aboutsummaryrefslogtreecommitdiffstats
path: root/drivers/usb/atm/usbatm.c
diff options
context:
space:
mode:
Diffstat (limited to 'drivers/usb/atm/usbatm.c')
-rw-r--r--drivers/usb/atm/usbatm.c574
1 files changed, 365 insertions, 209 deletions
diff --git a/drivers/usb/atm/usbatm.c b/drivers/usb/atm/usbatm.c
index 7af1883d4bf9..c1211fc037d9 100644
--- a/drivers/usb/atm/usbatm.c
+++ b/drivers/usb/atm/usbatm.c
@@ -72,6 +72,7 @@
72#include <linux/kernel.h> 72#include <linux/kernel.h>
73#include <linux/module.h> 73#include <linux/module.h>
74#include <linux/moduleparam.h> 74#include <linux/moduleparam.h>
75#include <linux/netdevice.h>
75#include <linux/proc_fs.h> 76#include <linux/proc_fs.h>
76#include <linux/sched.h> 77#include <linux/sched.h>
77#include <linux/signal.h> 78#include <linux/signal.h>
@@ -91,19 +92,18 @@ static int usbatm_print_packet(const unsigned char *data, int len);
91#endif 92#endif
92 93
93#define DRIVER_AUTHOR "Johan Verrept, Duncan Sands <duncan.sands@free.fr>" 94#define DRIVER_AUTHOR "Johan Verrept, Duncan Sands <duncan.sands@free.fr>"
94#define DRIVER_VERSION "1.9" 95#define DRIVER_VERSION "1.10"
95#define DRIVER_DESC "Generic USB ATM/DSL I/O, version " DRIVER_VERSION 96#define DRIVER_DESC "Generic USB ATM/DSL I/O, version " DRIVER_VERSION
96 97
97static const char usbatm_driver_name[] = "usbatm"; 98static const char usbatm_driver_name[] = "usbatm";
98 99
99#define UDSL_MAX_RCV_URBS 16 100#define UDSL_MAX_RCV_URBS 16
100#define UDSL_MAX_SND_URBS 16 101#define UDSL_MAX_SND_URBS 16
101#define UDSL_MAX_RCV_BUF_SIZE 1024 /* ATM cells */ 102#define UDSL_MAX_BUF_SIZE 64 * 1024 /* bytes */
102#define UDSL_MAX_SND_BUF_SIZE 1024 /* ATM cells */
103#define UDSL_DEFAULT_RCV_URBS 4 103#define UDSL_DEFAULT_RCV_URBS 4
104#define UDSL_DEFAULT_SND_URBS 4 104#define UDSL_DEFAULT_SND_URBS 4
105#define UDSL_DEFAULT_RCV_BUF_SIZE 64 /* ATM cells */ 105#define UDSL_DEFAULT_RCV_BUF_SIZE 64 * ATM_CELL_SIZE /* bytes */
106#define UDSL_DEFAULT_SND_BUF_SIZE 64 /* ATM cells */ 106#define UDSL_DEFAULT_SND_BUF_SIZE 64 * ATM_CELL_SIZE /* bytes */
107 107
108#define ATM_CELL_HEADER (ATM_CELL_SIZE - ATM_CELL_PAYLOAD) 108#define ATM_CELL_HEADER (ATM_CELL_SIZE - ATM_CELL_PAYLOAD)
109 109
@@ -111,8 +111,8 @@ static const char usbatm_driver_name[] = "usbatm";
111 111
112static unsigned int num_rcv_urbs = UDSL_DEFAULT_RCV_URBS; 112static unsigned int num_rcv_urbs = UDSL_DEFAULT_RCV_URBS;
113static unsigned int num_snd_urbs = UDSL_DEFAULT_SND_URBS; 113static unsigned int num_snd_urbs = UDSL_DEFAULT_SND_URBS;
114static unsigned int rcv_buf_size = UDSL_DEFAULT_RCV_BUF_SIZE; 114static unsigned int rcv_buf_bytes = UDSL_DEFAULT_RCV_BUF_SIZE;
115static unsigned int snd_buf_size = UDSL_DEFAULT_SND_BUF_SIZE; 115static unsigned int snd_buf_bytes = UDSL_DEFAULT_SND_BUF_SIZE;
116 116
117module_param(num_rcv_urbs, uint, S_IRUGO); 117module_param(num_rcv_urbs, uint, S_IRUGO);
118MODULE_PARM_DESC(num_rcv_urbs, 118MODULE_PARM_DESC(num_rcv_urbs,
@@ -126,15 +126,15 @@ MODULE_PARM_DESC(num_snd_urbs,
126 __MODULE_STRING(UDSL_MAX_SND_URBS) ", default: " 126 __MODULE_STRING(UDSL_MAX_SND_URBS) ", default: "
127 __MODULE_STRING(UDSL_DEFAULT_SND_URBS) ")"); 127 __MODULE_STRING(UDSL_DEFAULT_SND_URBS) ")");
128 128
129module_param(rcv_buf_size, uint, S_IRUGO); 129module_param(rcv_buf_bytes, uint, S_IRUGO);
130MODULE_PARM_DESC(rcv_buf_size, 130MODULE_PARM_DESC(rcv_buf_bytes,
131 "Size of the buffers used for reception in ATM cells (range: 1-" 131 "Size of the buffers used for reception, in bytes (range: 1-"
132 __MODULE_STRING(UDSL_MAX_RCV_BUF_SIZE) ", default: " 132 __MODULE_STRING(UDSL_MAX_BUF_SIZE) ", default: "
133 __MODULE_STRING(UDSL_DEFAULT_RCV_BUF_SIZE) ")"); 133 __MODULE_STRING(UDSL_DEFAULT_RCV_BUF_SIZE) ")");
134 134
135module_param(snd_buf_size, uint, S_IRUGO); 135module_param(snd_buf_bytes, uint, S_IRUGO);
136MODULE_PARM_DESC(snd_buf_size, 136MODULE_PARM_DESC(snd_buf_bytes,
137 "Size of the buffers used for transmission in ATM cells (range: 1-" 137 "Size of the buffers used for transmission, in bytes (range: 1-"
138 __MODULE_STRING(UDSL_MAX_SND_BUF_SIZE) ", default: " 138 __MODULE_STRING(UDSL_MAX_SND_BUF_SIZE) ", default: "
139 __MODULE_STRING(UDSL_DEFAULT_SND_BUF_SIZE) ")"); 139 __MODULE_STRING(UDSL_DEFAULT_SND_BUF_SIZE) ")");
140 140
@@ -166,10 +166,10 @@ struct usbatm_control {
166 166
167/* ATM */ 167/* ATM */
168 168
169static void usbatm_atm_dev_close(struct atm_dev *dev); 169static void usbatm_atm_dev_close(struct atm_dev *atm_dev);
170static int usbatm_atm_open(struct atm_vcc *vcc); 170static int usbatm_atm_open(struct atm_vcc *vcc);
171static void usbatm_atm_close(struct atm_vcc *vcc); 171static void usbatm_atm_close(struct atm_vcc *vcc);
172static int usbatm_atm_ioctl(struct atm_dev *dev, unsigned int cmd, void __user * arg); 172static int usbatm_atm_ioctl(struct atm_dev *atm_dev, unsigned int cmd, void __user * arg);
173static int usbatm_atm_send(struct atm_vcc *vcc, struct sk_buff *skb); 173static int usbatm_atm_send(struct atm_vcc *vcc, struct sk_buff *skb);
174static int usbatm_atm_proc_read(struct atm_dev *atm_dev, loff_t * pos, char *page); 174static int usbatm_atm_proc_read(struct atm_dev *atm_dev, loff_t * pos, char *page);
175 175
@@ -199,7 +199,7 @@ static inline void usbatm_pop(struct atm_vcc *vcc, struct sk_buff *skb)
199 if (vcc->pop) 199 if (vcc->pop)
200 vcc->pop(vcc, skb); 200 vcc->pop(vcc, skb);
201 else 201 else
202 dev_kfree_skb(skb); 202 dev_kfree_skb_any(skb);
203} 203}
204 204
205 205
@@ -234,8 +234,9 @@ static int usbatm_submit_urb(struct urb *urb)
234 234
235 ret = usb_submit_urb(urb, GFP_ATOMIC); 235 ret = usb_submit_urb(urb, GFP_ATOMIC);
236 if (ret) { 236 if (ret) {
237 atm_dbg(channel->usbatm, "%s: urb 0x%p submission failed (%d)!\n", 237 if (printk_ratelimit())
238 __func__, urb, ret); 238 atm_warn(channel->usbatm, "%s: urb 0x%p submission failed (%d)!\n",
239 __func__, urb, ret);
