1// SPDX-License-Identifier: GPL-2.0 2/* 3 * cdc-wdm.c 4 * 5 * This driver supports USB CDC WCM Device Management. 6 * 7 * Copyright (c) 2007-2009 Oliver Neukum 8 * 9 * Some code taken from cdc-acm.c 10 * 11 * Released under the GPLv2. 12 * 13 * Many thanks to Carl Nordbeck 14 */ 15#include <linux/kernel.h> 16#include <linux/errno.h> 17#include <linux/ioctl.h> 18#include <linux/slab.h> 19#include <linux/module.h> 20#include <linux/mutex.h> 21#include <linux/uaccess.h> 22#include <linux/bitops.h> 23#include <linux/poll.h> 24#include <linux/usb.h> 25#include <linux/usb/cdc.h> 26#include <asm/byteorder.h> 27#include <asm/unaligned.h> 28#include <linux/usb/cdc-wdm.h> 29 30#define DRIVER_AUTHOR "Oliver Neukum" 31#define DRIVER_DESC "USB Abstract Control Model driver for USB WCM Device Management" 32 33static const struct usb_device_id wdm_ids[] = { 34 { 35 .match_flags = USB_DEVICE_ID_MATCH_INT_CLASS | 36 USB_DEVICE_ID_MATCH_INT_SUBCLASS, 37 .bInterfaceClass = USB_CLASS_COMM, 38 .bInterfaceSubClass = USB_CDC_SUBCLASS_DMM 39 }, 40 { } 41}; 42 43MODULE_DEVICE_TABLE (usb, wdm_ids); 44 45#define WDM_MINOR_BASE 176 46 47 48#define WDM_IN_USE 1 49#define WDM_DISCONNECTING 2 50#define WDM_RESULT 3 51#define WDM_READ 4 52#define WDM_INT_STALL 5 53#define WDM_POLL_RUNNING 6 54#define WDM_RESPONDING 7 55#define WDM_SUSPENDING 8 56#define WDM_RESETTING 9 57#define WDM_OVERFLOW 10 58 59#define WDM_MAX 16 60 61/* we cannot wait forever at flush() */ 62#define WDM_FLUSH_TIMEOUT (30 * HZ) 63 64/* CDC-WMC r1.1 requires wMaxCommand to be "at least 256 decimal (0x100)" */ 65#define WDM_DEFAULT_BUFSIZE 256 66 67static DEFINE_MUTEX(wdm_mutex); 68static DEFINE_SPINLOCK(wdm_device_list_lock); 69static LIST_HEAD(wdm_device_list); 70 71/* --- method tables --- */ 72 73struct wdm_device { 74 u8 *inbuf; /* buffer for response */ 75 u8 *outbuf; /* buffer for command */ 76 u8 *sbuf; /* buffer for status */ 77 u8 *ubuf; /* buffer for copy to user space */ 78 79 struct urb *command; 80 struct urb *response; 81 struct urb *validity; 82 struct usb_interface *intf; 83 struct usb_ctrlrequest *orq; 84 struct usb_ctrlrequest *irq; 85 spinlock_t iuspin; 86 87 unsigned long flags; 88 u16 bufsize; 89 u16 wMaxCommand; 90 u16 wMaxPacketSize; 91 __le16 inum; 92 int reslength; 93 int length; 94 int read; 95 int count; 96 dma_addr_t shandle; 97 dma_addr_t ihandle; 98 struct mutex wlock; 99 struct mutex rlock; 100 wait_queue_head_t wait; 101 struct work_struct rxwork; 102 struct work_struct service_outs_intr; 103 int werr; 104 int rerr; 105 int resp_count; 106 107 struct list_head device_list; 108 int (*manage_power)(struct usb_interface *, int); 109}; 110 111static struct usb_driver wdm_driver; 112 113/* return intfdata if we own the interface, else look up intf in the list */ 114static struct wdm_device *wdm_find_device(struct usb_interface *intf) 115{ 116 struct wdm_device *desc; 117 118 spin_lock(&wdm_device_list_lock); 119 list_for_each_entry(desc, &wdm_device_list, device_list) 120 if (desc->intf == intf) 121 goto found; 122 desc = NULL; 123found: 124 spin_unlock(&wdm_device_list_lock); 125 126 return desc; 127} 128 129static struct wdm_device *wdm_find_device_by_minor(int minor) 130{ 131 struct wdm_device *desc; 132 133 spin_lock(&wdm_device_list_lock); 134 list_for_each_entry(desc, &wdm_device_list, device_list) 135 if (desc->intf->minor == minor) 136 goto found; 137 desc = NULL; 138found: 139 spin_unlock(&wdm_device_list_lock); 140 141 return desc; 142} 143 144/* --- callbacks --- */ 145static void wdm_out_callback(struct urb *urb) 146{ 147 struct wdm_device *desc; 148 unsigned long flags; 149 150 desc = urb->context; 151 spin_lock_irqsave(&desc->iuspin, flags); 152 desc->werr = urb->status; 153 spin_unlock_irqrestore(&desc->iuspin, flags); 154 kfree(desc->outbuf); 155 desc->outbuf = NULL; 156 clear_bit(WDM_IN_USE, &desc->flags); 157 wake_up_all(&desc->wait); 158} 159 160static void wdm_in_callback(struct urb *urb) 161{ 162 unsigned long flags; 163 struct wdm_device *desc = urb->context; 164 int status = urb->status; 