linux_old1/drivers/misc/ti-st/st_core.c

910 lines
24 KiB
C
Raw Normal View History

// SPDX-License-Identifier: GPL-2.0-only
/*
* Shared Transport Line discipline driver Core
* This hooks up ST KIM driver and ST LL driver
* Copyright (C) 2009-2010 Texas Instruments
* Author: Pavan Savoy <pavan_savoy@ti.com>
*/
#define pr_fmt(fmt) "(stc): " fmt
#include <linux/module.h>
#include <linux/kernel.h>
#include <linux/tty.h>
#include <linux/seq_file.h>
#include <linux/skbuff.h>
#include <linux/ti_wilink_st.h>
extern void st_kim_recv(void *, const unsigned char *, long);
void st_int_recv(void *, const unsigned char *, long);
/* function pointer pointing to either,
* st_kim_recv during registration to receive fw download responses
* st_int_recv after registration to receive proto stack responses
*/
static void (*st_recv) (void *, const unsigned char *, long);
/********************************************************************/
static void add_channel_to_table(struct st_data_s *st_gdata,
struct st_proto_s *new_proto)
{
pr_info("%s: id %d\n", __func__, new_proto->chnl_id);
/* list now has the channel id as index itself */
st_gdata->list[new_proto->chnl_id] = new_proto;
st_gdata->is_registered[new_proto->chnl_id] = true;
}
static void remove_channel_from_table(struct st_data_s *st_gdata,
struct st_proto_s *proto)
{
pr_info("%s: id %d\n", __func__, proto->chnl_id);
/* st_gdata->list[proto->chnl_id] = NULL; */
st_gdata->is_registered[proto->chnl_id] = false;
}
/*
* called from KIM during firmware download.
*
* This is a wrapper function to tty->ops->write_room.
* It returns number of free space available in
* uart tx buffer.
*/
int st_get_uart_wr_room(struct st_data_s *st_gdata)
{
struct tty_struct *tty;
if (unlikely(st_gdata == NULL || st_gdata->tty == NULL)) {
pr_err("tty unavailable to perform write");
return -1;
}
tty = st_gdata->tty;
return tty->ops->write_room(tty);
}
/* can be called in from
* -- KIM (during fw download)
* -- ST Core (during st_write)
*
* This is the internal write function - a wrapper
* to tty->ops->write
*/
int st_int_write(struct st_data_s *st_gdata,
const unsigned char *data, int count)
{
struct tty_struct *tty;
if (unlikely(st_gdata == NULL || st_gdata->tty == NULL)) {
pr_err("tty unavailable to perform write");
return -EINVAL;
}
tty = st_gdata->tty;
#ifdef VERBOSE
print_hex_dump(KERN_DEBUG, "<out<", DUMP_PREFIX_NONE,
16, 1, data, count, 0);
#endif
return tty->ops->write(tty, data, count);
}
/*
* push the skb received to relevant
* protocol stacks
*/
static void st_send_frame(unsigned char chnl_id, struct st_data_s *st_gdata)
{
pr_debug(" %s(prot:%d) ", __func__, chnl_id);
if (unlikely
(st_gdata == NULL || st_gdata->rx_skb == NULL
|| st_gdata->is_registered[chnl_id] == false)) {
pr_err("chnl_id %d not registered, no data to send?",
chnl_id);
kfree_skb(st_gdata->rx_skb);
return;
}
/* this cannot fail
* this shouldn't take long
* - should be just skb_queue_tail for the
* protocol stack driver
*/
if (likely(st_gdata->list[chnl_id]->recv != NULL)) {
if (unlikely
(st_gdata->list[chnl_id]->recv
(st_gdata->list[chnl_id]->priv_data, st_gdata->rx_skb)
!= 0)) {
pr_err(" proto stack %d's ->recv failed", chnl_id);
kfree_skb(st_gdata->rx_skb);
return;
}
} else {
pr_err(" proto stack %d's ->recv null", chnl_id);
kfree_skb(st_gdata->rx_skb);
}
return;
}
/**
* st_reg_complete -
* to call registration complete callbacks
* of all protocol stack drivers
* This function is being called with spin lock held, protocol drivers are
* only expected to complete their waits and do nothing more than that.
