xref: /openbmc/linux/drivers/usb/class/cdc-wdm.c (revision c0ecca6604b80e438b032578634c6e133c7028f6)
1 // SPDX-License-Identifier: GPL-2.0
2 /*
3  * cdc-wdm.c
4  *
5  * This driver supports USB CDC WCM Device Management.
6  *
7  * Copyright (c) 2007-2009 Oliver Neukum
8  *
9  * Some code taken from cdc-acm.c
10  *
11  * Released under the GPLv2.
12  *
13  * Many thanks to Carl Nordbeck
14  */
15 #include <linux/kernel.h>
16 #include <linux/errno.h>
17 #include <linux/ioctl.h>
18 #include <linux/slab.h>
19 #include <linux/module.h>
20 #include <linux/mutex.h>
21 #include <linux/uaccess.h>
22 #include <linux/bitops.h>
23 #include <linux/poll.h>
24 #include <linux/usb.h>
25 #include <linux/usb/cdc.h>
26 #include <asm/byteorder.h>
27 #include <asm/unaligned.h>
28 #include <linux/usb/cdc-wdm.h>
29 
30 #define DRIVER_AUTHOR "Oliver Neukum"
31 #define DRIVER_DESC "USB Abstract Control Model driver for USB WCM Device Management"
32 
33 static const struct usb_device_id wdm_ids[] = {
34 	{
35 		.match_flags = USB_DEVICE_ID_MATCH_INT_CLASS |
36 				 USB_DEVICE_ID_MATCH_INT_SUBCLASS,
37 		.bInterfaceClass = USB_CLASS_COMM,
38 		.bInterfaceSubClass = USB_CDC_SUBCLASS_DMM
39 	},
40 	{ }
41 };
42 
43 MODULE_DEVICE_TABLE (usb, wdm_ids);
44 
45 #define WDM_MINOR_BASE	176
46 
47 
48 #define WDM_IN_USE		1
49 #define WDM_DISCONNECTING	2
50 #define WDM_RESULT		3
51 #define WDM_READ		4
52 #define WDM_INT_STALL		5
53 #define WDM_POLL_RUNNING	6
54 #define WDM_RESPONDING		7
55 #define WDM_SUSPENDING		8
56 #define WDM_RESETTING		9
57 #define WDM_OVERFLOW		10
58 
59 #define WDM_MAX			16
60 
61 /* we cannot wait forever at flush() */
62 #define WDM_FLUSH_TIMEOUT	(30 * HZ)
63 
64 /* CDC-WMC r1.1 requires wMaxCommand to be "at least 256 decimal (0x100)" */
65 #define WDM_DEFAULT_BUFSIZE	256
66 
67 static DEFINE_MUTEX(wdm_mutex);
68 static DEFINE_SPINLOCK(wdm_device_list_lock);
69 static LIST_HEAD(wdm_device_list);
70 
71 /* --- method tables --- */
72 
73 struct wdm_device {
74 	u8			*inbuf; /* buffer for response */
75 	u8			*outbuf; /* buffer for command */
76 	u8			*sbuf; /* buffer for status */
77 	u8			*ubuf; /* buffer for copy to user space */
78 
79 	struct urb		*command;
80 	struct urb		*response;
81 	struct urb		*validity;
82 	struct usb_interface	*intf;
83 	struct usb_ctrlrequest	*orq;
84 	struct usb_ctrlrequest	*irq;
85 	spinlock_t		iuspin;
86 
87 	unsigned long		flags;
88 	u16			bufsize;
89 	u16			wMaxCommand;
90 	u16			wMaxPacketSize;
91 	__le16			inum;
92 	int			reslength;
93 	int			length;
94 	int			read;
95 	int			count;
96 	dma_addr_t		shandle;
97 	dma_addr_t		ihandle;
98 	struct mutex		wlock;
99 	struct mutex		rlock;
100 	wait_queue_head_t	wait;
101 	struct work_struct	rxwork;
102 	struct work_struct	service_outs_intr;
103 	int			werr;
104 	int			rerr;
105 	int                     resp_count;
106 
107 	struct list_head	device_list;
108 	int			(*manage_power)(struct usb_interface *, int);
109 };
110 
111 static struct usb_driver wdm_driver;
112 
113 /* return intfdata if we own the interface, else look up intf in the list */
114 static struct wdm_device *wdm_find_device(struct usb_interface *intf)
115 {
116 	struct wdm_device *desc;
117 
118 	spin_lock(&wdm_device_list_lock);
119 	list_for_each_entry(desc, &wdm_device_list, device_list)
120 		if (desc->intf == intf)
121 			goto found;
122 	desc = NULL;
123 found:
124 	spin_unlock(&wdm_device_list_lock);
125 
126 	return desc;
127 }
128 
129 static struct wdm_device *wdm_find_device_by_minor(int minor)
130 {
131 	struct wdm_device *desc;
132 
133 	spin_lock(&wdm_device_list_lock);
134 	list_for_each_entry(desc, &wdm_device_list, device_list)
135 		if (desc->intf->minor == minor)
136 			goto found;
137 	desc = NULL;
138 found:
139 	spin_unlock(&wdm_device_list_lock);
140 
141 	return desc;
142 }
143 
144 /* --- callbacks --- */
145 static void wdm_out_callback(struct urb *urb)
146 {
147 	struct wdm_device *desc;
148 	unsigned long flags;
149 
150 	desc = urb->context;
151 	spin_lock_irqsave(&desc->iuspin, flags);
152 	desc->werr = urb->status;
153 	spin_unlock_irqrestore(&desc->iuspin, flags);
154 	kfree(desc->outbuf);
155 	desc->outbuf = NULL;
156 	clear_bit(WDM_IN_USE, &desc->flags);
157 	wake_up_all(&desc->wait);
158 }
159 
160 static void wdm_in_callback(struct urb *urb)
161 {
162 	unsigned long flags;
163 	struct wdm_device *desc = urb->context;
164 	int status = urb->status;
165 	int length = urb->actual_length;
166 
167 	spin_lock_irqsave(&desc->iuspin, flags);
168 	clear_bit(WDM_RESPONDING, &desc->flags);
169 
170 	if (status) {
171 		switch (status) {
172 		case -ENOENT:
173 			dev_dbg(&desc->intf->dev,
174 				"nonzero urb status received: -ENOENT\n");
175 			goto skip_error;
176 		case -ECONNRESET:
177 			dev_dbg(&desc->intf->dev,
178 				"nonzero urb status received: -ECONNRESET\n");
179 			goto skip_error;
180 		case -ESHUTDOWN:
181 			dev_dbg(&desc->intf->dev,
182 				"nonzero urb status received: -ESHUTDOWN\n");
183 			goto skip_error;
184 		case -EPIPE:
185 			dev_err(&desc->intf->dev,
186 				"nonzero urb status received: -EPIPE\n");
187 			break;
188 		default:
189 			dev_err(&desc->intf->dev,
190 				"Unexpected error %d\n", status);
191 			break;
192 		}
193 	}
194 
195 	/*
196 	 * only set a new error if there is no previous error.
