1 // SPDX-License-Identifier: GPL-2.0+
2 /*
3 * drivers/usb/class/usbtmc.c - USB Test & Measurement class driver
4 *
5 * Copyright (C) 2007 Stefan Kopp, Gechingen, Germany
6 * Copyright (C) 2008 Novell, Inc.
7 * Copyright (C) 2008 Greg Kroah-Hartman <gregkh@suse.de>
8 * Copyright (C) 2018 IVI Foundation, Inc.
9 */
10
11 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
12
13 #include <linux/module.h>
14 #include <linux/kernel.h>
15 #include <linux/fs.h>
16 #include <linux/uaccess.h>
17 #include <linux/kref.h>
18 #include <linux/slab.h>
19 #include <linux/poll.h>
20 #include <linux/mutex.h>
21 #include <linux/usb.h>
22 #include <linux/compat.h>
23 #include <linux/usb/tmc.h>
24
25 /* Increment API VERSION when changing tmc.h with new flags or ioctls
26 * or when changing a significant behavior of the driver.
27 */
28 #define USBTMC_API_VERSION (3)
29
30 #define USBTMC_HEADER_SIZE 12
31 #define USBTMC_MINOR_BASE 176
32
33 /* Minimum USB timeout (in milliseconds) */
34 #define USBTMC_MIN_TIMEOUT 100
35 /* Default USB timeout (in milliseconds) */
36 #define USBTMC_TIMEOUT 5000
37
38 /* Max number of urbs used in write transfers */
39 #define MAX_URBS_IN_FLIGHT 16
40 /* I/O buffer size used in generic read/write functions */
41 #define USBTMC_BUFSIZE (4096)
42
43 /*
44 * Maximum number of read cycles to empty bulk in endpoint during CLEAR and
45 * ABORT_BULK_IN requests. Ends the loop if (for whatever reason) a short
46 * packet is never read.
47 */
48 #define USBTMC_MAX_READS_TO_CLEAR_BULK_IN 100
49
50 static const struct usb_device_id usbtmc_devices[] = {
51 { USB_INTERFACE_INFO(USB_CLASS_APP_SPEC, 3, 0), },
52 { USB_INTERFACE_INFO(USB_CLASS_APP_SPEC, 3, 1), },
53 { 0, } /* terminating entry */
54 };
55 MODULE_DEVICE_TABLE(usb, usbtmc_devices);
56
57 /*
58 * This structure is the capabilities for the device
59 * See section 4.2.1.8 of the USBTMC specification,
60 * and section 4.2.2 of the USBTMC usb488 subclass
61 * specification for details.
62 */
63 struct usbtmc_dev_capabilities {
64 __u8 interface_capabilities;
65 __u8 device_capabilities;
66 __u8 usb488_interface_capabilities;
67 __u8 usb488_device_capabilities;
68 };
69
70 /* This structure holds private data for each USBTMC device. One copy is
71 * allocated for each USBTMC device in the driver's probe function.
72 */
73 struct usbtmc_device_data {
74 const struct usb_device_id *id;
75 struct usb_device *usb_dev;
76 struct usb_interface *intf;
77 struct list_head file_list;
78
79 unsigned int bulk_in;
80 unsigned int bulk_out;
81
82 u8 bTag;
83 u8 bTag_last_write; /* needed for abort */
84 u8 bTag_last_read; /* needed for abort */
85
86 /* packet size of IN bulk */
87 u16 wMaxPacketSize;
88
89 /* data for interrupt in endpoint handling */
90 u8 bNotify1;
91 u8 bNotify2;
92 u16 ifnum;
93 u8 iin_bTag;
94 u8 *iin_buffer;
95 atomic_t iin_data_valid;
96 unsigned int iin_ep;
97 int iin_ep_present;
98 int iin_interval;
99 struct urb *iin_urb;
100 u16 iin_wMaxPacketSize;
101
102 /* coalesced usb488_caps from usbtmc_dev_capabilities */
103 __u8 usb488_caps;
104
105 bool zombie; /* fd of disconnected device */
106
107 struct usbtmc_dev_capabilities capabilities;
108 struct kref kref;
109 struct mutex io_mutex; /* only one i/o function running at a time */
110 wait_queue_head_t waitq;
111 struct fasync_struct *fasync;
112 spinlock_t dev_lock; /* lock for file_list */
113 };
114 #define to_usbtmc_data(d) container_of(d, struct usbtmc_device_data, kref)
115
116 /*
117 * This structure holds private data for each USBTMC file handle.
118 */
119 struct usbtmc_file_data {
120 struct usbtmc_device_data *data;
121 struct list_head file_elem;
122
123 u32 timeout;
124 u8 srq_byte;
125 atomic_t srq_asserted;
126 atomic_t closing;
127 u8 bmTransferAttributes; /* member of DEV_DEP_MSG_IN */
128
129 u8 eom_val;
130 u8 term_char;
131 bool term_char_enabled;
132 bool auto_abort;
133
134 spinlock_t err_lock; /* lock for errors */
135
136 struct usb_anchor submitted;
137
138 /* data for generic_write */
139 struct semaphore limit_write_sem;
140 u32 out_transfer_size;
141 int out_status;
142
143 /* data for generic_read */
144 u32 in_transfer_size;
145 int in_status;
146 int in_urbs_used;
147 struct usb_anchor in_anchor;
148 wait_queue_head_t wait_bulk_in;
149 };
150
151 /* Forward declarations */
152 static struct usb_driver usbtmc_driver;
153 static void usbtmc_draw_down(struct usbtmc_file_data *file_data);
154
usbtmc_delete(struct kref * kref)155 static void usbtmc_delete(struct kref *kref)
156 {
157 struct usbtmc_device_data *data = to_usbtmc_data(kref);
158
159 usb_put_dev(data->usb_dev);
160 kfree(data);
161 }
162
usbtmc_open(struct inode * inode,struct file * filp)163 static int usbtmc_open(struct inode *inode, struct file *filp)
164 {
165 struct usb_interface *intf;
166 struct usbtmc_device_data *data;
167 struct usbtmc_file_data *file_data;
168
169 intf = usb_find_interface(&usbtmc_driver, iminor(inode));
170 if (!intf) {
171 pr_err("can not find device for minor %d", iminor(inode));
172 return -ENODEV;
173 }
174
175 file_data = kzalloc(sizeof(*file_data), GFP_KERNEL);
176 if (!file_data)
177 return -ENOMEM;
178
179 spin_lock_init(&file_data->err_lock);
180 sema_init(&file_data->limit_write_sem, MAX_URBS_IN_FLIGHT);
181 init_usb_anchor(&file_data->submitted);
182 init_usb_anchor(&file_data->in_anchor);
183 init_waitqueue_head(&file_data->wait_bulk_in);
184
185 data = usb_get_intfdata(intf);
186 /* Protect reference to data from file structure until release */
187 kref_get(&data->kref);
188
189 mutex_lock(&data->io_mutex);
190 file_data->data = data;
191
192 atomic_set(&file_data->closing, 0);
193
194 file_data->timeout = USBTMC_TIMEOUT;
195 file_data->term_char = '\n';
196 file_data->term_char_enabled = 0;
197 file_data->auto_abort = 0;
198 file_data->eom_val = 1;
199
200 INIT_LIST_HEAD(&file_data->file_elem);
201 spin_lock_irq(&data->dev_lock);
202 list_add_tail(&file_data->file_elem, &data->file_list);
203 spin_unlock_irq(&data->dev_lock);
204 mutex_unlock(&data->io_mutex);
205
206 /* Store pointer in file structure's private data field */
207 filp->private_data = file_data;
208
209 return 0;
210 }
211
212 /*
213 * usbtmc_flush - called before file handle is closed
214 */
usbtmc_flush(struct file * file,fl_owner_t id)215 static int usbtmc_flush(struct file *file, fl_owner_t id)
216 {
217 struct usbtmc_file_data *file_data;
218 struct usbtmc_device_data *data;
219
220 file_data = file->private_data;
221 if (file_data == NULL)
222 return -ENODEV;
223
224 atomic_set(&file_data->closing, 1);
225 data = file_data->data;
226
227 /* wait for io to stop */
228 mutex_lock(&data->io_mutex);
229
230 usbtmc_draw_down(file_data);
231
232 spin_lock_irq(&file_data->err_lock);
233 file_data->in_status = 0;
234 file_data->in_transfer_size = 0;
235 file_data->in_urbs_used = 0;
236 file_data->out_status = 0;
237 file_data->out_transfer_size = 0;
238 spin_unlock_irq(&file_data->err_lock);
239
240 wake_up_interruptible_all(&data->waitq);
241 mutex_unlock(&data->io_mutex);
242
243 return 0;
244 }
245
usbtmc_release(struct inode * inode,struct file * file)246 static int usbtmc_release(struct inode *inode, struct file *file)
247 {
248 struct usbtmc_file_data *file_data = file->private_data;
249
250 /* prevent IO _AND_ usbtmc_interrupt */
251 mutex_lock(&file_data->data->io_mutex);
252 spin_lock_irq(&file_data->data->dev_lock);
253
254 list_del(&file_data->file_elem);
255
256 spin_unlock_irq(&file_data->data->dev_lock);
257 mutex_unlock(&file_data->data->io_mutex);
258
259 kref_put(&file_data->data->kref, usbtmc_delete);
260 file_data->data = NULL;
261 kfree(file_data);
262 return 0;
263 }
264
usbtmc_ioctl_abort_bulk_in_tag(struct usbtmc_device_data * data,u8 tag)265 static int usbtmc_ioctl_abort_bulk_in_tag(struct usbtmc_device_data *data,
266 u8 tag)
267 {
268 u8 *buffer;
269 struct device *dev;
270 int rv;
271 int n;
272 int actual;
273
274 dev = &data->intf->dev;
275 buffer = kmalloc(USBTMC_BUFSIZE, GFP_KERNEL);
276 if (!buffer)
277 return -ENOMEM;
278
279 rv = usb_control_msg(data->usb_dev,
280 usb_rcvctrlpipe(data->usb_dev, 0),
281 USBTMC_REQUEST_INITIATE_ABORT_BULK_IN,
282 USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_ENDPOINT,
283 tag, data->bulk_in,
284 buffer, 2, USB_CTRL_GET_TIMEOUT);
285
286 if (rv < 0) {
287 dev_err(dev, "usb_control_msg returned %d\n", rv);
288 goto exit;
289 }
290
291 dev_dbg(dev, "INITIATE_ABORT_BULK_IN returned %x with tag %02x\n",
292 buffer[0], buffer[1]);
293
294 if (buffer[0] == USBTMC_STATUS_FAILED) {
295 /* No transfer in progress and the Bulk-OUT FIFO is empty. */
296 rv = 0;
297 goto exit;
298 }
299
300 if (buffer[0] == USBTMC_STATUS_TRANSFER_NOT_IN_PROGRESS) {
301 /* The device returns this status if either:
302 * - There is a transfer in progress, but the specified bTag
303 * does not match.
304 * - There is no transfer in progress, but the Bulk-OUT FIFO
305 * is not empty.