*/
static void st_reg_complete(struct st_data_s *st_gdata, int err)
{
unsigned char i = 0;
pr_info(" %s ", __func__);
for (i = 0; i < ST_MAX_CHANNELS; i++) {
if (likely(st_gdata != NULL &&
st_gdata->is_registered[i] == true &&
st_gdata->list[i]->reg_complete_cb != NULL)) {
st_gdata->list[i]->reg_complete_cb
(st_gdata->list[i]->priv_data, err);
pr_info("protocol %d's cb sent %d\n", i, err);
if (err) { /* cleanup registered protocol */
st_gdata->is_registered[i] = false;
if (st_gdata->protos_registered)
st_gdata->protos_registered--;
}
}
}
}
static inline int st_check_data_len(struct st_data_s *st_gdata,
unsigned char chnl_id, int len)
{
int room = skb_tailroom(st_gdata->rx_skb);
pr_debug("len %d room %d", len, room);
if (!len) {
/* Received packet has only packet header and
* has zero length payload. So, ask ST CORE to
* forward the packet to protocol driver (BT/FM/GPS)
*/
st_send_frame(chnl_id, st_gdata);
} else if (len > room) {
/* Received packet's payload length is larger.
* We can't accommodate it in created skb.
*/
pr_err("Data length is too large len %d room %d", len,
room);
kfree_skb(st_gdata->rx_skb);
} else {
/* Packet header has non-zero payload length and
* we have enough space in created skb. Lets read
* payload data */
st_gdata->rx_state = ST_W4_DATA;
st_gdata->rx_count = len;
return len;
}
/* Change ST state to continue to process next
* packet */
st_gdata->rx_state = ST_W4_PACKET_TYPE;
st_gdata->rx_skb = NULL;
st_gdata->rx_count = 0;
st_gdata->rx_chnl = 0;
return 0;
}
/**
* st_wakeup_ack - internal function for action when wake-up ack
* received
*/
static inline void st_wakeup_ack(struct st_data_s *st_gdata,
unsigned char cmd)
{
struct sk_buff *waiting_skb;
unsigned long flags = 0;
spin_lock_irqsave(&st_gdata->lock, flags);
/* de-Q from waitQ and Q in txQ now that the
* chip is awake
*/
while ((waiting_skb = skb_dequeue(&st_gdata->tx_waitq)))
skb_queue_tail(&st_gdata->txq, waiting_skb);
/* state forwarded to ST LL */
st_ll_sleep_state(st_gdata, (unsigned long)cmd);
spin_unlock_irqrestore(&st_gdata->lock, flags);
/* wake up to send the recently copied skbs from waitQ */
st_tx_wakeup(st_gdata);
}
/**
* st_int_recv - ST's internal receive function.
* Decodes received RAW data and forwards to corresponding
* client drivers (Bluetooth,FM,GPS..etc).
* This can receive various types of packets,
* HCI-Events, ACL, SCO, 4 types of HCI-LL PM packets
* CH-8 packets from FM, CH-9 packets from GPS cores.
*/
void st_int_recv(void *disc_data,
const unsigned char *data, long count)
{
char *ptr;
struct st_proto_s *proto;
unsigned short payload_len = 0;
int len = 0;
unsigned char type = 0;
unsigned char *plen;
struct st_data_s *st_gdata = (struct st_data_s *)disc_data;
unsigned long flags;
ptr = (char *)data;
/* tty_receive sent null ? */
if (unlikely(ptr == NULL) || (st_gdata == NULL)) {
pr_err(" received null from TTY ");
return;
}
pr_debug("count %ld rx_state %ld"
"rx_count %ld", count, st_gdata->rx_state,
st_gdata->rx_count);
spin_lock_irqsave(&st_gdata->lock, flags);
/* Decode received bytes here */
while (count) {
if (st_gdata->rx_count) {
len = min_t(unsigned int, st_gdata->rx_count, count);
skb_put_data(st_gdata->rx_skb, ptr, len);
st_gdata->rx_count -= len;
count -= len;
ptr += len;
if (st_gdata->rx_count)
continue;
/* Check ST RX state machine , where are we? */
switch (st_gdata->rx_state) {
/* Waiting for complete packet ? */
case ST_W4_DATA:
pr_debug("Complete pkt received");
/* Ask ST CORE to forward
* the packet to protocol driver */
