1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * cdc-wdm.c 4 * 5 * This driver supports USB CDC WCM Device Management. 6 * 7 * Copyright (c) 2007-2009 Oliver Neukum 8 * 9 * Some code taken from cdc-acm.c 10 * 11 * Released under the GPLv2. 12 * 13 * Many thanks to Carl Nordbeck 14 */ 15 #include <linux/kernel.h> 16 #include <linux/errno.h> 17 #include <linux/ioctl.h> 18 #include <linux/slab.h> 19 #include <linux/module.h> 20 #include <linux/mutex.h> 21 #include <linux/uaccess.h> 22 #include <linux/bitops.h> 23 #include <linux/poll.h> 24 #include <linux/usb.h> 25 #include <linux/usb/cdc.h> 26 #include <asm/byteorder.h> 27 #include <asm/unaligned.h> 28 #include <linux/usb/cdc-wdm.h> 29 30 #define DRIVER_AUTHOR "Oliver Neukum" 31 #define DRIVER_DESC "USB Abstract Control Model driver for USB WCM Device Management" 32 33 static const struct usb_device_id wdm_ids[] = { 34 { 35 .match_flags = USB_DEVICE_ID_MATCH_INT_CLASS | 36 USB_DEVICE_ID_MATCH_INT_SUBCLASS, 37 .bInterfaceClass = USB_CLASS_COMM, 38 .bInterfaceSubClass = USB_CDC_SUBCLASS_DMM 39 }, 40 { } 41 }; 42 43 MODULE_DEVICE_TABLE (usb, wdm_ids); 44 45 #define WDM_MINOR_BASE 176 46 47 48 #define WDM_IN_USE 1 49 #define WDM_DISCONNECTING 2 50 #define WDM_RESULT 3 51 #define WDM_READ 4 52 #define WDM_INT_STALL 5 53 #define WDM_POLL_RUNNING 6 54 #define WDM_RESPONDING 7 55 #define WDM_SUSPENDING 8 56 #define WDM_RESETTING 9 57 #define WDM_OVERFLOW 10 58 59 #define WDM_MAX 16 60 61 /* we cannot wait forever at flush() */ 62 #define WDM_FLUSH_TIMEOUT (30 * HZ) 63 64 /* CDC-WMC r1.1 requires wMaxCommand to be "at least 256 decimal (0x100)" */ 65 #define WDM_DEFAULT_BUFSIZE 256 66 67 static DEFINE_MUTEX(wdm_mutex); 68 static DEFINE_SPINLOCK(wdm_device_list_lock); 69 static LIST_HEAD(wdm_device_list); 70 71 /* --- method tables --- */ 72 73 struct wdm_device { 74 u8 *inbuf; /* buffer for response */ 75 u8 *outbuf; /* buffer for command */ 76 u8 *sbuf; /* buffer for status */ 77 u8 *ubuf; /* buffer for copy to user space */ 78 79 struct urb *command; 80 struct urb *response; 81 struct urb *validity; 82 struct usb_interface *intf; 83 struct usb_ctrlrequest *orq; 84 struct usb_ctrlrequest *irq; 85 spinlock_t iuspin; 86 87 unsigned long flags; 88 u16 bufsize; 89 u16 wMaxCommand; 90 u16 wMaxPacketSize; 91 __le16 inum; 92 int reslength; 93 int length; 94 int read; 95 int count; 96 dma_addr_t shandle; 97 dma_addr_t ihandle; 98 struct mutex wlock; 99 struct mutex rlock; 100 wait_queue_head_t wait; 101 struct work_struct rxwork; 102 struct work_struct service_outs_intr; 103 int werr; 104 int rerr; 105 int resp_count; 106 107 struct list_head device_list; 108 int (*manage_power)(struct usb_interface *, int); 109 }; 110 111 static struct usb_driver wdm_driver; 112 113 /* return intfdata if we own the interface, else look up intf in the list */ 114 static struct wdm_device *wdm_find_device(struct usb_interface *intf) 115 { 116 struct wdm_device *desc; 117 118 spin_lock(&wdm_device_list_lock); 119 list_for_each_entry(desc, &wdm_device_list, device_list) 120 if (desc->intf == intf) 121 goto found; 122 desc = NULL; 123 found: 124 spin_unlock(&wdm_device_list_lock); 125 126 return desc; 127 } 128 129 static struct wdm_device *wdm_find_device_by_minor(int minor) 130 { 131 struct wdm_device *desc; 132 133 spin_lock(&wdm_device_list_lock); 134 list_for_each_entry(desc, &wdm_device_list, device_list) 135 if (desc->intf->minor == minor) 136 goto found; 137 desc = NULL; 138 found: 139 spin_unlock(&wdm_device_list_lock); 140 141 return desc; 142 } 143 144 /* --- callbacks --- */ 145 static void wdm_out_callback(struct urb *urb) 146 { 147 struct wdm_device *desc; 148 unsigned long flags; 149 150 desc = urb->context; 151 spin_lock_irqsave(&desc->iuspin, flags); 152 desc->werr = urb->status; 153 spin_unlock_irqrestore(&desc->iuspin, flags); 154 kfree(desc->outbuf); 155 desc->outbuf = NULL; 156 clear_bit(WDM_IN_USE, &desc->flags); 157 wake_up_all(&desc->wait); 158 } 159 160 static void