]> git.proxmox.com Git - mirror_ubuntu-jammy-kernel.git/blob - drivers/usb/wusbcore/devconnect.c
projects / mirror_ubuntu-jammy-kernel.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
USB: add SPDX identifiers to all remaining files in drivers/usb/
[mirror_ubuntu-jammy-kernel.git] / drivers / usb / wusbcore / devconnect.c
1 // SPDX-License-Identifier: GPL-2.0
2 /*
3 * WUSB Wire Adapter: Control/Data Streaming Interface (WUSB[8])
4 * Device Connect handling
5 *
6 * Copyright (C) 2006 Intel Corporation
7 * Inaky Perez-Gonzalez <inaky.perez-gonzalez@intel.com>
8 *
9 * This program is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU General Public License version
11 * 2 as published by the Free Software Foundation.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
21 * 02110-1301, USA.
22 *
23 *
24 * FIXME: docs
25 * FIXME: this file needs to be broken up, it's grown too big
26 *
27 *
28 * WUSB1.0[7.1, 7.5.1, ]
29 *
30 * WUSB device connection is kind of messy. Some background:
31 *
32 * When a device wants to connect it scans the UWB radio channels
33 * looking for a WUSB Channel; a WUSB channel is defined by MMCs
34 * (Micro Managed Commands or something like that) [see
35 * Design-overview for more on this] .
36 *
37 * So, device scans the radio, finds MMCs and thus a host and checks
38 * when the next DNTS is. It sends a Device Notification Connect
39 * (DN_Connect); the host picks it up (through nep.c and notif.c, ends
40 * up in wusb_devconnect_ack(), which creates a wusb_dev structure in
41 * wusbhc->port[port_number].wusb_dev), assigns an unauth address
42 * to the device (this means from 0x80 to 0xfe) and sends, in the MMC
43 * a Connect Ack Information Element (ConnAck IE).
44 *
45 * So now the device now has a WUSB address. From now on, we use
46 * that to talk to it in the RPipes.
47 *
48 * ASSUMPTIONS:
49 *
50 * - We use the the as device address the port number where it is
51 * connected (port 0 doesn't exist). For unauth, it is 128 + that.
52 *
53 * ROADMAP:
54 *
55 * This file contains the logic for doing that--entry points:
56 *
57 * wusb_devconnect_ack() Ack a device until _acked() called.
58 * Called by notif.c:wusb_handle_dn_connect()
59 * when a DN_Connect is received.
60 *
61 * wusb_devconnect_acked() Ack done, release resources.
62 *
63 * wusb_handle_dn_alive() Called by notif.c:wusb_handle_dn()
64 * for processing a DN_Alive pong from a device.
65 *
66 * wusb_handle_dn_disconnect()Called by notif.c:wusb_handle_dn() to
67 * process a disconenct request from a
68 * device.
69 *
70 * __wusb_dev_disable() Called by rh.c:wusbhc_rh_clear_port_feat() when
71 * disabling a port.
72 *
73 * wusb_devconnect_create() Called when creating the host by
74 * lc.c:wusbhc_create().
75 *
76 * wusb_devconnect_destroy() Cleanup called removing the host. Called
77 * by lc.c:wusbhc_destroy().
78 *
79 * Each Wireless USB host maintains a list of DN_Connect requests
80 * (actually we maintain a list of pending Connect Acks, the
81 * wusbhc->ca_list).
82 *
83 * LIFE CYCLE OF port->wusb_dev
84 *
85 * Before the @wusbhc structure put()s the reference it owns for
86 * port->wusb_dev [and clean the wusb_dev pointer], it needs to
87 * lock @wusbhc->mutex.
88 */
89
90 #include <linux/jiffies.h>
91 #include <linux/ctype.h>
92 #include <linux/slab.h>
93 #include <linux/workqueue.h>
94 #include <linux/export.h>
95 #include "wusbhc.h"
96
97 static void wusbhc_devconnect_acked_work(struct work_struct *work);
98
99 static void wusb_dev_free(struct wusb_dev *wusb_dev)
100 {
101 kfree(wusb_dev);
102 }
103
104 static struct wusb_dev *wusb_dev_alloc(struct wusbhc *wusbhc)
105 {
106 struct wusb_dev *wusb_dev;
107
108 wusb_dev = kzalloc(sizeof(*wusb_dev), GFP_KERNEL);
109 if (wusb_dev == NULL)
110 goto err;
111
112 wusb_dev->wusbhc = wusbhc;
113
114 INIT_WORK(&wusb_dev->devconnect_acked_work, wusbhc_devconnect_acked_work);
115
116 return wusb_dev;
117 err:
118 wusb_dev_free(wusb_dev);
119 return NULL;
120 }
121
122
123 /*
124 * Using the Connect-Ack list, fill out the @wusbhc Connect-Ack WUSB IE
125 * properly so that it can be added to the MMC.
126 *
127 * We just get the @wusbhc->ca_list and fill out the first four ones or
128 * less (per-spec WUSB1.0[7.5, before T7-38). If the ConnectAck WUSB
129 * IE is not allocated, we alloc it.
130 *
131 * @wusbhc->mutex must be taken
132 */
133 static void wusbhc_fill_cack_ie(struct wusbhc *wusbhc)
134 {
135 unsigned cnt;
136 struct wusb_dev *dev_itr;
137 struct wuie_connect_ack *cack_ie;
138
139 cack_ie = &wusbhc->cack_ie;
140 cnt = 0;
141 list_for_each_entry(dev_itr, &wusbhc->cack_list, cack_node) {
142 cack_ie->blk[cnt].CDID = dev_itr->cdid;
143 cack_ie->blk[cnt].bDeviceAddress = dev_itr->addr;
144 if (++cnt >= WUIE_ELT_MAX)
145 break;
146 }
147 cack_ie->hdr.bLength = sizeof(cack_ie->hdr)
148 + cnt * sizeof(cack_ie->blk[0]);
149 }
150
151 /*
152 * Register a new device that wants to connect
153 *
154 * A new device wants to connect, so we add it to the Connect-Ack
155 * list. We give it an address in the unauthorized range (bit 8 set);
156 * user space will have to drive authorization further on.
