ALSA: asihpi: check return value of get_user()
[linux-2.6.git] / sound / pci / asihpi / hpioctl.c
1 /*******************************************************************************
2
3     AudioScience HPI driver
4     Copyright (C) 1997-2010  AudioScience Inc. <support@audioscience.com>
5
6     This program is free software; you can redistribute it and/or modify
7     it under the terms of version 2 of the GNU General Public License as
8     published by the Free Software Foundation;
9
10     This program is distributed in the hope that it will be useful,
11     but WITHOUT ANY WARRANTY; without even the implied warranty of
12     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
13     GNU General Public License for more details.
14
15     You should have received a copy of the GNU General Public License
16     along with this program; if not, write to the Free Software
17     Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
18
19 Common Linux HPI ioctl and module probe/remove functions
20 *******************************************************************************/
21 #define SOURCEFILE_NAME "hpioctl.c"
22
23 #include "hpi_internal.h"
24 #include "hpimsginit.h"
25 #include "hpidebug.h"
26 #include "hpimsgx.h"
27 #include "hpioctl.h"
28
29 #include <linux/fs.h>
30 #include <linux/slab.h>
31 #include <linux/moduleparam.h>
32 #include <asm/uaccess.h>
33 #include <linux/stringify.h>
34
35 #ifdef MODULE_FIRMWARE
36 MODULE_FIRMWARE("asihpi/dsp5000.bin");
37 MODULE_FIRMWARE("asihpi/dsp6200.bin");
38 MODULE_FIRMWARE("asihpi/dsp6205.bin");
39 MODULE_FIRMWARE("asihpi/dsp6400.bin");
40 MODULE_FIRMWARE("asihpi/dsp6600.bin");
41 MODULE_FIRMWARE("asihpi/dsp8700.bin");
42 MODULE_FIRMWARE("asihpi/dsp8900.bin");
43 #endif
44
45 static int prealloc_stream_buf;
46 module_param(prealloc_stream_buf, int, S_IRUGO);
47 MODULE_PARM_DESC(prealloc_stream_buf,
48         "preallocate size for per-adapter stream buffer");
49
50 /* Allow the debug level to be changed after module load.
51  E.g.   echo 2 > /sys/module/asihpi/parameters/hpiDebugLevel
52 */
53 module_param(hpi_debug_level, int, S_IRUGO | S_IWUSR);
54 MODULE_PARM_DESC(hpi_debug_level, "debug verbosity 0..5");
55
56 /* List of adapters found */
57 static struct hpi_adapter adapters[HPI_MAX_ADAPTERS];
58
59 /* Wrapper function to HPI_Message to enable dumping of the
60    message and response types.
61 */
62 static void hpi_send_recv_f(struct hpi_message *phm, struct hpi_response *phr,
63         struct file *file)
64 {
65         int adapter = phm->adapter_index;
66
67         if ((adapter >= HPI_MAX_ADAPTERS || adapter < 0)
68                 && (phm->object != HPI_OBJ_SUBSYSTEM))
69                 phr->error = HPI_ERROR_INVALID_OBJ_INDEX;
70         else
71                 hpi_send_recv_ex(phm, phr, file);
72 }
73
74 /* This is called from hpifunc.c functions, called by ALSA
75  * (or other kernel process) In this case there is no file descriptor
76  * available for the message cache code
77  */
78 void hpi_send_recv(struct hpi_message *phm, struct hpi_response *phr)
79 {
80         hpi_send_recv_f(phm, phr, HOWNER_KERNEL);
81 }
82
83 EXPORT_SYMBOL(hpi_send_recv);
84 /* for radio-asihpi */
85
86 int asihpi_hpi_release(struct file *file)
87 {
88         struct hpi_message hm;
89         struct hpi_response hr;
90
91 /* HPI_DEBUG_LOG(INFO,"hpi_release file %p, pid %d\n", file, current->pid); */
92         /* close the subsystem just in case the application forgot to. */
93         hpi_init_message_response(&hm, &hr, HPI_OBJ_SUBSYSTEM,
94                 HPI_SUBSYS_CLOSE);
95         hpi_send_recv_ex(&hm, &hr, file);
96         return 0;
97 }
98
99 long asihpi_hpi_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
100 {
101         struct hpi_ioctl_linux __user *phpi_ioctl_data;
102         void __user *puhm;
103         void __user *puhr;
104         union hpi_message_buffer_v1 *hm;
105         union hpi_response_buffer_v1 *hr;
106         u16 res_max_size;
107         u32 uncopied_bytes;
108         struct hpi_adapter *pa = NULL;
109         int err = 0;
110
111         if (cmd != HPI_IOCTL_LINUX)
112                 return -EINVAL;
113
114         hm = kmalloc(sizeof(*hm), GFP_KERNEL);