165 int length = urb->actual_length; 166 167 spin_lock_irqsave(&desc->iuspin, flags); 168 clear_bit(WDM_RESPONDING, &desc->flags); 169 170 if (status) { 171 switch (status) { 172 case -ENOENT: 173 dev_dbg(&desc->intf->dev, 174 "nonzero urb status received: -ENOENT\n"); 175 goto skip_error; 176 case -ECONNRESET: 177 dev_dbg(&desc->intf->dev, 178 "nonzero urb status received: -ECONNRESET\n"); 179 goto skip_error; 180 case -ESHUTDOWN: 181 dev_dbg(&desc->intf->dev, 182 "nonzero urb status received: -ESHUTDOWN\n"); 183 goto skip_error; 184 case -EPIPE: 185 dev_err(&desc->intf->dev, 186 "nonzero urb status received: -EPIPE\n"); 187 break; 188 default: 189 dev_err(&desc->intf->dev, 190 "Unexpected error %d\n", status); 191 break; 192 } 193 } 194 195 /* 196 * only set a new error if there is no previous error. 197 * Errors are only cleared during read/open 198 * Avoid propagating -EPIPE (stall) to userspace since it is 199 * better handled as an empty read 200 */ 201 if (desc->rerr == 0 && status != -EPIPE) 202 desc->rerr = status; 203 204 if (length + desc->length > desc->wMaxCommand) { 205 /* The buffer would overflow */ 206 set_bit(WDM_OVERFLOW, &desc->flags); 207 } else { 208 /* we may already be in overflow */ 209 if (!test_bit(WDM_OVERFLOW, &desc->flags)) { 210 memmove(desc->ubuf + desc->length, desc->inbuf, length); 211 desc->length += length; 212 desc->reslength = length; 213 } 214 } 215skip_error: 216 217 if (desc->rerr) { 218 /* 219 * Since there was an error, userspace may decide to not read 220 * any data after poll'ing. 221 * We should respond to further attempts from the device to send 222 * data, so that we can get unstuck. 223 */ 224 schedule_work(&desc->service_outs_intr); 225 } else { 226 set_bit(WDM_READ, &desc->flags); 227 wake_up(&desc->wait); 228 } 229 spin_unlock_irqrestore(&desc->iuspin, flags); 230} 231 232static void wdm_int_callback(struct urb *urb) 233{ 234 unsigned long flags; 235 int rv = 0; 236 int responding; 237 int status = urb->status; 238 struct wdm_device *desc; 239 struct usb_cdc_notification *dr; 240 241 desc = urb->context; 242 dr = (struct usb_cdc_notification *)desc->sbuf; 243 244 if (status) { 245 switch (status) { 246 case -ESHUTDOWN: 247 case -ENOENT: 248 case -ECONNRESET: 249 return; /* unplug */ 250 case -EPIPE: 251 set_bit(WDM_INT_STALL, &desc->flags); 252 dev_err(&desc->intf->dev, "Stall on int endpoint\n"); 253 goto sw; /* halt is cleared in work */ 254 default: 255 dev_err(&desc->intf->dev, 256 "nonzero urb status received: %d\n", status); 257 break; 258 } 259 } 260 261 if (urb->actual_length < sizeof(struct usb_cdc_notification)) { 262 dev_err(&desc->intf->dev, "wdm_int_callback - %d bytes\n", 263 urb->actual_length); 264 goto exit; 265 } 266 267 switch (dr->bNotificationType) { 268 case USB_CDC_NOTIFY_RESPONSE_AVAILABLE: 269 dev_dbg(&desc->intf->dev, 270 "NOTIFY_RESPONSE_AVAILABLE received: index %d len %d\n", 271 le16_to_cpu(dr->wIndex), le16_to_cpu(dr->wLength)); 272 break; 273 274 case USB_CDC_NOTIFY_NETWORK_CONNECTION: 275 276 dev_dbg(&desc->intf->dev, 277 "NOTIFY_NETWORK_CONNECTION %s network\n", 278 dr->wValue ? "connected to" : "disconnected from"); 279 goto exit; 280 case USB_CDC_NOTIFY_SPEED_CHANGE: 281 dev_dbg(&desc->intf->dev, "SPEED_CHANGE received (len %u)\n", 282 urb->actual_length); 283 goto exit; 284 default: 285 clear_bit(WDM_POLL_RUNNING, &desc->flags); 286 dev_err(&desc->intf->dev, 287 "unknown notification %d received: index %d len %d\n", 288 dr->bNotificationType, 289 le16_to_cpu(dr->wIndex), 290 le16_to_cpu(dr->wLength)); 291 goto exit; 292 } 293 294 spin_lock_irqsave(&desc->iuspin, flags); 295 responding = test_and_set_bit(WDM_RESPONDING, &desc->flags); 296 if (!desc->resp_count++ && !responding 297 && !test_bit(WDM_DISCONNECTING, &desc->flags) 298 && !test_bit(WDM_SUSPENDING, &desc->flags)) { 299 rv = usb_submit_urb(desc->response, GFP_ATOMIC); 300 dev_dbg(&desc->intf->dev, "submit response URB %d\n", rv); 301 } 302 spin_unlock_irqrestore(&desc->iuspin, flags); 303 if (rv < 0) { 304 clear_bit(WDM_RESPONDING, &desc->flags); 