157 *
158 * @dev_addr: address to use for the device (which is also the port
159 * number).
160 *
161 * @wusbhc->mutex must be taken
162 */
163 static struct wusb_dev *wusbhc_cack_add(struct wusbhc *wusbhc,
164 struct wusb_dn_connect *dnc,
165 const char *pr_cdid, u8 port_idx)
166 {
167 struct device *dev = wusbhc->dev;
168 struct wusb_dev *wusb_dev;
169 int new_connection = wusb_dn_connect_new_connection(dnc);
170 u8 dev_addr;
171 int result;
172
173 /* Is it registered already? */
174 list_for_each_entry(wusb_dev, &wusbhc->cack_list, cack_node)
175 if (!memcmp(&wusb_dev->cdid, &dnc->CDID,
176 sizeof(wusb_dev->cdid)))
177 return wusb_dev;
178 /* We don't have it, create an entry, register it */
179 wusb_dev = wusb_dev_alloc(wusbhc);
180 if (wusb_dev == NULL)
181 return NULL;
182 wusb_dev_init(wusb_dev);
183 wusb_dev->cdid = dnc->CDID;
184 wusb_dev->port_idx = port_idx;
185
186 /*
187 * Devices are always available within the cluster reservation
188 * and since the hardware will take the intersection of the
189 * per-device availability and the cluster reservation, the
190 * per-device availability can simply be set to always
191 * available.
192 */
193 bitmap_fill(wusb_dev->availability.bm, UWB_NUM_MAS);
194
195 /* FIXME: handle reconnects instead of assuming connects are
196 always new. */
197 if (1 && new_connection == 0)
198 new_connection = 1;
199 if (new_connection) {
200 dev_addr = (port_idx + 2) | WUSB_DEV_ADDR_UNAUTH;
201
202 dev_info(dev, "Connecting new WUSB device to address %u, "
203 "port %u\n", dev_addr, port_idx);
204
205 result = wusb_set_dev_addr(wusbhc, wusb_dev, dev_addr);
206 if (result < 0)
207 return NULL;
208 }
209 wusb_dev->entry_ts = jiffies;
210 list_add_tail(&wusb_dev->cack_node, &wusbhc->cack_list);
211 wusbhc->cack_count++;
212 wusbhc_fill_cack_ie(wusbhc);
213
214 return wusb_dev;
215 }
216
217 /*
218 * Remove a Connect-Ack context entry from the HCs view
219 *
220 * @wusbhc->mutex must be taken
221 */
222 static void wusbhc_cack_rm(struct wusbhc *wusbhc, struct wusb_dev *wusb_dev)
223 {
224 list_del_init(&wusb_dev->cack_node);
225 wusbhc->cack_count--;
226 wusbhc_fill_cack_ie(wusbhc);
227 }
228
229 /*
230 * @wusbhc->mutex must be taken */
231 static
232 void wusbhc_devconnect_acked(struct wusbhc *wusbhc, struct wusb_dev *wusb_dev)
233 {
234 wusbhc_cack_rm(wusbhc, wusb_dev);
235 if (wusbhc->cack_count)
236 wusbhc_mmcie_set(wusbhc, 0, 0, &wusbhc->cack_ie.hdr);
237 else
238 wusbhc_mmcie_rm(wusbhc, &wusbhc->cack_ie.hdr);
239 }
240
241 static void wusbhc_devconnect_acked_work(struct work_struct *work)
242 {
243 struct wusb_dev *wusb_dev = container_of(work, struct wusb_dev,
244 devconnect_acked_work);
245 struct wusbhc *wusbhc = wusb_dev->wusbhc;
246
247 mutex_lock(&wusbhc->mutex);
248 wusbhc_devconnect_acked(wusbhc, wusb_dev);
249 mutex_unlock(&wusbhc->mutex);
250
251 wusb_dev_put(wusb_dev);
252 }
253
254 /*
255 * Ack a device for connection
256 *
257 * FIXME: docs
258 *
259 * @pr_cdid: Printable CDID...hex Use @dnc->cdid for the real deal.
260 *
261 * So we get the connect ack IE (may have been allocated already),
262 * find an empty connect block, an empty virtual port, create an
263 * address with it (see below), make it an unauth addr [bit 7 set] and
264 * set the MMC.
265 *
266 * Addresses: because WUSB hosts have no downstream hubs, we can do a
267 * 1:1 mapping between 'port number' and device
268 * address. This simplifies many things, as during this
269 * initial connect phase the USB stack has no knowledge of
270 * the device and hasn't assigned an address yet--we know
271 * USB's choose_address() will use the same heuristics we
272 * use here, so we can assume which address will be assigned.
273 *
274 * USB stack always assigns address 1 to the root hub, so
275 * to the port number we add 2 (thus virtual port #0 is
276 * addr #2).