239 240
240 /* consider all errors transient and return the buffer back to the queue */ 241 /* consider all errors transient and return the buffer back to the queue */
241 urb->status = -EAGAIN; 242 urb->status = -EAGAIN;
@@ -269,10 +270,16 @@ static void usbatm_complete(struct urb *urb, struct pt_regs *regs)
269 270
270 spin_unlock_irqrestore(&channel->lock, flags); 271 spin_unlock_irqrestore(&channel->lock, flags);
271 272
272 if (unlikely(urb->status)) 273 if (unlikely(urb->status) &&
274 (!(channel->usbatm->flags & UDSL_IGNORE_EILSEQ) ||
275 urb->status != -EILSEQ ))
276 {
277 if (printk_ratelimit())
278 atm_warn(channel->usbatm, "%s: urb 0x%p failed (%d)!\n",
279 __func__, urb, urb->status);
273 /* throttle processing in case of an error */ 280 /* throttle processing in case of an error */
274 mod_timer(&channel->delay, jiffies + msecs_to_jiffies(THROTTLE_MSECS)); 281 mod_timer(&channel->delay, jiffies + msecs_to_jiffies(THROTTLE_MSECS));
275 else 282 } else
276 tasklet_schedule(&channel->tasklet); 283 tasklet_schedule(&channel->tasklet);
277} 284}
278 285
@@ -284,129 +291,167 @@ static void usbatm_complete(struct urb *urb, struct pt_regs *regs)
284static inline struct usbatm_vcc_data *usbatm_find_vcc(struct usbatm_data *instance, 291static inline struct usbatm_vcc_data *usbatm_find_vcc(struct usbatm_data *instance,
285 short vpi, int vci) 292 short vpi, int vci)
286{ 293{
287 struct usbatm_vcc_data *vcc; 294 struct usbatm_vcc_data *vcc_data;
288 295
289 list_for_each_entry(vcc, &instance->vcc_list, list) 296 list_for_each_entry(vcc_data, &instance->vcc_list, list)
290 if ((vcc->vci == vci) && (vcc->vpi == vpi)) 297 if ((vcc_data->vci == vci) && (vcc_data->vpi == vpi))
291 return vcc; 298 return vcc_data;
292 return NULL; 299 return NULL;
293} 300}
294 301
295static void usbatm_extract_cells(struct usbatm_data *instance, 302static void usbatm_extract_one_cell(struct usbatm_data *instance, unsigned char *source)
296 unsigned char *source, unsigned int avail_data)
297{ 303{
298 struct usbatm_vcc_data *cached_vcc = NULL;
299 struct atm_vcc *vcc; 304 struct atm_vcc *vcc;
300 struct sk_buff *sarb; 305 struct sk_buff *sarb;
301 unsigned int stride = instance->rx_channel.stride; 306 short vpi = ((source[0] & 0x0f) << 4) | (source[1] >> 4);
302 int vci, cached_vci = 0; 307 int vci = ((source[1] & 0x0f) << 12) | (source[2] << 4) | (source[3] >> 4);
303 short vpi, cached_vpi = 0; 308 u8 pti = ((source[3] & 0xe) >> 1);
304 u8 pti;
305 309
306 for (; avail_data >= stride; avail_data -= stride, source += stride) { 310 vdbg("%s: vpi %hd, vci %d, pti %d", __func__, vpi, vci, pti);
307 vpi = ((source[0] & 0x0f) << 4) | (source[1] >> 4);
308 vci = ((source[1] & 0x0f) << 12) | (source[2] << 4) | (source[3] >> 4);
309 pti = ((source[3] & 0xe) >> 1);
310 311
311 vdbg("%s: vpi %hd, vci %d, pti %d", __func__, vpi, vci, pti); 312 if ((vci != instance->cached_vci) || (vpi != instance->cached_vpi)) {
313 instance->cached_vpi = vpi;
314 instance->cached_vci = vci;
312 315
313 if ((vci != cached_vci) || (vpi != cached_vpi)) { 316 instance->cached_vcc = usbatm_find_vcc(instance, vpi, vci);
314 cached_vpi = vpi;
315 cached_vci = vci;
316 317
317 cached_vcc = usbatm_find_vcc(instance, vpi, vci); 318 if (!instance->cached_vcc)
319 atm_rldbg(instance, "%s: unknown vpi/vci (%hd/%d)!\n", __func__, vpi, vci);
320 }
318 321
319 if (!cached_vcc) 322 if (!instance->cached_vcc)
320 atm_dbg(instance, "%s: unknown vpi/vci (%hd/%d)!\n", __func__, vpi, vci); 323 return;
321 }
322 324
323 if (!cached_vcc) 325 vcc = instance->cached_vcc->vcc;
324 continue;
325 326
326 vcc = cached_vcc->vcc; 327 /* OAM F5 end-to-end */
328 if (pti == ATM_PTI_E2EF5) {
329 if (printk_ratelimit())
330 atm_warn(instance, "%s: OAM not supported (vpi %d, vci %d)!\n",
331 __func__, vpi, vci);
332 atomic_inc(&vcc->stats->rx_err);
333 return;
334 }
327 335
328 /* OAM F5 end-to-end */ 336 sarb = instance->cached_vcc->sarb;
329 if (pti == ATM_PTI_E2EF5) {
330 atm_warn(instance, "%s: OAM not supported (vpi %d, vci %d)!\n", __func__, vpi, vci);
331 atomic_inc(&vcc->stats->rx_err);
332 continue;
333 }
334 337
335 sarb = cached_vcc->sarb; 338 if (sarb->tail + ATM_CELL_PAYLOAD > sarb->end) {
339 atm_rldbg(instance, "%s: buffer overrun (sarb->len %u, vcc: 0x%p)!\n",
340 __func__, sarb->len, vcc);
341 /* discard cells already received */
342 skb_trim(sarb, 0);
343 UDSL_ASSERT(sarb->tail + ATM_CELL_PAYLOAD <= sarb->end);
344 }
336 345
337 if (sarb->tail + ATM_CELL_PAYLOAD > sarb->end) { 346 memcpy(sarb->tail, source + ATM_CELL_HEADER, ATM_CELL_PAYLOAD);
338 atm_dbg(instance, "%s: buffer overrun (sarb->len %u, vcc: 0x%p)!\n", 347 __skb_put(sarb, ATM_CELL_PAYLOAD);
339 __func__, sarb->len, vcc);
340 /* discard cells already received */
341 skb_trim(sarb, 0);
342 UDSL_ASSERT(sarb->tail + ATM_CELL_PAYLOAD <= sarb->end);
343 }
344 348
345 memcpy(sarb->tail, source + ATM_CELL_HEADER, ATM_CELL_PAYLOAD); 349 if (pti & 1) {
346 __skb_put(sarb, ATM_CELL_PAYLOAD); 350 struct sk_buff *skb;
351 unsigned int length;
352 unsigned int pdu_length;
347 353
348 if (pti & 1) { 354 length = (source[ATM_CELL_SIZE - 6] << 8) + source[ATM_CELL_SIZE - 5];
349 struct sk_buff *skb;
350 unsigned int length;
351 unsigned int pdu_length;
352 355
353 length = (source[ATM_CELL_SIZE - 6] << 8) + source[ATM_CELL_SIZE - 5]; 356 /* guard against overflow */
357 if (length > ATM_MAX_AAL5_PDU) {
358 atm_rldbg(instance, "%s: bogus length %u (vcc: 0x%p)!\n",
359 __func__, length, vcc);
360 atomic_inc(&vcc->stats->rx_err);
361 goto out;
362 }
354 363
355 /* guard against overflow */ 364 pdu_length = usbatm_pdu_length(length);
356 if (length > ATM_MAX_AAL5_PDU) {
357 atm_dbg(instance, "%s: bogus length %u (vcc: 0x%p)!\n",
358 __func__, length, vcc);
359 atomic_inc(&vcc->stats->rx_err);
360 goto out;
361 }
362 365
363 pdu_length = usbatm_pdu_length(length); 366 if (sarb->len < pdu_length) {
