1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * cdc-wdm.c 4 * 5 * This driver supports USB CDC WCM Device Management. 6 * 7 * Copyright (c) 2007-2009 Oliver Neukum 8 * 9 * Some code taken from cdc-acm.c 10 * 11 * Released under the GPLv2. 12 * 13 * Many thanks to Carl Nordbeck 14 */ 15 #include <linux/kernel.h> 16 #include <linux/errno.h> 17 #include <linux/ioctl.h> 18 #include <linux/slab.h> 19 #include <linux/module.h> 20 #include <linux/mutex.h> 21 #include <linux/uaccess.h> 22 #include <linux/bitops.h> 23 #include <linux/poll.h> 24 #include <linux/usb.h> 25 #include <linux/usb/cdc.h> 26 #include <asm/byteorder.h> 27 #include <asm/unaligned.h> 28 #include <linux/usb/cdc-wdm.h> 29 30 #define DRIVER_AUTHOR "Oliver Neukum" 31 #define DRIVER_DESC "USB Abstract Control Model driver for USB WCM Device Management" 32 33 static const struct usb_device_id wdm_ids[] = { 34 { 35 .match_flags = USB_DEVICE_ID_MATCH_INT_CLASS | 36 USB_DEVICE_ID_MATCH_INT_SUBCLASS, 37 .bInterfaceClass = USB_CLASS_COMM, 38 .bInterfaceSubClass = USB_CDC_SUBCLASS_DMM 39 }, 40 { } 41 }; 42 43 MODULE_DEVICE_TABLE (usb, wdm_ids); 44 45 #define WDM_MINOR_BASE 176 46 47 48 #define WDM_IN_USE 1 49 #define WDM_DISCONNECTING 2 50 #define WDM_RESULT 3 51 #define WDM_READ 4 52 #define WDM_INT_STALL 5 53 #define WDM_POLL_RUNNING 6 54 #define WDM_RESPONDING 7 55 #define WDM_SUSPENDING 8 56 #define WDM_RESETTING 9 57 #define WDM_OVERFLOW 10 58 59 #define WDM_MAX 16 60 61 /* we cannot wait forever at flush() */ 62 #define WDM_FLUSH_TIMEOUT (30 * HZ) 63 64 /* CDC-WMC r1.1 requires wMaxCommand to be "at least 256 decimal (0x100)" */ 65 #define WDM_DEFAULT_BUFSIZE 256 66 67 static DEFINE_MUTEX(wdm_mutex); 68 static DEFINE_SPINLOCK(wdm_device_list_lock); 69 static LIST_HEAD(wdm_device_list); 70 71 /* --- method tables --- */ 72 73 struct wdm_device { 74 u8 *inbuf; /* buffer for response */ 75 u8 *outbuf; /* buffer for command */ 76 u8 *sbuf; /* buffer for status */ 77 u8 *ubuf; /* buffer for copy to user space */ 78 79 struct urb *command; 80 struct urb *response; 81 struct urb *validity; 82 struct usb_interface *intf; 83 struct usb_ctrlrequest *orq; 84 struct usb_ctrlrequest *irq; 85 spinlock_t iuspin; 86 87 unsigned long flags; 88 u16 bufsize; 89 u16 wMaxCommand; 90 u16 wMaxPacketSize; 91 __le16 inum; 92 int reslength; 93 int length; 94 int read; 95 int count; 96 dma_addr_t shandle; 97 dma_addr_t ihandle; 98 struct mutex wlock; 99 struct mutex rlock; 100 wait_queue_head_t wait; 101 struct work_struct rxwork; 102 struct work_struct service_outs_intr; 103 int werr; 104 int rerr; 105 int resp_count; 106 107 struct list_head device_list; 108 int (*manage_power)(struct usb_interface *, int); 109 }; 110 111 static struct usb_driver wdm_driver; 112 113 /* return intfdata if we own the interface, else look up intf in the list */ 114 static struct wdm_device *wdm_find_device(struct usb_interface *intf) 115 { 116 struct wdm_device *desc; 117 118 spin_lock(&wdm_device_list_lock); 119 list_for_each_entry(desc, &wdm_device_list, device_list) 120 if (desc->intf == intf) 121 goto found; 122 desc = NULL; 123 found: 124 spin_unlock(&wdm_device_list_lock); 125 126 return desc; 127 } 128 129 static struct wdm_device *wdm_find_device_by_minor(int minor) 130 { 131 struct wdm_device *desc; 132 133 spin_lock(&wdm_device_list_lock); 134 list_for_each_entry(desc, &wdm_device_list, device_list) 135 if (desc->intf->minor == minor) 136 goto found; 137 desc = NULL; 138 found: 139 spin_unlock(&wdm_device_list_lock); 140 141 return desc; 142 } 143 144 /* --- callbacks --- */ 145 static void wdm_out_callback(struct urb *urb) 146 { 147 struct wdm_device *desc; 148 unsigned long flags; 149 150 desc = urb->context; 151 spin_lock_irqsave(&desc->iuspin, flags); 152 desc->werr = urb->status; 153 spin_unlock_irqrestore(&desc->iuspin, flags); 154 kfree(desc->outbuf); 155 desc->outbuf = NULL; 156 clear_bit(WDM_IN_USE, &desc->flags); 157 wake_up_all(&desc->wait); 158 } 159 160 static void wdm_in_callback(struct urb *urb) 161 { 162 unsigned long flags; 163 struct wdm_device *desc = urb->context; 164 int status = urb->status; 165 int length = urb->actual_length; 166 167 spin_lock_irqsave(&desc->iuspin, flags); 168 clear_bit(WDM_RESPONDING, &desc->flags); 169 170 if (status) { 171 switch (status) { 172 case -ENOENT: 173 dev_dbg(&desc->intf->dev, 174 "nonzero urb status received: -ENOENT\n"); 175 goto skip_error; 176 case -ECONNRESET: 177 dev_dbg(&desc->intf->dev, 178 "nonzero urb status received: -ECONNRESET\n"); 179 goto skip_error; 180 case -ESHUTDOWN: 181 dev_dbg(&desc->intf->dev, 182 "nonzero urb status received: -ESHUTDOWN\n"); 183 goto skip_error; 184 case -EPIPE: 185 dev_err(&desc->intf->dev, 186 "nonzero urb status received: -EPIPE\n"); 187 break; 188 default: 189 dev_err(&desc->intf->dev, 190 "Unexpected error %d\n", status); 191 break; 192 } 193 } 194 195 /* 196 * only set a new error if there is no previous error. 197 * Errors are only cleared during read/open 198 * Avoid propagating -EPIPE (stall) to userspace since it is 199 * better handled as an empty read 200 */ 201 if (desc->rerr == 0 && status != -EPIPE) 202 desc->rerr = status; 203 204 if (length + desc->length > desc->wMaxCommand) { 205 /* The buffer would overflow */ 206 set_bit(WDM_OVERFLOW, &desc->flags); 207 } else { 208 /* we may already be in overflow */ 209 if (!test_bit(WDM_OVERFLOW, &desc->flags)) { 210 memmove(desc->ubuf + desc->length, desc->inbuf, length); 211 desc->length += length; 212 desc->reslength = length; 213 } 214 } 215 skip_error: 216 217 if (desc->rerr) { 218 /* 219 * Since there was an error, userspace may decide to not read 220 * any data after poll'ing. 221 * We should respond to further attempts from the device to send 222 * data, so that we can get unstuck. 223 */ 224 schedule_work(&desc->service_outs_intr); 225 } else { 226 set_bit(WDM_READ, &desc->flags); 227 wake_up(&desc->wait); 228 } 229 spin_unlock_irqrestore(&desc->iuspin, flags); 230 } 231 232 static void wdm_int_callback(struct urb *urb) 233 { 234 unsigned long flags; 235 int rv = 0; 236 int responding; 237 int status = urb->status; 238 struct wdm_device *desc; 239 struct usb_cdc_notification *dr; 240 241 desc = urb->context; 242 dr = (struct usb_cdc_notification *)desc->sbuf; 243 244 if (status) { 245 switch (status) { 246 case -ESHUTDOWN: 247 case -ENOENT: 248 case -ECONNRESET: 249 return; /* unplug */ 250 case -EPIPE: 251 set_bit(WDM_INT_STALL, &desc->flags); 252 dev_err(&desc->intf->dev, "Stall on int endpoint\n"); 253 goto sw; /* halt is cleared in work */ 254 default: 255 dev_err(&desc->intf->dev, 256 "nonzero urb status received: %d\n", status); 257 break; 258 } 259 } 260 261 if (urb->actual_length < sizeof(struct usb_cdc_notification)) { 262 dev_err(&desc->intf->dev, "wdm_int_callback - %d bytes\n", 263 urb->actual_length); 264 goto exit; 265 } 266 267 switch (dr->bNotificationType) { 268 case USB_CDC_NOTIFY_RESPONSE_AVAILABLE: 269 dev_dbg(&desc->intf->dev, 270 "NOTIFY_RESPONSE_AVAILABLE received: index %d len %d\n", 271 le16_to_cpu(dr->wIndex), le16_to_cpu(dr->wLength)); 272 break; 273 274 case USB_CDC_NOTIFY_NETWORK_CONNECTION: 275 276 dev_dbg(&desc->intf->dev, 277 "NOTIFY_NETWORK_CONNECTION %s network\n", 278 dr->wValue ? "connected to" : "disconnected from"); 279 goto exit; 280 case USB_CDC_NOTIFY_SPEED_CHANGE: 281 dev_dbg(&desc->intf->dev, "SPEED_CHANGE received (len %u)\n", 282 urb->actual_length); 283 goto exit; 284 default: 285 clear_bit(WDM_POLL_RUNNING, &desc->flags); 286 dev_err(&desc->intf->dev, 287 "unknown notification %d received: index %d len %d\n", 288 dr->bNotificationType, 289 le16_to_cpu(dr->wIndex), 290 le16_to_cpu(dr->wLength)); 291 goto exit; 292 } 293 294 spin_lock_irqsave(&desc->iuspin, flags); 295 responding = test_and_set_bit(WDM_RESPONDING, &desc->flags); 296 if (!desc->resp_count++ && !responding 297 && !test_bit(WDM_DISCONNECTING, &desc->flags) 298 && !test_bit(WDM_SUSPENDING, &desc->flags)) { 299 rv = usb_submit_urb(desc->response, GFP_ATOMIC); 300 dev_dbg(&desc->intf->dev, "submit response URB %d\n", rv); 301 } 302 spin_unlock_irqrestore(&desc->iuspin, flags); 303 if (rv < 0) { 304 clear_bit(WDM_RESPONDING, &desc->flags); 305 if (rv == -EPERM) 306 return; 307 if (rv == -ENOMEM) { 308 sw: 309 rv = schedule_work(&desc->rxwork); 310 if (rv) 311 dev_err(&desc->intf->dev, 312 "Cannot schedule work\n"); 313 } 314 } 315 exit: 316 rv = usb_submit_urb(urb, GFP_ATOMIC); 317 if (rv) 318 dev_err(&desc->intf->dev, 319 "%s - usb_submit_urb failed with result %d\n", 320 __func__, rv); 321 322 } 323 324 static void poison_urbs(struct wdm_device *desc) 325 { 326 /* the order here is essential */ 327 usb_poison_urb(desc->command); 328 usb_poison_urb(desc->validity); 329 usb_poison_urb(desc->response); 330 } 331 332 static void unpoison_urbs(struct wdm_device *desc) 333 { 334 /* 335 * the order here is not essential 336 * it is symmetrical just to be nice 337 */ 338 usb_unpoison_urb(desc->response); 339 usb_unpoison_urb(desc->validity); 340 usb_unpoison_urb(desc->command); 341 } 342 343 static void free_urbs(struct wdm_device *desc) 344 { 345 usb_free_urb(desc->validity); 346 usb_free_urb(desc->response); 347 usb_free_urb(desc->command); 348 } 349 350 static void cleanup(struct wdm_device *desc) 351 { 352 kfree(desc->sbuf); 353 kfree(desc->inbuf); 354 kfree(desc->orq); 355 kfree(desc->irq); 356 kfree(desc->ubuf); 357 free_urbs(desc); 358 kfree(desc); 359 } 360 361 static ssize_t wdm_write 362 (struct file *file, const char __user *buffer, size_t count, loff_t *ppos) 363 { 364 u8 *buf; 365 int rv = -EMSGSIZE, r, we; 366 struct wdm_device *desc = file->private_data; 367 struct usb_ctrlrequest *req; 368 369 if (count > desc->wMaxCommand) 370 count = desc->wMaxCommand; 371 372 spin_lock_irq(&desc->iuspin); 373 we = desc->werr; 374 desc->werr = 0; 375 spin_unlock_irq(&desc->iuspin); 376 if (we < 0) 377 return usb_translate_errors(we); 378 379 buf = memdup_user(buffer, count); 380 if (IS_ERR(buf)) 381 return PTR_ERR(buf); 382 383 /* concurrent writes and disconnect */ 384 r = mutex_lock_interruptible(&desc->wlock); 385 rv = -ERESTARTSYS; 386 if (r) 387 goto out_free_mem; 388 389 if (test_bit(WDM_DISCONNECTING, &desc->flags)) { 390 rv = -ENODEV; 391 goto out_free_mem_lock; 392 } 393 394 r = usb_autopm_get_interface(desc->intf); 395 if (r < 0) { 396 rv = usb_translate_errors(r); 397 goto out_free_mem_lock; 398 } 399 400 if (!(file->f_flags & O_NONBLOCK)) 401 r = wait_event_interruptible(desc->wait, !test_bit(WDM_IN_USE, 402 &desc->flags)); 403 else 404 if (test_bit(WDM_IN_USE, &desc->flags)) 405 r = -EAGAIN; 406 407 if (test_bit(WDM_RESETTING, &desc->flags)) 408 r = -EIO; 409 410 if (test_bit(WDM_DISCONNECTING, &desc->flags)) 411 r = -ENODEV; 412 413 if (r < 0) { 414 rv = r; 415 goto out_free_mem_pm; 416 } 417 418 req = desc->orq; 419 usb_fill_control_urb( 420 desc->command, 421 interface_to_usbdev(desc->intf), 422 /* using common endpoint 0 */ 423 usb_sndctrlpipe(interface_to_usbdev(desc->intf), 0), 424 (unsigned char *)req, 425 buf, 426 count, 427 wdm_out_callback, 428 desc 429 ); 430 431 req->bRequestType = (USB_DIR_OUT | USB_TYPE_CLASS | 432 USB_RECIP_INTERFACE); 433 req->bRequest = USB_CDC_SEND_ENCAPSULATED_COMMAND; 434 req->wValue = 0; 435 req->wIndex = desc->inum; /* already converted */ 436 req->wLength = cpu_to_le16(count); 437 set_bit(WDM_IN_USE, &desc->flags); 438 desc->outbuf = buf; 439 440 rv = usb_submit_urb(desc->command, GFP_KERNEL); 441 if (rv < 0) { 442 desc->outbuf = NULL; 443 clear_bit(WDM_IN_USE, &desc->flags); 444 wake_up_all(&desc->wait); /* for wdm_wait_for_response() */ 445 dev_err(&desc->intf->dev, "Tx URB error: %d\n", rv); 446 rv = usb_translate_errors(rv); 447 goto out_free_mem_pm; 448 } else { 449 dev_dbg(&desc->intf->dev, "Tx URB has been submitted index=%d\n", 450 le16_to_cpu(req->wIndex)); 451 } 452 453 usb_autopm_put_interface(desc->intf); 454 mutex_unlock(&desc->wlock); 455 return count; 456 457 out_free_mem_pm: 458 usb_autopm_put_interface(desc->intf); 459 out_free_mem_lock: 460 mutex_unlock(&desc->wlock); 461 out_free_mem: 462 kfree(buf); 463 return rv; 464 } 465 466 /* 467 * Submit the read urb if resp_count is non-zero. 468 * 469 * Called with desc->iuspin locked 470 */ 471 static int service_outstanding_interrupt(struct wdm_device *desc) 472 { 473 int rv = 0; 474 475 /* submit read urb only if the device is waiting for it */ 476 if (!desc->resp_count || !