306 */
307 rv = -ENOMSG;
308 goto exit;
309 }
310
311 if (buffer[0] != USBTMC_STATUS_SUCCESS) {
312 dev_err(dev, "INITIATE_ABORT_BULK_IN returned %x\n",
313 buffer[0]);
314 rv = -EPERM;
315 goto exit;
316 }
317
318 n = 0;
319
320 usbtmc_abort_bulk_in_status:
321 dev_dbg(dev, "Reading from bulk in EP\n");
322
323 /* Data must be present. So use low timeout 300 ms */
324 actual = 0;
325 rv = usb_bulk_msg(data->usb_dev,
326 usb_rcvbulkpipe(data->usb_dev,
327 data->bulk_in),
328 buffer, USBTMC_BUFSIZE,
329 &actual, 300);
330
331 print_hex_dump_debug("usbtmc ", DUMP_PREFIX_NONE, 16, 1,
332 buffer, actual, true);
333
334 n++;
335
336 if (rv < 0) {
337 dev_err(dev, "usb_bulk_msg returned %d\n", rv);
338 if (rv != -ETIMEDOUT)
339 goto exit;
340 }
341
342 if (actual == USBTMC_BUFSIZE)
343 goto usbtmc_abort_bulk_in_status;
344
345 if (n >= USBTMC_MAX_READS_TO_CLEAR_BULK_IN) {
346 dev_err(dev, "Couldn't clear device buffer within %d cycles\n",
347 USBTMC_MAX_READS_TO_CLEAR_BULK_IN);
348 rv = -EPERM;
349 goto exit;
350 }
351
352 rv = usb_control_msg(data->usb_dev,
353 usb_rcvctrlpipe(data->usb_dev, 0),
354 USBTMC_REQUEST_CHECK_ABORT_BULK_IN_STATUS,
355 USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_ENDPOINT,
356 0, data->bulk_in, buffer, 0x08,
357 USB_CTRL_GET_TIMEOUT);
358
359 if (rv < 0) {
360 dev_err(dev, "usb_control_msg returned %d\n", rv);
361 goto exit;
362 }
363
364 dev_dbg(dev, "CHECK_ABORT_BULK_IN returned %x\n", buffer[0]);
365
366 if (buffer[0] == USBTMC_STATUS_SUCCESS) {
367 rv = 0;
368 goto exit;
369 }
370
371 if (buffer[0] != USBTMC_STATUS_PENDING) {
372 dev_err(dev, "CHECK_ABORT_BULK_IN returned %x\n", buffer[0]);
373 rv = -EPERM;
374 goto exit;
375 }
376
377 if ((buffer[1] & 1) > 0) {
378 /* The device has 1 or more queued packets the Host can read */
379 goto usbtmc_abort_bulk_in_status;
380 }
381
382 /* The Host must send CHECK_ABORT_BULK_IN_STATUS at a later time. */
383 rv = -EAGAIN;
384 exit:
385 kfree(buffer);
386 return rv;
387 }
388
usbtmc_ioctl_abort_bulk_in(struct usbtmc_device_data * data)389 static int usbtmc_ioctl_abort_bulk_in(struct usbtmc_device_data *data)
390 {
391 return usbtmc_ioctl_abort_bulk_in_tag(data, data->bTag_last_read);
392 }
393
usbtmc_ioctl_abort_bulk_out_tag(struct usbtmc_device_data * data,u8 tag)394 static int usbtmc_ioctl_abort_bulk_out_tag(struct usbtmc_device_data *data,
395 u8 tag)
396 {
397 struct device *dev;
398 u8 *buffer;
399 int rv;
400 int n;
401
402 dev = &data->intf->dev;
403
404 buffer = kmalloc(8, GFP_KERNEL);
405 if (!buffer)
406 return -ENOMEM;
407
408 rv = usb_control_msg(data->usb_dev,
409 usb_rcvctrlpipe(data->usb_dev, 0),
410 USBTMC_REQUEST_INITIATE_ABORT_BULK_OUT,
411 USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_ENDPOINT,
412 tag, data->bulk_out,
413 buffer, 2, USB_CTRL_GET_TIMEOUT);
414
415 if (rv < 0) {
416 dev_err(dev, "usb_control_msg returned %d\n", rv);
417 goto exit;
418 }
419
420 dev_dbg(dev, "INITIATE_ABORT_BULK_OUT returned %x\n", buffer[0]);
421
422 if (buffer[0] != USBTMC_STATUS_SUCCESS) {
423 dev_err(dev, "INITIATE_ABORT_BULK_OUT returned %x\n",
424 buffer[0]);
425 rv = -EPERM;
426 goto exit;
427 }
428
429 n = 0;
430
431 usbtmc_abort_bulk_out_check_status:
432 /* do not stress device with subsequent requests */
433 msleep(50);
434 rv = usb_control_msg(data->usb_dev,
435 usb_rcvctrlpipe(data->usb_dev, 0),
436 USBTMC_REQUEST_CHECK_ABORT_BULK_OUT_STATUS,
437 USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_ENDPOINT,
438 0, data->bulk_out, buffer, 0x08,
439 USB_CTRL_GET_TIMEOUT);
440 n++;
441 if (rv < 0) {
442 dev_err(dev, "usb_control_msg returned %d\n", rv);
443 goto exit;
444 }
445
446 dev_dbg(dev, "CHECK_ABORT_BULK_OUT returned %x\n", buffer[0]);
447
448 if (buffer[0] == USBTMC_STATUS_SUCCESS)
449 goto usbtmc_abort_bulk_out_clear_halt;
450
451 if ((buffer[0] == USBTMC_STATUS_PENDING) &&
452 (n < USBTMC_MAX_READS_TO_CLEAR_BULK_IN))
453 goto usbtmc_abort_bulk_out_check_status;
454
455 rv = -EPERM;
456 goto exit;
457
458 usbtmc_abort_bulk_out_clear_halt:
459 rv = usb_clear_halt(data->usb_dev,
460 usb_sndbulkpipe(data->usb_dev, data->bulk_out));
461
462 if (rv < 0) {
463 dev_err(dev, "usb_control_msg returned %d\n", rv);
464 goto exit;
465 }
466 rv = 0;
467
468 exit:
469 kfree(buffer);
470 return rv;
471 }
472
usbtmc_ioctl_abort_bulk_out(struct usbtmc_device_data * data)473 static int usbtmc_ioctl_abort_bulk_out(struct usbtmc_device_data *data)
474 {
475 return usbtmc_ioctl_abort_bulk_out_tag(data, data->bTag_last_write);
476 }
477
usbtmc_get_stb(struct usbtmc_file_data * file_data,__u8 * stb)478 static int usbtmc_get_stb(struct usbtmc_file_data *file_data, __u8 *stb)
479 {
480 struct usbtmc_device_data *data = file_data->data;
481 struct device *dev = &data->intf->dev;
482 u8 *buffer;
483 u8 tag;
484 int rv;
485 long wait_rv;
486 unsigned long expire;
487
488 dev_dbg(dev, "Enter ioctl_read_stb iin_ep_present: %d\n",
489 data->iin_ep_present);
490
491 buffer = kmalloc(8, GFP_KERNEL);
492 if (!buffer)
493 return -ENOMEM;
494
495 atomic_set(&data->iin_data_valid, 0);
496
497 rv = usb_control_msg(data->usb_dev,
498 usb_rcvctrlpipe(data->usb_dev, 0),
499 USBTMC488_REQUEST_READ_STATUS_BYTE,
500 USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE,
501 data->iin_bTag,
502 data->ifnum,
503 buffer, 0x03, USB_CTRL_GET_TIMEOUT);
504 if (rv < 0) {
505 dev_err(dev, "stb usb_control_msg returned %d\n", rv);
506 goto exit;
507 }
508
509 if (buffer[0] != USBTMC_STATUS_SUCCESS) {
510 dev_err(dev, "control status returned %x\n", buffer[0]);
511 rv = -EIO;
512 goto exit;
513 }
514
515 if (data->iin_ep_present) {
516 expire = msecs_to_jiffies(file_data->timeout);
517 wait_rv = wait_event_interruptible_timeout(
518 data->waitq,
519 atomic_read(&data->iin_data_valid) != 0,
520 expire);
521 if (wait_rv < 0) {
522 dev_dbg(dev, "wait interrupted %ld\n", wait_rv);
523 rv = wait_rv;
524 goto exit;
525 }
526
527 if (wait_rv == 0) {
528 dev_dbg(dev, "wait timed out\n");
529 rv = -ETIMEDOUT;
530 goto exit;
531 }
532
533 tag = data->bNotify1 & 0x7f;
534 if (tag != data->iin_bTag) {
535 dev_err(dev, "expected bTag %x got %x\n",
536 data->iin_bTag, tag);
537 }
538
539 *stb = data->bNotify2;
540 } else {
541 *stb = buffer[2];
542 }
543
544 dev_dbg(dev, "stb:0x%02x received %d\n", (unsigned int)*stb, rv);
545
546 rv = 0;
547
548 exit:
549 /* bump interrupt bTag */
550 data->iin_bTag += 1;
551 if (data->iin_bTag > 127)
552 /* 1 is for SRQ see USBTMC-USB488 subclass spec section 4.3.1 */
553 data->iin_bTag = 2;
554
555 kfree(buffer);
556 return rv;
557 }
558
usbtmc488_ioctl_read_stb(struct usbtmc_file_data * file_data,void __user * arg)559 static int usbtmc488_ioctl_read_stb(struct usbtmc_file_data *file_data,
560 void __user *arg)
561 {
562 int srq_asserted = 0;
563 __u8 stb;
564 int rv;
565
566 rv = usbtmc_get_stb(file_data, &stb);
567
568 if (rv < 0)
569 return rv;
570
571 srq_asserted = atomic_xchg(&file_data->srq_asserted, srq_asserted);
572 if (srq_asserted)
573 stb |= 0x40; /* Set RQS bit */
574
575 rv = put_user(stb, (__u8 __user *)arg);
576
577 return rv;
578
579 }
580
usbtmc_ioctl_get_srq_stb(struct usbtmc_file_data * file_data,void __user * arg)581 static int usbtmc_ioctl_get_srq_stb(struct usbtmc_file_data *file_data,
582 void __user *arg)
583 {
584 struct usbtmc_device_data *data = file_data->data;
585 struct device *dev = &data->intf->dev;
586 int srq_asserted = 0;
587 __u8 stb = 0;
588 int rv;
589
590 spin_lock_irq(&data->dev_lock);
591 srq_asserted = atomic_xchg(&file_data->srq_asserted, srq_asserted);
592
593 if (srq_asserted) {
594 stb = file_data->srq_byte;
595 spin_unlock_irq(&data->dev_lock);
596 rv = put_user(stb, (__u8 __user *)arg);
597 } else {
598 spin_unlock_irq(&data->dev_lock);
599 rv = -ENOMSG;
600 }
601
602 dev_dbg(dev, "stb:0x%02x with srq received %d\n", (unsigned int)stb, rv);
603
604 return rv;
605 }
606
usbtmc488_ioctl_wait_srq(struct usbtmc_file_data * file_data,__u32 __user * arg)607 static int usbtmc488_ioctl_wait_srq(struct usbtmc_file_data *file_data,
608 __u32 __user *arg)
609 {
610 struct usbtmc_device_data *data = file_data->data;
611 struct device *dev = &data->intf->dev;
612 u32 timeout;
613 unsigned long expire;
614 long wait_rv;
615
616 if (!data->iin_ep_present) {
617 dev_dbg(dev, "no interrupt endpoint present\n");
618 return -EFAULT;
619 }
620
621 if (get_user(timeout, arg))
622 return -EFAULT;
623
624 expire = msecs_to_jiffies(timeout);
625
626 mutex_unlock(&data->io_mutex);
627
628 wait_rv = wait_event_interruptible_timeout(
629 data->waitq,
630 atomic_read(&file_data->srq_asserted) != 0 ||
631 atomic_read(&file_data->closing),
632 expire);
633
634 mutex_lock(&data->io_mutex);
635
636 /* Note! disconnect or close could be called in the meantime */
637 if (atomic_read(&file_data->closing) || data->zombie)
638 return -ENODEV;
639
640 if (wait_rv < 0) {
641 dev_dbg(dev, "%s - wait interrupted %ld\n", __func__, wait_rv);
642 return wait_rv;
643 }
644
645 if (wait_rv == 0) {
646 dev_dbg(dev, "%s - wait timed out\n", __func__);
647 return -ETIMEDOUT;
648 }
649
650 dev_dbg(dev, "%s - srq asserted\n", __func__);
651 return 0;
652 }
653
usbtmc488_ioctl_simple(struct usbtmc_device_data * data,void __user * arg,unsigned int cmd)654 static int usbtmc488_ioctl_simple(struct usbtmc_device_data *data,
655 void __user *arg, unsigned int cmd)
656 {
657 struct device *dev = &data->intf->dev;
658 __u8 val;
659 u8 *buffer;
660 u16 wValue;
661 int rv;
662
663 if (!(data->usb488_caps & USBTMC488_CAPABILITY_SIMPLE))
664 return -EINVAL;
665
666 buffer = kmalloc(8, GFP_KERNEL);
667 if (!buffer)
668 return -ENOMEM;
669
670 if (cmd == USBTMC488_REQUEST_REN_CONTROL) {
671 rv = copy_from_user(&val, arg, sizeof(val));
672 if (rv) {
673 rv = -EFAULT;
674 goto exit;
675 }
676 wValue = val ? 1 : 0;
677 } else {
678 wValue = 0;
679 }
680
681 rv = usb_control_msg(data->usb_dev,
682 usb_rcvctrlpipe(data->usb_dev, 0),
683 cmd,
684 USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE,
685 wValue,
686 data->ifnum,
687 buffer, 0x01, USB_CTRL_GET_TIMEOUT);
688 if (rv < 0) {
689 dev_err(dev, "simple usb_control_msg failed %d\n", rv);
690 goto exit;
691 } else if (rv != 1) {
692 dev_warn(dev, "simple usb_control_msg returned %d\n", rv);
693 rv = -EIO;
694 goto exit;
695 }
696
697 if (buffer[0] != USBTMC_STATUS_SUCCESS) {
698 dev_err(dev, "simple control status returned %x\n", buffer[0]);
699 rv = -EIO;
700 goto exit;
701 }
702 rv = 0;
703
704 exit:
705 kfree(buffer);
706 return rv;
707 }
708
709 /*
710 * Sends a TRIGGER Bulk-OUT command message
711 * See the USBTMC-USB488 specification, Table 2.
