1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * cdc-wdm.c 4 * 5 * This driver supports USB CDC WCM Device Management. 6 * 7 * Copyright (c) 2007-2009 Oliver Neukum 8 * 9 * Some code taken from cdc-acm.c 10 * 11 * Released under the GPLv2. 12 * 13 * Many thanks to Carl Nordbeck 14 */ 15 #include <linux/kernel.h> 16 #include <linux/errno.h> 17 #include <linux/ioctl.h> 18 #include <linux/slab.h> 19 #include <linux/module.h> 20 #include <linux/mutex.h> 21 #include <linux/uaccess.h> 22 #include <linux/bitops.h> 23 #include <linux/poll.h> 24 #include <linux/skbuff.h> 25 #include <linux/usb.h> 26 #include <linux/usb/cdc.h> 27 #include <linux/wwan.h> 28 #include <asm/byteorder.h> 29 #include <asm/unaligned.h> 30 #include <linux/usb/cdc-wdm.h> 31 32 #define DRIVER_AUTHOR "Oliver Neukum" 33 #define DRIVER_DESC "USB Abstract Control Model driver for USB WCM Device Management" 34 35 static const struct usb_device_id wdm_ids[] = { 36 { 37 .match_flags = USB_DEVICE_ID_MATCH_INT_CLASS | 38 USB_DEVICE_ID_MATCH_INT_SUBCLASS, 39 .bInterfaceClass = USB_CLASS_COMM, 40 .bInterfaceSubClass = USB_CDC_SUBCLASS_DMM 41 }, 42 { } 43 }; 44 45 MODULE_DEVICE_TABLE (usb, wdm_ids); 46 47 #define WDM_MINOR_BASE 176 48 49 50 #define WDM_IN_USE 1 51 #define WDM_DISCONNECTING 2 52 #define WDM_RESULT 3 53 #define WDM_READ 4 54 #define WDM_INT_STALL 5 55 #define WDM_POLL_RUNNING 6 56 #define WDM_RESPONDING 7 57 #define WDM_SUSPENDING 8 58 #define WDM_RESETTING 9 59 #define WDM_OVERFLOW 10 60 #define WDM_WWAN_IN_USE 11 61 62 #define WDM_MAX 16 63 64 /* we cannot wait forever at flush() */ 65 #define WDM_FLUSH_TIMEOUT (30 * HZ) 66 67 /* CDC-WMC r1.1 requires wMaxCommand to be "at least 256 decimal (0x100)" */ 68 #define WDM_DEFAULT_BUFSIZE 256 69 70 static DEFINE_MUTEX(wdm_mutex); 71 static DEFINE_SPINLOCK(wdm_device_list_lock); 72 static LIST_HEAD(wdm_device_list); 73 74 /* --- method tables --- */ 75 76 struct wdm_device { 77 u8 *inbuf; /* buffer for response */ 78 u8 *outbuf; /* buffer for command */ 79 u8 *sbuf; /* buffer for status */ 80 u8 *ubuf; /* buffer for copy to user space */ 81 82 struct urb *command; 83 struct urb *response; 84 struct urb *validity; 85 struct usb_interface *intf; 86 struct usb_ctrlrequest *orq; 87 struct usb_ctrlrequest *irq; 88 spinlock_t iuspin; 89 90 unsigned long flags; 91 u16 bufsize; 92 u16 wMaxCommand; 93 u16 wMaxPacketSize; 94 __le16 inum; 95 int reslength; 96 int length; 97 int read; 98 int count; 99 dma_addr_t shandle; 100 dma_addr_t ihandle; 101 struct mutex wlock; 102 struct mutex rlock; 103 wait_queue_head_t wait; 104 struct work_struct rxwork; 105 struct work_struct service_outs_intr; 106 int werr; 107 int rerr; 108 int resp_count; 109 110 struct list_head device_list; 111 int (*manage_power)(struct usb_interface *, int); 112 113 enum wwan_port_type wwanp_type; 114 struct wwan_port *wwanp; 115 }; 116 117 static struct usb_driver wdm_driver; 118 119 /* return intfdata if we own the interface, else look up intf in the list */ 120 static struct wdm_device *wdm_find_device(struct usb_interface *intf) 121 { 122 struct wdm_device *desc; 123 124 spin_lock(&wdm_device_list_lock); 125 list_for_each_entry(desc, &wdm_device_list, device_list) 126 if (desc->intf == intf) 127 goto found; 128 desc = NULL; 129 found: 130 spin_unlock(&wdm_device_list_lock); 131 132 return desc; 133 } 134 135 static struct wdm_device *wdm_find_device_by_minor(int minor) 136 { 137 struct wdm_device *desc; 138 139 spin_lock(&wdm_device_list_lock); 140 list_for_each_entry(desc, &wdm_device_list, device_list) 141 if (desc->intf->minor == minor) 142 goto found; 143 desc = NULL; 144 found: 145 spin_unlock(&wdm_device_list_lock); 146 147 return desc; 148 } 149 150 /* --- callbacks --- */ 151 static void wdm_out_callback(struct urb *urb) 152 { 153 struct wdm_device *desc; 154 unsigned long flags; 155 156 desc = urb->context; 157 spin_lock_irqsave(&desc->iuspin, flags); 158 desc->werr = urb->status; 159 spin_unlock_irqrestore(&desc->iuspin, flags); 160 kfree(desc->outbuf); 161 desc->outbuf = NULL; 162 clear_bit(WDM_IN_USE, &desc->flags); 163 wake_up_all(&desc->wait); 164 } 165 166 static void wdm_wwan_rx(struct wdm_device *desc, int length); 167 168 static void wdm_in_callback(struct urb *urb) 169 { 170 unsigned long flags; 171 struct wdm_device *desc = urb->context; 172 int status = urb->status; 173 int length = urb->actual_length; 174 175 spin_lock_irqsave(&desc->iuspin, flags); 176 clear_bit(WDM_RESPONDING, &desc->flags); 177 178 if (status) { 179 switch (status) { 180 case -ENOENT: 181 dev_dbg(&desc->intf->dev, 182 "nonzero urb status received: -ENOENT\n"); 183 goto skip_error; 184 case -ECONNRESET: 185 dev_dbg(&desc->intf->dev, 186 "nonzero urb status received: -ECONNRESET\n"); 187 goto skip_error; 188 case -ESHUTDOWN: 189 dev_dbg(&desc->intf->dev, 190 "nonzero urb status received: -ESHUTDOWN\n"); 191 goto skip_error; 192 case -EPIPE: 193 dev_err(&desc->intf->dev, 194 "nonzero urb status received: -EPIPE\n"); 195 break; 196 default: 197 dev_err(&desc->intf->dev, 198 "Unexpected error %d\n", status); 199 break; 200 } 201 } 202 203 if (test_bit(WDM_WWAN_IN_USE, &desc->flags)) { 204 wdm_wwan_rx(desc, length); 205 goto out; 206 } 207 208 /* 209 * only set a new error if there is no previous error. 