197 	 * Errors are only cleared during read/open
198 	 * Avoid propagating -EPIPE (stall) to userspace since it is
199 	 * better handled as an empty read
200 	 */
201 	if (desc->rerr == 0 && status != -EPIPE)
202 		desc->rerr = status;
203 
204 	if (length + desc->length > desc->wMaxCommand) {
205 		/* The buffer would overflow */
206 		set_bit(WDM_OVERFLOW, &desc->flags);
207 	} else {
208 		/* we may already be in overflow */
209 		if (!test_bit(WDM_OVERFLOW, &desc->flags)) {
210 			memmove(desc->ubuf + desc->length, desc->inbuf, length);
211 			desc->length += length;
212 			desc->reslength = length;
213 		}
214 	}
215 skip_error:
216 
217 	if (desc->rerr) {
218 		/*
219 		 * Since there was an error, userspace may decide to not read
220 		 * any data after poll'ing.
221 		 * We should respond to further attempts from the device to send
222 		 * data, so that we can get unstuck.
223 		 */
224 		schedule_work(&desc->service_outs_intr);
225 	} else {
226 		set_bit(WDM_READ, &desc->flags);
227 		wake_up(&desc->wait);
228 	}
229 	spin_unlock_irqrestore(&desc->iuspin, flags);
230 }
231 
232 static void wdm_int_callback(struct urb *urb)
233 {
234 	unsigned long flags;
235 	int rv = 0;
236 	int responding;
237 	int status = urb->status;
238 	struct wdm_device *desc;
239 	struct usb_cdc_notification *dr;
240 
241 	desc = urb->context;
242 	dr = (struct usb_cdc_notification *)desc->sbuf;
243 
244 	if (status) {
245 		switch (status) {
246 		case -ESHUTDOWN:
247 		case -ENOENT:
248 		case -ECONNRESET:
249 			return; /* unplug */
250 		case -EPIPE:
251 			set_bit(WDM_INT_STALL, &desc->flags);
252 			dev_err(&desc->intf->dev, "Stall on int endpoint\n");
253 			goto sw; /* halt is cleared in work */
254 		default:
255 			dev_err(&desc->intf->dev,
256 				"nonzero urb status received: %d\n", status);
257 			break;
258 		}
259 	}
260 
261 	if (urb->actual_length < sizeof(struct usb_cdc_notification)) {
262 		dev_err(&desc->intf->dev, "wdm_int_callback - %d bytes\n",
263 			urb->actual_length);
264 		goto exit;
265 	}
266 
267 	switch (dr->bNotificationType) {
268 	case USB_CDC_NOTIFY_RESPONSE_AVAILABLE:
269 		dev_dbg(&desc->intf->dev,
270 			"NOTIFY_RESPONSE_AVAILABLE received: index %d len %d\n",
271 			le16_to_cpu(dr->wIndex), le16_to_cpu(dr->wLength));
272 		break;
273 
274 	case USB_CDC_NOTIFY_NETWORK_CONNECTION:
275 
276 		dev_dbg(&desc->intf->dev,
277 			"NOTIFY_NETWORK_CONNECTION %s network\n",
278 			dr->wValue ? "connected to" : "disconnected from");
279 		goto exit;
280 	case USB_CDC_NOTIFY_SPEED_CHANGE:
281 		dev_dbg(&desc->intf->dev, "SPEED_CHANGE received (len %u)\n",
282 			urb->actual_length);
283 		goto exit;
284 	default:
285 		clear_bit(WDM_POLL_RUNNING, &desc->flags);
286 		dev_err(&desc->intf->dev,
287 			"unknown notification %d received: index %d len %d\n",
288 			dr->bNotificationType,
289 			le16_to_cpu(dr->wIndex),
290 			le16_to_cpu(dr->wLength));
291 		goto exit;
292 	}
293 
294 	spin_lock_irqsave(&desc->iuspin, flags);
295 	responding = test_and_set_bit(WDM_RESPONDING, &desc->flags);
296 	if (!desc->resp_count++ && !responding
297 		&& !test_bit(WDM_DISCONNECTING, &desc->flags)
298 		&& !test_bit(WDM_SUSPENDING, &desc->flags)) {
299 		rv = usb_submit_urb(desc->response, GFP_ATOMIC);
300 		dev_dbg(&desc->intf->dev, "submit response URB %d\n", rv);
301 	}
302 	spin_unlock_irqrestore(&desc->iuspin, flags);
303 	if (rv < 0) {
304 		clear_bit(WDM_RESPONDING, &desc->flags);
305 		if (rv == -EPERM)
306 			return;
307 		if (rv == -ENOMEM) {
308 sw:
309 			rv = schedule_work(&desc->rxwork);
310 			if (rv)
311 				dev_err(&desc->intf->dev,
312 					"Cannot schedule work\n");
313 		}
314 	}
315 exit:
316 	rv = usb_submit_urb(urb, GFP_ATOMIC);
317 	if (rv)
318 		dev_err(&desc->intf->dev,
319 			"%s - usb_submit_urb failed with result %d\n",