712 *
713 * Also updates bTag_last_write.
714 */
usbtmc488_ioctl_trigger(struct usbtmc_file_data * file_data)715 static int usbtmc488_ioctl_trigger(struct usbtmc_file_data *file_data)
716 {
717 struct usbtmc_device_data *data = file_data->data;
718 int retval;
719 u8 *buffer;
720 int actual;
721
722 buffer = kzalloc(USBTMC_HEADER_SIZE, GFP_KERNEL);
723 if (!buffer)
724 return -ENOMEM;
725
726 buffer[0] = 128;
727 buffer[1] = data->bTag;
728 buffer[2] = ~data->bTag;
729
730 retval = usb_bulk_msg(data->usb_dev,
731 usb_sndbulkpipe(data->usb_dev,
732 data->bulk_out),
733 buffer, USBTMC_HEADER_SIZE,
734 &actual, file_data->timeout);
735
736 /* Store bTag (in case we need to abort) */
737 data->bTag_last_write = data->bTag;
738
739 /* Increment bTag -- and increment again if zero */
740 data->bTag++;
741 if (!data->bTag)
742 data->bTag++;
743
744 kfree(buffer);
745 if (retval < 0) {
746 dev_err(&data->intf->dev, "%s returned %d\n",
747 __func__, retval);
748 return retval;
749 }
750
751 return 0;
752 }
753
usbtmc_create_urb(void)754 static struct urb *usbtmc_create_urb(void)
755 {
756 const size_t bufsize = USBTMC_BUFSIZE;
757 u8 *dmabuf = NULL;
758 struct urb *urb = usb_alloc_urb(0, GFP_KERNEL);
759
760 if (!urb)
761 return NULL;
762
763 dmabuf = kzalloc(bufsize, GFP_KERNEL);
764 if (!dmabuf) {
765 usb_free_urb(urb);
766 return NULL;
767 }
768
769 urb->transfer_buffer = dmabuf;
770 urb->transfer_buffer_length = bufsize;
771 urb->transfer_flags |= URB_FREE_BUFFER;
772 return urb;
773 }
774
usbtmc_read_bulk_cb(struct urb * urb)775 static void usbtmc_read_bulk_cb(struct urb *urb)
776 {
777 struct usbtmc_file_data *file_data = urb->context;
778 int status = urb->status;
779 unsigned long flags;
780
781 /* sync/async unlink faults aren't errors */
782 if (status) {
783 if (!(/* status == -ENOENT || */
784 status == -ECONNRESET ||
785 status == -EREMOTEIO || /* Short packet */
786 status == -ESHUTDOWN))
787 dev_err(&file_data->data->intf->dev,
788 "%s - nonzero read bulk status received: %d\n",
789 __func__, status);
790
791 spin_lock_irqsave(&file_data->err_lock, flags);
792 if (!file_data->in_status)
793 file_data->in_status = status;
794 spin_unlock_irqrestore(&file_data->err_lock, flags);
795 }
796
797 spin_lock_irqsave(&file_data->err_lock, flags);
798 file_data->in_transfer_size += urb->actual_length;
799 dev_dbg(&file_data->data->intf->dev,
800 "%s - total size: %u current: %d status: %d\n",
801 __func__, file_data->in_transfer_size,
802 urb->actual_length, status);
803 spin_unlock_irqrestore(&file_data->err_lock, flags);
804 usb_anchor_urb(urb, &file_data->in_anchor);
805
806 wake_up_interruptible(&file_data->wait_bulk_in);
807 wake_up_interruptible(&file_data->data->waitq);
808 }
809
usbtmc_do_transfer(struct usbtmc_file_data * file_data)810 static inline bool usbtmc_do_transfer(struct usbtmc_file_data *file_data)
811 {
812 bool data_or_error;
813
814 spin_lock_irq(&file_data->err_lock);
815 data_or_error = !usb_anchor_empty(&file_data->in_anchor)
816 || file_data->in_status;
817 spin_unlock_irq(&file_data->err_lock);
818 dev_dbg(&file_data->data->intf->dev, "%s: returns %d\n", __func__,
819 data_or_error);
820 return data_or_error;
821 }
822
usbtmc_generic_read(struct usbtmc_file_data * file_data,void __user * user_buffer,u32 transfer_size,u32 * transferred,u32 flags)823 static ssize_t usbtmc_generic_read(struct usbtmc_file_data *file_data,
824 void __user *user_buffer,
825 u32 transfer_size,
826 u32 *transferred,
827 u32 flags)
828 {
829 struct usbtmc_device_data *data = file_data->data;
830 struct device *dev = &data->intf->dev;
831 u32 done = 0;
832 u32 remaining;
833 const u32 bufsize = USBTMC_BUFSIZE;
834 int retval = 0;
835 u32 max_transfer_size;
836 unsigned long expire;
837 int bufcount = 1;
838 int again = 0;
839 long wait_rv;
840
841 /* mutex already locked */
842
843 *transferred = done;
844
845 max_transfer_size = transfer_size;
846
847 if (flags & USBTMC_FLAG_IGNORE_TRAILER) {
848 /* The device may send extra alignment bytes (up to
849 * wMaxPacketSize – 1) to avoid sending a zero-length
850 * packet
851 */
852 remaining = transfer_size;
853 if ((max_transfer_size % data->wMaxPacketSize) == 0)
854 max_transfer_size += (data->wMaxPacketSize - 1);
855 } else {
856 /* round down to bufsize to avoid truncated data left */
857 if (max_transfer_size > bufsize) {
858 max_transfer_size =
859 roundup(max_transfer_size + 1 - bufsize,
860 bufsize);
861 }
862 remaining = max_transfer_size;
863 }
864
865 spin_lock_irq(&file_data->err_lock);
866
867 if (file_data->in_status) {
868 /* return the very first error */
869 retval = file_data->in_status;
870 spin_unlock_irq(&file_data->err_lock);
871 goto error;
872 }
873
874 if (flags & USBTMC_FLAG_ASYNC) {
875 if (usb_anchor_empty(&file_data->in_anchor))
876 again = 1;
877
878 if (file_data->in_urbs_used == 0) {
879 file_data->in_transfer_size = 0;
880 file_data->in_status = 0;
881 }
882 } else {
883 file_data->in_transfer_size = 0;
884 file_data->in_status = 0;
885 }
886
887 if (max_transfer_size == 0) {
888 bufcount = 0;
889 } else {
890 bufcount = roundup(max_transfer_size, bufsize) / bufsize;
891 if (bufcount > file_data->in_urbs_used)
892 bufcount -= file_data->in_urbs_used;
893 else
894 bufcount = 0;
895
896 if (bufcount + file_data->in_urbs_used > MAX_URBS_IN_FLIGHT) {
897 bufcount = MAX_URBS_IN_FLIGHT -
898 file_data->in_urbs_used;
899 }
900 }
901 spin_unlock_irq(&file_data->err_lock);
902
903 dev_dbg(dev, "%s: requested=%u flags=0x%X size=%u bufs=%d used=%d\n",
904 __func__, transfer_size, flags,
905 max_transfer_size, bufcount, file_data->in_urbs_used);
906
907 while (bufcount > 0) {
908 u8 *dmabuf = NULL;
909 struct urb *urb = usbtmc_create_urb();
910
911 if (!urb) {
912 retval = -ENOMEM;
913 goto error;
914 }
915
916 dmabuf = urb->transfer_buffer;
917
918 usb_fill_bulk_urb(urb, data->usb_dev,
919 usb_rcvbulkpipe(data->usb_dev, data->bulk_in),
920 dmabuf, bufsize,
921 usbtmc_read_bulk_cb, file_data);
922
923 usb_anchor_urb(urb, &file_data->submitted);
924 retval = usb_submit_urb(urb, GFP_KERNEL);
925 /* urb is anchored. We can release our reference. */
926 usb_free_urb(urb);
927 if (unlikely(retval)) {
928 usb_unanchor_urb(urb);
929 goto error;
930 }
931 file_data->in_urbs_used++;
932 bufcount--;
933 }
934
935 if (again) {
936 dev_dbg(dev, "%s: ret=again\n", __func__);
937 return -EAGAIN;
938 }
939
940 if (user_buffer == NULL)
941 return -EINVAL;
942
943 expire = msecs_to_jiffies(file_data->timeout);
944
945 while (max_transfer_size > 0) {
946 u32 this_part;
947 struct urb *urb = NULL;
948
949 if (!(flags & USBTMC_FLAG_ASYNC)) {
950 dev_dbg(dev, "%s: before wait time %lu\n",
951 __func__, expire);
952 wait_rv = wait_event_interruptible_timeout(
953 file_data->wait_bulk_in,
954 usbtmc_do_transfer(file_data),
955 expire);
956
957 dev_dbg(dev, "%s: wait returned %ld\n",
958 __func__, wait_rv);
959
960 if (wait_rv < 0) {
961 retval = wait_rv;
962 goto error;
963 }
964
965 if (wait_rv == 0) {
966 retval = -ETIMEDOUT;
967 goto error;
968 }
969
970 }
971
972 urb = usb_get_from_anchor(&file_data->in_anchor);
973 if (!urb) {
974 if (!(flags & USBTMC_FLAG_ASYNC)) {
975 /* synchronous case: must not happen */
976 retval = -EFAULT;
977 goto error;
978 }
979
980 /* asynchronous case: ready, do not block or wait */
981 *transferred = done;
982 dev_dbg(dev, "%s: (async) done=%u ret=0\n",
983 __func__, done);
984 return 0;
985 }
986
987 file_data->in_urbs_used--;
988
989 if (max_transfer_size > urb->actual_length)
990 max_transfer_size -= urb->actual_length;
991 else
992 max_transfer_size = 0;
993
994 if (remaining > urb->actual_length)
995 this_part = urb->actual_length;
996 else
997 this_part = remaining;
998
999 print_hex_dump_debug("usbtmc ", DUMP_PREFIX_NONE, 16, 1,
1000 urb->transfer_buffer, urb->actual_length, true);
1001
1002 if (copy_to_user(user_buffer + done,
1003 urb->transfer_buffer, this_part)) {
1004 usb_free_urb(urb);
1005 retval = -EFAULT;
1006 goto error;
1007 }
1008
1009 remaining -= this_part;
1010 done += this_part;
1011
1012 spin_lock_irq(&file_data->err_lock);
1013 if (urb->status) {
1014 /* return the very first error */
1015 retval = file_data->in_status;
1016 spin_unlock_irq(&file_data->err_lock);
1017 usb_free_urb(urb);
1018 goto error;
1019 }
1020 spin_unlock_irq(&file_data->err_lock);
1021
1022 if (urb->actual_length < bufsize) {
1023 /* short packet or ZLP received => ready */
1024 usb_free_urb(urb);
1025 retval = 1;
1026 break;