305 if (rv == -EPERM) 306 return; 307 if (rv == -ENOMEM) { 308sw: 309 rv = schedule_work(&desc->rxwork); 310 if (rv) 311 dev_err(&desc->intf->dev, 312 "Cannot schedule work\n"); 313 } 314 } 315exit: 316 rv = usb_submit_urb(urb, GFP_ATOMIC); 317 if (rv) 318 dev_err(&desc->intf->dev, 319 "%s - usb_submit_urb failed with result %d\n", 320 __func__, rv); 321 322} 323 324static void poison_urbs(struct wdm_device *desc) 325{ 326 /* the order here is essential */ 327 usb_poison_urb(desc->command); 328 usb_poison_urb(desc->validity); 329 usb_poison_urb(desc->response); 330} 331 332static void unpoison_urbs(struct wdm_device *desc) 333{ 334 /* 335 * the order here is not essential 336 * it is symmetrical just to be nice 337 */ 338 usb_unpoison_urb(desc->response); 339 usb_unpoison_urb(desc->validity); 340 usb_unpoison_urb(desc->command); 341} 342 343static void free_urbs(struct wdm_device *desc) 344{ 345 usb_free_urb(desc->validity); 346 usb_free_urb(desc->response); 347 usb_free_urb(desc->command); 348} 349 350static void cleanup(struct wdm_device *desc) 351{ 352 kfree(desc->sbuf); 353 kfree(desc->inbuf); 354 kfree(desc->orq); 355 kfree(desc->irq); 356 kfree(desc->ubuf); 357 free_urbs(desc); 358 kfree(desc); 359} 360 361static ssize_t wdm_write 362(struct file *file, const char __user *buffer, size_t count, loff_t *ppos) 363{ 364 u8 *buf; 365 int rv = -EMSGSIZE, r, we; 366 struct wdm_device *desc = file->private_data; 367 struct usb_ctrlrequest *req; 368 369 if (count > desc->wMaxCommand) 370 count = desc->wMaxCommand; 371 372 spin_lock_irq(&desc->iuspin); 373 we = desc->werr; 374 desc->werr = 0; 375 spin_unlock_irq(&desc->iuspin); 376 if (we < 0) 377 return usb_translate_errors(we); 378 379 buf = memdup_user(buffer, count); 380 if (IS_ERR(buf)) 381 return PTR_ERR(buf); 382 383 /* concurrent writes and disconnect */ 384 r = mutex_lock_interruptible(&desc->wlock); 385 rv = -ERESTARTSYS; 386 if (r) 387 goto out_free_mem; 388 389 if (test_bit(WDM_DISCONNECTING, &desc->flags)) { 390 rv = -ENODEV; 391 goto out_free_mem_lock; 392 } 393 394 r = usb_autopm_get_interface(desc->intf); 395 if (r < 0) { 396 rv = usb_translate_errors(r); 397 goto out_free_mem_lock; 398 } 399 400 if (!(file->f_flags & O_NONBLOCK)) 401 r = wait_event_interruptible(desc->wait, !test_bit(WDM_IN_USE, 402 &desc->flags)); 403 else 404 if (test_bit(WDM_IN_USE, &desc->flags)) 405 r = -EAGAIN; 406 407 if (test_bit(WDM_RESETTING, &desc->flags)) 408 r = -EIO; 409 410 if (test_bit(WDM_DISCONNECTING, &desc->flags)) 411 r = -ENODEV; 412 413 if (r < 0) { 414 rv = r; 415 goto out_free_mem_pm; 416 } 417 418 req = desc->orq; 419 usb_fill_control_urb( 420 desc->command, 421 interface_to_usbdev(desc->intf), 422 /* using common endpoint 0 */ 423 usb_sndctrlpipe(interface_to_usbdev(desc->intf), 0), 424 (unsigned char *)req, 425 buf, 426 count, 427 wdm_out_callback, 428 desc 429 ); 430 431 req->bRequestType = (USB_DIR_OUT | USB_TYPE_CLASS | 432 USB_RECIP_INTERFACE); 433 req->bRequest = USB_CDC_SEND_ENCAPSULATED_COMMAND; 434 req->wValue = 0; 435 req->wIndex = desc->inum; /* already converted */ 436 req->wLength = cpu_to_le16(count); 437 set_bit(WDM_IN_USE, &desc->flags); 438 desc->outbuf = buf; 439 440 rv = usb_submit_urb(desc->command, GFP_KERNEL); 441 if (rv < 0) { 442 desc->outbuf = NULL; 443 clear_bit(WDM_IN_USE, &desc->flags); 444 wake_up_all(&desc->wait); /* for wdm_wait_for_response() */ 445 dev_err(&desc->intf->dev, "Tx URB error: %d\n", rv); 446 rv = usb_translate_errors(rv); 447 goto out_free_mem_pm; 448 } else { 449 dev_dbg(&desc->intf->dev, "Tx URB has been submitted index=%d\n", 450 le16_to_cpu(req->wIndex)); 451 } 452 453 usb_autopm_put_interface(desc->intf); 454 mutex_unlock(&desc->wlock); 455 return count; 456 457out_free_mem_pm: 458 usb_autopm_put_interface(desc->intf); 459out_free_mem_lock: 460 mutex_unlock(&desc->wlock); 461out_free_mem: 462 kfree(buf); 463 return rv; 464} 465 466/* 467 * Submit the read urb if resp_count is non-zero. 468 * 469 * Called with desc->iuspin locked 470 */ 471static int service_outstanding_interrupt(struct wdm_device *desc) 472{ 473 int rv = 0; 474 475 /* submit read urb only if the device is waiting for it */ 476 if (!desc->resp_count || !