wdm_in_callback(struct urb *urb) 161 { 162 unsigned long flags; 163 struct wdm_device *desc = urb->context; 164 int status = urb->status; 165 int length = urb->actual_length; 166 167 spin_lock_irqsave(&desc->iuspin, flags); 168 clear_bit(WDM_RESPONDING, &desc->flags); 169 170 if (status) { 171 switch (status) { 172 case -ENOENT: 173 dev_dbg(&desc->intf->dev, 174 "nonzero urb status received: -ENOENT\n"); 175 goto skip_error; 176 case -ECONNRESET: 177 dev_dbg(&desc->intf->dev, 178 "nonzero urb status received: -ECONNRESET\n"); 179 goto skip_error; 180 case -ESHUTDOWN: 181 dev_dbg(&desc->intf->dev, 182 "nonzero urb status received: -ESHUTDOWN\n"); 183 goto skip_error; 184 case -EPIPE: 185 dev_err(&desc->intf->dev, 186 "nonzero urb status received: -EPIPE\n"); 187 break; 188 default: 189 dev_err(&desc->intf->dev, 190 "Unexpected error %d\n", status); 191 break; 192 } 193 } 194 195 /* 196 * only set a new error if there is no previous error. 197 * Errors are only cleared during read/open 198 * Avoid propagating -EPIPE (stall) to userspace since it is 199 * better handled as an empty read 200 */ 201 if (desc->rerr == 0 && status != -EPIPE) 202 desc->rerr = status; 203 204 if (length + desc->length > desc->wMaxCommand) { 205 /* The buffer would overflow */ 206 set_bit(WDM_OVERFLOW, &desc->flags); 207 } else { 208 /* we may already be in overflow */ 209 if (!test_bit(WDM_OVERFLOW, &desc->flags)) { 210 memmove(desc->ubuf + desc->length, desc->inbuf, length); 211 desc->length += length; 212 desc->reslength = length; 213 } 214 } 215 skip_error: 216 217 if (desc->rerr) { 218 /* 219 * Since there was an error, userspace may decide to not read 220 * any data after poll'ing. 221 * We should respond to further attempts from the device to send 222 * data, so that we can get unstuck. 223 */ 224 schedule_work(&desc->service_outs_intr); 225 } else { 226 set_bit(WDM_READ, &desc->flags); 227 wake_up(&desc->wait); 228 } 229 spin_unlock_irqrestore(&desc->iuspin, flags); 230 } 231 232 static void wdm_int_callback(struct urb *urb) 233 { 234 unsigned long flags; 235 int rv = 0; 236 int responding; 237 int status = urb->status; 238 struct wdm_device *desc; 239 struct usb_cdc_notification *dr; 240 241 desc = urb->context; 242 dr = (struct usb_cdc_notification *)desc->sbuf; 243 244 if (status) { 245 switch (status) { 246 case -ESHUTDOWN: 247 case -ENOENT: 248 case -ECONNRESET: 249 return; /* unplug */ 250 case -EPIPE: 251 set_bit(WDM_INT_STALL, &desc->flags); 252 dev_err(&desc->intf->dev, "Stall on int endpoint\n"); 253 goto sw; /* halt is cleared in work */ 254 default: 255 dev_err(&desc->intf->dev, 256 "nonzero urb status received: %d\n", status); 257 break; 258 } 259 } 260 261 if (urb->actual_length < sizeof(struct usb_cdc_notification)) { 262 dev_err(&desc->intf->dev, "wdm_int_callback - %d bytes\n", 263 urb->actual_length); 264 goto exit; 265 } 266 267 switch (dr->bNotificationType) { 268 case USB_CDC_NOTIFY_RESPONSE_AVAILABLE: 269 dev_dbg(&desc->intf->dev, 270 "NOTIFY_RESPONSE_AVAILABLE received: index %d len %d\n", 271 le16_to_cpu(dr->wIndex), le16_to_cpu(dr->wLength)); 272 break; 273 274 case USB_CDC_NOTIFY_NETWORK_CONNECTION: 275 276 dev_dbg(&desc->intf->dev, 277 "NOTIFY_NETWORK_CONNECTION %s network\n", 278 dr->wValue ? "connected to" : "disconnected from"); 279 goto exit; 280 case USB_CDC_NOTIFY_SPEED_CHANGE: 281 dev_dbg(&desc->intf->dev, "SPEED_CHANGE received (len %u)\n", 282 urb->actual_length); 283 goto exit; 284 default: 285 clear_bit(WDM_POLL_RUNNING, &desc->flags); 286 dev_err(&desc->intf->dev, 287 "unknown notification %d received: index %d len %d\n", 288 dr->bNotificationType, 289 le16_to_cpu(dr->wIndex), 290 le16_to_cpu(dr->wLength)); 291 goto exit; 292 } 293 294 spin_lock_irqsave(&desc->iuspin, flags); 295 responding = test_and_set_bit(WDM_RESPONDING, &desc->flags); 296 if (!desc->resp_count++ && !responding 297 && !test_bit(WDM_DISCONNECTING, &desc->flags) 298 && !test_bit(WDM_SUSPENDING, &desc->flags)) { 299 rv = usb_submit_urb(desc->response, GFP_ATOMIC); 300 dev_dbg(&desc->intf->dev, "submit response URB %d\n", rv); 301 } 302 spin_unlock_irqrestore(&desc->iuspin, flags); 303 if (rv < 0) { 304 clear_bit(WDM_RESPONDING, &desc->flags); 305 if (rv == -EPERM) 306 return; 307 if (rv == -ENOMEM) { 308 sw: 309 rv = schedule_work(&desc->rxwork); 310 if (rv) 311 dev_err(&desc->intf->dev, 312 "Cannot schedule work\n"); 313 } 314 } 315 exit: 316 rv = usb_submit_urb(urb, GFP_ATOMIC); 317 if (rv) 318 dev_err(&desc->intf->dev, 319 "%s - usb_submit_urb failed with result %d\n", 320 __func__, rv); 321 322 } 323 324 static void kill_urbs(struct wdm_device *desc) 325 { 326 /* the order here is essential */ 327 usb_kill_urb(desc->command); 328 usb_kill_urb(desc->validity); 329 usb_kill_urb(desc->response); 330 } 331 332 static void free_urbs(struct wdm_device *desc) 333 { 334 usb_free_urb(desc->validity); 335 usb_free_urb(desc->response); 336 usb_free_urb(desc->command); 337 } 338 339 static void cleanup(struct wdm_device *desc) 340 { 341 kfree(desc->sbuf); 342 kfree(desc->inbuf); 343 kfree(desc->orq); 344 kfree(desc->irq); 345 kfree(desc->ubuf); 346 free_urbs(desc); 347 kfree(desc); 348 } 349 350 static ssize_t wdm_write 351 (struct file *file, const char __user *buffer, size_t count, loff_t *ppos) 352 { 353 u8 *buf; 354 int rv = -EMSGSIZE, r, we; 355 struct wdm_device *desc = file->private_data; 356 struct usb_ctrlrequest *req; 357 358 if (count > desc->wMaxCommand) 359 count = desc->wMaxCommand; 360 361 spin_lock_irq(&desc->iuspin); 362 we = desc->werr; 363 desc->werr = 0; 364 spin_unlock_irq(&desc->iuspin); 365 if (we < 0) 366 return usb_translate_errors(we); 367 368 buf = memdup_user(buffer, count); 369 if (IS_ERR(buf)) 370 return PTR_ERR(buf); 371 372 /* concurrent writes and disconnect */ 373 r = mutex_lock_interruptible(&desc->wlock); 374 rv = -ERESTARTSYS; 375 if (r) 376 goto out_free_mem; 377 378 if (test_bit(WDM_DISCONNECTING, &desc->flags)) { 379 rv = -ENODEV; 380 goto out_free_mem_lock; 381 } 382 383 r = usb_autopm_get_interface(desc->intf); 384 if (r < 0) { 385 rv = usb_translate_errors(r); 386 goto out_free_mem_lock; 387 } 388 389 if (!(file->f_flags & O_NONBLOCK)) 390 r = wait_event_interruptible(desc->wait, !test_bit(WDM_IN_USE, 391 &desc->flags)); 392 else 393 if (test_bit(WDM_IN_USE, &desc->flags)) 394 r = -EAGAIN; 395 396 if (test_bit(WDM_RESETTING, &desc->flags)) 397 r = -EIO; 398 399 if (test_bit(WDM_DISCONNECTING, &desc->flags)) 400 r = -ENODEV; 401 402 if (r < 0) { 403 rv = r; 404 goto out_free_mem_pm; 405 } 406 407 req = desc->orq; 408 usb_fill_control_urb( 409 desc->command, 410 interface_to_usbdev(desc->intf), 411 /* using common endpoint 0 */ 412 usb_sndctrlpipe(interface_to_usbdev(desc->intf), 0), 413 (unsigned char *)req, 414 buf, 415 count, 416 wdm_out_callback, 417 desc 418 ); 419 420 req->bRequestType = (USB_DIR_OUT | USB_TYPE_CLASS | 421 USB_RECIP_INTERFACE); 422 req->bRequest = USB_CDC_SEND_ENCAPSULATED_COMMAND; 423 req->wValue = 0; 424 req->wIndex = desc->inum; /* already converted */ 425 req->wLength = cpu_to_le16(count); 426 set_bit(WDM_IN_USE, &desc->flags); 427 desc->outbuf = buf; 428 429 rv = usb_submit_urb(desc->command, GFP_KERNEL); 430 if (rv < 0) { 431 desc->outbuf = NULL; 432 clear_bit(WDM_IN_USE, &desc->flags); 433 wake_up_all(&desc->wait); /* for wdm_wait_for_response() */ 434 dev_err(&desc->intf->dev, "Tx URB error: %d\n", rv); 435 rv = usb_translate_errors(rv); 436 goto out_free_mem_pm; 437 } else { 438 dev_dbg(&desc->intf->dev, "Tx URB has been submitted index=%d\n", 439 le16_to_cpu(req->wIndex)); 440 } 441 442 usb_autopm_put_interface(desc->intf); 443 mutex_unlock(&desc->wlock); 444 return count; 445 446 out_free_mem_pm: 447 usb_autopm_put_interface(desc->intf); 448 out_free_mem_lock: 449 mutex_unlock(&desc->wlock); 450 out_free_mem: 451 kfree(buf); 452 return rv; 453 } 454 455 /* 456 * Submit the read urb if resp_count is non-zero. 457 * 458 * Called with desc->iuspin locked 459 */ 460 static int service_outstanding_interrupt(struct wdm_device *desc) 461 { 462 int rv = 0; 463 464 /* submit read urb only if the device is waiting for it */ 465 if (!desc->resp_count || !