else has peeled off those
 599 * headers for us and we just get one Device Notifications.
 600 *
 601 * Invalid DNs (e.g., too short) are discarded.
 602 *
 603 * @wusbhc shall be referenced
 604 *
 605 * FIXMES:
 606 *  - implement priorities as in WUSB1.0[Table 7-55]?
 607 */
 608void wusbhc_handle_dn(struct wusbhc *wusbhc, u8 srcaddr,
 609		      struct wusb_dn_hdr *dn_hdr, size_t size)
 610{
 611	struct device *dev = wusbhc->dev;
 612	struct wusb_dev *wusb_dev;
 613
 614	if (size < sizeof(struct wusb_dn_hdr)) {
 615		dev_err(dev, "DN data shorter than DN header (%d < %d)\n",
 616			(int)size, (int)sizeof(struct wusb_dn_hdr));
 617		return;
 618	}
 619
 620	wusb_dev = wusbhc_find_dev_by_addr(wusbhc, srcaddr);
 621	if (wusb_dev == NULL && dn_hdr->bType != WUSB_DN_CONNECT) {
 622		dev_dbg(dev, "ignoring DN %d from unconnected device %02x\n",
 623			dn_hdr->bType, srcaddr);
 624		return;
 625	}
 626
 627	switch (dn_hdr->bType) {
 628	case WUSB_DN_CONNECT:
 629		wusbhc_handle_dn_connect(wusbhc, dn_hdr, size);
 630		break;
 631	case WUSB_DN_ALIVE:
 632		wusbhc_handle_dn_alive(wusbhc, wusb_dev);
 633		break;
 634	case WUSB_DN_DISCONNECT:
 635		wusbhc_handle_dn_disconnect(wusbhc, wusb_dev);
 636		break;
 637	case WUSB_DN_MASAVAILCHANGED:
 638	case WUSB_DN_RWAKE:
 639	case WUSB_DN_SLEEP:
 640		/* FIXME: handle these DNs. */
 641		break;
 642	case WUSB_DN_EPRDY:
 643		/* The hardware handles these. */
 644		break;
 645	default:
 646		dev_warn(dev, "unknown DN %u (%d octets) from %u\n",
 647			 dn_hdr->bType, (int)size, srcaddr);
 648	}
 649}
 650EXPORT_SYMBOL_GPL(wusbhc_handle_dn);
 651
 652/*
 653 * Disconnect a WUSB device from a the cluster
 654 *
 655 * @wusbhc
 656 * @port     Fake port where the device is (wusbhc index, not USB port number).
 657 *
 658 * In Wireless USB, a disconnect is basically telling the device he is
 659 * being disconnected and forgetting about him.
 660 *
 661 * We send the device a Device Disconnect IE (WUSB1.0[7.5.11]) for 100
 662 * ms and then keep going.
 663 *
 664 * We don't do much in case of error; we always pretend we disabled
 665 * the port and disconnected the device. If physically the request
 666 * didn't get there (many things can fail in the way there), the stack
 667 * will reject the device's communication attempts.