320 			__func__, rv);
321 
322 }
323 
324 static void poison_urbs(struct wdm_device *desc)
325 {
326 	/* the order here is essential */
327 	usb_poison_urb(desc->command);
328 	usb_poison_urb(desc->validity);
329 	usb_poison_urb(desc->response);
330 }
331 
332 static void unpoison_urbs(struct wdm_device *desc)
333 {
334 	/*
335 	 *  the order here is not essential
336 	 *  it is symmetrical just to be nice
337 	 */
338 	usb_unpoison_urb(desc->response);
339 	usb_unpoison_urb(desc->validity);
340 	usb_unpoison_urb(desc->command);
341 }
342 
343 static void free_urbs(struct wdm_device *desc)
344 {
345 	usb_free_urb(desc->validity);
346 	usb_free_urb(desc->response);
347 	usb_free_urb(desc->command);
348 }
349 
350 static void cleanup(struct wdm_device *desc)
351 {
352 	kfree(desc->sbuf);
353 	kfree(desc->inbuf);
354 	kfree(desc->orq);
355 	kfree(desc->irq);
356 	kfree(desc->ubuf);
357 	free_urbs(desc);
358 	kfree(desc);
359 }
360 
361 static ssize_t wdm_write
362 (struct file *file, const char __user *buffer, size_t count, loff_t *ppos)
363 {
364 	u8 *buf;
365 	int rv = -EMSGSIZE, r, we;
366 	struct wdm_device *desc = file->private_data;
367 	struct usb_ctrlrequest *req;
368 
369 	if (count > desc->wMaxCommand)
370 		count = desc->wMaxCommand;
371 
372 	spin_lock_irq(&desc->iuspin);
373 	we = desc->werr;
374 	desc->werr = 0;
375 	spin_unlock_irq(&desc->iuspin);
376 	if (we < 0)
377 		return usb_translate_errors(we);
378 
379 	buf = memdup_user(buffer, count);
380 	if (IS_ERR(buf))
381 		return PTR_ERR(buf);
382 
383 	/* concurrent writes and disconnect */
384 	r = mutex_lock_interruptible(&desc->wlock);
385 	rv = -ERESTARTSYS;
386 	if (r)
387 		goto out_free_mem;
388 
389 	if (test_bit(WDM_DISCONNECTING, &desc->flags)) {
390 		rv = -ENODEV;
391 		goto out_free_mem_lock;
392 	}
393 
394 	r = usb_autopm_get_interface(desc->intf);
395 	if (r < 0) {
396 		rv = usb_translate_errors(r);
397 		goto out_free_mem_lock;
398 	}
399 
400 	if (!(file->f_flags & O_NONBLOCK))
401 		r = wait_event_interruptible(desc->wait, !test_bit(WDM_IN_USE,
402 								&desc->flags));
403 	else
404 		if (test_bit(WDM_IN_USE, &desc->flags))
405 			r = -EAGAIN;
406 
407 	if (test_bit(WDM_RESETTING, &desc->flags))
408 		r = -EIO;
409 
410 	if (test_bit(WDM_DISCONNECTING, &desc->flags))
411 		r = -ENODEV;
412 
413 	if (r < 0) {
414 		rv = r;
415 		goto out_free_mem_pm;
416 	}
417 
418 	req = desc->orq;
419 	usb_fill_control_urb(
420 		desc->command,
421 		interface_to_usbdev(desc->intf),
422 		/* using common endpoint 0 */
423 		usb_sndctrlpipe(interface_to_usbdev(desc->intf), 0),
424 		(unsigned char *)req,
425 		buf,
426 		count,
427 		wdm_out_callback,
428 		desc
429 	);
430 
431 	req->bRequestType = (USB_DIR_OUT | USB_TYPE_CLASS |
432 			     USB_RECIP_INTERFACE);
433 	req->bRequest = USB_CDC_SEND_ENCAPSULATED_COMMAND;
434 	req->wValue = 0;
435 	req->wIndex = desc->inum; /* already converted */
436 	req->wLength = cpu_to_le16(count);
437 	set_bit(WDM_IN_USE, &desc->flags);
438 	desc->outbuf = buf;
439 
440 	rv = usb_submit_urb(desc->command, GFP_KERNEL);
441 	if (rv < 0) {
442 		desc->outbuf = NULL;
443 		clear_bit(WDM_IN_USE, &desc->flags);
444 		wake_up_all(&desc->wait); /* for wdm_wait_for_response() */
445 		dev_err(&desc->intf->dev, "Tx URB error: %d\n", rv);
446 		rv = usb_translate_errors(rv);
447 		goto out_free_mem_pm;
448 	} else {
449 		dev_dbg(&desc->intf->dev, "Tx URB has been submitted index=%d\n",
450 			le16_to_cpu(req->wIndex));
451 	}
452 
453 	usb_autopm_put_interface(desc->intf);
454 	mutex_unlock(&desc->wlock);
455 	return count;
456 
457 out_free_mem_pm:
458 	usb_autopm_put_interface(desc->intf);
459 out_free_mem_lock:
460 	mutex_unlock(&desc->wlock);
461 out_free_mem:
462 	kfree(buf);
463 	return rv;
464 }
465 
466 /*
467  * Submit the read urb if resp_count is non-zero.