--desc->resp_count) 466 goto out; 467 468 set_bit(WDM_RESPONDING, &desc->flags); 469 spin_unlock_irq(&desc->iuspin); 470 rv = usb_submit_urb(desc->response, GFP_KERNEL); 471 spin_lock_irq(&desc->iuspin); 472 if (rv) { 473 dev_err(&desc->intf->dev, 474 "usb_submit_urb failed with result %d\n", rv); 475 476 /* make sure the next notification trigger a submit */ 477 clear_bit(WDM_RESPONDING, &desc->flags); 478 desc->resp_count = 0; 479 } 480 out: 481 return rv; 482 } 483 484 static ssize_t wdm_read 485 (struct file *file, char __user *buffer, size_t count, loff_t *ppos) 486 { 487 int rv, cntr; 488 int i = 0; 489 struct wdm_device *desc = file->private_data; 490 491 492 rv = mutex_lock_interruptible(&desc->rlock); /*concurrent reads */ 493 if (rv < 0) 494 return -ERESTARTSYS; 495 496 cntr = READ_ONCE(desc->length); 497 if (cntr == 0) { 498 desc->read = 0; 499 retry: 500 if (test_bit(WDM_DISCONNECTING, &desc->flags)) { 501 rv = -ENODEV; 502 goto err; 503 } 504 if (test_bit(WDM_OVERFLOW, &desc->flags)) { 505 clear_bit(WDM_OVERFLOW, &desc->flags); 506 rv = -ENOBUFS; 507 goto err; 508 } 509 i++; 510 if (file->f_flags & O_NONBLOCK) { 511 if (!test_bit(WDM_READ, &desc->flags)) { 512 rv = -EAGAIN; 513 goto err; 514 } 515 rv = 0; 516 } else { 517 rv = wait_event_interruptible(desc->wait, 518 test_bit(WDM_READ, &desc->flags)); 519 } 520 521 /* may have happened while we slept */ 522 if (test_bit(WDM_DISCONNECTING, &desc->flags)) { 523 rv = -ENODEV; 524 goto err; 525 } 526 if (test_bit(WDM_RESETTING, &desc->flags)) { 527 rv = -EIO; 528 goto err; 529 } 530 usb_mark_last_busy(interface_to_usbdev(desc->intf)); 531 if (rv < 0) { 532 rv = -ERESTARTSYS; 533 goto err; 534 } 535 536 spin_lock_irq(&desc->iuspin); 537 538 if (desc->rerr) { /* read completed, error happened */ 539 rv = usb_translate_errors(desc->rerr); 540 desc->rerr = 0; 541 spin_unlock_irq(&desc->iuspin); 542 goto err; 543 } 544 /* 545 * recheck whether we've lost the race 546 * against the completion handler 547 */ 548 if (!test_bit(WDM_READ, &desc->flags)) { /* lost race */ 549 spin_unlock_irq(&desc->iuspin); 550 goto retry; 551 } 552 553 if (!desc->reslength) { /* zero length read */ 554 dev_dbg(&desc->intf->dev, "zero length - clearing WDM_READ\n"); 555 clear_bit(WDM_READ, &desc->flags); 556 rv = service_outstanding_interrupt(desc); 557 spin_unlock_irq(&desc->iuspin); 558 if (rv < 0) 559 goto err; 560 goto retry; 561 } 562 cntr = desc->length; 563 spin_unlock_irq(&desc->iuspin); 564 } 565 566 if (cntr > count) 567 cntr = count; 568 rv = copy_to_user(buffer, desc->ubuf, cntr); 569 if (rv > 0) { 570 rv = -EFAULT; 571 goto err; 572 } 573 574 spin_lock_irq(&desc->iuspin); 575 576 for (i = 0; i < desc->length - cntr; i++) 577 desc->ubuf[i] = desc->ubuf[i + cntr]; 578 579 desc->length -= cntr; 580 /* in case we had outstanding data */ 581 if (!desc->length) { 582 clear_bit(WDM_READ, &desc->flags); 583 service_outstanding_interrupt(desc); 584 } 585 spin_unlock_irq(&desc->iuspin); 586 rv = cntr; 587 588 err: 589 mutex_unlock(&desc->rlock); 590 return rv; 591 } 592 593 static int wdm_wait_for_response(struct file *file, long timeout) 594 { 595 struct wdm_device *desc = file->private_data; 596 long rv; /* Use long here because (int) MAX_SCHEDULE_TIMEOUT < 0. */ 597 598 /* 599 * Needs both flags. We cannot do with one because resetting it would 600 * cause a race with write() yet we need to signal a disconnect. 601 */ 602 rv = wait_event_interruptible_timeout(desc->wait, 603 !test_bit(WDM_IN_USE, &desc->flags) || 604 test_bit(WDM_DISCONNECTING, &desc->flags), 605 timeout); 606 607 /* 608 * To report the correct error. This is best effort. 609 * We are inevitably racing with the hardware. 