 668 *
 669 * @wusbhc should be refcounted and locked
 670 */
 671void __wusbhc_dev_disable(struct wusbhc *wusbhc, u8 port_idx)
 672{
 673	int result;
 674	struct device *dev = wusbhc->dev;
 675	struct wusb_dev *wusb_dev;
 676	struct wuie_disconnect *ie;
 677
 678	wusb_dev = wusb_port_by_idx(wusbhc, port_idx)->wusb_dev;
 679	if (wusb_dev == NULL) {
 680		/* reset no device? ignore */
 681		dev_dbg(dev, "DISCONNECT: no device at port %u, ignoring\n",
 682			port_idx);
 683		return;
 684	}
 685	__wusbhc_dev_disconnect(wusbhc, wusb_port_by_idx(wusbhc, port_idx));
 686
 687	ie = kzalloc(sizeof(*ie), GFP_KERNEL);
 688	if (ie == NULL)
 689		return;
 690	ie->hdr.bLength = sizeof(*ie);
 691	ie->hdr.bIEIdentifier = WUIE_ID_DEVICE_DISCONNECT;
 692	ie->bDeviceAddress = wusb_dev->addr;
 693	result = wusbhc_mmcie_set(wusbhc, 0, 0, &ie->hdr);
 694	if (result < 0)
 695		dev_err(dev, "DISCONNECT: can't set MMC: %d\n", result);
 696	else {
 697		/* At least 6 MMCs, assuming at least 1 MMC per zone. */
 698		msleep(7*4);
 699		wusbhc_mmcie_rm(wusbhc, &ie->hdr);
 700	}
 701	kfree(ie);
 702}
 703
 704/*
 705 * Walk over the BOS descriptor, verify and grok it
 706 *
 707 * @usb_dev: referenced
 708 * @wusb_dev: referenced and unlocked
 709 *
 710 * The BOS descriptor is defined at WUSB1.0[7.4.1], and it defines a
 711 * "flexible" way to wrap all kinds of descriptors inside an standard
 712 * descriptor (wonder why they didn't use normal descriptors,
 713 * btw). Not like they lack code.
 714 *
 715 * At the end we go to look for the WUSB Device Capabilities
 716 * (WUSB1.0[7.4.1.1]) that is wrapped in a device capability descriptor
 717 * that is part of the BOS descriptor set. That tells us what does the
 718 * device support (dual role, beacon type, UWB PHY rates).
 719 */
 720static int wusb_dev_bos_grok(struct usb_device *usb_dev,
 721			     struct wusb_dev *wusb_dev,
 722			     struct usb_bos_descriptor *bos, size_t desc_size)
 723{
 724	ssize_t result;
 725	struct device *dev = &usb_dev->dev;
 726	void *itr, *top;
 727
 728	/* Walk over BOS capabilities, verify them */
 729	itr = (void *)bos + sizeof(*bos);
 730	top = itr + desc_size - sizeof(*bos);
 731	while (itr < top) {
 732		struct usb_dev_cap_header *cap_hdr = itr;
 733		size_t cap_size;
 734		u8 cap_type;
 735		if (top - itr < sizeof(*cap_hdr)) {
 736			dev_err(dev, "Device BUG? premature end of BOS header "
 737				"data [offset 0x%02x]: only %zu bytes left\n",
 738				(int)(itr - (void *)bos), top - itr);
 739			result = -ENOSPC;
 740			goto error_bad_cap;
 741		}
 742		cap_size = cap_hdr->bLength;
 743		cap_type = cap_hdr->bDevCapabilityType;
 744		if (cap_size == 0)
 745			break;
 746		if (cap_size > top - itr) {
 747			dev_err(dev, "Device BUG? premature end of BOS data "
 748				"[offset 0x%02x cap %02x %zu bytes]: "
 749				"only %zu bytes left\n",
 750				(int)(itr - (void *)bos),
 751				cap_type, cap_size, top - itr);
 752			result = -EBADF;
 753			goto error_bad_cap;
 754		}
 755		switch (cap_type) {
 756		case USB_CAP_TYPE_WIRELESS_USB:
 757			if (cap_size != sizeof(*wusb_dev->wusb_cap_descr))
 758				dev_err(dev, "Device BUG? WUSB Capability "
 759					"descriptor is %zu bytes vs %zu "
 760					"needed\n", cap_size,
 761					sizeof(*wusb_dev->wusb_cap_descr));
 762			else
 763				wusb_dev->wusb_cap_descr = itr;
 764			break;
 765		default:
 766			dev_err(dev, "BUG? Unknown BOS capability 0x%02x "
 767				"(%zu bytes) at offset 0x%02x\n", cap_type,
 768				cap_size, (int)(itr - (void *)bos));
 769		}
 770		itr += cap_size;
 771	}
 772	result = 0;
 773error_bad_cap:
 774	return result;
 775}
 776
 777/*
 778 * Add information from the BOS descriptors to the device
 779 *
 780 * @usb_dev: referenced
 781 * @wusb_dev: referenced and unlocked
 782 *
 783 * So what we do is we alloc a space for the BOS descriptor of 64
 784 * bytes; read the first four bytes which include the wTotalLength
 785 * field (WUSB1.0[T7-26]) and if it fits in those 64 bytes, read the
 786 * whole thing. If not we realloc to that size.