468  *
469  * Called with desc->iuspin locked
470  */
471 static int service_outstanding_interrupt(struct wdm_device *desc)
472 {
473 	int rv = 0;
474 
475 	/* submit read urb only if the device is waiting for it */
476 	if (!desc->resp_count || !--desc->resp_count)
477 		goto out;
478 
479 	if (test_bit(WDM_DISCONNECTING, &desc->flags)) {
480 		rv = -ENODEV;
481 		goto out;
482 	}
483 	if (test_bit(WDM_RESETTING, &desc->flags)) {
484 		rv = -EIO;
485 		goto out;
486 	}
487 
488 	set_bit(WDM_RESPONDING, &desc->flags);
489 	spin_unlock_irq(&desc->iuspin);
490 	rv = usb_submit_urb(desc->response, GFP_KERNEL);
491 	spin_lock_irq(&desc->iuspin);
492 	if (rv) {
493 		if (!test_bit(WDM_DISCONNECTING, &desc->flags))
494 			dev_err(&desc->intf->dev,
495 				"usb_submit_urb failed with result %d\n", rv);
496 
497 		/* make sure the next notification trigger a submit */
498 		clear_bit(WDM_RESPONDING, &desc->flags);
499 		desc->resp_count = 0;
500 	}
501 out:
502 	return rv;
503 }
504 
505 static ssize_t wdm_read
506 (struct file *file, char __user *buffer, size_t count, loff_t *ppos)
507 {
508 	int rv, cntr;
509 	int i = 0;
510 	struct wdm_device *desc = file->private_data;
511 
512 
513 	rv = mutex_lock_interruptible(&desc->rlock); /*concurrent reads */
514 	if (rv < 0)
515 		return -ERESTARTSYS;
516 
517 	cntr = READ_ONCE(desc->length);
518 	if (cntr == 0) {
519 		desc->read = 0;
520 retry:
521 		if (test_bit(WDM_DISCONNECTING, &desc->flags)) {
522 			rv = -ENODEV;
523 			goto err;
524 		}
525 		if (test_bit(WDM_OVERFLOW, &desc->flags)) {
526 			clear_bit(WDM_OVERFLOW, &desc->flags);
527 			rv = -ENOBUFS;
528 			goto err;
529 		}
530 		i++;
531 		if (file->f_flags & O_NONBLOCK) {
532 			if (!test_bit(WDM_READ, &desc->flags)) {
533 				rv = -EAGAIN;
534 				goto err;
535 			}
536 			rv = 0;
537 		} else {
538 			rv = wait_event_interruptible(desc->wait,
539 				test_bit(WDM_READ, &desc->flags));
540 		}
541 
542 		/* may have happened while we slept */
543 		if (test_bit(WDM_DISCONNECTING, &desc->flags)) {
544 			rv = -ENODEV;
545 			goto err;
546 		}
547 		if (test_bit(WDM_RESETTING, &desc->flags)) {
548 			rv = -EIO;
549 			goto err;
550 		}
551 		usb_mark_last_busy(interface_to_usbdev(desc->intf));
552 		if (rv < 0) {
553 			rv = -ERESTARTSYS;
554 			goto err;
555 		}
556 
557 		spin_lock_irq(&desc->iuspin);
558 
559 		if (desc->rerr) { /* read completed, error happened */
560 			rv = usb_translate_errors(desc->rerr);
561 			desc->rerr = 0;
562 			spin_unlock_irq(&desc->iuspin);
563 			goto err;
564 		}
565 		/*
566 		 * recheck whether we've lost the race
567 		 * against the completion handler
568 		 */
569 		if (!test_bit(WDM_READ, &desc->flags)) { /* lost race */
570 			spin_unlock_irq(&desc->iuspin);
571 			goto retry;
572 		}
573 
574 		if (!desc->reslength) { /* zero length read */
575 			dev_dbg(&desc->intf->dev, "zero length - clearing WDM_READ\n");
576 			clear_bit(WDM_READ, &desc->flags);
577 			rv = service_outstanding_interrupt(desc);
578 			spin_unlock_irq(&desc->iuspin);
579 			if (rv < 0)
580 				goto err;
581 			goto retry;
582 		}
583 		cntr = desc->length;
584 		spin_unlock_irq(&desc->iuspin);
585 	}
586 
587 	if (cntr > count)
588 		cntr = count;
589 	rv = copy_to_user(buffer, desc->ubuf, cntr);
590 	if (rv > 0) {
591 		rv = -EFAULT;
592 		goto err;
593 	}
594 
595 	spin_lock_irq(&desc->iuspin);
596 
597 	for (i = 0; i < desc->length - cntr; i++)
598 		desc->ubuf[i] = desc->ubuf[i + cntr];
599 
600 	desc->length -= cntr;
601 	/* in case we had outstanding data */
602 	if (!desc->length) {
603 		clear_bit(WDM_READ, &desc->flags);
604 		service_outstanding_interrupt(desc);
605 	}
606 	spin_unlock_irq(&desc->iuspin);
607 	rv = cntr;
608 
609 err:
610 	mutex_unlock(&desc->rlock);
611 	return rv;
612 }
613 
614 static int wdm_wait_for_response(struct file *file, long timeout)
615 {
616 	struct wdm_device *desc = file->private_data;
617 	long rv; /* Use long here because (int) MAX_SCHEDULE_TIMEOUT < 0. */
618 
619 	/*
620 	 * Needs both flags. We cannot do with one because resetting it would
621 	 * cause a race with write() yet we need to signal a disconnect.