610 */ 611 if (test_bit(WDM_DISCONNECTING, &desc->flags)) 612 return -ENODEV; 613 if (!rv) 614 return -EIO; 615 if (rv < 0) 616 return -EINTR; 617 618 spin_lock_irq(&desc->iuspin); 619 rv = desc->werr; 620 desc->werr = 0; 621 spin_unlock_irq(&desc->iuspin); 622 623 return usb_translate_errors(rv); 624 625 } 626 627 /* 628 * You need to send a signal when you react to malicious or defective hardware. 629 * Also, don't abort when fsync() returned -EINVAL, for older kernels which do 630 * not implement wdm_flush() will return -EINVAL. 631 */ 632 static int wdm_fsync(struct file *file, loff_t start, loff_t end, int datasync) 633 { 634 return wdm_wait_for_response(file, MAX_SCHEDULE_TIMEOUT); 635 } 636 637 /* 638 * Same with wdm_fsync(), except it uses finite timeout in order to react to 639 * malicious or defective hardware which ceased communication after close() was 640 * implicitly called due to process termination. 641 */ 642 static int wdm_flush(struct file *file, fl_owner_t id) 643 { 644 return wdm_wait_for_response(file, WDM_FLUSH_TIMEOUT); 645 } 646 647 static __poll_t wdm_poll(struct file *file, struct poll_table_struct *wait) 648 { 649 struct wdm_device *desc = file->private_data; 650 unsigned long flags; 651 __poll_t mask = 0; 652 653 spin_lock_irqsave(&desc->iuspin, flags); 654 if (test_bit(WDM_DISCONNECTING, &desc->flags)) { 655 mask = EPOLLHUP | EPOLLERR; 656 spin_unlock_irqrestore(&desc->iuspin, flags); 657 goto desc_out; 658 } 659 if (test_bit(WDM_READ, &desc->flags)) 660 mask = EPOLLIN | EPOLLRDNORM; 661 if (desc->rerr || desc->werr) 662 mask |= EPOLLERR; 663 if (!test_bit(WDM_IN_USE, &desc->flags)) 664 mask |= EPOLLOUT | EPOLLWRNORM; 665 spin_unlock_irqrestore(&desc->iuspin, flags); 666 667 poll_wait(file, &desc->wait, wait); 668 669 desc_out: 670 return mask; 671 } 672 673 static int wdm_open(struct inode *inode, struct file *file) 674 { 675 int minor = iminor(inode); 676 int rv = -ENODEV; 677 struct usb_interface *intf; 678 struct wdm_device *desc; 679 680 mutex_lock(&wdm_mutex); 681 desc = wdm_find_device_by_minor(minor); 682 if (!desc) 683 goto out; 684 685 intf = desc->intf; 686 if (test_bit(WDM_DISCONNECTING, &desc->flags)) 687 goto out; 688 file->private_data = desc; 689 690 rv = usb_autopm_get_interface(desc->intf); 691 if (rv < 0) { 692 dev_err(&desc->intf->dev, "Error autopm - %d\n", rv); 693 goto out; 694 } 695 696 /* using write lock to protect desc->count */ 697 mutex_lock(&desc->wlock); 698 if (!desc->count++) { 699 desc->werr = 0; 700 desc->rerr = 0; 701 rv = usb_submit_urb(desc->validity, GFP_KERNEL); 702 if (rv < 0) { 703 desc->count--; 704 dev_err(&desc->intf->dev, 705 "Error submitting int urb - %d\n", rv); 706 rv = usb_translate_errors(rv); 707 } 708 } else { 709 rv = 0; 710 } 711 mutex_unlock(&desc->wlock); 712 if (desc->count == 1) 713 desc->manage_power(intf, 1); 714 usb_autopm_put_interface(desc->intf); 715 out: 716 mutex_unlock(&wdm_mutex); 717 return rv; 718 } 719 720 static int wdm_release(struct inode *inode, struct file *file) 721 { 722 struct wdm_device *desc = file->private_data; 723 724 mutex_lock(&wdm_mutex); 725 726 /* using write lock to protect desc->count */ 727 mutex_lock(&desc->wlock); 728 desc->count--; 729 mutex_unlock(&desc->wlock); 730 731 if (!desc->count) { 732 if (!test_bit(WDM_DISCONNECTING, &desc->flags)) { 733 dev_dbg(&desc->intf->dev, "wdm_release: cleanup\n"); 734 kill_urbs(desc); 735 spin_lock_irq(&desc->iuspin); 736 desc->resp_count = 0; 737 spin_unlock_irq(&desc->iuspin); 738 desc->manage_power(desc->intf, 0); 739 } else { 740 /* must avoid dev_printk here as desc->intf is invalid */ 741 pr_debug(KBUILD_MODNAME " %s: device gone - cleaning up\n", __func__); 742 cleanup(desc); 743 } 744 } 745 mutex_unlock(&wdm_mutex); 746 return 0; 747 } 748 749 static long wdm_ioctl(struct file *file, unsigned int cmd, unsigned long arg) 750 { 751 struct wdm_device *desc = file->private_data; 752 int rv = 0; 753 754 switch (cmd) { 755 case IOCTL_WDM_MAX_COMMAND: 756 if (copy_to_user((void __user *)arg, &desc->wMaxCommand, sizeof(desc->wMaxCommand))) 757 rv = -EFAULT; 758 break; 759 default: 760 rv = -ENOTTY; 