search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
[PATCH] null pointer dereference in appledisplay driver
[linux-2.6.git] / drivers / usb / misc / appledisplay.c
blob32f0e3a5b022390a8551c087855e5f11ad853fe3
1 /*
2 * Apple Cinema Display driver
3 *
4 * Copyright (C) 2006 Michael Hanselmann (linux-kernel@hansmi.ch)
5 *
6 * Thanks to Caskey L. Dickson for his work with acdctl.
7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
21 */
22
23 #include <linux/kernel.h>
24 #include <linux/errno.h>
25 #include <linux/init.h>
26 #include <linux/module.h>
27 #include <linux/usb.h>
28 #include <linux/backlight.h>
29 #include <linux/timer.h>
30 #include <linux/workqueue.h>
31 #include <asm/atomic.h>
32 #include <asm/semaphore.h>
33
34 #define APPLE_VENDOR_ID 0x05AC
35
36 #define USB_REQ_GET_REPORT 0x01
37 #define USB_REQ_SET_REPORT 0x09
38
39 #define ACD_USB_TIMEOUT 250
40
41 #define ACD_USB_EDID 0x0302
42 #define ACD_USB_BRIGHTNESS 0x0310
43
44 #define ACD_BTN_NONE 0
45 #define ACD_BTN_BRIGHT_UP 3
46 #define ACD_BTN_BRIGHT_DOWN 4
47
48 #define ACD_URB_BUFFER_LEN 2
49 #define ACD_MSG_BUFFER_LEN 2
50
51 #define APPLEDISPLAY_DEVICE(prod) \
52 .match_flags = USB_DEVICE_ID_MATCH_DEVICE | \
53 USB_DEVICE_ID_MATCH_INT_CLASS | \
54 USB_DEVICE_ID_MATCH_INT_PROTOCOL, \
55 .idVendor = APPLE_VENDOR_ID, \
56 .idProduct = (prod), \
57 .bInterfaceClass = USB_CLASS_HID, \
58 .bInterfaceProtocol = 0x00
59
60 /* table of devices that work with this driver */
61 static struct usb_device_id appledisplay_table [] = {
62 { APPLEDISPLAY_DEVICE(0x9218) },
63 { APPLEDISPLAY_DEVICE(0x9219) },
64 { APPLEDISPLAY_DEVICE(0x921d) },
65
66 /* Terminating entry */
67 { }
68 };
69 MODULE_DEVICE_TABLE(usb, appledisplay_table);
70
71 /* Structure to hold all of our device specific stuff */
72 struct appledisplay {
73 struct usb_device *udev; /* usb device */
74 struct urb *urb; /* usb request block */
75 struct backlight_device *bd; /* backlight device */
76 char *urbdata; /* interrupt URB data buffer */
77 char *msgdata; /* control message data buffer */
78
79 struct delayed_work work;
80 int button_pressed;
81 spinlock_t lock;
82 };
83
84 static atomic_t count_displays = ATOMIC_INIT(0);
85 static struct workqueue_struct *wq;
86
87 static void appledisplay_complete(struct urb *urb)
88 {
89 struct appledisplay *pdata = urb->context;
90 unsigned long flags;
91 int retval;
92
93 switch (urb->status) {
94 case 0:
95 /* success */
96 break;
97 case -EOVERFLOW:
98 printk(KERN_ERR "appletouch: OVERFLOW with data "
99 "length %d, actual length is %d\n",
100 ACD_URB_BUFFER_LEN, pdata->urb->actual_length);
101 case -ECONNRESET:
102 case -ENOENT:
103 case -ESHUTDOWN:
104 /* This urb is terminated, clean up */
105 dbg("%s - urb shutting down with status: %d",
106 __FUNCTION__, urb->status);
107 return;
108 default:
109 dbg("%s - nonzero urb status received: %d",
110 __FUNCTION__, urb->status);
111 goto exit;
112 }
113
114 spin_lock_irqsave(&pdata->lock, flags);
115
116 switch(pdata->urbdata[1]) {
117 case ACD_BTN_BRIGHT_UP:
118 case ACD_BTN_BRIGHT_DOWN:
119 pdata->button_pressed = 1;
120 queue_delayed_work(wq, &pdata->work, 0);
121 break;
122 case ACD_BTN_NONE:
123 default:
124 pdata->button_pressed = 0;
125 break;
126 }
127
128 spin_unlock_irqrestore(&pdata->lock, flags);
129
130 exit:
131 retval = usb_submit_urb(pdata->urb, GFP_ATOMIC);
132 if (retval) {
133 err("%s - usb_submit_urb failed with result %d",
134 __FUNCTION__, retval);