--desc->resp_count) 477 goto out; 478 479 if (test_bit(WDM_DISCONNECTING, &desc->flags)) { 480 rv = -ENODEV; 481 goto out; 482 } 483 if (test_bit(WDM_RESETTING, &desc->flags)) { 484 rv = -EIO; 485 goto out; 486 } 487 488 set_bit(WDM_RESPONDING, &desc->flags); 489 spin_unlock_irq(&desc->iuspin); 490 rv = usb_submit_urb(desc->response, GFP_KERNEL); 491 spin_lock_irq(&desc->iuspin); 492 if (rv) { 493 if (!test_bit(WDM_DISCONNECTING, &desc->flags)) 494 dev_err(&desc->intf->dev, 495 "usb_submit_urb failed with result %d\n", rv); 496 497 /* make sure the next notification trigger a submit */ 498 clear_bit(WDM_RESPONDING, &desc->flags); 499 desc->resp_count = 0; 500 } 501out: 502 return rv; 503} 504 505static ssize_t wdm_read 506(struct file *file, char __user *buffer, size_t count, loff_t *ppos) 507{ 508 int rv, cntr; 509 int i = 0; 510 struct wdm_device *desc = file->private_data; 511 512 513 rv = mutex_lock_interruptible(&desc->rlock); /*concurrent reads */ 514 if (rv < 0) 515 return -ERESTARTSYS; 516 517 cntr = READ_ONCE(desc->length); 518 if (cntr == 0) { 519 desc->read = 0; 520retry: 521 if (test_bit(WDM_DISCONNECTING, &desc->flags)) { 522 rv = -ENODEV; 523 goto err; 524 } 525 if (test_bit(WDM_OVERFLOW, &desc->flags)) { 526 clear_bit(WDM_OVERFLOW, &desc->flags); 527 rv = -ENOBUFS; 528 goto err; 529 } 530 i++; 531 if (file->f_flags & O_NONBLOCK) { 532 if (!test_bit(WDM_READ, &desc->flags)) { 533 rv = -EAGAIN; 534 goto err; 535 } 536 rv = 0; 537 } else { 538 rv = wait_event_interruptible(desc->wait, 539 test_bit(WDM_READ, &desc->flags)); 540 } 541 542 /* may have happened while we slept */ 543 if (test_bit(WDM_DISCONNECTING, &desc->flags)) { 544 rv = -ENODEV; 545 goto err; 546 } 547 if (test_bit(WDM_RESETTING, &desc->flags)) { 548 rv = -EIO; 549 goto err; 550 } 551 usb_mark_last_busy(interface_to_usbdev(desc->intf)); 552 if (rv < 0) { 553 rv = -ERESTARTSYS; 554 goto err; 555 } 556 557 spin_lock_irq(&desc->iuspin); 558 559 if (desc->rerr) { /* read completed, error happened */ 560 rv = usb_translate_errors(desc->rerr); 561 desc->rerr = 0; 562 spin_unlock_irq(&desc->iuspin); 563 goto err; 564 } 565 /* 566 * recheck whether we've lost the race 567 * against the completion handler 568 */ 569 if (!test_bit(WDM_READ, &desc->flags)) { /* lost race */ 570 spin_unlock_irq(&desc->iuspin); 571 goto retry; 572 } 573 574 if (!desc->reslength) { /* zero length read */ 575 dev_dbg(&desc->intf->dev, "zero length - clearing WDM_READ\n"); 576 clear_bit(WDM_READ, &desc->flags); 577 rv = service_outstanding_interrupt(desc); 578 spin_unlock_irq(&desc->iuspin); 579 if (rv < 0) 580 goto err; 581 goto retry; 582 } 583 cntr = desc->length; 584 spin_unlock_irq(&desc->iuspin); 585 } 586 587 if (cntr > count) 588 cntr = count; 589 rv = copy_to_user(buffer, desc->ubuf, cntr); 590 if (rv > 0) { 591 rv = -EFAULT; 592 goto err; 593 } 594 595 spin_lock_irq(&desc->iuspin); 596 597 for (i = 0; i < desc->length - cntr; i++) 598 desc->ubuf[i] = desc->ubuf[i + cntr]; 599 600 desc->length -= cntr; 601 /* in case we had outstanding data */ 602 if (!desc->length) { 603 clear_bit(WDM_READ, &desc->flags); 604 service_outstanding_interrupt(desc); 605 } 606 spin_unlock_irq(&desc->iuspin); 607 rv = cntr; 608 609err: 610 mutex_unlock(&desc->rlock); 611 return rv; 612} 613 614static int wdm_wait_for_response(struct file *file, long timeout) 615{ 616 struct wdm_device *desc = file->private_data; 617 long rv; /* Use long here because (int) MAX_SCHEDULE_TIMEOUT < 0. */ 618 619 /* 620 * Needs both flags. We cannot do with one because resetting it would 621 * cause a race with write() yet we need to signal a disconnect. 622 */ 623 rv = wait_event_interruptible_timeout(desc->wait, 624 !test_bit(WDM_IN_USE, &desc->flags) || 625 test_bit(WDM_DISCONNECTING, &desc->flags), 626 timeout); 627 628 /* 629 * To report the correct error. This is best effort. 