st_send_frame(st_gdata->rx_chnl, st_gdata);
st_gdata->rx_state = ST_W4_PACKET_TYPE;
st_gdata->rx_skb = NULL;
continue;
/* parse the header to know details */
case ST_W4_HEADER:
proto = st_gdata->list[st_gdata->rx_chnl];
plen =
&st_gdata->rx_skb->data
[proto->offset_len_in_hdr];
pr_debug("plen pointing to %x\n", *plen);
if (proto->len_size == 1)/* 1 byte len field */
payload_len = *(unsigned char *)plen;
else if (proto->len_size == 2)
payload_len =
__le16_to_cpu(*(unsigned short *)plen);
else
pr_info("%s: invalid length "
"for id %d\n",
__func__, proto->chnl_id);
st_check_data_len(st_gdata, proto->chnl_id,
payload_len);
pr_debug("off %d, pay len %d\n",
proto->offset_len_in_hdr, payload_len);
continue;
} /* end of switch rx_state */
}
/* end of if rx_count */
/* Check first byte of packet and identify module
* owner (BT/FM/GPS) */
switch (*ptr) {
case LL_SLEEP_IND:
case LL_SLEEP_ACK:
case LL_WAKE_UP_IND:
pr_debug("PM packet");
/* this takes appropriate action based on
* sleep state received --
*/
st_ll_sleep_state(st_gdata, *ptr);
/* if WAKEUP_IND collides copy from waitq to txq
* and assume chip awake
*/
spin_unlock_irqrestore(&st_gdata->lock, flags);
if (st_ll_getstate(st_gdata) == ST_LL_AWAKE)
st_wakeup_ack(st_gdata, LL_WAKE_UP_ACK);
spin_lock_irqsave(&st_gdata->lock, flags);
ptr++;
count--;
continue;
case LL_WAKE_UP_ACK:
pr_debug("PM packet");
spin_unlock_irqrestore(&st_gdata->lock, flags);
/* wake up ack received */
st_wakeup_ack(st_gdata, *ptr);
spin_lock_irqsave(&st_gdata->lock, flags);
ptr++;
count--;
continue;
/* Unknow packet? */
default:
type = *ptr;
/* Default case means non-HCILL packets,
* possibilities are packets for:
* (a) valid protocol - Supported Protocols within
* the ST_MAX_CHANNELS.
* (b) registered protocol - Checked by
* "st_gdata->list[type] == NULL)" are supported
* protocols only.
* Rules out any invalid protocol and
* unregistered protocols with channel ID < 16.
*/
if ((type >= ST_MAX_CHANNELS) ||
(st_gdata->list[type] == NULL)) {
pr_err("chip/interface misbehavior: "
"dropping frame starting "
"with 0x%02x\n", type);
goto done;
}
st_gdata->rx_skb = alloc_skb(
st_gdata->list[type]->max_frame_size,
GFP_ATOMIC);
if (st_gdata->rx_skb == NULL) {
pr_err("out of memory: dropping\n");
goto done;
}
skb_reserve(st_gdata->rx_skb,
st_gdata->list[type]->reserve);
/* next 2 required for BT only */
st_gdata->rx_skb->cb[0] = type; /*pkt_type*/
st_gdata->rx_skb->cb[1] = 0; /*incoming*/
st_gdata->rx_chnl = *ptr;
st_gdata->rx_state = ST_W4_HEADER;
st_gdata->rx_count = st_gdata->list[type]->hdr_len;
pr_debug("rx_count %ld\n", st_gdata->rx_count);
};
ptr++;
count--;
}
done:
spin_unlock_irqrestore(&st_gdata->lock, flags);
pr_debug("done %s", __func__);
return;
}
/**
* st_int_dequeue - internal de-Q function.
* If the previous data set was not written
* completely, return that skb which has the pending data.
* In normal cases, return top of txq.
*/
static struct sk_buff *st_int_dequeue(struct st_data_s *st_gdata)
{
struct sk_buff *returning_skb;
pr_debug("%s", __func__);
if (st_gdata->tx_skb != NULL) {
returning_skb = st_gdata->tx_skb;
st_gdata->tx_skb = NULL;
return returning_skb;
}
return skb_dequeue(&st_gdata->txq);
}
/**
* st_int_enqueue - internal Q-ing function.
* Will either Q the skb to txq or the tx_waitq
* depending on the ST LL state.
* If the chip is asleep, then Q it onto waitq and
* wakeup the chip.
* txq and waitq needs protection since the other contexts
* may be sending data, waking up chip.
