[PATCH] dm-crypt: zero key before freeing it
[linux-3.10.git] / drivers / bluetooth / hci_h4.c
1 /*
2  *
3  *  Bluetooth HCI UART driver
4  *
5  *  Copyright (C) 2000-2001  Qualcomm Incorporated
6  *  Copyright (C) 2002-2003  Maxim Krasnyansky <maxk@qualcomm.com>
7  *  Copyright (C) 2004-2005  Marcel Holtmann <marcel@holtmann.org>
8  *
9  *
10  *  This program is free software; you can redistribute it and/or modify
11  *  it under the terms of the GNU General Public License as published by
12  *  the Free Software Foundation; either version 2 of the License, or
13  *  (at your option) any later version.
14  *
15  *  This program is distributed in the hope that it will be useful,
16  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
17  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
18  *  GNU General Public License for more details.
19  *
20  *  You should have received a copy of the GNU General Public License
21  *  along with this program; if not, write to the Free Software
22  *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
23  *
24  */
25
26 #include <linux/config.h>
27 #include <linux/module.h>
28
29 #include <linux/kernel.h>
30 #include <linux/init.h>
31 #include <linux/sched.h>
32 #include <linux/types.h>
33 #include <linux/fcntl.h>
34 #include <linux/interrupt.h>
35 #include <linux/ptrace.h>
36 #include <linux/poll.h>
37
38 #include <linux/slab.h>
39 #include <linux/tty.h>
40 #include <linux/errno.h>
41 #include <linux/string.h>
42 #include <linux/signal.h>
43 #include <linux/ioctl.h>
44 #include <linux/skbuff.h>
45
46 #include <net/bluetooth/bluetooth.h>
47 #include <net/bluetooth/hci_core.h>
48
49 #include "hci_uart.h"
50
51 #ifndef CONFIG_BT_HCIUART_DEBUG
52 #undef  BT_DBG
53 #define BT_DBG( A... )
54 #endif
55
56 #define VERSION "1.2"
57
58 struct h4_struct {
59         unsigned long rx_state;
60         unsigned long rx_count;
61         struct sk_buff *rx_skb;
62         struct sk_buff_head txq;
63 };
64
65 /* H4 receiver States */
66 #define H4_W4_PACKET_TYPE       0
67 #define H4_W4_EVENT_HDR         1
68 #define H4_W4_ACL_HDR           2
69 #define H4_W4_SCO_HDR           3
70 #define H4_W4_DATA              4
71
72 /* Initialize protocol */
73 static int h4_open(struct hci_uart *hu)
74 {
75         struct h4_struct *h4;
76
77         BT_DBG("hu %p", hu);
78
79         h4 = kzalloc(sizeof(*h4), GFP_ATOMIC);
80         if (!h4)
81                 return -ENOMEM;
82
83         skb_queue_head_init(&h4->txq);
84
85         hu->priv = h4;
86         return 0;
87 }
88
89 /* Flush protocol data */
90 static int h4_flush(struct hci_uart *hu)
91 {
92         struct h4_struct *h4 = hu->priv;
93
94         BT_DBG("hu %p", hu);
95
96         skb_queue_purge(&h4->txq);
97
98         return 0;
99 }
100
101 /* Close protocol */
102 static int h4_close(struct hci_uart *hu)
103 {
104         struct h4_struct *h4 = hu->priv;
105
106         hu->priv = NULL;
107
108         BT_DBG("hu %p", hu);
109
110         skb_queue_purge(&h4->txq);
111
112         if (h4->rx_skb)
113                 kfree_skb(h4->rx_skb);
114
115         hu->priv = NULL;
116         kfree(h4);
117
118         return 0;
119 }
120
121 /* Enqueue frame for transmittion (padding, crc, etc) */
122 static int h4_enqueue(struct hci_uart *hu, struct sk_buff *skb)
123 {
124         struct h4_struct *h4 = hu->priv;
125
126         BT_DBG("hu %p skb %p", hu, skb);
127
128         /* Prepend skb with frame type */
129         memcpy(skb_push(skb, 1), &bt_cb(skb)->pkt_type, 1);
130         skb_queue_tail(&h4->txq, skb);
131
132         return 0;
133 }
134
135 static inline int h4_check_data_len(struct h4_struct *h4, int len)
136 {
137         register int room = skb_tailroom(h4->rx_skb);
138
139         BT_DBG("len %d room %d", len, room);
140
141         if (!len) {
142                 hci_recv_frame(h4->rx_skb);
143         } else if (len > room) {
144                 BT_ERR("Data length is too large");
145                 kfree_skb(h4->rx_skb);
146         } else {
147                 h4->rx_state = H4_W4_DATA;
148                 h4->rx_count = len;
149                 return len;
150         }
151
152         h4->rx_state = H4_W4_PACKET_TYPE;
153         h4->rx_skb   = NULL;
154         h4->rx_count = 0;
155
156         return 0;
157 }
158
159 /* Recv data */
160 static int h4_recv(struct hci_uart *hu, void *data, int count)
161 {
162         struct h4_struct *h4 = hu->priv;
163         register char *ptr;
164         struct hci_event_hdr *eh;
165         struct hci_acl_hdr   *ah;
166         struct hci_sco_hdr   *sh;
167         register int len, type, dlen;
168
169         BT_DBG("hu %p count %d rx_state %ld rx_count %ld", 
170                         hu, count, h4->rx_state, h4->rx_count);