115         hr = kmalloc(sizeof(*hr), GFP_KERNEL);
116         if (!hm || !hr) {
117                 err = -ENOMEM;
118                 goto out;
119         }
120
121         phpi_ioctl_data = (struct hpi_ioctl_linux __user *)arg;
122
123         /* Read the message and response pointers from user space.  */
124         if (get_user(puhm, &phpi_ioctl_data->phm) ||
125             get_user(puhr, &phpi_ioctl_data->phr)) {
126                 err = -EFAULT;
127                 goto out;
128         }
129
130         /* Now read the message size and data from user space.  */
131         if (get_user(hm->h.size, (u16 __user *)puhm)) {
132                 err = -EFAULT;
133                 goto out;
134         }
135         if (hm->h.size > sizeof(*hm))
136                 hm->h.size = sizeof(*hm);
137
138         /*printk(KERN_INFO "message size %d\n", hm->h.wSize); */
139
140         uncopied_bytes = copy_from_user(hm, puhm, hm->h.size);
141         if (uncopied_bytes) {
142                 HPI_DEBUG_LOG(ERROR, "uncopied bytes %d\n", uncopied_bytes);
143                 err = -EFAULT;
144                 goto out;
145         }
146
147         if (get_user(res_max_size, (u16 __user *)puhr)) {
148                 err = -EFAULT;
149                 goto out;
150         }
151         /* printk(KERN_INFO "user response size %d\n", res_max_size); */
152         if (res_max_size < sizeof(struct hpi_response_header)) {
153                 HPI_DEBUG_LOG(WARNING, "small res size %d\n", res_max_size);
154                 err = -EFAULT;
155                 goto out;
156         }
157
158         pa = &adapters[hm->h.adapter_index];
159         hr->h.size = 0;
160         if (hm->h.object == HPI_OBJ_SUBSYSTEM) {
161                 switch (hm->h.function) {
162                 case HPI_SUBSYS_CREATE_ADAPTER:
163                 case HPI_SUBSYS_DELETE_ADAPTER:
164                         /* Application must not use these functions! */
165                         hr->h.size = sizeof(hr->h);
166                         hr->h.error = HPI_ERROR_INVALID_OPERATION;
167                         hr->h.function = hm->h.function;
168                         uncopied_bytes = copy_to_user(puhr, hr, hr->h.size);
169                         if (uncopied_bytes)
170                                 err = -EFAULT;
171                         else
172                                 err = 0;
173                         goto out;
174
175                 default:
176                         hpi_send_recv_f(&hm->m0, &hr->r0, file);
177                 }
178         } else {
179                 u16 __user *ptr = NULL;
180                 u32 size = 0;
181
182                 /* -1=no data 0=read from user mem, 1=write to user mem */
183                 int wrflag = -1;
184                 u32 adapter = hm->h.adapter_index;
185
186                 if ((hm->h.adapter_index > HPI_MAX_ADAPTERS) || (!pa->type)) {
187                         hpi_init_response(&hr->r0, HPI_OBJ_ADAPTER,
188                                 HPI_ADAPTER_OPEN,
189                                 HPI_ERROR_BAD_ADAPTER_NUMBER);
190
191                         uncopied_bytes =
192                                 copy_to_user(puhr, hr, sizeof(hr->h));
193                         if (uncopied_bytes)
194                                 err = -EFAULT;
195                         else
196                                 err = 0;
197                         goto out;
198                 }
199
200                 if (mutex_lock_interruptible(&adapters[adapter].mutex)) {
201                         err = -EINTR;
202                         goto out;
203                 }
204
205                 /* Dig out any pointers embedded in the message.  */
206                 switch (hm->h.function) {
207                 case HPI_OSTREAM_WRITE:
208                 case HPI_ISTREAM_READ:{
209                                 /* Yes, sparse, this is correct. */
210                                 ptr = (u16 __user *)hm->m0.u.d.u.data.pb_data;
211                                 size = hm->m0.u.d.u.data.data_size;
212
213                                 /* Allocate buffer according to application request.