 787 *
 788 * Then we call the groking function, that will fill up
 789 * wusb_dev->wusb_cap_descr, which is what we'll need later on.
 790 */
 791static int wusb_dev_bos_add(struct usb_device *usb_dev,
 792			    struct wusb_dev *wusb_dev)
 793{
 794	ssize_t result;
 795	struct device *dev = &usb_dev->dev;
 796	struct usb_bos_descriptor *bos;
 797	size_t alloc_size = 32, desc_size = 4;
 798
 799	bos = kmalloc(alloc_size, GFP_KERNEL);
 800	if (bos == NULL)
 801		return -ENOMEM;
 802	result = usb_get_descriptor(usb_dev, USB_DT_BOS, 0, bos, desc_size);
 803	if (result < 4) {
 804		dev_err(dev, "Can't get BOS descriptor or too short: %zd\n",
 805			result);
 806		goto error_get_descriptor;
 807	}
 808	desc_size = le16_to_cpu(bos->wTotalLength);
 809	if (desc_size >= alloc_size) {
 810		kfree(bos);
 811		alloc_size = desc_size;
 812		bos = kmalloc(alloc_size, GFP_KERNEL);
 813		if (bos == NULL)
 814			return -ENOMEM;
 815	}
 816	result = usb_get_descriptor(usb_dev, USB_DT_BOS, 0, bos, desc_size);
 817	if (result < 0 || result != desc_size) {
 818		dev_err(dev, "Can't get  BOS descriptor or too short (need "
 819			"%zu bytes): %zd\n", desc_size, result);
 820		goto error_get_descriptor;
 821	}
 822	if (result < sizeof(*bos)
 823	    || le16_to_cpu(bos->wTotalLength) != desc_size) {
 824		dev_err(dev, "Can't get  BOS descriptor or too short (need "
 825			"%zu bytes): %zd\n", desc_size, result);
 826		goto error_get_descriptor;
 827	}
 828
 829	result = wusb_dev_bos_grok(usb_dev, wusb_dev, bos, result);
 830	if (result < 0)
 831		goto error_bad_bos;
 832	wusb_dev->bos = bos;
 833	return 0;
 834
 835error_bad_bos:
 836error_get_descriptor:
 837	kfree(bos);
 838	wusb_dev->wusb_cap_descr = NULL;
 839	return result;
 840}
 841
 842static void wusb_dev_bos_rm(struct wusb_dev *wusb_dev)
 843{
 844	kfree(wusb_dev->bos);
 845	wusb_dev->wusb_cap_descr = NULL;
 846};
 847
 848static struct usb_wireless_cap_descriptor wusb_cap_descr_default = {
 849	.bLength = sizeof(wusb_cap_descr_default),
 850	.bDescriptorType = USB_DT_DEVICE_CAPABILITY,
 851	.bDevCapabilityType = USB_CAP_TYPE_WIRELESS_USB,
 852
 853	.bmAttributes = USB_WIRELESS_BEACON_NONE,
 854	.wPHYRates = cpu_to_le16(USB_WIRELESS_PHY_53),
 855	.bmTFITXPowerInfo = 0,
 856	.bmFFITXPowerInfo = 0,
 857	.bmBandGroup = cpu_to_le16(0x0001),	/* WUSB1.0[7.4.1] bottom */
 858	.bReserved = 0
 859};
 860
 861/*
 862 * USB stack's device addition Notifier Callback
 863 *
 864 * Called from drivers/usb/core/hub.c when a new device is added; we
 865 * use this hook to perform certain WUSB specific setup work on the
 866 * new device. As well, it is the first time we can connect the
 867 * wusb_dev and the usb_dev. So we note it down in wusb_dev and take a
 868 * reference that we'll drop.
