[media] redrat3: remove memcpys and fix unaligned memory access

 *

 */

#include <asm/unaligned.h>

#include <linux/device.h>

#include <linux/module.h>

#include <linux/slab.h>

/* USB bulk-in IR data endpoint address */

#define RR3_BULK_IN_EP_ADDR	0x82

/* Raw Modulated signal data value offsets */

#define RR3_PAUSE_OFFSET	0

#define RR3_FREQ_COUNT_OFFSET	4

#define RR3_NUM_PERIOD_OFFSET	6

#define RR3_MAX_LENGTHS_OFFSET	8

#define RR3_NUM_LENGTHS_OFFSET	9

#define RR3_MAX_SIGS_OFFSET	10

#define RR3_NUM_SIGS_OFFSET	12

#define RR3_REPEATS_OFFSET	14

/* Size of the fixed-length portion of the signal */

#define RR3_HEADER_LENGTH	15

#define RR3_DRIVER_MAXLENS	128

#define RR3_MAX_SIG_SIZE	512

#define RR3_MAX_BUF_SIZE	\

	((2 * RR3_HEADER_LENGTH) + RR3_DRIVER_MAXLENS + RR3_MAX_SIG_SIZE)

#define RR3_TIME_UNIT		50

#define RR3_END_OF_SIGNAL	0x7f

#define RR3_TX_HEADER_OFFSET	4

#define RR3_TX_TRAILER_LEN	2

#define RR3_RX_MIN_TIMEOUT	5

#define RR3_RX_MAX_TIMEOUT	2000

#define USB_RR3USB_PRODUCT_ID	0x0001

#define USB_RR3IIUSB_PRODUCT_ID	0x0005

struct redrat3_header {

	__be16 length;

	__be16 transfer_type;

} __packed;

/* sending and receiving irdata */

struct redrat3_irdata {

	struct redrat3_header header;

	__be32 pause;

	__be16 mod_freq_count;

	__be16 num_periods;

	__u8 max_lengths;

	__u8 no_lengths;

	__be16 max_sig_size;

	__be16 sig_size;

	__u8 no_repeats;

	__be16 lens[RR3_DRIVER_MAXLENS]; /* not aligned */

	__u8 sigdata[RR3_MAX_SIG_SIZE];

} __packed;

/* firmware errors */

struct redrat3_error {

	struct redrat3_header header;

	__be16 fw_error;

} __packed;

/* table of devices that work with this driver */

static struct usb_device_id redrat3_dev_table[] = {

	/* Original version of the RedRat3 */

	/* the receive endpoint */

	struct usb_endpoint_descriptor *ep_in;

	/* the buffer to receive data */

	unsigned char *bulk_in_buf;

	void *bulk_in_buf;

	/* urb used to read ir data */

	struct urb *read_urb;

	bool transmitting;

	/* store for current packet */

	char pbuf[RR3_MAX_BUF_SIZE];

	u16 pktlen;

	u16 pkttype;

	struct redrat3_irdata irdata;

	u16 bytes_read;

	char *datap;

	u32 carrier;

	char name[128];

	char name[64];

	char phys[64];

};

/* All incoming data buffers adhere to a very specific data format */

struct redrat3_signal_header {

	u16 length;	/* Length of data being transferred */

	u16 transfer_type; /* Type of data transferred */

	u32 pause;	/* Pause between main and repeat signals */

	u16 mod_freq_count; /* Value of timer on mod. freq. measurement */

	u16 no_periods;	/* No. of periods over which mod. freq. is measured */

	u8 max_lengths;	/* Max no. of lengths (i.e. size of array) */

	u8 no_lengths;	/* Actual no. of elements in lengths array */

	u16 max_sig_size; /* Max no. of values in signal data array */

	u16 sig_size;	/* Acuto no. of values in signal data array */

	u8 no_repeats;	/* No. of repeats of repeat signal section */

	/* Here forward is the lengths and signal data */

};

static void redrat3_dump_signal_header(struct redrat3_signal_header *header)

{

	pr_info("%s:\n", __func__);

	pr_info(" * length: %u, transfer_type: 0x%02x\n",

		header->length, header->transfer_type);

	pr_info(" * pause: %u, freq_count: %u, no_periods: %u\n",

		header->pause, header->mod_freq_count, header->no_periods);

	pr_info(" * lengths: %u (max: %u)\n",

		header->no_lengths, header->max_lengths);

	pr_info(" * sig_size: %u (max: %u)\n",

		header->sig_size, header->max_sig_size);

	pr_info(" * repeats: %u\n", header->no_repeats);