622 	 */
623 	rv = wait_event_interruptible_timeout(desc->wait,
624 			      !test_bit(WDM_IN_USE, &desc->flags) ||
625 			      test_bit(WDM_DISCONNECTING, &desc->flags),
626 			      timeout);
627 
628 	/*
629 	 * To report the correct error. This is best effort.
630 	 * We are inevitably racing with the hardware.
631 	 */
632 	if (test_bit(WDM_DISCONNECTING, &desc->flags))
633 		return -ENODEV;
634 	if (!rv)
635 		return -EIO;
636 	if (rv < 0)
637 		return -EINTR;
638 
639 	spin_lock_irq(&desc->iuspin);
640 	rv = desc->werr;
641 	desc->werr = 0;
642 	spin_unlock_irq(&desc->iuspin);
643 
644 	return usb_translate_errors(rv);
645 
646 }
647 
648 /*
649  * You need to send a signal when you react to malicious or defective hardware.
650  * Also, don't abort when fsync() returned -EINVAL, for older kernels which do
651  * not implement wdm_flush() will return -EINVAL.
652  */
653 static int wdm_fsync(struct file *file, loff_t start, loff_t end, int datasync)
654 {
655 	return wdm_wait_for_response(file, MAX_SCHEDULE_TIMEOUT);
656 }
657 
658 /*
659  * Same with wdm_fsync(), except it uses finite timeout in order to react to
660  * malicious or defective hardware which ceased communication after close() was
661  * implicitly called due to process termination.
662  */
663 static int wdm_flush(struct file *file, fl_owner_t id)
664 {
665 	return wdm_wait_for_response(file, WDM_FLUSH_TIMEOUT);
666 }
667 
668 static __poll_t wdm_poll(struct file *file, struct poll_table_struct *wait)
669 {
670 	struct wdm_device *desc = file->private_data;
671 	unsigned long flags;
672 	__poll_t mask = 0;
673 
674 	spin_lock_irqsave(&desc->iuspin, flags);
675 	if (test_bit(WDM_DISCONNECTING, &desc->flags)) {
676 		mask = EPOLLHUP | EPOLLERR;
677 		spin_unlock_irqrestore(&desc->iuspin, flags);
678 		goto desc_out;
679 	}
680 	if (test_bit(WDM_READ, &desc->flags))
681 		mask = EPOLLIN | EPOLLRDNORM;
682 	if (desc->rerr || desc->werr)
683 		mask |= EPOLLERR;
684 	if (!test_bit(WDM_IN_USE, &desc->flags))
685 		mask |= EPOLLOUT | EPOLLWRNORM;
686 	spin_unlock_irqrestore(&desc->iuspin, flags);
687 
688 	poll_wait(file, &desc->wait, wait);
689 
690 desc_out:
691 	return mask;
692 }
693 
694 static int wdm_open(struct inode *inode, struct file *file)
695 {
696 	int minor = iminor(inode);
697 	int rv = -ENODEV;
698 	struct usb_interface *intf;
699 	struct wdm_device *desc;
700 
701 	mutex_lock(&wdm_mutex);
702 	desc = wdm_find_device_by_minor(minor);
703 	if (!desc)
704 		goto out;
705 
706 	intf = desc->intf;
707 	if (test_bit(WDM_DISCONNECTING, &desc->flags))
708 		goto out;
709 	file->private_data = desc;
710 
711 	rv = usb_autopm_get_interface(desc->intf);
712 	if (rv < 0) {
713 		dev_err(&desc->intf->dev, "Error autopm - %d\n", rv);
714 		goto out;
715 	}
716 
717 	/* using write lock to protect desc->count */
718 	mutex_lock(&desc->wlock);
719 	if (!desc->count++) {
720 		desc->werr = 0;
721 		desc->rerr = 0;
722 		rv = usb_submit_urb(desc->validity, GFP_KERNEL);
723 		if (rv < 0) {
724 			desc->count--;
725 			dev_err(&desc->intf->dev,
726 				"Error submitting int urb - %d\n", rv);
727 			rv = usb_translate_errors(rv);
728 		}
729 	} else {
730 		rv = 0;
731 	}
732 	mutex_unlock(&desc->wlock);
733 	if (desc->count == 1)
734 		desc->manage_power(intf, 1);
735 	usb_autopm_put_interface(desc->intf);
736 out:
737 	mutex_unlock(&wdm_mutex);
738 	return rv;
739 }
740 
741 static int wdm_release(struct inode *inode, struct file *file)
742 {
743 	struct wdm_device *desc = file->private_data;
744 
745 	mutex_lock(&wdm_mutex);
746 
747 	/* using write lock to protect desc->count */
748 	mutex_lock(&desc->wlock);
749 	desc->count--;
750 	mutex_unlock(&desc->wlock);
751 
752 	if (!desc->count) {
753 		if (!test_bit(WDM_DISCONNECTING, &desc->flags)) {
754 			dev_dbg(&desc->intf->dev, "wdm_release: cleanup\n");
755 			poison_urbs(desc);
756 			spin_lock_irq(&desc->iuspin);
757 			desc->resp_count = 0;
758 			spin_unlock_irq(&desc->iuspin);
759 			desc->manage_power(desc->intf, 0);
760 			unpoison_urbs(desc);
761 		} else {
762 			/* must avoid dev_printk here as desc->intf is invalid */
763 			pr_debug(KBUILD_MODNAME " %s: device gone - cleaning up\n", __func__);
764 			cleanup(desc);
765 		}
766 	}
767 	mutex_unlock(&wdm_mutex);
768 	return 0;
769 }
770 