277 *
278 * @wusbhc shall be referenced
279 */
280 static
281 void wusbhc_devconnect_ack(struct wusbhc *wusbhc, struct wusb_dn_connect *dnc,
282 const char *pr_cdid)
283 {
284 int result;
285 struct device *dev = wusbhc->dev;
286 struct wusb_dev *wusb_dev;
287 struct wusb_port *port;
288 unsigned idx;
289
290 mutex_lock(&wusbhc->mutex);
291
292 /* Check we are not handling it already */
293 for (idx = 0; idx < wusbhc->ports_max; idx++) {
294 port = wusb_port_by_idx(wusbhc, idx);
295 if (port->wusb_dev
296 && memcmp(&dnc->CDID, &port->wusb_dev->cdid, sizeof(dnc->CDID)) == 0)
297 goto error_unlock;
298 }
299 /* Look up those fake ports we have for a free one */
300 for (idx = 0; idx < wusbhc->ports_max; idx++) {
301 port = wusb_port_by_idx(wusbhc, idx);
302 if ((port->status & USB_PORT_STAT_POWER)
303 && !(port->status & USB_PORT_STAT_CONNECTION))
304 break;
305 }
306 if (idx >= wusbhc->ports_max) {
307 dev_err(dev, "Host controller can't connect more devices "
308 "(%u already connected); device %s rejected\n",
309 wusbhc->ports_max, pr_cdid);
310 /* NOTE: we could send a WUIE_Disconnect here, but we haven't
311 * event acked, so the device will eventually timeout the
312 * connection, right? */
313 goto error_unlock;
314 }
315
316 /* Make sure we are using no crypto on that "virtual port" */
317 wusbhc->set_ptk(wusbhc, idx, 0, NULL, 0);
318
319 /* Grab a filled in Connect-Ack context, fill out the
320 * Connect-Ack Wireless USB IE, set the MMC */
321 wusb_dev = wusbhc_cack_add(wusbhc, dnc, pr_cdid, idx);
322 if (wusb_dev == NULL)
323 goto error_unlock;
324 result = wusbhc_mmcie_set(wusbhc, 0, 0, &wusbhc->cack_ie.hdr);
325 if (result < 0)
326 goto error_unlock;
327 /* Give the device at least 2ms (WUSB1.0[7.5.1p3]), let's do
328 * three for a good measure */
329 msleep(3);
330 port->wusb_dev = wusb_dev;
331 port->status |= USB_PORT_STAT_CONNECTION;
332 port->change |= USB_PORT_STAT_C_CONNECTION;
333 /* Now the port status changed to connected; hub_wq will
334 * pick the change up and try to reset the port to bring it to
335 * the enabled state--so this process returns up to the stack
336 * and it calls back into wusbhc_rh_port_reset().
337 */
338 error_unlock:
339 mutex_unlock(&wusbhc->mutex);
340 return;
341
342 }
343
344 /*
345 * Disconnect a Wireless USB device from its fake port
346 *
347 * Marks the port as disconnected so that hub_wq can pick up the change
348 * and drops our knowledge about the device.
349 *
350 * Assumes there is a device connected
351 *
352 * @port_index: zero based port number
353 *
354 * NOTE: @wusbhc->mutex is locked
355 *
356 * WARNING: From here it is not very safe to access anything hanging off
357 * wusb_dev
358 */
359 static void __wusbhc_dev_disconnect(struct wusbhc *wusbhc,
360 struct wusb_port *port)
361 {
362 struct wusb_dev *wusb_dev = port->wusb_dev;
363
364 port->status &= ~(USB_PORT_STAT_CONNECTION | USB_PORT_STAT_ENABLE
365 | USB_PORT_STAT_SUSPEND | USB_PORT_STAT_RESET
366 | USB_PORT_STAT_LOW_SPEED | USB_PORT_STAT_HIGH_SPEED);
367 port->change |= USB_PORT_STAT_C_CONNECTION | USB_PORT_STAT_C_ENABLE;
368 if (wusb_dev) {
369 dev_dbg(wusbhc->dev, "disconnecting device from port %d\n", wusb_dev->port_idx);
370 if (!list_empty(&wusb_dev->cack_node))
371 list_del_init(&wusb_dev->cack_node);
372 /* For the one in cack_add() */
373 wusb_dev_put(wusb_dev);
374 }
375 port->wusb_dev = NULL;
376
377 /* After a device disconnects, change the GTK (see [WUSB]
378 * section 6.2.11.2). */
379 if (wusbhc->active)
380 wusbhc_gtk_rekey(wusbhc);
381
382 /* The Wireless USB part has forgotten about the device already; now
383 * hub_wq's timer will pick up the disconnection and remove the USB
384 * device from the system
385 */
386 }
387
388 /*
389 * Refresh the list of keep alives to emit in the MMC
390 *
391 * We only publish the first four devices that have a coming timeout
392 * condition. Then when we are done processing those, we go for the
393 * next ones. We ignore the ones that have timed out already (they'll
394 * be purged).
395 *
396 * This might cause the first devices to timeout the last devices in
397 * the port array...FIXME: come up with a better algorithm?
398 *
399 * Note we can't do much about MMC's ops errors; we hope next refresh
400 * will kind of handle it.