367 atm_rldbg(instance, "%s: bogus pdu_length %u (sarb->len: %u, vcc: 0x%p)!\n",
368 __func__, pdu_length, sarb->len, vcc);
369 atomic_inc(&vcc->stats->rx_err);
370 goto out;
371 }
364 372
365 if (sarb->len < pdu_length) { 373 if (crc32_be(~0, sarb->tail - pdu_length, pdu_length) != 0xc704dd7b) {
366 atm_dbg(instance, "%s: bogus pdu_length %u (sarb->len: %u, vcc: 0x%p)!\n", 374 atm_rldbg(instance, "%s: packet failed crc check (vcc: 0x%p)!\n",
367 __func__, pdu_length, sarb->len, vcc); 375 __func__, vcc);
368 atomic_inc(&vcc->stats->rx_err); 376 atomic_inc(&vcc->stats->rx_err);
369 goto out; 377 goto out;
370 } 378 }
371 379
372 if (crc32_be(~0, sarb->tail - pdu_length, pdu_length) != 0xc704dd7b) { 380 vdbg("%s: got packet (length: %u, pdu_length: %u, vcc: 0x%p)", __func__, length, pdu_length, vcc);
373 atm_dbg(instance, "%s: packet failed crc check (vcc: 0x%p)!\n",
374 __func__, vcc);
375 atomic_inc(&vcc->stats->rx_err);
376 goto out;
377 }
378 381
379 vdbg("%s: got packet (length: %u, pdu_length: %u, vcc: 0x%p)", __func__, length, pdu_length, vcc); 382 if (!(skb = dev_alloc_skb(length))) {
383 if (printk_ratelimit())
384 atm_err(instance, "%s: no memory for skb (length: %u)!\n",
385 __func__, length);
386 atomic_inc(&vcc->stats->rx_drop);
387 goto out;
388 }
380 389
381 if (!(skb = dev_alloc_skb(length))) { 390 vdbg("%s: allocated new sk_buff (skb: 0x%p, skb->truesize: %u)", __func__, skb, skb->truesize);
382 atm_dbg(instance, "%s: no memory for skb (length: %u)!\n", __func__, length);
383 atomic_inc(&vcc->stats->rx_drop);
384 goto out;
385 }
386 391
387 vdbg("%s: allocated new sk_buff (skb: 0x%p, skb->truesize: %u)", __func__, skb, skb->truesize); 392 if (!atm_charge(vcc, skb->truesize)) {
393 atm_rldbg(instance, "%s: failed atm_charge (skb->truesize: %u)!\n",
394 __func__, skb->truesize);
395 dev_kfree_skb_any(skb);
396 goto out; /* atm_charge increments rx_drop */
397 }
388 398
389 if (!atm_charge(vcc, skb->truesize)) { 399 memcpy(skb->data, sarb->tail - pdu_length, length);
390 atm_dbg(instance, "%s: failed atm_charge (skb->truesize: %u)!\n", __func__, skb->truesize); 400 __skb_put(skb, length);
391 dev_kfree_skb(skb);
392 goto out; /* atm_charge increments rx_drop */
393 }
394 401
395 memcpy(skb->data, sarb->tail - pdu_length, length); 402 vdbg("%s: sending skb 0x%p, skb->len %u, skb->truesize %u",
396 __skb_put(skb, length); 403 __func__, skb, skb->len, skb->truesize);
397 404
398 vdbg("%s: sending skb 0x%p, skb->len %u, skb->truesize %u", 405 PACKETDEBUG(skb->data, skb->len);
399 __func__, skb, skb->len, skb->truesize);
400 406
401 PACKETDEBUG(skb->data, skb->len); 407 vcc->push(vcc, skb);
402 408
403 vcc->push(vcc, skb); 409 atomic_inc(&vcc->stats->rx);
410 out:
411 skb_trim(sarb, 0);
412 }
413}
404 414
405 atomic_inc(&vcc->stats->rx); 415static void usbatm_extract_cells(struct usbatm_data *instance,
406 out: 416 unsigned char *source, unsigned int avail_data)
407 skb_trim(sarb, 0); 417{
418 unsigned int stride = instance->rx_channel.stride;
419 unsigned int buf_usage = instance->buf_usage;
420
421 /* extract cells from incoming data, taking into account that
422 * the length of avail data may not be a multiple of stride */
423
424 if (buf_usage > 0) {
425 /* we have a partially received atm cell */
426 unsigned char *cell_buf = instance->cell_buf;
427 unsigned int space_left = stride - buf_usage;
428
429 UDSL_ASSERT(buf_usage <= stride);
430
431 if (avail_data >= space_left) {
432 /* add new data and process cell */
433 memcpy(cell_buf + buf_usage, source, space_left);
434 source += space_left;
435 avail_data -= space_left;
436 usbatm_extract_one_cell(instance, cell_buf);
437 instance->buf_usage = 0;
438 } else {
439 /* not enough data to fill the cell */
440 memcpy(cell_buf + buf_usage, source, avail_data);
441 instance->buf_usage = buf_usage + avail_data;
442 return;
408 } 443 }
409 } 444 }
445
446 for (; avail_data >= stride; avail_data -= stride, source += stride)
447 usbatm_extract_one_cell(instance, source);
448
449 if (avail_data > 0) {
450 /* length was not a multiple of stride -
451 * save remaining data for next call */
452 memcpy(instance->cell_buf, source, avail_data);
453 instance->buf_usage = avail_data;
454 }
410} 455}
411 456
412 457
@@ -420,14 +465,14 @@ static unsigned int usbatm_write_cells(struct usbatm_data *instance,
420{ 465{
421 struct usbatm_control *ctrl = UDSL_SKB(skb); 466 struct usbatm_control *ctrl = UDSL_SKB(skb);
422 struct atm_vcc *vcc = ctrl->atm.vcc; 467 struct atm_vcc *vcc = ctrl->atm.vcc;
423 unsigned int num_written; 468 unsigned int bytes_written;
424 unsigned int stride = instance->tx_channel.stride; 469 unsigned int stride = instance->tx_channel.stride;
425 470
426 vdbg("%s: skb->len=%d, avail_space=%u", __func__, skb->len, avail_space); 471 vdbg("%s: skb->len=%d, avail_space=%u", __func__, skb->len, avail_space);
427 UDSL_ASSERT(!(avail_space % stride)); 472 UDSL_ASSERT(!(avail_space % stride));
428 473
429 for (num_written = 0; num_written < avail_space && ctrl->len; 474 for (bytes_written = 0; bytes_written < avail_space && ctrl->len;
430 num_written += stride, target += stride) { 475 bytes_written += stride, target += stride) {
431 unsigned int data_len = min_t(unsigned int, skb->len, ATM_CELL_PAYLOAD); 476 unsigned int data_len = min_t(unsigned int, skb->len, ATM_CELL_PAYLOAD);
432 unsigned int left = ATM_CELL_PAYLOAD - data_len; 477 unsigned int left = ATM_CELL_PAYLOAD - data_len;
433 u8 *ptr = target; 478 u8 *ptr = target;
@@ -470,7 +515,7 @@ static unsigned int usbatm_write_cells(struct usbatm_data *instance,
470 ctrl->crc = crc32_be(ctrl->crc, ptr, left); 515 ctrl->crc = crc32_be(ctrl->crc, ptr, left);
471 } 516 }
472 517
473 return num_written; 518 return bytes_written;
474} 519}
475 520
476 521
@@ -487,16 +532,40 @@ static void usbatm_rx_process(unsigned long data)
487 vdbg("%s: processing urb 0x%p", __func__, urb); 532 vdbg("%s: processing urb 0x%p", __func__, urb);