*/
static void st_int_enqueue(struct st_data_s *st_gdata, struct sk_buff *skb)
{
unsigned long flags = 0;
pr_debug("%s", __func__);
spin_lock_irqsave(&st_gdata->lock, flags);
switch (st_ll_getstate(st_gdata)) {
case ST_LL_AWAKE:
pr_debug("ST LL is AWAKE, sending normally");
skb_queue_tail(&st_gdata->txq, skb);
break;
case ST_LL_ASLEEP_TO_AWAKE:
skb_queue_tail(&st_gdata->tx_waitq, skb);
break;
case ST_LL_AWAKE_TO_ASLEEP:
pr_err("ST LL is illegal state(%ld),"
"purging received skb.", st_ll_getstate(st_gdata));
kfree_skb(skb);
break;
case ST_LL_ASLEEP:
skb_queue_tail(&st_gdata->tx_waitq, skb);
st_ll_wakeup(st_gdata);
break;
default:
pr_err("ST LL is illegal state(%ld),"
"purging received skb.", st_ll_getstate(st_gdata));
kfree_skb(skb);
break;
}
spin_unlock_irqrestore(&st_gdata->lock, flags);
pr_debug("done %s", __func__);
return;
}
/*
* internal wakeup function
* called from either
* - TTY layer when write's finished
* - st_write (in context of the protocol stack)
*/
static void work_fn_write_wakeup(struct work_struct *work)
{
struct st_data_s *st_gdata = container_of(work, struct st_data_s,
work_write_wakeup);
st_tx_wakeup((void *)st_gdata);
}
void st_tx_wakeup(struct st_data_s *st_data)
{
struct sk_buff *skb;
unsigned long flags; /* for irq save flags */
pr_debug("%s", __func__);
/* check for sending & set flag sending here */
if (test_and_set_bit(ST_TX_SENDING, &st_data->tx_state)) {
pr_debug("ST already sending");
/* keep sending */
set_bit(ST_TX_WAKEUP, &st_data->tx_state);
return;
/* TX_WAKEUP will be checked in another
* context
*/
}
do { /* come back if st_tx_wakeup is set */
/* woke-up to write */
clear_bit(ST_TX_WAKEUP, &st_data->tx_state);
while ((skb = st_int_dequeue(st_data))) {
int len;
spin_lock_irqsave(&st_data->lock, flags);
/* enable wake-up from TTY */
set_bit(TTY_DO_WRITE_WAKEUP, &st_data->tty->flags);
len = st_int_write(st_data, skb->data, skb->len);
skb_pull(skb, len);
/* if skb->len = len as expected, skb->len=0 */
if (skb->len) {
/* would be the next skb to be sent */
st_data->tx_skb = skb;
spin_unlock_irqrestore(&st_data->lock, flags);
break;
}
kfree_skb(skb);
spin_unlock_irqrestore(&st_data->lock, flags);
}
/* if wake-up is set in another context- restart sending */
} while (test_bit(ST_TX_WAKEUP, &st_data->tx_state));
/* clear flag sending */
clear_bit(ST_TX_SENDING, &st_data->tx_state);
}
/********************************************************************/
/* functions called from ST KIM
*/
void kim_st_list_protocols(struct st_data_s *st_gdata, void *buf)
{
seq_printf(buf, "[%d]\nBT=%c\nFM=%c\nGPS=%c\n",
st_gdata->protos_registered,
st_gdata->is_registered[0x04] == true ? 'R' : 'U',
st_gdata->is_registered[0x08] == true ? 'R' : 'U',
st_gdata->is_registered[0x09] == true ? 'R' : 'U');
}
/********************************************************************/
/*
* functions called from protocol stack drivers
* to be EXPORT-ed
*/
long st_register(struct st_proto_s *new_proto)
{
struct st_data_s *st_gdata;
long err = 0;
unsigned long flags = 0;
st_kim_ref(&st_gdata, 0);
if (st_gdata == NULL || new_proto == NULL || new_proto->recv == NULL
|| new_proto->reg_complete_cb == NULL) {
pr_err("gdata/new_proto/recv or reg_complete_cb not ready");
return -EINVAL;
}
if (new_proto->chnl_id >= ST_MAX_CHANNELS) {
pr_err("chnl_id %d not supported", new_proto->chnl_id);
return -EPROTONOSUPPORT;
}
if (st_gdata->is_registered[new_proto->chnl_id] == true) {
pr_err("chnl_id %d already registered", new_proto->chnl_id);
return -EALREADY;
}
/* can be from process context only */
spin_lock_irqsave(&st_gdata->lock, flags);