214                                    ?Is it better to alloc/free for the duration
215                                    of the transaction?
216                                  */
217                                 if (pa->buffer_size < size) {
218                                         HPI_DEBUG_LOG(DEBUG,
219                                                 "realloc adapter %d stream "
220                                                 "buffer from %zd to %d\n",
221                                                 hm->h.adapter_index,
222                                                 pa->buffer_size, size);
223                                         if (pa->p_buffer) {
224                                                 pa->buffer_size = 0;
225                                                 vfree(pa->p_buffer);
226                                         }
227                                         pa->p_buffer = vmalloc(size);
228                                         if (pa->p_buffer)
229                                                 pa->buffer_size = size;
230                                         else {
231                                                 HPI_DEBUG_LOG(ERROR,
232                                                         "HPI could not allocate "
233                                                         "stream buffer size %d\n",
234                                                         size);
235
236                                                 mutex_unlock(&adapters
237                                                         [adapter].mutex);
238                                                 err = -EINVAL;
239                                                 goto out;
240                                         }
241                                 }
242
243                                 hm->m0.u.d.u.data.pb_data = pa->p_buffer;
244                                 if (hm->h.function == HPI_ISTREAM_READ)
245                                         /* from card, WRITE to user mem */
246                                         wrflag = 1;
247                                 else
248                                         wrflag = 0;
249                                 break;
250                         }
251
252                 default:
253                         size = 0;
254                         break;
255                 }
256
257                 if (size && (wrflag == 0)) {
258                         uncopied_bytes =
259                                 copy_from_user(pa->p_buffer, ptr, size);
260                         if (uncopied_bytes)
261                                 HPI_DEBUG_LOG(WARNING,
262                                         "missed %d of %d "
263                                         "bytes from user\n", uncopied_bytes,
264                                         size);
265                 }
266
267                 hpi_send_recv_f(&hm->m0, &hr->r0, file);
268
269                 if (size && (wrflag == 1)) {
270                         uncopied_bytes =
271                                 copy_to_user(ptr, pa->p_buffer, size);
272                         if (uncopied_bytes)
273                                 HPI_DEBUG_LOG(WARNING,
274                                         "missed %d of %d " "bytes to user\n",
275                                         uncopied_bytes, size);
276                 }
277
278                 mutex_unlock(&adapters[adapter].mutex);
279         }
280
281         /* on return response size must be set */
282         /*printk(KERN_INFO "response size %d\n", hr->h.wSize); */
283
284         if (!hr->h.size) {
285                 HPI_DEBUG_LOG(ERROR, "response zero size\n");
286                 err = -EFAULT;
287                 goto out;
288         }
289
290         if (hr->h.size > res_max_size) {
291                 HPI_DEBUG_LOG(ERROR, "response too big %d %d\n", hr->h.size,
292                         res_max_size);
293                 /*HPI_DEBUG_MESSAGE(ERROR, hm); */
294                 err = -EFAULT;
295                 goto out;
296         }
297
298         uncopied_bytes = copy_to_user(puhr, hr, hr->h.size);
299         if (uncopied_bytes) {
300                 HPI_DEBUG_LOG(ERROR, "uncopied bytes %d\n", uncopied_bytes);