210 * Errors are only cleared during read/open 211 * Avoid propagating -EPIPE (stall) to userspace since it is 212 * better handled as an empty read 213 */ 214 if (desc->rerr == 0 && status != -EPIPE) 215 desc->rerr = status; 216 217 if (length + desc->length > desc->wMaxCommand) { 218 /* The buffer would overflow */ 219 set_bit(WDM_OVERFLOW, &desc->flags); 220 } else { 221 /* we may already be in overflow */ 222 if (!test_bit(WDM_OVERFLOW, &desc->flags)) { 223 memmove(desc->ubuf + desc->length, desc->inbuf, length); 224 desc->length += length; 225 desc->reslength = length; 226 } 227 } 228 skip_error: 229 230 if (desc->rerr) { 231 /* 232 * Since there was an error, userspace may decide to not read 233 * any data after poll'ing. 234 * We should respond to further attempts from the device to send 235 * data, so that we can get unstuck. 236 */ 237 schedule_work(&desc->service_outs_intr); 238 } else { 239 set_bit(WDM_READ, &desc->flags); 240 wake_up(&desc->wait); 241 } 242 out: 243 spin_unlock_irqrestore(&desc->iuspin, flags); 244 } 245 246 static void wdm_int_callback(struct urb *urb) 247 { 248 unsigned long flags; 249 int rv = 0; 250 int responding; 251 int status = urb->status; 252 struct wdm_device *desc; 253 struct usb_cdc_notification *dr; 254 255 desc = urb->context; 256 dr = (struct usb_cdc_notification *)desc->sbuf; 257 258 if (status) { 259 switch (status) { 260 case -ESHUTDOWN: 261 case -ENOENT: 262 case -ECONNRESET: 263 return; /* unplug */ 264 case -EPIPE: 265 set_bit(WDM_INT_STALL, &desc->flags); 266 dev_err(&desc->intf->dev, "Stall on int endpoint\n"); 267 goto sw; /* halt is cleared in work */ 268 default: 269 dev_err(&desc->intf->dev, 270 "nonzero urb status received: %d\n", status); 271 break; 272 } 273 } 274 275 if (urb->actual_length < sizeof(struct usb_cdc_notification)) { 276 dev_err(&desc->intf->dev, "wdm_int_callback - %d bytes\n", 277 urb->actual_length); 278 goto exit; 279 } 280 281 switch (dr->bNotificationType) { 282 case USB_CDC_NOTIFY_RESPONSE_AVAILABLE: 283 dev_dbg(&desc->intf->dev, 284 "NOTIFY_RESPONSE_AVAILABLE received: index %d len %d\n", 285 le16_to_cpu(dr->wIndex), le16_to_cpu(dr->wLength)); 286 break; 287 288 case USB_CDC_NOTIFY_NETWORK_CONNECTION: 289 290 dev_dbg(&desc->intf->dev, 291 "NOTIFY_NETWORK_CONNECTION %s network\n", 292 dr->wValue ? "connected to" : "disconnected from"); 293 goto exit; 294 case USB_CDC_NOTIFY_SPEED_CHANGE: 295 dev_dbg(&desc->intf->dev, "SPEED_CHANGE received (len %u)\n", 296 urb->actual_length); 297 goto exit; 298 default: 299 clear_bit(WDM_POLL_RUNNING, &desc->flags); 300 dev_err(&desc->intf->dev, 301 "unknown notification %d received: index %d len %d\n", 302 dr->bNotificationType, 303 le16_to_cpu(dr->wIndex), 304 le16_to_cpu(dr->wLength)); 305 goto exit; 306 } 307 308 spin_lock_irqsave(&desc->iuspin, flags); 309 responding = test_and_set_bit(WDM_RESPONDING, &desc->flags); 310 if (!desc->resp_count++ && !responding 311 && !test_bit(WDM_DISCONNECTING, &desc->flags) 312 && !test_bit(WDM_SUSPENDING, &desc->flags)) { 313 rv = usb_submit_urb(desc->response, GFP_ATOMIC); 314 dev_dbg(&desc->intf->dev, "submit response URB %d\n", rv); 315 } 316 spin_unlock_irqrestore(&desc->iuspin, flags); 317 if (rv < 0) { 318 clear_bit(WDM_RESPONDING, &desc->flags); 319 if (rv == -EPERM) 320 return; 321 if (rv == -ENOMEM) { 322 sw: 323 rv = schedule_work(&desc->rxwork); 324 if (rv) 325 dev_err(&desc->intf->dev, 326 "Cannot schedule work\n"); 327 } 328 } 329 exit: 330 rv = usb_submit_urb(urb, GFP_ATOMIC); 331 if (rv) 332 dev_err(&desc->intf->dev, 333 "%s - usb_submit_urb failed with result %d\n", 334 __func__, rv); 335 336 } 337 338 static void kill_urbs(struct wdm_device *desc) 339 { 340 /* the order here is essential */ 341 usb_kill_urb(desc->command); 342 usb_kill_urb(desc->validity); 343 usb_kill_urb(desc->response); 344 } 345 346 static void free_urbs(struct wdm_device *desc) 347 { 348 usb_free_urb(desc->validity); 349 usb_free_urb(desc->response); 350 usb_free_urb(desc->command); 351 } 