if (test_bit(ST_REG_IN_PROGRESS, &st_gdata->st_state)) {
pr_info(" ST_REG_IN_PROGRESS:%d ", new_proto->chnl_id);
/* fw download in progress */
add_channel_to_table(st_gdata, new_proto);
st_gdata->protos_registered++;
new_proto->write = st_write;
set_bit(ST_REG_PENDING, &st_gdata->st_state);
spin_unlock_irqrestore(&st_gdata->lock, flags);
return -EINPROGRESS;
} else if (st_gdata->protos_registered == ST_EMPTY) {
pr_info(" chnl_id list empty :%d ", new_proto->chnl_id);
set_bit(ST_REG_IN_PROGRESS, &st_gdata->st_state);
st_recv = st_kim_recv;
/* enable the ST LL - to set default chip state */
st_ll_enable(st_gdata);
/* release lock previously held - re-locked below */
spin_unlock_irqrestore(&st_gdata->lock, flags);
/* this may take a while to complete
* since it involves BT fw download
*/
err = st_kim_start(st_gdata->kim_data);
if (err != 0) {
clear_bit(ST_REG_IN_PROGRESS, &st_gdata->st_state);
if ((st_gdata->protos_registered != ST_EMPTY) &&
(test_bit(ST_REG_PENDING, &st_gdata->st_state))) {
pr_err(" KIM failure complete callback ");
spin_lock_irqsave(&st_gdata->lock, flags);
st_reg_complete(st_gdata, err);
spin_unlock_irqrestore(&st_gdata->lock, flags);
clear_bit(ST_REG_PENDING, &st_gdata->st_state);
}
return -EINVAL;
}
spin_lock_irqsave(&st_gdata->lock, flags);
clear_bit(ST_REG_IN_PROGRESS, &st_gdata->st_state);
st_recv = st_int_recv;
/* this is where all pending registration
* are signalled to be complete by calling callback functions
*/
if ((st_gdata->protos_registered != ST_EMPTY) &&
(test_bit(ST_REG_PENDING, &st_gdata->st_state))) {
pr_debug(" call reg complete callback ");
st_reg_complete(st_gdata, 0);
}
clear_bit(ST_REG_PENDING, &st_gdata->st_state);
/* check for already registered once more,
* since the above check is old
*/
if (st_gdata->is_registered[new_proto->chnl_id] == true) {
pr_err(" proto %d already registered ",
new_proto->chnl_id);
spin_unlock_irqrestore(&st_gdata->lock, flags);
return -EALREADY;
}
add_channel_to_table(st_gdata, new_proto);
st_gdata->protos_registered++;
new_proto->write = st_write;
spin_unlock_irqrestore(&st_gdata->lock, flags);
return err;
}
/* if fw is already downloaded & new stack registers protocol */
else {
add_channel_to_table(st_gdata, new_proto);
st_gdata->protos_registered++;
new_proto->write = st_write;
/* lock already held before entering else */
spin_unlock_irqrestore(&st_gdata->lock, flags);
return err;
}
}
EXPORT_SYMBOL_GPL(st_register);
/* to unregister a protocol -
* to be called from protocol stack driver
*/
long st_unregister(struct st_proto_s *proto)
{
long err = 0;
unsigned long flags = 0;
struct st_data_s *st_gdata;
pr_debug("%s: %d ", __func__, proto->chnl_id);
st_kim_ref(&st_gdata, 0);
st_kim: Handle case of no device found for ID 0 Running ktest.pl, I hit this bug: [ 19.780654] BUG: unable to handle kernel NULL pointer dereference at 0000000c [ 19.780660] IP: [<c112efcd>] dev_get_drvdata+0xc/0x46 [ 19.780669] *pdpt = 0000000031daf001 *pde = 0000000000000000 [ 19.780673] Oops: 0000 [#1] SMP [ 19.780680] Dumping ftrace buffer:^M [ 19.780685] (ftrace buffer empty) [ 19.780687] Modules linked in: ide_pci_generic firewire_ohci firewire_core evbug crc_itu_t e1000 ide_core i2c_i801 iTCO_wdt [ 19.780697] [ 19.780700] Pid: 346, comm: v4l_id Not tainted 2.6.39-test-02740-gcaebc16-dirty #4 /DG965MQ [ 19.780706] EIP: 0060:[<c112efcd>] EFLAGS: 00010202 CPU: 0 [ 19.780709] EIP is at dev_get_drvdata+0xc/0x46 [ 19.780712] EAX: 00000008 EBX: f1e37da4 ECX: 00000000 EDX: 00000000 [ 19.780715] ESI: f1c3f200 EDI: c33ec95c EBP: f1e37d80 ESP: f1e37d80 [ 