301                 err = -EFAULT;
302                 goto out;
303         }
304
305 out:
306         kfree(hm);
307         kfree(hr);
308         return err;
309 }
310
311 int __devinit asihpi_adapter_probe(struct pci_dev *pci_dev,
312         const struct pci_device_id *pci_id)
313 {
314         int err, idx, nm;
315         unsigned int memlen;
316         struct hpi_message hm;
317         struct hpi_response hr;
318         struct hpi_adapter adapter;
319         struct hpi_pci pci;
320
321         memset(&adapter, 0, sizeof(adapter));
322
323         printk(KERN_DEBUG "probe PCI device (%04x:%04x,%04x:%04x,%04x)\n",
324                 pci_dev->vendor, pci_dev->device, pci_dev->subsystem_vendor,
325                 pci_dev->subsystem_device, pci_dev->devfn);
326
327         hpi_init_message_response(&hm, &hr, HPI_OBJ_SUBSYSTEM,
328                 HPI_SUBSYS_CREATE_ADAPTER);
329         hpi_init_response(&hr, HPI_OBJ_SUBSYSTEM, HPI_SUBSYS_CREATE_ADAPTER,
330                 HPI_ERROR_PROCESSING_MESSAGE);
331
332         hm.adapter_index = -1;  /* an invalid index */
333
334         /* fill in HPI_PCI information from kernel provided information */
335         adapter.pci = pci_dev;
336
337         nm = HPI_MAX_ADAPTER_MEM_SPACES;
338
339         for (idx = 0; idx < nm; idx++) {
340                 HPI_DEBUG_LOG(INFO, "resource %d %s %08llx-%08llx %04llx\n",
341                         idx, pci_dev->resource[idx].name,
342                         (unsigned long long)pci_resource_start(pci_dev, idx),
343                         (unsigned long long)pci_resource_end(pci_dev, idx),
344                         (unsigned long long)pci_resource_flags(pci_dev, idx));
345
346                 if (pci_resource_flags(pci_dev, idx) & IORESOURCE_MEM) {
347                         memlen = pci_resource_len(pci_dev, idx);
348                         adapter.ap_remapped_mem_base[idx] =
349                                 ioremap(pci_resource_start(pci_dev, idx),
350                                 memlen);
351                         if (!adapter.ap_remapped_mem_base[idx]) {
352                                 HPI_DEBUG_LOG(ERROR,
353                                         "ioremap failed, aborting\n");
354                                 /* unmap previously mapped pci mem space */
355                                 goto err;
356                         }
357                 }
358
359                 pci.ap_mem_base[idx] = adapter.ap_remapped_mem_base[idx];
360         }
361
362         /* could replace Pci with direct pointer to pci_dev for linux
363            Instead wrap accessor functions for IDs etc.
364            Would it work for windows?
365          */
366         pci.bus_number = pci_dev->bus->number;
367         pci.vendor_id = (u16)pci_dev->vendor;
368         pci.device_id = (u16)pci_dev->device;
369         pci.subsys_vendor_id = (u16)(pci_dev->subsystem_vendor & 0xffff);
370         pci.subsys_device_id = (u16)(pci_dev->subsystem_device & 0xffff);
371         pci.device_number = pci_dev->devfn;
372         pci.interrupt = pci_dev->irq;
373         pci.p_os_data = pci_dev;
374
375         hm.u.s.resource.bus_type = HPI_BUS_PCI;
376         hm.u.s.resource.r.pci = &pci;
377
378         /* call CreateAdapterObject on the relevant hpi module */
379         hpi_send_recv_ex(&hm, &hr, HOWNER_KERNEL);
380         if (hr.error)
381                 goto err;
382
383         if (prealloc_stream_buf) {
384                 adapter.p_buffer = vmalloc(prealloc_stream_buf);
385                 if (!adapter.p_buffer) {
386                         HPI_DEBUG_LOG(ERROR,
387                                 "HPI could not allocate "
388                                 "kernel buffer size %d\n",
389                                 prealloc_stream_buf);
390                         goto err;
391                 }
392         }
393
394         adapter.index = hr.u.s.adapter_index;
395         adapter.type = hr.u.s.aw_adapter_list[adapter.index];
396         hm.adapter_index = adapter.index;
397
398         err = hpi_adapter_open(NULL, adapter.index);
399         if (err)
400                 goto err;
401
402         adapter.snd_card_asihpi = NULL;
403         /* WARNING can't init mutex in 'adapter'
404          * and then copy it to adapters[] ?!?!