761 } 762 return rv; 763 } 764 765 static const struct file_operations wdm_fops = { 766 .owner = THIS_MODULE, 767 .read = wdm_read, 768 .write = wdm_write, 769 .fsync = wdm_fsync, 770 .open = wdm_open, 771 .flush = wdm_flush, 772 .release = wdm_release, 773 .poll = wdm_poll, 774 .unlocked_ioctl = wdm_ioctl, 775 .compat_ioctl = compat_ptr_ioctl, 776 .llseek = noop_llseek, 777 }; 778 779 static struct usb_class_driver wdm_class = { 780 .name = "cdc-wdm%d", 781 .fops = &wdm_fops, 782 .minor_base = WDM_MINOR_BASE, 783 }; 784 785 /* --- error handling --- */ 786 static void wdm_rxwork(struct work_struct *work) 787 { 788 struct wdm_device *desc = container_of(work, struct wdm_device, rxwork); 789 unsigned long flags; 790 int rv = 0; 791 int responding; 792 793 spin_lock_irqsave(&desc->iuspin, flags); 794 if (test_bit(WDM_DISCONNECTING, &desc->flags)) { 795 spin_unlock_irqrestore(&desc->iuspin, flags); 796 } else { 797 responding = test_and_set_bit(WDM_RESPONDING, &desc->flags); 798 spin_unlock_irqrestore(&desc->iuspin, flags); 799 if (!responding) 800 rv = usb_submit_urb(desc->response, GFP_KERNEL); 801 if (rv < 0 && rv != -EPERM) { 802 spin_lock_irqsave(&desc->iuspin, flags); 803 clear_bit(WDM_RESPONDING, &desc->flags); 804 if (!test_bit(WDM_DISCONNECTING, &desc->flags)) 805 schedule_work(&desc->rxwork); 806 spin_unlock_irqrestore(&desc->iuspin, flags); 807 } 808 } 809 } 810 811 static void service_interrupt_work(struct work_struct *work) 812 { 813 struct wdm_device *desc; 814 815 desc = container_of(work, struct wdm_device, service_outs_intr); 816 817 spin_lock_irq(&desc->iuspin); 818 service_outstanding_interrupt(desc); 819 if (!desc->resp_count) { 820 set_bit(WDM_READ, &desc->flags); 821 wake_up(&desc->wait); 822 } 823 spin_unlock_irq(&desc->iuspin); 824 } 825 826 /* --- hotplug --- */ 827 828 static int wdm_create(struct usb_interface *intf, struct usb_endpoint_descriptor *ep, 829 u16 bufsize, int (*manage_power)(struct usb_interface *, int)) 830 { 831 int rv = -ENOMEM; 832 struct wdm_device *desc; 833 834 desc = kzalloc(sizeof(struct wdm_device), GFP_KERNEL); 835 if (!desc) 836 goto out; 837 INIT_LIST_HEAD(&desc->device_list); 838 mutex_init(&desc->rlock); 839 mutex_init(&desc->wlock); 840 spin_lock_init(&desc->iuspin); 841 init_waitqueue_head(&desc->wait); 842 desc->wMaxCommand = bufsize; 843 /* this will be expanded and needed in hardware endianness */ 844 desc->inum = cpu_to_le16((u16)intf->cur_altsetting->desc.bInterfaceNumber); 845 desc->intf = intf; 846 INIT_WORK(&desc->rxwork, wdm_rxwork); 847 INIT_WORK(&desc->service_outs_intr, service_interrupt_work); 848 849 rv = -EINVAL; 850 if (!usb_endpoint_is_int_in(ep)) 851 goto err; 852 853 desc->wMaxPacketSize = usb_endpoint_maxp(ep); 854 855 desc->orq = kmalloc(sizeof(struct usb_ctrlrequest), GFP_KERNEL); 856 if (!desc->orq) 857 goto err; 858 desc->irq = kmalloc(sizeof(struct usb_ctrlrequest), GFP_KERNEL); 859 if (!desc->irq) 860 goto err; 861 862 desc->validity = usb_alloc_urb(0, GFP_KERNEL); 863 if (!desc->validity) 864 goto err; 865 866 desc->response = usb_alloc_urb(0, GFP_KERNEL); 867 if (!desc->response) 868 goto err; 869 870 desc->command = usb_alloc_urb(0, GFP_KERNEL); 871 if (!desc->command) 872 goto err; 873 874 desc->ubuf = kmalloc(desc->wMaxCommand, GFP_KERNEL); 875 if (!desc->ubuf) 876 goto err; 877 878 desc->sbuf = kmalloc(desc->wMaxPacketSize, GFP_KERNEL); 879 if (!desc->sbuf) 880 goto err; 881 882 desc->inbuf = kmalloc(desc->wMaxCommand, GFP_KERNEL); 883 if (!desc->inbuf) 884 goto err; 885 886 usb_fill_int_urb( 887 desc->validity, 888 interface_to_usbdev(intf), 889 usb_rcvintpipe(interface_to_usbdev(intf), ep->bEndpointAddress), 890 desc->sbuf, 891 desc->wMaxPacketSize, 892 wdm_int_callback, 893 desc, 894 ep->bInterval 895 ); 896 897 desc->irq->bRequestType = (USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE); 898 desc->irq->bRequest = USB_CDC_GET_ENCAPSULATED_RESPONSE; 899 desc->irq->wValue = 0; 900 desc->irq->wIndex = desc->inum; /* already