401 *
402 * NOTE: @wusbhc->mutex is locked
403 */
404 static void __wusbhc_keep_alive(struct wusbhc *wusbhc)
405 {
406 struct device *dev = wusbhc->dev;
407 unsigned cnt;
408 struct wusb_dev *wusb_dev;
409 struct wusb_port *wusb_port;
410 struct wuie_keep_alive *ie = &wusbhc->keep_alive_ie;
411 unsigned keep_alives, old_keep_alives;
412
413 old_keep_alives = ie->hdr.bLength - sizeof(ie->hdr);
414 keep_alives = 0;
415 for (cnt = 0;
416 keep_alives < WUIE_ELT_MAX && cnt < wusbhc->ports_max;
417 cnt++) {
418 unsigned tt = msecs_to_jiffies(wusbhc->trust_timeout);
419
420 wusb_port = wusb_port_by_idx(wusbhc, cnt);
421 wusb_dev = wusb_port->wusb_dev;
422
423 if (wusb_dev == NULL)
424 continue;
425 if (wusb_dev->usb_dev == NULL)
426 continue;
427
428 if (time_after(jiffies, wusb_dev->entry_ts + tt)) {
429 dev_err(dev, "KEEPALIVE: device %u timed out\n",
430 wusb_dev->addr);
431 __wusbhc_dev_disconnect(wusbhc, wusb_port);
432 } else if (time_after(jiffies, wusb_dev->entry_ts + tt/3)) {
433 /* Approaching timeout cut off, need to refresh */
434 ie->bDeviceAddress[keep_alives++] = wusb_dev->addr;
435 }
436 }
437 if (keep_alives & 0x1) /* pad to even number ([WUSB] section 7.5.9) */
438 ie->bDeviceAddress[keep_alives++] = 0x7f;
439 ie->hdr.bLength = sizeof(ie->hdr) +
440 keep_alives*sizeof(ie->bDeviceAddress[0]);
441 if (keep_alives > 0)
442 wusbhc_mmcie_set(wusbhc, 10, 5, &ie->hdr);
443 else if (old_keep_alives != 0)
444 wusbhc_mmcie_rm(wusbhc, &ie->hdr);
445 }
446
447 /*
448 * Do a run through all devices checking for timeouts
449 */
450 static void wusbhc_keep_alive_run(struct work_struct *ws)
451 {
452 struct delayed_work *dw = to_delayed_work(ws);
453 struct wusbhc *wusbhc = container_of(dw, struct wusbhc, keep_alive_timer);
454
455 mutex_lock(&wusbhc->mutex);
456 __wusbhc_keep_alive(wusbhc);
457 mutex_unlock(&wusbhc->mutex);
458
459 queue_delayed_work(wusbd, &wusbhc->keep_alive_timer,
460 msecs_to_jiffies(wusbhc->trust_timeout / 2));
461 }
462
463 /*
464 * Find the wusb_dev from its device address.
465 *
466 * The device can be found directly from the address (see
467 * wusb_cack_add() for where the device address is set to port_idx
468 * +2), except when the address is zero.
469 */
470 static struct wusb_dev *wusbhc_find_dev_by_addr(struct wusbhc *wusbhc, u8 addr)
471 {
472 int p;
473
474 if (addr == 0xff) /* unconnected */
475 return NULL;
476
477 if (addr > 0) {
478 int port = (addr & ~0x80) - 2;
479 if (port < 0 || port >= wusbhc->ports_max)
480 return NULL;
481 return wusb_port_by_idx(wusbhc, port)->wusb_dev;
482 }
483
484 /* Look for the device with address 0. */
485 for (p = 0; p < wusbhc->ports_max; p++) {
486 struct wusb_dev *wusb_dev = wusb_port_by_idx(wusbhc, p)->wusb_dev;
487 if (wusb_dev && wusb_dev->addr == addr)
488 return wusb_dev;
489 }
490 return NULL;
491 }
492
493 /*
494 * Handle a DN_Alive notification (WUSB1.0[7.6.1])
495 *
496 * This just updates the device activity timestamp and then refreshes
497 * the keep alive IE.
498 *
499 * @wusbhc shall be referenced and unlocked
500 */
501 static void wusbhc_handle_dn_alive(struct wusbhc *wusbhc, u8 srcaddr)
502 {
503 struct wusb_dev *wusb_dev;
504
505 mutex_lock(&wusbhc->mutex);
506 wusb_dev = wusbhc_find_dev_by_addr(wusbhc, srcaddr);
507 if (wusb_dev == NULL) {
508 dev_dbg(wusbhc->dev, "ignoring DN_Alive from unconnected device %02x\n",
509 srcaddr);
510 } else {
511 wusb_dev->entry_ts = jiffies;
512 __wusbhc_keep_alive(wusbhc);
513 }
514 mutex_unlock(&wusbhc->mutex);
515 }
516
517 /*
518 * Handle a DN_Connect notification (WUSB1.0[7.6.1])
519 *
520 * @wusbhc
521 * @pkt_hdr
522 * @size: Size of the buffer where the notification resides; if the
523 * notification data suggests there should be more data than
524 * available, an error will be signaled and the whole buffer
525 * consumed.
526 *
527 * @wusbhc->mutex shall be held
528 */
529 static void wusbhc_handle_dn_connect(struct wusbhc *wusbhc,
530 struct wusb_dn_hdr *dn_hdr,
531 size_t size)
532 {
533 struct device *dev = wusbhc->dev;
534 struct wusb_dn_connect *dnc;
535 char pr_cdid[WUSB_CKHDID_STRSIZE];
536 static const char *beacon_behaviour[] = {
537 "reserved",
538 "self-beacon",
539 "directed-beacon",
540 "no-beacon"
541 };
542
543 if (size < sizeof(*dnc)) {
544 dev_err(dev, "DN CONNECT: short notification (%zu < %zu)\n",
545 size, sizeof(*dnc));
546 return;
547 }
548
549 dnc = container_of(dn_hdr, struct wusb_dn_connect, hdr);
550 ckhdid_printf(pr_cdid, sizeof(pr_cdid), &dnc->CDID);
551 dev_info(dev, "DN CONNECT: device %s @ %x (%s) wants to %s\n",
552 pr_cdid,
553 wusb_dn_connect_prev_dev_addr(dnc),
554 beacon_behaviour[wusb_dn_connect_beacon_behavior(dnc)],
555 wusb_dn_connect_new_connection(dnc) ? "connect" : "reconnect");
556 /* ACK the connect */
557 wusbhc_devconnect_ack(wusbhc, dnc, pr_cdid);
558 }
559
560 /*
561 * Handle a DN_Disconnect notification (WUSB1.0[7.6.1])
562 *
563 * Device is going down -- do the disconnect.