1027 }
1028
1029 if (!(flags & USBTMC_FLAG_ASYNC) &&
1030 max_transfer_size > (bufsize * file_data->in_urbs_used)) {
1031 /* resubmit, since other buffers still not enough */
1032 usb_anchor_urb(urb, &file_data->submitted);
1033 retval = usb_submit_urb(urb, GFP_KERNEL);
1034 if (unlikely(retval)) {
1035 usb_unanchor_urb(urb);
1036 usb_free_urb(urb);
1037 goto error;
1038 }
1039 file_data->in_urbs_used++;
1040 }
1041 usb_free_urb(urb);
1042 retval = 0;
1043 }
1044
1045 error:
1046 *transferred = done;
1047
1048 dev_dbg(dev, "%s: before kill\n", __func__);
1049 /* Attention: killing urbs can take long time (2 ms) */
1050 usb_kill_anchored_urbs(&file_data->submitted);
1051 dev_dbg(dev, "%s: after kill\n", __func__);
1052 usb_scuttle_anchored_urbs(&file_data->in_anchor);
1053 file_data->in_urbs_used = 0;
1054 file_data->in_status = 0; /* no spinlock needed here */
1055 dev_dbg(dev, "%s: done=%u ret=%d\n", __func__, done, retval);
1056
1057 return retval;
1058 }
1059
usbtmc_ioctl_generic_read(struct usbtmc_file_data * file_data,void __user * arg)1060 static ssize_t usbtmc_ioctl_generic_read(struct usbtmc_file_data *file_data,
1061 void __user *arg)
1062 {
1063 struct usbtmc_message msg;
1064 ssize_t retval = 0;
1065
1066 /* mutex already locked */
1067
1068 if (copy_from_user(&msg, arg, sizeof(struct usbtmc_message)))
1069 return -EFAULT;
1070
1071 retval = usbtmc_generic_read(file_data, msg.message,
1072 msg.transfer_size, &msg.transferred,
1073 msg.flags);
1074
1075 if (put_user(msg.transferred,
1076 &((struct usbtmc_message __user *)arg)->transferred))
1077 return -EFAULT;
1078
1079 return retval;
1080 }
1081
usbtmc_write_bulk_cb(struct urb * urb)1082 static void usbtmc_write_bulk_cb(struct urb *urb)
1083 {
1084 struct usbtmc_file_data *file_data = urb->context;
1085 int wakeup = 0;
1086 unsigned long flags;
1087
1088 spin_lock_irqsave(&file_data->err_lock, flags);
1089 file_data->out_transfer_size += urb->actual_length;
1090
1091 /* sync/async unlink faults aren't errors */
1092 if (urb->status) {
1093 if (!(urb->status == -ENOENT ||
1094 urb->status == -ECONNRESET ||
1095 urb->status == -ESHUTDOWN))
1096 dev_err(&file_data->data->intf->dev,
1097 "%s - nonzero write bulk status received: %d\n",
1098 __func__, urb->status);
1099
1100 if (!file_data->out_status) {
1101 file_data->out_status = urb->status;
1102 wakeup = 1;
1103 }
1104 }
1105 spin_unlock_irqrestore(&file_data->err_lock, flags);
1106
1107 dev_dbg(&file_data->data->intf->dev,
1108 "%s - write bulk total size: %u\n",
1109 __func__, file_data->out_transfer_size);
1110
1111 up(&file_data->limit_write_sem);
1112 if (usb_anchor_empty(&file_data->submitted) || wakeup)
1113 wake_up_interruptible(&file_data->data->waitq);
1114 }
1115
usbtmc_generic_write(struct usbtmc_file_data * file_data,const void __user * user_buffer,u32 transfer_size,u32 * transferred,u32 flags)1116 static ssize_t usbtmc_generic_write(struct usbtmc_file_data *file_data,
1117 const void __user *user_buffer,
1118 u32 transfer_size,
1119 u32 *transferred,
1120 u32 flags)
1121 {
1122 struct usbtmc_device_data *data = file_data->data;
1123 struct device *dev;
1124 u32 done = 0;
1125 u32 remaining;
1126 unsigned long expire;
1127 const u32 bufsize = USBTMC_BUFSIZE;
1128 struct urb *urb = NULL;
1129 int retval = 0;
1130 u32 timeout;
1131
1132 *transferred = 0;
1133
1134 /* Get pointer to private data structure */
1135 dev = &data->intf->dev;
1136
1137 dev_dbg(dev, "%s: size=%u flags=0x%X sema=%u\n",
1138 __func__, transfer_size, flags,
1139 file_data->limit_write_sem.count);
1140
1141 if (flags & USBTMC_FLAG_APPEND) {
1142 spin_lock_irq(&file_data->err_lock);
1143 retval = file_data->out_status;
1144 spin_unlock_irq(&file_data->err_lock);
1145 if (retval < 0)
1146 return retval;
1147 } else {
1148 spin_lock_irq(&file_data->err_lock);
1149 file_data->out_transfer_size = 0;
1150 file_data->out_status = 0;
1151 spin_unlock_irq(&file_data->err_lock);
1152 }
1153
1154 remaining = transfer_size;
1155 if (remaining > INT_MAX)
1156 remaining = INT_MAX;
1157
1158 timeout = file_data->timeout;
1159 expire = msecs_to_jiffies(timeout);
1160
1161 while (remaining > 0) {
1162 u32 this_part, aligned;
1163 u8 *buffer = NULL;
1164
1165 if (flags & USBTMC_FLAG_ASYNC) {
1166 if (down_trylock(&file_data->limit_write_sem)) {
1167 retval = (done)?(0):(-EAGAIN);
1168 goto exit;
1169 }
1170 } else {
1171 retval = down_timeout(&file_data->limit_write_sem,
1172 expire);
1173 if (retval < 0) {
1174 retval = -ETIMEDOUT;
1175 goto error;
1176 }
1177 }
1178
1179 spin_lock_irq(&file_data->err_lock);
1180 retval = file_data->out_status;
1181 spin_unlock_irq(&file_data->err_lock);
1182 if (retval < 0) {
1183 up(&file_data->limit_write_sem);
1184 goto error;
1185 }
1186
1187 /* prepare next urb to send */
1188 urb = usbtmc_create_urb();
1189 if (!urb) {
1190 retval = -ENOMEM;
1191 up(&file_data->limit_write_sem);
1192 goto error;
1193 }
1194 buffer = urb->transfer_buffer;
1195
1196 if (remaining > bufsize)
1197 this_part = bufsize;
1198 else
1199 this_part = remaining;
1200
1201 if (copy_from_user(buffer, user_buffer + done, this_part)) {
1202 retval = -EFAULT;
1203 up(&file_data->limit_write_sem);
1204 goto error;
1205 }
1206
1207 print_hex_dump_debug("usbtmc ", DUMP_PREFIX_NONE,
1208 16, 1, buffer, this_part, true);
1209
1210 /* fill bulk with 32 bit alignment to meet USBTMC specification
1211 * (size + 3 & ~3) rounds up and simplifies user code
1212 */
1213 aligned = (this_part + 3) & ~3;
1214 dev_dbg(dev, "write(size:%u align:%u done:%u)\n",
1215 (unsigned int)this_part,
1216 (unsigned int)aligned,
1217 (unsigned int)done);
1218
1219 usb_fill_bulk_urb(urb, data->usb_dev,
1220 usb_sndbulkpipe(data->usb_dev, data->bulk_out),
1221 urb->transfer_buffer, aligned,
1222 usbtmc_write_bulk_cb, file_data);
1223
1224 usb_anchor_urb(urb, &file_data->submitted);
1225 retval = usb_submit_urb(urb, GFP_KERNEL);
1226 if (unlikely(retval)) {
1227 usb_unanchor_urb(urb);
1228 up(&file_data->limit_write_sem);
1229 goto error;
1230 }
1231
1232 usb_free_urb(urb);
1233 urb = NULL; /* urb will be finally released by usb driver */
1234
1235 remaining -= this_part;
1236 done += this_part;
1237 }
1238
1239 /* All urbs are on the fly */
1240 if (!(flags & USBTMC_FLAG_ASYNC)) {
1241 if (!usb_wait_anchor_empty_timeout(&file_data->submitted,
1242 timeout)) {
1243 retval = -ETIMEDOUT;
1244 goto error;
1245 }
1246 }
1247
1248 retval = 0;
1249 goto exit;
1250
1251 error:
1252 usb_kill_anchored_urbs(&file_data->submitted);
1253 exit:
1254 usb_free_urb(urb);
1255
1256 spin_lock_irq(&file_data->err_lock);
1257 if (!(flags & USBTMC_FLAG_ASYNC))
1258 done = file_data->out_transfer_size;
1259 if (!retval && file_data->out_status)
1260 retval = file_data->out_status;
1261 spin_unlock_irq(&file_data->err_lock);
1262
1263 *transferred = done;
1264
1265 dev_dbg(dev, "%s: done=%u, retval=%d, urbstat=%d\n",
1266 __func__, done, retval, file_data->out_status);
1267
1268 return retval;
1269 }
1270
usbtmc_ioctl_generic_write(struct usbtmc_file_data * file_data,void __user * arg)1271 static ssize_t usbtmc_ioctl_generic_write(struct usbtmc_file_data *file_data,
1272 void __user *arg)
1273 {
1274 struct usbtmc_message msg;
1275 ssize_t retval = 0;
1276
1277 /* mutex already locked */
1278
1279 if (copy_from_user(&msg, arg, sizeof(struct usbtmc_message)))
1280 return -EFAULT;
1281
1282 retval = usbtmc_generic_write(file_data, msg.message,
1283 msg.transfer_size, &msg.transferred,
1284 msg.flags);
1285
1286 if (put_user(msg.transferred,
1287 &((struct usbtmc_message __user *)arg)->transferred))
1288 return -EFAULT;
1289
1290 return retval;
1291 }
1292
1293 /*
1294 * Get the generic write result
1295 */
usbtmc_ioctl_write_result(struct usbtmc_file_data * file_data,void __user * arg)1296 static ssize_t usbtmc_ioctl_write_result(struct usbtmc_file_data *file_data,
1297 void __user *arg)
1298 {
1299 u32 transferred;
1300 int retval;
1301
1302 spin_lock_irq(&file_data->err_lock);
1303 transferred = file_data->out_transfer_size;
1304 retval = file_data->out_status;
1305 spin_unlock_irq(&file_data->err_lock);
1306
1307 if (put_user(transferred, (__u32 __user *)arg))
1308 return -EFAULT;
1309
1310 return retval;
1311 }
1312
1313 /*
1314 * Sends a REQUEST_DEV_DEP_MSG_IN message on the Bulk-OUT endpoint.
1315 * @transfer_size: number of bytes to request from the device.
1316 *
1317 * See the USBTMC specification, Table 4.
1318 *
1319 * Also updates bTag_last_write.