 869 *
 870 * First we need to determine if the device is a WUSB device (else we
 871 * ignore it). For that we use the speed setting (USB_SPEED_VARIABLE)
 872 * [FIXME: maybe we'd need something more definitive]. If so, we track
 873 * it's usb_busd and from there, the WUSB HC.
 874 *
 875 * Because all WUSB HCs are contained in a 'struct wusbhc', voila, we
 876 * get the wusbhc for the device.
 877 *
 878 * We have a reference on @usb_dev (as we are called at the end of its
 879 * enumeration).
 880 *
 881 * NOTE: @usb_dev locked
 882 */
 883static void wusb_dev_add_ncb(struct usb_device *usb_dev)
 884{
 885	int result = 0;
 886	struct wusb_dev *wusb_dev;
 887	struct wusbhc *wusbhc;
 888	struct device *dev = &usb_dev->dev;
 889	u8 port_idx;
 890
 891	if (usb_dev->wusb == 0 || usb_dev->devnum == 1)
 892		return;		/* skip non wusb and wusb RHs */
 893
 894	usb_set_device_state(usb_dev, USB_STATE_UNAUTHENTICATED);
 895
 896	wusbhc = wusbhc_get_by_usb_dev(usb_dev);
 897	if (wusbhc == NULL)
 898		goto error_nodev;
 899	mutex_lock(&wusbhc->mutex);
 900	wusb_dev = __wusb_dev_get_by_usb_dev(wusbhc, usb_dev);
 901	port_idx = wusb_port_no_to_idx(usb_dev->portnum);
 902	mutex_unlock(&wusbhc->mutex);
 903	if (wusb_dev == NULL)
 904		goto error_nodev;
 905	wusb_dev->usb_dev = usb_get_dev(usb_dev);
 906	usb_dev->wusb_dev = wusb_dev_get(wusb_dev);
 907	result = wusb_dev_sec_add(wusbhc, usb_dev, wusb_dev);
 908	if (result < 0) {
 909		dev_err(dev, "Cannot enable security: %d\n", result);
 910		goto error_sec_add;
 911	}
 912	/* Now query the device for it's BOS and attach it to wusb_dev */
 913	result = wusb_dev_bos_add(usb_dev, wusb_dev);
 914	if (result < 0) {
 915		dev_err(dev, "Cannot get BOS descriptors: %d\n", result);
 916		goto error_bos_add;
 917	}
 918	result = wusb_dev_sysfs_add(wusbhc, usb_dev, wusb_dev);
 919	if (result < 0)
 920		goto error_add_sysfs;
 921out:
 922	wusb_dev_put(wusb_dev);
 923	wusbhc_put(wusbhc);
 924error_nodev:
 925	return;
 926
 927	wusb_dev_sysfs_rm(wusb_dev);
 928error_add_sysfs:
 929	wusb_dev_bos_rm(wusb_dev);
 930error_bos_add:
 931	wusb_dev_sec_rm(wusb_dev);
 932error_sec_add:
 933	mutex_lock(&wusbhc->mutex);
 934	__wusbhc_dev_disconnect(wusbhc, wusb_port_by_idx(wusbhc, port_idx));
 935	mutex_unlock(&wusbhc->mutex);
 936	goto out;
 937}
 938
 939/*
 940 * Undo all the steps done at connection by the notifier callback
 941 *
 942 * NOTE: @usb_dev locked
 943 */
 944static void wusb_dev_rm_ncb(struct usb_device *usb_dev)
 945{
 946	struct wusb_dev *wusb_dev = usb_dev->wusb_dev;
 947
 948	if (usb_dev->wusb == 0 || usb_dev->devnum == 1)
 949		return;		/* skip non wusb and wusb RHs */
 950
 951	wusb_dev_sysfs_rm(wusb_dev);
 952	wusb_dev_bos_rm(wusb_dev);
 953	wusb_dev_sec_rm(wusb_dev);
 954	wusb_dev->usb_dev = NULL;
 955	usb_dev->wusb_dev = NULL;
 956	wusb_dev_put(wusb_dev);
 957	usb_put_dev(usb_dev);
 958}
 959
 960/*
 961 * Handle notifications from the USB stack (notifier call back)
 962 *
 963 * This is called when the USB stack does a
 964 * usb_{bus,device}_{add,remove}() so we can do WUSB specific
 965 * handling. It is called with [for the case of
 966 * USB_DEVICE_{ADD,REMOVE} with the usb_dev locked.