19.780718] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068 [ 19.780721] Process v4l_id (pid: 346, ti=f1e36000 task=f2bc2a60 task.ti=f1e36000) [ 19.780723] Stack: [ 19.780725] f1e37d8c c117d395 c33ec93c f1e37db4 c117a0f9 00000002 00000000 c1725e54 [ 19.780732] 00000001 00000007 f2918c90 f1c3f200 c33ec95c f1e37dd4 c1789d3d 22222222 [ 19.780740] 22222222 22222222 f2918c90 f1c3f200 f29194f4 f1e37de8 c178d5c4 c1725e54 [ 19.780747] Call Trace: [ 19.780752] [<c117d395>] st_kim_ref+0x28/0x41 [ 19.780756] [<c117a0f9>] st_register+0x29/0x562 [ 19.780761] [<c1725e54>] ? v4l2_open+0x111/0x1e3 [ 19.780766] [<c1789d3d>] fmc_prepare+0x97/0x424 [ 19.780770] [<c178d5c4>] fm_v4l2_fops_open+0x70/0x106 [ 19.780773] [<c1725e54>] ? v4l2_open+0x111/0x1e3 [ 19.780777] [<c1725e9b>] v4l2_open+0x158/0x1e3 [ 19.780782] [<c065173b>] chrdev_open+0x22c/0x276 [ 19.780787] [<c0647c4e>] __dentry_open+0x35c/0x581 [ 19.780792] [<c06498f9>] nameidata_to_filp+0x7c/0x96 [ 19.780795] [<c065150f>] ? cdev_put+0x57/0x57 [ 19.780800] [<c0660cad>] do_last+0x743/0x9d4 [ 19.780804] [<c065d5fc>] ? path_init+0x1ee/0x596 [ 19.780808] [<c0661481>] path_openat+0x10c/0x597 [ 19.780813] [<c05204a1>] ? trace_hardirqs_off+0x27/0x37 [ 19.780817] [<c0509651>] ? local_clock+0x78/0xc7 [ 19.780821] [<c0661945>] do_filp_open+0x39/0xc2 [ 19.780827] [<c1cabc76>] ? _raw_spin_unlock+0x4c/0x5d^M [ 19.780831] [<c0674ccd>] ? alloc_fd+0x19e/0x1b7 [ 19.780836] [<c06499ca>] do_sys_open+0xb7/0x1bd [ 19.780840] [<c0608eea>] ? sys_munmap+0x78/0x8d [ 19.780844] [<c0649b06>] sys_open+0x36/0x58 [ 19.780849] [<c1cb809f>] sysenter_do_call+0x12/0x38 [ 19.780852] Code: d8 2f 20 c3 01 83 15 dc 2f 20 c3 00 f0 ff 00 83 05 e0 2f 20 c3 01 83 15 e4 2f 20 c3 00 5d c3 55 89 e5 3e 8d 74 26 00 85 c0 74 28 <8b> 40 04 83 05 e8 2f 20 c3 01 83 15 ec 2f 20 c3 00 85 c0 74 13 ^M [ 19.780889] EIP: [<c112efcd>] dev_get_drvdata+0xc/0x46 SS:ESP 0068:f1e37d80 [ 19.780894] CR2: 000000000000000c [ 19.780898] ---[ end trace e7d1d0f6a2d1d390 ]--- The id of 0 passed to st_kim_ref() found no device, keeping pdev null, and causing pdev->dev cause a NULL pointer dereference. After having st_kim_ref() check for NULL, the st_unregister() function needed to be updated to handle the case that st_gdata was not set by the st_kim_ref(). Signed-off-by: Steven Rostedt <rostedt@goodmis.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2011-05-24 04:45:32 +08:00
if (!st_gdata || proto->chnl_id >= ST_MAX_CHANNELS) {
pr_err(" chnl_id %d not supported", proto->chnl_id);
return -EPROTONOSUPPORT;
}
spin_lock_irqsave(&st_gdata->lock, flags);
if (st_gdata->is_registered[proto->chnl_id] == false) {
pr_err(" chnl_id %d not registered", proto->chnl_id);
spin_unlock_irqrestore(&st_gdata->lock, flags);
return -EPROTONOSUPPORT;
}
if (st_gdata->protos_registered)
st_gdata->protos_registered--;
remove_channel_from_table(st_gdata, proto);
spin_unlock_irqrestore(&st_gdata->lock, flags);
if ((st_gdata->protos_registered == ST_EMPTY) &&
(!test_bit(ST_REG_PENDING, &st_gdata->st_state))) {
pr_info(" all chnl_ids unregistered ");
/* stop traffic on tty */
if (st_gdata->tty) {
tty_ldisc_flush(st_gdata->tty);
stop_tty(st_gdata->tty);
}
/* all chnl_ids now unregistered */
st_kim_stop(st_gdata->kim_data);
/* disable ST LL */
st_ll_disable(st_gdata);
}
return err;
}
/*
* called in protocol stack drivers
* via the write function pointer
*/
long st_write(struct sk_buff *skb)
{
struct st_data_s *st_gdata;
long len;
st_kim_ref(&st_gdata, 0);
if (unlikely(skb == NULL || st_gdata == NULL
|| st_gdata->tty == NULL)) {
pr_err("data/tty unavailable to perform write");