352 353 static void cleanup(struct wdm_device *desc) 354 { 355 kfree(desc->sbuf); 356 kfree(desc->inbuf); 357 kfree(desc->orq); 358 kfree(desc->irq); 359 kfree(desc->ubuf); 360 free_urbs(desc); 361 kfree(desc); 362 } 363 364 static ssize_t wdm_write 365 (struct file *file, const char __user *buffer, size_t count, loff_t *ppos) 366 { 367 u8 *buf; 368 int rv = -EMSGSIZE, r, we; 369 struct wdm_device *desc = file->private_data; 370 struct usb_ctrlrequest *req; 371 372 if (count > desc->wMaxCommand) 373 count = desc->wMaxCommand; 374 375 spin_lock_irq(&desc->iuspin); 376 we = desc->werr; 377 desc->werr = 0; 378 spin_unlock_irq(&desc->iuspin); 379 if (we < 0) 380 return usb_translate_errors(we); 381 382 buf = memdup_user(buffer, count); 383 if (IS_ERR(buf)) 384 return PTR_ERR(buf); 385 386 /* concurrent writes and disconnect */ 387 r = mutex_lock_interruptible(&desc->wlock); 388 rv = -ERESTARTSYS; 389 if (r) 390 goto out_free_mem; 391 392 if (test_bit(WDM_DISCONNECTING, &desc->flags)) { 393 rv = -ENODEV; 394 goto out_free_mem_lock; 395 } 396 397 r = usb_autopm_get_interface(desc->intf); 398 if (r < 0) { 399 rv = usb_translate_errors(r); 400 goto out_free_mem_lock; 401 } 402 403 if (!(file->f_flags & O_NONBLOCK)) 404 r = wait_event_interruptible(desc->wait, !test_bit(WDM_IN_USE, 405 &desc->flags)); 406 else 407 if (test_bit(WDM_IN_USE, &desc->flags)) 408 r = -EAGAIN; 409 410 if (test_bit(WDM_RESETTING, &desc->flags)) 411 r = -EIO; 412 413 if (test_bit(WDM_DISCONNECTING, &desc->flags)) 414 r = -ENODEV; 415 416 if (r < 0) { 417 rv = r; 418 goto out_free_mem_pm; 419 } 420 421 req = desc->orq; 422 usb_fill_control_urb( 423 desc->command, 424 interface_to_usbdev(desc->intf), 425 /* using common endpoint 0 */ 426 usb_sndctrlpipe(interface_to_usbdev(desc->intf), 0), 427 (unsigned char *)req, 428 buf, 429 count, 430 wdm_out_callback, 431 desc 432 ); 433 434 req->bRequestType = (USB_DIR_OUT | USB_TYPE_CLASS | 435 USB_RECIP_INTERFACE); 436 req->bRequest = USB_CDC_SEND_ENCAPSULATED_COMMAND; 437 req->wValue = 0; 438 req->wIndex = desc->inum; /* already converted */ 439 req->wLength = cpu_to_le16(count); 440 set_bit(WDM_IN_USE, &desc->flags); 441 desc->outbuf = buf; 442 443 rv = usb_submit_urb(desc->command, GFP_KERNEL); 444 if (rv < 0) { 445 desc->outbuf = NULL; 446 clear_bit(WDM_IN_USE, &desc->flags); 447 wake_up_all(&desc->wait); /* for wdm_wait_for_response() */ 448 dev_err(&desc->intf->dev, "Tx URB error: %d\n", rv); 449 rv = usb_translate_errors(rv); 450 goto out_free_mem_pm; 451 } else { 452 dev_dbg(&desc->intf->dev, "Tx URB has been submitted index=%d\n", 453 le16_to_cpu(req->wIndex)); 454 } 455 456 usb_autopm_put_interface(desc->intf); 457 mutex_unlock(&desc->wlock); 458 return count; 459 460 out_free_mem_pm: 461 usb_autopm_put_interface(desc->intf); 462 out_free_mem_lock: 463 mutex_unlock(&desc->wlock); 464 out_free_mem: 465 kfree(buf); 466 return rv; 467 } 468 469 /* 470 * Submit the read urb if resp_count is non-zero. 471 * 472 * Called with desc->iuspin locked 473 */ 474 static int service_outstanding_interrupt(struct wdm_device *desc) 475 { 476 int rv = 0; 477 478 /* submit read urb only if the device is waiting for it */ 479 if (!desc->resp_count || !--desc->resp_count) 480 goto out; 481 482 if (test_bit(WDM_DISCONNECTING, &desc->flags)) { 483 rv = -ENODEV; 484 goto out; 485 } 486 if (test_bit(WDM_RESETTING, &desc->flags)) { 487 rv = -EIO; 488 goto out; 489 } 490 491 set_bit(WDM_RESPONDING, &desc->flags); 492 spin_unlock_irq(&desc->iuspin); 493 rv = usb_submit_urb(desc->response, GFP_KERNEL); 494 spin_lock_irq(&desc->iuspin); 495 if (rv) { 496 if (!test_bit(WDM_DISCONNECTING, &desc->flags)) 497 dev_err(&desc->intf->dev, 498 "usb_submit_urb failed with result %d\n", rv); 499 500 /* make sure the next notification trigger a submit */ 501 clear_bit(WDM_RESPONDING, &desc->flags); 502 desc->resp_count = 0; 503 } 504 out: 505 return rv; 506 } 507 508 static ssize_t wdm_read 509 (struct file *file, char __user *buffer, size_t count, loff_t *ppos) 510 { 511 int rv, cntr; 512 int i = 0; 513 struct wdm_device *desc = file->private_data; 514 515 516 rv = mutex_lock_interruptible(&desc->rlock); /*concurrent reads */ 517 if (rv < 0) 518 return -ERESTARTSYS; 519 520 cntr = READ_ONCE(desc->length); 521 if (cntr == 0) { 522 desc->read = 0; 523 retry: 524 if (test_bit(WDM_DISCONNECTING, &desc->flags)) { 525 rv = -ENODEV; 526 goto err; 527 } 528 if (test_bit(WDM_OVERFLOW, &desc->flags)) { 529 clear_bit(WDM_OVERFLOW, &desc->flags); 530 rv = -ENOBUFS; 531 goto err; 532 } 533 i++; 534 if (file->f_flags & O_NONBLOCK) { 535 if (!test_bit(WDM_READ, &desc->flags)) { 536 rv = -EAGAIN; 