135 }
136 }
137
138 static int appledisplay_bl_update_status(struct backlight_device *bd)
139 {
140 struct appledisplay *pdata = class_get_devdata(&bd->class_dev);
141 int retval;
142
143 pdata->msgdata[0] = 0x10;
144 pdata->msgdata[1] = bd->props->brightness;
145
146 retval = usb_control_msg(
147 pdata->udev,
148 usb_sndctrlpipe(pdata->udev, 0),
149 USB_REQ_SET_REPORT,
150 USB_DIR_OUT | USB_TYPE_CLASS | USB_RECIP_INTERFACE,
151 ACD_USB_BRIGHTNESS,
152 0,
153 pdata->msgdata, 2,
154 ACD_USB_TIMEOUT);
155
156 return retval;
157 }
158
159 static int appledisplay_bl_get_brightness(struct backlight_device *bd)
160 {
161 struct appledisplay *pdata = class_get_devdata(&bd->class_dev);
162 int retval;
163
164 retval = usb_control_msg(
165 pdata->udev,
166 usb_rcvctrlpipe(pdata->udev, 0),
167 USB_REQ_GET_REPORT,
168 USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE,
169 ACD_USB_BRIGHTNESS,
170 0,
171 pdata->msgdata, 2,
172 ACD_USB_TIMEOUT);
173
174 if (retval < 0)
175 return retval;
176 else
177 return pdata->msgdata[1];
178 }
179
180 static struct backlight_properties appledisplay_bl_data = {
181 .owner = THIS_MODULE,
182 .get_brightness = appledisplay_bl_get_brightness,
183 .update_status = appledisplay_bl_update_status,
184 .max_brightness = 0xFF
185 };
186
187 static void appledisplay_work(struct work_struct *work)
188 {
189 struct appledisplay *pdata =
190 container_of(work, struct appledisplay, work.work);
191 int retval;
192
193 up(&pdata->bd->sem);
194 retval = appledisplay_bl_get_brightness(pdata->bd);
195 if (retval >= 0)
196 pdata->bd->props->brightness = retval;
197 down(&pdata->bd->sem);
198
199 /* Poll again in about 125ms if there's still a button pressed */
200 if (pdata->button_pressed)
201 schedule_delayed_work(&pdata->work, HZ / 8);
202 }
203
204 static int appledisplay_probe(struct usb_interface *iface,
205 const struct usb_device_id *id)
206 {
207 struct appledisplay *pdata;
208 struct usb_device *udev = interface_to_usbdev(iface);
209 struct usb_host_interface *iface_desc;
210 struct usb_endpoint_descriptor *endpoint;
211 int int_in_endpointAddr = 0;
212 int i, retval = -ENOMEM, brightness;
213 char bl_name[20];
214
215 /* set up the endpoint information */
216 /* use only the first interrupt-in endpoint */
217 iface_desc = iface->cur_altsetting;
218 for (i = 0; i < iface_desc->desc.bNumEndpoints; i++) {
219 endpoint = &iface_desc->endpoint[i].desc;
220 if (!int_in_endpointAddr && usb_endpoint_is_int_in(endpoint)) {
221 /* we found an interrupt in endpoint */
222 int_in_endpointAddr = endpoint->bEndpointAddress;
223 break;
224 }
225 }
226 if (!int_in_endpointAddr) {
227 err("Could not find int-in endpoint");
228 return -EIO;
229 }
230
231 /* allocate memory for our device state and initialize it */
232 pdata = kzalloc(sizeof(struct appledisplay), GFP_KERNEL);
233 if (!pdata) {
234 retval = -ENOMEM;
235 err("Out of memory");
236 goto error;
237 }
238
239 pdata->udev = udev;
240
241 spin_lock_init(&pdata->lock);
242 INIT_DELAYED_WORK(&pdata->work, appledisplay_work);
243
244 /* Allocate buffer for control messages */
245 pdata->msgdata = kmalloc(ACD_MSG_BUFFER_LEN, GFP_KERNEL);
246 if (!pdata->msgdata) {
247 retval = -ENOMEM;
248 err("appledisplay: Allocating buffer for control messages "
249 "failed");
250 goto error;
251 }
252
253 /* Allocate interrupt URB */
254 pdata->urb = usb_alloc_urb(0, GFP_KERNEL);
255 if (!pdata->urb) {
256 retval = -ENOMEM;