1320 */
send_request_dev_dep_msg_in(struct usbtmc_file_data * file_data,u32 transfer_size)1321 static int send_request_dev_dep_msg_in(struct usbtmc_file_data *file_data,
1322 u32 transfer_size)
1323 {
1324 struct usbtmc_device_data *data = file_data->data;
1325 int retval;
1326 u8 *buffer;
1327 int actual;
1328
1329 buffer = kmalloc(USBTMC_HEADER_SIZE, GFP_KERNEL);
1330 if (!buffer)
1331 return -ENOMEM;
1332 /* Setup IO buffer for REQUEST_DEV_DEP_MSG_IN message
1333 * Refer to class specs for details
1334 */
1335 buffer[0] = 2;
1336 buffer[1] = data->bTag;
1337 buffer[2] = ~data->bTag;
1338 buffer[3] = 0; /* Reserved */
1339 buffer[4] = transfer_size >> 0;
1340 buffer[5] = transfer_size >> 8;
1341 buffer[6] = transfer_size >> 16;
1342 buffer[7] = transfer_size >> 24;
1343 buffer[8] = file_data->term_char_enabled * 2;
1344 /* Use term character? */
1345 buffer[9] = file_data->term_char;
1346 buffer[10] = 0; /* Reserved */
1347 buffer[11] = 0; /* Reserved */
1348
1349 /* Send bulk URB */
1350 retval = usb_bulk_msg(data->usb_dev,
1351 usb_sndbulkpipe(data->usb_dev,
1352 data->bulk_out),
1353 buffer, USBTMC_HEADER_SIZE,
1354 &actual, file_data->timeout);
1355
1356 /* Store bTag (in case we need to abort) */
1357 data->bTag_last_write = data->bTag;
1358
1359 /* Increment bTag -- and increment again if zero */
1360 data->bTag++;
1361 if (!data->bTag)
1362 data->bTag++;
1363
1364 kfree(buffer);
1365 if (retval < 0)
1366 dev_err(&data->intf->dev, "%s returned %d\n",
1367 __func__, retval);
1368
1369 return retval;
1370 }
1371
usbtmc_read(struct file * filp,char __user * buf,size_t count,loff_t * f_pos)1372 static ssize_t usbtmc_read(struct file *filp, char __user *buf,
1373 size_t count, loff_t *f_pos)
1374 {
1375 struct usbtmc_file_data *file_data;
1376 struct usbtmc_device_data *data;
1377 struct device *dev;
1378 const u32 bufsize = USBTMC_BUFSIZE;
1379 u32 n_characters;
1380 u8 *buffer;
1381 int actual;
1382 u32 done = 0;
1383 u32 remaining;
1384 int retval;
1385
1386 /* Get pointer to private data structure */
1387 file_data = filp->private_data;
1388 data = file_data->data;
1389 dev = &data->intf->dev;
1390
1391 buffer = kmalloc(bufsize, GFP_KERNEL);
1392 if (!buffer)
1393 return -ENOMEM;
1394
1395 retval = mutex_lock_interruptible(&data->io_mutex);
1396 if (retval < 0)
1397 goto exit_nolock;
1398
1399 if (data->zombie) {
1400 retval = -ENODEV;
1401 goto exit;
1402 }
1403
1404 if (count > INT_MAX)
1405 count = INT_MAX;
1406
1407 dev_dbg(dev, "%s(count:%zu)\n", __func__, count);
1408
1409 retval = send_request_dev_dep_msg_in(file_data, count);
1410
1411 if (retval < 0) {
1412 if (file_data->auto_abort)
1413 usbtmc_ioctl_abort_bulk_out(data);
1414 goto exit;
1415 }
1416
1417 /* Loop until we have fetched everything we requested */
1418 remaining = count;
1419 actual = 0;
1420
1421 /* Send bulk URB */
1422 retval = usb_bulk_msg(data->usb_dev,
1423 usb_rcvbulkpipe(data->usb_dev,
1424 data->bulk_in),
1425 buffer, bufsize, &actual,
1426 file_data->timeout);
1427
1428 dev_dbg(dev, "%s: bulk_msg retval(%u), actual(%d)\n",
1429 __func__, retval, actual);
1430
1431 /* Store bTag (in case we need to abort) */
1432 data->bTag_last_read = data->bTag;
1433
1434 if (retval < 0) {
1435 if (file_data->auto_abort)
1436 usbtmc_ioctl_abort_bulk_in(data);
1437 goto exit;
1438 }
1439
1440 /* Sanity checks for the header */
1441 if (actual < USBTMC_HEADER_SIZE) {
1442 dev_err(dev, "Device sent too small first packet: %u < %u\n",
1443 actual, USBTMC_HEADER_SIZE);
1444 if (file_data->auto_abort)
1445 usbtmc_ioctl_abort_bulk_in(data);
1446 goto exit;
1447 }
1448
1449 if (buffer[0] != 2) {
1450 dev_err(dev, "Device sent reply with wrong MsgID: %u != 2\n",
1451 buffer[0]);
1452 if (file_data->auto_abort)
1453 usbtmc_ioctl_abort_bulk_in(data);
1454 goto exit;
1455 }
1456
1457 if (buffer[1] != data->bTag_last_write) {
1458 dev_err(dev, "Device sent reply with wrong bTag: %u != %u\n",
1459 buffer[1], data->bTag_last_write);
1460 if (file_data->auto_abort)
1461 usbtmc_ioctl_abort_bulk_in(data);
1462 goto exit;
1463 }
1464
1465 /* How many characters did the instrument send? */
1466 n_characters = buffer[4] +
1467 (buffer[5] << 8) +
1468 (buffer[6] << 16) +
1469 (buffer[7] << 24);
1470
1471 file_data->bmTransferAttributes = buffer[8];
1472
1473 dev_dbg(dev, "Bulk-IN header: N_characters(%u), bTransAttr(%u)\n",
1474 n_characters, buffer[8]);
1475
1476 if (n_characters > remaining) {
1477 dev_err(dev, "Device wants to return more data than requested: %u > %zu\n",
1478 n_characters, count);
1479 if (file_data->auto_abort)
1480 usbtmc_ioctl_abort_bulk_in(data);
1481 goto exit;
1482 }
1483
1484 print_hex_dump_debug("usbtmc ", DUMP_PREFIX_NONE,
1485 16, 1, buffer, actual, true);
1486
1487 remaining = n_characters;
1488
1489 /* Remove the USBTMC header */
1490 actual -= USBTMC_HEADER_SIZE;
1491
1492 /* Remove padding if it exists */
1493 if (actual > remaining)
1494 actual = remaining;
1495
1496 remaining -= actual;
1497
1498 /* Copy buffer to user space */
1499 if (copy_to_user(buf, &buffer[USBTMC_HEADER_SIZE], actual)) {
1500 /* There must have been an addressing problem */
1501 retval = -EFAULT;
1502 goto exit;
1503 }
1504
1505 if ((actual + USBTMC_HEADER_SIZE) == bufsize) {
1506 retval = usbtmc_generic_read(file_data, buf + actual,
1507 remaining,
1508 &done,
1509 USBTMC_FLAG_IGNORE_TRAILER);
1510 if (retval < 0)
1511 goto exit;
1512 }
1513 done += actual;
1514
1515 /* Update file position value */
1516 *f_pos = *f_pos + done;
1517 retval = done;
1518
1519 exit:
1520 mutex_unlock(&data->io_mutex);
1521 exit_nolock:
1522 kfree(buffer);
1523 return retval;
1524 }
1525
usbtmc_write(struct file * filp,const char __user * buf,size_t count,loff_t * f_pos)1526 static ssize_t usbtmc_write(struct file *filp, const char __user *buf,
1527 size_t count, loff_t *f_pos)
1528 {
1529 struct usbtmc_file_data *file_data;
1530 struct usbtmc_device_data *data;
1531 struct urb *urb = NULL;
1532 ssize_t retval = 0;
1533 u8 *buffer;
1534 u32 remaining, done;
1535 u32 transfersize, aligned, buflen;
1536
1537 file_data = filp->private_data;
1538 data = file_data->data;
1539
1540 mutex_lock(&data->io_mutex);
1541
1542 if (data->zombie) {
1543 retval = -ENODEV;
1544 goto exit;
1545 }
1546
1547 done = 0;
1548
1549 spin_lock_irq(&file_data->err_lock);
1550 file_data->out_transfer_size = 0;
1551 file_data->out_status = 0;
1552 spin_unlock_irq(&file_data->err_lock);
1553
1554 if (!count)
1555 goto exit;
1556
1557 if (down_trylock(&file_data->limit_write_sem)) {
1558 /* previous calls were async */
1559 retval = -EBUSY;
1560 goto exit;
1561 }
1562
1563 urb = usbtmc_create_urb();
1564 if (!urb) {
1565 retval = -ENOMEM;
1566 up(&file_data->limit_write_sem);
1567 goto exit;
1568 }
1569
1570 buffer = urb->transfer_buffer;
1571 buflen = urb->transfer_buffer_length;
1572
1573 if (count > INT_MAX) {
1574 transfersize = INT_MAX;
1575 buffer[8] = 0;
1576 } else {
1577 transfersize = count;
1578 buffer[8] = file_data->eom_val;
1579 }
1580
1581 /* Setup IO buffer for DEV_DEP_MSG_OUT message */
1582 buffer[0] = 1;
1583 buffer[1] = data->bTag;
1584 buffer[2] = ~data->bTag;
1585 buffer[3] = 0; /* Reserved */
1586 buffer[4] = transfersize >> 0;
1587 buffer[5] = transfersize >> 8;
1588 buffer[6] = transfersize >> 16;
1589 buffer[7] = transfersize >> 24;
1590 /* buffer[8] is set above... */
1591 buffer[9] = 0; /* Reserved */
1592 buffer[10] = 0; /* Reserved */
1593 buffer[11] = 0; /* Reserved */
1594
1595 remaining = transfersize;
1596
1597 if (transfersize + USBTMC_HEADER_SIZE > buflen) {
1598 transfersize = buflen - USBTMC_HEADER_SIZE;
1599 aligned = buflen;
1600 } else {
1601 aligned = (transfersize + (USBTMC_HEADER_SIZE + 3)) & ~3;
1602 }
1603
1604 if (copy_from_user(&buffer[USBTMC_HEADER_SIZE], buf, transfersize)) {
1605 retval = -EFAULT;
1606 up(&file_data->limit_write_sem);
1607 goto exit;
1608 }
1609
1610 dev_dbg(&data->intf->dev, "%s(size:%u align:%u)\n", __func__,
1611 (unsigned int)transfersize, (unsigned int)aligned);
1612
1613 print_hex_dump_debug("usbtmc ", DUMP_PREFIX_NONE,
1614 16, 1, buffer, aligned, true);
1615
1616 usb_fill_bulk_urb(urb, data->usb_dev,
1617 usb_sndbulkpipe(data->usb_dev, data->bulk_out),
1618 urb->transfer_buffer, aligned,
1619 usbtmc_write_bulk_cb, file_data);
1620
1621 usb_anchor_urb(urb, &file_data->submitted);
1622 retval = usb_submit_urb(urb, GFP_KERNEL);
1623 if (unlikely(retval)) {
1624 usb_unanchor_urb(urb);
1625 up(&file_data->limit_write_sem);
1626 goto exit;
1627 }
1628
1629 remaining -= transfersize;
1630
1631 data->bTag_last_write = data->bTag;
1632 data->bTag++;
1633
1634 if (!data->bTag)
1635 data->bTag++;
1636
1637 /* call generic_write even when remaining = 0 */
1638 retval = usbtmc_generic_write(file_data, buf + transfersize, remaining,
1639 &done, USBTMC_FLAG_APPEND);