537 goto err; 538 } 539 rv = 0; 540 } else { 541 rv = wait_event_interruptible(desc->wait, 542 test_bit(WDM_READ, &desc->flags)); 543 } 544 545 /* may have happened while we slept */ 546 if (test_bit(WDM_DISCONNECTING, &desc->flags)) { 547 rv = -ENODEV; 548 goto err; 549 } 550 if (test_bit(WDM_RESETTING, &desc->flags)) { 551 rv = -EIO; 552 goto err; 553 } 554 usb_mark_last_busy(interface_to_usbdev(desc->intf)); 555 if (rv < 0) { 556 rv = -ERESTARTSYS; 557 goto err; 558 } 559 560 spin_lock_irq(&desc->iuspin); 561 562 if (desc->rerr) { /* read completed, error happened */ 563 rv = usb_translate_errors(desc->rerr); 564 desc->rerr = 0; 565 spin_unlock_irq(&desc->iuspin); 566 goto err; 567 } 568 /* 569 * recheck whether we've lost the race 570 * against the completion handler 571 */ 572 if (!test_bit(WDM_READ, &desc->flags)) { /* lost race */ 573 spin_unlock_irq(&desc->iuspin); 574 goto retry; 575 } 576 577 if (!desc->reslength) { /* zero length read */ 578 dev_dbg(&desc->intf->dev, "zero length - clearing WDM_READ\n"); 579 clear_bit(WDM_READ, &desc->flags); 580 rv = service_outstanding_interrupt(desc); 581 spin_unlock_irq(&desc->iuspin); 582 if (rv < 0) 583 goto err; 584 goto retry; 585 } 586 cntr = desc->length; 587 spin_unlock_irq(&desc->iuspin); 588 } 589 590 if (cntr > count) 591 cntr = count; 592 rv = copy_to_user(buffer, desc->ubuf, cntr); 593 if (rv > 0) { 594 rv = -EFAULT; 595 goto err; 596 } 597 598 spin_lock_irq(&desc->iuspin); 599 600 for (i = 0; i < desc->length - cntr; i++) 601 desc->ubuf[i] = desc->ubuf[i + cntr]; 602 603 desc->length -= cntr; 604 /* in case we had outstanding data */ 605 if (!desc->length) { 606 clear_bit(WDM_READ, &desc->flags); 607 service_outstanding_interrupt(desc); 608 } 609 spin_unlock_irq(&desc->iuspin); 610 rv = cntr; 611 612 err: 613 mutex_unlock(&desc->rlock); 614 return rv; 615 } 616 617 static int wdm_wait_for_response(struct file *file, long timeout) 618 { 619 struct wdm_device *desc = file->private_data; 620 long rv; /* Use long here because (int) MAX_SCHEDULE_TIMEOUT < 0. */ 621 622 /* 623 * Needs both flags. We cannot do with one because resetting it would 624 * cause a race with write() yet we need to signal a disconnect. 625 */ 626 rv = wait_event_interruptible_timeout(desc->wait, 627 !test_bit(WDM_IN_USE, &desc->flags) || 628 test_bit(WDM_DISCONNECTING, &desc->flags), 629 timeout); 630 631 /* 632 * To report the correct error. This is best effort. 633 * We are inevitably racing with the hardware. 634 */ 635 if (test_bit(WDM_DISCONNECTING, &desc->flags)) 636 return -ENODEV; 637 if (!rv) 638 return -EIO; 639 if (rv < 0) 640 return -EINTR; 641 642 spin_lock_irq(&desc->iuspin); 643 rv = desc->werr; 644 desc->werr = 0; 645 spin_unlock_irq(&desc->iuspin); 646 647 return usb_translate_errors(rv); 648 649 } 650 651 /* 652 * You need to send a signal when you react to malicious or defective hardware. 653 * Also, don't abort when fsync() returned -EINVAL, for older kernels which do 654 * not implement wdm_flush() will return -EINVAL. 655 */ 656 static int wdm_fsync(struct file *file, loff_t start, loff_t end, int datasync) 657 { 658 return wdm_wait_for_response(file, MAX_SCHEDULE_TIMEOUT); 659 } 660 661 /* 662 * Same with wdm_fsync(), except it uses finite timeout in order to react to 663 * malicious or defective hardware which ceased communication after close() was 664 * implicitly called due to process termination. 665 */ 666 static int wdm_flush(struct file *file, fl_owner_t id) 667 { 668 return wdm_wait_for_response(file, WDM_FLUSH_TIMEOUT); 669 } 670 671 static __poll_t wdm_poll(struct file *file, struct poll_table_struct *wait) 672 { 673 struct wdm_device *desc = file->private_data; 674 unsigned long flags; 675 __poll_t mask = 0; 676 677 spin_lock_irqsave(&desc->iuspin, flags); 678 if (test_bit(WDM_DISCONNECTING, &desc->flags)) { 679 mask = EPOLLHUP | EPOLLERR; 680 spin_unlock_irqrestore(&desc->iuspin, flags); 681 goto desc_out; 682 } 683 if (test_bit(WDM_READ, &desc->flags)) 684 mask = EPOLLIN | EPOLLRDNORM; 685 if (desc->rerr || desc->werr) 686 mask |= EPOLLERR; 687 if (!test_bit(WDM_IN_USE, &desc->flags)) 688 mask |= EPOLLOUT | EPOLLWRNORM; 689 spin_unlock_irqrestore(&desc->iuspin, flags); 690 691 poll_wait(file, &desc->wait, wait); 692 693 desc_out: 694 return mask; 695 } 696 697 static int wdm_open(struct inode *inode, struct file *file) 698 { 699 int minor = iminor(inode); 700 int rv = -ENODEV; 701 struct usb_interface *intf; 702 struct wdm_device *desc; 703 704 mutex_lock(&wdm_mutex); 705 desc = wdm_find_device_by_minor(minor); 706 if (!desc) 707 goto out; 708 709 intf = desc->intf; 710 if (test_bit(WDM_DISCONNECTING, &desc->flags)) 711 goto out; 712 file->private_data = desc; 713 714 if (test_bit(WDM_WWAN_IN_USE, &desc->flags)) { 715 rv = -EBUSY; 716 goto out; 717 } 718 719 rv = usb_autopm_get_interface(desc->intf); 720 if (rv < 0) { 721 dev_err(&desc->intf->dev, "Error autopm - %d\n", rv); 722 goto out; 723 } 724 725 /* using write lock to protect desc->count */ 726 mutex_lock(&desc->wlock); 727 if (!desc->count++) { 728 desc->werr = 0; 729 desc->rerr = 0; 730 rv = usb_submit_urb(desc->validity, GFP_KERNEL); 731 if (rv < 0) { 732 desc->count--; 733 dev_err(&desc->intf->dev, 734 "Error submitting int urb - %d\n", rv); 735 rv = usb_translate_errors(rv); 736 } 737 } else { 738 rv = 0; 739 } 740 mutex_unlock(&desc->wlock); 741 if (desc->count == 1) 742 desc->manage_power(intf, 1); 743 usb_autopm_put_interface(desc->intf); 744 out: 745 mutex_unlock(&wdm_mutex); 746 return rv; 747 } 748 749 static int wdm_release(struct inode *inode, struct file *file) 750 { 751 struct wdm_device *desc = file->private_data; 752 753 mutex_lock(&wdm_mutex); 754 755 /* using write lock to protect desc->count */ 756 mutex_lock(&desc->wlock); 757 desc->count--; 758 mutex_unlock(&desc->wlock); 759 760 if (!desc->count) { 761 if (!test_bit(WDM_DISCONNECTING, &desc->flags)) { 762 dev_dbg(&desc->intf->dev, "wdm_release: cleanup\n"); 763 kill_urbs(desc); 764 spin_lock_irq(&desc->iuspin); 765 desc->resp_count = 0; 766 spin_unlock_irq(&desc->iuspin); 767 desc->manage_power(desc->intf, 0); 768 } else { 769 /* must avoid dev_printk here as desc->intf is invalid */ 770 pr_debug(KBUILD_MODNAME " %s: device gone - cleaning up\n", __func__); 771 cleanup(desc); 772 } 773 } 774 mutex_unlock(&wdm_mutex); 775 return 0; 776 } 777 778 static long wdm_ioctl(struct file *file, unsigned int cmd, unsigned long arg) 779 { 780 struct wdm_device *desc = file->private_data; 781 int rv = 0; 782 783 switch (cmd) { 784 case IOCTL_WDM_MAX_COMMAND: 785 if (copy_to_user((void __user *)arg, &desc->wMaxCommand, sizeof(desc->wMaxCommand))) 786 rv = -EFAULT; 787 break; 788 default: 789 rv = -ENOTTY; 790 } 791 return rv; 792 } 793 794 static const struct file_operations wdm_fops = { 795 .owner = THIS_MODULE, 796 .read = wdm_read, 797 .write = wdm_write, 798 .fsync = wdm_fsync, 799 .open = wdm_open, 800 .flush = wdm_flush, 801 .release = wdm_release, 802 .poll = wdm_poll, 803 .unlocked_ioctl = wdm_ioctl, 804 .compat_ioctl = compat_ptr_ioctl, 805 .llseek = noop_llseek, 806 }; 807 808 static struct usb_class_driver wdm_class = { 809 .name = "cdc-wdm%d", 810 .fops = &wdm_fops, 811 .minor_base = WDM_MINOR_BASE, 812 }; 813 814 /* --- WWAN framework integration --- */ 815 #ifdef CONFIG_WWAN 816 static int wdm_wwan_port_start(struct wwan_port *port) 817 { 818 struct wdm_device *desc = wwan_port_get_drvdata(port); 819 820 /* The interface is both exposed via the WWAN framework and as a 821 * legacy usbmisc chardev. If chardev is already open, just fail 822 * to prevent concurrent usage. Otherwise, switch to WWAN mode. 823 */ 824 mutex_lock(&wdm_mutex); 825 if (desc->count) { 826 mutex_unlock(&wdm_mutex); 827 return -EBUSY; 828 } 829 set_bit(WDM_WWAN_IN_USE, &desc->flags); 830 mutex_unlock(&wdm_mutex); 831 832 desc->manage_power(desc->intf, 1); 833 834 /* tx is allowed */ 835 wwan_port_txon(port); 836 837 /* Start getting events */ 838 return usb_submit_urb(desc->validity, GFP_KERNEL); 839 } 840 841 static void wdm_wwan_port_stop(struct wwan_port *port) 842 { 843 struct wdm_device *desc = wwan_port_get_drvdata(port); 844 845 /* Stop all transfers and disable WWAN mode */ 846 kill_urbs(desc); 847 desc->manage_power(desc->intf, 0); 848 clear_bit(WDM_READ, &desc->flags); 849 clear_bit(WDM_WWAN_IN_USE, &desc->flags); 850 } 851 852 static void wdm_wwan_port_tx_complete(struct urb *urb) 853 { 854 struct sk_buff *skb = urb->context; 855 struct wdm_device *desc = skb_shinfo(skb)->destructor_arg; 856 857 usb_autopm_put_interface(desc->intf); 858 wwan_port_txon(desc->wwanp); 859 kfree_skb(skb); 860 } 861 862 static int wdm_wwan_port_tx(struct wwan_port *port, struct sk_buff *skb) 863 { 864 struct wdm_device *desc = wwan_port_get_drvdata(port); 865 struct usb_interface *intf = desc->intf; 866 struct usb_ctrlrequest *req = desc->orq; 867 int rv; 868 869 rv = usb_autopm_get_interface(intf); 870 if (rv) 871 return rv; 872 873 usb_fill_control_urb( 874 desc->command, 875 interface_to_usbdev(intf), 876 usb_sndctrlpipe(interface_to_usbdev(intf), 0), 877 (unsigned char *)req, 878 skb->data, 879 skb->len, 880 wdm_wwan_port_tx_complete, 881 skb 882 ); 883 884 req->bRequestType = (USB_DIR_OUT | USB_TYPE_CLASS | USB_RECIP_INTERFACE); 