564 *
565 * @wusbhc shall be referenced and unlocked
566 */
567 static void wusbhc_handle_dn_disconnect(struct wusbhc *wusbhc, u8 srcaddr)
568 {
569 struct device *dev = wusbhc->dev;
570 struct wusb_dev *wusb_dev;
571
572 mutex_lock(&wusbhc->mutex);
573 wusb_dev = wusbhc_find_dev_by_addr(wusbhc, srcaddr);
574 if (wusb_dev == NULL) {
575 dev_dbg(dev, "ignoring DN DISCONNECT from unconnected device %02x\n",
576 srcaddr);
577 } else {
578 dev_info(dev, "DN DISCONNECT: device 0x%02x going down\n",
579 wusb_dev->addr);
580 __wusbhc_dev_disconnect(wusbhc, wusb_port_by_idx(wusbhc,
581 wusb_dev->port_idx));
582 }
583 mutex_unlock(&wusbhc->mutex);
584 }
585
586 /*
587 * Handle a Device Notification coming a host
588 *
589 * The Device Notification comes from a host (HWA, DWA or WHCI)
590 * wrapped in a set of headers. Somebody else has peeled off those
591 * headers for us and we just get one Device Notifications.
592 *
593 * Invalid DNs (e.g., too short) are discarded.
594 *
595 * @wusbhc shall be referenced
596 *
597 * FIXMES:
598 * - implement priorities as in WUSB1.0[Table 7-55]?
599 */
600 void wusbhc_handle_dn(struct wusbhc *wusbhc, u8 srcaddr,
601 struct wusb_dn_hdr *dn_hdr, size_t size)
602 {
603 struct device *dev = wusbhc->dev;
604
605 if (size < sizeof(struct wusb_dn_hdr)) {
606 dev_err(dev, "DN data shorter than DN header (%d < %d)\n",
607 (int)size, (int)sizeof(struct wusb_dn_hdr));
608 return;
609 }
610 switch (dn_hdr->bType) {
611 case WUSB_DN_CONNECT:
612 wusbhc_handle_dn_connect(wusbhc, dn_hdr, size);
613 break;
614 case WUSB_DN_ALIVE:
615 wusbhc_handle_dn_alive(wusbhc, srcaddr);
616 break;
617 case WUSB_DN_DISCONNECT:
618 wusbhc_handle_dn_disconnect(wusbhc, srcaddr);
619 break;
620 case WUSB_DN_MASAVAILCHANGED:
621 case WUSB_DN_RWAKE:
622 case WUSB_DN_SLEEP:
623 /* FIXME: handle these DNs. */
624 break;
625 case WUSB_DN_EPRDY:
626 /* The hardware handles these. */
627 break;
628 default:
629 dev_warn(dev, "unknown DN %u (%d octets) from %u\n",
630 dn_hdr->bType, (int)size, srcaddr);
631 }
632 }
633 EXPORT_SYMBOL_GPL(wusbhc_handle_dn);
634
635 /*
636 * Disconnect a WUSB device from a the cluster
637 *
638 * @wusbhc
639 * @port Fake port where the device is (wusbhc index, not USB port number).
640 *
641 * In Wireless USB, a disconnect is basically telling the device he is
642 * being disconnected and forgetting about him.
643 *
644 * We send the device a Device Disconnect IE (WUSB1.0[7.5.11]) for 100
645 * ms and then keep going.
646 *
647 * We don't do much in case of error; we always pretend we disabled
648 * the port and disconnected the device. If physically the request
649 * didn't get there (many things can fail in the way there), the stack
650 * will reject the device's communication attempts.
651 *
652 * @wusbhc should be refcounted and locked
653 */
654 void __wusbhc_dev_disable(struct wusbhc *wusbhc, u8 port_idx)
655 {
656 int result;
657 struct device *dev = wusbhc->dev;
658 struct wusb_dev *wusb_dev;
659 struct wuie_disconnect *ie;
660
661 wusb_dev = wusb_port_by_idx(wusbhc, port_idx)->wusb_dev;
662 if (wusb_dev == NULL) {
663 /* reset no device? ignore */
664 dev_dbg(dev, "DISCONNECT: no device at port %u, ignoring\n",
665 port_idx);
666 return;
667 }
668 __wusbhc_dev_disconnect(wusbhc, wusb_port_by_idx(wusbhc, port_idx));
669
670 ie = kzalloc(sizeof(*ie), GFP_KERNEL);
671 if (ie == NULL)
672 return;
673 ie->hdr.bLength = sizeof(*ie);
674 ie->hdr.bIEIdentifier = WUIE_ID_DEVICE_DISCONNECT;
675 ie->bDeviceAddress = wusb_dev->addr;
676 result = wusbhc_mmcie_set(wusbhc, 0, 0, &ie->hdr);
677 if (result < 0)
678 dev_err(dev, "DISCONNECT: can't set MMC: %d\n", result);
679 else {
680 /* At least 6 MMCs, assuming at least 1 MMC per zone. */
681 msleep(7*4);
682 wusbhc_mmcie_rm(wusbhc, &ie->hdr);
683 }
684 kfree(ie);
685 }
686
687 /*
688 * Walk over the BOS descriptor, verify and grok it
689 *
690 * @usb_dev: referenced
691 * @wusb_dev: referenced and unlocked
692 *
693 * The BOS descriptor is defined at WUSB1.0[7.4.1], and it defines a
694 * "flexible" way to wrap all kinds of descriptors inside an standard
695 * descriptor (wonder why they didn't use normal descriptors,
696 * btw). Not like they lack code.