1640 /* truncate alignment bytes */
1641 if (done > remaining)
1642 done = remaining;
1643
1644 /*add size of first urb*/
1645 done += transfersize;
1646
1647 if (retval < 0) {
1648 usb_kill_anchored_urbs(&file_data->submitted);
1649
1650 dev_err(&data->intf->dev,
1651 "Unable to send data, error %d\n", (int)retval);
1652 if (file_data->auto_abort)
1653 usbtmc_ioctl_abort_bulk_out(data);
1654 goto exit;
1655 }
1656
1657 retval = done;
1658 exit:
1659 usb_free_urb(urb);
1660 mutex_unlock(&data->io_mutex);
1661 return retval;
1662 }
1663
usbtmc_ioctl_clear(struct usbtmc_device_data * data)1664 static int usbtmc_ioctl_clear(struct usbtmc_device_data *data)
1665 {
1666 struct device *dev;
1667 u8 *buffer;
1668 int rv;
1669 int n;
1670 int actual = 0;
1671
1672 dev = &data->intf->dev;
1673
1674 dev_dbg(dev, "Sending INITIATE_CLEAR request\n");
1675
1676 buffer = kmalloc(USBTMC_BUFSIZE, GFP_KERNEL);
1677 if (!buffer)
1678 return -ENOMEM;
1679
1680 rv = usb_control_msg(data->usb_dev,
1681 usb_rcvctrlpipe(data->usb_dev, 0),
1682 USBTMC_REQUEST_INITIATE_CLEAR,
1683 USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE,
1684 0, 0, buffer, 1, USB_CTRL_GET_TIMEOUT);
1685 if (rv < 0) {
1686 dev_err(dev, "usb_control_msg returned %d\n", rv);
1687 goto exit;
1688 }
1689
1690 dev_dbg(dev, "INITIATE_CLEAR returned %x\n", buffer[0]);
1691
1692 if (buffer[0] != USBTMC_STATUS_SUCCESS) {
1693 dev_err(dev, "INITIATE_CLEAR returned %x\n", buffer[0]);
1694 rv = -EPERM;
1695 goto exit;
1696 }
1697
1698 n = 0;
1699
1700 usbtmc_clear_check_status:
1701
1702 dev_dbg(dev, "Sending CHECK_CLEAR_STATUS request\n");
1703
1704 rv = usb_control_msg(data->usb_dev,
1705 usb_rcvctrlpipe(data->usb_dev, 0),
1706 USBTMC_REQUEST_CHECK_CLEAR_STATUS,
1707 USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE,
1708 0, 0, buffer, 2, USB_CTRL_GET_TIMEOUT);
1709 if (rv < 0) {
1710 dev_err(dev, "usb_control_msg returned %d\n", rv);
1711 goto exit;
1712 }
1713
1714 dev_dbg(dev, "CHECK_CLEAR_STATUS returned %x\n", buffer[0]);
1715
1716 if (buffer[0] == USBTMC_STATUS_SUCCESS)
1717 goto usbtmc_clear_bulk_out_halt;
1718
1719 if (buffer[0] != USBTMC_STATUS_PENDING) {
1720 dev_err(dev, "CHECK_CLEAR_STATUS returned %x\n", buffer[0]);
1721 rv = -EPERM;
1722 goto exit;
1723 }
1724
1725 if ((buffer[1] & 1) != 0) {
1726 do {
1727 dev_dbg(dev, "Reading from bulk in EP\n");
1728
1729 actual = 0;
1730 rv = usb_bulk_msg(data->usb_dev,
1731 usb_rcvbulkpipe(data->usb_dev,
1732 data->bulk_in),
1733 buffer, USBTMC_BUFSIZE,
1734 &actual, USB_CTRL_GET_TIMEOUT);
1735
1736 print_hex_dump_debug("usbtmc ", DUMP_PREFIX_NONE,
1737 16, 1, buffer, actual, true);
1738
1739 n++;
1740
1741 if (rv < 0) {
1742 dev_err(dev, "usb_control_msg returned %d\n",
1743 rv);
1744 goto exit;
1745 }
1746 } while ((actual == USBTMC_BUFSIZE) &&
1747 (n < USBTMC_MAX_READS_TO_CLEAR_BULK_IN));
1748 } else {
1749 /* do not stress device with subsequent requests */
1750 msleep(50);
1751 n++;
1752 }
1753
1754 if (n >= USBTMC_MAX_READS_TO_CLEAR_BULK_IN) {
1755 dev_err(dev, "Couldn't clear device buffer within %d cycles\n",
1756 USBTMC_MAX_READS_TO_CLEAR_BULK_IN);
1757 rv = -EPERM;
1758 goto exit;
1759 }
1760
1761 goto usbtmc_clear_check_status;
1762
1763 usbtmc_clear_bulk_out_halt:
1764
1765 rv = usb_clear_halt(data->usb_dev,
1766 usb_sndbulkpipe(data->usb_dev, data->bulk_out));
1767 if (rv < 0) {
1768 dev_err(dev, "usb_clear_halt returned %d\n", rv);
1769 goto exit;
1770 }
1771 rv = 0;
1772
1773 exit:
1774 kfree(buffer);
1775 return rv;
1776 }
1777
usbtmc_ioctl_clear_out_halt(struct usbtmc_device_data * data)1778 static int usbtmc_ioctl_clear_out_halt(struct usbtmc_device_data *data)
1779 {
1780 int rv;
1781
1782 rv = usb_clear_halt(data->usb_dev,
1783 usb_sndbulkpipe(data->usb_dev, data->bulk_out));
1784
1785 if (rv < 0)
1786 dev_err(&data->usb_dev->dev, "%s returned %d\n", __func__, rv);
1787 return rv;
1788 }
1789
usbtmc_ioctl_clear_in_halt(struct usbtmc_device_data * data)1790 static int usbtmc_ioctl_clear_in_halt(struct usbtmc_device_data *data)
1791 {
1792 int rv;
1793
1794 rv = usb_clear_halt(data->usb_dev,
1795 usb_rcvbulkpipe(data->usb_dev, data->bulk_in));
1796
1797 if (rv < 0)
1798 dev_err(&data->usb_dev->dev, "%s returned %d\n", __func__, rv);
1799 return rv;
1800 }
1801
usbtmc_ioctl_cancel_io(struct usbtmc_file_data * file_data)1802 static int usbtmc_ioctl_cancel_io(struct usbtmc_file_data *file_data)
1803 {
1804 spin_lock_irq(&file_data->err_lock);
1805 file_data->in_status = -ECANCELED;
1806 file_data->out_status = -ECANCELED;
1807 spin_unlock_irq(&file_data->err_lock);
1808 usb_kill_anchored_urbs(&file_data->submitted);
1809 return 0;
1810 }
1811
usbtmc_ioctl_cleanup_io(struct usbtmc_file_data * file_data)1812 static int usbtmc_ioctl_cleanup_io(struct usbtmc_file_data *file_data)
1813 {
1814 usb_kill_anchored_urbs(&file_data->submitted);
1815 usb_scuttle_anchored_urbs(&file_data->in_anchor);
1816 spin_lock_irq(&file_data->err_lock);
1817 file_data->in_status = 0;
1818 file_data->in_transfer_size = 0;
1819 file_data->out_status = 0;
1820 file_data->out_transfer_size = 0;
1821 spin_unlock_irq(&file_data->err_lock);
1822
1823 file_data->in_urbs_used = 0;
1824 return 0;
1825 }
1826
get_capabilities(struct usbtmc_device_data * data)1827 static int get_capabilities(struct usbtmc_device_data *data)
1828 {
1829 struct device *dev = &data->usb_dev->dev;
1830 char *buffer;
1831 int rv = 0;
1832
1833 buffer = kmalloc(0x18, GFP_KERNEL);
1834 if (!buffer)
1835 return -ENOMEM;
1836
1837 rv = usb_control_msg(data->usb_dev, usb_rcvctrlpipe(data->usb_dev, 0),
1838 USBTMC_REQUEST_GET_CAPABILITIES,
1839 USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE,
1840 0, 0, buffer, 0x18, USB_CTRL_GET_TIMEOUT);
1841 if (rv < 0) {
1842 dev_err(dev, "usb_control_msg returned %d\n", rv);
1843 goto err_out;
1844 }
1845
1846 dev_dbg(dev, "GET_CAPABILITIES returned %x\n", buffer[0]);
1847 if (buffer[0] != USBTMC_STATUS_SUCCESS) {
1848 dev_err(dev, "GET_CAPABILITIES returned %x\n", buffer[0]);
1849 rv = -EPERM;
1850 goto err_out;
1851 }
1852 dev_dbg(dev, "Interface capabilities are %x\n", buffer[4]);
1853 dev_dbg(dev, "Device capabilities are %x\n", buffer[5]);
1854 dev_dbg(dev, "USB488 interface capabilities are %x\n", buffer[14]);
1855 dev_dbg(dev, "USB488 device capabilities are %x\n", buffer[15]);
1856
1857 data->capabilities.interface_capabilities = buffer[4];
1858 data->capabilities.device_capabilities = buffer[5];
1859 data->capabilities.usb488_interface_capabilities = buffer[14];
1860 data->capabilities.usb488_device_capabilities = buffer[15];
1861 data->usb488_caps = (buffer[14] & 0x07) | ((buffer[15] & 0x0f) << 4);
1862 rv = 0;
1863
1864 err_out:
1865 kfree(buffer);
1866 return rv;
1867 }
1868
1869 #define capability_attribute(name) \
1870 static ssize_t name##_show(struct device *dev, \
1871 struct device_attribute *attr, char *buf) \
1872 { \
1873 struct usb_interface *intf = to_usb_interface(dev); \
1874 struct usbtmc_device_data *data = usb_get_intfdata(intf); \
1875 \
1876 return sprintf(buf, "%d\n", data->capabilities.name); \
1877 } \
1878 static DEVICE_ATTR_RO(name)
1879
1880 capability_attribute(interface_capabilities);
1881 capability_attribute(device_capabilities);
1882 capability_attribute(usb488_interface_capabilities);
1883 capability_attribute(usb488_device_capabilities);
1884
1885 static struct attribute *usbtmc_attrs[] = {
1886 &dev_attr_interface_capabilities.attr,
1887 &dev_attr_device_capabilities.attr,
1888 &dev_attr_usb488_interface_capabilities.attr,
1889 &dev_attr_usb488_device_capabilities.attr,
1890 NULL,
1891 };
1892 ATTRIBUTE_GROUPS(usbtmc);
1893
usbtmc_ioctl_indicator_pulse(struct usbtmc_device_data * data)1894 static int usbtmc_ioctl_indicator_pulse(struct usbtmc_device_data *data)
1895 {
1896 struct device *dev;
1897 u8 *buffer;
1898 int rv;
1899
1900 dev = &data->intf->dev;
1901
1902 buffer = kmalloc(2, GFP_KERNEL);
1903 if (!buffer)
1904 return -ENOMEM;
1905
1906 rv = usb_control_msg(data->usb_dev,
1907 usb_rcvctrlpipe(data->usb_dev, 0),
1908 USBTMC_REQUEST_INDICATOR_PULSE,
1909 USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE,
1910 0, 0, buffer, 0x01, USB_CTRL_GET_TIMEOUT);
1911
1912 if (rv < 0) {
1913 dev_err(dev, "usb_control_msg returned %d\n", rv);
1914 goto exit;
1915 }
1916
1917 dev_dbg(dev, "INDICATOR_PULSE returned %x\n", buffer[0]);
1918
1919 if (buffer[0] != USBTMC_STATUS_SUCCESS) {
1920 dev_err(dev, "INDICATOR_PULSE returned %x\n", buffer[0]);
1921 rv = -EPERM;
1922 goto exit;
1923 }
1924 rv = 0;
1925
1926 exit:
1927 kfree(buffer);
1928 return rv;
1929 }
1930
usbtmc_ioctl_request(struct usbtmc_device_data * data,void __user * arg)1931 static int usbtmc_ioctl_request(struct usbtmc_device_data *data,
1932 void __user *arg)
1933 {
1934 struct device *dev = &data->intf->dev;