630 * We are inevitably racing with the hardware. 631 */ 632 if (test_bit(WDM_DISCONNECTING, &desc->flags)) 633 return -ENODEV; 634 if (!rv) 635 return -EIO; 636 if (rv < 0) 637 return -EINTR; 638 639 spin_lock_irq(&desc->iuspin); 640 rv = desc->werr; 641 desc->werr = 0; 642 spin_unlock_irq(&desc->iuspin); 643 644 return usb_translate_errors(rv); 645 646} 647 648/* 649 * You need to send a signal when you react to malicious or defective hardware. 650 * Also, don't abort when fsync() returned -EINVAL, for older kernels which do 651 * not implement wdm_flush() will return -EINVAL. 652 */ 653static int wdm_fsync(struct file *file, loff_t start, loff_t end, int datasync) 654{ 655 return wdm_wait_for_response(file, MAX_SCHEDULE_TIMEOUT); 656} 657 658/* 659 * Same with wdm_fsync(), except it uses finite timeout in order to react to 660 * malicious or defective hardware which ceased communication after close() was 661 * implicitly called due to process termination. 662 */ 663static int wdm_flush(struct file *file, fl_owner_t id) 664{ 665 return wdm_wait_for_response(file, WDM_FLUSH_TIMEOUT); 666} 667 668static __poll_t wdm_poll(struct file *file, struct poll_table_struct *wait) 669{ 670 struct wdm_device *desc = file->private_data; 671 unsigned long flags; 672 __poll_t mask = 0; 673 674 spin_lock_irqsave(&desc->iuspin, flags); 675 if (test_bit(WDM_DISCONNECTING, &desc->flags)) { 676 mask = EPOLLHUP | EPOLLERR; 677 spin_unlock_irqrestore(&desc->iuspin, flags); 678 goto desc_out; 679 } 680 if (test_bit(WDM_READ, &desc->flags)) 681 mask = EPOLLIN | EPOLLRDNORM; 682 if (desc->rerr || desc->werr) 683 mask |= EPOLLERR; 684 if (!test_bit(WDM_IN_USE, &desc->flags)) 685 mask |= EPOLLOUT | EPOLLWRNORM; 686 spin_unlock_irqrestore(&desc->iuspin, flags); 687 688 poll_wait(file, &desc->wait, wait); 689 690desc_out: 691 return mask; 692} 693 694static int wdm_open(struct inode *inode, struct file *file) 695{ 696 int minor = iminor(inode); 697 int rv = -ENODEV; 698 struct usb_interface *intf; 699 struct wdm_device *desc; 700 701 mutex_lock(&wdm_mutex); 702 desc = wdm_find_device_by_minor(minor); 703 if (!desc) 704 goto out; 705 706 intf = desc->intf; 707 if (test_bit(WDM_DISCONNECTING, &desc->flags)) 708 goto out; 709 file->private_data = desc; 710 711 rv = usb_autopm_get_interface(desc->intf); 712 if (rv < 0) { 713 dev_err(&desc->intf->dev, "Error autopm - %d\n", rv); 714 goto out; 715 } 716 717 /* using write lock to protect desc->count */ 718 mutex_lock(&desc->wlock); 719 if (!desc->count++) { 720 desc->werr = 0; 721 desc->rerr = 0; 722 rv = usb_submit_urb(desc->validity, GFP_KERNEL); 723 if (rv < 0) { 724 desc->count--; 725 dev_err(&desc->intf->dev, 726 "Error submitting int urb - %d\n", rv); 727 rv = usb_translate_errors(rv); 728 } 729 } else { 730 rv = 0; 731 } 732 mutex_unlock(&desc->wlock); 733 if (desc->count == 1) 734 desc->manage_power(intf, 1); 735 usb_autopm_put_interface(desc->intf); 736out: 737 mutex_unlock(&wdm_mutex); 738 return rv; 739} 740 741static int wdm_release(struct inode *inode, struct file *file) 742{ 743 struct wdm_device *desc = file->private_data; 744 745 mutex_lock(&wdm_mutex); 746 747 /* using write lock to protect desc->count */ 748 mutex_lock(&desc->wlock); 749 desc->count--; 750 mutex_unlock(&desc->wlock); 751 752 if (!desc->count) { 753 if (!test_bit(WDM_DISCONNECTING, &desc->flags)) { 754 dev_dbg(&desc->intf->dev, "wdm_release: cleanup\n"); 755 poison_urbs(desc); 756 spin_lock_irq(&desc->iuspin); 757 desc->resp_count = 0; 758 clear_bit(WDM_RESPONDING, &desc->flags); 759 spin_unlock_irq(&desc->iuspin); 760 desc->manage_power(desc->intf, 0); 761 unpoison_urbs(desc); 762 } else { 763 /* must avoid dev_printk here as desc->intf is invalid */ 764 pr_debug(KBUILD_MODNAME " %s: device gone - cleaning up\n", __func__); 765 cleanup(desc); 766 } 767 } 768 mutex_unlock(&wdm_mutex); 769 return 0; 770} 771 772static long wdm_ioctl(struct file *file, unsigned int cmd, unsigned long arg) 773{ 774 struct wdm_device *desc = file->private_data; 775 int rv = 0; 776 777 switch (cmd) { 778 case