converted */ 901 desc->irq->wLength = cpu_to_le16(desc->wMaxCommand); 902 903 usb_fill_control_urb( 904 desc->response, 905 interface_to_usbdev(intf), 906 /* using common endpoint 0 */ 907 usb_rcvctrlpipe(interface_to_usbdev(desc->intf), 0), 908 (unsigned char *)desc->irq, 909 desc->inbuf, 910 desc->wMaxCommand, 911 wdm_in_callback, 912 desc 913 ); 914 915 desc->manage_power = manage_power; 916 917 spin_lock(&wdm_device_list_lock); 918 list_add(&desc->device_list, &wdm_device_list); 919 spin_unlock(&wdm_device_list_lock); 920 921 rv = usb_register_dev(intf, &wdm_class); 922 if (rv < 0) 923 goto err; 924 else 925 dev_info(&intf->dev, "%s: USB WDM device\n", dev_name(intf->usb_dev)); 926 out: 927 return rv; 928 err: 929 spin_lock(&wdm_device_list_lock); 930 list_del(&desc->device_list); 931 spin_unlock(&wdm_device_list_lock); 932 cleanup(desc); 933 return rv; 934 } 935 936 static int wdm_manage_power(struct usb_interface *intf, int on) 937 { 938 /* need autopm_get/put here to ensure the usbcore sees the new value */ 939 int rv = usb_autopm_get_interface(intf); 940 941 intf->needs_remote_wakeup = on; 942 if (!rv) 943 usb_autopm_put_interface(intf); 944 return 0; 945 } 946 947 static int wdm_probe(struct usb_interface *intf, const struct usb_device_id *id) 948 { 949 int rv = -EINVAL; 950 struct usb_host_interface *iface; 951 struct usb_endpoint_descriptor *ep; 952 struct usb_cdc_parsed_header hdr; 953 u8 *buffer = intf->altsetting->extra; 954 int buflen = intf->altsetting->extralen; 955 u16 maxcom = WDM_DEFAULT_BUFSIZE; 956 957 if (!buffer) 958 goto err; 959 960 cdc_parse_cdc_header(&hdr, intf, buffer, buflen); 961 962 if (hdr.usb_cdc_dmm_desc) 963 maxcom = le16_to_cpu(hdr.usb_cdc_dmm_desc->wMaxCommand); 964 965 iface = intf->cur_altsetting; 966 if (iface->desc.bNumEndpoints != 1) 967 goto err; 968 ep = &iface->endpoint[0].desc; 969 970 rv = wdm_create(intf, ep, maxcom, &wdm_manage_power); 971 972 err: 973 return rv; 974 } 975 976 /** 977 * usb_cdc_wdm_register - register a WDM subdriver 978 * @intf: usb interface the subdriver will associate with 979 * @ep: interrupt endpoint to monitor for notifications 980 * @bufsize: maximum message size to support for read/write 981 * @manage_power: call-back invoked during open and release to 982 * manage the device's power 983 * Create WDM usb class character device and associate it with intf 984 * without binding, allowing another driver to manage the interface. 985 * 986 * The subdriver will manage the given interrupt endpoint exclusively 987 * and will issue control requests referring to the given intf. It 988 * will otherwise avoid interferring, and in particular not do 989 * usb_set_intfdata/usb_get_intfdata on intf. 990 * 991 * The return value is a pointer to the subdriver's struct usb_driver. 992 * The registering driver is responsible for calling this subdriver's 993 * disconnect, suspend, resume, pre_reset and post_reset methods from 994 * its own. 995 */ 996 struct usb_driver *usb_cdc_wdm_register(struct usb_interface *intf, 997 struct usb_endpoint_descriptor *ep, 998 int bufsize, 999 int (*manage_power)(struct usb_interface *, int)) 1000 { 1001 int rv; 1002 1003 rv = wdm_create(intf, ep, bufsize, manage_power); 1004 if (rv < 0) 1005 goto err; 1006 1007 return &wdm_driver; 1008 err: 1009 return ERR_PTR(rv); 1010 } 1011 EXPORT_SYMBOL(usb_cdc_wdm_register); 1012 1013 static void wdm_disconnect(struct usb_interface *intf) 1014 { 1015 struct wdm_device *desc; 1016 unsigned long flags; 1017 1018 usb_deregister_dev(intf, &wdm_class); 1019 desc = wdm_find_device(intf); 1020 mutex_lock(&wdm_mutex); 1021 1022 /* the spinlock makes sure no new urbs are generated in the callbacks */ 1023 spin_lock_irqsave(&desc->iuspin, flags); 1024 set_bit(WDM_DISCONNECTING, &desc->flags); 1025 set_bit(WDM_READ, &desc->flags); 1026 spin_unlock_irqrestore(&desc->iuspin, flags); 1027 wake_up_all(&desc->wait); 1028 mutex_lock(&desc->rlock); 1029 mutex_lock(&desc->wlock); 1030 kill_urbs(desc); 1031 