1935 struct usbtmc_ctrlrequest request;
1936 u8 *buffer = NULL;
1937 int rv;
1938 unsigned int is_in, pipe;
1939 unsigned long res;
1940
1941 res = copy_from_user(&request, arg, sizeof(struct usbtmc_ctrlrequest));
1942 if (res)
1943 return -EFAULT;
1944
1945 if (request.req.wLength > USBTMC_BUFSIZE)
1946 return -EMSGSIZE;
1947 if (request.req.wLength == 0) /* Length-0 requests are never IN */
1948 request.req.bRequestType &= ~USB_DIR_IN;
1949
1950 is_in = request.req.bRequestType & USB_DIR_IN;
1951
1952 if (request.req.wLength) {
1953 buffer = kmalloc(request.req.wLength, GFP_KERNEL);
1954 if (!buffer)
1955 return -ENOMEM;
1956
1957 if (!is_in) {
1958 /* Send control data to device */
1959 res = copy_from_user(buffer, request.data,
1960 request.req.wLength);
1961 if (res) {
1962 rv = -EFAULT;
1963 goto exit;
1964 }
1965 }
1966 }
1967
1968 if (is_in)
1969 pipe = usb_rcvctrlpipe(data->usb_dev, 0);
1970 else
1971 pipe = usb_sndctrlpipe(data->usb_dev, 0);
1972 rv = usb_control_msg(data->usb_dev,
1973 pipe,
1974 request.req.bRequest,
1975 request.req.bRequestType,
1976 request.req.wValue,
1977 request.req.wIndex,
1978 buffer, request.req.wLength, USB_CTRL_GET_TIMEOUT);
1979
1980 if (rv < 0) {
1981 dev_err(dev, "%s failed %d\n", __func__, rv);
1982 goto exit;
1983 }
1984
1985 if (rv && is_in) {
1986 /* Read control data from device */
1987 res = copy_to_user(request.data, buffer, rv);
1988 if (res)
1989 rv = -EFAULT;
1990 }
1991
1992 exit:
1993 kfree(buffer);
1994 return rv;
1995 }
1996
1997 /*
1998 * Get the usb timeout value
1999 */
usbtmc_ioctl_get_timeout(struct usbtmc_file_data * file_data,void __user * arg)2000 static int usbtmc_ioctl_get_timeout(struct usbtmc_file_data *file_data,
2001 void __user *arg)
2002 {
2003 u32 timeout;
2004
2005 timeout = file_data->timeout;
2006
2007 return put_user(timeout, (__u32 __user *)arg);
2008 }
2009
2010 /*
2011 * Set the usb timeout value
2012 */
usbtmc_ioctl_set_timeout(struct usbtmc_file_data * file_data,void __user * arg)2013 static int usbtmc_ioctl_set_timeout(struct usbtmc_file_data *file_data,
2014 void __user *arg)
2015 {
2016 u32 timeout;
2017
2018 if (get_user(timeout, (__u32 __user *)arg))
2019 return -EFAULT;
2020
2021 /* Note that timeout = 0 means
2022 * MAX_SCHEDULE_TIMEOUT in usb_control_msg
2023 */
2024 if (timeout < USBTMC_MIN_TIMEOUT)
2025 return -EINVAL;
2026
2027 file_data->timeout = timeout;
2028
2029 return 0;
2030 }
2031
2032 /*
2033 * enables/disables sending EOM on write
2034 */
usbtmc_ioctl_eom_enable(struct usbtmc_file_data * file_data,void __user * arg)2035 static int usbtmc_ioctl_eom_enable(struct usbtmc_file_data *file_data,
2036 void __user *arg)
2037 {
2038 u8 eom_enable;
2039
2040 if (copy_from_user(&eom_enable, arg, sizeof(eom_enable)))
2041 return -EFAULT;
2042
2043 if (eom_enable > 1)
2044 return -EINVAL;
2045
2046 file_data->eom_val = eom_enable;
2047
2048 return 0;
2049 }
2050
2051 /*
2052 * Configure termination character for read()
2053 */
usbtmc_ioctl_config_termc(struct usbtmc_file_data * file_data,void __user * arg)2054 static int usbtmc_ioctl_config_termc(struct usbtmc_file_data *file_data,
2055 void __user *arg)
2056 {
2057 struct usbtmc_termchar termc;
2058
2059 if (copy_from_user(&termc, arg, sizeof(termc)))
2060 return -EFAULT;
2061
2062 if ((termc.term_char_enabled > 1) ||
2063 (termc.term_char_enabled &&
2064 !(file_data->data->capabilities.device_capabilities & 1)))
2065 return -EINVAL;
2066
2067 file_data->term_char = termc.term_char;
2068 file_data->term_char_enabled = termc.term_char_enabled;
2069
2070 return 0;
2071 }
2072
usbtmc_ioctl(struct file * file,unsigned int cmd,unsigned long arg)2073 static long usbtmc_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
2074 {
2075 struct usbtmc_file_data *file_data;
2076 struct usbtmc_device_data *data;
2077 int retval = -EBADRQC;
2078 __u8 tmp_byte;
2079
2080 file_data = file->private_data;
2081 data = file_data->data;
2082
2083 mutex_lock(&data->io_mutex);
2084 if (data->zombie) {
2085 retval = -ENODEV;
2086 goto skip_io_on_zombie;
2087 }
2088
2089 switch (cmd) {
2090 case USBTMC_IOCTL_CLEAR_OUT_HALT:
2091 retval = usbtmc_ioctl_clear_out_halt(data);
2092 break;
2093
2094 case USBTMC_IOCTL_CLEAR_IN_HALT:
2095 retval = usbtmc_ioctl_clear_in_halt(data);
2096 break;
2097
2098 case USBTMC_IOCTL_INDICATOR_PULSE:
2099 retval = usbtmc_ioctl_indicator_pulse(data);
2100 break;
2101
2102 case USBTMC_IOCTL_CLEAR:
2103 retval = usbtmc_ioctl_clear(data);
2104 break;
2105
2106 case USBTMC_IOCTL_ABORT_BULK_OUT:
2107 retval = usbtmc_ioctl_abort_bulk_out(data);
2108 break;
2109
2110 case USBTMC_IOCTL_ABORT_BULK_IN:
2111 retval = usbtmc_ioctl_abort_bulk_in(data);
2112 break;
2113
2114 case USBTMC_IOCTL_CTRL_REQUEST:
2115 retval = usbtmc_ioctl_request(data, (void __user *)arg);
2116 break;
2117
2118 case USBTMC_IOCTL_GET_TIMEOUT:
2119 retval = usbtmc_ioctl_get_timeout(file_data,
2120 (void __user *)arg);
2121 break;
2122
2123 case USBTMC_IOCTL_SET_TIMEOUT:
2124 retval = usbtmc_ioctl_set_timeout(file_data,
2125 (void __user *)arg);
2126 break;
2127
2128 case USBTMC_IOCTL_EOM_ENABLE:
2129 retval = usbtmc_ioctl_eom_enable(file_data,
2130 (void __user *)arg);
2131 break;
2132
2133 case USBTMC_IOCTL_CONFIG_TERMCHAR:
2134 retval = usbtmc_ioctl_config_termc(file_data,
2135 (void __user *)arg);
2136 break;
2137
2138 case USBTMC_IOCTL_WRITE:
2139 retval = usbtmc_ioctl_generic_write(file_data,
2140 (void __user *)arg);
2141 break;
2142
2143 case USBTMC_IOCTL_READ:
2144 retval = usbtmc_ioctl_generic_read(file_data,
2145 (void __user *)arg);
2146 break;
2147
2148 case USBTMC_IOCTL_WRITE_RESULT:
2149 retval = usbtmc_ioctl_write_result(file_data,
2150 (void __user *)arg);
2151 break;
2152
2153 case USBTMC_IOCTL_API_VERSION:
2154 retval = put_user(USBTMC_API_VERSION,
2155 (__u32 __user *)arg);
2156 break;
2157
2158 case USBTMC488_IOCTL_GET_CAPS:
2159 retval = put_user(data->usb488_caps,
2160 (unsigned char __user *)arg);
2161 break;
2162
2163 case USBTMC488_IOCTL_READ_STB:
2164 retval = usbtmc488_ioctl_read_stb(file_data,
2165 (void __user *)arg);
2166 break;
2167
2168 case USBTMC488_IOCTL_REN_CONTROL:
2169 retval = usbtmc488_ioctl_simple(data, (void __user *)arg,
2170 USBTMC488_REQUEST_REN_CONTROL);
2171 break;
2172
2173 case USBTMC488_IOCTL_GOTO_LOCAL:
2174 retval = usbtmc488_ioctl_simple(data, (void __user *)arg,
2175 USBTMC488_REQUEST_GOTO_LOCAL);
2176 break;
2177
2178 case USBTMC488_IOCTL_LOCAL_LOCKOUT:
2179 retval = usbtmc488_ioctl_simple(data, (void __user *)arg,
2180 USBTMC488_REQUEST_LOCAL_LOCKOUT);
2181 break;
2182
2183 case USBTMC488_IOCTL_TRIGGER:
2184 retval = usbtmc488_ioctl_trigger(file_data);
2185 break;
2186
2187 case USBTMC488_IOCTL_WAIT_SRQ:
2188 retval = usbtmc488_ioctl_wait_srq(file_data,
2189 (__u32 __user *)arg);
2190 break;
2191
2192 case USBTMC_IOCTL_MSG_IN_ATTR:
2193 retval = put_user(file_data->bmTransferAttributes,
2194 (__u8 __user *)arg);
2195 break;
2196
2197 case USBTMC_IOCTL_AUTO_ABORT:
2198 retval = get_user(tmp_byte, (unsigned char __user *)arg);
2199 if (retval == 0)
2200 file_data->auto_abort = !!tmp_byte;
2201 break;
2202
2203 case USBTMC_IOCTL_GET_STB:
2204 retval = usbtmc_get_stb(file_data, &tmp_byte);
2205 if (!retval)
2206 retval = put_user(tmp_byte, (__u8 __user *)arg);
2207 break;
2208
2209 case USBTMC_IOCTL_GET_SRQ_STB:
2210 retval = usbtmc_ioctl_get_srq_stb(file_data,
2211 (void __user *)arg);
2212 break;
2213
2214 case USBTMC_IOCTL_CANCEL_IO:
2215 retval = usbtmc_ioctl_cancel_io(file_data);
2216 break;
2217
2218 case USBTMC_IOCTL_CLEANUP_IO:
2219 retval = usbtmc_ioctl_cleanup_io(file_data);
2220 break;
2221 }
2222
2223 skip_io_on_zombie:
2224 mutex_unlock(&data->io_mutex);
2225 return retval;
2226 }
2227
usbtmc_fasync(int fd,struct file * file,int on)2228 static int usbtmc_fasync(int fd, struct file *file, int on)
2229 {
2230 struct usbtmc_file_data *file_data = file->private_data;
2231
2232 return fasync_helper(fd, file, on, &file_data->data->fasync);
2233 }
2234
usbtmc_poll(struct file * file,poll_table * wait)2235 static __poll_t usbtmc_poll(struct file *file, poll_table *wait)
2236 {
2237 struct usbtmc_file_data *file_data = file->private_data;
2238 struct usbtmc_device_data *data = file_data->data;
2239 __poll_t mask;
2240
2241 mutex_lock(&data->io_mutex);
2242
2243 if (data->zombie) {
2244 mask = EPOLLHUP | EPOLLERR;
2245 goto no_poll;
2246 }
2247
2248 poll_wait(file, &data->waitq, wait);
2249
2250 /* Note that EPOLLPRI is now assigned to SRQ, and
2251 * EPOLLIN|EPOLLRDNORM to normal read data.
2252 */
2253 mask = 0;
2254 if (atomic_read(&file_data->srq_asserted))
2255 mask |= EPOLLPRI;
2256
2257 /* Note that the anchor submitted includes all urbs for BULK IN
2258 * and OUT. So EPOLLOUT is signaled when BULK OUT is empty and
2259 * all BULK IN urbs are completed and moved to in_anchor.