IOCTL_WDM_MAX_COMMAND: 779 if (copy_to_user((void __user *)arg, &desc->wMaxCommand, sizeof(desc->wMaxCommand))) 780 rv = -EFAULT; 781 break; 782 default: 783 rv = -ENOTTY; 784 } 785 return rv; 786} 787 788static const struct file_operations wdm_fops = { 789 .owner = THIS_MODULE, 790 .read = wdm_read, 791 .write = wdm_write, 792 .fsync = wdm_fsync, 793 .open = wdm_open, 794 .flush = wdm_flush, 795 .release = wdm_release, 796 .poll = wdm_poll, 797 .unlocked_ioctl = wdm_ioctl, 798 .compat_ioctl = compat_ptr_ioctl, 799 .llseek = noop_llseek, 800}; 801 802static struct usb_class_driver wdm_class = { 803 .name = "cdc-wdm%d", 804 .fops = &wdm_fops, 805 .minor_base = WDM_MINOR_BASE, 806}; 807 808/* --- error handling --- */ 809static void wdm_rxwork(struct work_struct *work) 810{ 811 struct wdm_device *desc = container_of(work, struct wdm_device, rxwork); 812 unsigned long flags; 813 int rv = 0; 814 int responding; 815 816 spin_lock_irqsave(&desc->iuspin, flags); 817 if (test_bit(WDM_DISCONNECTING, &desc->flags)) { 818 spin_unlock_irqrestore(&desc->iuspin, flags); 819 } else { 820 responding = test_and_set_bit(WDM_RESPONDING, &desc->flags); 821 spin_unlock_irqrestore(&desc->iuspin, flags); 822 if (!responding) 823 rv = usb_submit_urb(desc->response, GFP_KERNEL); 824 if (rv < 0 && rv != -EPERM) { 825 spin_lock_irqsave(&desc->iuspin, flags); 826 clear_bit(WDM_RESPONDING, &desc->flags); 827 if (!test_bit(WDM_DISCONNECTING, &desc->flags)) 828 schedule_work(&desc->rxwork); 829 spin_unlock_irqrestore(&desc->iuspin, flags); 830 } 831 } 832} 833 834static void service_interrupt_work(struct work_struct *work) 835{ 836 struct wdm_device *desc; 837 838 desc = container_of(work, struct wdm_device, service_outs_intr); 839 840 spin_lock_irq(&desc->iuspin); 841 service_outstanding_interrupt(desc); 842 if (!desc->resp_count) { 843 set_bit(WDM_READ, &desc->flags); 844 wake_up(&desc->wait); 845 } 846 spin_unlock_irq(&desc->iuspin); 847} 848 849/* --- hotplug --- */ 850 851static int wdm_create(struct usb_interface *intf, struct usb_endpoint_descriptor *ep, 852 u16 bufsize, int (*manage_power)(struct usb_interface *, int)) 853{ 854 int rv = -ENOMEM; 855 struct wdm_device *desc; 856 857 desc = kzalloc(sizeof(struct wdm_device), GFP_KERNEL); 858 if (!desc) 859 goto out; 860 INIT_LIST_HEAD(&desc->device_list); 861 mutex_init(&desc->rlock); 862 mutex_init(&desc->wlock); 863 spin_lock_init(&desc->iuspin); 864 init_waitqueue_head(&desc->wait); 865 desc->wMaxCommand = bufsize; 866 /* this will be expanded and needed in hardware endianness */ 867 desc->inum = cpu_to_le16((u16)intf->cur_altsetting->desc.bInterfaceNumber); 868 desc->intf = intf; 869 INIT_WORK(&desc->rxwork, wdm_rxwork); 870 INIT_WORK(&desc->service_outs_intr, service_interrupt_work); 871 872 rv = -EINVAL; 873 if (!usb_endpoint_is_int_in(ep)) 874 goto err; 875 876 desc->wMaxPacketSize = usb_endpoint_maxp(ep); 877 878 desc->orq = kmalloc(sizeof(struct usb_ctrlrequest), GFP_KERNEL); 879 if (!desc->orq) 880 goto err; 881 desc->irq = kmalloc(sizeof(struct usb_ctrlrequest), GFP_KERNEL); 882 if (!desc->irq) 883 goto err; 884 885 desc->validity = usb_alloc_urb(0, GFP_KERNEL); 886 if (!desc->validity) 887 goto err; 888 889 desc->response = usb_alloc_urb(0, GFP_KERNEL); 890 if (!desc->response) 891 goto err; 892 893 desc->command = usb_alloc_urb(0, GFP_KERNEL); 894 if (!desc->command) 895 goto err; 896 897 desc->ubuf = kmalloc(desc->wMaxCommand, GFP_KERNEL); 898 if (!desc->ubuf) 899 goto err; 900 901 desc->sbuf = kmalloc(desc->wMaxPacketSize, GFP_KERNEL); 902 if (!desc->sbuf) 903 goto err; 904 905 desc->inbuf = kmalloc(desc->wMaxCommand, GFP_KERNEL); 906 if (!desc->inbuf) 907 goto err; 908 909 usb_fill_int_urb( 910 desc->validity, 911 interface_to_usbdev(intf), 912 usb_rcvintpipe(interface_to_usbdev(intf), ep->bEndpointAddress), 913 desc->sbuf, 914 desc->wMaxPacketSize, 915 wdm_int_callback, 916 desc, 917 ep->bInterval 918 ); 919 920 desc->irq->bRequestType = (USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE); 921 desc->irq->bRequest = USB_CDC_GET_ENCAPSULATED_RESPONSE; 