--desc->resp_count) 477 goto out; 478 479 if (test_bit(WDM_DISCONNECTING, &desc->flags)) { 480 rv = -ENODEV; 481 goto out; 482 } 483 if (test_bit(WDM_RESETTING, &desc->flags)) { 484 rv = -EIO; 485 goto out; 486 } 487 488 set_bit(WDM_RESPONDING, &desc->flags); 489 spin_unlock_irq(&desc->iuspin); 490 rv = usb_submit_urb(desc->response, GFP_KERNEL); 491 spin_lock_irq(&desc->iuspin); 492 if (rv) { 493 if (!test_bit(WDM_DISCONNECTING, &desc->flags)) 494 dev_err(&desc->intf->dev, 495 "usb_submit_urb failed with result %d\n", rv); 496 497 /* make sure the next notification trigger a submit */ 498 clear_bit(WDM_RESPONDING, &desc->flags); 499 desc->resp_count = 0; 500 } 501 out: 502 return rv; 503 } 504 505 static ssize_t wdm_read 506 (struct file *file, char __user *buffer, size_t count, loff_t *ppos) 507 { 508 int rv, cntr; 509 int i = 0; 510 struct wdm_device *desc = file->private_data; 511 512 513 rv = mutex_lock_interruptible(&desc->rlock); /*concurrent reads */ 514 if (rv < 0) 515 return -ERESTARTSYS; 516 517 cntr = READ_ONCE(desc->length); 518 if (cntr == 0) { 519 desc->read = 0; 520 retry: 521 if (test_bit(WDM_DISCONNECTING, &desc->flags)) { 522 rv = -ENODEV; 523 goto err; 524 } 525 if (test_bit(WDM_OVERFLOW, &desc->flags)) { 526 clear_bit(WDM_OVERFLOW, &desc->flags); 527 rv = -ENOBUFS; 528 goto err; 529 } 530 i++; 531 if (file->f_flags & O_NONBLOCK) { 532 if (!test_bit(WDM_READ, &desc->flags)) { 533 rv = -EAGAIN; 534 goto err; 535 } 536 rv = 0; 537 } else { 538 rv = wait_event_interruptible(desc->wait, 539 test_bit(WDM_READ, &desc->flags)); 540 } 541 542 /* may have happened while we slept */ 543 if (test_bit(WDM_DISCONNECTING, &desc->flags)) { 544 rv = -ENODEV; 545 goto err; 546 } 547 if (test_bit(WDM_RESETTING, &desc->flags)) { 548 rv = -EIO; 549 goto err; 550 } 551 usb_mark_last_busy(interface_to_usbdev(desc->intf)); 552 if (rv < 0) { 553 rv = -ERESTARTSYS; 554 goto err; 555 } 556 557 spin_lock_irq(&desc->iuspin); 558 559 if (desc->rerr) { /* read completed, error happened */ 560 rv = usb_translate_errors(desc->rerr); 561 desc->rerr = 0; 562 spin_unlock_irq(&desc->iuspin); 563 goto err; 564 } 565 /* 566 * recheck whether we've lost the race 567 * against the completion handler 568 */ 569 if (!test_bit(WDM_READ, &desc->flags)) { /* lost race */ 570 spin_unlock_irq(&desc->iuspin); 571 goto retry; 572 } 573 574 if (!desc->reslength) { /* zero length read */ 575 dev_dbg(&desc->intf->dev, "zero length - clearing WDM_READ\n"); 576 clear_bit(WDM_READ, &desc->flags); 577 rv = service_outstanding_interrupt(desc); 578 spin_unlock_irq(&desc->iuspin); 579 if (rv < 0) 580 goto err; 581 goto retry; 582 } 583 cntr = desc->length; 584 spin_unlock_irq(&desc->iuspin); 585 } 586 587 if (cntr > count) 588 cntr = count; 589 rv = copy_to_user(buffer, desc->ubuf, cntr); 590 if (rv > 0) { 591 rv = -EFAULT; 592 goto err; 593 } 594 595 spin_lock_irq(&desc->iuspin); 596 597 for (i = 0; i < desc->length - cntr; i++) 598 desc->ubuf[i] = desc->ubuf[i + cntr]; 599 600 desc->length -= cntr; 601 /* in case we had outstanding data */ 602 if (!desc->length) { 603 clear_bit(WDM_READ, &desc->flags); 604 service_outstanding_interrupt(desc); 605 } 606 spin_unlock_irq(&desc->iuspin); 607 rv = cntr; 608 609 err: 610 mutex_unlock(&desc->rlock); 611 return rv; 612 } 613 614 static int wdm_wait_for_response(struct file *file, long timeout) 615 { 616 struct wdm_device *desc = file->private_data; 617 long rv; /* Use long here because (int) MAX_SCHEDULE_TIMEOUT < 0. */ 618 619 /* 620 * Needs both flags. We cannot do with one because resetting it would 621 * cause a race with write() yet we need to signal a disconnect. 622 */ 623 rv = wait_event_interruptible_timeout(desc->wait, 624 !test_bit(WDM_IN_USE, &desc->flags) || 625 test_bit(WDM_DISCONNECTING, &desc->flags), 626 timeout); 627 628 /* 629 * To report the correct error. This is best effort. 