697 *
698 * At the end we go to look for the WUSB Device Capabilities
699 * (WUSB1.0[7.4.1.1]) that is wrapped in a device capability descriptor
700 * that is part of the BOS descriptor set. That tells us what does the
701 * device support (dual role, beacon type, UWB PHY rates).
702 */
703 static int wusb_dev_bos_grok(struct usb_device *usb_dev,
704 struct wusb_dev *wusb_dev,
705 struct usb_bos_descriptor *bos, size_t desc_size)
706 {
707 ssize_t result;
708 struct device *dev = &usb_dev->dev;
709 void *itr, *top;
710
711 /* Walk over BOS capabilities, verify them */
712 itr = (void *)bos + sizeof(*bos);
713 top = itr + desc_size - sizeof(*bos);
714 while (itr < top) {
715 struct usb_dev_cap_header *cap_hdr = itr;
716 size_t cap_size;
717 u8 cap_type;
718 if (top - itr < sizeof(*cap_hdr)) {
719 dev_err(dev, "Device BUG? premature end of BOS header "
720 "data [offset 0x%02x]: only %zu bytes left\n",
721 (int)(itr - (void *)bos), top - itr);
722 result = -ENOSPC;
723 goto error_bad_cap;
724 }
725 cap_size = cap_hdr->bLength;
726 cap_type = cap_hdr->bDevCapabilityType;
727 if (cap_size == 0)
728 break;
729 if (cap_size > top - itr) {
730 dev_err(dev, "Device BUG? premature end of BOS data "
731 "[offset 0x%02x cap %02x %zu bytes]: "
732 "only %zu bytes left\n",
733 (int)(itr - (void *)bos),
734 cap_type, cap_size, top - itr);
735 result = -EBADF;
736 goto error_bad_cap;
737 }
738 switch (cap_type) {
739 case USB_CAP_TYPE_WIRELESS_USB:
740 if (cap_size != sizeof(*wusb_dev->wusb_cap_descr))
741 dev_err(dev, "Device BUG? WUSB Capability "
742 "descriptor is %zu bytes vs %zu "
743 "needed\n", cap_size,
744 sizeof(*wusb_dev->wusb_cap_descr));
745 else
746 wusb_dev->wusb_cap_descr = itr;
747 break;
748 default:
749 dev_err(dev, "BUG? Unknown BOS capability 0x%02x "
750 "(%zu bytes) at offset 0x%02x\n", cap_type,
751 cap_size, (int)(itr - (void *)bos));
752 }
753 itr += cap_size;
754 }
755 result = 0;
756 error_bad_cap:
757 return result;
758 }
759
760 /*
761 * Add information from the BOS descriptors to the device
762 *
763 * @usb_dev: referenced
764 * @wusb_dev: referenced and unlocked
765 *
766 * So what we do is we alloc a space for the BOS descriptor of 64
767 * bytes; read the first four bytes which include the wTotalLength
768 * field (WUSB1.0[T7-26]) and if it fits in those 64 bytes, read the
769 * whole thing. If not we realloc to that size.
770 *
771 * Then we call the groking function, that will fill up
772 * wusb_dev->wusb_cap_descr, which is what we'll need later on.
773 */
774 static int wusb_dev_bos_add(struct usb_device *usb_dev,
775 struct wusb_dev *wusb_dev)
776 {
777 ssize_t result;
778 struct device *dev = &usb_dev->dev;
779 struct usb_bos_descriptor *bos;
780 size_t alloc_size = 32, desc_size = 4;
781
782 bos = kmalloc(alloc_size, GFP_KERNEL);
783 if (bos == NULL)
784 return -ENOMEM;
785 result = usb_get_descriptor(usb_dev, USB_DT_BOS, 0, bos, desc_size);
786 if (result < 4) {
787 dev_err(dev, "Can't get BOS descriptor or too short: %zd\n",
788 result);
789 goto error_get_descriptor;
790 }
791 desc_size = le16_to_cpu(bos->wTotalLength);
792 if (desc_size >= alloc_size) {
793 kfree(bos);
794 alloc_size = desc_size;
795 bos = kmalloc(alloc_size, GFP_KERNEL);
796 if (bos == NULL)
797 return -ENOMEM;
798 }
799 result = usb_get_descriptor(usb_dev, USB_DT_BOS, 0, bos, desc_size);
800 if (result < 0 || result != desc_size) {
801 dev_err(dev, "Can't get BOS descriptor or too short (need "
802 "%zu bytes): %zd\n", desc_size, result);
803 goto error_get_descriptor;
804 }
805 if (result < sizeof(*bos)
806 || le16_to_cpu(bos->wTotalLength) != desc_size) {
807 dev_err(dev, "Can't get BOS descriptor or too short (need "
808 "%zu bytes): %zd\n", desc_size, result);
809 goto error_get_descriptor;
810 }
811
812 result = wusb_dev_bos_grok(usb_dev, wusb_dev, bos, result);
813 if (result < 0)
814 goto error_bad_bos;
815 wusb_dev->bos = bos;
816 return 0;
817
818 error_bad_bos:
819 error_get_descriptor:
820 kfree(bos);
821 wusb_dev->wusb_cap_descr = NULL;
822 return result;
823 }
824
825 static void wusb_dev_bos_rm(struct wusb_dev *wusb_dev)
826 {
827 kfree(wusb_dev->bos);
828 wusb_dev->wusb_cap_descr = NULL;
829 };
830
831 /*
832 * USB stack's device addition Notifier Callback
833 *
834 * Called from drivers/usb/core/hub.c when a new device is added; we
835 * use this hook to perform certain WUSB specific setup work on the
836 * new device. As well, it is the first time we can connect the
837 * wusb_dev and the usb_dev. So we note it down in wusb_dev and take a
838 * reference that we'll drop.