771 static long wdm_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
772 {
773 	struct wdm_device *desc = file->private_data;
774 	int rv = 0;
775 
776 	switch (cmd) {
777 	case IOCTL_WDM_MAX_COMMAND:
778 		if (copy_to_user((void __user *)arg, &desc->wMaxCommand, sizeof(desc->wMaxCommand)))
779 			rv = -EFAULT;
780 		break;
781 	default:
782 		rv = -ENOTTY;
783 	}
784 	return rv;
785 }
786 
787 static const struct file_operations wdm_fops = {
788 	.owner =	THIS_MODULE,
789 	.read =		wdm_read,
790 	.write =	wdm_write,
791 	.fsync =	wdm_fsync,
792 	.open =		wdm_open,
793 	.flush =	wdm_flush,
794 	.release =	wdm_release,
795 	.poll =		wdm_poll,
796 	.unlocked_ioctl = wdm_ioctl,
797 	.compat_ioctl = compat_ptr_ioctl,
798 	.llseek =	noop_llseek,
799 };
800 
801 static struct usb_class_driver wdm_class = {
802 	.name =		"cdc-wdm%d",
803 	.fops =		&wdm_fops,
804 	.minor_base =	WDM_MINOR_BASE,
805 };
806 
807 /* --- error handling --- */
808 static void wdm_rxwork(struct work_struct *work)
809 {
810 	struct wdm_device *desc = container_of(work, struct wdm_device, rxwork);
811 	unsigned long flags;
812 	int rv = 0;
813 	int responding;
814 
815 	spin_lock_irqsave(&desc->iuspin, flags);
816 	if (test_bit(WDM_DISCONNECTING, &desc->flags)) {
817 		spin_unlock_irqrestore(&desc->iuspin, flags);
818 	} else {
819 		responding = test_and_set_bit(WDM_RESPONDING, &desc->flags);
820 		spin_unlock_irqrestore(&desc->iuspin, flags);
821 		if (!responding)
822 			rv = usb_submit_urb(desc->response, GFP_KERNEL);
823 		if (rv < 0 && rv != -EPERM) {
824 			spin_lock_irqsave(&desc->iuspin, flags);
825 			clear_bit(WDM_RESPONDING, &desc->flags);
826 			if (!test_bit(WDM_DISCONNECTING, &desc->flags))
827 				schedule_work(&desc->rxwork);
828 			spin_unlock_irqrestore(&desc->iuspin, flags);
829 		}
830 	}
831 }
832 
833 static void service_interrupt_work(struct work_struct *work)
834 {
835 	struct wdm_device *desc;
836 
837 	desc = container_of(work, struct wdm_device, service_outs_intr);
838 
839 	spin_lock_irq(&desc->iuspin);
840 	service_outstanding_interrupt(desc);
841 	if (!desc->resp_count) {
842 		set_bit(WDM_READ, &desc->flags);
843 		wake_up(&desc->wait);
844 	}
845 	spin_unlock_irq(&desc->iuspin);
846 }
847 
848 /* --- hotplug --- */
849 
850 static int wdm_create(struct usb_interface *intf, struct usb_endpoint_descriptor *ep,
851 		u16 bufsize, int (*manage_power)(struct usb_interface *, int))
852 {
853 	int rv = -ENOMEM;
854 	struct wdm_device *desc;
855 
856 	desc = kzalloc(sizeof(struct wdm_device), GFP_KERNEL);
857 	if (!desc)
858 		goto out;
859 	INIT_LIST_HEAD(&desc->device_list);
860 	mutex_init(&desc->rlock);
861 	mutex_init(&desc->wlock);
862 	spin_lock_init(&desc->iuspin);
863 	init_waitqueue_head(&desc->wait);
864 	desc->wMaxCommand = bufsize;
865 	/* this will be expanded and needed in hardware endianness */
866 	desc->inum = cpu_to_le16((u16)intf->cur_altsetting->desc.bInterfaceNumber);
867 	desc->intf = intf;
868 	INIT_WORK(&desc->rxwork, wdm_rxwork);
869 	INIT_WORK(&desc->service_outs_intr, service_interrupt_work);
870 
871 	rv = -EINVAL;
872 	if (!usb_endpoint_is_int_in(ep))
873 		goto err;
874 
875 	desc->wMaxPacketSize = usb_endpoint_maxp(ep);
876 
877 	desc->orq = kmalloc(sizeof(struct usb_ctrlrequest), GFP_KERNEL);
878 	if (!desc->orq)
879 		goto err;
880 	desc->irq = kmalloc(sizeof(struct usb_ctrlrequest), GFP_KERNEL);
881 	if (!desc->irq)
882 		goto err;
883 
884 	desc->validity = usb_alloc_urb(0, GFP_KERNEL);
885 	if (!desc->validity)
886 		goto err;
887 
888 	desc->response = usb_alloc_urb(0, GFP_KERNEL);
889 	if (!desc->response)
890 		goto err;
891 
892 	desc->command = usb_alloc_urb(0, GFP_KERNEL);
893 	if (!desc->command)
894 		goto err;
895 
896 	desc->ubuf = kmalloc(desc->wMaxCommand, GFP_KERNEL);
897 	if (!desc->ubuf)
898 		goto err;
899 
900 	desc->sbuf = kmalloc(desc->wMaxPacketSize, GFP_KERNEL);
901 	if (!desc->sbuf)
902 		goto err;
903 
904 	desc->inbuf = kmalloc(desc->wMaxCommand, GFP_KERNEL);
905 	if (!desc->inbuf)
906 		goto err;
907 
908 	usb_fill_int_urb(
909 		desc->validity,
910 		interface_to_usbdev(intf),
911 		usb_rcvintpipe(interface_to_usbdev(intf), ep->bEndpointAddress),
912 		desc->sbuf,
913 		desc->wMaxPacketSize,
914 		wdm_int_callback,
915 		desc,
916 		ep->bInterval
917 	);
918 