 967 */
 968int wusb_usb_ncb(struct notifier_block *nb, unsigned long val,
 969		 void *priv)
 970{
 971	int result = NOTIFY_OK;
 972
 973	switch (val) {
 974	case USB_DEVICE_ADD:
 975		wusb_dev_add_ncb(priv);
 976		break;
 977	case USB_DEVICE_REMOVE:
 978		wusb_dev_rm_ncb(priv);
 979		break;
 980	case USB_BUS_ADD:
 981		/* ignore (for now) */
 982	case USB_BUS_REMOVE:
 983		break;
 984	default:
 985		WARN_ON(1);
 986		result = NOTIFY_BAD;
 987	};
 988	return result;
 989}
 990
 991/*
 992 * Return a referenced wusb_dev given a @wusbhc and @usb_dev
 993 */
 994struct wusb_dev *__wusb_dev_get_by_usb_dev(struct wusbhc *wusbhc,
 995					   struct usb_device *usb_dev)
 996{
 997	struct wusb_dev *wusb_dev;
 998	u8 port_idx;
 999
1000	port_idx = wusb_port_no_to_idx(usb_dev->portnum);
1001	BUG_ON(port_idx > wusbhc->ports_max);
1002	wusb_dev = wusb_port_by_idx(wusbhc, port_idx)->wusb_dev;
1003	if (wusb_dev != NULL)		/* ops, device is gone */
1004		wusb_dev_get(wusb_dev);
1005	return wusb_dev;
1006}
1007EXPORT_SYMBOL_GPL(__wusb_dev_get_by_usb_dev);
1008
1009void wusb_dev_destroy(struct kref *_wusb_dev)
1010{
1011	struct wusb_dev *wusb_dev = container_of(_wusb_dev, struct wusb_dev, refcnt);
1012
1013	list_del_init(&wusb_dev->cack_node);
1014	wusb_dev_free(wusb_dev);
1015}
1016EXPORT_SYMBOL_GPL(wusb_dev_destroy);
1017
1018/*
1019 * Create all the device connect handling infrastructure
1020 *
1021 * This is basically the device info array, Connect Acknowledgement
1022 * (cack) lists, keep-alive timers (and delayed work thread).
1023 */
1024int wusbhc_devconnect_create(struct wusbhc *wusbhc)
1025{
1026	wusbhc->keep_alive_ie.hdr.bIEIdentifier = WUIE_ID_KEEP_ALIVE;
1027	wusbhc->keep_alive_ie.hdr.bLength = sizeof(wusbhc->keep_alive_ie.hdr);
1028	INIT_DELAYED_WORK(&wusbhc->keep_alive_timer, wusbhc_keep_alive_run);
1029
1030	wusbhc->cack_ie.hdr.bIEIdentifier = WUIE_ID_CONNECTACK;
1031	wusbhc->cack_ie.hdr.bLength = sizeof(wusbhc->cack_ie.hdr);
1032	INIT_LIST_HEAD(&wusbhc->cack_list);
1033
1034	return 0;
1035}
1036
1037/*
1038 * Release all resources taken by the devconnect stuff
1039 */
1040void wusbhc_devconnect_destroy(struct wusbhc *wusbhc)
1041{
1042	/* no op */
1043}
1044
1045/*
1046 * wusbhc_devconnect_start - start accepting device connections
1047 * @wusbhc: the WUSB HC
1048 *
1049 * Sets the Host Info IE to accept all new connections.