2260 */
2261 if (usb_anchor_empty(&file_data->submitted))
2262 mask |= (EPOLLOUT | EPOLLWRNORM);
2263 if (!usb_anchor_empty(&file_data->in_anchor))
2264 mask |= (EPOLLIN | EPOLLRDNORM);
2265
2266 spin_lock_irq(&file_data->err_lock);
2267 if (file_data->in_status || file_data->out_status)
2268 mask |= EPOLLERR;
2269 spin_unlock_irq(&file_data->err_lock);
2270
2271 dev_dbg(&data->intf->dev, "poll mask = %x\n", mask);
2272
2273 no_poll:
2274 mutex_unlock(&data->io_mutex);
2275 return mask;
2276 }
2277
2278 static const struct file_operations fops = {
2279 .owner = THIS_MODULE,
2280 .read = usbtmc_read,
2281 .write = usbtmc_write,
2282 .open = usbtmc_open,
2283 .release = usbtmc_release,
2284 .flush = usbtmc_flush,
2285 .unlocked_ioctl = usbtmc_ioctl,
2286 .compat_ioctl = compat_ptr_ioctl,
2287 .fasync = usbtmc_fasync,
2288 .poll = usbtmc_poll,
2289 .llseek = default_llseek,
2290 };
2291
2292 static struct usb_class_driver usbtmc_class = {
2293 .name = "usbtmc%d",
2294 .fops = &fops,
2295 .minor_base = USBTMC_MINOR_BASE,
2296 };
2297
usbtmc_interrupt(struct urb * urb)2298 static void usbtmc_interrupt(struct urb *urb)
2299 {
2300 struct usbtmc_device_data *data = urb->context;
2301 struct device *dev = &data->intf->dev;
2302 int status = urb->status;
2303 int rv;
2304
2305 dev_dbg(&data->intf->dev, "int status: %d len %d\n",
2306 status, urb->actual_length);
2307
2308 switch (status) {
2309 case 0: /* SUCCESS */
2310 /* check for valid STB notification */
2311 if (data->iin_buffer[0] > 0x81) {
2312 data->bNotify1 = data->iin_buffer[0];
2313 data->bNotify2 = data->iin_buffer[1];
2314 atomic_set(&data->iin_data_valid, 1);
2315 wake_up_interruptible(&data->waitq);
2316 goto exit;
2317 }
2318 /* check for SRQ notification */
2319 if (data->iin_buffer[0] == 0x81) {
2320 unsigned long flags;
2321 struct list_head *elem;
2322
2323 if (data->fasync)
2324 kill_fasync(&data->fasync,
2325 SIGIO, POLL_PRI);
2326
2327 spin_lock_irqsave(&data->dev_lock, flags);
2328 list_for_each(elem, &data->file_list) {
2329 struct usbtmc_file_data *file_data;
2330
2331 file_data = list_entry(elem,
2332 struct usbtmc_file_data,
2333 file_elem);
2334 file_data->srq_byte = data->iin_buffer[1];
2335 atomic_set(&file_data->srq_asserted, 1);
2336 }
2337 spin_unlock_irqrestore(&data->dev_lock, flags);
2338
2339 dev_dbg(dev, "srq received bTag %x stb %x\n",
2340 (unsigned int)data->iin_buffer[0],
2341 (unsigned int)data->iin_buffer[1]);
2342 wake_up_interruptible_all(&data->waitq);
2343 goto exit;
2344 }
2345 dev_warn(dev, "invalid notification: %x\n",
2346 data->iin_buffer[0]);
2347 break;
2348 case -EOVERFLOW:
2349 dev_err(dev, "overflow with length %d, actual length is %d\n",
2350 data->iin_wMaxPacketSize, urb->actual_length);
2351 fallthrough;
2352 default:
2353 /* urb terminated, clean up */
2354 dev_dbg(dev, "urb terminated, status: %d\n", status);
2355 return;
2356 }
2357 exit:
2358 rv = usb_submit_urb(urb, GFP_ATOMIC);
2359 if (rv)
2360 dev_err(dev, "usb_submit_urb failed: %d\n", rv);
2361 }
2362
usbtmc_free_int(struct usbtmc_device_data * data)2363 static void usbtmc_free_int(struct usbtmc_device_data *data)
2364 {
2365 if (!data->iin_ep_present || !data->iin_urb)
2366 return;
2367 usb_kill_urb(data->iin_urb);
2368 kfree(data->iin_buffer);
2369 data->iin_buffer = NULL;
2370 usb_free_urb(data->iin_urb);
2371 data->iin_urb = NULL;
2372 kref_put(&data->kref, usbtmc_delete);
2373 }
2374
usbtmc_probe(struct usb_interface * intf,const struct usb_device_id * id)2375 static int usbtmc_probe(struct usb_interface *intf,
2376 const struct usb_device_id *id)
2377 {
2378 struct usbtmc_device_data *data;
2379 struct usb_host_interface *iface_desc;
2380 struct usb_endpoint_descriptor *bulk_in, *bulk_out, *int_in;
2381 int retcode;
2382
2383 dev_dbg(&intf->dev, "%s called\n", __func__);
2384
2385 data = kzalloc(sizeof(*data), GFP_KERNEL);
2386 if (!data)
2387 return -ENOMEM;
2388
2389 data->intf = intf;
2390 data->id = id;
2391 data->usb_dev = usb_get_dev(interface_to_usbdev(intf));
2392 usb_set_intfdata(intf, data);
2393 kref_init(&data->kref);
2394 mutex_init(&data->io_mutex);
2395 init_waitqueue_head(&data->waitq);
2396 atomic_set(&data->iin_data_valid, 0);
2397 INIT_LIST_HEAD(&data->file_list);
2398 spin_lock_init(&data->dev_lock);
2399
2400 data->zombie = 0;
2401
2402 /* Initialize USBTMC bTag and other fields */
2403 data->bTag = 1;
2404 /* 2 <= bTag <= 127 USBTMC-USB488 subclass specification 4.3.1 */
2405 data->iin_bTag = 2;
2406
2407 /* USBTMC devices have only one setting, so use that */
2408 iface_desc = data->intf->cur_altsetting;
2409 data->ifnum = iface_desc->desc.bInterfaceNumber;
2410
2411 /* Find bulk endpoints */
2412 retcode = usb_find_common_endpoints(iface_desc,
2413 &bulk_in, &bulk_out, NULL, NULL);
2414 if (retcode) {
2415 dev_err(&intf->dev, "bulk endpoints not found\n");
2416 goto err_put;
2417 }
2418
2419 retcode = -EINVAL;
2420 data->bulk_in = bulk_in->bEndpointAddress;
2421 data->wMaxPacketSize = usb_endpoint_maxp(bulk_in);
2422 if (!data->wMaxPacketSize)
2423 goto err_put;
2424 dev_dbg(&intf->dev, "Found bulk in endpoint at %u\n", data->bulk_in);
2425
2426 data->bulk_out = bulk_out->bEndpointAddress;
2427 dev_dbg(&intf->dev, "Found Bulk out endpoint at %u\n", data->bulk_out);
2428
2429 /* Find int endpoint */
2430 retcode = usb_find_int_in_endpoint(iface_desc, &int_in);
2431 if (!retcode) {
2432 data->iin_ep_present = 1;
2433 data->iin_ep = int_in->bEndpointAddress;
2434 data->iin_wMaxPacketSize = usb_endpoint_maxp(int_in);
2435 data->iin_interval = int_in->bInterval;
2436 dev_dbg(&intf->dev, "Found Int in endpoint at %u\n",
2437 data->iin_ep);
2438 }
2439
2440 retcode = get_capabilities(data);
2441 if (retcode)
2442 dev_err(&intf->dev, "can't read capabilities\n");
2443
2444 if (data->iin_ep_present) {
2445 /* allocate int urb */
2446 data->iin_urb = usb_alloc_urb(0, GFP_KERNEL);
2447 if (!data->iin_urb) {
2448 retcode = -ENOMEM;
2449 goto error_register;
2450 }
2451
2452 /* Protect interrupt in endpoint data until iin_urb is freed */
2453 kref_get(&data->kref);
2454
2455 /* allocate buffer for interrupt in */
2456 data->iin_buffer = kmalloc(data->iin_wMaxPacketSize,
2457 GFP_KERNEL);
2458 if (!data->iin_buffer) {
2459 retcode = -ENOMEM;
2460 goto error_register;
2461 }
2462
2463 /* fill interrupt urb */
2464 usb_fill_int_urb(data->iin_urb, data->usb_dev,
2465 usb_rcvintpipe(data->usb_dev, data->iin_ep),
2466 data->iin_buffer, data->iin_wMaxPacketSize,
2467 usbtmc_interrupt,
2468 data, data->iin_interval);
2469
2470 retcode = usb_submit_urb(data->iin_urb, GFP_KERNEL);
2471 if (retcode) {
2472 dev_err(&intf->dev, "Failed to submit iin_urb\n");
2473 goto error_register;
2474 }
2475 }
2476
2477 retcode = usb_register_dev(intf, &usbtmc_class);
2478 if (retcode) {
2479 dev_err(&intf->dev, "Not able to get a minor (base %u, slice default): %d\n",
2480 USBTMC_MINOR_BASE,
2481 retcode);
2482 goto error_register;
2483 }
2484 dev_dbg(&intf->dev, "Using minor number %d\n", intf->minor);
2485
2486 return 0;
2487
2488 error_register:
2489 usbtmc_free_int(data);
2490 err_put:
2491 kref_put(&data->kref, usbtmc_delete);
2492 return retcode;
2493 }
2494
usbtmc_disconnect(struct usb_interface * intf)2495 static void usbtmc_disconnect(struct usb_interface *intf)
2496 {
2497 struct usbtmc_device_data *data = usb_get_intfdata(intf);
2498 struct list_head *elem;
2499
2500 usb_deregister_dev(intf, &usbtmc_class);
2501 mutex_lock(&data->io_mutex);
2502 data->zombie = 1;
2503 wake_up_interruptible_all(&data->waitq);
2504 list_for_each(elem, &data->file_list) {
2505 struct usbtmc_file_data *file_data;
2506
2507 file_data = list_entry(elem,
2508 struct usbtmc_file_data,
2509 file_elem);
2510 usb_kill_anchored_urbs(&file_data->submitted);
2511 usb_scuttle_anchored_urbs(&file_data->in_anchor);
2512 }
2513 mutex_unlock(&data->io_mutex);
2514 usbtmc_free_int(data);
2515 kref_put(&data->kref, usbtmc_delete);
2516 }
2517
usbtmc_draw_down(struct usbtmc_file_data * file_data)2518 static void usbtmc_draw_down(struct usbtmc_file_data *file_data)
2519 {
2520 int time;
2521
2522 time = usb_wait_anchor_empty_timeout(&file_data->submitted, 1000);
2523 if (!time)
2524 usb_kill_anchored_urbs(&file_data->submitted);
2525 usb_scuttle_anchored_urbs(&file_data->in_anchor);
2526 }
2527
usbtmc_suspend(struct usb_interface * intf,pm_message_t message)2528 static int usbtmc_suspend(struct usb_interface *intf, pm_message_t message)
2529 {
2530 struct usbtmc_device_data *data = usb_get_intfdata(intf);
2531 struct list_head *elem;
2532
2533 if (!data)
2534 return 0;
2535
2536 mutex_lock(&data->io_mutex);
2537 list_for_each(elem, &data->file_list) {
2538 struct usbtmc_file_data *file_data;
2539
2540 file_data = list_entry(elem,
2541 struct usbtmc_file_data,
2542 file_elem);
2543 usbtmc_draw_down(file_data);
2544 }
2545
2546 if (data->iin_ep_present && data->iin_urb)
2547 usb_kill_urb(data->iin_urb);
2548
2549 mutex_unlock(&data->io_mutex);
2550 return 0;
2551 }
2552
usbtmc_resume(struct usb_interface * intf)2553 static int usbtmc_resume(struct usb_interface *intf)
2554 {
2555 struct usbtmc_device_data *data = usb_get_intfdata(intf);
2556 int retcode = 0;
2557
2558 if (data->iin_ep_present && data->iin_urb)
2559 retcode = usb_submit_urb(data->iin_urb, GFP_KERNEL);
2560 if (retcode)
2561 dev_err(&intf->dev, "Failed to submit iin_urb\n");
2562
2563 return retcode;
2564 }
2565
usbtmc_pre_reset(struct usb_interface * intf)2566 static int usbtmc_pre_reset(struct usb_interface *intf)
2567 {
2568 struct usbtmc_device_data *data = usb_get_intfdata(intf);
2569 struct list_head *elem;
2570
2571 if (!data)
2572 return 0;
2573
2574 mutex_lock(&data->io_mutex);
2575
2576 list_for_each(elem, &data->file_list) {
2577 struct usbtmc_file_data *file_data;
2578
2579 file_data = list_entry(elem,
2580 struct usbtmc_file_data,
2581 file_elem);
2582 usbtmc_ioctl_cancel_io(file_data);
2583 }
2584
2585 return 0;
2586 }
2587
usbtmc_post_reset(struct usb_interface * intf)2588 static int usbtmc_post_reset(struct usb_interface *intf)
2589 {
2590 struct usbtmc_device_data *data = usb_get_intfdata(intf);
2591
2592 mutex_unlock(&data->io_mutex);
2593
2594 return 0;
2595 }
2596
2597 static struct usb_driver usbtmc_driver = {
2598 .name = "usbtmc",
2599 .id_table = usbtmc_devices,
2600 .probe = usbtmc_probe,
2601 .disconnect = usbtmc_disconnect,
2602 .suspend = usbtmc_suspend,
2603 .resume = usbtmc_resume,
2604 .pre_reset = usbtmc_pre_reset,
2605 .post_reset = usbtmc_post_reset,
2606 .dev_groups = usbtmc_groups,
2607 };
2608
2609 module_usb_driver(usbtmc_driver);
2610
2611 MODULE_LICENSE("GPL");
2612