488 533
489 if (usb_pipeisoc(urb->pipe)) { 534 if (usb_pipeisoc(urb->pipe)) {
535 unsigned char *merge_start = NULL;
536 unsigned int merge_length = 0;
537 const unsigned int packet_size = instance->rx_channel.packet_size;
490 int i; 538 int i;
491 for (i = 0; i < urb->number_of_packets; i++) 539
492 if (!urb->iso_frame_desc[i].status) 540 for (i = 0; i < urb->number_of_packets; i++) {
493 usbatm_extract_cells(instance, 541 if (!urb->iso_frame_desc[i].status) {
494 (u8 *)urb->transfer_buffer + urb->iso_frame_desc[i].offset, 542 unsigned int actual_length = urb->iso_frame_desc[i].actual_length;
495 urb->iso_frame_desc[i].actual_length); 543
496 } 544 UDSL_ASSERT(actual_length <= packet_size);
497 else 545
546 if (!merge_length)
547 merge_start = (unsigned char *)urb->transfer_buffer + urb->iso_frame_desc[i].offset;
548 merge_length += actual_length;
549 if (merge_length && (actual_length < packet_size)) {
550 usbatm_extract_cells(instance, merge_start, merge_length);
551 merge_length = 0;
552 }
553 } else {
554 atm_rldbg(instance, "%s: status %d in frame %d!\n", __func__, urb->status, i);
555 if (merge_length)
556 usbatm_extract_cells(instance, merge_start, merge_length);
557 merge_length = 0;
558 instance->buf_usage = 0;
559 }
560 }
561
562 if (merge_length)
563 usbatm_extract_cells(instance, merge_start, merge_length);
564 } else
498 if (!urb->status) 565 if (!urb->status)
499 usbatm_extract_cells(instance, urb->transfer_buffer, urb->actual_length); 566 usbatm_extract_cells(instance, urb->transfer_buffer, urb->actual_length);
567 else
568 instance->buf_usage = 0;
500 569
501 if (usbatm_submit_urb(urb)) 570 if (usbatm_submit_urb(urb))
502 return; 571 return;
@@ -514,7 +583,7 @@ static void usbatm_tx_process(unsigned long data)
514 struct sk_buff *skb = instance->current_skb; 583 struct sk_buff *skb = instance->current_skb;
515 struct urb *urb = NULL; 584 struct urb *urb = NULL;
516 const unsigned int buf_size = instance->tx_channel.buf_size; 585 const unsigned int buf_size = instance->tx_channel.buf_size;
517 unsigned int num_written = 0; 586 unsigned int bytes_written = 0;
518 u8 *buffer = NULL; 587 u8 *buffer = NULL;
519 588
520 if (!skb) 589 if (!skb)
@@ -526,16 +595,16 @@ static void usbatm_tx_process(unsigned long data)
526 if (!urb) 595 if (!urb)
527 break; /* no more senders */ 596 break; /* no more senders */
528 buffer = urb->transfer_buffer; 597 buffer = urb->transfer_buffer;
529 num_written = (urb->status == -EAGAIN) ? 598 bytes_written = (urb->status == -EAGAIN) ?
530 urb->transfer_buffer_length : 0; 599 urb->transfer_buffer_length : 0;
531 } 600 }
532 601
533 num_written += usbatm_write_cells(instance, skb, 602 bytes_written += usbatm_write_cells(instance, skb,
534 buffer + num_written, 603 buffer + bytes_written,
535 buf_size - num_written); 604 buf_size - bytes_written);
536 605
537 vdbg("%s: wrote %u bytes from skb 0x%p to urb 0x%p", 606 vdbg("%s: wrote %u bytes from skb 0x%p to urb 0x%p",
538 __func__, num_written, skb, urb); 607 __func__, bytes_written, skb, urb);
539 608
540 if (!UDSL_SKB(skb)->len) { 609 if (!UDSL_SKB(skb)->len) {
541 struct atm_vcc *vcc = UDSL_SKB(skb)->atm.vcc; 610 struct atm_vcc *vcc = UDSL_SKB(skb)->atm.vcc;
@@ -546,8 +615,8 @@ static void usbatm_tx_process(unsigned long data)
546 skb = skb_dequeue(&instance->sndqueue); 615 skb = skb_dequeue(&instance->sndqueue);
547 } 616 }
548 617
549 if (num_written == buf_size || (!skb && num_written)) { 618 if (bytes_written == buf_size || (!skb && bytes_written)) {
550 urb->transfer_buffer_length = num_written; 619 urb->transfer_buffer_length = bytes_written;
551 620
552 if (usbatm_submit_urb(urb)) 621 if (usbatm_submit_urb(urb))
553 break; 622 break;
@@ -593,20 +662,24 @@ static int usbatm_atm_send(struct atm_vcc *vcc, struct sk_buff *skb)
593 662
594 vdbg("%s called (skb 0x%p, len %u)", __func__, skb, skb->len); 663 vdbg("%s called (skb 0x%p, len %u)", __func__, skb, skb->len);
595 664
596 if (!instance) { 665 /* racy disconnection check - fine */
597 dbg("%s: NULL data!", __func__); 666 if (!instance || instance->disconnected) {
667#ifdef DEBUG
668 if (printk_ratelimit())
669 printk(KERN_DEBUG "%s: %s!\n", __func__, instance ? "disconnected" : "NULL instance");
670#endif
598 err = -ENODEV; 671 err = -ENODEV;
599 goto fail; 672 goto fail;
600 } 673 }
601 674
602 if (vcc->qos.aal != ATM_AAL5) { 675 if (vcc->qos.aal != ATM_AAL5) {
603 atm_dbg(instance, "%s: unsupported ATM type %d!\n", __func__, vcc->qos.aal); 676 atm_rldbg(instance, "%s: unsupported ATM type %d!\n", __func__, vcc->qos.aal);
604 err = -EINVAL; 677 err = -EINVAL;
605 goto fail; 678 goto fail;
606 } 679 }
607 680
608 if (skb->len > ATM_MAX_AAL5_PDU) { 681 if (skb->len > ATM_MAX_AAL5_PDU) {
609 atm_dbg(instance, "%s: packet too long (%d vs %d)!\n", 682 atm_rldbg(instance, "%s: packet too long (%d vs %d)!\n",
610 __func__, skb->len, ATM_MAX_AAL5_PDU); 683 __func__, skb->len, ATM_MAX_AAL5_PDU);
611 err = -EINVAL; 684 err = -EINVAL;
612 goto fail; 685 goto fail;
@@ -665,16 +738,16 @@ static void usbatm_put_instance(struct usbatm_data *instance)
665** ATM ** 738** ATM **
666**********/ 739**********/
667 740
668static void usbatm_atm_dev_close(struct atm_dev *dev) 741static void usbatm_atm_dev_close(struct atm_dev *atm_dev)
669{ 742{
670 struct usbatm_data *instance = dev->dev_data; 743 struct usbatm_data *instance = atm_dev->dev_data;
671 744
672 dbg("%s", __func__); 745 dbg("%s", __func__);
673 746
674 if (!instance) 747 if (!instance)
675 return; 748 return;
676 749
677 dev->dev_data = NULL; 750 atm_dev->dev_data = NULL; /* catch bugs */
678 usbatm_put_instance(instance); /* taken in usbatm_atm_init */ 751 usbatm_put_instance(instance); /* taken in usbatm_atm_init */
679} 752}
680 753
@@ -706,15 +779,19 @@ static int usbatm_atm_proc_read(struct atm_dev *atm_dev, loff_t * pos, char *pag