922 desc->irq->wValue = 0; 923 desc->irq->wIndex = desc->inum; /* already converted */ 924 desc->irq->wLength = cpu_to_le16(desc->wMaxCommand); 925 926 usb_fill_control_urb( 927 desc->response, 928 interface_to_usbdev(intf), 929 /* using common endpoint 0 */ 930 usb_rcvctrlpipe(interface_to_usbdev(desc->intf), 0), 931 (unsigned char *)desc->irq, 932 desc->inbuf, 933 desc->wMaxCommand, 934 wdm_in_callback, 935 desc 936 ); 937 938 desc->manage_power = manage_power; 939 940 spin_lock(&wdm_device_list_lock); 941 list_add(&desc->device_list, &wdm_device_list); 942 spin_unlock(&wdm_device_list_lock); 943 944 rv = usb_register_dev(intf, &wdm_class); 945 if (rv < 0) 946 goto err; 947 else 948 dev_info(&intf->dev, "%s: USB WDM device\n", dev_name(intf->usb_dev)); 949out: 950 return rv; 951err: 952 spin_lock(&wdm_device_list_lock); 953 list_del(&desc->device_list); 954 spin_unlock(&wdm_device_list_lock); 955 cleanup(desc); 956 return rv; 957} 958 959static int wdm_manage_power(struct usb_interface *intf, int on) 960{ 961 /* need autopm_get/put here to ensure the usbcore sees the new value */ 962 int rv = usb_autopm_get_interface(intf); 963 964 intf->needs_remote_wakeup = on; 965 if (!rv) 966 usb_autopm_put_interface(intf); 967 return 0; 968} 969 970static int wdm_probe(struct usb_interface *intf, const struct usb_device_id *id) 971{ 972 int rv = -EINVAL; 973 struct usb_host_interface *iface; 974 struct usb_endpoint_descriptor *ep; 975 struct usb_cdc_parsed_header hdr; 976 u8 *buffer = intf->altsetting->extra; 977 int buflen = intf->altsetting->extralen; 978 u16 maxcom = WDM_DEFAULT_BUFSIZE; 979 980 if (!buffer) 981 goto err; 982 983 cdc_parse_cdc_header(&hdr, intf, buffer, buflen); 984 985 if (hdr.usb_cdc_dmm_desc) 986 maxcom = le16_to_cpu(hdr.usb_cdc_dmm_desc->wMaxCommand); 987 988 iface = intf->cur_altsetting; 989 if (iface->desc.bNumEndpoints != 1) 990 goto err; 991 ep = &iface->endpoint[0].desc; 992 993 rv = wdm_create(intf, ep, maxcom, &wdm_manage_power); 994 995err: 996 return rv; 997} 998 999/** 1000 * usb_cdc_wdm_register - register a WDM subdriver 1001 * @intf: usb interface the subdriver will associate with 1002 * @ep: interrupt endpoint to monitor for notifications 1003 * @bufsize: maximum message size to support for read/write 1004 * @manage_power: call-back invoked during open and release to 1005 * manage the device's power 1006 * Create WDM usb class character device and associate it with intf 1007 * without binding, allowing another driver to manage the interface. 1008 * 1009 * The subdriver will manage the given interrupt endpoint exclusively 1010 * and will issue control requests referring to the given intf. It 1011 * will otherwise avoid interferring, and in particular not do 1012 * usb_set_intfdata/usb_get_intfdata on intf. 1013 * 1014 * The return value is a pointer to the subdriver's struct usb_driver. 1015 * The registering driver is responsible for calling this subdriver's 1016 * disconnect, suspend, resume, pre_reset and post_reset methods from 1017 * its own. 1018 */ 1019struct usb_driver *usb_cdc_wdm_register(struct usb_interface *intf, 1020 struct usb_endpoint_descriptor *ep, 1021 int bufsize, 1022 int (*manage_power)(struct usb_interface *, int)) 1023{ 1024 int rv; 1025 1026 rv = wdm_create(intf, ep, bufsize, manage_power); 1027 if (rv < 0) 1028 goto err; 1029 1030 return &wdm_driver; 1031err: 1032 return ERR_PTR(rv); 1033} 1034EXPORT_SYMBOL(usb_cdc_wdm_register); 1035 1036static void wdm_disconnect(struct usb_interface *intf) 1037{ 1038 struct wdm_device *desc; 1039 unsigned long flags; 1040 1041 usb_deregister_dev(intf, &wdm_class); 1042 desc = wdm_find_device(intf); 1043 mutex_lock(&wdm_mutex); 1044 1045 /* the spinlock makes sure no new urbs are generated in the callbacks */ 1046 spin_lock_irqsave(&desc->iuspin, flags); 1047 set_bit(WDM_DISCONNECTING, &desc->flags); 1048 set_bit(WDM_READ, &desc->flags); 1049 spin_unlock_irqrestore(&desc->iuspin, flags); 1050 wake_up_all(&desc->wait); 1051 mutex_lock(&desc->rlock); 1052 mutex_lock(&desc->wlock); 