885 req->bRequest = USB_CDC_SEND_ENCAPSULATED_COMMAND; 886 req->wValue = 0; 887 req->wIndex = desc->inum; 888 req->wLength = cpu_to_le16(skb->len); 889 890 skb_shinfo(skb)->destructor_arg = desc; 891 892 rv = usb_submit_urb(desc->command, GFP_KERNEL); 893 if (rv) 894 usb_autopm_put_interface(intf); 895 else /* One transfer at a time, stop TX until URB completion */ 896 wwan_port_txoff(port); 897 898 return rv; 899 } 900 901 static struct wwan_port_ops wdm_wwan_port_ops = { 902 .start = wdm_wwan_port_start, 903 .stop = wdm_wwan_port_stop, 904 .tx = wdm_wwan_port_tx, 905 }; 906 907 static void wdm_wwan_init(struct wdm_device *desc) 908 { 909 struct usb_interface *intf = desc->intf; 910 struct wwan_port *port; 911 912 /* Only register to WWAN core if protocol/type is known */ 913 if (desc->wwanp_type == WWAN_PORT_UNKNOWN) { 914 dev_info(&intf->dev, "Unknown control protocol\n"); 915 return; 916 } 917 918 port = wwan_create_port(&intf->dev, desc->wwanp_type, &wdm_wwan_port_ops, desc); 919 if (IS_ERR(port)) { 920 dev_err(&intf->dev, "%s: Unable to create WWAN port\n", 921 dev_name(intf->usb_dev)); 922 return; 923 } 924 925 desc->wwanp = port; 926 } 927 928 static void wdm_wwan_deinit(struct wdm_device *desc) 929 { 930 if (!desc->wwanp) 931 return; 932 933 wwan_remove_port(desc->wwanp); 934 desc->wwanp = NULL; 935 } 936 937 static void wdm_wwan_rx(struct wdm_device *desc, int length) 938 { 939 struct wwan_port *port = desc->wwanp; 940 struct sk_buff *skb; 941 942 /* Forward data to WWAN port */ 943 skb = alloc_skb(length, GFP_ATOMIC); 944 if (!skb) 945 return; 946 947 memcpy(skb_put(skb, length), desc->inbuf, length); 948 wwan_port_rx(port, skb); 949 950 /* inbuf has been copied, it is safe to check for outstanding data */ 951 schedule_work(&desc->service_outs_intr); 952 } 953 #else /* CONFIG_WWAN */ 954 static void wdm_wwan_init(struct wdm_device *desc) {} 955 static void wdm_wwan_deinit(struct wdm_device *desc) {} 956 static void wdm_wwan_rx(struct wdm_device *desc, int length) {} 957 #endif /* CONFIG_WWAN */ 958 959 /* --- error handling --- */ 960 static void wdm_rxwork(struct work_struct *work) 961 { 962 struct wdm_device *desc = container_of(work, struct wdm_device, rxwork); 963 unsigned long flags; 964 int rv = 0; 965 int responding; 966 967 spin_lock_irqsave(&desc->iuspin, flags); 968 if (test_bit(WDM_DISCONNECTING, &desc->flags)) { 969 spin_unlock_irqrestore(&desc->iuspin, flags); 970 } else { 971 responding = test_and_set_bit(WDM_RESPONDING, &desc->flags); 972 spin_unlock_irqrestore(&desc->iuspin, flags); 973 if (!responding) 974 rv = usb_submit_urb(desc->response, GFP_KERNEL); 975 if (rv < 0 && rv != -EPERM) { 976 spin_lock_irqsave(&desc->iuspin, flags); 977 clear_bit(WDM_RESPONDING, &desc->flags); 978 if (!test_bit(WDM_DISCONNECTING, &desc->flags)) 979 schedule_work(&desc->rxwork); 980 spin_unlock_irqrestore(&desc->iuspin, flags); 981 } 982 } 983 } 984 985 static void service_interrupt_work(struct work_struct *work) 986 { 987 struct wdm_device *desc; 988 989 desc = container_of(work, struct wdm_device, service_outs_intr); 990 991 spin_lock_irq(&desc->iuspin); 992 service_outstanding_interrupt(desc); 993 if (!desc->resp_count) { 994 set_bit(WDM_READ, &desc->flags); 995 wake_up(&desc->wait); 996 } 997 spin_unlock_irq(&desc->iuspin); 998 } 999 1000 /* --- hotplug --- */ 1001 1002 static int wdm_create(struct usb_interface *intf, struct usb_endpoint_descriptor *ep, 1003 u16 bufsize, enum wwan_port_type type, 1004 int (*manage_power)(struct usb_interface *, int)) 1005 { 1006 int rv = -ENOMEM; 1007 struct wdm_device *desc; 1008 1009 desc = kzalloc(sizeof(struct wdm_device), GFP_KERNEL); 1010 if (!desc) 1011 goto out; 1012 INIT_LIST_HEAD(&desc->device_list); 1013 mutex_init(&desc->rlock); 1014 mutex_init(&desc->wlock); 1015 spin_lock_init(&desc->iuspin); 1016 init_waitqueue_head(&desc->wait); 1017 desc->wMaxCommand = bufsize; 1018 /* this will be expanded and needed in hardware endianness */ 1019 desc->inum = cpu_to_le16((u16)intf->cur_altsetting->desc.bInterfaceNumber); 1020 desc->intf = intf; 1021 desc->wwanp_type = type; 1022 INIT_WORK(&desc->rxwork, wdm_rxwork); 1023 INIT_WORK(&desc->service_outs_intr, service_interrupt_work); 1024 1025 rv = -EINVAL; 1026 if (!usb_endpoint_is_int_in(ep)) 1027 goto err; 1028 1029 desc->wMaxPacketSize = usb_endpoint_maxp(ep); 1030 1031 desc->orq = kmalloc(sizeof(struct usb_ctrlrequest), GFP_KERNEL); 1032 if (!desc->orq) 1033 goto err; 1034 desc->irq = kmalloc(sizeof(struct usb_ctrlrequest), GFP_KERNEL); 1035 if (!desc->irq) 1036 goto err; 1037 1038 desc->validity = usb_alloc_urb(0, GFP_KERNEL); 1039 if (!desc->validity) 