706 atomic_read(&atm_dev->stats.aal5.rx_err), 779 atomic_read(&atm_dev->stats.aal5.rx_err),
707 atomic_read(&atm_dev->stats.aal5.rx_drop)); 780 atomic_read(&atm_dev->stats.aal5.rx_drop));
708 781
709 if (!left--) 782 if (!left--) {
710 switch (atm_dev->signal) { 783 if (instance->disconnected)
711 case ATM_PHY_SIG_FOUND: 784 return sprintf(page, "Disconnected\n");
712 return sprintf(page, "Line up\n"); 785 else
713 case ATM_PHY_SIG_LOST: 786 switch (atm_dev->signal) {
714 return sprintf(page, "Line down\n"); 787 case ATM_PHY_SIG_FOUND:
715 default: 788 return sprintf(page, "Line up\n");
716 return sprintf(page, "Line state unknown\n"); 789 case ATM_PHY_SIG_LOST:
717 } 790 return sprintf(page, "Line down\n");
791 default:
792 return sprintf(page, "Line state unknown\n");
793 }
794 }
718 795
719 return 0; 796 return 0;
720} 797}
@@ -735,13 +812,24 @@ static int usbatm_atm_open(struct atm_vcc *vcc)
735 atm_dbg(instance, "%s: vpi %hd, vci %d\n", __func__, vpi, vci); 812 atm_dbg(instance, "%s: vpi %hd, vci %d\n", __func__, vpi, vci);
736 813
737 /* only support AAL5 */ 814 /* only support AAL5 */
738 if ((vcc->qos.aal != ATM_AAL5) || (vcc->qos.rxtp.max_sdu < 0) 815 if ((vcc->qos.aal != ATM_AAL5)) {
739 || (vcc->qos.rxtp.max_sdu > ATM_MAX_AAL5_PDU)) { 816 atm_warn(instance, "%s: unsupported ATM type %d!\n", __func__, vcc->qos.aal);
740 atm_dbg(instance, "%s: unsupported ATM type %d!\n", __func__, vcc->qos.aal); 817 return -EINVAL;
818 }
819
820 /* sanity checks */
821 if ((vcc->qos.rxtp.max_sdu < 0) || (vcc->qos.rxtp.max_sdu > ATM_MAX_AAL5_PDU)) {
822 atm_dbg(instance, "%s: max_sdu %d out of range!\n", __func__, vcc->qos.rxtp.max_sdu);
741 return -EINVAL; 823 return -EINVAL;
742 } 824 }
743 825
744 down(&instance->serialize); /* vs self, usbatm_atm_close */ 826 mutex_lock(&instance->serialize); /* vs self, usbatm_atm_close, usbatm_usb_disconnect */
827
828 if (instance->disconnected) {
829 atm_dbg(instance, "%s: disconnected!\n", __func__);
830 ret = -ENODEV;
831 goto fail;
832 }
745 833
746 if (usbatm_find_vcc(instance, vpi, vci)) { 834 if (usbatm_find_vcc(instance, vpi, vci)) {
747 atm_dbg(instance, "%s: %hd/%d already in use!\n", __func__, vpi, vci); 835 atm_dbg(instance, "%s: %hd/%d already in use!\n", __func__, vpi, vci);
@@ -749,20 +837,19 @@ static int usbatm_atm_open(struct atm_vcc *vcc)
749 goto fail; 837 goto fail;
750 } 838 }
751 839
752 if (!(new = kmalloc(sizeof(struct usbatm_vcc_data), GFP_KERNEL))) { 840 if (!(new = kzalloc(sizeof(struct usbatm_vcc_data), GFP_KERNEL))) {
753 atm_dbg(instance, "%s: no memory for vcc_data!\n", __func__); 841 atm_err(instance, "%s: no memory for vcc_data!\n", __func__);
754 ret = -ENOMEM; 842 ret = -ENOMEM;
755 goto fail; 843 goto fail;
756 } 844 }
757 845
758 memset(new, 0, sizeof(struct usbatm_vcc_data));
759 new->vcc = vcc; 846 new->vcc = vcc;
760 new->vpi = vpi; 847 new->vpi = vpi;
761 new->vci = vci; 848 new->vci = vci;
762 849
763 new->sarb = alloc_skb(usbatm_pdu_length(vcc->qos.rxtp.max_sdu), GFP_KERNEL); 850 new->sarb = alloc_skb(usbatm_pdu_length(vcc->qos.rxtp.max_sdu), GFP_KERNEL);
764 if (!new->sarb) { 851 if (!new->sarb) {
765 atm_dbg(instance, "%s: no memory for SAR buffer!\n", __func__); 852 atm_err(instance, "%s: no memory for SAR buffer!\n", __func__);
766 ret = -ENOMEM; 853 ret = -ENOMEM;
767 goto fail; 854 goto fail;
768 } 855 }
@@ -770,6 +857,9 @@ static int usbatm_atm_open(struct atm_vcc *vcc)
770 vcc->dev_data = new; 857 vcc->dev_data = new;
771 858
772 tasklet_disable(&instance->rx_channel.tasklet); 859 tasklet_disable(&instance->rx_channel.tasklet);
860 instance->cached_vcc = new;
861 instance->cached_vpi = vpi;
862 instance->cached_vci = vci;
773 list_add(&new->list, &instance->vcc_list); 863 list_add(&new->list, &instance->vcc_list);
774 tasklet_enable(&instance->rx_channel.tasklet); 864 tasklet_enable(&instance->rx_channel.tasklet);
775 865
@@ -777,7 +867,7 @@ static int usbatm_atm_open(struct atm_vcc *vcc)
777 set_bit(ATM_VF_PARTIAL, &vcc->flags); 867 set_bit(ATM_VF_PARTIAL, &vcc->flags);
778 set_bit(ATM_VF_READY, &vcc->flags); 868 set_bit(ATM_VF_READY, &vcc->flags);
779 869
780 up(&instance->serialize); 870 mutex_unlock(&instance->serialize);
781 871
782 atm_dbg(instance, "%s: allocated vcc data 0x%p\n", __func__, new); 872 atm_dbg(instance, "%s: allocated vcc data 0x%p\n", __func__, new);
783 873
@@ -785,7 +875,7 @@ static int usbatm_atm_open(struct atm_vcc *vcc)
785 875
786fail: 876fail:
787 kfree(new); 877 kfree(new);
788 up(&instance->serialize); 878 mutex_unlock(&instance->serialize);
789 return ret; 879 return ret;
790} 880}
791 881
@@ -806,9 +896,14 @@ static void usbatm_atm_close(struct atm_vcc *vcc)
806 896
807 usbatm_cancel_send(instance, vcc); 897 usbatm_cancel_send(instance, vcc);
808 898
809 down(&instance->serialize); /* vs self, usbatm_atm_open */ 899 mutex_lock(&instance->serialize); /* vs self, usbatm_atm_open, usbatm_usb_disconnect */
810 900
811 tasklet_disable(&instance->rx_channel.tasklet); 901 tasklet_disable(&instance->rx_channel.tasklet);
902 if (instance->cached_vcc == vcc_data) {
903 instance->cached_vcc = NULL;
904 instance->cached_vpi = ATM_VPI_UNSPEC;
905 instance->cached_vci = ATM_VCI_UNSPEC;
906 }
812 list_del(&vcc_data->list); 907 list_del(&vcc_data->list);
813 tasklet_enable(&instance->rx_channel.tasklet); 908 tasklet_enable(&instance->rx_channel.tasklet);
814 909
@@ -824,14 +919,21 @@ static void usbatm_atm_close(struct atm_vcc *vcc)
824 clear_bit(ATM_VF_PARTIAL, &vcc->flags); 919 clear_bit(ATM_VF_PARTIAL, &vcc->flags);
825 clear_bit(ATM_VF_ADDR, &vcc->flags); 920 clear_bit(ATM_VF_ADDR, &vcc->flags);
826 921
827 up(&instance->serialize); 922 mutex_unlock(&instance->serialize);
828 923
829 atm_dbg(instance, "%s successful\n", __func__); 924 atm_dbg(instance, "%s successful\n", __func__);
830} 925}
831 926
832static int usbatm_atm_ioctl(struct atm_dev *dev, unsigned int cmd, 927static int usbatm_atm_ioctl(struct atm_dev *atm_dev, unsigned int cmd,