1053 poison_urbs(desc); 1054 cancel_work_sync(&desc->rxwork); 1055 cancel_work_sync(&desc->service_outs_intr); 1056 mutex_unlock(&desc->wlock); 1057 mutex_unlock(&desc->rlock); 1058 1059 /* the desc->intf pointer used as list key is now invalid */ 1060 spin_lock(&wdm_device_list_lock); 1061 list_del(&desc->device_list); 1062 spin_unlock(&wdm_device_list_lock); 1063 1064 if (!desc->count) 1065 cleanup(desc); 1066 else 1067 dev_dbg(&intf->dev, "%d open files - postponing cleanup\n", desc->count); 1068 mutex_unlock(&wdm_mutex); 1069} 1070 1071#ifdef CONFIG_PM 1072static int wdm_suspend(struct usb_interface *intf, pm_message_t message) 1073{ 1074 struct wdm_device *desc = wdm_find_device(intf); 1075 int rv = 0; 1076 1077 dev_dbg(&desc->intf->dev, "wdm%d_suspend\n", intf->minor); 1078 1079 /* if this is an autosuspend the caller does the locking */ 1080 if (!PMSG_IS_AUTO(message)) { 1081 mutex_lock(&desc->rlock); 1082 mutex_lock(&desc->wlock); 1083 } 1084 spin_lock_irq(&desc->iuspin); 1085 1086 if (PMSG_IS_AUTO(message) && 1087 (test_bit(WDM_IN_USE, &desc->flags) 1088 || test_bit(WDM_RESPONDING, &desc->flags))) { 1089 spin_unlock_irq(&desc->iuspin); 1090 rv = -EBUSY; 1091 } else { 1092 1093 set_bit(WDM_SUSPENDING, &desc->flags); 1094 spin_unlock_irq(&desc->iuspin); 1095 /* callback submits work - order is essential */ 1096 poison_urbs(desc); 1097 cancel_work_sync(&desc->rxwork); 1098 cancel_work_sync(&desc->service_outs_intr); 1099 unpoison_urbs(desc); 1100 } 1101 if (!PMSG_IS_AUTO(message)) { 1102 mutex_unlock(&desc->wlock); 1103 mutex_unlock(&desc->rlock); 1104 } 1105 1106 return rv; 1107} 1108#endif 1109 1110static int recover_from_urb_loss(struct wdm_device *desc) 1111{ 1112 int rv = 0; 1113 1114 if (desc->count) { 1115 rv = usb_submit_urb(desc->validity, GFP_NOIO); 1116 if (rv < 0) 1117 dev_err(&desc->intf->dev, 1118 "Error resume submitting int urb - %d\n", rv); 1119 } 1120 return rv; 1121} 1122 1123#ifdef CONFIG_PM 1124static int wdm_resume(struct usb_interface *intf) 1125{ 1126 struct wdm_device *desc = wdm_find_device(intf); 1127 int rv; 1128 1129 dev_dbg(&desc->intf->dev, "wdm%d_resume\n", intf->minor); 1130 1131 clear_bit(WDM_SUSPENDING, &desc->flags); 1132 rv = recover_from_urb_loss(desc); 1133 1134 return rv; 1135} 1136#endif 1137 1138static int wdm_pre_reset(struct usb_interface *intf) 1139{ 1140 struct wdm_device *desc = wdm_find_device(intf); 1141 1142 /* 1143 * we notify everybody using poll of 1144 * an exceptional situation 1145 * must be done before recovery lest a spontaneous 1146 * message from the device is lost 1147 */ 1148 spin_lock_irq(&desc->iuspin); 1149 set_bit(WDM_RESETTING, &desc->flags); /* inform read/write */ 1150 set_bit(WDM_READ, &desc->flags); /* unblock read */ 1151 clear_bit(WDM_IN_USE, &desc->flags); /* unblock write */ 1152 desc->rerr = -EINTR; 1153 spin_unlock_irq(&desc->iuspin); 1154 wake_up_all(&desc->wait); 1155 mutex_lock(&desc->rlock); 1156 mutex_lock(&desc->wlock); 1157 poison_urbs(desc); 1158 cancel_work_sync(&desc->rxwork); 1159 cancel_work_sync(&desc->service_outs_intr); 1160 return 0; 1161} 1162 1163static int wdm_post_reset(struct usb_interface *intf) 1164{ 1165 struct wdm_device *desc = wdm_find_device(intf); 1166 int rv; 1167 1168 unpoison_urbs(desc); 1169 clear_bit(WDM_OVERFLOW, &desc->flags); 1170 clear_bit(WDM_RESETTING, &desc->flags); 1171 rv = recover_from_urb_loss(desc); 1172 mutex_unlock(&desc->wlock); 1173 mutex_unlock(&desc->rlock); 1174 return rv; 1175} 1176 1177static struct usb_driver wdm_driver = { 1178 .name = "cdc_wdm", 1179 .probe = wdm_probe, 1180 .disconnect = wdm_disconnect, 1181#ifdef CONFIG_PM 1182 .suspend = wdm_suspend, 1183 .resume = wdm_resume, 1184 .reset_resume = wdm_resume, 1185#endif 1186 .pre_reset = wdm_pre_reset, 1187 .post_reset = wdm_post_reset, 1188 .id_table = wdm_ids, 1189 .supports_autosuspend = 1, 1190 .disable_hub_initiated_lpm = 1, 1191}; 1192 1193module_usb_driver(wdm_driver); 1194 1195MODULE_AUTHOR(DRIVER_AUTHOR); 1196MODULE_DESCRIPTION(DRIVER_DESC); 1197MODULE_LICENSE("GPL"); 1198