919 	desc->irq->bRequestType = (USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE);
920 	desc->irq->bRequest = USB_CDC_GET_ENCAPSULATED_RESPONSE;
921 	desc->irq->wValue = 0;
922 	desc->irq->wIndex = desc->inum; /* already converted */
923 	desc->irq->wLength = cpu_to_le16(desc->wMaxCommand);
924 
925 	usb_fill_control_urb(
926 		desc->response,
927 		interface_to_usbdev(intf),
928 		/* using common endpoint 0 */
929 		usb_rcvctrlpipe(interface_to_usbdev(desc->intf), 0),
930 		(unsigned char *)desc->irq,
931 		desc->inbuf,
932 		desc->wMaxCommand,
933 		wdm_in_callback,
934 		desc
935 	);
936 
937 	desc->manage_power = manage_power;
938 
939 	spin_lock(&wdm_device_list_lock);
940 	list_add(&desc->device_list, &wdm_device_list);
941 	spin_unlock(&wdm_device_list_lock);
942 
943 	rv = usb_register_dev(intf, &wdm_class);
944 	if (rv < 0)
945 		goto err;
946 	else
947 		dev_info(&intf->dev, "%s: USB WDM device\n", dev_name(intf->usb_dev));
948 out:
949 	return rv;
950 err:
951 	spin_lock(&wdm_device_list_lock);
952 	list_del(&desc->device_list);
953 	spin_unlock(&wdm_device_list_lock);
954 	cleanup(desc);
955 	return rv;
956 }
957 
958 static int wdm_manage_power(struct usb_interface *intf, int on)
959 {
960 	/* need autopm_get/put here to ensure the usbcore sees the new value */
961 	int rv = usb_autopm_get_interface(intf);
962 
963 	intf->needs_remote_wakeup = on;
964 	if (!rv)
965 		usb_autopm_put_interface(intf);
966 	return 0;
967 }
968 
969 static int wdm_probe(struct usb_interface *intf, const struct usb_device_id *id)
970 {
971 	int rv = -EINVAL;
972 	struct usb_host_interface *iface;
973 	struct usb_endpoint_descriptor *ep;
974 	struct usb_cdc_parsed_header hdr;
975 	u8 *buffer = intf->altsetting->extra;
976 	int buflen = intf->altsetting->extralen;
977 	u16 maxcom = WDM_DEFAULT_BUFSIZE;
978 
979 	if (!buffer)
980 		goto err;
981 
982 	cdc_parse_cdc_header(&hdr, intf, buffer, buflen);
983 
984 	if (hdr.usb_cdc_dmm_desc)
985 		maxcom = le16_to_cpu(hdr.usb_cdc_dmm_desc->wMaxCommand);
986 
987 	iface = intf->cur_altsetting;
988 	if (iface->desc.bNumEndpoints != 1)
989 		goto err;
990 	ep = &iface->endpoint[0].desc;
991 
992 	rv = wdm_create(intf, ep, maxcom, &wdm_manage_power);
993 
994 err:
995 	return rv;
996 }
997 
998 /**
999  * usb_cdc_wdm_register - register a WDM subdriver
1000  * @intf: usb interface the subdriver will associate with
1001  * @ep: interrupt endpoint to monitor for notifications
1002  * @bufsize: maximum message size to support for read/write
1003  * @manage_power: call-back invoked during open and release to
1004  *                manage the device's power
1005  * Create WDM usb class character device and associate it with intf
1006  * without binding, allowing another driver to manage the interface.
1007  *
1008  * The subdriver will manage the given interrupt endpoint exclusively
1009  * and will issue control requests referring to the given intf. It
1010  * will otherwise avoid interferring, and in particular not do
1011  * usb_set_intfdata/usb_get_intfdata on intf.
1012  *
1013  * The return value is a pointer to the subdriver's struct usb_driver.
1014  * The registering driver is responsible for calling this subdriver's
1015  * disconnect, suspend, resume, pre_reset and post_reset methods from
1016  * its own.
1017  */
1018 struct usb_driver *usb_cdc_wdm_register(struct usb_interface *intf,
1019 					struct usb_endpoint_descriptor *ep,
1020 					int bufsize,
1021 					int (*manage_power)(struct usb_interface *, int))
1022 {
1023 	int rv;
1024 
1025 	rv = wdm_create(intf, ep, bufsize, manage_power);
1026 	if (rv < 0)
1027 		goto err;
1028 
1029 	return &wdm_driver;
1030 err:
1031 	return ERR_PTR(rv);
1032 }
1033 EXPORT_SYMBOL(usb_cdc_wdm_register);
1034 
1035 static void wdm_disconnect(struct usb_interface *intf)
1036 {
1037 	struct wdm_device *desc;
1038 	unsigned long flags;
1039 
1040 	usb_deregister_dev(intf, &wdm_class);
1041 	desc = wdm_find_device(intf);
1042 	mutex_lock(&wdm_mutex);
1043 
1044 	/* the spinlock makes sure no new urbs are generated in the callbacks */
1045 	spin_lock_irqsave(&desc->iuspin, flags);
1046 	set_bit(WDM_DISCONNECTING, &desc->flags);
1047 	set_bit(WDM_READ, &desc->flags);
1048 	spin_unlock_irqrestore(&desc->iuspin, flags);
1049 	wake_up_all(&desc->wait);