833 void __user * arg) 928 void __user * arg)
834{ 929{
930 struct usbatm_data *instance = atm_dev->dev_data;
931
932 if (!instance || instance->disconnected) {
933 dbg("%s: %s!", __func__, instance ? "disconnected" : "NULL instance");
934 return -ENODEV;
935 }
936
835 switch (cmd) { 937 switch (cmd) {
836 case ATM_QUERYLOOP: 938 case ATM_QUERYLOOP:
837 return put_user(ATM_LM_NONE, (int __user *)arg) ? -EFAULT : 0; 939 return put_user(ATM_LM_NONE, (int __user *)arg) ? -EFAULT : 0;
@@ -845,10 +947,13 @@ static int usbatm_atm_init(struct usbatm_data *instance)
845 struct atm_dev *atm_dev; 947 struct atm_dev *atm_dev;
846 int ret, i; 948 int ret, i;
847 949
848 /* ATM init */ 950 /* ATM init. The ATM initialization scheme suffers from an intrinsic race
951 * condition: callbacks we register can be executed at once, before we have
952 * initialized the struct atm_dev. To protect against this, all callbacks
953 * abort if atm_dev->dev_data is NULL. */
849 atm_dev = atm_dev_register(instance->driver_name, &usbatm_atm_devops, -1, NULL); 954 atm_dev = atm_dev_register(instance->driver_name, &usbatm_atm_devops, -1, NULL);
850 if (!atm_dev) { 955 if (!atm_dev) {
851 usb_dbg(instance, "%s: failed to register ATM device!\n", __func__); 956 usb_err(instance, "%s: failed to register ATM device!\n", __func__);
852 return -1; 957 return -1;
853 } 958 }
854 959
@@ -862,12 +967,13 @@ static int usbatm_atm_init(struct usbatm_data *instance)
862 atm_dev->link_rate = 128 * 1000 / 424; 967 atm_dev->link_rate = 128 * 1000 / 424;
863 968
864 if (instance->driver->atm_start && ((ret = instance->driver->atm_start(instance, atm_dev)) < 0)) { 969 if (instance->driver->atm_start && ((ret = instance->driver->atm_start(instance, atm_dev)) < 0)) {
865 atm_dbg(instance, "%s: atm_start failed: %d!\n", __func__, ret); 970 atm_err(instance, "%s: atm_start failed: %d!\n", __func__, ret);
866 goto fail; 971 goto fail;
867 } 972 }
868 973
869 /* ready for ATM callbacks */
870 usbatm_get_instance(instance); /* dropped in usbatm_atm_dev_close */ 974 usbatm_get_instance(instance); /* dropped in usbatm_atm_dev_close */
975
976 /* ready for ATM callbacks */
871 mb(); 977 mb();
872 atm_dev->dev_data = instance; 978 atm_dev->dev_data = instance;
873 979
@@ -903,9 +1009,9 @@ static int usbatm_do_heavy_init(void *arg)
903 if (!ret) 1009 if (!ret)
904 ret = usbatm_atm_init(instance); 1010 ret = usbatm_atm_init(instance);
905 1011
906 down(&instance->serialize); 1012 mutex_lock(&instance->serialize);
907 instance->thread_pid = -1; 1013 instance->thread_pid = -1;
908 up(&instance->serialize); 1014 mutex_unlock(&instance->serialize);
909 1015
910 complete_and_exit(&instance->thread_exited, ret); 1016 complete_and_exit(&instance->thread_exited, ret);
911} 1017}
@@ -915,13 +1021,13 @@ static int usbatm_heavy_init(struct usbatm_data *instance)
915 int ret = kernel_thread(usbatm_do_heavy_init, instance, CLONE_KERNEL); 1021 int ret = kernel_thread(usbatm_do_heavy_init, instance, CLONE_KERNEL);
916 1022
917 if (ret < 0) { 1023 if (ret < 0) {
918 usb_dbg(instance, "%s: failed to create kernel_thread (%d)!\n", __func__, ret); 1024 usb_err(instance, "%s: failed to create kernel_thread (%d)!\n", __func__, ret);
919 return ret; 1025 return ret;
920 } 1026 }
921 1027
922 down(&instance->serialize); 1028 mutex_lock(&instance->serialize);
923 instance->thread_pid = ret; 1029 instance->thread_pid = ret;
924 up(&instance->serialize); 1030 mutex_unlock(&instance->serialize);
925 1031
926 wait_for_completion(&instance->thread_started); 1032 wait_for_completion(&instance->thread_started);
927 1033
@@ -951,9 +1057,9 @@ int usbatm_usb_probe(struct usb_interface *intf, const struct usb_device_id *id,
951 char *buf; 1057 char *buf;
952 int error = -ENOMEM; 1058 int error = -ENOMEM;
953 int i, length; 1059 int i, length;
954 int need_heavy; 1060 unsigned int maxpacket, num_packets;
955 1061
956 dev_dbg(dev, "%s: trying driver %s with vendor=0x%x, product=0x%x, ifnum %d\n", 1062 dev_dbg(dev, "%s: trying driver %s with vendor=%04x, product=%04x, ifnum %2d\n",
957 __func__, driver->driver_name, 1063 __func__, driver->driver_name,
958 le16_to_cpu(usb_dev->descriptor.idVendor), 1064 le16_to_cpu(usb_dev->descriptor.idVendor),
959 le16_to_cpu(usb_dev->descriptor.idProduct), 1065 le16_to_cpu(usb_dev->descriptor.idProduct),
@@ -962,7 +1068,7 @@ int usbatm_usb_probe(struct usb_interface *intf, const struct usb_device_id *id,
962 /* instance init */ 1068 /* instance init */
963 instance = kzalloc(sizeof(*instance) + sizeof(struct urb *) * (num_rcv_urbs + num_snd_urbs), GFP_KERNEL); 1069 instance = kzalloc(sizeof(*instance) + sizeof(struct urb *) * (num_rcv_urbs + num_snd_urbs), GFP_KERNEL);
964 if (!instance) { 1070 if (!instance) {
965 dev_dbg(dev, "%s: no memory for instance data!\n", __func__); 1071 dev_err(dev, "%s: no memory for instance data!\n", __func__);
966 return -ENOMEM; 1072 return -ENOMEM;
967 } 1073 }
968 1074
@@ -996,66 +1102,96 @@ int usbatm_usb_probe(struct usb_interface *intf, const struct usb_device_id *id,
996 snprintf(buf, length, ")"); 1102 snprintf(buf, length, ")");
997 1103
998 bind: 1104 bind:
999 need_heavy = 1; 1105 if (driver->bind && (error = driver->bind(instance, intf, id)) < 0) {
1000 if (driver->bind && (error = driver->bind(instance, intf, id, &need_heavy)) < 0) { 1106 dev_err(dev, "%s: bind failed: %d!\n", __func__, error);
1001 dev_dbg(dev, "%s: bind failed: %d!\n", __func__, error);
1002 goto fail_free; 1107 goto fail_free;
1003 } 1108 }
1004 1109
1005 /* private fields */ 1110 /* private fields */
1006 1111
1007 kref_init(&instance->refcount); /* dropped in usbatm_usb_disconnect */ 1112 kref_init(&instance->refcount); /* dropped in usbatm_usb_disconnect */
1008 init_MUTEX(&instance->serialize); 1113 mutex_init(&instance->serialize);
1009 1114