171
172         ptr = data;
173         while (count) {
174                 if (h4->rx_count) {
175                         len = min_t(unsigned int, h4->rx_count, count);
176                         memcpy(skb_put(h4->rx_skb, len), ptr, len);
177                         h4->rx_count -= len; count -= len; ptr += len;
178
179                         if (h4->rx_count)
180                                 continue;
181
182                         switch (h4->rx_state) {
183                         case H4_W4_DATA:
184                                 BT_DBG("Complete data");
185
186                                 hci_recv_frame(h4->rx_skb);
187
188                                 h4->rx_state = H4_W4_PACKET_TYPE;
189                                 h4->rx_skb = NULL;
190                                 continue;
191
192                         case H4_W4_EVENT_HDR:
193                                 eh = (struct hci_event_hdr *) h4->rx_skb->data;
194
195                                 BT_DBG("Event header: evt 0x%2.2x plen %d", eh->evt, eh->plen);
196
197                                 h4_check_data_len(h4, eh->plen);
198                                 continue;
199
200                         case H4_W4_ACL_HDR:
201                                 ah = (struct hci_acl_hdr *) h4->rx_skb->data;
202                                 dlen = __le16_to_cpu(ah->dlen);
203
204                                 BT_DBG("ACL header: dlen %d", dlen);
205
206                                 h4_check_data_len(h4, dlen);
207                                 continue;
208
209                         case H4_W4_SCO_HDR:
210                                 sh = (struct hci_sco_hdr *) h4->rx_skb->data;
211
212                                 BT_DBG("SCO header: dlen %d", sh->dlen);
213
214                                 h4_check_data_len(h4, sh->dlen);
215                                 continue;
216                         }
217                 }
218
219                 /* H4_W4_PACKET_TYPE */
220                 switch (*ptr) {
221                 case HCI_EVENT_PKT:
222                         BT_DBG("Event packet");
223                         h4->rx_state = H4_W4_EVENT_HDR;
224                         h4->rx_count = HCI_EVENT_HDR_SIZE;
225                         type = HCI_EVENT_PKT;
226                         break;
227
228                 case HCI_ACLDATA_PKT:
229                         BT_DBG("ACL packet");
230                         h4->rx_state = H4_W4_ACL_HDR;
231                         h4->rx_count = HCI_ACL_HDR_SIZE;
232                         type = HCI_ACLDATA_PKT;
233                         break;
234
235                 case HCI_SCODATA_PKT:
236                         BT_DBG("SCO packet");
237                         h4->rx_state = H4_W4_SCO_HDR;
238                         h4->rx_count = HCI_SCO_HDR_SIZE;
239                         type = HCI_SCODATA_PKT;
240                         break;
241
242                 default:
243                         BT_ERR("Unknown HCI packet type %2.2x", (__u8)*ptr);
244                         hu->hdev->stat.err_rx++;
245                         ptr++; count--;
246                         continue;
247                 };
248
249                 ptr++; count--;
250
251                 /* Allocate packet */
252                 h4->rx_skb = bt_skb_alloc(HCI_MAX_FRAME_SIZE, GFP_ATOMIC);
253                 if (!h4->rx_skb) {
254                         BT_ERR("Can't allocate mem for new packet");
255                         h4->rx_state = H4_W4_PACKET_TYPE;
256                         h4->rx_count = 0;
257                         return 0;
258                 }
259
260                 h4->rx_skb->dev = (void *) hu->hdev;
261                 bt_cb(h4->rx_skb)->pkt_type = type;
262         }
263
264         return count;
265 }
266
267 static struct sk_buff *h4_dequeue(struct hci_uart *hu)
268 {
269         struct h4_struct *h4 = hu->priv;
270         return skb_dequeue(&h4->txq);
271 }
272
273 static struct hci_uart_proto h4p = {
274         .id             = HCI_UART_H4,
275         .open           = h4_open,
276         .close          = h4_close,
277         .recv           = h4_recv,
278         .enqueue        = h4_enqueue,
279         .dequeue        = h4_dequeue,
280         .flush          = h4_flush,
281 };
282
283 int h4_init(void)
284 {
285         int err = hci_uart_register_proto(&h4p);
286
287         if (!err)
288                 BT_INFO("HCI H4 protocol initialized");
289         else
290                 BT_ERR("HCI H4 protocol registration failed");
291
292         return err;
293 }
294
295 int h4_deinit(void)
296 {
297         return hci_uart_unregister_proto(&h4p);
298 }