1050 	mutex_lock(&desc->rlock);
1051 	mutex_lock(&desc->wlock);
1052 	poison_urbs(desc);
1053 	cancel_work_sync(&desc->rxwork);
1054 	cancel_work_sync(&desc->service_outs_intr);
1055 	mutex_unlock(&desc->wlock);
1056 	mutex_unlock(&desc->rlock);
1057 
1058 	/* the desc->intf pointer used as list key is now invalid */
1059 	spin_lock(&wdm_device_list_lock);
1060 	list_del(&desc->device_list);
1061 	spin_unlock(&wdm_device_list_lock);
1062 
1063 	if (!desc->count)
1064 		cleanup(desc);
1065 	else
1066 		dev_dbg(&intf->dev, "%d open files - postponing cleanup\n", desc->count);
1067 	mutex_unlock(&wdm_mutex);
1068 }
1069 
1070 #ifdef CONFIG_PM
1071 static int wdm_suspend(struct usb_interface *intf, pm_message_t message)
1072 {
1073 	struct wdm_device *desc = wdm_find_device(intf);
1074 	int rv = 0;
1075 
1076 	dev_dbg(&desc->intf->dev, "wdm%d_suspend\n", intf->minor);
1077 
1078 	/* if this is an autosuspend the caller does the locking */
1079 	if (!PMSG_IS_AUTO(message)) {
1080 		mutex_lock(&desc->rlock);
1081 		mutex_lock(&desc->wlock);
1082 	}
1083 	spin_lock_irq(&desc->iuspin);
1084 
1085 	if (PMSG_IS_AUTO(message) &&
1086 			(test_bit(WDM_IN_USE, &desc->flags)
1087 			|| test_bit(WDM_RESPONDING, &desc->flags))) {
1088 		spin_unlock_irq(&desc->iuspin);
1089 		rv = -EBUSY;
1090 	} else {
1091 
1092 		set_bit(WDM_SUSPENDING, &desc->flags);
1093 		spin_unlock_irq(&desc->iuspin);
1094 		/* callback submits work - order is essential */
1095 		poison_urbs(desc);
1096 		cancel_work_sync(&desc->rxwork);
1097 		cancel_work_sync(&desc->service_outs_intr);
1098 		unpoison_urbs(desc);
1099 	}
1100 	if (!PMSG_IS_AUTO(message)) {
1101 		mutex_unlock(&desc->wlock);
1102 		mutex_unlock(&desc->rlock);
1103 	}
1104 
1105 	return rv;
1106 }
1107 #endif
1108 
1109 static int recover_from_urb_loss(struct wdm_device *desc)
1110 {
1111 	int rv = 0;
1112 
1113 	if (desc->count) {
1114 		rv = usb_submit_urb(desc->validity, GFP_NOIO);
1115 		if (rv < 0)
1116 			dev_err(&desc->intf->dev,
1117 				"Error resume submitting int urb - %d\n", rv);
1118 	}
1119 	return rv;
1120 }
1121 
1122 #ifdef CONFIG_PM
1123 static int wdm_resume(struct usb_interface *intf)
1124 {
1125 	struct wdm_device *desc = wdm_find_device(intf);
1126 	int rv;
1127 
1128 	dev_dbg(&desc->intf->dev, "wdm%d_resume\n", intf->minor);
1129 
1130 	clear_bit(WDM_SUSPENDING, &desc->flags);
1131 	rv = recover_from_urb_loss(desc);
1132 
1133 	return rv;
1134 }
1135 #endif
1136 
1137 static int wdm_pre_reset(struct usb_interface *intf)
1138 {
1139 	struct wdm_device *desc = wdm_find_device(intf);
1140 
1141 	/*
1142 	 * we notify everybody using poll of
1143 	 * an exceptional situation
1144 	 * must be done before recovery lest a spontaneous
1145 	 * message from the device is lost
1146 	 */
1147 	spin_lock_irq(&desc->iuspin);
1148 	set_bit(WDM_RESETTING, &desc->flags);	/* inform read/write */
1149 	set_bit(WDM_READ, &desc->flags);	/* unblock read */
1150 	clear_bit(WDM_IN_USE, &desc->flags);	/* unblock write */
1151 	desc->rerr = -EINTR;
1152 	spin_unlock_irq(&desc->iuspin);
1153 	wake_up_all(&desc->wait);
1154 	mutex_lock(&desc->rlock);
1155 	mutex_lock(&desc->wlock);
1156 	poison_urbs(desc);
1157 	cancel_work_sync(&desc->rxwork);
1158 	cancel_work_sync(&desc->service_outs_intr);
1159 	return 0;
1160 }
1161 
1162 static int wdm_post_reset(struct usb_interface *intf)
1163 {
1164 	struct wdm_device *desc = wdm_find_device(intf);
1165 	int rv;
1166 
1167 	unpoison_urbs(desc);
1168 	clear_bit(WDM_OVERFLOW, &desc->flags);
1169 	clear_bit(WDM_RESETTING, &desc->flags);
1170 	rv = recover_from_urb_loss(desc);
1171 	mutex_unlock(&desc->wlock);
1172 	mutex_unlock(&desc->rlock);
1173 	return rv;
1174 }
1175 
1176 static struct usb_driver wdm_driver = {
1177 	.name =		"cdc_wdm",
1178 	.probe =	wdm_probe,
1179 	.disconnect =	wdm_disconnect,
1180 #ifdef CONFIG_PM
1181 	.suspend =	wdm_suspend,
1182 	.resume =	wdm_resume,
1183 	.reset_resume =	wdm_resume,
1184 #endif
1185 	.pre_reset =	wdm_pre_reset,
1186 	.post_reset =	wdm_post_reset,
1187 	.id_table =	wdm_ids,
1188 	.supports_autosuspend = 1,
1189 	.disable_hub_initiated_lpm = 1,
1190 };
1191 
1192 module_usb_driver(wdm_driver);
1193 
1194 MODULE_AUTHOR(DRIVER_AUTHOR);
1195 MODULE_DESCRIPTION(DRIVER_DESC);
1196 MODULE_LICENSE("GPL");
1197