}

static void redrat3_dump_signal_data(char *buffer, u16 len)

{

	int offset, i;

	char *data_vals;

	pr_info("%s:", __func__);

	offset = RR3_TX_HEADER_OFFSET + RR3_HEADER_LENGTH

		 + (RR3_DRIVER_MAXLENS * sizeof(u16));

	/* read RR3_DRIVER_MAXLENS from ctrl msg */

	data_vals = buffer + offset;

	for (i = 0; i < len; i++) {

		if (i % 10 == 0)

			pr_cont("\n * ");

		pr_cont("%02x ", *data_vals++);

	}

	pr_cont("\n");

}

/*

 * redrat3_issue_async

 *

	}

}

static u32 redrat3_val_to_mod_freq(struct redrat3_signal_header *ph)

static u32 redrat3_val_to_mod_freq(struct redrat3_irdata *irdata)

{

	u32 mod_freq = 0;

	u16 mod_freq_count = be16_to_cpu(irdata->mod_freq_count);

	if (ph->mod_freq_count != 0)

		mod_freq = (RR3_CLK * ph->no_periods) /

				(ph->mod_freq_count * RR3_CLK_PER_COUNT);

	if (mod_freq_count != 0)

		mod_freq = (RR3_CLK * be16_to_cpu(irdata->num_periods)) /

			(mod_freq_count * RR3_CLK_PER_COUNT);

	return mod_freq;

}

static void redrat3_process_ir_data(struct redrat3_dev *rr3)

{

	DEFINE_IR_RAW_EVENT(rawir);

	struct redrat3_signal_header header;

	struct device *dev;

	int i, trailer = 0;

	unsigned sig_size, single_len, offset, val;

	unsigned long delay;

	u32 mod_freq, single_len;

	u16 *len_vals;

	u8 *data_vals;

	u32 tmp32;

	u16 tmp16;

	char *sig_data;

	u32 mod_freq;

	if (!rr3) {

		pr_err("%s called with no context!\n", __func__);

	rr3_ftr(rr3->dev, "Entered %s\n", __func__);

	dev = rr3->dev;

	sig_data = rr3->pbuf;

	header.length = rr3->pktlen;

	header.transfer_type = rr3->pkttype;

	/* Sanity check */

	if (!(header.length >= RR3_HEADER_LENGTH))

		dev_warn(dev, "read returned less than rr3 header len\n");

	/* Make sure we reset the IR kfifo after a bit of inactivity */

	delay = usecs_to_jiffies(rr3->hw_timeout);

	mod_timer(&rr3->rx_timeout, jiffies + delay);

	memcpy(&tmp32, sig_data + RR3_PAUSE_OFFSET, sizeof(tmp32));

	header.pause = be32_to_cpu(tmp32);

	memcpy(&tmp16, sig_data + RR3_FREQ_COUNT_OFFSET, sizeof(tmp16));

	header.mod_freq_count = be16_to_cpu(tmp16);

	memcpy(&tmp16, sig_data + RR3_NUM_PERIOD_OFFSET, sizeof(tmp16));

	header.no_periods = be16_to_cpu(tmp16);

	header.max_lengths = sig_data[RR3_MAX_LENGTHS_OFFSET];

	header.no_lengths = sig_data[RR3_NUM_LENGTHS_OFFSET];

	memcpy(&tmp16, sig_data + RR3_MAX_SIGS_OFFSET, sizeof(tmp16));

	header.max_sig_size = be16_to_cpu(tmp16);

	memcpy(&tmp16, sig_data + RR3_NUM_SIGS_OFFSET, sizeof(tmp16));

	header.sig_size = be16_to_cpu(tmp16);

	header.no_repeats= sig_data[RR3_REPEATS_OFFSET];

	if (debug) {

		redrat3_dump_signal_header(&header);

		redrat3_dump_signal_data(sig_data, header.sig_size);

	}

	mod_freq = redrat3_val_to_mod_freq(&header);

	mod_freq = redrat3_val_to_mod_freq(&rr3->irdata);

	rr3_dbg(dev, "Got mod_freq of %u\n", mod_freq);

	/* Here we pull out the 'length' values from the signal */

	len_vals = (u16 *)(sig_data + RR3_HEADER_LENGTH);

	data_vals = sig_data + RR3_HEADER_LENGTH +

		    (header.max_lengths * sizeof(u16));