return -EINVAL;
}
pr_debug("%d to be written", skb->len);
len = skb->len;
/* st_ll to decide where to enqueue the skb */
st_int_enqueue(st_gdata, skb);
/* wake up */
st_tx_wakeup(st_gdata);
/* return number of bytes written */
return len;
}
/* for protocols making use of shared transport */
EXPORT_SYMBOL_GPL(st_unregister);
/********************************************************************/
/*
* functions called from TTY layer
*/
static int st_tty_open(struct tty_struct *tty)
{
int err = 0;
struct st_data_s *st_gdata;
pr_info("%s ", __func__);
st_kim_ref(&st_gdata, 0);
st_gdata->tty = tty;
tty->disc_data = st_gdata;
/* don't do an wakeup for now */
clear_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
/* mem already allocated
*/
tty->receive_room = 65536;
/* Flush any pending characters in the driver and discipline. */
tty_ldisc_flush(tty);
tty_driver_flush_buffer(tty);
/*
* signal to UIM via KIM that -
* installation of N_TI_WL ldisc is complete
*/
st_kim_complete(st_gdata->kim_data);
pr_debug("done %s", __func__);
return err;
}
static void st_tty_close(struct tty_struct *tty)
{
unsigned char i = ST_MAX_CHANNELS;
unsigned long flags = 0;
struct st_data_s *st_gdata = tty->disc_data;
pr_info("%s ", __func__);
/* TODO:
* if a protocol has been registered & line discipline
* un-installed for some reason - what should be done ?
*/
spin_lock_irqsave(&st_gdata->lock, flags);
for (i = ST_BT; i < ST_MAX_CHANNELS; i++) {
if (st_gdata->is_registered[i] == true)
pr_err("%d not un-registered", i);
st_gdata->list[i] = NULL;
st_gdata->is_registered[i] = false;
}
st_gdata->protos_registered = 0;
spin_unlock_irqrestore(&st_gdata->lock, flags);
/*
* signal to UIM via KIM that -
* N_TI_WL ldisc is un-installed
*/
st_kim_complete(st_gdata->kim_data);
st_gdata->tty = NULL;
/* Flush any pending characters in the driver and discipline. */
tty_ldisc_flush(tty);
tty_driver_flush_buffer(tty);
spin_lock_irqsave(&st_gdata->lock, flags);
/* empty out txq and tx_waitq */
skb_queue_purge(&st_gdata->txq);
skb_queue_purge(&st_gdata->tx_waitq);
/* reset the TTY Rx states of ST */
st_gdata->rx_count = 0;
st_gdata->rx_state = ST_W4_PACKET_TYPE;
kfree_skb(st_gdata->rx_skb);
st_gdata->rx_skb = NULL;
spin_unlock_irqrestore(&st_gdata->lock, flags);
pr_debug("%s: done ", __func__);
}
Revert "tty: make receive_buf() return the amout of bytes received" This reverts commit b1c43f82c5aa265442f82dba31ce985ebb7aa71c. It was broken in so many ways, and results in random odd pty issues. It re-introduced the buggy schedule_work() in flush_to_ldisc() that can cause endless work-loops (see commit a5660b41af6a: "tty: fix endless work loop when the buffer fills up"). It also used an "unsigned int" return value fo the ->receive_buf() function, but then made multiple functions return a negative error code, and didn't actually check for the error in the caller. And it didn't actually work at all. BenH bisected down odd tty behavior to it: "It looks like the patch is causing some major malfunctions of the X server for me, possibly related to PTYs. For example, cat'ing a large file in a gnome terminal hangs the kernel for -minutes- in a loop of what looks like flush_to_ldisc/workqueue code, (some ftrace data in the quoted bits further down). ... Some more data: It -looks- like what happens is that the flush_to_ldisc work queue entry constantly re-queues itself (because the PTY is full ?) and the workqueue thread will basically loop forver calling it without ever scheduling, thus starving the consumer process that could have emptied the PTY." which is pretty much exactly the problem we fixed in a5660b41af6a. Milton Miller pointed out the 'unsigned int' issue. Reported-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> Reported-by: Milton Miller <miltonm@bga.com> Cc: Stefan Bigler <stefan.bigler@keymile.com> Cc: Toby Gray <toby.gray@realvnc.com> Cc: Felipe Balbi <balbi@ti.com> Cc: Greg Kroah-Hartman <gregkh@suse.de> Cc: Alan Cox <alan@lxorguk.ukuu.org.uk> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2011-06-04 05:33:24 +08:00