cancel_work_sync(&desc->rxwork); 1032 cancel_work_sync(&desc->service_outs_intr); 1033 mutex_unlock(&desc->wlock); 1034 mutex_unlock(&desc->rlock); 1035 1036 /* the desc->intf pointer used as list key is now invalid */ 1037 spin_lock(&wdm_device_list_lock); 1038 list_del(&desc->device_list); 1039 spin_unlock(&wdm_device_list_lock); 1040 1041 if (!desc->count) 1042 cleanup(desc); 1043 else 1044 dev_dbg(&intf->dev, "%d open files - postponing cleanup\n", desc->count); 1045 mutex_unlock(&wdm_mutex); 1046 } 1047 1048 #ifdef CONFIG_PM 1049 static int wdm_suspend(struct usb_interface *intf, pm_message_t message) 1050 { 1051 struct wdm_device *desc = wdm_find_device(intf); 1052 int rv = 0; 1053 1054 dev_dbg(&desc->intf->dev, "wdm%d_suspend\n", intf->minor); 1055 1056 /* if this is an autosuspend the caller does the locking */ 1057 if (!PMSG_IS_AUTO(message)) { 1058 mutex_lock(&desc->rlock); 1059 mutex_lock(&desc->wlock); 1060 } 1061 spin_lock_irq(&desc->iuspin); 1062 1063 if (PMSG_IS_AUTO(message) && 1064 (test_bit(WDM_IN_USE, &desc->flags) 1065 || test_bit(WDM_RESPONDING, &desc->flags))) { 1066 spin_unlock_irq(&desc->iuspin); 1067 rv = -EBUSY; 1068 } else { 1069 1070 set_bit(WDM_SUSPENDING, &desc->flags); 1071 spin_unlock_irq(&desc->iuspin); 1072 /* callback submits work - order is essential */ 1073 kill_urbs(desc); 1074 cancel_work_sync(&desc->rxwork); 1075 cancel_work_sync(&desc->service_outs_intr); 1076 } 1077 if (!PMSG_IS_AUTO(message)) { 1078 mutex_unlock(&desc->wlock); 1079 mutex_unlock(&desc->rlock); 1080 } 1081 1082 return rv; 1083 } 1084 #endif 1085 1086 static int recover_from_urb_loss(struct wdm_device *desc) 1087 { 1088 int rv = 0; 1089 1090 if (desc->count) { 1091 rv = usb_submit_urb(desc->validity, GFP_NOIO); 1092 if (rv < 0) 1093 dev_err(&desc->intf->dev, 1094 "Error resume submitting int urb - %d\n", rv); 1095 } 1096 return rv; 1097 } 1098 1099 #ifdef CONFIG_PM 1100 static int wdm_resume(struct usb_interface *intf) 1101 { 1102 struct wdm_device *desc = wdm_find_device(intf); 1103 int rv; 1104 1105 dev_dbg(&desc->intf->dev, "wdm%d_resume\n", intf->minor); 1106 1107 clear_bit(WDM_SUSPENDING, &desc->flags); 1108 rv = recover_from_urb_loss(desc); 1109 1110 return rv; 1111 } 1112 #endif 1113 1114 static int wdm_pre_reset(struct usb_interface *intf) 1115 { 1116 struct wdm_device *desc = wdm_find_device(intf); 1117 1118 /* 1119 * we notify everybody using poll of 1120 * an exceptional situation 1121 * must be done before recovery lest a spontaneous 1122 * message from the device is lost 1123 */ 1124 spin_lock_irq(&desc->iuspin); 1125 set_bit(WDM_RESETTING, &desc->flags); /* inform read/write */ 1126 set_bit(WDM_READ, &desc->flags); /* unblock read */ 1127 clear_bit(WDM_IN_USE, &desc->flags); /* unblock write */ 1128 desc->rerr = -EINTR; 1129 spin_unlock_irq(&desc->iuspin); 1130 wake_up_all(&desc->wait); 1131 mutex_lock(&desc->rlock); 1132 mutex_lock(&desc->wlock); 1133 kill_urbs(desc); 1134 cancel_work_sync(&desc->rxwork); 1135 cancel_work_sync(&desc->service_outs_intr); 1136 return 0; 1137 } 1138 1139 static int wdm_post_reset(struct usb_interface *intf) 1140 { 1141 struct wdm_device *desc = wdm_find_device(intf); 1142 int rv; 1143 1144 clear_bit(WDM_OVERFLOW, &desc->flags); 1145 clear_bit(WDM_RESETTING, &desc->flags); 1146 rv = recover_from_urb_loss(desc); 1147 mutex_unlock(&desc->wlock); 1148 mutex_unlock(&desc->rlock); 1149 return rv; 1150 } 1151 1152 static struct usb_driver wdm_driver = { 1153 .name = "cdc_wdm", 1154 .probe = wdm_probe, 1155 .disconnect = wdm_disconnect, 1156 #ifdef CONFIG_PM 1157 .suspend = wdm_suspend, 1158 .resume = wdm_resume, 1159 .reset_resume = wdm_resume, 1160 #endif 1161 .pre_reset = wdm_pre_reset, 1162 .post_reset = wdm_post_reset, 1163 .id_table = wdm_ids, 1164 .supports_autosuspend = 1, 1165 .disable_hub_initiated_lpm = 1, 1166 }; 1167 1168 module_usb_driver(wdm_driver); 1169 1170 MODULE_AUTHOR(DRIVER_AUTHOR); 1171 MODULE_DESCRIPTION(DRIVER_DESC); 1172 MODULE_LICENSE("GPL"); 1173