1010 instance->thread_pid = -1; 1115 instance->thread_pid = -1;
1011 init_completion(&instance->thread_started); 1116 init_completion(&instance->thread_started);
1012 init_completion(&instance->thread_exited); 1117 init_completion(&instance->thread_exited);
1013 1118
1014 INIT_LIST_HEAD(&instance->vcc_list); 1119 INIT_LIST_HEAD(&instance->vcc_list);
1120 skb_queue_head_init(&instance->sndqueue);
1015 1121
1016 usbatm_init_channel(&instance->rx_channel); 1122 usbatm_init_channel(&instance->rx_channel);
1017 usbatm_init_channel(&instance->tx_channel); 1123 usbatm_init_channel(&instance->tx_channel);
1018 tasklet_init(&instance->rx_channel.tasklet, usbatm_rx_process, (unsigned long)instance); 1124 tasklet_init(&instance->rx_channel.tasklet, usbatm_rx_process, (unsigned long)instance);
1019 tasklet_init(&instance->tx_channel.tasklet, usbatm_tx_process, (unsigned long)instance); 1125 tasklet_init(&instance->tx_channel.tasklet, usbatm_tx_process, (unsigned long)instance);
1020 instance->rx_channel.endpoint = usb_rcvbulkpipe(usb_dev, driver->in);
1021 instance->tx_channel.endpoint = usb_sndbulkpipe(usb_dev, driver->out);
1022 instance->rx_channel.stride = ATM_CELL_SIZE + driver->rx_padding; 1126 instance->rx_channel.stride = ATM_CELL_SIZE + driver->rx_padding;
1023 instance->tx_channel.stride = ATM_CELL_SIZE + driver->tx_padding; 1127 instance->tx_channel.stride = ATM_CELL_SIZE + driver->tx_padding;
1024 instance->rx_channel.buf_size = rcv_buf_size * instance->rx_channel.stride;
1025 instance->tx_channel.buf_size = snd_buf_size * instance->tx_channel.stride;
1026 instance->rx_channel.usbatm = instance->tx_channel.usbatm = instance; 1128 instance->rx_channel.usbatm = instance->tx_channel.usbatm = instance;
1027 1129
1028 skb_queue_head_init(&instance->sndqueue); 1130 if ((instance->flags & UDSL_USE_ISOC) && driver->isoc_in)
1131 instance->rx_channel.endpoint = usb_rcvisocpipe(usb_dev, driver->isoc_in);
1132 else
1133 instance->rx_channel.endpoint = usb_rcvbulkpipe(usb_dev, driver->bulk_in);
1134
1135 instance->tx_channel.endpoint = usb_sndbulkpipe(usb_dev, driver->bulk_out);
1136
1137 /* tx buffer size must be a positive multiple of the stride */
1138 instance->tx_channel.buf_size = max (instance->tx_channel.stride,
1139 snd_buf_bytes - (snd_buf_bytes % instance->tx_channel.stride));
1140
1141 /* rx buffer size must be a positive multiple of the endpoint maxpacket */
1142 maxpacket = usb_maxpacket(usb_dev, instance->rx_channel.endpoint, 0);
1143
1144 if ((maxpacket < 1) || (maxpacket > UDSL_MAX_BUF_SIZE)) {
1145 dev_err(dev, "%s: invalid endpoint %02x!\n", __func__,
1146 usb_pipeendpoint(instance->rx_channel.endpoint));
1147 error = -EINVAL;
1148 goto fail_unbind;
1149 }
1150
1151 num_packets = max (1U, (rcv_buf_bytes + maxpacket / 2) / maxpacket); /* round */
1152
1153 if (num_packets * maxpacket > UDSL_MAX_BUF_SIZE)
1154 num_packets--;
1155
1156 instance->rx_channel.buf_size = num_packets * maxpacket;
1157 instance->rx_channel.packet_size = maxpacket;
1158
1159#ifdef DEBUG
1160 for (i = 0; i < 2; i++) {
1161 struct usbatm_channel *channel = i ?
1162 &instance->tx_channel : &instance->rx_channel;
1163
1164 dev_dbg(dev, "%s: using %d byte buffer for %s channel 0x%p\n", __func__, channel->buf_size, i ? "tx" : "rx", channel);
1165 }
1166#endif
1167
1168 /* initialize urbs */
1029 1169
1030 for (i = 0; i < num_rcv_urbs + num_snd_urbs; i++) { 1170 for (i = 0; i < num_rcv_urbs + num_snd_urbs; i++) {
1031 struct urb *urb;
1032 u8 *buffer; 1171 u8 *buffer;
1033 unsigned int iso_packets = 0, iso_size = 0;
1034 struct usbatm_channel *channel = i < num_rcv_urbs ? 1172 struct usbatm_channel *channel = i < num_rcv_urbs ?
1035 &instance->rx_channel : &instance->tx_channel; 1173 &instance->rx_channel : &instance->tx_channel;
1174 struct urb *urb;
1175 unsigned int iso_packets = usb_pipeisoc(channel->endpoint) ? channel->buf_size / channel->packet_size : 0;
1036 1176
1037 if (usb_pipeisoc(channel->endpoint)) { 1177 UDSL_ASSERT(!usb_pipeisoc(channel->endpoint) || usb_pipein(channel->endpoint));
1038 /* don't expect iso out endpoints */
1039 iso_size = usb_maxpacket(instance->usb_dev, channel->endpoint, 0);
1040 iso_size -= iso_size % channel->stride; /* alignment */
1041 BUG_ON(!iso_size);
1042 iso_packets = (channel->buf_size - 1) / iso_size + 1;
1043 }
1044 1178
1045 urb = usb_alloc_urb(iso_packets, GFP_KERNEL); 1179 urb = usb_alloc_urb(iso_packets, GFP_KERNEL);
1046 if (!urb) { 1180 if (!urb) {
1047 dev_dbg(dev, "%s: no memory for urb %d!\n", __func__, i); 1181 dev_err(dev, "%s: no memory for urb %d!\n", __func__, i);
1182 error = -ENOMEM;
1048 goto fail_unbind; 1183 goto fail_unbind;
1049 } 1184 }
1050 1185
1051 instance->urbs[i] = urb; 1186 instance->urbs[i] = urb;
1052 1187
1053 buffer = kmalloc(channel->buf_size, GFP_KERNEL); 1188 /* zero the tx padding to avoid leaking information */
1189 buffer = kzalloc(channel->buf_size, GFP_KERNEL);
1054 if (!buffer) { 1190 if (!buffer) {
1055 dev_dbg(dev, "%s: no memory for buffer %d!\n", __func__, i); 1191 dev_err(dev, "%s: no memory for buffer %d!\n", __func__, i);
1192 error = -ENOMEM;
1056 goto fail_unbind; 1193 goto fail_unbind;
1057 } 1194 }
1058 memset(buffer, 0, channel->buf_size);
1059 1195
1060 usb_fill_bulk_urb(urb, instance->usb_dev, channel->endpoint, 1196 usb_fill_bulk_urb(urb, instance->usb_dev, channel->endpoint,
1061 buffer, channel->buf_size, usbatm_complete, channel); 1197 buffer, channel->buf_size, usbatm_complete, channel);
@@ -1065,9 +1201,8 @@ int usbatm_usb_probe(struct usb_interface *intf, const struct usb_device_id *id,
1065 urb->transfer_flags = URB_ISO_ASAP; 1201 urb->transfer_flags = URB_ISO_ASAP;
1066 urb->number_of_packets = iso_packets; 1202 urb->number_of_packets = iso_packets;
1067 for (j = 0; j < iso_packets; j++) { 1203 for (j = 0; j < iso_packets; j++) {
1068 urb->iso_frame_desc[j].offset = iso_size * j; 1204 urb->iso_frame_desc[j].offset = channel->packet_size * j;