630 * We are inevitably racing with the hardware. 631 */ 632 if (test_bit(WDM_DISCONNECTING, &desc->flags)) 633 return -ENODEV; 634 if (!rv) 635 return -EIO; 636 if (rv < 0) 637 return -EINTR; 638 639 spin_lock_irq(&desc->iuspin); 640 rv = desc->werr; 641 desc->werr = 0; 642 spin_unlock_irq(&desc->iuspin); 643 644 return usb_translate_errors(rv); 645 646 } 647 648 /* 649 * You need to send a signal when you react to malicious or defective hardware. 650 * Also, don't abort when fsync() returned -EINVAL, for older kernels which do 651 * not implement wdm_flush() will return -EINVAL. 652 */ 653 static int wdm_fsync(struct file *file, loff_t start, loff_t end, int datasync) 654 { 655 return wdm_wait_for_response(file, MAX_SCHEDULE_TIMEOUT); 656 } 657 658 /* 659 * Same with wdm_fsync(), except it uses finite timeout in order to react to 660 * malicious or defective hardware which ceased communication after close() was 661 * implicitly called due to process termination. 662 */ 663 static int wdm_flush(struct file *file, fl_owner_t id) 664 { 665 return wdm_wait_for_response(file, WDM_FLUSH_TIMEOUT); 666 } 667 668 static __poll_t wdm_poll(struct file *file, struct poll_table_struct *wait) 669 { 670 struct wdm_device *desc = file->private_data; 671 unsigned long flags; 672 __poll_t mask = 0; 673 674 spin_lock_irqsave(&desc->iuspin, flags); 675 if (test_bit(WDM_DISCONNECTING, &desc->flags)) { 676 mask = EPOLLHUP | EPOLLERR; 677 spin_unlock_irqrestore(&desc->iuspin, flags); 678 goto desc_out; 679 } 680 if (test_bit(WDM_READ, &desc->flags)) 681 mask = EPOLLIN | EPOLLRDNORM; 682 if (desc->rerr || desc->werr) 683 mask |= EPOLLERR; 684 if (!test_bit(WDM_IN_USE, &desc->flags)) 685 mask |= EPOLLOUT | EPOLLWRNORM; 686 spin_unlock_irqrestore(&desc->iuspin, flags); 687 688 poll_wait(file, &desc->wait, wait); 689 690 desc_out: 691 return mask; 692 } 693 694 static int wdm_open(struct inode *inode, struct file *file) 695 { 696 int minor = iminor(inode); 697 int rv = -ENODEV; 698 struct usb_interface *intf; 699 struct wdm_device *desc; 700 701 mutex_lock(&wdm_mutex); 702 desc = wdm_find_device_by_minor(minor); 703 if (!desc) 704 goto out; 705 706 intf = desc->intf; 707 if (test_bit(WDM_DISCONNECTING, &desc->flags)) 708 goto out; 709 file->private_data = desc; 710 711 rv = usb_autopm_get_interface(desc->intf); 712 if (rv < 0) { 713 dev_err(&desc->intf->dev, "Error autopm - %d\n", rv); 714 goto out; 715 } 716 717 /* using write lock to protect desc->count */ 718 mutex_lock(&desc->wlock); 719 if (!desc->count++) { 720 desc->werr = 0; 721 desc->rerr = 0; 722 rv = usb_submit_urb(desc->validity, GFP_KERNEL); 723 if (rv < 0) { 724 desc->count--; 725 dev_err(&desc->intf->dev, 726 "Error submitting int urb - %d\n", rv); 727 rv = usb_translate_errors(rv); 728 } 729 } else { 730 rv = 0; 731 } 732 mutex_unlock(&desc->wlock); 733 if (desc->count == 1) 734 desc->manage_power(intf, 1); 735 usb_autopm_put_interface(desc->intf); 736 out: 737 mutex_unlock(&wdm_mutex); 738 return rv; 739 } 740 741 static int wdm_release(struct inode *inode, struct file *file) 742 { 743 struct wdm_device *desc = file->private_data; 744 745 mutex_lock(&wdm_mutex); 746 747 /* using write lock to protect desc->count */ 748 mutex_lock(&desc->wlock); 749 desc->count--; 750 mutex_unlock(&desc->wlock); 751 752 if (!desc->count) { 753 if (!test_bit(WDM_DISCONNECTING, &desc->flags)) { 754 dev_dbg(&desc->intf->dev, "wdm_release: cleanup\n"); 755 poison_urbs(desc); 756 spin_lock_irq(&desc->iuspin); 757 desc->resp_count = 0; 758 spin_unlock_irq(&desc->iuspin); 759 desc->manage_power(desc->intf, 0); 760 unpoison_urbs(desc); 761 } else { 762 /* must avoid dev_printk here as desc->intf is invalid */ 763 pr_debug(KBUILD_MODNAME " %s: device gone - cleaning up\n", __func__); 764 cleanup(desc); 765 } 766 } 767 mutex_unlock(&wdm_mutex); 768 return 0; 769 } 770 771 static long wdm_ioctl(struct file *file, unsigned int cmd, unsigned long arg) 772 { 773 struct wdm_device *desc = file->private_data; 774 int rv = 0; 775 776 switch (cmd) { 777 case IOCTL_WDM_MAX_COMMAND: 