	/* process each rr3 encoded byte into an int */

	for (i = 0; i < header.sig_size; i++) {

		u16 val = len_vals[data_vals[i]];

		single_len = redrat3_len_to_us((u32)be16_to_cpu(val));

	sig_size = be16_to_cpu(rr3->irdata.sig_size);

	for (i = 0; i < sig_size; i++) {

		offset = rr3->irdata.sigdata[i];

		val = get_unaligned_be16(&rr3->irdata.lens[offset]);

		single_len = redrat3_len_to_us(val);

		/* we should always get pulse/space/pulse/space samples */

		if (i % 2)

			__func__, res, *data);

		res = -EIO;

	} else

		res = (u8)data[0];

		res = data[0];

	kfree(data);

static void redrat3_read_packet_start(struct redrat3_dev *rr3, int len)

{

	u16 tx_error;

	u16 hdrlen;

	struct redrat3_header *header = rr3->bulk_in_buf;

	unsigned pktlen, pkttype;

	rr3_ftr(rr3->dev, "Entering %s\n", __func__);

	/* grab the Length and type of transfer */

	memcpy(&(rr3->pktlen), (unsigned char *) rr3->bulk_in_buf,

	       sizeof(rr3->pktlen));

	memcpy(&(rr3->pkttype), ((unsigned char *) rr3->bulk_in_buf +

		sizeof(rr3->pktlen)),

	       sizeof(rr3->pkttype));

	pktlen = be16_to_cpu(header->length);

	pkttype = be16_to_cpu(header->transfer_type);

	/*data needs conversion to know what its real values are*/

	rr3->pktlen = be16_to_cpu(rr3->pktlen);

	rr3->pkttype = be16_to_cpu(rr3->pkttype);

	if (pktlen > sizeof(rr3->irdata)) {

		dev_warn(rr3->dev, "packet length %u too large\n", pktlen);

		return;

	}

	switch (rr3->pkttype) {

	switch (pkttype) {

	case RR3_ERROR:

		memcpy(&tx_error, ((unsigned char *)rr3->bulk_in_buf

			+ (sizeof(rr3->pktlen) + sizeof(rr3->pkttype))),

		       sizeof(tx_error));

		tx_error = be16_to_cpu(tx_error);

		redrat3_dump_fw_error(rr3, tx_error);

		if (len >= sizeof(struct redrat3_error)) {

			struct redrat3_error *error = rr3->bulk_in_buf;

			unsigned fw_error = be16_to_cpu(error->fw_error);

			redrat3_dump_fw_error(rr3, fw_error);

		}

		break;

	case RR3_MOD_SIGNAL_IN:

		hdrlen = sizeof(rr3->pktlen) + sizeof(rr3->pkttype);

		memcpy(&rr3->irdata, rr3->bulk_in_buf, len);

		rr3->bytes_read = len;

		rr3->bytes_read -= hdrlen;

		rr3->datap = &(rr3->pbuf[0]);

		memcpy(rr3->datap, ((unsigned char *)rr3->bulk_in_buf + hdrlen),

		       rr3->bytes_read);

		rr3->datap += rr3->bytes_read;

		rr3_dbg(rr3->dev, "bytes_read %d, pktlen %d\n",

			rr3->bytes_read, rr3->pktlen);

			rr3->bytes_read, pktlen);

		break;

	default:

		rr3_dbg(rr3->dev, "ignoring packet with type 0x%02x, "

			"len of %d, 0x%02x\n", rr3->pkttype, len, rr3->pktlen);

		rr3_dbg(rr3->dev, "ignoring packet with type 0x%02x, len of %d, 0x%02x\n",

						pkttype, len, pktlen);

		break;

	}

}

static void redrat3_read_packet_continue(struct redrat3_dev *rr3, int len)

{

	void *irdata = &rr3->irdata;

	rr3_ftr(rr3->dev, "Entering %s\n", __func__);

	memcpy(rr3->datap, (unsigned char *)rr3->bulk_in_buf, len);

	rr3->datap += len;

	if (len + rr3->bytes_read > sizeof(rr3->irdata)) {

		dev_warn(rr3->dev, "too much data for packet\n");

		rr3->bytes_read = 0;

		return;

	}

	memcpy(irdata + rr3->bytes_read, rr3->bulk_in_buf, len);

	rr3->bytes_read += len;

	rr3_dbg(rr3->dev, "bytes_read %d, pktlen %d\n",

		rr3->bytes_read, rr3->pktlen);

	rr3_dbg(rr3->dev, "bytes_read %d, pktlen %d\n", rr3->bytes_read,

				 be16_to_cpu(rr3->irdata.header.length));