1050 *
1051 * FIXME: This also enables the keep alives but this is not necessary
1052 * until there are connected and authenticated devices.
1053 */
1054int wusbhc_devconnect_start(struct wusbhc *wusbhc)
1055{
1056	struct device *dev = wusbhc->dev;
1057	struct wuie_host_info *hi;
1058	int result;
1059
1060	hi = kzalloc(sizeof(*hi), GFP_KERNEL);
1061	if (hi == NULL)
1062		return -ENOMEM;
1063
1064	hi->hdr.bLength       = sizeof(*hi);
1065	hi->hdr.bIEIdentifier = WUIE_ID_HOST_INFO;
1066	hi->attributes        = cpu_to_le16((wusbhc->rsv->stream << 3) | WUIE_HI_CAP_ALL);
1067	hi->CHID              = wusbhc->chid;
1068	result = wusbhc_mmcie_set(wusbhc, 0, 0, &hi->hdr);
1069	if (result < 0) {
1070		dev_err(dev, "Cannot add Host Info MMCIE: %d\n", result);
1071		goto error_mmcie_set;
1072	}
1073	wusbhc->wuie_host_info = hi;
1074
1075	queue_delayed_work(wusbd, &wusbhc->keep_alive_timer,
1076			   (wusbhc->trust_timeout*CONFIG_HZ)/1000/2);
1077
1078	return 0;
1079
1080error_mmcie_set:
1081	kfree(hi);
1082	return result;
1083}
1084
1085/*
1086 * wusbhc_devconnect_stop - stop managing connected devices
1087 * @wusbhc: the WUSB HC
1088 *
1089 * Disconnects any devices still connected, stops the keep alives and
1090 * removes the Host Info IE.
1091 */
1092void wusbhc_devconnect_stop(struct wusbhc *wusbhc)
1093{
1094	int i;
1095
1096	mutex_lock(&wusbhc->mutex);
1097	for (i = 0; i < wusbhc->ports_max; i++) {
1098		if (wusbhc->port[i].wusb_dev)
1099			__wusbhc_dev_disconnect(wusbhc, &wusbhc->port[i]);
1100	}
1101	mutex_unlock(&wusbhc->mutex);
1102
1103	cancel_delayed_work_sync(&wusbhc->keep_alive_timer);
1104	wusbhc_mmcie_rm(wusbhc, &wusbhc->wuie_host_info->hdr);
1105	kfree(wusbhc->wuie_host_info);
1106	wusbhc->wuie_host_info = NULL;
1107}
1108
1109/*
1110 * wusb_set_dev_addr - set the WUSB device address used by the host
1111 * @wusbhc: the WUSB HC the device is connect to
1112 * @wusb_dev: the WUSB device
1113 * @addr: new device address
1114 */
1115int wusb_set_dev_addr(struct wusbhc *wusbhc, struct wusb_dev *wusb_dev, u8 addr)
1116{
1117	int result;
1118
1119	wusb_dev->addr = addr;
1120	result = wusbhc->dev_info_set(wusbhc, wusb_dev);
1121	if (result < 0)
1122		dev_err(wusbhc->dev, "device %d: failed to set device "
1123			"address\n", wusb_dev->port_idx);
1124	else
1125		dev_info(wusbhc->dev, "device %d: %s addr %u\n",
1126			 wusb_dev->port_idx,
1127			 (addr & WUSB_DEV_ADDR_UNAUTH) ? "unauth" : "auth",
1128			 wusb_dev->addr);
1129
1130	return result;
1131}