static void st_tty_receive(struct tty_struct *tty, const unsigned char *data,
char *tty_flags, int count)
{
#ifdef VERBOSE
print_hex_dump(KERN_DEBUG, ">in>", DUMP_PREFIX_NONE,
16, 1, data, count, 0);
#endif
/*
* if fw download is in progress then route incoming data
* to KIM for validation
*/
st_recv(tty->disc_data, data, count);
pr_debug("done %s", __func__);
}
/* wake-up function called in from the TTY layer
* inside the internal wakeup function will be called
*/
static void st_tty_wakeup(struct tty_struct *tty)
{
struct st_data_s *st_gdata = tty->disc_data;
pr_debug("%s ", __func__);
/* don't do an wakeup for now */
clear_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
/*
* schedule the internal wakeup instead of calling directly to
* avoid lockup (port->lock needed in tty->ops->write is
* already taken here
*/
schedule_work(&st_gdata->work_write_wakeup);
}
static void st_tty_flush_buffer(struct tty_struct *tty)
{
struct st_data_s *st_gdata = tty->disc_data;
pr_debug("%s ", __func__);
kfree_skb(st_gdata->tx_skb);
st_gdata->tx_skb = NULL;
tty_driver_flush_buffer(tty);
return;
}
static struct tty_ldisc_ops st_ldisc_ops = {
.magic = TTY_LDISC_MAGIC,
.name = "n_st",
.open = st_tty_open,
.close = st_tty_close,
.receive_buf = st_tty_receive,
.write_wakeup = st_tty_wakeup,
.flush_buffer = st_tty_flush_buffer,
.owner = THIS_MODULE
};
/********************************************************************/
int st_core_init(struct st_data_s **core_data)
{
struct st_data_s *st_gdata;
long err;
err = tty_register_ldisc(N_TI_WL, &st_ldisc_ops);
if (err) {
pr_err("error registering %d line discipline %ld",
N_TI_WL, err);
return err;
}
pr_debug("registered n_shared line discipline");
st_gdata = kzalloc(sizeof(struct st_data_s), GFP_KERNEL);
if (!st_gdata) {
pr_err("memory allocation failed");
err = tty_unregister_ldisc(N_TI_WL);
if (err)
pr_err("unable to un-register ldisc %ld", err);
err = -ENOMEM;
return err;
}
/* Initialize ST TxQ and Tx waitQ queue head. All BT/FM/GPS module skb's
* will be pushed in this queue for actual transmission.
*/
skb_queue_head_init(&st_gdata->txq);
skb_queue_head_init(&st_gdata->tx_waitq);
/* Locking used in st_int_enqueue() to avoid multiple execution */
spin_lock_init(&st_gdata->lock);
err = st_ll_init(st_gdata);
if (err) {
pr_err("error during st_ll initialization(%ld)", err);
kfree(st_gdata);
err = tty_unregister_ldisc(N_TI_WL);
if (err)
pr_err("unable to un-register ldisc");
return err;
}
INIT_WORK(&st_gdata->work_write_wakeup, work_fn_write_wakeup);
*core_data = st_gdata;
return 0;
}
void st_core_exit(struct st_data_s *st_gdata)
{
long err;
/* internal module cleanup */
err = st_ll_deinit(st_gdata);
if (err)
pr_err("error during deinit of ST LL %ld", err);
if (st_gdata != NULL) {
/* Free ST Tx Qs and skbs */
skb_queue_purge(&st_gdata->txq);
skb_queue_purge(&st_gdata->tx_waitq);
kfree_skb(st_gdata->rx_skb);
kfree_skb(st_gdata->tx_skb);
/* TTY ldisc cleanup */
err = tty_unregister_ldisc(N_TI_WL);
if (err)
pr_err("unable to un-register ldisc %ld", err);
/* free the global data pointer */
kfree(st_gdata);
}
}