839 *
840 * First we need to determine if the device is a WUSB device (else we
841 * ignore it). For that we use the speed setting (USB_SPEED_WIRELESS)
842 * [FIXME: maybe we'd need something more definitive]. If so, we track
843 * it's usb_busd and from there, the WUSB HC.
844 *
845 * Because all WUSB HCs are contained in a 'struct wusbhc', voila, we
846 * get the wusbhc for the device.
847 *
848 * We have a reference on @usb_dev (as we are called at the end of its
849 * enumeration).
850 *
851 * NOTE: @usb_dev locked
852 */
853 static void wusb_dev_add_ncb(struct usb_device *usb_dev)
854 {
855 int result = 0;
856 struct wusb_dev *wusb_dev;
857 struct wusbhc *wusbhc;
858 struct device *dev = &usb_dev->dev;
859 u8 port_idx;
860
861 if (usb_dev->wusb == 0 || usb_dev->devnum == 1)
862 return; /* skip non wusb and wusb RHs */
863
864 usb_set_device_state(usb_dev, USB_STATE_UNAUTHENTICATED);
865
866 wusbhc = wusbhc_get_by_usb_dev(usb_dev);
867 if (wusbhc == NULL)
868 goto error_nodev;
869 mutex_lock(&wusbhc->mutex);
870 wusb_dev = __wusb_dev_get_by_usb_dev(wusbhc, usb_dev);
871 port_idx = wusb_port_no_to_idx(usb_dev->portnum);
872 mutex_unlock(&wusbhc->mutex);
873 if (wusb_dev == NULL)
874 goto error_nodev;
875 wusb_dev->usb_dev = usb_get_dev(usb_dev);
876 usb_dev->wusb_dev = wusb_dev_get(wusb_dev);
877 result = wusb_dev_sec_add(wusbhc, usb_dev, wusb_dev);
878 if (result < 0) {
879 dev_err(dev, "Cannot enable security: %d\n", result);
880 goto error_sec_add;
881 }
882 /* Now query the device for it's BOS and attach it to wusb_dev */
883 result = wusb_dev_bos_add(usb_dev, wusb_dev);
884 if (result < 0) {
885 dev_err(dev, "Cannot get BOS descriptors: %d\n", result);
886 goto error_bos_add;
887 }
888 result = wusb_dev_sysfs_add(wusbhc, usb_dev, wusb_dev);
889 if (result < 0)
890 goto error_add_sysfs;
891 out:
892 wusb_dev_put(wusb_dev);
893 wusbhc_put(wusbhc);
894 error_nodev:
895 return;
896
897 error_add_sysfs:
898 wusb_dev_bos_rm(wusb_dev);
899 error_bos_add:
900 wusb_dev_sec_rm(wusb_dev);
901 error_sec_add:
902 mutex_lock(&wusbhc->mutex);
903 __wusbhc_dev_disconnect(wusbhc, wusb_port_by_idx(wusbhc, port_idx));
904 mutex_unlock(&wusbhc->mutex);
905 goto out;
906 }
907
908 /*
909 * Undo all the steps done at connection by the notifier callback
910 *
911 * NOTE: @usb_dev locked
912 */
913 static void wusb_dev_rm_ncb(struct usb_device *usb_dev)
914 {
915 struct wusb_dev *wusb_dev = usb_dev->wusb_dev;
916
917 if (usb_dev->wusb == 0 || usb_dev->devnum == 1)
918 return; /* skip non wusb and wusb RHs */
919
920 wusb_dev_sysfs_rm(wusb_dev);
921 wusb_dev_bos_rm(wusb_dev);
922 wusb_dev_sec_rm(wusb_dev);
923 wusb_dev->usb_dev = NULL;
924 usb_dev->wusb_dev = NULL;
925 wusb_dev_put(wusb_dev);
926 usb_put_dev(usb_dev);
927 }
928
929 /*
930 * Handle notifications from the USB stack (notifier call back)
931 *
932 * This is called when the USB stack does a
933 * usb_{bus,device}_{add,remove}() so we can do WUSB specific
934 * handling. It is called with [for the case of
935 * USB_DEVICE_{ADD,REMOVE} with the usb_dev locked.
936 */
937 int wusb_usb_ncb(struct notifier_block *nb, unsigned long val,
938 void *priv)
939 {
940 int result = NOTIFY_OK;
941
942 switch (val) {
943 case USB_DEVICE_ADD:
944 wusb_dev_add_ncb(priv);
945 break;
946 case USB_DEVICE_REMOVE:
947 wusb_dev_rm_ncb(priv);
948 break;
949 case USB_BUS_ADD:
950 /* ignore (for now) */
951 case USB_BUS_REMOVE:
952 break;
953 default:
954 WARN_ON(1);
955 result = NOTIFY_BAD;
956 }
957 return result;
958 }
959
960 /*
961 * Return a referenced wusb_dev given a @wusbhc and @usb_dev
962 */
963 struct wusb_dev *__wusb_dev_get_by_usb_dev(struct wusbhc *wusbhc,
964 struct usb_device *usb_dev)
965 {
966 struct wusb_dev *wusb_dev;
967 u8 port_idx;
968
969 port_idx = wusb_port_no_to_idx(usb_dev->portnum);
970 BUG_ON(port_idx > wusbhc->ports_max);
971 wusb_dev = wusb_port_by_idx(wusbhc, port_idx)->wusb_dev;
972 if (wusb_dev != NULL) /* ops, device is gone */
973 wusb_dev_get(wusb_dev);
974 return wusb_dev;
975 }
976 EXPORT_SYMBOL_GPL(__wusb_dev_get_by_usb_dev);
977
978 void wusb_dev_destroy(struct kref *_wusb_dev)
979 {
980 struct wusb_dev *wusb_dev = container_of(_wusb_dev, struct wusb_dev, refcnt);
981
982 list_del_init(&wusb_dev->cack_node);
983 wusb_dev_free(wusb_dev);
984 }
985 EXPORT_SYMBOL_GPL(wusb_dev_destroy);
986
987 /*
988 * Create all the device connect handling infrastructure
989 *
990 * This is basically the device info array, Connect Acknowledgement
991 * (cack) lists, keep-alive timers (and delayed work thread).