778 if (copy_to_user((void __user *)arg, &desc->wMaxCommand, sizeof(desc->wMaxCommand))) 779 rv = -EFAULT; 780 break; 781 default: 782 rv = -ENOTTY; 783 } 784 return rv; 785 } 786 787 static const struct file_operations wdm_fops = { 788 .owner = THIS_MODULE, 789 .read = wdm_read, 790 .write = wdm_write, 791 .fsync = wdm_fsync, 792 .open = wdm_open, 793 .flush = wdm_flush, 794 .release = wdm_release, 795 .poll = wdm_poll, 796 .unlocked_ioctl = wdm_ioctl, 797 .compat_ioctl = compat_ptr_ioctl, 798 .llseek = noop_llseek, 799 }; 800 801 static struct usb_class_driver wdm_class = { 802 .name = "cdc-wdm%d", 803 .fops = &wdm_fops, 804 .minor_base = WDM_MINOR_BASE, 805 }; 806 807 /* --- error handling --- */ 808 static void wdm_rxwork(struct work_struct *work) 809 { 810 struct wdm_device *desc = container_of(work, struct wdm_device, rxwork); 811 unsigned long flags; 812 int rv = 0; 813 int responding; 814 815 spin_lock_irqsave(&desc->iuspin, flags); 816 if (test_bit(WDM_DISCONNECTING, &desc->flags)) { 817 spin_unlock_irqrestore(&desc->iuspin, flags); 818 } else { 819 responding = test_and_set_bit(WDM_RESPONDING, &desc->flags); 820 spin_unlock_irqrestore(&desc->iuspin, flags); 821 if (!responding) 822 rv = usb_submit_urb(desc->response, GFP_KERNEL); 823 if (rv < 0 && rv != -EPERM) { 824 spin_lock_irqsave(&desc->iuspin, flags); 825 clear_bit(WDM_RESPONDING, &desc->flags); 826 if (!test_bit(WDM_DISCONNECTING, &desc->flags)) 827 schedule_work(&desc->rxwork); 828 spin_unlock_irqrestore(&desc->iuspin, flags); 829 } 830 } 831 } 832 833 static void service_interrupt_work(struct work_struct *work) 834 { 835 struct wdm_device *desc; 836 837 desc = container_of(work, struct wdm_device, service_outs_intr); 838 839 spin_lock_irq(&desc->iuspin); 840 service_outstanding_interrupt(desc); 841 if (!desc->resp_count) { 842 set_bit(WDM_READ, &desc->flags); 843 wake_up(&desc->wait); 844 } 845 spin_unlock_irq(&desc->iuspin); 846 } 847 848 /* --- hotplug --- */ 849 850 static int wdm_create(struct usb_interface *intf, struct usb_endpoint_descriptor *ep, 851 u16 bufsize, int (*manage_power)(struct usb_interface *, int)) 852 { 853 int rv = -ENOMEM; 854 struct wdm_device *desc; 855 856 desc = kzalloc(sizeof(struct wdm_device), GFP_KERNEL); 857 if (!desc) 858 goto out; 859 INIT_LIST_HEAD(&desc->device_list); 860 mutex_init(&desc->rlock); 861 mutex_init(&desc->wlock); 862 spin_lock_init(&desc->iuspin); 863 init_waitqueue_head(&desc->wait); 864 desc->wMaxCommand = bufsize; 865 /* this will be expanded and needed in hardware endianness */ 866 desc->inum = cpu_to_le16((u16)intf->cur_altsetting->desc.bInterfaceNumber); 867 desc->intf = intf; 868 INIT_WORK(&desc->rxwork, wdm_rxwork); 869 INIT_WORK(&desc->service_outs_intr, service_interrupt_work); 870 871 rv = -EINVAL; 872 if (!usb_endpoint_is_int_in(ep)) 873 goto err; 874 875 desc->wMaxPacketSize = usb_endpoint_maxp(ep); 876 877 desc->orq = kmalloc(sizeof(struct usb_ctrlrequest), GFP_KERNEL); 878 if (!desc->orq) 879 goto err; 880 desc->irq = kmalloc(sizeof(struct usb_ctrlrequest), GFP_KERNEL); 881 if (!desc->irq) 882 goto err; 883 884 desc->validity = usb_alloc_urb(0, GFP_KERNEL); 885 if (!desc->validity) 886 goto err; 887 888 desc->response = usb_alloc_urb(0, GFP_KERNEL); 889 if (!desc->response) 890 goto err; 891 892 desc->command = usb_alloc_urb(0, GFP_KERNEL); 893 if (!desc->command) 894 goto err; 895 896 desc->ubuf = kmalloc(desc->wMaxCommand, GFP_KERNEL); 897 if (!desc->ubuf) 898 goto err; 899 900 desc->sbuf = kmalloc(desc->wMaxPacketSize, GFP_KERNEL); 901 if (!desc->sbuf) 902 goto err; 903 904 desc->inbuf = kmalloc(desc->wMaxCommand, GFP_KERNEL); 905 if (!desc->inbuf) 906 goto err; 907 908 usb_fill_int_urb( 909 desc->validity, 910 interface_to_usbdev(intf), 911 usb_rcvintpipe(interface_to_usbdev(intf), ep->bEndpointAddress), 912 desc->sbuf, 913 desc->wMaxPacketSize, 914 wdm_int_callback, 915 desc, 916 ep->bInterval 917 ); 918 919 desc->irq->bRequestType = (USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE); 920 desc->irq->bRequest = USB_CDC_GET_ENCAPSULATED_RESPONSE; 