1069 urb->iso_frame_desc[j].length = min_t(int, iso_size, 1205 urb->iso_frame_desc[j].length = channel->packet_size;
1070 channel->buf_size - urb->iso_frame_desc[j].offset);
1071 } 1206 }
1072 } 1207 }
1073 1208
@@ -1079,7 +1214,17 @@ int usbatm_usb_probe(struct usb_interface *intf, const struct usb_device_id *id,
1079 __func__, urb->transfer_buffer, urb->transfer_buffer_length, urb); 1214 __func__, urb->transfer_buffer, urb->transfer_buffer_length, urb);
1080 } 1215 }
1081 1216
1082 if (need_heavy && driver->heavy_init) { 1217 instance->cached_vpi = ATM_VPI_UNSPEC;
1218 instance->cached_vci = ATM_VCI_UNSPEC;
1219 instance->cell_buf = kmalloc(instance->rx_channel.stride, GFP_KERNEL);
1220
1221 if (!instance->cell_buf) {
1222 dev_err(dev, "%s: no memory for cell buffer!\n", __func__);
1223 error = -ENOMEM;
1224 goto fail_unbind;
1225 }
1226
1227 if (!(instance->flags & UDSL_SKIP_HEAVY_INIT) && driver->heavy_init) {
1083 error = usbatm_heavy_init(instance); 1228 error = usbatm_heavy_init(instance);
1084 } else { 1229 } else {
1085 complete(&instance->thread_exited); /* pretend that heavy_init was run */ 1230 complete(&instance->thread_exited); /* pretend that heavy_init was run */
@@ -1098,6 +1243,8 @@ int usbatm_usb_probe(struct usb_interface *intf, const struct usb_device_id *id,
1098 if (instance->driver->unbind) 1243 if (instance->driver->unbind)
1099 instance->driver->unbind(instance, intf); 1244 instance->driver->unbind(instance, intf);
1100 fail_free: 1245 fail_free:
1246 kfree(instance->cell_buf);
1247
1101 for (i = 0; i < num_rcv_urbs + num_snd_urbs; i++) { 1248 for (i = 0; i < num_rcv_urbs + num_snd_urbs; i++) {
1102 if (instance->urbs[i]) 1249 if (instance->urbs[i])
1103 kfree(instance->urbs[i]->transfer_buffer); 1250 kfree(instance->urbs[i]->transfer_buffer);
@@ -1114,6 +1261,7 @@ void usbatm_usb_disconnect(struct usb_interface *intf)
1114{ 1261{
1115 struct device *dev = &intf->dev; 1262 struct device *dev = &intf->dev;
1116 struct usbatm_data *instance = usb_get_intfdata(intf); 1263 struct usbatm_data *instance = usb_get_intfdata(intf);
1264 struct usbatm_vcc_data *vcc_data;
1117 int i; 1265 int i;
1118 1266
1119 dev_dbg(dev, "%s entered\n", __func__); 1267 dev_dbg(dev, "%s entered\n", __func__);
@@ -1125,13 +1273,19 @@ void usbatm_usb_disconnect(struct usb_interface *intf)
1125 1273
1126 usb_set_intfdata(intf, NULL); 1274 usb_set_intfdata(intf, NULL);
1127 1275
1128 down(&instance->serialize); 1276 mutex_lock(&instance->serialize);
1277 instance->disconnected = 1;
1129 if (instance->thread_pid >= 0) 1278 if (instance->thread_pid >= 0)
1130 kill_proc(instance->thread_pid, SIGTERM, 1); 1279 kill_proc(instance->thread_pid, SIGTERM, 1);
1131 up(&instance->serialize); 1280 mutex_unlock(&instance->serialize);
1132 1281
1133 wait_for_completion(&instance->thread_exited); 1282 wait_for_completion(&instance->thread_exited);
1134 1283
1284 mutex_lock(&instance->serialize);
1285 list_for_each_entry(vcc_data, &instance->vcc_list, list)
1286 vcc_release_async(vcc_data->vcc, -EPIPE);
1287 mutex_unlock(&instance->serialize);
1288
1135 tasklet_disable(&instance->rx_channel.tasklet); 1289 tasklet_disable(&instance->rx_channel.tasklet);
1136 tasklet_disable(&instance->tx_channel.tasklet); 1290 tasklet_disable(&instance->tx_channel.tasklet);
1137 1291
@@ -1141,6 +1295,14 @@ void usbatm_usb_disconnect(struct usb_interface *intf)
1141 del_timer_sync(&instance->rx_channel.delay); 1295 del_timer_sync(&instance->rx_channel.delay);
1142 del_timer_sync(&instance->tx_channel.delay); 1296 del_timer_sync(&instance->tx_channel.delay);
1143 1297
1298 /* turn usbatm_[rt]x_process into something close to a no-op */
1299 /* no need to take the spinlock */
1300 INIT_LIST_HEAD(&instance->rx_channel.list);
1301 INIT_LIST_HEAD(&instance->tx_channel.list);
1302
1303 tasklet_enable(&instance->rx_channel.tasklet);
1304 tasklet_enable(&instance->tx_channel.tasklet);
1305
1144 if (instance->atm_dev && instance->driver->atm_stop) 1306 if (instance->atm_dev && instance->driver->atm_stop)
1145 instance->driver->atm_stop(instance, instance->atm_dev); 1307 instance->driver->atm_stop(instance, instance->atm_dev);
1146 1308
@@ -1149,19 +1311,13 @@ void usbatm_usb_disconnect(struct usb_interface *intf)
1149 1311
1150 instance->driver_data = NULL; 1312 instance->driver_data = NULL;
1151 1313
1152 /* turn usbatm_[rt]x_process into noop */
1153 /* no need to take the spinlock */
1154 INIT_LIST_HEAD(&instance->rx_channel.list);
1155 INIT_LIST_HEAD(&instance->tx_channel.list);
1156
1157 tasklet_enable(&instance->rx_channel.tasklet);
1158 tasklet_enable(&instance->tx_channel.tasklet);
1159
1160 for (i = 0; i < num_rcv_urbs + num_snd_urbs; i++) { 1314 for (i = 0; i < num_rcv_urbs + num_snd_urbs; i++) {
1161 kfree(instance->urbs[i]->transfer_buffer); 1315 kfree(instance->urbs[i]->transfer_buffer);
1162 usb_free_urb(instance->urbs[i]); 1316 usb_free_urb(instance->urbs[i]);
1163 } 1317 }
1164 1318
1319 kfree(instance->cell_buf);
1320
1165 /* ATM finalize */ 1321 /* ATM finalize */
1166 if (instance->atm_dev) 1322 if (instance->atm_dev)
1167 atm_dev_deregister(instance->atm_dev); 1323 atm_dev_deregister(instance->atm_dev);
@@ -1186,10 +1342,10 @@ static int __init usbatm_usb_init(void)
1186 1342
1187 if ((num_rcv_urbs > UDSL_MAX_RCV_URBS) 1343 if ((num_rcv_urbs > UDSL_MAX_RCV_URBS)
1188 || (num_snd_urbs > UDSL_MAX_SND_URBS) 1344 || (num_snd_urbs > UDSL_MAX_SND_URBS)
1189 || (rcv_buf_size < 1) 1345 || (rcv_buf_bytes < 1)
1190 || (rcv_buf_size > UDSL_MAX_RCV_BUF_SIZE) 1346 || (rcv_buf_bytes > UDSL_MAX_BUF_SIZE)
1191 || (snd_buf_size < 1) 1347 || (snd_buf_bytes < 1)
1192 || (snd_buf_size > UDSL_MAX_SND_BUF_SIZE)) 1348 || (snd_buf_bytes > UDSL_MAX_BUF_SIZE))
1193 return -EINVAL; 1349 return -EINVAL;
1194 1350
1195 return 0; 1351 return 0;
generated by cgit v1.2.2 (git 2.25.0) at 2024-11-02 11:25:15 -0400