}

/* gather IR data from incoming urb, process it when we have enough */

static int redrat3_get_ir_data(struct redrat3_dev *rr3, int len)

{

	struct device *dev = rr3->dev;

	unsigned pkttype;

	int ret = 0;

	rr3_ftr(dev, "Entering %s\n", __func__);

	if (rr3->pktlen > RR3_MAX_BUF_SIZE) {

		dev_err(rr3->dev, "error: packet larger than buffer\n");

		ret = -EINVAL;

		goto out;

	}

	if ((rr3->bytes_read == 0) &&

	    (len >= (sizeof(rr3->pkttype) + sizeof(rr3->pktlen)))) {

	if (rr3->bytes_read == 0 && len >= sizeof(struct redrat3_header)) {

		redrat3_read_packet_start(rr3, len);

	} else if (rr3->bytes_read != 0) {

		redrat3_read_packet_continue(rr3, len);

		goto out;

	}

	if (rr3->bytes_read > rr3->pktlen) {

		dev_err(dev, "bytes_read (%d) greater than pktlen (%d)\n",

			rr3->bytes_read, rr3->pktlen);

		ret = -EINVAL;

		goto out;

	} else if (rr3->bytes_read < rr3->pktlen)

	if (rr3->bytes_read < be16_to_cpu(rr3->irdata.header.length))

		/* we're still accumulating data */

		return 0;

	/* if we get here, we've got IR data to decode */

	if (rr3->pkttype == RR3_MOD_SIGNAL_IN)

	pkttype = be16_to_cpu(rr3->irdata.header.transfer_type);

	if (pkttype == RR3_MOD_SIGNAL_IN)

		redrat3_process_ir_data(rr3);

	else

		rr3_dbg(dev, "discarding non-signal data packet "

			"(type 0x%02x)\n", rr3->pkttype);

		rr3_dbg(dev, "discarding non-signal data packet (type 0x%02x)\n",

								pkttype);

out:

	rr3->bytes_read = 0;

	rr3->pktlen = 0;

	rr3->pkttype = 0;

	return ret;

}

	default:

		dev_warn(rr3->dev, "Error: urb status = %d\n", urb->status);

		rr3->bytes_read = 0;

		rr3->pktlen = 0;

		rr3->pkttype = 0;

		break;

	}

}

	int mult = 6000000;

	/* Clk used in mod. freq. generation is CLK24/4. */

	return (u16)(65536 - (mult / mod_freq));

	return 65536 - (mult / mod_freq);

}

static int redrat3_set_tx_carrier(struct rc_dev *rcdev, u32 carrier)

{

	struct redrat3_dev *rr3 = rcdev->priv;

	struct device *dev = rr3->dev;

	struct redrat3_signal_header header;

	int i, ret, ret_len, offset;

	struct redrat3_irdata *irdata = NULL;

	int i, ret, ret_len;

	int lencheck, cur_sample_len, pipe;

	char *buffer = NULL, *sigdata = NULL;

	int *sample_lens = NULL;

	u32 tmpi;

	u16 tmps;

	u8 *datap;

	u8 curlencheck = 0;

	u16 *lengths_ptr;

	int sendbuf_len;

	rr3_ftr(dev, "Entering %s\n", __func__);

		goto out;

	}

	sigdata = kzalloc((count + RR3_TX_TRAILER_LEN), GFP_KERNEL);

	if (!sigdata) {

	irdata = kzalloc(sizeof(*irdata), GFP_KERNEL);

	if (!irdata) {

		ret = -ENOMEM;

		goto out;

	}

				/* now convert the value to a proper

				 * rr3 value.. */

				sample_lens[curlencheck] = cur_sample_len;

				put_unaligned_be16(cur_sample_len,

						&irdata->lens[curlencheck]);

				curlencheck++;

			} else {

				count = i - 1;

				break;

			}

		}

		sigdata[i] = lencheck;

		irdata->sigdata[i] = lencheck;

	}

	sigdata[count] = RR3_END_OF_SIGNAL;

	sigdata[count + 1] = RR3_END_OF_SIGNAL;

	offset = RR3_TX_HEADER_OFFSET;

	sendbuf_len = RR3_HEADER_LENGTH + (sizeof(u16) * RR3_DRIVER_MAXLENS)