1040 goto err; 1041 1042 desc->response = usb_alloc_urb(0, GFP_KERNEL); 1043 if (!desc->response) 1044 goto err; 1045 1046 desc->command = usb_alloc_urb(0, GFP_KERNEL); 1047 if (!desc->command) 1048 goto err; 1049 1050 desc->ubuf = kmalloc(desc->wMaxCommand, GFP_KERNEL); 1051 if (!desc->ubuf) 1052 goto err; 1053 1054 desc->sbuf = kmalloc(desc->wMaxPacketSize, GFP_KERNEL); 1055 if (!desc->sbuf) 1056 goto err; 1057 1058 desc->inbuf = kmalloc(desc->wMaxCommand, GFP_KERNEL); 1059 if (!desc->inbuf) 1060 goto err; 1061 1062 usb_fill_int_urb( 1063 desc->validity, 1064 interface_to_usbdev(intf), 1065 usb_rcvintpipe(interface_to_usbdev(intf), ep->bEndpointAddress), 1066 desc->sbuf, 1067 desc->wMaxPacketSize, 1068 wdm_int_callback, 1069 desc, 1070 ep->bInterval 1071 ); 1072 1073 desc->irq->bRequestType = (USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE); 1074 desc->irq->bRequest = USB_CDC_GET_ENCAPSULATED_RESPONSE; 1075 desc->irq->wValue = 0; 1076 desc->irq->wIndex = desc->inum; /* already converted */ 1077 desc->irq->wLength = cpu_to_le16(desc->wMaxCommand); 1078 1079 usb_fill_control_urb( 1080 desc->response, 1081 interface_to_usbdev(intf), 1082 /* using common endpoint 0 */ 1083 usb_rcvctrlpipe(interface_to_usbdev(desc->intf), 0), 1084 (unsigned char *)desc->irq, 1085 desc->inbuf, 1086 desc->wMaxCommand, 1087 wdm_in_callback, 1088 desc 1089 ); 1090 1091 desc->manage_power = manage_power; 1092 1093 spin_lock(&wdm_device_list_lock); 1094 list_add(&desc->device_list, &wdm_device_list); 1095 spin_unlock(&wdm_device_list_lock); 1096 1097 rv = usb_register_dev(intf, &wdm_class); 1098 if (rv < 0) 1099 goto err; 1100 else 1101 dev_info(&intf->dev, "%s: USB WDM device\n", dev_name(intf->usb_dev)); 1102 1103 wdm_wwan_init(desc); 1104 1105 out: 1106 return rv; 1107 err: 1108 spin_lock(&wdm_device_list_lock); 1109 list_del(&desc->device_list); 1110 spin_unlock(&wdm_device_list_lock); 1111 cleanup(desc); 1112 return rv; 1113 } 1114 1115 static int wdm_manage_power(struct usb_interface *intf, int on) 1116 { 1117 /* need autopm_get/put here to ensure the usbcore sees the new value */ 1118 int rv = usb_autopm_get_interface(intf); 1119 1120 intf->needs_remote_wakeup = on; 1121 if (!rv) 1122 usb_autopm_put_interface(intf); 1123 return 0; 1124 } 1125 1126 static int wdm_probe(struct usb_interface *intf, const struct usb_device_id *id) 1127 { 1128 int rv = -EINVAL; 1129 struct usb_host_interface *iface; 1130 struct usb_endpoint_descriptor *ep; 1131 struct usb_cdc_parsed_header hdr; 1132 u8 *buffer = intf->altsetting->extra; 1133 int buflen = intf->altsetting->extralen; 1134 u16 maxcom = WDM_DEFAULT_BUFSIZE; 1135 1136 if (!buffer) 1137 goto err; 1138 1139 cdc_parse_cdc_header(&hdr, intf, buffer, buflen); 1140 1141 if (hdr.usb_cdc_dmm_desc) 1142 maxcom = le16_to_cpu(hdr.usb_cdc_dmm_desc->wMaxCommand); 1143 1144 iface = intf->cur_altsetting; 1145 if (iface->desc.bNumEndpoints != 1) 1146 goto err; 1147 ep = &iface->endpoint[0].desc; 1148 1149 rv = wdm_create(intf, ep, maxcom, WWAN_PORT_UNKNOWN, &wdm_manage_power); 1150 1151 err: 1152 return rv; 1153 } 1154 1155 /** 1156 * usb_cdc_wdm_register - register a WDM subdriver 1157 * @intf: usb interface the subdriver will associate with 1158 * @ep: interrupt endpoint to monitor for notifications 1159 * @bufsize: maximum message size to support for read/write 1160 * @type: Type/protocol of the transported data (MBIM, QMI...) 1161 * @manage_power: call-back invoked during open and release to 1162 * manage the device's power 1163 * Create WDM usb class character device and associate it with intf 1164 * without binding, allowing another driver to manage the interface. 1165 * 1166 * The subdriver will manage the given interrupt endpoint exclusively 1167 * and will issue control requests referring to the given intf. It 1168 * will otherwise avoid interferring, and in particular not do 1169 * usb_set_intfdata/usb_get_intfdata on intf. 1170 * 1171 * The return value is a pointer to the subdriver's struct usb_driver. 