405          */
406         adapters[hr.u.s.adapter_index] = adapter;
407         mutex_init(&adapters[adapter.index].mutex);
408         pci_set_drvdata(pci_dev, &adapters[adapter.index]);
409
410         printk(KERN_INFO "probe found adapter ASI%04X HPI index #%d.\n",
411                 adapter.type, adapter.index);
412
413         return 0;
414
415 err:
416         for (idx = 0; idx < HPI_MAX_ADAPTER_MEM_SPACES; idx++) {
417                 if (adapter.ap_remapped_mem_base[idx]) {
418                         iounmap(adapter.ap_remapped_mem_base[idx]);
419                         adapter.ap_remapped_mem_base[idx] = NULL;
420                 }
421         }
422
423         if (adapter.p_buffer) {
424                 adapter.buffer_size = 0;
425                 vfree(adapter.p_buffer);
426         }
427
428         HPI_DEBUG_LOG(ERROR, "adapter_probe failed\n");
429         return -ENODEV;
430 }
431
432 void __devexit asihpi_adapter_remove(struct pci_dev *pci_dev)
433 {
434         int idx;
435         struct hpi_message hm;
436         struct hpi_response hr;
437         struct hpi_adapter *pa;
438         pa = (struct hpi_adapter *)pci_get_drvdata(pci_dev);
439
440         hpi_init_message_response(&hm, &hr, HPI_OBJ_SUBSYSTEM,
441                 HPI_SUBSYS_DELETE_ADAPTER);
442         hm.adapter_index = pa->index;
443         hpi_send_recv_ex(&hm, &hr, HOWNER_KERNEL);
444
445         /* unmap PCI memory space, mapped during device init. */
446         for (idx = 0; idx < HPI_MAX_ADAPTER_MEM_SPACES; idx++) {
447                 if (pa->ap_remapped_mem_base[idx]) {
448                         iounmap(pa->ap_remapped_mem_base[idx]);
449                         pa->ap_remapped_mem_base[idx] = NULL;
450                 }
451         }
452
453         if (pa->p_buffer) {
454                 pa->buffer_size = 0;
455                 vfree(pa->p_buffer);
456         }
457
458         pci_set_drvdata(pci_dev, NULL);
459         /*
460            printk(KERN_INFO "PCI device (%04x:%04x,%04x:%04x,%04x),"
461            " HPI index # %d, removed.\n",
462            pci_dev->vendor, pci_dev->device,
463            pci_dev->subsystem_vendor,
464            pci_dev->subsystem_device, pci_dev->devfn,
465            pa->index);
466          */
467 }
468
469 void __init asihpi_init(void)
470 {
471         struct hpi_message hm;
472         struct hpi_response hr;
473
474         memset(adapters, 0, sizeof(adapters));
475
476         printk(KERN_INFO "ASIHPI driver " HPI_VER_STRING "\n");
477
478         hpi_init_message_response(&hm, &hr, HPI_OBJ_SUBSYSTEM,
479                 HPI_SUBSYS_DRIVER_LOAD);
480         hpi_send_recv_ex(&hm, &hr, HOWNER_KERNEL);
481 }
482
483 void asihpi_exit(void)
484 {
485         struct hpi_message hm;
486         struct hpi_response hr;
487
488         hpi_init_message_response(&hm, &hr, HPI_OBJ_SUBSYSTEM,
489                 HPI_SUBSYS_DRIVER_UNLOAD);
490         hpi_send_recv_ex(&hm, &hr, HOWNER_KERNEL);
491 }