921 desc->irq->wValue = 0; 922 desc->irq->wIndex = desc->inum; /* already converted */ 923 desc->irq->wLength = cpu_to_le16(desc->wMaxCommand); 924 925 usb_fill_control_urb( 926 desc->response, 927 interface_to_usbdev(intf), 928 /* using common endpoint 0 */ 929 usb_rcvctrlpipe(interface_to_usbdev(desc->intf), 0), 930 (unsigned char *)desc->irq, 931 desc->inbuf, 932 desc->wMaxCommand, 933 wdm_in_callback, 934 desc 935 ); 936 937 desc->manage_power = manage_power; 938 939 spin_lock(&wdm_device_list_lock); 940 list_add(&desc->device_list, &wdm_device_list); 941 spin_unlock(&wdm_device_list_lock); 942 943 rv = usb_register_dev(intf, &wdm_class); 944 if (rv < 0) 945 goto err; 946 else 947 dev_info(&intf->dev, "%s: USB WDM device\n", dev_name(intf->usb_dev)); 948 out: 949 return rv; 950 err: 951 spin_lock(&wdm_device_list_lock); 952 list_del(&desc->device_list); 953 spin_unlock(&wdm_device_list_lock); 954 cleanup(desc); 955 return rv; 956 } 957 958 static int wdm_manage_power(struct usb_interface *intf, int on) 959 { 960 /* need autopm_get/put here to ensure the usbcore sees the new value */ 961 int rv = usb_autopm_get_interface(intf); 962 963 intf->needs_remote_wakeup = on; 964 if (!rv) 965 usb_autopm_put_interface(intf); 966 return 0; 967 } 968 969 static int wdm_probe(struct usb_interface *intf, const struct usb_device_id *id) 970 { 971 int rv = -EINVAL; 972 struct usb_host_interface *iface; 973 struct usb_endpoint_descriptor *ep; 974 struct usb_cdc_parsed_header hdr; 975 u8 *buffer = intf->altsetting->extra; 976 int buflen = intf->altsetting->extralen; 977 u16 maxcom = WDM_DEFAULT_BUFSIZE; 978 979 if (!buffer) 980 goto err; 981 982 cdc_parse_cdc_header(&hdr, intf, buffer, buflen); 983 984 if (hdr.usb_cdc_dmm_desc) 985 maxcom = le16_to_cpu(hdr.usb_cdc_dmm_desc->wMaxCommand); 986 987 iface = intf->cur_altsetting; 988 if (iface->desc.bNumEndpoints != 1) 989 goto err; 990 ep = &iface->endpoint[0].desc; 991 992 rv = wdm_create(intf, ep, maxcom, &wdm_manage_power); 993 994 err: 995 return rv; 996 } 997 998 /** 999 * usb_cdc_wdm_register - register a WDM subdriver 1000 * @intf: usb interface the subdriver will associate with 1001 * @ep: interrupt endpoint to monitor for notifications 1002 * @bufsize: maximum message size to support for read/write 1003 * @manage_power: call-back invoked during open and release to 1004 * manage the device's power 1005 * Create WDM usb class character device and associate it with intf 1006 * without binding, allowing another driver to manage the interface. 1007 * 1008 * The subdriver will manage the given interrupt endpoint exclusively 1009 * and will issue control requests referring to the given intf. It 1010 * will otherwise avoid interferring, and in particular not do 1011 * usb_set_intfdata/usb_get_intfdata on intf. 1012 * 1013 * The return value is a pointer to the subdriver's struct usb_driver. 1014 * The registering driver is responsible for calling this subdriver's 1015 * disconnect, suspend, resume, pre_reset and post_reset methods from 1016 * its own. 1017 */ 1018 struct usb_driver *usb_cdc_wdm_register(struct usb_interface *intf, 1019 struct usb_endpoint_descriptor *ep, 1020 int bufsize, 1021 int (*manage_power)(struct usb_interface *, int)) 1022 { 1023 int rv; 1024 1025 rv = wdm_create(intf, ep, bufsize, manage_power); 1026 if (rv < 0) 1027 goto err; 1028 1029 return &wdm_driver; 1030 err: 1031 return ERR_PTR(rv); 1032 } 1033 EXPORT_SYMBOL(usb_cdc_wdm_register); 1034 1035 static void wdm_disconnect(struct usb_interface *intf) 1036 { 1037 struct wdm_device *desc; 1038 unsigned long flags; 1039 1040 usb_deregister_dev(intf, &wdm_class); 1041 desc = wdm_find_device(intf); 1042 mutex_lock(&wdm_mutex); 1043 1044 /* the spinlock makes sure no new urbs are generated in the callbacks */ 1045 spin_lock_irqsave(&desc->iuspin, flags); 1046 set_bit(WDM_DISCONNECTING, &desc->flags); 1047 set_bit(WDM_READ, &desc->flags); 1048 spin_unlock_irqrestore(&desc->iuspin, flags); 1049 wake_up_all(&desc->wait); 1050 mutex_lock(&desc->rlock); 1051 mutex_lock(&desc->wlock); 1052 