1172 * The registering driver is responsible for calling this subdriver's 1173 * disconnect, suspend, resume, pre_reset and post_reset methods from 1174 * its own. 1175 */ 1176 struct usb_driver *usb_cdc_wdm_register(struct usb_interface *intf, 1177 struct usb_endpoint_descriptor *ep, 1178 int bufsize, enum wwan_port_type type, 1179 int (*manage_power)(struct usb_interface *, int)) 1180 { 1181 int rv; 1182 1183 rv = wdm_create(intf, ep, bufsize, type, manage_power); 1184 if (rv < 0) 1185 goto err; 1186 1187 return &wdm_driver; 1188 err: 1189 return ERR_PTR(rv); 1190 } 1191 EXPORT_SYMBOL(usb_cdc_wdm_register); 1192 1193 static void wdm_disconnect(struct usb_interface *intf) 1194 { 1195 struct wdm_device *desc; 1196 unsigned long flags; 1197 1198 usb_deregister_dev(intf, &wdm_class); 1199 desc = wdm_find_device(intf); 1200 mutex_lock(&wdm_mutex); 1201 1202 wdm_wwan_deinit(desc); 1203 1204 /* the spinlock makes sure no new urbs are generated in the callbacks */ 1205 spin_lock_irqsave(&desc->iuspin, flags); 1206 set_bit(WDM_DISCONNECTING, &desc->flags); 1207 set_bit(WDM_READ, &desc->flags); 1208 spin_unlock_irqrestore(&desc->iuspin, flags); 1209 wake_up_all(&desc->wait); 1210 mutex_lock(&desc->rlock); 1211 mutex_lock(&desc->wlock); 1212 cancel_work_sync(&desc->rxwork); 1213 cancel_work_sync(&desc->service_outs_intr); 1214 kill_urbs(desc); 1215 mutex_unlock(&desc->wlock); 1216 mutex_unlock(&desc->rlock); 1217 1218 /* the desc->intf pointer used as list key is now invalid */ 1219 spin_lock(&wdm_device_list_lock); 1220 list_del(&desc->device_list); 1221 spin_unlock(&wdm_device_list_lock); 1222 1223 if (!desc->count) 1224 cleanup(desc); 1225 else 1226 dev_dbg(&intf->dev, "%d open files - postponing cleanup\n", desc->count); 1227 mutex_unlock(&wdm_mutex); 1228 } 1229 1230 #ifdef CONFIG_PM 1231 static int wdm_suspend(struct usb_interface *intf, pm_message_t message) 1232 { 1233 struct wdm_device *desc = wdm_find_device(intf); 1234 int rv = 0; 1235 1236 dev_dbg(&desc->intf->dev, "wdm%d_suspend\n", intf->minor); 1237 1238 /* if this is an autosuspend the caller does the locking */ 1239 if (!PMSG_IS_AUTO(message)) { 1240 mutex_lock(&desc->rlock); 1241 mutex_lock(&desc->wlock); 1242 } 1243 spin_lock_irq(&desc->iuspin); 1244 1245 if (PMSG_IS_AUTO(message) && 1246 (test_bit(WDM_IN_USE, &desc->flags) 1247 || test_bit(WDM_RESPONDING, &desc->flags))) { 1248 spin_unlock_irq(&desc->iuspin); 1249 rv = -EBUSY; 1250 } else { 1251 1252 set_bit(WDM_SUSPENDING, &desc->flags); 1253 spin_unlock_irq(&desc->iuspin); 1254 /* callback submits work - order is essential */ 1255 kill_urbs(desc); 1256 cancel_work_sync(&desc->rxwork); 1257 cancel_work_sync(&desc->service_outs_intr); 1258 } 1259 if (!PMSG_IS_AUTO(message)) { 1260 mutex_unlock(&desc->wlock); 1261 mutex_unlock(&desc->rlock); 1262 } 1263 1264 return rv; 1265 } 1266 #endif 1267 1268 static int recover_from_urb_loss(struct wdm_device *desc) 1269 { 1270 int rv = 0; 1271 1272 if (desc->count) { 1273 rv = usb_submit_urb(desc->validity, GFP_NOIO); 1274 if (rv < 0) 1275 dev_err(&desc->intf->dev, 1276 "Error resume submitting int urb - %d\n", rv); 1277 } 1278 return rv; 1279 } 1280 1281 #ifdef CONFIG_PM 1282 static int wdm_resume(struct usb_interface *intf) 1283 { 1284 struct wdm_device *desc = wdm_find_device(intf); 1285 int rv; 1286 1287 dev_dbg(&desc->intf->dev, "wdm%d_resume\n", intf->minor); 1288 1289 clear_bit(WDM_SUSPENDING, &desc->flags); 1290 rv = recover_from_urb_loss(desc); 1291 1292 return rv; 1293 } 1294 #endif 1295 1296 static int wdm_pre_reset(struct usb_interface *intf) 1297 { 1298 struct wdm_device *desc = wdm_find_device(intf); 1299 1300 /* 1301 * we notify everybody using poll of 1302 * an exceptional situation 1303 * must be done before recovery lest a spontaneous 1304 * message from the device is lost 1305 */ 1306 spin_lock_irq(&desc->iuspin); 1307 set_bit(WDM_RESETTING, &desc->flags); /* inform read/write */ 1308 set_bit(WDM_READ, &desc->flags); /* unblock read */ 1309 clear_bit(WDM_IN_USE, &desc->flags); /* unblock write */ 1310 desc->rerr = -EINTR; 1311 spin_unlock_irq(&desc->iuspin); 1312 wake_up_all(&desc->wait); 1313 mutex_lock(&desc->rlock); 1314 mutex_lock(&desc->wlock); 1315 kill_urbs(desc); 1316 cancel_work_sync(&desc->rxwork); 1317 cancel_work_sync(&desc->service_outs_intr); 1318 return 0; 1319 } 1320 1321 static int wdm_post_reset(struct usb_interface *intf) 1322 { 1323 struct wdm_device *desc = wdm_find_device(intf); 1324 int rv; 1325 1326 clear_bit(WDM_OVERFLOW, &desc->flags); 1327 clear_bit(WDM_RESETTING, &desc->flags); 1328 rv = recover_from_urb_loss(desc); 1329 mutex_unlock(&desc->wlock); 1330 mutex_unlock(&desc->rlock); 1331 return rv; 1332 } 1333 1334 static struct usb_driver wdm_driver = { 1335 .name = "cdc_wdm", 1336 .probe = wdm_probe, 1337 .disconnect = wdm_disconnect, 1338 #ifdef CONFIG_PM 1339 .suspend = wdm_suspend, 1340 .resume = wdm_resume, 1341 .reset_resume = wdm_resume, 1342 #endif 1343 .pre_reset = wdm_pre_reset, 1344 .post_reset = wdm_post_reset, 1345 .id_table = wdm_ids, 1346 .supports_autosuspend = 1, 1347 .disable_hub_initiated_lpm = 1, 1348 }; 1349 1350 module_usb_driver(wdm_driver); 1351 1352 MODULE_AUTHOR(DRIVER_AUTHOR); 1353 MODULE_DESCRIPTION(DRIVER_DESC); 1354 MODULE_LICENSE("GPL"); 1355