257 err("appledisplay: Allocating URB failed");
258 goto error;
259 }
260
261 /* Allocate buffer for interrupt data */
262 pdata->urbdata = usb_buffer_alloc(pdata->udev, ACD_URB_BUFFER_LEN,
263 GFP_KERNEL, &pdata->urb->transfer_dma);
264 if (!pdata->urbdata) {
265 retval = -ENOMEM;
266 err("appledisplay: Allocating URB buffer failed");
267 goto error;
268 }
269
270 /* Configure interrupt URB */
271 usb_fill_int_urb(pdata->urb, udev,
272 usb_rcvintpipe(udev, int_in_endpointAddr),
273 pdata->urbdata, ACD_URB_BUFFER_LEN, appledisplay_complete,
274 pdata, 1);
275 if (usb_submit_urb(pdata->urb, GFP_KERNEL)) {
276 retval = -EIO;
277 err("appledisplay: Submitting URB failed");
278 goto error;
279 }
280
281 /* Register backlight device */
282 snprintf(bl_name, sizeof(bl_name), "appledisplay%d",
283 atomic_inc_return(&count_displays) - 1);
284 pdata->bd = backlight_device_register(bl_name, NULL,
285 pdata, &appledisplay_bl_data);
286 if (IS_ERR(pdata->bd)) {
287 err("appledisplay: Backlight registration failed");
288 goto error;
289 }
290
291 /* Try to get brightness */
292 up(&pdata->bd->sem);
293 brightness = appledisplay_bl_get_brightness(pdata->bd);
294 down(&pdata->bd->sem);
295
296 if (brightness < 0) {
297 retval = brightness;
298 err("appledisplay: Error while getting initial brightness: %d", retval);
299 goto error;
300 }
301
302 /* Set brightness in backlight device */
303 up(&pdata->bd->sem);
304 pdata->bd->props->brightness = brightness;
305 down(&pdata->bd->sem);
306
307 /* save our data pointer in the interface device */
308 usb_set_intfdata(iface, pdata);
309
310 printk(KERN_INFO "appledisplay: Apple Cinema Display connected\n");
311
312 return 0;
313
314 error:
315 if (pdata) {
316 if (pdata->urb) {
317 usb_kill_urb(pdata->urb);
318 if (pdata->urbdata)
319 usb_buffer_free(pdata->udev, ACD_URB_BUFFER_LEN,
320 pdata->urbdata, pdata->urb->transfer_dma);
321 usb_free_urb(pdata->urb);
322 }
323 if (pdata->bd)
324 backlight_device_unregister(pdata->bd);
325 kfree(pdata->msgdata);
326 }
327 usb_set_intfdata(iface, NULL);
328 kfree(pdata);
329 return retval;
330 }
331
332 static void appledisplay_disconnect(struct usb_interface *iface)
333 {
334 struct appledisplay *pdata = usb_get_intfdata(iface);
335
336 if (pdata) {
337 usb_kill_urb(pdata->urb);
338 cancel_delayed_work(&pdata->work);
339 backlight_device_unregister(pdata->bd);
340 usb_buffer_free(pdata->udev, ACD_URB_BUFFER_LEN,
341 pdata->urbdata, pdata->urb->transfer_dma);
342 usb_free_urb(pdata->urb);
343 kfree(pdata->msgdata);
344 kfree(pdata);
345 }
346
347 printk(KERN_INFO "appledisplay: Apple Cinema Display disconnected\n");
348 }
349
350 static struct usb_driver appledisplay_driver = {
351 .name = "appledisplay",
352 .probe = appledisplay_probe,
353 .disconnect = appledisplay_disconnect,
354 .id_table = appledisplay_table,
355 };
356
357 static int __init appledisplay_init(void)
358 {
359 wq = create_singlethread_workqueue("appledisplay");
360 if (!wq) {
361 err("Could not create work queue\n");
362 return -ENOMEM;
363 }
364
365 return usb_register(&appledisplay_driver);
366 }
367
368 static void __exit appledisplay_exit(void)
369 {
370 flush_workqueue(wq);
371 destroy_workqueue(wq);
372 usb_deregister(&appledisplay_driver);
373 }
374
375 MODULE_AUTHOR("Michael Hanselmann");
376 MODULE_DESCRIPTION("Apple Cinema Display driver");
377 MODULE_LICENSE("GPL");
378
379 module_init(appledisplay_init);
380 module_exit(appledisplay_exit);
Linus' kernel tree