poison_urbs(desc); 1053 cancel_work_sync(&desc->rxwork); 1054 cancel_work_sync(&desc->service_outs_intr); 1055 mutex_unlock(&desc->wlock); 1056 mutex_unlock(&desc->rlock); 1057 1058 /* the desc->intf pointer used as list key is now invalid */ 1059 spin_lock(&wdm_device_list_lock); 1060 list_del(&desc->device_list); 1061 spin_unlock(&wdm_device_list_lock); 1062 1063 if (!desc->count) 1064 cleanup(desc); 1065 else 1066 dev_dbg(&intf->dev, "%d open files - postponing cleanup\n", desc->count); 1067 mutex_unlock(&wdm_mutex); 1068 } 1069 1070 #ifdef CONFIG_PM 1071 static int wdm_suspend(struct usb_interface *intf, pm_message_t message) 1072 { 1073 struct wdm_device *desc = wdm_find_device(intf); 1074 int rv = 0; 1075 1076 dev_dbg(&desc->intf->dev, "wdm%d_suspend\n", intf->minor); 1077 1078 /* if this is an autosuspend the caller does the locking */ 1079 if (!PMSG_IS_AUTO(message)) { 1080 mutex_lock(&desc->rlock); 1081 mutex_lock(&desc->wlock); 1082 } 1083 spin_lock_irq(&desc->iuspin); 1084 1085 if (PMSG_IS_AUTO(message) && 1086 (test_bit(WDM_IN_USE, &desc->flags) 1087 || test_bit(WDM_RESPONDING, &desc->flags))) { 1088 spin_unlock_irq(&desc->iuspin); 1089 rv = -EBUSY; 1090 } else { 1091 1092 set_bit(WDM_SUSPENDING, &desc->flags); 1093 spin_unlock_irq(&desc->iuspin); 1094 /* callback submits work - order is essential */ 1095 poison_urbs(desc); 1096 cancel_work_sync(&desc->rxwork); 1097 cancel_work_sync(&desc->service_outs_intr); 1098 unpoison_urbs(desc); 1099 } 1100 if (!PMSG_IS_AUTO(message)) { 1101 mutex_unlock(&desc->wlock); 1102 mutex_unlock(&desc->rlock); 1103 } 1104 1105 return rv; 1106 } 1107 #endif 1108 1109 static int recover_from_urb_loss(struct wdm_device *desc) 1110 { 1111 int rv = 0; 1112 1113 if (desc->count) { 1114 rv = usb_submit_urb(desc->validity, GFP_NOIO); 1115 if (rv < 0) 1116 dev_err(&desc->intf->dev, 1117 "Error resume submitting int urb - %d\n", rv); 1118 } 1119 return rv; 1120 } 1121 1122 #ifdef CONFIG_PM 1123 static int wdm_resume(struct usb_interface *intf) 1124 { 1125 struct wdm_device *desc = wdm_find_device(intf); 1126 int rv; 1127 1128 dev_dbg(&desc->intf->dev, "wdm%d_resume\n", intf->minor); 1129 1130 clear_bit(WDM_SUSPENDING, &desc->flags); 1131 rv = recover_from_urb_loss(desc); 1132 1133 return rv; 1134 } 1135 #endif 1136 1137 static int wdm_pre_reset(struct usb_interface *intf) 1138 { 1139 struct wdm_device *desc = wdm_find_device(intf); 1140 1141 /* 1142 * we notify everybody using poll of 1143 * an exceptional situation 1144 * must be done before recovery lest a spontaneous 1145 * message from the device is lost 1146 */ 1147 spin_lock_irq(&desc->iuspin); 1148 set_bit(WDM_RESETTING, &desc->flags); /* inform read/write */ 1149 set_bit(WDM_READ, &desc->flags); /* unblock read */ 1150 clear_bit(WDM_IN_USE, &desc->flags); /* unblock write */ 1151 desc->rerr = -EINTR; 1152 spin_unlock_irq(&desc->iuspin); 1153 wake_up_all(&desc->wait); 1154 mutex_lock(&desc->rlock); 1155 mutex_lock(&desc->wlock); 1156 poison_urbs(desc); 1157 cancel_work_sync(&desc->rxwork); 1158 cancel_work_sync(&desc->service_outs_intr); 1159 return 0; 1160 } 1161 1162 static int wdm_post_reset(struct usb_interface *intf) 1163 { 1164 struct wdm_device *desc = wdm_find_device(intf); 1165 int rv; 1166 1167 unpoison_urbs(desc); 1168 clear_bit(WDM_OVERFLOW, &desc->flags); 1169 clear_bit(WDM_RESETTING, &desc->flags); 1170 rv = recover_from_urb_loss(desc); 1171 mutex_unlock(&desc->wlock); 1172 mutex_unlock(&desc->rlock); 1173 return rv; 1174 } 1175 1176 static struct usb_driver wdm_driver = { 1177 .name = "cdc_wdm", 1178 .probe = wdm_probe, 1179 .disconnect = wdm_disconnect, 1180 #ifdef CONFIG_PM 1181 .suspend = wdm_suspend, 1182 .resume = wdm_resume, 1183 .reset_resume = wdm_resume, 1184 #endif 1185 .pre_reset = wdm_pre_reset, 1186 .post_reset = wdm_post_reset, 1187 .id_table = wdm_ids, 1188 .supports_autosuspend = 1, 1189 .disable_hub_initiated_lpm = 1, 1190 }; 1191 1192 module_usb_driver(wdm_driver); 1193 1194 MODULE_AUTHOR(DRIVER_AUTHOR); 1195 MODULE_DESCRIPTION(DRIVER_DESC); 1196 MODULE_LICENSE("GPL"); 1197