992 */
993 int wusbhc_devconnect_create(struct wusbhc *wusbhc)
994 {
995 wusbhc->keep_alive_ie.hdr.bIEIdentifier = WUIE_ID_KEEP_ALIVE;
996 wusbhc->keep_alive_ie.hdr.bLength = sizeof(wusbhc->keep_alive_ie.hdr);
997 INIT_DELAYED_WORK(&wusbhc->keep_alive_timer, wusbhc_keep_alive_run);
998
999 wusbhc->cack_ie.hdr.bIEIdentifier = WUIE_ID_CONNECTACK;
1000 wusbhc->cack_ie.hdr.bLength = sizeof(wusbhc->cack_ie.hdr);
1001 INIT_LIST_HEAD(&wusbhc->cack_list);
1002
1003 return 0;
1004 }
1005
1006 /*
1007 * Release all resources taken by the devconnect stuff
1008 */
1009 void wusbhc_devconnect_destroy(struct wusbhc *wusbhc)
1010 {
1011 /* no op */
1012 }
1013
1014 /*
1015 * wusbhc_devconnect_start - start accepting device connections
1016 * @wusbhc: the WUSB HC
1017 *
1018 * Sets the Host Info IE to accept all new connections.
1019 *
1020 * FIXME: This also enables the keep alives but this is not necessary
1021 * until there are connected and authenticated devices.
1022 */
1023 int wusbhc_devconnect_start(struct wusbhc *wusbhc)
1024 {
1025 struct device *dev = wusbhc->dev;
1026 struct wuie_host_info *hi;
1027 int result;
1028
1029 hi = kzalloc(sizeof(*hi), GFP_KERNEL);
1030 if (hi == NULL)
1031 return -ENOMEM;
1032
1033 hi->hdr.bLength = sizeof(*hi);
1034 hi->hdr.bIEIdentifier = WUIE_ID_HOST_INFO;
1035 hi->attributes = cpu_to_le16((wusbhc->rsv->stream << 3) | WUIE_HI_CAP_ALL);
1036 hi->CHID = wusbhc->chid;
1037 result = wusbhc_mmcie_set(wusbhc, 0, 0, &hi->hdr);
1038 if (result < 0) {
1039 dev_err(dev, "Cannot add Host Info MMCIE: %d\n", result);
1040 goto error_mmcie_set;
1041 }
1042 wusbhc->wuie_host_info = hi;
1043
1044 queue_delayed_work(wusbd, &wusbhc->keep_alive_timer,
1045 msecs_to_jiffies(wusbhc->trust_timeout / 2));
1046
1047 return 0;
1048
1049 error_mmcie_set:
1050 kfree(hi);
1051 return result;
1052 }
1053
1054 /*
1055 * wusbhc_devconnect_stop - stop managing connected devices
1056 * @wusbhc: the WUSB HC
1057 *
1058 * Disconnects any devices still connected, stops the keep alives and
1059 * removes the Host Info IE.
1060 */
1061 void wusbhc_devconnect_stop(struct wusbhc *wusbhc)
1062 {
1063 int i;
1064
1065 mutex_lock(&wusbhc->mutex);
1066 for (i = 0; i < wusbhc->ports_max; i++) {
1067 if (wusbhc->port[i].wusb_dev)
1068 __wusbhc_dev_disconnect(wusbhc, &wusbhc->port[i]);
1069 }
1070 mutex_unlock(&wusbhc->mutex);
1071
1072 cancel_delayed_work_sync(&wusbhc->keep_alive_timer);
1073 wusbhc_mmcie_rm(wusbhc, &wusbhc->wuie_host_info->hdr);
1074 kfree(wusbhc->wuie_host_info);
1075 wusbhc->wuie_host_info = NULL;
1076 }
1077
1078 /*
1079 * wusb_set_dev_addr - set the WUSB device address used by the host
1080 * @wusbhc: the WUSB HC the device is connect to
1081 * @wusb_dev: the WUSB device
1082 * @addr: new device address
1083 */
1084 int wusb_set_dev_addr(struct wusbhc *wusbhc, struct wusb_dev *wusb_dev, u8 addr)
1085 {
1086 int result;
1087
1088 wusb_dev->addr = addr;
1089 result = wusbhc->dev_info_set(wusbhc, wusb_dev);
1090 if (result < 0)
1091 dev_err(wusbhc->dev, "device %d: failed to set device "
1092 "address\n", wusb_dev->port_idx);
1093 else
1094 dev_info(wusbhc->dev, "device %d: %s addr %u\n",
1095 wusb_dev->port_idx,
1096 (addr & WUSB_DEV_ADDR_UNAUTH) ? "unauth" : "auth",
1097 wusb_dev->addr);
1098
1099 return result;
1100 }
Ubuntu Jammy Linux kernel mirror