			+ count + RR3_TX_TRAILER_LEN + offset;

	buffer = kzalloc(sendbuf_len, GFP_KERNEL);

	if (!buffer) {

		ret = -ENOMEM;

		goto out;

	}

	irdata->sigdata[count] = RR3_END_OF_SIGNAL;

	irdata->sigdata[count + 1] = RR3_END_OF_SIGNAL;

	sendbuf_len = offsetof(struct redrat3_irdata,

					sigdata[count + RR3_TX_TRAILER_LEN]);

	/* fill in our packet header */

	header.length = sendbuf_len - offset;

	header.transfer_type = RR3_MOD_SIGNAL_OUT;

	header.pause = redrat3_len_to_us(100);

	header.mod_freq_count = mod_freq_to_val(rr3->carrier);

	header.no_periods = 0; /* n/a to transmit */

	header.max_lengths = RR3_DRIVER_MAXLENS;

	header.no_lengths = curlencheck;

	header.max_sig_size = RR3_MAX_SIG_SIZE;

	header.sig_size = count + RR3_TX_TRAILER_LEN;

	/* we currently rely on repeat handling in the IR encoding source */

	header.no_repeats = 0;

	tmps = cpu_to_be16(header.length);

	memcpy(buffer, &tmps, 2);

	tmps = cpu_to_be16(header.transfer_type);

	memcpy(buffer + 2, &tmps, 2);

	tmpi = cpu_to_be32(header.pause);

	memcpy(buffer + offset, &tmpi, sizeof(tmpi));

	tmps = cpu_to_be16(header.mod_freq_count);

	memcpy(buffer + offset + RR3_FREQ_COUNT_OFFSET, &tmps, 2);

	buffer[offset + RR3_NUM_LENGTHS_OFFSET] = header.no_lengths;

	tmps = cpu_to_be16(header.sig_size);

	memcpy(buffer + offset + RR3_NUM_SIGS_OFFSET, &tmps, 2);

	buffer[offset + RR3_REPEATS_OFFSET] = header.no_repeats;

	lengths_ptr = (u16 *)(buffer + offset + RR3_HEADER_LENGTH);

	for (i = 0; i < curlencheck; ++i)

		lengths_ptr[i] = cpu_to_be16(sample_lens[i]);

	datap = (u8 *)(buffer + offset + RR3_HEADER_LENGTH +

			    (sizeof(u16) * RR3_DRIVER_MAXLENS));

	memcpy(datap, sigdata, (count + RR3_TX_TRAILER_LEN));

	if (debug) {

		redrat3_dump_signal_header(&header);

		redrat3_dump_signal_data(buffer, header.sig_size);

	}

	irdata->header.length = cpu_to_be16(sendbuf_len -

						sizeof(struct redrat3_header));

	irdata->header.transfer_type = cpu_to_be16(RR3_MOD_SIGNAL_OUT);

	irdata->pause = cpu_to_be32(redrat3_len_to_us(100));

	irdata->mod_freq_count = cpu_to_be16(mod_freq_to_val(rr3->carrier));

	irdata->no_lengths = curlencheck;

	irdata->sig_size = cpu_to_be16(count + RR3_TX_TRAILER_LEN);

	pipe = usb_sndbulkpipe(rr3->udev, rr3->ep_out->bEndpointAddress);

	tmps = usb_bulk_msg(rr3->udev, pipe, buffer,

	ret = usb_bulk_msg(rr3->udev, pipe, irdata,

			    sendbuf_len, &ret_len, 10 * HZ);

	rr3_dbg(dev, "sent %d bytes, (ret %d)\n", ret_len, tmps);

	rr3_dbg(dev, "sent %d bytes, (ret %d)\n", ret_len, ret);

	/* now tell the hardware to transmit what we sent it */

	pipe = usb_rcvctrlpipe(rr3->udev, 0);

	ret = usb_control_msg(rr3->udev, pipe, RR3_TX_SEND_SIGNAL,

			      USB_TYPE_VENDOR | USB_RECIP_DEVICE | USB_DIR_IN,

			      0, 0, buffer, 2, HZ * 10);

			      0, 0, irdata, 2, HZ * 10);

	if (ret < 0)

		dev_err(dev, "Error: control msg send failed, rc %d\n", ret);

out:

	kfree(sample_lens);

	kfree(buffer);

	kfree(sigdata);

	kfree(irdata);

	rr3->transmitting = false;

	/* rr3 re-enables rc detector because it was enabled before */